Skip updating service password by default
At the moment we always do attempt to reset passwords for the keystone services, which in some cases leads to race conditions in services. Thus, running a role is not idempotent which we fix by introducing a `service_update_password` variable. So whenever password needs to be reseted/updated, the variable should be supplied for that. Change-Id: I11b1046ea91cef7de0b2f6433baabbb144e07700 Closes-Bug: #2023370
This commit is contained in:
parent
a4357fbb9a
commit
f35126af68
@ -0,0 +1,14 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Added variable ``service_update_password`` that will control whether
|
||||
password should be updated, which defaults to `False`. This changes
|
||||
previous behaviour when service passwords were always updated in
|
||||
the keystone on role run.
|
||||
Please use this variable whenever you need to update a password for
|
||||
the service.
|
||||
fixes:
|
||||
- |
|
||||
Different race conditions in services are fixed when keystone password
|
||||
is forcefully reseted.
|
||||
Closes Bug: `#2023370 <https://bugs.launchpad.net/openstack-ansible/+bug/2023370>`_
|
@ -77,7 +77,7 @@
|
||||
default_project: "{{ (default_project is truthy) | ternary(default_project, omit) }}"
|
||||
endpoint_type: admin
|
||||
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
|
||||
update_password: always
|
||||
update_password: "{{ (service_update_password | default(False) | bool) | ternary('always', omit) }}"
|
||||
register: add_service
|
||||
when:
|
||||
- not (_service_in_ldap | default(False) | bool)
|
||||
|
Loading…
Reference in New Issue
Block a user