Browse Source

Ensure that the playbooks and roles can display debug data when enabled

This change will enable or disable no_log and debug options whenever the
verbosity is set to an integer greater than 2. This will ensure operators and
deployers are best equipped to troubleshoot issues by dynamically providing
additional data in an expected way. To ensure we're able to differentiate
between output masking and security masking, two options were used to enable or
disable no_log across our roles and playbooks.

> All debug options, without security implications, will now react to the
  `ansible_verbosity` built in by default. Changes have been made to our
  skeleton role to ensure this is enforced on all new roles created going
  forward.

> An additional prefixed role option, `*_hide_sensitive_logs`, has been added to
  allow operators to easily toggle sensitive output when required. The role
  prefixed variables will respond to the global option `hide_sensitive_logs` as
  defined in THT which will ensure a consistent user experience.

Depends-On: I84f3982811ade59bac5ebaf3a124f9bfa6fa22a4
Change-Id: Ia6658110326899107a0e277f0d2574c79a8a820b
Signed-off-by: Kevin Carter <kecarter@redhat.com>
changes/06/715006/25
Kevin Carter 2 years ago
committed by Kevin Carter (cloudnull)
parent
commit
65e6e5b035
  1. 3
      _skeleton_role_/defaults/main.yml.j2
  2. 7
      tripleo_ansible/playbooks/cli-create-deployment-plan.yaml
  3. 9
      tripleo_ansible/playbooks/cli-undercloud-backup.yaml
  4. 6
      tripleo_ansible/playbooks/cli-update-deployment-plan.yaml
  5. 3
      tripleo_ansible/playbooks/rotate-fernet-keys.yaml
  6. 139
      tripleo_ansible/playbooks/rotate-keys.yaml
  7. 4
      tripleo_ansible/playbooks/rotate-passwords.yaml
  8. 1
      tripleo_ansible/roles/aide/defaults/main.yml
  9. 2
      tripleo_ansible/roles/aide/tasks/aide_config.yml
  10. 2
      tripleo_ansible/roles/aide/tasks/aide_upgrade.yml
  11. 3
      tripleo_ansible/roles/backup_and_restore/defaults/main.yml
  12. 6
      tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml
  13. 2
      tripleo_ansible/roles/login_defs/defaults/main.yml
  14. 2
      tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml
  15. 20
      tripleo_ansible/roles/tripleo_ceph_run_ansible/defaults/main.yml
  16. 4
      tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml
  17. 2
      tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml
  18. 2
      tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml
  19. 3
      tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml
  20. 2
      tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml
  21. 4
      tripleo_ansible/roles/tripleo_container_manage/tasks/podman/create.yml
  22. 4
      tripleo_ansible/roles/tripleo_container_manage/tasks/podman/exec.yml
  23. 2
      tripleo_ansible/roles/tripleo_container_manage/tasks/podman/get_commands_exec.yml
  24. 2
      tripleo_ansible/roles/tripleo_container_manage/tasks/podman/start_order.yml
  25. 2
      tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml
  26. 2
      tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml
  27. 2
      tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml
  28. 2
      tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml
  29. 2
      tripleo_ansible/roles/tripleo_packages/defaults/main.yml
  30. 3
      tripleo_ansible/roles/tripleo_podman/defaults/main.yml
  31. 2
      tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml
  32. 3
      tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml
  33. 2
      tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml
  34. 2
      tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml
  35. 2
      tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml
  36. 2
      tripleo_ansible/roles/tripleo_transfer/defaults/main.yml
  37. 2
      tripleo_ansible/roles/tripleo_transfer/tasks/main.yml

3
_skeleton_role_/defaults/main.yml.j2

@ -18,4 +18,5 @@
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}"
tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_debug: false
tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_debug: {% raw %}"{{ (ansible_verbosity | int) >= 2 | bool }}"{% endraw %}
tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_hide_sensitive_logs: true

