b123bf6621
Many tasks that use Docker have become specified already, but not all. This change ensures all tasks that use the following modules have become: * kolla_docker * kolla_ceph_keyring * kolla_toolbox * kolla_container_facts It also adds become for 'command' tasks that use docker CLI. Change-Id: I4a5ebcedaccb9261dbc958ec67e8077d7980e496
40 lines
1.4 KiB
YAML
40 lines
1.4 KiB
YAML
---
|
|
- name: Barbican sanity - storing a secret
|
|
become: true
|
|
shell: >
|
|
docker exec -t barbican_api openstack \
|
|
--os-auth-url={{ openstack_auth.auth_url }} \
|
|
--os-password={{ openstack_auth.password }} \
|
|
--os-username={{ openstack_auth.username }} \
|
|
--os-project-name={{ openstack_auth.project_name }} \
|
|
secret store -f value -p kolla | head -1
|
|
register: barbican_store_secret
|
|
run_once: True
|
|
when: kolla_enable_sanity_barbican | bool
|
|
|
|
- name: Barbican sanity - fetch secret
|
|
become: true
|
|
command: >
|
|
docker exec -t barbican_api openstack
|
|
--os-auth-url={{ openstack_auth.auth_url }}
|
|
--os-password={{ openstack_auth.password }}
|
|
--os-username={{ openstack_auth.username }}
|
|
--os-project-name={{ openstack_auth.project_name }}
|
|
secret get -f value -p {{ barbican_store_secret.stdout }}
|
|
register: barbican_get_secret
|
|
failed_when: barbican_get_secret.stdout != 'kolla'
|
|
run_once: True
|
|
when: kolla_enable_sanity_barbican | bool
|
|
|
|
- name: Barbican sanity - cleaning up
|
|
become: true
|
|
command: >
|
|
docker exec -t barbican_api openstack
|
|
--os-auth-url={{ openstack_auth.auth_url }}
|
|
--os-password={{ openstack_auth.password }}
|
|
--os-username={{ openstack_auth.username }}
|
|
--os-project-name={{ openstack_auth.project_name }}
|
|
secret delete {{ barbican_store_secret.stdout }}
|
|
run_once: True
|
|
when: kolla_enable_sanity_barbican | bool
|