From 3a6558a1af5ba14bc6614d94f768dd1a1fc86d9b Mon Sep 17 00:00:00 2001
From: Petr Ospalý <p.ospaly@partner.samsung.com>
Date: Mon, 8 Apr 2019 08:39:41 +0200
Subject: Add support for resetting the admin password
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The module rancher1_api can now reset an admin password of the default
admin account (account_id: '1a1') and keep local authentication enabled.

By default the authentication is not enabled, because the ansible
module rancher_k8s_environment.py is not idempotent and it would need to
be rewritten.

Change-Id: Ib432537651b91216c32438ec1233dba3602e3faf
Issue-ID: OOM-1734
Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com>
---
 ansible/roles/rancher/defaults/main.yml | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ansible/roles/rancher/defaults')

diff --git a/ansible/roles/rancher/defaults/main.yml b/ansible/roles/rancher/defaults/main.yml
index e4d5cb9f..6d354e6e 100644
--- a/ansible/roles/rancher/defaults/main.yml
+++ b/ansible/roles/rancher/defaults/main.yml
@@ -22,5 +22,12 @@ rancher:
   # Auto-purge Audit Log entries after this long (seconds)
   audit_log_purge_after_seconds: 2592000  # 30 days
 
+  # By default we don't enable local authentication (mainly due to
+  # to the fact that rancher_k8s_environment.py would have to be
+  # rewritten completely)
+  # But if you don't need to run rancher_kubernetes playbook more
+  # than once (you should not have to under the terms of a regular
+  # installation), then you can safely enable it.
+  auth_enabled: false
   # Set this password for the rancher admin account:
   admin_password: "admin"
-- 
cgit 1.2.3-korg