7
tripleo_ansible/playbooks/cli-create-deployment-plan.yaml

@ -28,6 +28,7 @@
default_templates_dir: '/usr/share/openstack-tripleo-heat-templates/'
use_default_templates: false
validate_stack: true
hide_sensitive_logs: true
handlers:
- name: Cleanup temp directory
@ -45,7 +46,7 @@
os_password: "{{ lookup('env', 'OS_PASSWORD') }}"
os_project_name: "{{ lookup('env', 'OS_PROJECT_NAME') }}"
run_once: true
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}"
no_log: "{{ hide_sensitive_logs | bool }}"
tasks:
- name: crate container and upload templates
@ -58,7 +59,7 @@
--os-project-name "{{ os_project_name }}"
--auth-version "{{ auth_version }}"
post "{{ container }}" --header 'x-container-meta-usage-tripleo:plan'
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}"
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Create temp directory
tempfile:
@ -100,7 +101,7 @@
tripleo_passwords_rotate:
container: "{{ container }}"
when: generate_passwords|bool
no_log: true
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Prepare Container images and update plan
tripleo_image_params_prepare:

9
tripleo_ansible/playbooks/cli-undercloud-backup.yaml

@ -21,6 +21,7 @@
any_errors_fatal: true
vars:
sources_path: "{{ lookup('env', 'HOME') }}"
hide_sensitive_logs: true
handlers:
# Perform some cleanup
- name: cleanup the backup
@ -80,17 +81,17 @@
slurp:
src: "{{ ansible_home }}/tripleo-undercloud-passwords.yaml"
register: tripleo_undercloud_passwords
no_log: true
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Set mysql root password
set_fact:
MysqlRootPassword: "{{ (tripleo_undercloud_passwords['content'] | b64decode | from_yaml)['parameter_defaults']['MysqlRootPassword'] }}"
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}"
no_log: "{{ hide_sensitive_logs | bool }}"
rescue:
- name: Set mysql root password (fallback)
set_fact:
MysqlRootPassword: "{{ lookup('ini', 'undercloud_mysql_root_password section=auth file=' ~ ansible_home ~ '/undercloud-passwords.conf') }}"
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}"
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Create the names for the temporary backup files
set_fact:
@ -109,7 +110,7 @@
-p{{ MysqlRootPassword }} \
--opt \
--all-databases | gzip > {{ db_path }}
no_log: true
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Backup the filesystem
become: true

6
tripleo_ansible/playbooks/cli-update-deployment-plan.yaml

@ -26,6 +26,7 @@
generate_passwords: true
reset_passwords: false
validate_stack: true
hide_sensitive_logs: true
handlers:
- name: Cleanup temp directory
@ -64,8 +65,9 @@
tripleo_passwords_rotate:
container: "{{ container }}"
rotate_passwords: "{{ reset_passwords }}"
when: generate_passwords|bool or reset_passwords|bool
no_log: true
when:
- (generate_passwords | bool) or (reset_passwords | bool)
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Prepare Container images and update plan
tripleo_image_params_prepare:

3
tripleo_ansible/playbooks/rotate-fernet-keys.yaml

@ -22,13 +22,14 @@
any_errors_fatal: true
vars:
container: overcloud
hide_sensitive_logs: true
tasks:
- name: Rotate keys and update plan
tripleo_fernet_keys_rotate:
container: "{{ container }}"
register: fernet_keys
no_log: true
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Rotate fernet keys on controller nodes
import_playbook: rotate-keys.yaml fernet_keys="{{ hostvars['undercloud']['fernet_keys']['fernet_keys'] }}"

