Ensure that the playbooks and roles can display debug data when enabled

This change will enable or disable no_log and debug options whenever the
verbosity is set to an integer greater than 2. This will ensure operators and
deployers are best equipped to troubleshoot issues by dynamically providing
additional data in an expected way. To ensure we're able to differentiate
between output masking and security masking, two options were used to enable or
disable no_log across our roles and playbooks.

> All debug options, without security implications, will now react to the
  `ansible_verbosity` built in by default. Changes have been made to our
  skeleton role to ensure this is enforced on all new roles created going
  forward.

> An additional prefixed role option, `*_hide_sensitive_logs`, has been added to
  allow operators to easily toggle sensitive output when required. The role
  prefixed variables will respond to the global option `hide_sensitive_logs` as
  defined in THT which will ensure a consistent user experience.

Depends-On: I84f3982811ade59bac5ebaf3a124f9bfa6fa22a4
Change-Id: Ia6658110326899107a0e277f0d2574c79a8a820b
Signed-off-by: Kevin Carter <kecarter@redhat.com>
This commit is contained in:
Kevin Carter 2020-03-25 12:02:01 -05:00 committed by Kevin Carter (cloudnull)
parent c241070e4a
commit 65e6e5b035
37 changed files with 156 additions and 106 deletions

View File

@ -18,4 +18,5 @@
# All variables intended for modification should be placed in this file. # All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}" # All variables within this role should have a prefix of "tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}"
tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_debug: false tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_debug: {% raw %}"{{ (ansible_verbosity | int) >= 2 | bool }}"{% endraw %}
tripleo_{{ role_name | replace('tripleo-', '') | replace('-', '_') }}_hide_sensitive_logs: true

View File

@ -28,6 +28,7 @@
default_templates_dir: '/usr/share/openstack-tripleo-heat-templates/' default_templates_dir: '/usr/share/openstack-tripleo-heat-templates/'
use_default_templates: false use_default_templates: false
validate_stack: true validate_stack: true
hide_sensitive_logs: true
handlers: handlers:
- name: Cleanup temp directory - name: Cleanup temp directory
@ -45,7 +46,7 @@
os_password: "{{ lookup('env', 'OS_PASSWORD') }}" os_password: "{{ lookup('env', 'OS_PASSWORD') }}"
os_project_name: "{{ lookup('env', 'OS_PROJECT_NAME') }}" os_project_name: "{{ lookup('env', 'OS_PROJECT_NAME') }}"
run_once: true run_once: true
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" no_log: "{{ hide_sensitive_logs | bool }}"
tasks: tasks:
- name: crate container and upload templates - name: crate container and upload templates
@ -58,7 +59,7 @@
--os-project-name "{{ os_project_name }}" --os-project-name "{{ os_project_name }}"
--auth-version "{{ auth_version }}" --auth-version "{{ auth_version }}"
post "{{ container }}" --header 'x-container-meta-usage-tripleo:plan' post "{{ container }}" --header 'x-container-meta-usage-tripleo:plan'
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" no_log: "{{ hide_sensitive_logs | bool }}"
- name: Create temp directory - name: Create temp directory
tempfile: tempfile:
@ -100,7 +101,7 @@
tripleo_passwords_rotate: tripleo_passwords_rotate:
container: "{{ container }}" container: "{{ container }}"
when: generate_passwords|bool when: generate_passwords|bool
no_log: true no_log: "{{ hide_sensitive_logs | bool }}"
- name: Prepare Container images and update plan - name: Prepare Container images and update plan
tripleo_image_params_prepare: tripleo_image_params_prepare:

View File

@ -21,6 +21,7 @@
any_errors_fatal: true any_errors_fatal: true
vars: vars:
sources_path: "{{ lookup('env', 'HOME') }}" sources_path: "{{ lookup('env', 'HOME') }}"
hide_sensitive_logs: true
handlers: handlers:
# Perform some cleanup # Perform some cleanup
- name: cleanup the backup - name: cleanup the backup
@ -80,17 +81,17 @@
slurp: slurp:
src: "{{ ansible_home }}/tripleo-undercloud-passwords.yaml" src: "{{ ansible_home }}/tripleo-undercloud-passwords.yaml"
register: tripleo_undercloud_passwords register: tripleo_undercloud_passwords
no_log: true no_log: "{{ hide_sensitive_logs | bool }}"
- name: Set mysql root password - name: Set mysql root password
set_fact: set_fact:
MysqlRootPassword: "{{ (tripleo_undercloud_passwords['content'] | b64decode | from_yaml)['parameter_defaults']['MysqlRootPassword'] }}" MysqlRootPassword: "{{ (tripleo_undercloud_passwords['content'] | b64decode | from_yaml)['parameter_defaults']['MysqlRootPassword'] }}"
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" no_log: "{{ hide_sensitive_logs | bool }}"
rescue: rescue:
- name: Set mysql root password (fallback) - name: Set mysql root password (fallback)
set_fact: set_fact:
MysqlRootPassword: "{{ lookup('ini', 'undercloud_mysql_root_password section=auth file=' ~ ansible_home ~ '/undercloud-passwords.conf') }}" MysqlRootPassword: "{{ lookup('ini', 'undercloud_mysql_root_password section=auth file=' ~ ansible_home ~ '/undercloud-passwords.conf') }}"
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" no_log: "{{ hide_sensitive_logs | bool }}"
- name: Create the names for the temporary backup files - name: Create the names for the temporary backup files
set_fact: set_fact:
@ -109,7 +110,7 @@
-p{{ MysqlRootPassword }} \ -p{{ MysqlRootPassword }} \
--opt \ --opt \
--all-databases | gzip > {{ db_path }} --all-databases | gzip > {{ db_path }}
no_log: true no_log: "{{ hide_sensitive_logs | bool }}"
- name: Backup the filesystem - name: Backup the filesystem
become: true become: true

View File

@ -26,6 +26,7 @@
generate_passwords: true generate_passwords: true
reset_passwords: false reset_passwords: false
validate_stack: true validate_stack: true
hide_sensitive_logs: true
handlers: handlers:
- name: Cleanup temp directory - name: Cleanup temp directory
@ -64,8 +65,9 @@
tripleo_passwords_rotate: tripleo_passwords_rotate:
container: "{{ container }}" container: "{{ container }}"
rotate_passwords: "{{ reset_passwords }}" rotate_passwords: "{{ reset_passwords }}"
when: generate_passwords|bool or reset_passwords|bool when:
no_log: true - (generate_passwords | bool) or (reset_passwords | bool)
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Prepare Container images and update plan - name: Prepare Container images and update plan
tripleo_image_params_prepare: tripleo_image_params_prepare:

View File

@ -22,13 +22,14 @@
any_errors_fatal: true any_errors_fatal: true
vars: vars:
container: overcloud container: overcloud
hide_sensitive_logs: true
tasks: tasks:
- name: Rotate keys and update plan - name: Rotate keys and update plan
tripleo_fernet_keys_rotate: tripleo_fernet_keys_rotate:
container: "{{ container }}" container: "{{ container }}"
register: fernet_keys register: fernet_keys
no_log: true no_log: "{{ hide_sensitive_logs | bool }}"
- name: Rotate fernet keys on controller nodes - name: Rotate fernet keys on controller nodes
import_playbook: rotate-keys.yaml fernet_keys="{{ hostvars['undercloud']['fernet_keys']['fernet_keys'] }}" import_playbook: rotate-keys.yaml fernet_keys="{{ hostvars['undercloud']['fernet_keys']['fernet_keys'] }}"

