tripleo-common/workbooks/fernet-key-rotate.yaml

---
version: '2.0'
name: tripleo.fernet_keys.v1
description: TripleO fernet key rotation workflows

workflows:

  rotate_fernet_keys:

    input:
      - container
      - queue_name: tripleo
      - ansible_extra_env_variables:
            ANSIBLE_HOST_KEY_CHECKING: 'False'

    tags:
      - tripleo-common-managed

    tasks:

      rotate_keys:
        action: tripleo.parameters.rotate_fernet_keys container=<% $.container %>
        on-success: deploy_ssh_key
        on-error: send_message
        publish-on-error:
          status: FAILED
          message: <% task().result %>

      deploy_ssh_key:
        workflow: tripleo.validations.v1.copy_ssh_key
        on-success: get_privkey
        on-error: send_message
        publish-on-error:
          status: FAILED
          message: <% task().result %>

      get_privkey:
        action: tripleo.validations.get_privkey
        on-success: deploy_keys
        on-error: send_message
        publish-on-error:
          status: FAILED
          message: <% task().result %>

      deploy_keys:
        action: tripleo.ansible-playbook
        input:
          hosts: keystone
          inventory: /usr/bin/tripleo-ansible-inventory
          ssh_private_key: <% task(get_privkey).result %>
          extra_env_variables: <% $.ansible_extra_env_variables + dict(TRIPLEO_PLAN_NAME=>$.container) %>
          verbosity: 0
          remote_user: heat-admin
          become: true
          extra_vars:
            fernet_keys: <% task(rotate_keys).result %>
          use_openstack_credentials: true
          playbook: /usr/share/tripleo-common/playbooks/rotate-keys.yaml
        on-success: send_message
        publish:
          status: SUCCESS
          message: <% task().result %>
        on-error: send_message
        publish-on-error:
          status: FAILED
          message: <% task().result %>

      send_message:
        workflow: tripleo.messaging.v1.send
        input:
          queue_name: <% $.queue_name %>
          type: <% execution().name %>
          status: <% $.status %>
          message: <% $.get('message', '') %>
          execution: <% execution() %>
          plan_name: <% $.container %>