Dell-Omnia-Clusters-HPC-AI/appliance/roles/web_ui/tasks/awx_password.yml

# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---

#Tasks for getting and encrypting AWX Password
- name: Clone AWX repo
  git:
    repo: "{{ awx_git_repo }}"
    dest: "{{ awx_repo_path }}"
    force: yes
  tags: install

- name: AWX password
  block:
    - name: Take awx password
      pause:
        prompt: "{{ prompt_password }}"
        echo: no
      register: prompt_admin_password
      until:
        - prompt_admin_password.user_input | length >  min_length| int  - 1
        - '"-" not in prompt_admin_password.user_input '
        - '"\\" not in prompt_admin_password.user_input '
        - '"\"" not in prompt_admin_password.user_input '
        - " \"'\" not in prompt_admin_password.user_input "
      retries: "{{ retries }}"
      delay: "{{ retry_delay }}"
      when: admin_password is not defined and no_prompt is not defined
  rescue:
    - name: Abort if password validation fails
      fail:
        msg: "{{ msg_incorrect_password_format }}"
  tags: install

- name: Assert admin_password if prompt not given
  assert:
    that:
        - admin_password | length >  min_length| int  - 1
        - '"-" not in admin_password '
        - '"\\" not in admin_password '
        - '"\"" not in admin_password '
        - " \"'\" not in admin_password "
    success_msg: "{{ success_msg_pwd_format }}"
    fail_msg: "{{ fail_msg_pwd_format }}"
  register: msg_pwd_format
  when: admin_password is defined and no_prompt is defined

- name: Save admin password
  set_fact:
    admin_password: "{{ prompt_admin_password.user_input }}"
  when: no_prompt is not defined

- name: Confirmation
  block:
    - name: Confirm AWX password
      pause:
        prompt: "{{ confirm_password }}"
        echo: no
      register: prompt_admin_password_confirm
      until: admin_password == prompt_admin_password_confirm.user_input
      retries: "{{ confirm_retries }}"
      delay: "{{ retry_delay }}"
      when: admin_password_confirm is not defined and no_prompt is not defined
  rescue:
    - name: Abort if password confirmation failed
      fail:
        msg: "{{ msg_failed_password_confirm }}"
  tags: install

- name: Assert admin_password_confirm if prompt not given
  assert:
    that: admin_password == admin_password_confirm
    success_msg: "{{ success_msg_pwd_confirm }}"
    fail_msg: "{{ fail_msg_pwd_confirm }}"
  register: msg_pwd_confirm
  when: admin_password_confirm is defined and no_prompt is defined

- name: Create ansible vault key
  set_fact:
    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
  tags: install

- name: Save vault key
  copy:
    dest: "{{ awx_installer_path + vault_file }}"
    content: |
      {{ vault_key }}
    owner: root
    force: yes
  tags: install

- name: Encrypt awx password
  command: ansible-vault encrypt_string "{{ admin_password }}" --name admin_password --vault-password-file "{{ vault_file }}"
  register: encrypt_password
  args:
    chdir: "{{ awx_installer_path }}"
  tags: install

- name: Store encrypted password
  copy:
    dest: "{{ awx_installer_path + awx_password_file }}"
    content: |
      ---
      {{ encrypt_password.stdout }}
    force: yes
    owner: root
  tags: install