openstack/tripleo-ansible
Code Issues Proposed changes
b9694f360e
tripleo-ansible/tripleo_ansible/playbooks/rotate-passwords.yaml
ramishra 6b19ea5e3e Write passwords to env file when rotating 
Now that we've removed the plan, we should generate
an environmnent file with rotated passwords which
should be used in the next overcloud deploy.

When we move to ephemeral heat stack this would
update wherever initial passwords are stored.

Change-Id: I02541adfec2fa604e728aece343e7f0722b84ec6
2021-02-09 08:01:04 +05:30

56 lines
2.0 KiB
YAML
Raw Blame History

---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Rotate passwords
connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}"
hosts: "{{ tripleo_target_host | default('undercloud') }}"
remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}"
gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}"
any_errors_fatal: true
vars:
stack: overcloud
password_list: []
hide_sensitive_logs: true
tasks:
- name: Set passwords_environment_path
set_fact:
passwords_environment_path: "{{ lookup('env', 'HOME')~'/rotated_passwords.yaml'}}"
when: passwords_environment_path is not defined
- name: Rotate passwords
tripleo_passwords_rotate:
container: "{{ container }}"
password_list: "{{ password_list }}"
no_log: "{{ hide_sensitive_logs | bool }}"
register: rotated_passwords_result
- name: Write password file
no_log: "{{ hide_sensitive_logs | bool }}"
block:
- name: Create password parameter fact
set_fact:
passwords_params_env: "{{ {'parameter_defaults': (rotated_passwords_result['passwords'] | default({}))} }}"
- name: Write password environment file
copy:
dest: "{{ passwords_environment_path }}"
content: "{{ passwords_params_env | to_nice_yaml(indent=2) }}"
when:
- passwords_environment_path is defined
- rotated_passwords_result is defined
tags:
- rotate-passwords
View Git Blame Copy Permalink