--- # Copyright 2019 Red Hat, Inc. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - name: Rotate fernet keys connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" hosts: "{{ tripleo_target_host | default('undercloud') }}" remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" any_errors_fatal: true vars: container: overcloud hide_sensitive_logs: true tasks: - name: Set fernet_keys_environment_path set_fact: fernet_keys_environment_path: "{{ lookup('env', 'HOME')~'/rotated_fernet_keys.yaml'}}" when: fernet_keys_environment_path is not defined - name: Rotate keys tripleo_fernet_keys_rotate: container: "{{ container }}" register: fernet_keys no_log: "{{ hide_sensitive_logs | bool }}" - name: Write fernet_keys file no_log: "{{ hide_sensitive_logs | bool }}" block: - name: Create fernet_keys parameter fact set_fact: fernet_params_env: "{{ {'parameter_defaults': (fernet_keys['fernet_keys'] | default({}))} }}" - name: Write fernet_keys environment file copy: dest: "{{ fernet_keys_environment_path }}" content: "{{ fernet_params_env | to_nice_yaml(indent=2) }}" when: - fernet_keys_environment_path is defined - fernet_keys is defined - name: Rotate fernet keys on controller nodes import_playbook: rotate-keys.yaml fernet_keys="{{ hostvars['undercloud']['fernet_keys']['fernet_keys'] }}" tags: - rotate-fernet-keys