sap_swpm: Use master password only when necessary #920
Conversation
Solves issue sap-linuxlab#909. Signed-off-by: Bernd Finger <bfinger@redhat.com>
| @@ -110,6 +110,7 @@ | |||
| sap_swpm_sapadm_password: "{{ sap_swpm_master_password }}" | |||
There was a problem hiding this comment.
It should rather be like this to avoid overwrite. If you enable master, you still might want to use granular passwords.
- name: SAP SWPM Pre Install - Set other user passwords using master password
ansible.builtin.set_fact:
sap_swpm_sapadm_password: "{{ sap_swpm_sapadm_password | d(sap_swpm_master_password) }}"
sap_swpm_sap_sidadm_password: "{{ sap_swpm_sap_sidadm_password | d(sap_swpm_master_password) }}"
sap_swpm_diagnostics_agent_password: "{{ sap_swpm_diagnostics_agent_password | d(sap_swpm_master_password) }}"
when: sap_swpm_master_password is defined and sap_swpm_master_passwordThere was a problem hiding this comment.
@marcelmamula Makes sense. However, as these passwords are set to an empty string in defaults/main.yml, the default behavior of this code would be to set the following entries in inifile.params:
nwUsers.sidadmPassword =
DiagnosticsAgent.dasidAdmPassword =
hostAgent.sapAdmPassword =
So we should better also comment out these three variables in defaults/main.yml.
@sean-freeman Can you please have a look? Do you see an issue if we comment out all the individual passwords in defaults/main.yml of this role?
BTW All the individual password variables in role sap_hana_install are commented out as well.
There was a problem hiding this comment.
@berndfinger
You are right, so we can comment them out as you mentioned or switch to IF/ELSE j2.
This way it will ignore master if it is defined and not empty, while be replaced when it is empty or undefined.
Following snippet was tested locally.
- when is not needed as it is incorporated
- d() and truthy check will cleanup undefined
- name: SAP SWPM Pre Install - Set other user passwords using master password
ansible.builtin.set_fact:
sap_swpm_sapadm_password: "{{ sap_swpm_master_password
if not sap_swpm_sapadm_password | d('') and sap_swpm_master_password | d('')
else sap_swpm_sapadm_password | d('') }}"There was a problem hiding this comment.
@marcelmamula Thanks. I prefer having the master password condition first, and also added a small comment so that one can quickly understand the rationale behind this code.
@sean-freeman With this code, there is no need to have a look, and to discuss commenting out all the individual passwords in defaults/main.yml of this role, at this point in time.
Signed-off-by: Bernd Finger <bfinger@redhat.com>
Solves issue #909.