Write passwords to env file when rotating
Now that we've removed the plan, we should generate an environmnent file with rotated passwords which should be used in the next overcloud deploy. When we move to ephemeral heat stack this would update wherever initial passwords are stored. Change-Id: I02541adfec2fa604e728aece343e7f0722b84ec6
This commit is contained in:
parent
abda8556f9
commit
6b19ea5e3e
|
@ -21,15 +21,35 @@
|
||||||
gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
|
gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
|
||||||
any_errors_fatal: true
|
any_errors_fatal: true
|
||||||
vars:
|
vars:
|
||||||
container: overcloud
|
stack: overcloud
|
||||||
password_list: []
|
password_list: []
|
||||||
hide_sensitive_logs: true
|
hide_sensitive_logs: true
|
||||||
tasks:
|
tasks:
|
||||||
- name: Rotate passwords in plan
|
- name: Set passwords_environment_path
|
||||||
|
set_fact:
|
||||||
|
passwords_environment_path: "{{ lookup('env', 'HOME')~'/rotated_passwords.yaml'}}"
|
||||||
|
when: passwords_environment_path is not defined
|
||||||
|
|
||||||
|
- name: Rotate passwords
|
||||||
tripleo_passwords_rotate:
|
tripleo_passwords_rotate:
|
||||||
container: "{{ container }}"
|
container: "{{ container }}"
|
||||||
password_list: "{{ password_list }}"
|
password_list: "{{ password_list }}"
|
||||||
no_log: "{{ hide_sensitive_logs | bool }}"
|
no_log: "{{ hide_sensitive_logs | bool }}"
|
||||||
|
register: rotated_passwords_result
|
||||||
|
|
||||||
|
- name: Write password file
|
||||||
|
no_log: "{{ hide_sensitive_logs | bool }}"
|
||||||
|
block:
|
||||||
|
- name: Create password parameter fact
|
||||||
|
set_fact:
|
||||||
|
passwords_params_env: "{{ {'parameter_defaults': (rotated_passwords_result['passwords'] | default({}))} }}"
|
||||||
|
|
||||||
|
- name: Write password environment file
|
||||||
|
copy:
|
||||||
|
dest: "{{ passwords_environment_path }}"
|
||||||
|
content: "{{ passwords_params_env | to_nice_yaml(indent=2) }}"
|
||||||
|
when:
|
||||||
|
- passwords_environment_path is defined
|
||||||
|
- rotated_passwords_result is defined
|
||||||
tags:
|
tags:
|
||||||
- rotate-passwords
|
- rotate-passwords
|
||||||
|
|
Loading…
Reference in New Issue