From a3c5d7348c4a58ff69267a232ef3e841062794c5 Mon Sep 17 00:00:00 2001 From: David Sullivan Date: Tue, 7 Sep 2021 10:11:25 -0500 Subject: [PATCH] Restore admin password during bootstrap manifest For restore operations (including SX upgrades) we need to use the updated admin password. The admin password can be changed after the system is bootstrapped. In which case the password is stored in secure_system instead of secure_static hieradata. When we use the old admin password the bootstrap playbook will fail as the keyring password does not match what is in the keystone database. To correct this, we copy the password to the runtime hieradata used to run the bootstrap manifest. Tests run: AIO-SX Bootstrap + Deploy AIO-SX Backup and Restore AIO-SX Upgrade Closes-Bug: 1942907 Change-Id: I7549b846a470dff272ab17fc610ebe06260f439b Signed-off-by: David Sullivan --- .../tasks/apply_bootstrap_manifest.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/tasks/apply_bootstrap_manifest.yml b/playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/tasks/apply_bootstrap_manifest.yml index 95f5c024f..c3230e3f8 100644 --- a/playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/tasks/apply_bootstrap_manifest.yml +++ b/playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/tasks/apply_bootstrap_manifest.yml @@ -54,7 +54,7 @@ command: >- tar -C {{ hieradata_workdir }} -xpf {{ restore_data_file }} --transform='s,.*/,,' '{{ archive_puppet_permdir }}/*static.yaml' - '{{ archive_puppet_permdir }}/system.yaml' + '{{ archive_puppet_permdir }}/*system.yaml' args: warn: false @@ -198,16 +198,24 @@ command: "grep 'platform::drbd::.*::params::lv_size.*' {{ hieradata_workdir }}/system.yaml" register: system_file - - name: Write filesystem settings to runtime hieradata + - name: Read admin_password from system hieradata + command: "egrep '::keystone_admin_password|::admin_password|admin::password' {{ hieradata_workdir }}/secure_system.yaml" + register: secure_system_file + + - name: Write system settings to runtime hieradata lineinfile: path: "{{ hieradata_workdir }}/runtime.yaml" line: "{{ item }}" - with_items: "{{system_file.stdout_lines}}" + no_log: True + with_items: "{{ system_file.stdout_lines + secure_system_file.stdout_lines }}" - name: Remove system hieradata file: - path: "{{ hieradata_workdir }}/system.yaml" + path: "{{ item }}" state: absent + with_items: + - "{{ hieradata_workdir }}/system.yaml" + - "{{ hieradata_workdir }}/secure_system.yaml" when: mode == 'restore'