6b19ea5e3e
Now that we've removed the plan, we should generate an environmnent file with rotated passwords which should be used in the next overcloud deploy. When we move to ephemeral heat stack this would update wherever initial passwords are stored. Change-Id: I02541adfec2fa604e728aece343e7f0722b84ec6
56 lines
2.0 KiB
YAML
56 lines
2.0 KiB
YAML
---
|
|
# Copyright 2019 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
- name: Rotate passwords
|
|
connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}"
|
|
hosts: "{{ tripleo_target_host | default('undercloud') }}"
|
|
remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}"
|
|
gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
|
|
any_errors_fatal: true
|
|
vars:
|
|
stack: overcloud
|
|
password_list: []
|
|
hide_sensitive_logs: true
|
|
tasks:
|
|
- name: Set passwords_environment_path
|
|
set_fact:
|
|
passwords_environment_path: "{{ lookup('env', 'HOME')~'/rotated_passwords.yaml'}}"
|
|
when: passwords_environment_path is not defined
|
|
|
|
- name: Rotate passwords
|
|
tripleo_passwords_rotate:
|
|
container: "{{ container }}"
|
|
password_list: "{{ password_list }}"
|
|
no_log: "{{ hide_sensitive_logs | bool }}"
|
|
register: rotated_passwords_result
|
|
|
|
- name: Write password file
|
|
no_log: "{{ hide_sensitive_logs | bool }}"
|
|
block:
|
|
- name: Create password parameter fact
|
|
set_fact:
|
|
passwords_params_env: "{{ {'parameter_defaults': (rotated_passwords_result['passwords'] | default({}))} }}"
|
|
|
|
- name: Write password environment file
|
|
copy:
|
|
dest: "{{ passwords_environment_path }}"
|
|
content: "{{ passwords_params_env | to_nice_yaml(indent=2) }}"
|
|
when:
|
|
- passwords_environment_path is defined
|
|
- rotated_passwords_result is defined
|
|
tags:
|
|
- rotate-passwords
|