View File

@ -1,75 +1,92 @@
--- ---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- hosts: keystone - hosts: keystone
vars:
hide_sensitive_logs: true
tasks: tasks:
- name: Check for containerized keystone fernet repository - name: Check for containerized keystone fernet repository
stat: stat:
path: /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/ path: /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/
register: containerized_keystone_dir register: containerized_keystone_dir
- name: populate service facts - name: populate service facts
service_facts: service_facts:
- name: Set container facts - name: Set container facts
set_fact: set_fact:
is_container: "{{ containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir }}" is_container: "{{ containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir }}"
podman_enabled: "{{ 'tripleo_keystone.service' in ansible_facts.services }}" podman_enabled: "{{ 'tripleo_keystone.service' in ansible_facts.services }}"
- name: Rotate fernet keys for keystone container - name: Rotate fernet keys for keystone container
block: block:
- name: Set keystone facts - name: Set keystone facts
set_fact: set_fact:
keystone_base: /var/lib/config-data/puppet-generated/keystone keystone_base: /var/lib/config-data/puppet-generated/keystone
- name: Remove previous fernet keys - name: Remove previous fernet keys
shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/* shell: rm -rf /var/lib/config-data/puppet-generated/keystone/etc/keystone/fernet-keys/*
args: args:
warn: false warn: false
- name: Persist fernet keys to repository - name: Persist fernet keys to repository
copy: copy:
dest: "{{ keystone_base }}{{ item.key }}" dest: "{{ keystone_base }}{{ item.key }}"
content: "{{ item.value.content }}" content: "{{ item.value.content }}"
mode: 0600 mode: 0600
with_dict: "{{ fernet_keys }}" with_dict: "{{ fernet_keys }}"
no_log: true no_log: "{{ hide_sensitive_logs | bool }}"
- name: Set permissions to match container's user - name: Set permissions to match container's user
shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }} shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }}
with_dict: "{{ fernet_keys }}" with_dict: "{{ fernet_keys }}"
no_log: true no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}"
- name: Restart keystone container with docker - name: Restart keystone container with docker
shell: docker restart keystone shell: docker restart keystone
when: not podman_enabled when: not podman_enabled
- name: Restart keystone container - name: Restart keystone container
service: service:
name: tripleo_keystone name: tripleo_keystone
state: restarted state: restarted
when: podman_enabled when: podman_enabled
when: when:
- is_container | bool - is_container | bool
- name: Rotate fernet keys for keystone (no container) - name: Rotate fernet keys for keystone (no container)
block: block:
- name: Remove previous fernet keys - name: Remove previous fernet keys
shell: rm -rf /etc/keystone/fernet-keys/* shell: rm -rf /etc/keystone/fernet-keys/*
args: args:
warn: false warn: false
- name: Persist fernet keys to repository - name: Persist fernet keys to repository
copy: copy:
dest: "{{ item.key }}" dest: "{{ item.key }}"
content: "{{ item.value.content }}" content: "{{ item.value.content }}"
mode: 0600 mode: 0600
owner: keystone owner: keystone
group: keystone group: keystone
with_dict: "{{ fernet_keys }}" with_dict: "{{ fernet_keys }}"
no_log: true no_log: "{{ hide_sensitive_logs | bool }}"
- name: Reload apache - name: Reload apache
service: service:
name: httpd name: httpd
state: reloaded state: reloaded
when: when:
- not (is_container | bool) - not (is_container | bool)

View File

@ -23,13 +23,13 @@
vars: vars:
container: overcloud container: overcloud
password_list: [] password_list: []
hide_sensitive_logs: true
tasks: tasks:
- name: Rotate passwords in plan - name: Rotate passwords in plan
tripleo_passwords_rotate: tripleo_passwords_rotate:
container: "{{ container }}" container: "{{ container }}"
password_list: "{{ password_list }}" password_list: "{{ password_list }}"
no_log: true no_log: "{{ hide_sensitive_logs | bool }}"
tags: tags:
- rotate-passwords - rotate-passwords