139
tripleo_ansible/playbooks/rotate-keys.yaml

@ -1,75 +1,92 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- hosts: keystone
vars:
hide_sensitive_logs: true
tasks:
- name: Check for containerized keystone fernet repository
stat:
path: /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/
register: containerized_keystone_dir
- name: Check for containerized keystone fernet repository
stat:
path: /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/
register: containerized_keystone_dir
- name: populate service facts
service_facts:
- name: populate service facts
service_facts:
- name: Set container facts
set_fact:
is_container: "{{ containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir }}"
podman_enabled: "{{ 'tripleo_keystone.service' in ansible_facts.services }}"
- name: Set container facts
set_fact:
is_container: "{{ containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir }}"
podman_enabled: "{{ 'tripleo_keystone.service' in ansible_facts.services }}"
- name: Rotate fernet keys for keystone container
block:
- name: Set keystone facts
set_fact:
keystone_base: /var/lib/config-data/puppet-generated/keystone
- name: Rotate fernet keys for keystone container
block:
- name: Set keystone facts
set_fact:
keystone_base: /var/lib/config-data/puppet-generated/keystone
- name: Remove previous fernet keys
shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/*
args:
warn: false
- name: Remove previous fernet keys
shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/*
args:
warn: false
- name: Persist fernet keys to repository
copy:
dest: "{{ keystone_base }}{{ item.key }}"
content: "{{ item.value.content }}"
mode: 0600
with_dict: "{{ fernet_keys }}"
no_log: true
- name: Persist fernet keys to repository
copy:
dest: "{{ keystone_base }}{{ item.key }}"
content: "{{ item.value.content }}"
mode: 0600
with_dict: "{{ fernet_keys }}"
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Set permissions to match container's user
shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }}
with_dict: "{{ fernet_keys }}"
no_log: true
- name: Set permissions to match container's user
shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }}
with_dict: "{{ fernet_keys }}"
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}"
- name: Restart keystone container with docker
shell: docker restart keystone
when: not podman_enabled
- name: Restart keystone container with docker
shell: docker restart keystone
when: not podman_enabled
- name: Restart keystone container
service:
name: tripleo_keystone
state: restarted
when: podman_enabled
when:
- is_container | bool
- name: Restart keystone container
service:
name: tripleo_keystone
state: restarted
when: podman_enabled
when:
- is_container | bool
- name: Rotate fernet keys for keystone (no container)
block:
- name: Remove previous fernet keys
shell: rm -rf /etc/keystone/fernet-keys/*
args:
warn: false
- name: Rotate fernet keys for keystone (no container)
block:
- name: Remove previous fernet keys
shell: rm -rf /etc/keystone/fernet-keys/*
args:
warn: false
- name: Persist fernet keys to repository
copy:
dest: "{{ item.key }}"
content: "{{ item.value.content }}"
mode: 0600
owner: keystone
group: keystone
with_dict: "{{ fernet_keys }}"
no_log: true
- name: Persist fernet keys to repository
copy:
dest: "{{ item.key }}"
content: "{{ item.value.content }}"
mode: 0600
owner: keystone
group: keystone
with_dict: "{{ fernet_keys }}"
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Reload apache
service:
name: httpd
state: reloaded
when:
- not (is_container | bool)
- name: Reload apache
service:
name: httpd
state: reloaded
when:
- not (is_container | bool)

4
tripleo_ansible/playbooks/rotate-passwords.yaml

@ -23,13 +23,13 @@
vars:
container: overcloud
password_list: []
hide_sensitive_logs: true
tasks:
- name: Rotate passwords in plan
tripleo_passwords_rotate:
container: "{{ container }}"
password_list: "{{ password_list }}"
no_log: true
no_log: "{{ hide_sensitive_logs | bool }}"
tags:
- rotate-passwords

1
tripleo_ansible/roles/aide/defaults/main.yml

@ -19,6 +19,7 @@
# Packages installed on the local system. Allows user to define this list
# otherwise it will inherit from the OS specific variable file(s).
aide_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
aide_system_packages: "{{ _aide_system_packages | default([]) }}"
# A hash of Aide rules

2
tripleo_ansible/roles/aide/tasks/aide_config.yml

@ -39,7 +39,7 @@
command: >-
/usr/sbin/aide --init --config {{ aide_conf_path }}
changed_when: false
no_log: true
no_log: "{{ not (aide_debug | bool) }}"
args:
creates: "{{ aide_db_path }}"

2
tripleo_ansible/roles/aide/tasks/aide_upgrade.yml

@ -24,7 +24,7 @@
command: >-
/usr/sbin/aide --init --config {{ aide_conf_path }}
changed_when: false
no_log: true
no_log: "{{ not (aide_debug | bool) }}"
- name: Check for tmp aide db
stat:

3
tripleo_ansible/roles/backup_and_restore/defaults/main.yml

@ -16,6 +16,8 @@
# All variables intended for modification should be placed in this file.
tripleo_backup_and_restore_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
tripleo_backup_and_restore_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
# Set the container command line entry-point
tripleo_container_cli: "{{ container_cli | default('podman') }}"
@ -26,7 +28,6 @@ tripleo_backup_and_restore_service_manager: true
tripleo_backup_and_restore_mysql_container: mysql
# All variables within this role should have a prefix of "tripleo_backup_and_restore"
tripleo_backup_and_restore_debug: false
# By default this should be the Undercloud node
tripleo_backup_and_restore_nfs_server: 192.168.24.1
tripleo_backup_and_restore_nfs_storage_folder: /ctl_plane_backups

