orahost: Removed fixed password for oracle and grid from defaults

oravirt · Feb 11, 2024 · 922936d · 922936d
1 parent efda2f9
commit 922936d
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 10 deletions.
diff --git a/changelogs/fragments/os_oracle.yml b/changelogs/fragments/os_oracle.yml
@@ -0,0 +1,5 @@
+---
+breaking_changes:
+  - "orahost: Removed fixed password for oracle and grid from defaults (oravirt#409)"
+security_fixes:
+  - "orahost: Removed fixed password for oracle and grid from defaults (oravirt#409)"
diff --git a/roles/orahost/README.md b/roles/orahost/README.md
@@ -337,8 +337,6 @@ grid_users:
     primgroup: '{{ oracle_group }}'
     othergroups: '{{ asmadmin_group }},{{ asmdba_group }},{{ asmoper_group }},{{ dba_group
       }}'
-    passwd: 
-      $6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0
 ```
 
 ### host_fs_layout
@@ -670,8 +668,6 @@ oracle_users:
     primgroup: '{{ oracle_group }}'
     othergroups: '{{ dba_group }},{{ asmadmin_group }},{{ asmdba_group }},{{ asmoper_group
       }},backupdba,dgdba,kmdba,{{ oper_group }}'
-    passwd: 
-      $6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0
 ```
 
 ### os_family_supported
@@ -804,8 +800,6 @@ transparent_hugepage_disable:
 ## Open Tasks
 
 - (improvement): SSH-Setup needs a rework...
-- (security): remove fixed password from oracle OS-Users
-- (security): remove fixed password from grid OS-Users
 
 ## Dependencies
 

diff --git a/roles/orahost/defaults/main.yml b/roles/orahost/defaults/main.yml
@@ -107,23 +107,19 @@ oracle_groups:
   - {group: dgdba, gid: 54325}
   - {group: kmdba, gid: 54326}
 
-# @todo security: remove fixed password from oracle OS-Users
 # @var oracle_users:description: oracle OS-User
 oracle_users:         # Passwd :Oracle123
   - username: oracle
     uid: 54321
     primgroup: "{{ oracle_group }}"
     othergroups: "{{ dba_group }},{{ asmadmin_group }},{{ asmdba_group }},{{ asmoper_group }},backupdba,dgdba,kmdba,{{ oper_group }}"
-    passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"
 
-# @todo security: remove fixed password from grid OS-Users
 # @var grid_users:description: grid OS-User
 grid_users:
   - username: grid
     uid: 54320
     primgroup: "{{ oracle_group }}"
     othergroups: "{{ asmadmin_group }},{{ asmdba_group }},{{ asmoper_group }},{{ dba_group }}"
-    passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"
 
 # @var firewall_service:description: >
 # Used firewall service in OS. Value depends on used Distribution and version.