diff --git a/ansible/inventory/group_vars/all/kolla b/ansible/inventory/group_vars/all/kolla index 9d85a2b00..59b0c0170 100644 --- a/ansible/inventory/group_vars/all/kolla +++ b/ansible/inventory/group_vars/all/kolla @@ -608,9 +608,15 @@ kolla_ansible_default_custom_passwords: >- if compute_libvirt_enabled | bool and compute_libvirt_enable_sasl | bool else {}) }} +# Dictionary containing extra custom passwords to add or override in the Kolla +# passwords file. +kolla_ansible_extra_custom_passwords: {} + # Dictionary containing custom passwords to add or override in the Kolla # passwords file. -kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}" +kolla_ansible_custom_passwords: >- + {{ kolla_ansible_default_custom_passwords | + combine(kolla_ansible_extra_custom_passwords) }} ############################################################################### # OpenStack API addresses. diff --git a/dev/functions b/dev/functions index 3eda21475..5839cb38a 100644 --- a/dev/functions +++ b/dev/functions @@ -233,17 +233,22 @@ function upgrade_kayobe_venv { function is_deploy_image_built_locally { ipa_build_images=$(kayobe configuration dump --host controllers[0] --var-name ipa_build_images) - [[ $ipa_build_images =~ ^true$ ]] + to_bool "$ipa_build_images" } function is_ironic_enabled { ironic_enabled=$(kayobe configuration dump --host controllers[0] --var-name kolla_enable_ironic) - [[ $ironic_enabled =~ ^true$ ]] + to_bool "$ironic_enabled" } function is_overcloud_host_image_built_by_dib { overcloud_dib_build_host_images=$(kayobe configuration dump --host controllers[0] --var-name overcloud_dib_build_host_images) - [[ $overcloud_dib_build_host_images =~ ^true$ ]] + to_bool "$overcloud_dib_build_host_images" +} + +function is_cinder_enabled { + flag="$(run_kayobe configuration dump --host controllers[0] --var-name kolla_enable_cinder)" + to_bool "$flag" } function environment_setup { @@ -854,11 +859,6 @@ function to_bool { fi } -function is_cinder_enabled { - flag="$(run_kayobe configuration dump --host controllers[0] --var-name kolla_enable_cinder)" - to_bool "$flag" -} - function configure_iptables { # NOTE(wszumski): adapted from the ironic devstack plugin, see: # https://github.com/openstack/ironic/blob/36e87dc5b472d79470b783fbba9ce396e3cbb96e/devstack/lib/ironic#L2132 diff --git a/doc/source/configuration/reference/kolla-ansible.rst b/doc/source/configuration/reference/kolla-ansible.rst index 26a10a57b..97bf88df5 100644 --- a/doc/source/configuration/reference/kolla-ansible.rst +++ b/doc/source/configuration/reference/kolla-ansible.rst @@ -595,27 +595,35 @@ variable, if present. The file is generated to ``$KAYOBE_CONFIG_PATH/kolla/passwords.yml``, and should be stored along with other Kayobe configuration files. This file should not be manually modified. -``kolla_ansible_custom_passwords`` - Dictionary containing custom passwords to add or override in the Kolla - passwords file. Default is ``{{ kolla_ansible_default_custom_passwords - }}``, which contains SSH keys for use by Kolla Ansible and Bifrost. - Configuring Custom Passwords ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -In order to write additional passwords to ``passwords.yml``, set the kayobe -variable ``kolla_ansible_custom_passwords`` in -``$KAYOBE_CONFIG_PATH/kolla.yml``. +The following variables are used to configure custom passwords: + +* ``kolla_ansible_default_custom_passwords``: Dictionary containing default + custom passwords, required by Kolla Ansible. Contains SSH keys authorized by + kolla user on Kolla hosts, SSH keys authorized in hosts deployed by Bifrost, + Docker Registry password and compute libVirt custom passwords. +* ``kolla_ansible_extra_custom_passwords``: Dictionary containing extra custom + passwords to add or override in the Kolla passwords file. Default is an empty + dictionary. +* ``kolla_ansible_custom_passwords``: Dictionary containing custom passwords to + add or override in the Kolla passwords file. Default is the combination of + the ``kolla_ansible_default_custom_passwords`` and + ``kolla_ansible_extra_custom_passwords``. + +In this example we add our own ``my_custom_password`` and override +``keystone_admin_password``: .. code-block:: yaml :caption: ``$KAYOBE_CONFIG_PATH/kolla.yml`` --- - # Dictionary containing custom passwords to add or override in the Kolla - # passwords file. - kolla_ansible_custom_passwords: > - {{ kolla_ansible_default_custom_passwords | - combine({'my_custom_password': 'correcthorsebatterystaple'}) }} + # Dictionary containing extra custom passwords to add or override in the + # Kolla passwords file. + kolla_ansible_extra_custom_passwords: + my_custom_password: 'correcthorsebatterystaple' + keystone_admin_password: 'superduperstrongpassword' Control Plane Services ====================== diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index 12dd20c19..86661d72a 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -522,6 +522,10 @@ # Kolla passwords file. #kolla_ansible_default_custom_passwords: +# Dictionary containing extra custom passwords to add or override in the Kolla +# passwords file. +#kolla_ansible_extra_custom_passwords: + # Dictionary containing custom passwords to add or override in the Kolla # passwords file. #kolla_ansible_custom_passwords: diff --git a/releasenotes/notes/kolla-passwords-overrides-065fd6bb8eb9689d.yaml b/releasenotes/notes/kolla-passwords-overrides-065fd6bb8eb9689d.yaml new file mode 100644 index 000000000..adc5318e7 --- /dev/null +++ b/releasenotes/notes/kolla-passwords-overrides-065fd6bb8eb9689d.yaml @@ -0,0 +1,14 @@ +--- +fixes: + - | + Fixes an issue when user forgot to combine + ``kolla_ansible_custom_passwords``, + ``kolla_ansible_default_custom_passwords`` and own dictionary with custom + passwords in configuration files. Now + ``kolla_ansible_extra_custom_passwords`` should provide only user custom + passwords to add or override in the passwords.yml. +upgrade: + - | + Now no need to combine ``kolla_ansible_default_custom_passwords`` and + ``kolla_ansible_custom_passwords`` in your custom configuration. Just use + ``kolla_ansible_extra_custom_passwords`` to add or override passwords.