manager: do not use the private key for operator play when a password…

… should be used (#367) Signed-off-by: Christian Berendt <[email protected]>
osism · Oct 9, 2023 · 6aa50cb · 6aa50cb
1 parent 995b487
commit 6aa50cb
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 7 deletions.
diff --git a/environments/manager/run.sh b/environments/manager/run.sh
@@ -50,7 +50,6 @@ if [[ $INSTALL_ANSIBLE_ROLES == "true" ]]; then
 fi
 
 if [[ ! -e id_rsa.operator ]]; then
-
     ansible-playbook \
         -i localhost, \
         -e @../secrets.yml \
@@ -59,7 +58,6 @@ if [[ ! -e id_rsa.operator ]]; then
 fi
 
 if [[ $playbook == "k8s" || $playbook == "netbox" || $playbook == "traefik" ]]; then
-
     ansible-playbook \
         --private-key id_rsa.operator \
         -i hosts \
@@ -74,9 +72,32 @@ if [[ $playbook == "k8s" || $playbook == "netbox" || $playbook == "traefik" ]];
         -e @secrets.yml \
         -u "$ANSIBLE_USER" \
         osism.manager."$playbook" "$@"
-
+elif [[ $playbook == "operator" ]]; then
+    if [[ $ANSIBLE_ASK_PASS == "True" ]]; then
+        ansible-playbook \
+            -i hosts \
+            -e @../images.yml \
+            -e @../configuration.yml \
+            -e @../secrets.yml \
+            -e @images.yml \
+            -e @configuration.yml \
+            -e @secrets.yml \
+            -u "$ANSIBLE_USER" \
+            osism.manager."$playbook" "$@"
+    else
+        ansible-playbook \
+            --private-key id_rsa.operator \
+            -i hosts \
+            -e @../images.yml \
+            -e @../configuration.yml \
+            -e @../secrets.yml \
+            -e @images.yml \
+            -e @configuration.yml \
+            -e @secrets.yml \
+            -u "$ANSIBLE_USER" \
+            osism.manager."$playbook" "$@"
+    fi
 else
-
     ansible-playbook \
         --private-key id_rsa.operator \
         -i hosts \
@@ -88,12 +109,9 @@ else
         -e @secrets.yml \
         -u "$ANSIBLE_USER" \
         osism.manager."$playbook" "$@"
-
 fi
 
 if [[ $CLEANUP == "true" ]]; then
-
     rm id_rsa.operator
     rm -rf "$VENV_PATH"
-
 fi
diff --git a/releasenotes/notes/manager-enforce-use-of-password-0e13e16fe99251b1.yaml b/releasenotes/notes/manager-enforce-use-of-password-0e13e16fe99251b1.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    In the `run.sh` script of the manager environment it is now ensured that the private key is
+    not used when a password is used to create the operator user.