From 6b19ea5e3e9733f72675544c66a346bb914ef695 Mon Sep 17 00:00:00 2001 From: ramishra Date: Fri, 5 Feb 2021 08:22:25 +0530 Subject: [PATCH] Write passwords to env file when rotating Now that we've removed the plan, we should generate an environmnent file with rotated passwords which should be used in the next overcloud deploy. When we move to ephemeral heat stack this would update wherever initial passwords are stored. Change-Id: I02541adfec2fa604e728aece343e7f0722b84ec6 --- .../playbooks/rotate-passwords.yaml | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/tripleo_ansible/playbooks/rotate-passwords.yaml b/tripleo_ansible/playbooks/rotate-passwords.yaml index dca917a4f..8de08f338 100644 --- a/tripleo_ansible/playbooks/rotate-passwords.yaml +++ b/tripleo_ansible/playbooks/rotate-passwords.yaml @@ -21,15 +21,35 @@ gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" any_errors_fatal: true vars: - container: overcloud + stack: overcloud password_list: [] hide_sensitive_logs: true tasks: - - name: Rotate passwords in plan + - name: Set passwords_environment_path + set_fact: + passwords_environment_path: "{{ lookup('env', 'HOME')~'/rotated_passwords.yaml'}}" + when: passwords_environment_path is not defined + + - name: Rotate passwords tripleo_passwords_rotate: container: "{{ container }}" password_list: "{{ password_list }}" no_log: "{{ hide_sensitive_logs | bool }}" + register: rotated_passwords_result + - name: Write password file + no_log: "{{ hide_sensitive_logs | bool }}" + block: + - name: Create password parameter fact + set_fact: + passwords_params_env: "{{ {'parameter_defaults': (rotated_passwords_result['passwords'] | default({}))} }}" + + - name: Write password environment file + copy: + dest: "{{ passwords_environment_path }}" + content: "{{ passwords_params_env | to_nice_yaml(indent=2) }}" + when: + - passwords_environment_path is defined + - rotated_passwords_result is defined tags: - rotate-passwords