stackhpc · markgoddard · Nov 20, 2023 · Oct 14, 2022 · May 24, 2023 · Nov 14, 2023
@@ -595,9 +595,15 @@ kolla_ansible_default_custom_passwords: >-
              if compute_libvirt_enabled | bool and compute_libvirt_enable_sasl | bool
              else {}) }}
 
+# Dictionary containing extra custom passwords to add or override in the Kolla
+# passwords file.
+kolla_ansible_extra_custom_passwords: {}
+
 # Dictionary containing custom passwords to add or override in the Kolla
 # passwords file.
-kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}"
+kolla_ansible_custom_passwords: >-
+  {{ kolla_ansible_default_custom_passwords |
+     combine(kolla_ansible_extra_custom_passwords) }}
 
 ###############################################################################
 # OpenStack API addresses.

@@ -233,17 +233,22 @@ function upgrade_kayobe_venv {
 
 function is_deploy_image_built_locally {
     ipa_build_images=$(kayobe configuration dump --host controllers[0] --var-name ipa_build_images)
-    [[ $ipa_build_images =~ ^true$ ]]
+    to_bool "$ipa_build_images"
 }
 
 function is_ironic_enabled {
     ironic_enabled=$(kayobe configuration dump --host controllers[0] --var-name kolla_enable_ironic)
-    [[ $ironic_enabled =~ ^true$ ]]
+    to_bool "$ironic_enabled"
 }
 
 function is_overcloud_host_image_built_by_dib {
     overcloud_dib_build_host_images=$(kayobe configuration dump --host controllers[0] --var-name overcloud_dib_build_host_images)
-    [[ $overcloud_dib_build_host_images =~ ^true$ ]]
+    to_bool "$overcloud_dib_build_host_images"
+}
+
+function is_cinder_enabled {
+    flag="$(run_kayobe configuration dump --host controllers[0] --var-name kolla_enable_cinder)"
+    to_bool "$flag"
 }
 
 function environment_setup {
@@ -854,11 +859,6 @@ function to_bool {
     fi
 }
 
-function is_cinder_enabled {
-    flag="$(run_kayobe configuration dump --host controllers[0] --var-name kolla_enable_cinder)"
-    to_bool "$flag"
-}
-
 function configure_iptables {
     # NOTE(wszumski): adapted from the ironic devstack plugin, see:
     # https://github.com/openstack/ironic/blob/36e87dc5b472d79470b783fbba9ce396e3cbb96e/devstack/lib/ironic#L2132

@@ -595,27 +595,35 @@ variable, if present. The file is generated to
 ``$KAYOBE_CONFIG_PATH/kolla/passwords.yml``, and should be stored along with
 other Kayobe configuration files. This file should not be manually modified.
 
-``kolla_ansible_custom_passwords``
-    Dictionary containing custom passwords to add or override in the Kolla
-    passwords file. Default is ``{{ kolla_ansible_default_custom_passwords
-    }}``, which contains SSH keys for use by Kolla Ansible and Bifrost.
-
 Configuring Custom Passwords
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-In order to write additional passwords to ``passwords.yml``, set the kayobe
-variable ``kolla_ansible_custom_passwords`` in
-``$KAYOBE_CONFIG_PATH/kolla.yml``.
+The following variables are used to configure custom passwords:
+
+* ``kolla_ansible_default_custom_passwords``: Dictionary containing default
+  custom passwords, required by Kolla Ansible. Contains SSH keys authorized by
+  kolla user on Kolla hosts, SSH keys authorized in hosts deployed by Bifrost,
+  Docker Registry password and compute libVirt custom passwords.
+* ``kolla_ansible_extra_custom_passwords``: Dictionary containing extra custom
+  passwords to add or override in the Kolla passwords file. Default is an empty
+  dictionary.
+* ``kolla_ansible_custom_passwords``: Dictionary containing custom passwords to
+  add or override in the Kolla passwords file. Default is the combination of
+  the ``kolla_ansible_default_custom_passwords`` and
+  ``kolla_ansible_extra_custom_passwords``.
+
+In this example we add our own ``my_custom_password`` and override
+``keystone_admin_password``:
 
 .. code-block:: yaml
    :caption: ``$KAYOBE_CONFIG_PATH/kolla.yml``
 
    ---
-   # Dictionary containing custom passwords to add or override in the Kolla
-   # passwords file.
-   kolla_ansible_custom_passwords: >
-     {{ kolla_ansible_default_custom_passwords |
-        combine({'my_custom_password': 'correcthorsebatterystaple'}) }}
+   # Dictionary containing extra custom passwords to add or override in the
+   # Kolla passwords file.
+   kolla_ansible_extra_custom_passwords:
+     my_custom_password: 'correcthorsebatterystaple'
+     keystone_admin_password: 'superduperstrongpassword'
 
 Control Plane Services
 ======================

@@ -449,6 +449,10 @@
 # Kolla passwords file.
 #kolla_ansible_default_custom_passwords:
 
+# Dictionary containing extra custom passwords to add or override in the Kolla
+# passwords file.
+#kolla_ansible_extra_custom_passwords:
+
 # Dictionary containing custom passwords to add or override in the Kolla
 # passwords file.
 #kolla_ansible_custom_passwords:

@@ -0,0 +1,14 @@
+---
+fixes:
+  - |
+    Fixes an issue when user forgot to combine
+    ``kolla_ansible_custom_passwords``,
+    ``kolla_ansible_default_custom_passwords`` and own dictionary with custom
+    passwords in configuration files. Now
+    ``kolla_ansible_extra_custom_passwords`` should provide only user custom
+    passwords to add or override in the passwords.yml.
+upgrade:
+  - |
+    Now no need to combine ``kolla_ansible_default_custom_passwords`` and
+    ``kolla_ansible_custom_passwords`` in your custom configuration. Just use
+    ``kolla_ansible_extra_custom_passwords`` to add or override passwords.