From 50f3fd6df7579006748a00c271bb03d22b17ae89 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Evrard Date: Thu, 31 Aug 2017 09:16:07 +0000 Subject: [PATCH] Ensure the user_secrets file is updated We shouldn't allow any arbitrary secret file to be updated in the leap process, but instead ensuring the file present in J/K/L will be properly updated to the end of the process. If you had set the variable in those playbooks, you would naturally CREATE a new file, alongside the existing user_secrets, with the risks of: - Having different values - Having precedence issues depending on the file name Change-Id: I2873318e2f1fd34673e95f8eb77a0001d649df1e --- .../playbooks/user-secrets-adjustment-mitaka.yml | 8 +++----- .../playbooks/user-secrets-adjustment-newton.yml | 10 ++++------ 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/leap-upgrades/upgrade-utilities-mitaka/playbooks/user-secrets-adjustment-mitaka.yml b/leap-upgrades/upgrade-utilities-mitaka/playbooks/user-secrets-adjustment-mitaka.yml index 055dd62e..a964e1c7 100644 --- a/leap-upgrades/upgrade-utilities-mitaka/playbooks/user-secrets-adjustment-mitaka.yml +++ b/leap-upgrades/upgrade-utilities-mitaka/playbooks/user-secrets-adjustment-mitaka.yml @@ -24,11 +24,9 @@ register: secrets - name: Add missing secret shell: | - if ! grep '^{{ item }}' /etc/openstack_deploy/{{ _osa_secrets_file_name }}; then - echo {{ item }} | tee -a /etc/openstack_deploy/{{ _osa_secrets_file_name }} + if ! grep '^{{ item }}' /etc/openstack_deploy/user_secrets.yml; then + echo {{ item }} | tee -a /etc/openstack_deploy/user_secrets.yml fi with_items: secrets.stdout_lines - name: Generate new secrets - shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/{{ _osa_secrets_file_name }}" - vars: - _osa_secrets_file_name: "{{ osa_secrets_file_name | default('user_secrets.yml') }}" + shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml" diff --git a/leap-upgrades/upgrade-utilities-newton/playbooks/user-secrets-adjustment-newton.yml b/leap-upgrades/upgrade-utilities-newton/playbooks/user-secrets-adjustment-newton.yml index 876d804b..9305801b 100644 --- a/leap-upgrades/upgrade-utilities-newton/playbooks/user-secrets-adjustment-newton.yml +++ b/leap-upgrades/upgrade-utilities-newton/playbooks/user-secrets-adjustment-newton.yml @@ -24,22 +24,20 @@ register: secrets - name: Rename changed secrets lineinfile: - dest: "/etc/openstack_deploy/{{ _osa_secrets_file_name }}" + dest: "/etc/openstack_deploy/user_secrets.yml" regexp: "^{{ item.old_name }}: (.*)$" line: "{{ item.new_name }}: \\1" backrefs: yes with_items: - { old_name: "ironic_galera_password", new_name: "ironic_container_mysql_password" } - name: Read user secrets file - shell: "grep '^[a-zA-Z]' /etc/openstack_deploy/{{ _osa_secrets_file_name }}" + shell: "grep '^[a-zA-Z]' /etc/openstack_deploy/user_secrets.yml" register: user_secrets - name: Add missing secrets lineinfile: - dest: "/etc/openstack_deploy/{{ _osa_secrets_file_name }}" + dest: "/etc/openstack_deploy/user_secrets.yml" line: "{{ item }}" with_items: "{{ secrets.stdout_lines }}" when: user_secrets.stdout.find("{{ item }}") == -1 - name: Generate new secrets - shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/{{ _osa_secrets_file_name }}" - vars: - _osa_secrets_file_name: "{{ osa_secrets_file_name | default('user_secrets.yml') }}" + shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml"