diff --git a/releasenotes/notes/ansible-vault-ac969b70f840d465.yaml b/releasenotes/notes/ansible-vault-ac969b70f840d465.yaml new file mode 100644 index 0000000000..ff8f7676ad --- /dev/null +++ b/releasenotes/notes/ansible-vault-ac969b70f840d465.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Implemented support for using ansible-vault passwords + in kolla-ansible command to decrypt ``/etc/kolla/passwords.yml``. diff --git a/tools/kolla-ansible b/tools/kolla-ansible index 63692267a5..8c2bd3cd70 100755 --- a/tools/kolla-ansible +++ b/tools/kolla-ansible @@ -43,6 +43,9 @@ Options: --extra, -e Set additional variables as key=value or YAML/JSON passed to ansible-playbook --passwords Specify path to the passwords file --limit Specify host to run plays + --vault-id <@prompt or path> Specify @prompt or password file (Ansible >= 2.4) + --ask-vault-pass Ask for vault password + --vault-password-file Specify password file for vault decrypt --verbose, -v Increase verbosity of ansible-playbook Commands: @@ -77,6 +80,9 @@ cat <&2; exit 2; } eval set -- "$ARGS" @@ -170,15 +176,32 @@ while [ "$#" -gt 0 ]; do EXTRA_OPTS="$EXTRA_OPTS -e $2" shift 2 ;; + (--passwords) PASSWORDS_FILE="$2" shift 2 ;; + (--limit) EXTRA_OPTS="$EXTRA_OPTS --limit $2" shift 2 ;; + (--vault-id) + EXTRA_OPTS="$EXTRA_OPTS --vault-id $2" + shift 2 + ;; + + (--ask-vault-pass) + VERBOSITY="$EXTRA_OPTS --ask-vault-pass" + shift 1 + ;; + + (--vault-password-file) + EXTRA_OPTS="$EXTRA_OPTS --vault-password-file $2" + shift 2 + ;; + (--help|-h) usage shift