6
tripleo_ansible/roles/backup_and_restore/tasks/db_backup.yml

@ -20,7 +20,7 @@
hiera -c '{{ tripleo_backup_and_restore_hiera_config_file }}' 'mysql::server::root_password'
when: mysql_password is undefined
register: mysql_password
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}"
no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}"
become: true
tags:
- bar_create_recover_image
@ -76,7 +76,7 @@
when: mysql_password.stderr is defined
tags:
- bar_create_recover_image
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}"
no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}"
- name: MySQL BBDDs backup
shell: |
@ -89,7 +89,7 @@
when: mysql_password.stderr is defined
tags:
- bar_create_recover_image
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}"
no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}"
- name: Pause mysql.
command: "{{ tripleo_container_cli }} pause {{ tripleo_backup_and_restore_mysql_container }}"

2
tripleo_ansible/roles/login_defs/defaults/main.yml

@ -14,7 +14,7 @@
# License for the specific language governing permissions and limitations
# under the License.
tripleo_login_defs_debug: false
tripleo_login_defs_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
# The maximum number of days a password may be used
tripleo_login_defs_password_max_days: 60

2
tripleo_ansible/roles/tripleo_cellv2/defaults/main.yml

@ -17,7 +17,7 @@
# All variables intended for modification should be placed in this file.
tripleo_cellv2_debug: false
tripleo_cellv2_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_cellv2_cell_name: ""
# containercli can be tropped when we fully switched to podman
tripleo_cellv2_containercli: "docker"

20
tripleo_ansible/roles/tripleo_ceph_run_ansible/defaults/main.yml

@ -0,0 +1,20 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should be placed in this file.
tripleo_ceph_run_ansible_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
tripleo_ceph_run_ansible_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"

4
tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml

@ -119,7 +119,7 @@
shell: "{{ item }}"
# We want the output chunked into bits to prevent
# overflowing Zaqar message size
no_log: true
no_log: "{{ not (tripleo_ceph_run_ansible_debug | bool) }}"
failed_when: false
register: outputs
tags: run_ceph_ansible
@ -129,7 +129,7 @@
- name: search output of ceph-ansible run(s) non-zero return codes
set_fact:
ceph_ansible_std_out_err: "{{ item.stdout_lines | default([]) | union(item.stderr_lines | default([])) }}"
no_log: true
no_log: "{{ tripleo_ceph_run_ansible_hide_sensitive_logs | bool }}"
when:
- item.rc is defined
- item.rc != 0

2
tripleo_ansible/roles/tripleo_container_image_prepare/defaults/main.yml

@ -18,7 +18,7 @@
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_container_image_prepare"
tripleo_container_image_prepare_debug: false
tripleo_container_image_prepare_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_container_image_prepare_content: {}
tripleo_container_image_prepare_roles: []
tripleo_container_image_prepare_log_file: /var/log/tripleo-container-image-prepare.log

2
tripleo_ansible/roles/tripleo_container_image_prepare/tasks/main.yml

@ -57,7 +57,7 @@
{% if (tripleo_container_image_prepare_debug | bool) %}
--debug
{% endif %}
no_log: "{{ not (tripleo_container_image_prepare_debug | bool) }}"
no_log: "{{ not tripleo_container_image_prepare_debug | bool }}"
when:
- (tripleo_container_image_prepare_content | dict2items | length) > 0
- (tripleo_container_image_prepare_roles | length) > 0

3
tripleo_ansible/roles/tripleo_container_manage/defaults/main.yml

@ -16,6 +16,8 @@
# All variables intended for modification should place placed in this file.
tripleo_container_manage_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
tripleo_container_manage_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
# All variables within this role should have a prefix of "tripleo_container_manage"
tripleo_container_manage_check_puppet_config: false
@ -25,7 +27,6 @@ tripleo_container_manage_config: "/var/lib/tripleo-config/"
tripleo_container_manage_config_id: tripleo
tripleo_container_manage_config_overrides: {}
tripleo_container_manage_config_patterns: '*.json'
tripleo_container_manage_debug: false
# Some containers where Puppet is run, can take up to 10 minutes to finish
# in slow environments.
tripleo_container_manage_create_retries: 120