View File

@ -19,6 +19,7 @@
# Packages installed on the local system. Allows user to define this list # Packages installed on the local system. Allows user to define this list
# otherwise it will inherit from the OS specific variable file(s). # otherwise it will inherit from the OS specific variable file(s).
aide_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
aide_system_packages: "{{ _aide_system_packages | default([]) }}" aide_system_packages: "{{ _aide_system_packages | default([]) }}"
# A hash of Aide rules # A hash of Aide rules

View File

@ -39,7 +39,7 @@
command: >- command: >-
/usr/sbin/aide --init --config {{ aide_conf_path }} /usr/sbin/aide --init --config {{ aide_conf_path }}
changed_when: false changed_when: false
no_log: true no_log: "{{ not (aide_debug | bool) }}"
args: args:
creates: "{{ aide_db_path }}" creates: "{{ aide_db_path }}"

View File

@ -24,7 +24,7 @@
command: >- command: >-
/usr/sbin/aide --init --config {{ aide_conf_path }} /usr/sbin/aide --init --config {{ aide_conf_path }}
changed_when: false changed_when: false
no_log: true no_log: "{{ not (aide_debug | bool) }}"
- name: Check for tmp aide db - name: Check for tmp aide db
stat: stat:

View File

@ -16,6 +16,8 @@
# All variables intended for modification should be placed in this file. # All variables intended for modification should be placed in this file.
tripleo_backup_and_restore_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
tripleo_backup_and_restore_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
# Set the container command line entry-point # Set the container command line entry-point
tripleo_container_cli: "{{ container_cli | default('podman') }}" tripleo_container_cli: "{{ container_cli | default('podman') }}"
@ -26,7 +28,6 @@ tripleo_backup_and_restore_service_manager: true
tripleo_backup_and_restore_mysql_container: mysql tripleo_backup_and_restore_mysql_container: mysql
# All variables within this role should have a prefix of "tripleo_backup_and_restore" # All variables within this role should have a prefix of "tripleo_backup_and_restore"
tripleo_backup_and_restore_debug: false
# By default this should be the Undercloud node # By default this should be the Undercloud node
tripleo_backup_and_restore_nfs_server: 192.168.24.1 tripleo_backup_and_restore_nfs_server: 192.168.24.1
tripleo_backup_and_restore_nfs_storage_folder: /ctl_plane_backups tripleo_backup_and_restore_nfs_storage_folder: /ctl_plane_backups

View File

@ -20,7 +20,7 @@
hiera -c '{{ tripleo_backup_and_restore_hiera_config_file }}' 'mysql::server::root_password' hiera -c '{{ tripleo_backup_and_restore_hiera_config_file }}' 'mysql::server::root_password'
when: mysql_password is undefined when: mysql_password is undefined
register: mysql_password register: mysql_password
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}"
become: true become: true
tags: tags:
- bar_create_recover_image - bar_create_recover_image
@ -76,7 +76,7 @@
when: mysql_password.stderr is defined when: mysql_password.stderr is defined
tags: tags:
- bar_create_recover_image - bar_create_recover_image
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}"
- name: MySQL BBDDs backup - name: MySQL BBDDs backup
shell: | shell: |
@ -89,7 +89,7 @@
when: mysql_password.stderr is defined when: mysql_password.stderr is defined
tags: tags:
- bar_create_recover_image - bar_create_recover_image
no_log: "{{ not ((ansible_verbosity | int) >= 2) | bool }}" no_log: "{{ tripleo_backup_and_restore_hide_sensitive_logs | bool }}"
- name: Pause mysql. - name: Pause mysql.
command: "{{ tripleo_container_cli }} pause {{ tripleo_backup_and_restore_mysql_container }}" command: "{{ tripleo_container_cli }} pause {{ tripleo_backup_and_restore_mysql_container }}"

View File

@ -14,7 +14,7 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
tripleo_login_defs_debug: false tripleo_login_defs_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
# The maximum number of days a password may be used # The maximum number of days a password may be used
tripleo_login_defs_password_max_days: 60 tripleo_login_defs_password_max_days: 60

