Restore admin password during bootstrap manifest

For restore operations (including SX upgrades) we need to use the updated admin password. The admin password can be changed after the system is bootstrapped. In which case the password is stored in secure_system instead of secure_static hieradata. When we use the old admin password the bootstrap playbook will fail as the keyring password does not match what is in the keystone database. To correct this, we copy the password to the runtime hieradata used to run the bootstrap manifest. Tests run: AIO-SX Bootstrap + Deploy AIO-SX Backup and Restore AIO-SX Upgrade Closes-Bug: 1942907 Change-Id: I7549b846a470dff272ab17fc610ebe06260f439b Signed-off-by: David Sullivan <david.sullivan@windriver.com>
2021-09-07 10:11:25 -05:00 · 2021-09-07 10:11:25 -05:00 · a3c5d7348c
commit a3c5d7348c
parent 66ee6ff7b6
1 changed files with 12 additions and 4 deletions
--- a/playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/tasks/apply_bootstrap_manifest.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/tasks/apply_bootstrap_manifest.yml
@ -54,7 +54,7 @@
    command: >-
      tar -C {{ hieradata_workdir }} -xpf {{ restore_data_file }} --transform='s,.*/,,'
      '{{ archive_puppet_permdir }}/*static.yaml'
-      '{{ archive_puppet_permdir }}/system.yaml'
+      '{{ archive_puppet_permdir }}/*system.yaml'
    args:
      warn: false

@ -198,16 +198,24 @@
    command: "grep 'platform::drbd::.*::params::lv_size.*' {{ hieradata_workdir }}/system.yaml"
    register: system_file

-  - name: Write filesystem settings to runtime hieradata
+  - name: Read admin_password from system hieradata
+    command: "egrep '::keystone_admin_password|::admin_password|admin::password' {{ hieradata_workdir }}/secure_system.yaml"
+    register: secure_system_file
+
+  - name: Write system settings to runtime hieradata
    lineinfile:
      path: "{{ hieradata_workdir }}/runtime.yaml"
      line: "{{ item }}"
-    with_items: "{{system_file.stdout_lines}}"
+    no_log: True
+    with_items: "{{ system_file.stdout_lines + secure_system_file.stdout_lines }}"

  - name: Remove system hieradata
    file:
-      path: "{{ hieradata_workdir }}/system.yaml"
+      path: "{{ item }}"
      state: absent
+    with_items:
+      - "{{ hieradata_workdir }}/system.yaml"
+      - "{{ hieradata_workdir }}/secure_system.yaml"

  when: mode == 'restore'