2
tripleo_ansible/roles/tripleo_container_manage/tasks/delete_orphan.yml

@ -17,7 +17,7 @@
- name: Gather podman infos
podman_container_info: {}
register: podman_containers
no_log: "{{ not tripleo_container_manage_debug }}"
no_log: "{{ not (tripleo_container_manage_debug | bool) }}"
when:
- tripleo_container_manage_cli == 'podman'

4
tripleo_ansible/roles/tripleo_container_manage/tasks/podman/create.yml

@ -27,7 +27,7 @@
config_id=tripleo_container_manage_config_id, clean_orphans=False) }}
- name: "Async container create/run"
no_log: "{{ not tripleo_container_manage_debug }}"
no_log: "{{ tripleo_container_manage_hide_sensitive_logs | bool }}"
async: "{{ (not ansible_check_mode | bool) | ternary('600', omit) }}"
poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}"
register: create_async_results
@ -84,7 +84,7 @@
volumes_from: "{{ lookup('dict', container_data).value.volumes_from | default([]) }}"
- name: "Check podman create status"
no_log: "{{ not tripleo_container_manage_debug }}"
no_log: "{{ not (tripleo_container_manage_debug | bool) }}"
async_status:
jid: "{{ create_async_result_item.ansible_job_id }}"
loop: "{{ create_async_results.results }}"

4
tripleo_ansible/roles/tripleo_container_manage/tasks/podman/exec.yml

@ -22,7 +22,7 @@
when: not ansible_check_mode|bool
- name: "Async container exec"
no_log: "{{ not tripleo_container_manage_debug }}"
no_log: "{{ not (tripleo_container_manage_debug | bool) }}"
command:
argv: "{{ lookup('dict', container_exec_data).value | container_exec_cmd(cli=tripleo_container_manage_cli) }}"
async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}"
@ -34,7 +34,7 @@
when: not ansible_check_mode|bool
- name: "Check podman exec status"
no_log: "{{ not tripleo_container_manage_debug }}"
no_log: "{{ not (tripleo_container_manage_debug | bool) }}"
async_status:
jid: "{{ exec_async_result_item.ansible_job_id }}"
loop: "{{ exec_async_results.results }}"

2
tripleo_ansible/roles/tripleo_container_manage/tasks/podman/get_commands_exec.yml

@ -15,7 +15,7 @@
# under the License.
- name: "Create a list of podman exec commands that are run"
no_log: "{{ not tripleo_container_manage_debug }}"
no_log: "{{ not (tripleo_container_manage_debug | bool) }}"
set_fact:
containers_commands: >-
{{ (containers_commands | default([])) + ([lookup('dict', container_exec_data).value |

2
tripleo_ansible/roles/tripleo_container_manage/tasks/podman/start_order.yml

@ -17,7 +17,7 @@
- name: Gather podman infos
podman_container_info: {}
register: podman_containers
no_log: "{{ not tripleo_container_manage_debug }}"
no_log: "{{ tripleo_container_manage_hide_sensitive_logs | bool }}"
when:
- tripleo_container_manage_cli == 'podman'

2
tripleo_ansible/roles/tripleo_hosts_entries/defaults/main.yml

@ -18,7 +18,7 @@
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_hosts_entries"
tripleo_hosts_entries_debug: false
tripleo_hosts_entries_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_hosts_entries_hosts_path: /etc/hosts
tripleo_hosts_entries_undercloud_hosts_entries: ""
tripleo_hosts_entries_extra_hosts_entries: ""

2
tripleo_ansible/roles/tripleo_nova_image_cache/defaults/main.yml

@ -18,7 +18,7 @@
# All variables intended for modification should place placed in this file.
# All variables within this role should have a prefix of "tripleo_nova_image_cache"
tripleo_nova_image_cache_debug: false
tripleo_nova_image_cache_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_nova_image_cache_images: []
tripleo_nova_image_cache_use_proxy: false
tripleo_nova_image_cache_proxy_hostname: "{{ ansible_play_batch[0] }}"

2
tripleo_ansible/roles/tripleo_nvdimm/defaults/main.yml

@ -18,4 +18,4 @@
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_tripleo_nvdimm"
tripleo_tripleo_nvdimm_debug: false
tripleo_tripleo_nvdimm_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"

