From 922936db35aee6ddda90c3f326c81f93df5712c6 Mon Sep 17 00:00:00 2001
From: Thorsten Bruhns <thorsten.bruhns@googlemail.com>
Date: Sun, 11 Feb 2024 21:08:06 +0000
Subject: [PATCH] orahost: Removed fixed password for oracle and grid from
 defaults

---
 changelogs/fragments/os_oracle.yml | 5 +++++
 roles/orahost/README.md            | 6 ------
 roles/orahost/defaults/main.yml    | 4 ----
 3 files changed, 5 insertions(+), 10 deletions(-)
 create mode 100644 changelogs/fragments/os_oracle.yml

diff --git a/changelogs/fragments/os_oracle.yml b/changelogs/fragments/os_oracle.yml
new file mode 100644
index 000000000..20efa6527
--- /dev/null
+++ b/changelogs/fragments/os_oracle.yml
@@ -0,0 +1,5 @@
+---
+breaking_changes:
+  - "orahost: Removed fixed password for oracle and grid from defaults (oravirt#409)"
+security_fixes:
+  - "orahost: Removed fixed password for oracle and grid from defaults (oravirt#409)"
diff --git a/roles/orahost/README.md b/roles/orahost/README.md
index a40c60f6e..9b995b6de 100644
--- a/roles/orahost/README.md
+++ b/roles/orahost/README.md
@@ -337,8 +337,6 @@ grid_users:
     primgroup: '{{ oracle_group }}'
     othergroups: '{{ asmadmin_group }},{{ asmdba_group }},{{ asmoper_group }},{{ dba_group
       }}'
-    passwd: 
-      $6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0
 ```
 
 ### host_fs_layout
@@ -670,8 +668,6 @@ oracle_users:
     primgroup: '{{ oracle_group }}'
     othergroups: '{{ dba_group }},{{ asmadmin_group }},{{ asmdba_group }},{{ asmoper_group
       }},backupdba,dgdba,kmdba,{{ oper_group }}'
-    passwd: 
-      $6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0
 ```
 
 ### os_family_supported
@@ -804,8 +800,6 @@ transparent_hugepage_disable:
 ## Open Tasks
 
 - (improvement): SSH-Setup needs a rework...
-- (security): remove fixed password from oracle OS-Users
-- (security): remove fixed password from grid OS-Users
 
 ## Dependencies
 
diff --git a/roles/orahost/defaults/main.yml b/roles/orahost/defaults/main.yml
index 41bbb8e0d..beacdec5e 100644
--- a/roles/orahost/defaults/main.yml
+++ b/roles/orahost/defaults/main.yml
@@ -107,23 +107,19 @@ oracle_groups:
   - {group: dgdba, gid: 54325}
   - {group: kmdba, gid: 54326}
 
-# @todo security: remove fixed password from oracle OS-Users
 # @var oracle_users:description: oracle OS-User
 oracle_users:         # Passwd :Oracle123
   - username: oracle
     uid: 54321
     primgroup: "{{ oracle_group }}"
     othergroups: "{{ dba_group }},{{ asmadmin_group }},{{ asmdba_group }},{{ asmoper_group }},backupdba,dgdba,kmdba,{{ oper_group }}"
-    passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"
 
-# @todo security: remove fixed password from grid OS-Users
 # @var grid_users:description: grid OS-User
 grid_users:
   - username: grid
     uid: 54320
     primgroup: "{{ oracle_group }}"
     othergroups: "{{ asmadmin_group }},{{ asmdba_group }},{{ asmoper_group }},{{ dba_group }}"
-    passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"
 
 # @var firewall_service:description: >
 # Used firewall service in OS. Value depends on used Distribution and version.