View File

@ -17,7 +17,7 @@
# All variables intended for modification should be placed in this file. # All variables intended for modification should be placed in this file.
tripleo_cellv2_debug: false tripleo_cellv2_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_cellv2_cell_name: "" tripleo_cellv2_cell_name: ""
# containercli can be tropped when we fully switched to podman # containercli can be tropped when we fully switched to podman
tripleo_cellv2_containercli: "docker" tripleo_cellv2_containercli: "docker"

View File

@ -0,0 +1,20 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should be placed in this file.
tripleo_ceph_run_ansible_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
tripleo_ceph_run_ansible_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"

View File

@ -119,7 +119,7 @@
shell: "{{ item }}" shell: "{{ item }}"
# We want the output chunked into bits to prevent # We want the output chunked into bits to prevent
# overflowing Zaqar message size # overflowing Zaqar message size
no_log: true no_log: "{{ not (tripleo_ceph_run_ansible_debug | bool) }}"
failed_when: false failed_when: false
register: outputs register: outputs
tags: run_ceph_ansible tags: run_ceph_ansible
@ -129,7 +129,7 @@
- name: search output of ceph-ansible run(s) non-zero return codes - name: search output of ceph-ansible run(s) non-zero return codes
set_fact: set_fact:
ceph_ansible_std_out_err: "{{ item.stdout_lines | default([]) | union(item.stderr_lines | default([])) }}" ceph_ansible_std_out_err: "{{ item.stdout_lines | default([]) | union(item.stderr_lines | default([])) }}"
no_log: true no_log: "{{ tripleo_ceph_run_ansible_hide_sensitive_logs | bool }}"
when: when:
- item.rc is defined - item.rc is defined
- item.rc != 0 - item.rc != 0

View File

@ -18,7 +18,7 @@
# All variables intended for modification should be placed in this file. # All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_container_image_prepare" # All variables within this role should have a prefix of "tripleo_container_image_prepare"
tripleo_container_image_prepare_debug: false tripleo_container_image_prepare_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_container_image_prepare_content: {} tripleo_container_image_prepare_content: {}
tripleo_container_image_prepare_roles: [] tripleo_container_image_prepare_roles: []
tripleo_container_image_prepare_log_file: /var/log/tripleo-container-image-prepare.log tripleo_container_image_prepare_log_file: /var/log/tripleo-container-image-prepare.log

View File

@ -57,7 +57,7 @@
{% if (tripleo_container_image_prepare_debug | bool) %} {% if (tripleo_container_image_prepare_debug | bool) %}
--debug --debug
{% endif %} {% endif %}
no_log: "{{ not (tripleo_container_image_prepare_debug | bool) }}" no_log: "{{ not tripleo_container_image_prepare_debug | bool }}"
when: when:
- (tripleo_container_image_prepare_content | dict2items | length) > 0 - (tripleo_container_image_prepare_content | dict2items | length) > 0
- (tripleo_container_image_prepare_roles | length) > 0 - (tripleo_container_image_prepare_roles | length) > 0

View File

@ -16,6 +16,8 @@
# All variables intended for modification should place placed in this file. # All variables intended for modification should place placed in this file.
tripleo_container_manage_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
tripleo_container_manage_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
# All variables within this role should have a prefix of "tripleo_container_manage" # All variables within this role should have a prefix of "tripleo_container_manage"
tripleo_container_manage_check_puppet_config: false tripleo_container_manage_check_puppet_config: false
@ -25,7 +27,6 @@ tripleo_container_manage_config: "/var/lib/tripleo-config/"
tripleo_container_manage_config_id: tripleo tripleo_container_manage_config_id: tripleo
tripleo_container_manage_config_overrides: {} tripleo_container_manage_config_overrides: {}
tripleo_container_manage_config_patterns: '*.json' tripleo_container_manage_config_patterns: '*.json'
tripleo_container_manage_debug: false
# Some containers where Puppet is run, can take up to 10 minutes to finish # Some containers where Puppet is run, can take up to 10 minutes to finish
# in slow environments. # in slow environments.
tripleo_container_manage_create_retries: 120 tripleo_container_manage_create_retries: 120

