2026-06-07 08:34:13 +02:00
|
|
|
---
|
2026-06-08 19:34:58 +02:00
|
|
|
# Ensure the named admin user exists and (optionally) disable the built-in `admin`.
|
|
|
|
|
# The operator SSH key is imported once by play_bootstrap.yml; day-2 only guarantees
|
|
|
|
|
# the user is present and the default account is hardened. Idempotency comes from the
|
|
|
|
|
# RouterOS `:if [find]` guards, so `changed_when: false` is correct here.
|
|
|
|
|
|
|
|
|
|
- name: Ensure named admin user exists
|
|
|
|
|
community.routeros.command:
|
|
|
|
|
commands:
|
|
|
|
|
- >-
|
|
|
|
|
:if ([:len [/user find name="{{ switch_admin_user }}"]] = 0) do={
|
|
|
|
|
/user add name="{{ switch_admin_user }}" group="{{ switch_admin_group }}" }
|
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
|
|
- name: Disable the default admin user
|
|
|
|
|
community.routeros.command:
|
|
|
|
|
commands:
|
|
|
|
|
- >-
|
|
|
|
|
:if ([:len [/user find name="admin"]] > 0) do={
|
|
|
|
|
/user/set admin disabled=yes }
|
|
|
|
|
when: switch_disable_default_admin | bool
|
|
|
|
|
changed_when: false
|