From 3a6558a1af5ba14bc6614d94f768dd1a1fc86d9b Mon Sep 17 00:00:00 2001
From: Petr OspalĂ˝
Date: Mon, 8 Apr 2019 08:39:41 +0200
Subject: Add support for resetting the admin password
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The module rancher1_api can now reset an admin password of the default
admin account (account_id: '1a1') and keep local authentication enabled.
By default the authentication is not enabled, because the ansible
module rancher_k8s_environment.py is not idempotent and it would need to
be rewritten.
Change-Id: Ib432537651b91216c32438ec1233dba3602e3faf
Issue-ID: OOM-1734
Signed-off-by: Petr OspalĂ˝
---
ansible/roles/rancher/defaults/main.yml | 7 +++++++
ansible/roles/rancher/tasks/rancher_server.yml | 2 ++
2 files changed, 9 insertions(+)
(limited to 'ansible/roles')
diff --git a/ansible/roles/rancher/defaults/main.yml b/ansible/roles/rancher/defaults/main.yml
index e4d5cb9f..6d354e6e 100644
--- a/ansible/roles/rancher/defaults/main.yml
+++ b/ansible/roles/rancher/defaults/main.yml
@@ -22,5 +22,12 @@ rancher:
# Auto-purge Audit Log entries after this long (seconds)
audit_log_purge_after_seconds: 2592000 # 30 days
+ # By default we don't enable local authentication (mainly due to
+ # to the fact that rancher_k8s_environment.py would have to be
+ # rewritten completely)
+ # But if you don't need to run rancher_kubernetes playbook more
+ # than once (you should not have to under the terms of a regular
+ # installation), then you can safely enable it.
+ auth_enabled: false
# Set this password for the rancher admin account:
admin_password: "admin"
diff --git a/ansible/roles/rancher/tasks/rancher_server.yml b/ansible/roles/rancher/tasks/rancher_server.yml
index e93dd0e0..4cda3722 100644
--- a/ansible/roles/rancher/tasks/rancher_server.yml
+++ b/ansible/roles/rancher/tasks/rancher_server.yml
@@ -48,6 +48,7 @@
rancher_agent_image: "{{ env.data.registration_tokens.image }}"
rancher_agent_reg_url: "{{ env.data.registration_tokens.reg_url }}"
+# By default disabled - when enabled this playbook cannot be run more than once.
- name: Setup rancher admin password and enable authentication
rancher1_api:
server: "{{ rancher_server_url }}"
@@ -56,6 +57,7 @@
data:
account_id: 1a1 # default rancher admin account
password: "{{ rancher.admin_password }}"
+ when: "rancher.auth_enabled is defined and rancher.auth_enabled"
- name: Configure the size of the rancher cattle db and logs
block:
--
cgit 1.2.3-korg