mirror-update: update keytab testing

Keytabs are slightly longer than what is being tested; upto 100 bytes
or so.  This means the encoded data breaks over lines, which means you
need to be more careful about quoting.

Update the testing to a longer keytab (100 bytes of random data) and
fix up the quoting.  Also enable no_logging to avoid putting key
material into the logs.

Change-Id: I73c391a2ebd2c962dc9a422f9d44265160210852

playbooks/roles/mirror-update/tasks/main.yaml

@@ -9,10 +9,10 @@
 # "real" binary data like a keytab.  See issues like:
 #  https://github.com/ansible/ansible/issues/20150
 - name: Install afsadmin keytab
-  shell: 'echo {{ mirror_update_keytab_afsadmin }} | base64 -d > /etc/afsadmin.keytab'
+  shell: 'echo "{{ mirror_update_keytab_afsadmin }}" | base64 -d > /etc/afsadmin.keytab'
   args:
     creates: /etc/afsadmin.keytab
-#no_log: True
+  no_log: True
 
 - name: Ensure permissions on afsadmin keytab
   file:

playbooks/roles/mirror-update/tasks/rsync.yaml

@@ -18,11 +18,11 @@
       - yum-puppetlabs
 
 - name: Copy keytab files in place
-  shell: 'echo {{ lookup("vars", "mirror_update_keytab_" + item) }} | base64 -d > /etc/{{ item }}.keytab'
+  shell: 'echo "{{ lookup("vars", "mirror_update_keytab_" + item) }}" | base64 -d > /etc/{{ item }}.keytab'
   args:
     creates: '/etc/{{ item }}.keytab'
   loop: '{{ rsync_update_scripts }}'
-#  no_log: True
+  no_log: True
 
 - name: Ensure keytab permissions
   file:

playbooks/zuul/templates/host_vars/mirror-update01.opendev.org.yaml.j2

@@ -1,12 +1,18 @@
 mirror_update_keytab_afsadmin: |-
-  AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
+  aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
+  blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
 mirror_update_keytab_centos: |-
-  AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
+  aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
+  blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
 mirror_update_keytab_epel: |-
-  AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
+  aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
+  blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
 mirror_update_keytab_fedora: |-
-  AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
+  aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
+  blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
 mirror_update_keytab_opensuse: |-
-  AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
+  aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
+  blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==
 mirror_update_keytab_yum-puppetlabs: |-
-  AQIDBAUGBwgJEBESExQVFm9wZW5kZXYub3JnIHNhbXBsZSBrZXl0YWIWFRQTEhEQCQgHBgUEAwIB
+  aEkRPhZllm2F2y71Zgf3X9NjyHT7/sS8bd/vXt9oG1PKkUmpeBXprFnrxzMuKiupHwwTa09w5LuB
+  blLvBOC8W5Miz1u6TkRe+/jLQurLpzYHwk3bJCJ6s3WwPKDej54TDVgrVQ==

testinfra/test_mirror-update.py

@@ -16,7 +16,7 @@
 testinfra_hosts = ['mirror-update01.opendev.org']
 
 # Manually calculated from the "secret" value in the test host vars
-KEYTAB_SHA256 = '8f4e9384338ffa41b927ed3c15463512384cb7268693a7c60c1e1254f690b7d0'
+KEYTAB_SHA256 = '88d4ac38ad3da024913843d8917d5be89ceac4abef7b977718f2c3f1db3ccde4'
 
 def test_tools(host):
     f = host.file('/usr/bin/k5start')