From 73abf0e57ee3aaeefa53eaf4fb7b1ed5f5c96933 Mon Sep 17 00:00:00 2001
From: Maksim Malchuk <maksim.malchuk@gmail.com>
Date: Fri, 14 Oct 2022 17:56:20 +0300
Subject: [PATCH] Fix an issue when user forgot combine custom passwords

Fixes an issue when user forgot to combine
'kolla_ansible_custom_passwords',
'kolla_ansible_default_custom_passwords' and own dictionary with
custom passwords in configuration files. Now
'kolla_ansible_extra_custom_passwords' should provide only user
custom passwords to add or override in the passwords.yml.

Change-Id: I4813a1f6ab9cb566596e806bd0ada6dff342d119
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
---
 ansible/inventory/group_vars/all/kolla        |  8 ++++-
 .../configuration/reference/kolla-ansible.rst | 34 ++++++++++++-------
 etc/kayobe/kolla.yml                          |  4 +++
 ...-passwords-overrides-065fd6bb8eb9689d.yaml | 14 ++++++++
 4 files changed, 46 insertions(+), 14 deletions(-)
 create mode 100644 releasenotes/notes/kolla-passwords-overrides-065fd6bb8eb9689d.yaml

diff --git a/ansible/inventory/group_vars/all/kolla b/ansible/inventory/group_vars/all/kolla
index e34613f3..111b539a 100644
--- a/ansible/inventory/group_vars/all/kolla
+++ b/ansible/inventory/group_vars/all/kolla
@@ -600,9 +600,15 @@ kolla_ansible_default_custom_passwords: >-
              if compute_libvirt_enabled | bool and compute_libvirt_enable_sasl | bool
              else {}) }}
 
+# Dictionary containing extra custom passwords to add or override in the Kolla
+# passwords file.
+kolla_ansible_extra_custom_passwords: {}
+
 # Dictionary containing custom passwords to add or override in the Kolla
 # passwords file.
-kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}"
+kolla_ansible_custom_passwords: >-
+  {{ kolla_ansible_default_custom_passwords |
+     combine(kolla_ansible_extra_custom_passwords) }}
 
 ###############################################################################
 # OpenStack API addresses.
diff --git a/doc/source/configuration/reference/kolla-ansible.rst b/doc/source/configuration/reference/kolla-ansible.rst
index 97f55c70..e300c8b5 100644
--- a/doc/source/configuration/reference/kolla-ansible.rst
+++ b/doc/source/configuration/reference/kolla-ansible.rst
@@ -595,27 +595,35 @@ variable, if present. The file is generated to
 ``$KAYOBE_CONFIG_PATH/kolla/passwords.yml``, and should be stored along with
 other Kayobe configuration files. This file should not be manually modified.
 
-``kolla_ansible_custom_passwords``
-    Dictionary containing custom passwords to add or override in the Kolla
-    passwords file. Default is ``{{ kolla_ansible_default_custom_passwords
-    }}``, which contains SSH keys for use by Kolla Ansible and Bifrost.
-
 Configuring Custom Passwords
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-In order to write additional passwords to ``passwords.yml``, set the kayobe
-variable ``kolla_ansible_custom_passwords`` in
-``$KAYOBE_CONFIG_PATH/kolla.yml``.
+The following variables are used to configure custom passwords:
+
+* ``kolla_ansible_default_custom_passwords``: Dictionary containing default
+  custom passwords, required by Kolla Ansible. Contains SSH keys authorized by
+  kolla user on Kolla hosts, SSH keys authorized in hosts deployed by Bifrost,
+  Docker Registry password and compute libVirt custom passwords.
+* ``kolla_ansible_extra_custom_passwords``: Dictionary containing extra custom
+  passwords to add or override in the Kolla passwords file. Default is an empty
+  dictionary.
+* ``kolla_ansible_custom_passwords``: Dictionary containing custom passwords to
+  add or override in the Kolla passwords file. Default is the combination of
+  the ``kolla_ansible_default_custom_passwords`` and
+  ``kolla_ansible_extra_custom_passwords``.
+
+In this example we add our own ``my_custom_password`` and override
+``keystone_admin_password``:
 
 .. code-block:: yaml
    :caption: ``$KAYOBE_CONFIG_PATH/kolla.yml``
 
    ---
-   # Dictionary containing custom passwords to add or override in the Kolla
-   # passwords file.
-   kolla_ansible_custom_passwords: >
-     {{ kolla_ansible_default_custom_passwords |
-        combine({'my_custom_password': 'correcthorsebatterystaple'}) }}
+   # Dictionary containing extra custom passwords to add or override in the
+   # Kolla passwords file.
+   kolla_ansible_extra_custom_passwords:
+     my_custom_password: 'correcthorsebatterystaple'
+     keystone_admin_password: 'superduperstrongpassword'
 
 Control Plane Services
 ======================
diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml
index 81e48c55..16ba1677 100644
--- a/etc/kayobe/kolla.yml
+++ b/etc/kayobe/kolla.yml
@@ -454,6 +454,10 @@
 # Kolla passwords file.
 #kolla_ansible_default_custom_passwords:
 
+# Dictionary containing extra custom passwords to add or override in the Kolla
+# passwords file.
+#kolla_ansible_extra_custom_passwords:
+
 # Dictionary containing custom passwords to add or override in the Kolla
 # passwords file.
 #kolla_ansible_custom_passwords:
diff --git a/releasenotes/notes/kolla-passwords-overrides-065fd6bb8eb9689d.yaml b/releasenotes/notes/kolla-passwords-overrides-065fd6bb8eb9689d.yaml
new file mode 100644
index 00000000..adc5318e
--- /dev/null
+++ b/releasenotes/notes/kolla-passwords-overrides-065fd6bb8eb9689d.yaml
@@ -0,0 +1,14 @@
+---
+fixes:
+  - |
+    Fixes an issue when user forgot to combine
+    ``kolla_ansible_custom_passwords``,
+    ``kolla_ansible_default_custom_passwords`` and own dictionary with custom
+    passwords in configuration files. Now
+    ``kolla_ansible_extra_custom_passwords`` should provide only user custom
+    passwords to add or override in the passwords.yml.
+upgrade:
+  - |
+    Now no need to combine ``kolla_ansible_default_custom_passwords`` and
+    ``kolla_ansible_custom_passwords`` in your custom configuration. Just use
+    ``kolla_ansible_extra_custom_passwords`` to add or override passwords.
-- 
GitLab