Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
RONCC
/
Dell-Omnia-Clusters-HPC-AI
Pridať medzi pozorované 1
Hviezda 0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: 8e7cd330f6
Branche Tagy
Dell-Omnia-C...
/
appliance
/
roles
/
common
/
tasks
/
password_config.yml

password_config.yml 4.1 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117 
  1. # Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
    2. 

  2. #
    3. 

  3. # Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. # you may not use this file except in compliance with the License.
    5. 

  5. # You may obtain a copy of the License at
    6. 

  6. #
    7. 

  7. #     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. #
    9. 

  9. # Unless required by applicable law or agreed to in writing, software
    10. 

  10. # distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. # See the License for the specific language governing permissions and
    13. 

  13. # limitations under the License.
    14. 

  14. ---
    15. 

  15. 

  16. - name: Check input config file is encrypted
    17. 

  17.   command: cat {{ input_config_filename }}
    18. 

  18.   changed_when: false
    19. 

  19.   register: config_content
    20. 

  20. 

  21. - name: Decrpyt input_config.yml
    22. 

  22.   command: ansible-vault decrypt {{ input_config_filename }} --vault-password-file {{ role_path }}/files/{{ vault_filename }}
    23. 

  23.   changed_when: false
    24. 

  24.   when: "'$ANSIBLE_VAULT;' in config_content.stdout"
    25. 

  25. 

  26. - name: Include variable file input_config.yml
    27. 

  27.   include_vars: "{{ input_config_filename }}"
    28. 

  28. 

  29. - name: Validate input parameters are not empty
    30. 

  30.   fail:
    31. 

  31.     msg: "{{ input_config_failure_msg }}"
    32. 

  32.   register: input_config_check
    33. 

  33.   when: (provision_password | length < 1) or (awx_password | length < 1) or (mariadb_password | length < 1) or (hpc_nic | length < 1) or (public_nic | length < 1)
    34. 

  34. 

  35. - name: Save input variables from file
    36. 

  36.   set_fact:
    37. 

  37.     cobbler_password: "{{ provision_password }}"
    38. 

  38.     admin_password: "{{ awx_password }}"
    39. 

  39.     input_mariadb_password: "{{ mariadb_password }}"
    40. 

  40.     nic:  "{{ hpc_nic }}"
    41. 

  41.     internet_nic: "{{ public_nic }}"
    42. 

  42. 

  43. - name: Assert provision_password
    44. 

  44.   assert:
    45. 

  45.     that:
    46. 

  46.       - cobbler_password | length > min_length | int - 1
    47. 

  47.       - cobbler_password | length < max_length | int + 1
    48. 

  48.       - '"-" not in cobbler_password '
    49. 

  49.       - '"\\" not in cobbler_password '
    50. 

  50.       - '"\"" not in cobbler_password '
    51. 

  51.       - " \"'\" not in cobbler_password "
    52. 

  52.     success_msg: "{{ success_msg_provision_password }}"
    53. 

  53.     fail_msg: "{{ fail_msg_provision_password }}"
    54. 

  54.   register: cobbler_password_check
    55. 

  55. 

  56. - name: Assert awx_password
    57. 

  57.   assert:
    58. 

  58.     that:
    59. 

  59.         - admin_password | length > min_length | int - 1
    60. 

  60.         - admin_password | length < max_length | int + 1
    61. 

  61.         - '"-" not in admin_password '
    62. 

  62.         - '"\\" not in admin_password '
    63. 

  63.         - '"\"" not in admin_password '
    64. 

  64.         - " \"'\" not in admin_password "
    65. 

  65.     success_msg: "{{ success_msg_awx_password }}"
    66. 

  66.     fail_msg: "{{ fail_msg_awx_password }}"
    67. 

  67.   register: awx_password_check
    68. 

  68. 

  69. - name: Assert mariadb_password
    70. 

  70.   assert:
    71. 

  71.     that:
    72. 

  72.         - input_mariadb_password | length > min_length | int - 1
    73. 

  73.         - input_mariadb_password | length < max_length | int + 1
    74. 

  74.         - '"-" not in input_mariadb_password '
    75. 

  75.         - '"\\" not in input_mariadb_password '
    76. 

  76.         - '"\"" not in input_mariadb_password '
    77. 

  77.         - " \"'\" not in input_mariadb_password "
    78. 

  78.     success_msg: "{{ success_msg_mariadb_password }}"
    79. 

  79.     fail_msg: "{{ fail_msg_mariadb_password }}"
    80. 

  80.   register: mariadb_password_check
    81. 

  81. 

  82. - name: Assert hpc_nic
    83. 

  83.   assert:
    84. 

  84.     that:
    85. 

  85.       - nic | length > nic_min_length | int - 1
    86. 

  86.       - nic != internet_nic
    87. 

  87.     success_msg: "{{ success_msg_hpc_nic }}"
    88. 

  88.     fail_msg: "{{ fail_msg_hpc_nic }}"
    89. 

  89.   register: hpc_nic_check
    90. 

  90. 

  91. - name: Assert public_nic
    92. 

  92.   assert:
    93. 

  93.     that:
    94. 

  94.       - internet_nic | length > nic_min_length | int - 1
    95. 

  95.       - nic != internet_nic
    96. 

  96.       - "('em1' in internet_nic) or ('em2' in internet_nic) or ('em3' in internet_nic)"
    97. 

  97.     success_msg: "{{ success_msg_public_nic }}"
    98. 

  98.     fail_msg: "{{ fail_msg_public_nic }}"
    99. 

  99.   register: public_nic_check
    100. 

  100. 

  101. - name: Create ansible vault key
    102. 

  102.   set_fact:
    103. 

  103.     vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
    104. 

  104.   when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
    105. 

  105. 

  106. - name: Save vault key
    107. 

  107.   copy:
    108. 

  108.     dest: "{{ role_path }}/files/{{ vault_filename }}"
    109. 

  109.     content: |
    110. 

  110.       {{ vault_key }}
    111. 

  111.     owner: root
    112. 

  112.     force: yes
    113. 

  113.   when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
    114. 

  114. 

  115. - name: Encrypt input config file
    116. 

  116.   command: ansible-vault encrypt {{ input_config_filename }} --vault-password-file {{ role_path }}/files/{{ vault_filename }}
    117. 

  117.   changed_when: false
    118.