View File

@ -17,7 +17,7 @@
- name: Gather podman infos - name: Gather podman infos
podman_container_info: {} podman_container_info: {}
register: podman_containers register: podman_containers
no_log: "{{ not tripleo_container_manage_debug }}" no_log: "{{ not (tripleo_container_manage_debug | bool) }}"
when: when:
- tripleo_container_manage_cli == 'podman' - tripleo_container_manage_cli == 'podman'

View File

@ -27,7 +27,7 @@
config_id=tripleo_container_manage_config_id, clean_orphans=False) }} config_id=tripleo_container_manage_config_id, clean_orphans=False) }}
- name: "Async container create/run" - name: "Async container create/run"
no_log: "{{ not tripleo_container_manage_debug }}" no_log: "{{ tripleo_container_manage_hide_sensitive_logs | bool }}"
async: "{{ (not ansible_check_mode | bool) | ternary('600', omit) }}" async: "{{ (not ansible_check_mode | bool) | ternary('600', omit) }}"
poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}" poll: "{{ (not ansible_check_mode | bool) | ternary('0', omit) }}"
register: create_async_results register: create_async_results
@ -84,7 +84,7 @@
volumes_from: "{{ lookup('dict', container_data).value.volumes_from | default([]) }}" volumes_from: "{{ lookup('dict', container_data).value.volumes_from | default([]) }}"
- name: "Check podman create status" - name: "Check podman create status"
no_log: "{{ not tripleo_container_manage_debug }}" no_log: "{{ not (tripleo_container_manage_debug | bool) }}"
async_status: async_status:
jid: "{{ create_async_result_item.ansible_job_id }}" jid: "{{ create_async_result_item.ansible_job_id }}"
loop: "{{ create_async_results.results }}" loop: "{{ create_async_results.results }}"

View File

@ -22,7 +22,7 @@
when: not ansible_check_mode|bool when: not ansible_check_mode|bool
- name: "Async container exec" - name: "Async container exec"
no_log: "{{ not tripleo_container_manage_debug }}" no_log: "{{ not (tripleo_container_manage_debug | bool) }}"
command: command:
argv: "{{ lookup('dict', container_exec_data).value | container_exec_cmd(cli=tripleo_container_manage_cli) }}" argv: "{{ lookup('dict', container_exec_data).value | container_exec_cmd(cli=tripleo_container_manage_cli) }}"
async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}" async: "{{ (not ansible_check_mode | bool) | ternary('60', omit) }}"
@ -34,7 +34,7 @@
when: not ansible_check_mode|bool when: not ansible_check_mode|bool
- name: "Check podman exec status" - name: "Check podman exec status"
no_log: "{{ not tripleo_container_manage_debug }}" no_log: "{{ not (tripleo_container_manage_debug | bool) }}"
async_status: async_status:
jid: "{{ exec_async_result_item.ansible_job_id }}" jid: "{{ exec_async_result_item.ansible_job_id }}"
loop: "{{ exec_async_results.results }}" loop: "{{ exec_async_results.results }}"

View File

@ -15,7 +15,7 @@
# under the License. # under the License.
- name: "Create a list of podman exec commands that are run" - name: "Create a list of podman exec commands that are run"
no_log: "{{ not tripleo_container_manage_debug }}" no_log: "{{ not (tripleo_container_manage_debug | bool) }}"
set_fact: set_fact:
containers_commands: >- containers_commands: >-
{{ (containers_commands | default([])) + ([lookup('dict', container_exec_data).value | {{ (containers_commands | default([])) + ([lookup('dict', container_exec_data).value |

View File

@ -17,7 +17,7 @@
- name: Gather podman infos - name: Gather podman infos
podman_container_info: {} podman_container_info: {}
register: podman_containers register: podman_containers
no_log: "{{ not tripleo_container_manage_debug }}" no_log: "{{ tripleo_container_manage_hide_sensitive_logs | bool }}"
when: when:
- tripleo_container_manage_cli == 'podman' - tripleo_container_manage_cli == 'podman'

