Avoid repeating CM password check

cloudera-labs / cloudera.cluster

An Ansible collection for lifecycle and management of Cloudera CDP Private Cloud resources on bare metal, IaaS, and PaaS.

Apache License 2.0

32 stars 46 forks source link

Closed WillDyson closed 1 year ago

WillDyson commented 1 year ago

If LDAP is configured in CM, repeated failed password checks can lock user accounts.

After LDAP has been configured or the CM admin password is changed, the CM password check will trigger a failed login each time it is used.

This commit adds checks to ensure the check is skipped each time it is run after the first failure.

This is okay as we don't expect the CM password to be changed back to its default value.

Signed-off-by: William Dyson wdyson@cloudera.com

WillDyson commented 1 year ago

Tested with CM 7.6.1 CDP 7.1.7 by:

Deploying a basic secured cluster with a non-default CM password
Running the playbook again to ensure idempotency, skipping the following tags: --skip-tags database,kerberos,tls,cm,verify,os,jdk,users

After changing the Cloudera Manager password, the password is only checked once – other attempts are skipped.