2
tripleo_ansible/roles/tripleo_ovs_dpdk/defaults/main.yml

@ -18,7 +18,7 @@
# All variables intended for modification should place placed in this file.
# All variables within this role should have a prefix of "tripleo_ovs_dpdk"
tripleo_ovs_dpdk_debug: false
tripleo_ovs_dpdk_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_ovs_dpdk_pmd_core_list: ""
tripleo_ovs_dpdk_lcore_list: ""
tripleo_ovs_dpdk_memory_channels: 4

2
tripleo_ansible/roles/tripleo_packages/defaults/main.yml

@ -60,7 +60,7 @@ tripleo_packages_fast_forward_custom_repo_script_content: |
tripleo_packages_upgrade_leapp_enabled: true
# Print debugging output when running Leapp
tripleo_packages_upgrade_leapp_debug: true
tripleo_packages_upgrade_leapp_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
# Skip RHSM when running Leapp in development/testing.
tripleo_packages_upgrade_leapp_devel_skip_rhsm: false

3
tripleo_ansible/roles/tripleo_podman/defaults/main.yml

@ -16,6 +16,8 @@
# All variables intended for modification should be placed in this file.
tripleo_podman_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
tripleo_podman_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
tripleo_container_registry_insecure_registries: []
tripleo_container_registry_login: false
@ -23,7 +25,6 @@ tripleo_container_registry_logins: {}
tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}"
tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}"
tripleo_podman_tls_verify: true
tripleo_podman_debug: false
tripleo_podman_unqualified_search_registries:
- registry.redhat.io
- registry.access.redhat.com

2
tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_login.yml

@ -26,6 +26,6 @@
REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}"
REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}"
REGISTRY: "{{ item.key }}"
no_log: "{{ not tripleo_podman_debug|bool }}"
no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}"
loop: "{{ query('dict', tripleo_container_registry_logins) }}"
register: registry_login_podman

3
tripleo_ansible/roles/tripleo_puppet_cache/defaults/main.yml

@ -16,8 +16,11 @@
# All variables intended for modification should be placed in this file.
tripleo_puppet_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
tripleo_puppet_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
# All variables within this role should have a prefix of "tripleo_puppet_cache"
tripleo_puppet_cache_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
tripleo_puppet_cache_base_dir: /var/lib/container-puppet/puppetlabs
tripleo_puppet_cache_config: |
facts : {

2
tripleo_ansible/roles/tripleo_puppet_cache/tasks/main.yml

@ -82,7 +82,7 @@
shell: facter --config "{{ tripleo_puppet_cache_base_dir }}/facter.conf"
retries: 5
delay: 5
no_log: true
no_log: "{{ tripleo_puppet_hide_sensitive_logs | bool }}"
failed_when: false
register: _facter_cache_run

2
tripleo_ansible/roles/tripleo_redhat_enforce/defaults/main.yml

@ -18,7 +18,7 @@
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_redhat_enforce"
tripleo_redhat_enforce_debug: false
tripleo_redhat_enforce_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_redhat_enforce: false
tripleo_redhat_enforce_osp: ''
tripleo_redhat_enforce_os: ''

2
tripleo_ansible/roles/tripleo_systemd_wrapper/defaults/main.yml

@ -18,5 +18,5 @@
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_systemd_wrapper"
tripleo_systemd_wrapper_debug: false
tripleo_systemd_wrapper_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_systemd_wrapper_container_cli: podman

2
tripleo_ansible/roles/tripleo_transfer/defaults/main.yml

@ -23,7 +23,7 @@
# * `tripleo_transfer_src_dir` -- directory on the source host to transfer from
# * `tripleo_transfer_dest_host` -- the inventory name of the destination host
# * `tripleo_transfer_dest_dir` -- directory on the destination host to transfer to
tripleo_transfer_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
tripleo_transfer_storage_root_dir: /var/lib/mistral/tripleo-transfer
tripleo_transfer_storage_root_become: false
tripleo_transfer_src_become: true

2
tripleo_ansible/roles/tripleo_transfer/tasks/main.yml

@ -44,7 +44,7 @@
# Using the "archive" module lists lists all tarred files in module
# output, if there's too many files, it can crash ansible even with
# "no_log: true".
# "no_log: "{{ not tripleo_transfer_debug | bool }}"".
- name: create the archive
shell: |-
set -euo pipefail

Loading…
Cancel
Save