Fix #73: Fails late if no secrets defined

ansible/roles/passwords/tasks/validate.yml

@@ -0,0 +1,4 @@
+- name: Assert secrets created
+  assert:
+    that: (hostvars[inventory_hostname].keys() | select('contains', 'vault_') | length) > 1 # 1 as may have vault_testuser_password defined in dev
+    fail_msg: "No inventory variables 'vault_*' found: Has ansible/adhoc/generate-passwords.yml been run?"

ansible/site.yml

@@ -9,7 +9,7 @@
   when: hook_path | exists
 
 - import_playbook: validate.yml
-  when: "{{ appliances_validate | default(true) }}"
+  when: appliances_validate | default(true)
 
 - import_playbook: bootstrap.yml
 

ansible/validate.yml

@@ -2,6 +2,14 @@
 
 # Fail early if configuration is invalid
 
+- name: Validate secrets created
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - import_role:
+        name: passwords
+        tasks_from: validate.yml
+
 - name: Ensure control node is in inventory
   hosts: all
   gather_facts: false

environments/common/layouts/everything

@@ -25,7 +25,7 @@ control
 [filebeat:children]
 slurm_stats
 
-# NB: [rebuild] not defined here as this template is used in CI, which does not run in openstack
+# NB: [rebuild] not defined here as this template is used in CI
 
 [update:children]
 cluster