Merge "Extract cephx keys from vault encrypted files"

2019-10-23 10:04:01 +00:00 · 2019-10-23 10:04:01 +00:00 · 6cba845846
commit 6cba845846
parent a2c7be1dc9 44709f4132
1 changed files with 5 additions and 5 deletions
--- a/ansible/roles/nova-cell/tasks/external_ceph.yml
+++ b/ansible/roles/nova-cell/tasks/external_ceph.yml
@ -79,26 +79,26 @@
    - Restart nova-libvirt container

 - name: Extract nova key from file
-  local_action: shell cat "{{ nova_cephx_keyring_file.stat.path }}" | grep -E 'key\s*=' | awk '{ print $3 }'
+  set_fact:
+    nova_cephx_raw_key: "{{ lookup('file', nova_cephx_keyring_file.stat.path) | regex_search('key\\s*=.*$', multiline=True) | regex_replace('key\\s*=\\s*(.*)\\s*', '\\1') }}"
  changed_when: false
  run_once: True
-  register: nova_cephx_raw_key
  when:
    - nova_backend == "rbd"
    - external_ceph_cephx_enabled | bool

 - name: Extract cinder key from file
-  local_action: shell cat "{{ cinder_cephx_keyring_file.stat.path }}" | grep -E 'key\s*=' | awk '{ print $3 }'
+  set_fact:
+    cinder_cephx_raw_key: "{{ lookup('file', cinder_cephx_keyring_file.stat.path) | regex_search('key\\s*=.*$', multiline=True) | regex_replace('key\\s*=\\s*(.*)\\s*', '\\1') }}"
  changed_when: false
  run_once: True
-  register: cinder_cephx_raw_key
  when:
    - cinder_backend_ceph | bool
    - external_ceph_cephx_enabled | bool

 - name: Pushing secrets key for libvirt
  copy:
-    content: "{{ item.result.stdout }}"
+    content: "{{ item.result }}"
    dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64"
    mode: "0600"
  become: true