탐색 도움말
로그인
RONCC
/
Dell-Omnia-Clusters-HPC-AI
Watch 1
Star 0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 8199602559
브랜치 태그
Dell-Omnia-C...
/
telemetry
/
roles
/
common
/
tasks
/
validate_login_vars.yml

validate_login_vars.yml 2.4 KB
히스토리 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. # Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
    2. 

  2. #
    3. 

  3. # Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. # you may not use this file except in compliance with the License.
    5. 

  5. # You may obtain a copy of the License at
    6. 

  6. #
    7. 

  7. #     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. #
    9. 

  9. # Unless required by applicable law or agreed to in writing, software
    10. 

  10. # distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. # See the License for the specific language governing permissions and
    13. 

  13. # limitations under the License.
    14. 

  14. ---
    15. 

  15. 

  16. - name: Check login_vars.yml file is encrypted
    17. 

  17.   command: cat {{ login_vars_file }}
    18. 

  18.   changed_when: false
    19. 

  19.   register: config_content
    20. 

  20.   no_log: true
    21. 

  21. 

  22. - name: Decrpyt login_vars.yml
    23. 

  23.   command: >-
    24. 

  24.     ansible-vault decrypt {{ login_vars_file }}
    25. 

  25.     --vault-password-file {{ vault_filename }}
    26. 

  26.   changed_when: false
    27. 

  27.   when: "'$ANSIBLE_VAULT;' in config_content.stdout"
    28. 

  28. 

  29. - name: Include variable file login_vars.yml
    30. 

  30.   include_vars: "{{ login_vars_file }}"
    31. 

  31.   no_log: true
    32. 

  32. 

  33. - name: Assert usernames and passwords in login_vars.yml
    34. 

  34.   block:
    35. 

  35.   - name: Assert timescaledb user name
    36. 

  36.     assert:
    37. 

  37.       that: timescaledb_user | length > 1
    38. 

  38.     no_log: true
    39. 

  39. 

  40.   - name: Assert timescaledb user password
    41. 

  41.     assert:
    42. 

  42.       that: timescaledb_password | length > 1
    43. 

  43.     no_log: true
    44. 

  44. 

  45.   - name: Assert mysqldb user name
    46. 

  46.     assert:
    47. 

  47.       that: mysqldb_user | length > 1
    48. 

  48.     no_log: true
    49. 

  49. 

  50.   - name: Assert mysqldb user password
    51. 

  51.     assert:
    52. 

  52.       that: mysqldb_password | length > 1
    53. 

  53.     no_log: true
    54. 

  54. 

  55.   - name: Assert mysqldb root user password
    56. 

  56.     assert:
    57. 

  57.       that: mysqldb_root_password | length > 1
    58. 

  58.     no_log: true
    59. 

  59. 

  60.   rescue:
    61. 

  61.     - name: Validation issue in login/vars.yml
    62. 

  62.       fail:
    63. 

  63.         msg: "{{ login_vars_fail_msg }}"
    64. 

  64. 

  65. - name: Create ansible vault key
    66. 

  66.   set_fact:
    67. 

  67.     vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
    68. 

  68.   when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
    69. 

  69. 

  70. - name: Save vault key
    71. 

  71.   copy:
    72. 

  72.     dest: "{{ vault_filename }}"
    73. 

  73.     content: |
    74. 

  74.       {{ vault_key }}
    75. 

  75.     owner: root
    76. 

  76.     force: yes
    77. 

  77.     mode: "{{ vault_file_perm }}"
    78. 

  78.   when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
    79. 

  79. 

  80. - name: Encrypt input config file
    81. 

  81.   command: >-
    82. 

  82.     ansible-vault encrypt {{ login_vars_file }}
    83. 

  83.     --vault-password-file {{ vault_filename }}
    84. 

  84.   changed_when: false
    85. 

  85.