# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- - name: Check input config file is encrypted command: cat {{ input_config_filename }} changed_when: false register: config_content - name: Decrpyt input_config.yml command: ansible-vault decrypt {{ input_config_filename }} --vault-password-file {{ role_path }}/files/{{ vault_filename }} changed_when: false when: "'$ANSIBLE_VAULT;' in config_content.stdout" - name: Include variable file input_config.yml include_vars: "{{ input_config_filename }}" - name: Validate input parameters are not empty fail: msg: "{{ input_config_failure_msg }}" register: input_config_check when: (provision_password | length < 1) or (awx_password | length < 1) or (mariadb_password | length < 1) or (hpc_nic | length < 1) or (public_nic | length < 1) - name: Save input variables from file set_fact: cobbler_password: "{{ provision_password }}" admin_password: "{{ awx_password }}" input_mariadb_password: "{{ mariadb_password }}" nic: "{{ hpc_nic }}" internet_nic: "{{ public_nic }}" - name: Assert provision_password assert: that: - cobbler_password | length > min_length | int - 1 - cobbler_password | length < max_length | int + 1 - '"-" not in cobbler_password ' - '"\\" not in cobbler_password ' - '"\"" not in cobbler_password ' - " \"'\" not in cobbler_password " success_msg: "{{ success_msg_provision_password }}" fail_msg: "{{ fail_msg_provision_password }}" register: cobbler_password_check - name: Assert awx_password assert: that: - admin_password | length > min_length | int - 1 - admin_password | length < max_length | int + 1 - '"-" not in admin_password ' - '"\\" not in admin_password ' - '"\"" not in admin_password ' - " \"'\" not in admin_password " success_msg: "{{ success_msg_awx_password }}" fail_msg: "{{ fail_msg_awx_password }}" register: awx_password_check - name: Assert mariadb_password assert: that: - input_mariadb_password | length > min_length | int - 1 - input_mariadb_password | length < max_length | int + 1 - '"-" not in input_mariadb_password ' - '"\\" not in input_mariadb_password ' - '"\"" not in input_mariadb_password ' - " \"'\" not in input_mariadb_password " success_msg: "{{ success_msg_mariadb_password }}" fail_msg: "{{ fail_msg_mariadb_password }}" register: mariadb_password_check - name: Assert hpc_nic assert: that: - nic | length > nic_min_length | int - 1 - nic != internet_nic success_msg: "{{ success_msg_hpc_nic }}" fail_msg: "{{ fail_msg_hpc_nic }}" register: hpc_nic_check - name: Assert public_nic assert: that: - internet_nic | length > nic_min_length | int - 1 - nic != internet_nic - "('em1' in internet_nic) or ('em2' in internet_nic) or ('em3' in internet_nic)" success_msg: "{{ success_msg_public_nic }}" fail_msg: "{{ fail_msg_public_nic }}" register: public_nic_check - name: Create ansible vault key set_fact: vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}" when: "'$ANSIBLE_VAULT;' not in config_content.stdout" - name: Save vault key copy: dest: "{{ role_path }}/files/{{ vault_filename }}" content: | {{ vault_key }} owner: root force: yes when: "'$ANSIBLE_VAULT;' not in config_content.stdout" - name: Encrypt input config file command: ansible-vault encrypt {{ input_config_filename }} --vault-password-file {{ role_path }}/files/{{ vault_filename }} changed_when: false