50f3fd6df7
We shouldn't allow any arbitrary secret file to be updated in the leap process, but instead ensuring the file present in J/K/L will be properly updated to the end of the process. If you had set the variable in those playbooks, you would naturally CREATE a new file, alongside the existing user_secrets, with the risks of: - Having different values - Having precedence issues depending on the file name Change-Id: I2873318e2f1fd34673e95f8eb77a0001d649df1e
33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
---
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: User secrets adjustments
|
|
hosts: localhost
|
|
connection: local
|
|
gather_facts: false
|
|
user: root
|
|
tasks:
|
|
- name: Read example user secrets file
|
|
shell: "grep '^[a-zA-Z]' {{ osa_playbook_dir }}/etc/openstack_deploy/user_secrets.yml"
|
|
register: secrets
|
|
- name: Add missing secret
|
|
shell: |
|
|
if ! grep '^{{ item }}' /etc/openstack_deploy/user_secrets.yml; then
|
|
echo {{ item }} | tee -a /etc/openstack_deploy/user_secrets.yml
|
|
fi
|
|
with_items: secrets.stdout_lines
|
|
- name: Generate new secrets
|
|
shell: "{{ osa_playbook_dir }}/scripts/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml"
|