Christian Berendt 03788e17d4 Set "no_log" for "databases user and setting permissions" tasks
At the moment the "databases user and setting permissions" task for
designate and nova leaks the database_password because of the use
of with_items:

---snip---
TASK [nova : Creating Nova databases user and setting permissions] *********************************************************
ok: [x -> y] => (item={u'database_password': u'password', u'database_name': u'nova', u'database_username': u'nova'})
ok: [x -> y] => (item={u'database_password': u'password', u'database_name': u'nova_cell0', u'database_username': u'nova'})
ok: [x -> y] => (item={u'database_password': u'password', u'database_name': u'nova_api', u'database_username': u'nova_api'})
---snap---

Change-Id: I141e4153223c8772c82a31d81e58057ce266c0b9
Co-authored-by: Bernd Müller <mueller@b1-systems.de>
2018-11-19 11:10:41 +00:00

53 lines
1.7 KiB
YAML

---
- name: Creating Nova databases
kolla_toolbox:
module_name: mysql_db
module_args:
login_host: "{{ database_address }}"
login_port: "{{ database_port }}"
login_user: "{{ database_user }}"
login_password: "{{ database_password }}"
name: "{{ item }}"
register: database
run_once: True
delegate_to: "{{ groups['nova-api'][0] }}"
with_items:
- "{{ nova_database_name }}"
- "{{ nova_database_name }}_cell0"
- "{{ nova_api_database_name }}"
when:
- not use_preconfigured_databases | bool
- name: Creating Nova databases user and setting permissions
kolla_toolbox:
module_name: mysql_user
module_args:
login_host: "{{ database_address }}"
login_port: "{{ database_port }}"
login_user: "{{ database_user }}"
login_password: "{{ database_password }}"
name: "{{ item.database_username }}"
password: "{{ item.database_password }}"
host: "%"
priv: "{{ item.database_name }}.*:ALL"
append_privs: "yes"
with_items:
- database_name: "{{ nova_database_name }}"
database_username: "{{ nova_database_user }}"
database_password: "{{ nova_database_password }}"
- database_name: "{{ nova_database_name }}_cell0"
database_username: "{{ nova_database_user }}"
database_password: "{{ nova_database_password }}"
- database_name: "{{ nova_api_database_name }}"
database_username: "{{ nova_api_database_user }}"
database_password: "{{ nova_api_database_password }}"
run_once: True
delegate_to: "{{ groups['nova-api'][0] }}"
when:
- database.changed
- not use_preconfigured_databases | bool
no_log: true
- include_tasks: bootstrap_service.yml
when: database.changed or use_preconfigured_databases | bool