2 files changed, 9 insertions, 0 deletions

diff --git a/ansible/roles/rancher/defaults/main.yml b/ansible/roles/rancher/defaults/main.yml
index e4d5cb9f..6d354e6e 100644
--- a/ansible/roles/rancher/defaults/main.yml
+++ b/ansible/roles/rancher/defaults/main.yml
@@ -22,5 +22,12 @@ rancher:
   # Auto-purge Audit Log entries after this long (seconds)
   audit_log_purge_after_seconds: 2592000  # 30 days
 
+  # By default we don't enable local authentication (mainly due to
+  # to the fact that rancher_k8s_environment.py would have to be
+  # rewritten completely)
+  # But if you don't need to run rancher_kubernetes playbook more
+  # than once (you should not have to under the terms of a regular
+  # installation), then you can safely enable it.
+  auth_enabled: false
   # Set this password for the rancher admin account:
   admin_password: "admin"
diff --git a/ansible/roles/rancher/tasks/rancher_server.yml b/ansible/roles/rancher/tasks/rancher_server.yml
index e93dd0e0..4cda3722 100644
--- a/ansible/roles/rancher/tasks/rancher_server.yml
+++ b/ansible/roles/rancher/tasks/rancher_server.yml
@@ -48,6 +48,7 @@
     rancher_agent_image: "{{ env.data.registration_tokens.image }}"
     rancher_agent_reg_url: "{{ env.data.registration_tokens.reg_url }}"
 
+# By default disabled - when enabled this playbook cannot be run more than once.
 - name: Setup rancher admin password and enable authentication
   rancher1_api:
     server: "{{ rancher_server_url }}"
@@ -56,6 +57,7 @@
     data:
       account_id: 1a1 # default rancher admin account
       password: "{{ rancher.admin_password }}"
+  when: "rancher.auth_enabled is defined and rancher.auth_enabled"
 
 - name: Configure the size of the rancher cattle db and logs
   block: