Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restart QDR after changing the password #530

Merged
merged 8 commits into from
Nov 13, 2023
48 changes: 34 additions & 14 deletions roles/servicetelemetry/tasks/component_qdr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -160,21 +160,41 @@
namespace: "{{ ansible_operator_meta.namespace }}"
register: _qdr_basicauth_object

# Because https://github.com/interconnectedcloud/qdr-operator/blob/576d2b33dac71437ea2b165caaaf6413220767fe/pkg/controller/interconnect/interconnect_controller.go#L634
- name: Perform a one-time upgrade to the default generated password for QDR BasicAuth
k8s:
definition:
kind: Secret
apiVersion: v1
metadata:
name: "{{ ansible_operator_meta.name }}-interconnect-users"
- when:
- _qdr_basicauth_object.resources[0] is defined and _qdr_basicauth_object.resources[0].metadata.labels.stf_one_time_upgrade is not defined
block:
# Because https://github.com/interconnectedcloud/qdr-operator/blob/576d2b33dac71437ea2b165caaaf6413220767fe/pkg/controller/interconnect/interconnect_controller.go#L634
- name: Perform a one-time upgrade to the default generated password for QDR BasicAuth
k8s:
definition:
kind: Secret
apiVersion: v1
metadata:
name: "{{ ansible_operator_meta.name }}-interconnect-users"
namespace: "{{ ansible_operator_meta.namespace }}"
labels:
stf_one_time_upgrade: "{{ lookup('pipe', 'date +%s') }}"
stringData:
guest: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=32') }}"

# label_selectors on the k8s object need kubernetes.core>=2.2.0
- name: Get the list of QDR pods
k8s_info:
api_version: v1
kind: Pod
namespace: "{{ ansible_operator_meta.namespace }}"
label_selectors:
- application={{ ansible_operator_meta.name }}-interconnect
register: _qdr_pod

- name: Restart QDR pods to pick up new password
k8s:
state: absent
api_version: v1
kind: Pod
namespace: "{{ ansible_operator_meta.namespace }}"
labels:
stf_one_time_upgrade: "{{ lookup('pipe', 'date +%s') }}"
stringData:
guest: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=32') }}"
when:
- _qdr_basicauth_object.resources[0] is defined and _qdr_basicauth_object.resources[0].metadata.labels.stf_one_time_upgrade is not defined
name: "{{ item.metadata.name }}"
loop: "{{ _qdr_pod.resources }}"

- name: Set default Interconnect manifest
set_fact:
Expand Down