Ensure the user_secrets file is updated

We shouldn't allow any arbitrary secret file to be updated in the leap process, but instead ensuring the file present in J/K/L will be properly updated to the end of the process. If you had set the variable in those playbooks, you would naturally CREATE a new file, alongside the existing user_secrets, with the risks of: - Having different values - Having precedence issues depending on the file name Change-Id: I2873318e2f1fd34673e95f8eb77a0001d649df1e
2017-08-31 09:16:07 +00:00 · 2017-08-31 09:16:07 +00:00 · 50f3fd6df7
commit 50f3fd6df7
parent aca60fd187
2 changed files with 7 additions and 11 deletions
--- a/leap-upgrades/upgrade-utilities-mitaka/playbooks/user-secrets-adjustment-mitaka.yml
+++ b/leap-upgrades/upgrade-utilities-mitaka/playbooks/user-secrets-adjustment-mitaka.yml
@ -24,11 +24,9 @@
      register: secrets
    - name: Add missing secret
      shell: |
-        if ! grep '^{{ item }}' /etc/openstack_deploy/{{ _osa_secrets_file_name }}; then
-          echo {{ item }} | tee -a /etc/openstack_deploy/{{ _osa_secrets_file_name }}
+        if ! grep '^{{ item }}' /etc/openstack_deploy/user_secrets.yml; then
+          echo {{ item }} | tee -a /etc/openstack_deploy/user_secrets.yml
        fi
      with_items: secrets.stdout_lines
    - name: Generate new secrets
-      shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/{{ _osa_secrets_file_name }}"
-  vars:
-    _osa_secrets_file_name: "{{ osa_secrets_file_name | default('user_secrets.yml') }}"
+      shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml"
--- a/leap-upgrades/upgrade-utilities-newton/playbooks/user-secrets-adjustment-newton.yml
+++ b/leap-upgrades/upgrade-utilities-newton/playbooks/user-secrets-adjustment-newton.yml
@ -24,22 +24,20 @@
      register: secrets
    - name: Rename changed secrets
      lineinfile:
-        dest: "/etc/openstack_deploy/{{ _osa_secrets_file_name }}"
+        dest: "/etc/openstack_deploy/user_secrets.yml"
        regexp: "^{{ item.old_name }}: (.*)$"
        line: "{{ item.new_name }}: \\1"
        backrefs: yes
      with_items:
        - { old_name: "ironic_galera_password", new_name: "ironic_container_mysql_password" }
    - name: Read user secrets file
-      shell: "grep '^[a-zA-Z]' /etc/openstack_deploy/{{ _osa_secrets_file_name }}"
+      shell: "grep '^[a-zA-Z]' /etc/openstack_deploy/user_secrets.yml"
      register: user_secrets
    - name: Add missing secrets
      lineinfile:
-        dest: "/etc/openstack_deploy/{{ _osa_secrets_file_name }}"
+        dest: "/etc/openstack_deploy/user_secrets.yml"
        line: "{{ item }}"
      with_items: "{{ secrets.stdout_lines }}"
      when: user_secrets.stdout.find("{{ item }}") == -1
    - name: Generate new secrets
-      shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/{{ _osa_secrets_file_name }}"
-  vars:
-    _osa_secrets_file_name: "{{ osa_secrets_file_name | default('user_secrets.yml') }}"
+      shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml"