diff --git a/ansible/roles/passwords/tasks/validate.yml b/ansible/roles/passwords/tasks/validate.yml new file mode 100644 index 000000000..9279ffdbf --- /dev/null +++ b/ansible/roles/passwords/tasks/validate.yml @@ -0,0 +1,4 @@ +- name: Assert secrets created + assert: + that: (hostvars[inventory_hostname].keys() | select('contains', 'vault_') | length) > 1 # 1 as may have vault_testuser_password defined in dev + fail_msg: "No inventory variables 'vault_*' found: Has ansible/adhoc/generate-passwords.yml been run?" diff --git a/ansible/site.yml b/ansible/site.yml index 1804a2365..bb379399d 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -9,7 +9,7 @@ when: hook_path | exists - import_playbook: validate.yml - when: "{{ appliances_validate | default(true) }}" + when: appliances_validate | default(true) - import_playbook: bootstrap.yml diff --git a/ansible/validate.yml b/ansible/validate.yml index 866d95d48..c22873615 100644 --- a/ansible/validate.yml +++ b/ansible/validate.yml @@ -2,6 +2,14 @@ # Fail early if configuration is invalid +- name: Validate secrets created + hosts: localhost + gather_facts: false + tasks: + - import_role: + name: passwords + tasks_from: validate.yml + - name: Ensure control node is in inventory hosts: all gather_facts: false diff --git a/environments/common/layouts/everything b/environments/common/layouts/everything index 84e6e5a72..008551c99 100644 --- a/environments/common/layouts/everything +++ b/environments/common/layouts/everything @@ -25,7 +25,7 @@ control [filebeat:children] slurm_stats -# NB: [rebuild] not defined here as this template is used in CI, which does not run in openstack +# NB: [rebuild] not defined here as this template is used in CI [update:children] cluster