Skip updating service password by default
At the moment we always do attempt to reset passwords for the
keystone services, which in some cases leads to race conditions in
services. Thus, running a role is not idempotent which we fix by
introducing a `service_update_password` variable. So whenever password
needs to be reseted/updated, the variable should be supplied for that.
Change-Id: I11b1046ea91cef7de0b2f6433baabbb144e07700
Closes-Bug: #2023370
(cherry picked from commit f35126af68
)
This commit is contained in:
parent
e6ce7a42e1
commit
88a8bfcd62
@ -0,0 +1,14 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Added variable ``service_update_password`` that will control whether
|
||||
password should be updated, which defaults to `False`. This changes
|
||||
previous behaviour when service passwords were always updated in
|
||||
the keystone on role run.
|
||||
Please use this variable whenever you need to update a password for
|
||||
the service.
|
||||
fixes:
|
||||
- |
|
||||
Different race conditions in services are fixed when keystone password
|
||||
is forcefully reseted.
|
||||
Closes Bug: `#2023370 <https://bugs.launchpad.net/openstack-ansible/+bug/2023370>`_
|
@ -77,7 +77,7 @@
|
||||
default_project: "{{ (default_project is truthy) | ternary(default_project, omit) }}"
|
||||
endpoint_type: admin
|
||||
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
|
||||
update_password: always
|
||||
update_password: "{{ (service_update_password | default(False) | bool) | ternary('always', omit) }}"
|
||||
register: add_service
|
||||
when:
|
||||
- not (_service_in_ldap | default(False) | bool)
|
||||
|
Loading…
Reference in New Issue
Block a user