--- version: '2.0' name: tripleo.fernet_keys.v1 description: TripleO fernet key rotation workflows workflows: rotate_fernet_keys: input: - container - work_dir: /var/lib/mistral - queue_name: tripleo - ansible_extra_env_variables: ANSIBLE_HOST_KEY_CHECKING: 'False' tags: - tripleo-common-managed tasks: rotate_keys: action: tripleo.parameters.rotate_fernet_keys container=<% $.container %> on-success: get_privkey on-error: send_message publish-on-error: status: FAILED message: <% task().result %> get_privkey: action: tripleo.validations.get_privkey on-success: deploy_keys on-error: send_message publish-on-error: status: FAILED message: <% task().result %> deploy_keys: action: tripleo.ansible-playbook input: hosts: keystone inventory: <% $.get('work_dir') %>/<% $.get('container') %>/tripleo-ansible-inventory.yaml ssh_private_key: <% task(get_privkey).result %> extra_env_variables: <% $.ansible_extra_env_variables + dict(TRIPLEO_PLAN_NAME=>$.container) %> verbosity: 0 remote_user: tripleo-admin become: true extra_vars: fernet_keys: <% task(rotate_keys).result %> use_openstack_credentials: true playbook: /usr/share/ansible/tripleo-playbooks/rotate-keys.yaml execution_id: <% execution().id %> on-success: send_message publish: status: SUCCESS message: <% task().result %> on-error: send_message publish-on-error: status: FAILED message: <% task().result %> send_message: workflow: tripleo.messaging.v1.send input: queue_name: <% $.queue_name %> type: <% execution().name %> status: <% $.status %> message: <% $.get('message', '') %> execution: <% execution() %> plan_name: <% $.container %>