@@ -12,31 +12,75 @@
# See the License for the specific language governing permissions and
# See the License for the specific language governing permissions and
# limitations under the License.
# limitations under the License.
-- name: Check if input config file is encrypted
- command: cat {{ role_path }}/../../appliance/{{ input_config_filename }}
+- name: Check if omnia_vault_key exists
+ stat:
+ path: "{{ role_path }}/../../{{ config_vaultname }}"
+ register: vault_key_result
+- name: Create ansible vault key if it does not exist
+ set_fact:
+ vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
+ when: not vault_key_result.stat.exists
+- name: Save vault key
+ copy:
+ dest: "{{ role_path }}/../../{{ config_vaultname }}"
+ content: |
+ {{ vault_key }}
+ owner: root
+ force: yes
+ when: not vault_key_result.stat.exists
+- name: Check if omnia config file is encrypted
+ command: cat {{ role_path }}/../../{{ config_filename }}
changed_when: false
changed_when: false
register: config_content
register: config_content
no_log: True
no_log: True
-- name: Decrpyt input_config.yml
+- name: Decrpyt omnia_config.yml
command: >-
command: >-
- ansible-vault decrypt {{ role_path }}/../../appliance/{{ input_config_filename }}
- --vault-password-file {{ role_path }}/../../appliance/roles/common/files/{{ vault_filename }}
+ ansible-vault decrypt {{ role_path }}/../../{{ config_filename }}
+ --vault-password-file {{ role_path }}/../../{{ config_vaultname }}
when: "'$ANSIBLE_VAULT;' in config_content.stdout"
when: "'$ANSIBLE_VAULT;' in config_content.stdout"
-- name: Include variable file input_config.yml
- include_vars: "{{ role_path }}/../../appliance/{{ input_config_filename }}"
+- name: Include variable file omnia_config.yml
+ include_vars: "{{ role_path }}/../../{{ config_filename }}"
no_log: True
no_log: True
+- name: Validate input parameters are not empty
+ fail:
+ msg: "{{ input_config_failure_msg }}"
+ register: input_config_check
+ when:
+ - mariadb_password | length < 1 or
+ k8s_cni | length < 1
+- name: Assert mariadb_password
+ assert:
+ that:
+ - mariadb_password | length > min_length | int - 1
+ - mariadb_password | length < max_length | int + 1
+ - '"-" not in mariadb_password '
+ - '"\\" not in mariadb_password '
+ - '"\"" not in mariadb_password '
+ - " \"'\" not in mariadb_password "
+ success_msg: "{{ success_msg_mariadb_password }}"
+ fail_msg: "{{ fail_msg_mariadb_password }}"
+- name: Assert kubernetes cni
+ assert:
+ that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
+ success_msg: "{{ success_msg_k8s_cni }}"
+ fail_msg: "{{ fail_msg_k8s_cni }}"
- name: Save input variables from file
- name: Save input variables from file
- cobbler_password: "{{ provision_password }}"
db_password: "{{ mariadb_password }}"
db_password: "{{ mariadb_password }}"
k8s_cni: "{{ k8s_cni }}"
k8s_cni: "{{ k8s_cni }}"
no_log: True
no_log: True
- name: Encrypt input config file
- name: Encrypt input config file
command: >-
command: >-
- ansible-vault encrypt {{ role_path }}/../../appliance/{{ input_config_filename }}
- --vault-password-file {{ role_path }}/../../appliance/roles/common/files/{{ vault_filename }}
+ ansible-vault encrypt {{ role_path }}/../../{{ config_filename }}
+ --vault-password-file {{ role_path }}/../../{{ config_vaultname }}
when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
when: "'$ANSIBLE_VAULT;' not in config_content.stdout"