Add validate_passwords_file preflight checks validation

Change-Id: If5dd1b46095636867647c708a79f423c7e952dfc
2022-10-13 22:50:05 +02:00 · 2022-10-13 22:50:05 +02:00 · da989b5d57
commit da989b5d57
parent d0bbe840a8
4 changed files with 60 additions and 0 deletions
--- a/doc/source/roles/role-validate_passwords_file.rst
+++ b/doc/source/roles/role-validate_passwords_file.rst
@ -0,0 +1,6 @@
+=======================
+validate_passwords_file
+=======================
+
+.. ansibleautoplugin::
+   :role: roles/validate_passwords_file
--- a/playbooks/validate-passwords-file.yaml
+++ b/playbooks/validate-passwords-file.yaml
@ -0,0 +1,23 @@
+---
+- hosts: undercloud
+  vars:
+    metadata:
+      name: Check Undercloud passwords file
+      description: |
+        Disallow updates if the passwords file is missing.
+        If the undercloud was already deployed, the passwords file needs to be
+        present so passwords that can't be changed are persisted.  If the file
+        is missing it will break the undercloud, so we should fail-fast and let
+        the user know about the problem.  Both the old and new path to the file
+        is checked.  If either is found, the validation will pass as the old
+        path will be migrated to the new during and update/upgrade.
+      groups:
+        - prep
+        - pre-upgrade
+        - pre-update
+      categories:
+        - os
+      products:
+        - tripleo
+  roles:
+    - validate_passwords_file
--- a/roles/validate_passwords_file/defaults/main.yaml
+++ b/roles/validate_passwords_file/defaults/main.yaml
@ -0,0 +1,3 @@
+---
+validate_passwords_file_name: 'tripleo-undercloud-passwords.yaml'
+validate_passwords_file_output_dir: '/home/stack/tripleo-deploy/undercloud'
--- a/roles/validate_passwords_file/tasks/main.yaml
+++ b/roles/validate_passwords_file/tasks/main.yaml
@ -0,0 +1,28 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Check if passwords file exists
+  register: stat_result
+  stat:
+    path: "{{ validate_passwords_file_output_dir + '/' + validate_passwords_file_name }}"
+
+- name: Fail when the passwords file is missing
+  fail:
+    msg: |
+      The {{ validate_passwords_file_name }} file is missing.
+      This will cause all service passwords to change and break the existing
+      undercloud.
+  when: not stat_result.stat.exists