View File

@ -18,7 +18,7 @@
# All variables intended for modification should be placed in this file. # All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_hosts_entries" # All variables within this role should have a prefix of "tripleo_hosts_entries"
tripleo_hosts_entries_debug: false tripleo_hosts_entries_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_hosts_entries_hosts_path: /etc/hosts tripleo_hosts_entries_hosts_path: /etc/hosts
tripleo_hosts_entries_undercloud_hosts_entries: "" tripleo_hosts_entries_undercloud_hosts_entries: ""
tripleo_hosts_entries_extra_hosts_entries: "" tripleo_hosts_entries_extra_hosts_entries: ""

View File

@ -18,7 +18,7 @@
# All variables intended for modification should place placed in this file. # All variables intended for modification should place placed in this file.
# All variables within this role should have a prefix of "tripleo_nova_image_cache" # All variables within this role should have a prefix of "tripleo_nova_image_cache"
tripleo_nova_image_cache_debug: false tripleo_nova_image_cache_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_nova_image_cache_images: [] tripleo_nova_image_cache_images: []
tripleo_nova_image_cache_use_proxy: false tripleo_nova_image_cache_use_proxy: false
tripleo_nova_image_cache_proxy_hostname: "{{ ansible_play_batch[0] }}" tripleo_nova_image_cache_proxy_hostname: "{{ ansible_play_batch[0] }}"

View File

@ -18,4 +18,4 @@
# All variables intended for modification should be placed in this file. # All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_tripleo_nvdimm" # All variables within this role should have a prefix of "tripleo_tripleo_nvdimm"
tripleo_tripleo_nvdimm_debug: false tripleo_tripleo_nvdimm_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"

View File

@ -18,7 +18,7 @@
# All variables intended for modification should place placed in this file. # All variables intended for modification should place placed in this file.
# All variables within this role should have a prefix of "tripleo_ovs_dpdk" # All variables within this role should have a prefix of "tripleo_ovs_dpdk"
tripleo_ovs_dpdk_debug: false tripleo_ovs_dpdk_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_ovs_dpdk_pmd_core_list: "" tripleo_ovs_dpdk_pmd_core_list: ""
tripleo_ovs_dpdk_lcore_list: "" tripleo_ovs_dpdk_lcore_list: ""
tripleo_ovs_dpdk_memory_channels: 4 tripleo_ovs_dpdk_memory_channels: 4

View File

@ -60,7 +60,7 @@ tripleo_packages_fast_forward_custom_repo_script_content: |
tripleo_packages_upgrade_leapp_enabled: true tripleo_packages_upgrade_leapp_enabled: true
# Print debugging output when running Leapp # Print debugging output when running Leapp
tripleo_packages_upgrade_leapp_debug: true tripleo_packages_upgrade_leapp_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
# Skip RHSM when running Leapp in development/testing. # Skip RHSM when running Leapp in development/testing.
tripleo_packages_upgrade_leapp_devel_skip_rhsm: false tripleo_packages_upgrade_leapp_devel_skip_rhsm: false

View File

@ -16,6 +16,8 @@
# All variables intended for modification should be placed in this file. # All variables intended for modification should be placed in this file.
tripleo_podman_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
tripleo_podman_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
tripleo_container_registry_insecure_registries: [] tripleo_container_registry_insecure_registries: []
tripleo_container_registry_login: false tripleo_container_registry_login: false
@ -23,7 +25,6 @@ tripleo_container_registry_logins: {}
tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}" tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}"
tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}" tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}"
tripleo_podman_tls_verify: true tripleo_podman_tls_verify: true
tripleo_podman_debug: false
tripleo_podman_unqualified_search_registries: tripleo_podman_unqualified_search_registries:
- registry.redhat.io - registry.redhat.io
- registry.access.redhat.com - registry.access.redhat.com

