From 99328545de07d94c4a2bdd67c6ac8bc9280f23c5 Mon Sep 17 00:00:00 2001 From: Guillaume Abrioux Date: Tue, 28 Jan 2020 13:55:54 +0100 Subject: [PATCH] validate: fail if dashboard|grafana_admin_password aren't set This commit adds a task to make sure user set a custom password for `grafana_admin_password` and `dashboard_admin_password` variables. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1795509 Signed-off-by: Guillaume Abrioux --- group_vars/all.yml.sample | 2 ++ group_vars/rhcs.yml.sample | 2 ++ roles/ceph-defaults/defaults/main.yml | 6 ++++-- roles/ceph-validate/tasks/main.yml | 7 +++++++ 4 files changed, 15 insertions(+), 2 deletions(-) diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample index 6bd2d6a8f..9866a58f3 100644 --- a/group_vars/all.yml.sample +++ b/group_vars/all.yml.sample @@ -710,6 +710,7 @@ dummy: #dashboard_protocol: http #dashboard_port: 8443 #dashboard_admin_user: admin +# This variable must be set with a strong custom password when dashboard_enabled is True #dashboard_admin_password: p@ssw0rd # We only need this for SSL (https) connections #dashboard_crt: '' @@ -720,6 +721,7 @@ dummy: #node_exporter_container_image: "prom/node-exporter:v0.17.0" #node_exporter_port: 9100 #grafana_admin_user: admin +# This variable must be set with a strong custom password when dashboard_enabled is True #grafana_admin_password: admin # We only need this for SSL (https) connections #grafana_crt: '' diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample index 4ee2a5587..f9a221176 100644 --- a/group_vars/rhcs.yml.sample +++ b/group_vars/rhcs.yml.sample @@ -710,6 +710,7 @@ ceph_docker_registry_auth: true #dashboard_protocol: http #dashboard_port: 8443 #dashboard_admin_user: admin +# This variable must be set with a strong custom password when dashboard_enabled is True #dashboard_admin_password: p@ssw0rd # We only need this for SSL (https) connections #dashboard_crt: '' @@ -720,6 +721,7 @@ ceph_docker_registry_auth: true node_exporter_container_image: registry.redhat.io/openshift4/ose-prometheus-node-exporter:v4.1 #node_exporter_port: 9100 #grafana_admin_user: admin +# This variable must be set with a strong custom password when dashboard_enabled is True #grafana_admin_password: admin # We only need this for SSL (https) connections #grafana_crt: '' diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml index 8eb3f737e..d4f1a96f0 100644 --- a/roles/ceph-defaults/defaults/main.yml +++ b/roles/ceph-defaults/defaults/main.yml @@ -702,7 +702,8 @@ dashboard_enabled: True dashboard_protocol: http dashboard_port: 8443 dashboard_admin_user: admin -dashboard_admin_password: p@ssw0rd +# This variable must be set with a strong custom password when dashboard_enabled is True +#dashboard_admin_password: p@ssw0rd # We only need this for SSL (https) connections dashboard_crt: '' dashboard_key: '' @@ -712,7 +713,8 @@ dashboard_rgw_api_no_ssl_verify: False node_exporter_container_image: "prom/node-exporter:v0.17.0" node_exporter_port: 9100 grafana_admin_user: admin -grafana_admin_password: admin +# This variable must be set with a strong custom password when dashboard_enabled is True +#grafana_admin_password: admin # We only need this for SSL (https) connections grafana_crt: '' grafana_key: '' diff --git a/roles/ceph-validate/tasks/main.yml b/roles/ceph-validate/tasks/main.yml index 90345e00c..b02c0c246 100644 --- a/roles/ceph-validate/tasks/main.yml +++ b/roles/ceph-validate/tasks/main.yml @@ -217,6 +217,13 @@ fail: msg: "you must add at least one node in the [grafana-server] hosts group" when: groups[grafana_server_group_name] | length < 1 + + - name: fail when dashboard_admin_password and/or grafana_admin_password are not set + fail: + msg: "you must set dashboard_admin_password and grafana_admin_password." + when: + - dashboard_admin_password is undefined + or grafana_admin_password is undefined when: dashboard_enabled | bool - name: validate container registry credentials -- 2.39.5