3 years ago · 7289f56015
--- a/control_plane/tools/roles/cluster_preperation/tasks/passwordless_ssh.yml
+++ b/control_plane/tools/roles/cluster_preperation/tasks/passwordless_ssh.yml
@@ -21,19 +21,23 @@
 
				 - name: Refresh ssh-key if changed
			
 
				   command: ssh-keygen -R {{ current_host }}
			
 
				   changed_when: False
			
 
				-  ignore_errors: yes
			
 
				+  failed_when: false
			
 
				   when: "'manager' in group_names"
			
 
				 
			
 
				 - name: Verify whether passwordless ssh is set on the remote host
			
 
				-  command: ssh -o PasswordAuthentication=no root@"{{ current_host }}" 'hostname'
			
 
				+  shell: sshpass ssh -o "PasswordAuthentication=no" root@{{ current_host }} 'hostname'
			
 
				   register: ssh_output
			
 
				-  ignore_errors: yes
			
 
				-  changed_when: False
			
 
				+  async: 30
			
 
				+  poll: 5
			
 
				+  failed_when: false
			
 
				+  changed_when: false
			
 
				 
			
 
				 - name: Update ssh connection status
			
 
				   set_fact:
			
 
				     ssh_status: true
			
 
				-  when: "'Permission denied' not in ssh_output.stderr"
			
 
				+  when:
			
 
				+    - "'Permission denied' not in ssh_output.stderr"
			
 
				+    -  ssh_output.stdout | length > 2
			
 
				 
			
 
				 - name: Verify the public key file existence
			
 
				   stat:
			
--- a/control_plane/tools/roles/fetch_password/tasks/main.yml
+++ b/control_plane/tools/roles/fetch_password/tasks/main.yml
@@ -12,24 +12,25 @@
 
				 #  See the License for the specific language governing permissions and
			
 
				 #  limitations under the License.
			
 
				 ---
			
 
				-- name: Include variables from common role
			
 
				+
			
 
				+- name: Include variables from control_plane_common role
			
 
				   include_vars: "{{ role_path }}/../../../roles/control_plane_common/vars/main.yml"
			
 
				   no_log: True
			
 
				 
			
 
				-- name: Check input config file is encrypted
			
 
				-  command: cat {{ role_path }}/../../../{{ input_config_filename }}
			
 
				+- name: Check login_vars.yml is encrypted
			
 
				+  command: cat {{ role_path }}/../../../{{ login_vars_filename }}
			
 
				   changed_when: false
			
 
				   register: config_content
			
 
				 
			
 
				-- name: Decrpyt appliance_config.yml
			
 
				+- name: Decrpyt login_vars.yml
			
 
				   command: >-
			
 
				-    ansible-vault decrypt {{ role_path }}/../../../{{ input_config_filename }}
			
 
				+    ansible-vault decrypt {{ role_path }}/../../../{{ login_vars_filename }}
			
 
				     --vault-password-file {{ role_path }}/../../../{{ vault_filename }}
			
 
				   changed_when: false
			
 
				   when: "'$ANSIBLE_VAULT;' in config_content.stdout"
			
 
				 
			
 
				 - name: Include variable file appliance_config.yml
			
 
				-  include_vars: "{{ role_path }}/../../../{{ input_config_filename }}"
			
 
				+  include_vars: "{{ role_path }}/../../../{{ login_vars_filename }}"
			
 
				   no_log: true
			
 
				 
			
 
				 - name: Save input variables from file
			
@@ -37,8 +38,8 @@
 
				     cobbler_password: "{{ provision_password }}"
			
 
				   no_log: true
			
 
				 
			
 
				-- name: Encrypt input config file
			
 
				+- name: Encrypt login_vars.yml
			
 
				   command: >-
			
 
				-    ansible-vault encrypt {{ role_path }}/../../../{{ input_config_filename }}
			
 
				+    ansible-vault encrypt {{ role_path }}/../../../{{ login_vars_filename }}
			
 
				     --vault-password-file {{ role_path }}/../../../{{ vault_filename }}
			
 
				-  changed_when: false
			
 
				+  changed_when: false