Write passwords to env file when rotating

Now that we've removed the plan, we should generate
an environmnent file with rotated passwords which
should be used in the next overcloud deploy.

When we move to ephemeral heat stack this would
update wherever initial passwords are stored.

Change-Id: I02541adfec2fa604e728aece343e7f0722b84ec6
changes/87/774187/3
ramishra 2 years ago
parent abda8556f9
commit 6b19ea5e3e
  1. 24
      tripleo_ansible/playbooks/rotate-passwords.yaml

@ -21,15 +21,35 @@
gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
any_errors_fatal: true
vars:
container: overcloud
stack: overcloud
password_list: []
hide_sensitive_logs: true
tasks:
- name: Rotate passwords in plan
- name: Set passwords_environment_path
set_fact:
passwords_environment_path: "{{ lookup('env', 'HOME')~'/rotated_passwords.yaml'}}"
when: passwords_environment_path is not defined
- name: Rotate passwords
tripleo_passwords_rotate:
container: "{{ container }}"
password_list: "{{ password_list }}"
no_log: "{{ hide_sensitive_logs | bool }}"
register: rotated_passwords_result
- name: Write password file
no_log: "{{ hide_sensitive_logs | bool }}"
block:
- name: Create password parameter fact
set_fact:
passwords_params_env: "{{ {'parameter_defaults': (rotated_passwords_result['passwords'] | default({}))} }}"
- name: Write password environment file
copy:
dest: "{{ passwords_environment_path }}"
content: "{{ passwords_params_env | to_nice_yaml(indent=2) }}"
when:
- passwords_environment_path is defined
- rotated_passwords_result is defined
tags:
- rotate-passwords

Loading…
Cancel
Save