View File

@ -26,6 +26,6 @@
REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}" REGISTRY_USERNAME: "{{ lookup('dict', item.value).key }}"
REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}" REGISTRY_PASSWORD: "{{ lookup('dict', item.value).value }}"
REGISTRY: "{{ item.key }}" REGISTRY: "{{ item.key }}"
no_log: "{{ not tripleo_podman_debug|bool }}" no_log: "{{ tripleo_podman_hide_sensitive_logs | bool }}"
loop: "{{ query('dict', tripleo_container_registry_logins) }}" loop: "{{ query('dict', tripleo_container_registry_logins) }}"
register: registry_login_podman register: registry_login_podman

View File

@ -16,8 +16,11 @@
# All variables intended for modification should be placed in this file. # All variables intended for modification should be placed in this file.
tripleo_puppet_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
tripleo_puppet_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
# All variables within this role should have a prefix of "tripleo_puppet_cache" # All variables within this role should have a prefix of "tripleo_puppet_cache"
tripleo_puppet_cache_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
tripleo_puppet_cache_base_dir: /var/lib/container-puppet/puppetlabs tripleo_puppet_cache_base_dir: /var/lib/container-puppet/puppetlabs
tripleo_puppet_cache_config: | tripleo_puppet_cache_config: |
facts : { facts : {

View File

@ -82,7 +82,7 @@
shell: facter --config "{{ tripleo_puppet_cache_base_dir }}/facter.conf" shell: facter --config "{{ tripleo_puppet_cache_base_dir }}/facter.conf"
retries: 5 retries: 5
delay: 5 delay: 5
no_log: true no_log: "{{ tripleo_puppet_hide_sensitive_logs | bool }}"
failed_when: false failed_when: false
register: _facter_cache_run register: _facter_cache_run

View File

@ -18,7 +18,7 @@
# All variables intended for modification should be placed in this file. # All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_redhat_enforce" # All variables within this role should have a prefix of "tripleo_redhat_enforce"
tripleo_redhat_enforce_debug: false tripleo_redhat_enforce_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_redhat_enforce: false tripleo_redhat_enforce: false
tripleo_redhat_enforce_osp: '' tripleo_redhat_enforce_osp: ''
tripleo_redhat_enforce_os: '' tripleo_redhat_enforce_os: ''

View File

@ -18,5 +18,5 @@
# All variables intended for modification should be placed in this file. # All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_systemd_wrapper" # All variables within this role should have a prefix of "tripleo_systemd_wrapper"
tripleo_systemd_wrapper_debug: false tripleo_systemd_wrapper_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_systemd_wrapper_container_cli: podman tripleo_systemd_wrapper_container_cli: podman

View File

@ -23,7 +23,7 @@
# * `tripleo_transfer_src_dir` -- directory on the source host to transfer from # * `tripleo_transfer_src_dir` -- directory on the source host to transfer from
# * `tripleo_transfer_dest_host` -- the inventory name of the destination host # * `tripleo_transfer_dest_host` -- the inventory name of the destination host
# * `tripleo_transfer_dest_dir` -- directory on the destination host to transfer to # * `tripleo_transfer_dest_dir` -- directory on the destination host to transfer to
tripleo_transfer_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
tripleo_transfer_storage_root_dir: /var/lib/mistral/tripleo-transfer tripleo_transfer_storage_root_dir: /var/lib/mistral/tripleo-transfer
tripleo_transfer_storage_root_become: false tripleo_transfer_storage_root_become: false
tripleo_transfer_src_become: true tripleo_transfer_src_become: true

View File

@ -44,7 +44,7 @@
# Using the "archive" module lists lists all tarred files in module # Using the "archive" module lists lists all tarred files in module
# output, if there's too many files, it can crash ansible even with # output, if there's too many files, it can crash ansible even with
# "no_log: true". # "no_log: "{{ not tripleo_transfer_debug | bool }}"".
- name: create the archive - name: create the archive
shell: |- shell: |-
set -euo pipefail set -euo pipefail