From 3b03bfe3fd52a7d2ef3231629eb96957ec551295 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 20 May 2020 15:37:22 +0100 Subject: [PATCH] CI: Encrypt passwords.yml in overcloud host configure job This gives us some test coverage with Ansible Vault. Change-Id: Ic9db7f84e9f0dcbe69c31b6fff6bda3dfb401a33 Story: 2004959 Task: 39813 --- .../kayobe-overcloud-host-configure-base/run.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/playbooks/kayobe-overcloud-host-configure-base/run.yml b/playbooks/kayobe-overcloud-host-configure-base/run.yml index 1da3d336e..b70ba4a01 100644 --- a/playbooks/kayobe-overcloud-host-configure-base/run.yml +++ b/playbooks/kayobe-overcloud-host-configure-base/run.yml @@ -6,6 +6,7 @@ KAYOBE_OVERCLOUD_CONTAINER_IMAGE_PULL: 0 KAYOBE_OVERCLOUD_SERVICE_DEPLOY: 0 KAYOBE_OVERCLOUD_POST_CONFIGURE: 0 + KAYOBE_VAULT_PASSWORD: 'test-password' vars: testinfra_venv: ~/testinfra-venv test_path: "{{ kayobe_src_dir }}/playbooks/kayobe-overcloud-host-configure-base/tests/" @@ -18,3 +19,13 @@ command: "{{ testinfra_venv }}/bin/py.test {{ test_path }} --html={{ logs_dir }}/test-results.html --self-contained-html" environment: SITE_MIRROR_FQDN: "{{ zuul_site_mirror_fqdn }}" + + # Check that passwords are Vault encrypted. + - name: Decrypt passwords.yml using Ansible Vault + vars: + kayobe_venv: "{{ ansible_env.HOME }}/kayobe-venv" + command: >- + {{ kayobe_venv }}/bin/ansible-vault + decrypt + --vault-password-file {{ kayobe_venv }}/bin/kayobe-vault-password-helper + {{ kayobe_config_src_dir }}/etc/kayobe/kolla/passwords.yml