{"id":846,"sha1":"8ddb41ec107b1f13e08979fcde03fc2f7ae4d1bd","playbook":{"id":4,"items":{"plays":32,"tasks":1505,"results":1497,"hosts":12,"files":487,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:57:07.871967Z","ended":"2025-12-08T14:21:54.049657Z","duration":"00:24:46.177690","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.11","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2015, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n- name: Check if fernet keys already exist\n  ansible.builtin.stat:\n    path: \"{{ keystone_fernet_tokens_key_repository }}/0\"\n  register: _fernet_keys\n\n- name: Check for fernet keys on all Keystone containers\n  ansible.builtin.find:\n    paths: \"{{ keystone_fernet_tokens_key_repository }}\"\n  when: not _fernet_keys.stat.exists\n  register: _fernet_key_list\n  delegate_to: \"{{ item }}\"\n  with_items: \"{{ groups['keystone_all'] }}\"\n\n- name: Identify hosts with existing fernet keys\n  ansible.builtin.set_fact:\n    existing_fernet_hosts: >-\n      {% set _var = [] -%}\n      {% for result in _fernet_key_list.results -%}\n      {%   if result.files is defined and (result.files | length) > 0 -%}\n      {%       if _var.append(result.item) -%}{% endif -%}\n      {%   endif -%}\n      {% endfor -%}\n      {{ _var }}\n  when: not _fernet_key_list is skipped\n\n- name: Copy the fernet key repository to the primary\n  ansible.builtin.command: >\n    rsync -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'\n          -avz\n          --delete\n          {{ keystone_system_user_name }}@{{ existing_fernet_hosts[0] }}:{{ keystone_fernet_tokens_key_repository }}/\n          {{ keystone_fernet_tokens_key_repository }}/\n  become: true\n  become_user: \"{{ keystone_system_user_name }}\"\n  changed_when: false\n  register: _fernet_keys_shared\n  when:\n    - existing_fernet_hosts is defined\n    - (existing_fernet_hosts | length) > 0\n  tags:\n    - skip_ansible_lint\n\n- name: Create fernet keys for Keystone # noqa: no-changed-when\n  ansible.builtin.command: >\n    {{ keystone_bin }}/keystone-manage fernet_setup\n                                       --keystone-user \"{{ keystone_system_user_name }}\"\n                                       --keystone-group \"{{ keystone_system_group_name }}\"\n  become: true\n  become_user: \"{{ keystone_system_user_name }}\"\n  when:\n    - not _fernet_keys.stat.exists\n    - _fernet_keys_shared is skipped\n\n- name: Rotate fernet keys for Keystone # noqa: no-changed-when\n  ansible.builtin.command: >\n    {{ keystone_bin }}/keystone-manage fernet_rotate\n                                       --keystone-user \"{{ keystone_system_user_name }}\"\n                                       --keystone-group \"{{ keystone_system_group_name }}\"\n  become: true\n  become_user: \"{{ keystone_system_user_name }}\"\n  when: _fernet_keys.stat.exists\n","created":"2025-12-08T13:59:51.602015Z","updated":"2025-12-08T13:59:51.602027Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_keystone/tasks/keystone_fernet_keys_create.yml"}