From 3a6558a1af5ba14bc6614d94f768dd1a1fc86d9b Mon Sep 17 00:00:00 2001 From: Petr OspalĂ˝ Date: Mon, 8 Apr 2019 08:39:41 +0200 Subject: Add support for resetting the admin password MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The module rancher1_api can now reset an admin password of the default admin account (account_id: '1a1') and keep local authentication enabled. By default the authentication is not enabled, because the ansible module rancher_k8s_environment.py is not idempotent and it would need to be rewritten. Change-Id: Ib432537651b91216c32438ec1233dba3602e3faf Issue-ID: OOM-1734 Signed-off-by: Petr OspalĂ˝ --- ansible/roles/rancher/defaults/main.yml | 7 +++++++ ansible/roles/rancher/tasks/rancher_server.yml | 2 ++ 2 files changed, 9 insertions(+) (limited to 'ansible/roles/rancher') diff --git a/ansible/roles/rancher/defaults/main.yml b/ansible/roles/rancher/defaults/main.yml index e4d5cb9f..6d354e6e 100644 --- a/ansible/roles/rancher/defaults/main.yml +++ b/ansible/roles/rancher/defaults/main.yml @@ -22,5 +22,12 @@ rancher: # Auto-purge Audit Log entries after this long (seconds) audit_log_purge_after_seconds: 2592000 # 30 days + # By default we don't enable local authentication (mainly due to + # to the fact that rancher_k8s_environment.py would have to be + # rewritten completely) + # But if you don't need to run rancher_kubernetes playbook more + # than once (you should not have to under the terms of a regular + # installation), then you can safely enable it. + auth_enabled: false # Set this password for the rancher admin account: admin_password: "admin" diff --git a/ansible/roles/rancher/tasks/rancher_server.yml b/ansible/roles/rancher/tasks/rancher_server.yml index e93dd0e0..4cda3722 100644 --- a/ansible/roles/rancher/tasks/rancher_server.yml +++ b/ansible/roles/rancher/tasks/rancher_server.yml @@ -48,6 +48,7 @@ rancher_agent_image: "{{ env.data.registration_tokens.image }}" rancher_agent_reg_url: "{{ env.data.registration_tokens.reg_url }}" +# By default disabled - when enabled this playbook cannot be run more than once. - name: Setup rancher admin password and enable authentication rancher1_api: server: "{{ rancher_server_url }}" @@ -56,6 +57,7 @@ data: account_id: 1a1 # default rancher admin account password: "{{ rancher.admin_password }}" + when: "rancher.auth_enabled is defined and rancher.auth_enabled" - name: Configure the size of the rancher cattle db and logs block: -- cgit 1.2.3-korg