dell · Aditya-DP · Mar 3, 2025 · Mar 3, 2025 · Mar 3, 2025 · Mar 3, 2025
diff --git a/utils/credential_utility/get_config_credentials.yml b/utils/credential_utility/get_config_credentials.yml
@@ -0,0 +1,43 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+
+- name: Include input project directory
+  when: not project_dir_status | default(false) | bool
+  ansible.builtin.import_playbook: ../include_input_dir.yml
+  tags: always
+
+- name: Include validation include_tasks
+  hosts: localhost
+  connection: local
+  roles:
+    - validation
+  tags: always
+
+- name: Create omnia_credential_config
+  hosts: localhost
+  connection: local
+  roles:
+    - role: create_config
+      when: not cred_file_status
+  tags: always
+
+
+- name: Fetch and update credentials in config file
+  hosts: localhost
+  connection: local
+  roles:
+    - update_config
+  tags: always
diff --git a/utils/credential_utility/roles/create_config/tasks/main.yml b/utils/credential_utility/roles/create_config/tasks/main.yml
@@ -0,0 +1,25 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Create Omnia Credentials file
+  ansible.builtin.template:
+    src: "{{ omnia_credential_template }}"
+    dest: "{{ omnia_credential_file }}"
+    mode: "{{ omnia_credential_file_mode }}"
+
+- name: Include omnia_credentials.yml
+  ansible.builtin.include_vars: "{{ omnia_credential_file }}"
+  register: include_omnia_credentials
+  no_log: true
diff --git a/utils/credential_utility/roles/create_config/templates/omnia_credential.j2 b/utils/credential_utility/roles/create_config/templates/omnia_credential.j2
@@ -0,0 +1,26 @@
+---
+
+# Provision credentials
+provision_password: ""
+bmc_username: ""  
+bmc_password: ""
+switch_snmp3_username: ""
+switch_snmp3_password: ""
+
+# Prepare_oim credentials
+postgresdb_password: ""
+pulp_password: ""
+docker_username: ""
+docker_password: ""
+
+#Omnia credentials
+mariadb_password: "password"
+
+# Security credentials
+openldap_db_username: "admin"
+openldap_db_password: ""
+openldap_config_username: "admin"
+openldap_config_password: ""
+openldap_monitor_password: ""
+kerberos_admin_password: ""
+directory_manager_password: ""
diff --git a/utils/credential_utility/roles/create_config/vars/main.yml b/utils/credential_utility/roles/create_config/vars/main.yml
@@ -0,0 +1,17 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+omnia_credential_template: "{{ role_path }}/templates/omnia_credential.j2"
+omnia_credential_file: "{{ input_project_dir }}/omnia_credentials.yml"
+omnia_credential_file_mode: 600
diff --git a/utils/credential_utility/roles/update_config/tasks/encrypt_credentials_file.yml b/utils/credential_utility/roles/update_config/tasks/encrypt_credentials_file.yml
@@ -0,0 +1,22 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Encrypt credentials file
+  block:
+    - name: Encrypt provision_config_credentials.yml
+      ansible.builtin.command: >-
+        ansible-vault encrypt {{ omnia_credential_file }}
+        --vault-password-file {{ omnia_credential_vault_path }}
+      changed_when: false
diff --git a/utils/credential_utility/roles/update_config/tasks/fetch_credentials.yml b/utils/credential_utility/roles/update_config/tasks/fetch_credentials.yml
@@ -0,0 +1,28 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Initialize mandatory credentials status
+  ansible.builtin.set_fact:
+    mandatory_credentials_status: false
+
+- name: Prompt to fetch Omnia credentials
+  ansible.builtin.include_tasks: "fetch_{{ type.key }}_credentials.yml"
+  loop: "{{ service.value | dict2items }}"
+  loop_control:
+    loop_var: type
+  when:
+    - service.key in software_names or service.key in ["provision", "prepare_oim","local_repo"]
+    - (omnia_run_tags | default([]) | difference(['all']) | length == 0)
+      or service.key in (omnia_run_tags | default([]))
diff --git a/utils/credential_utility/roles/update_config/tasks/fetch_default_credentials.yml b/utils/credential_utility/roles/update_config/tasks/fetch_default_credentials.yml
@@ -0,0 +1,24 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Notify user about default inputs
+  ansible.builtin.debug:
+    msg: "{{ default_warning_msg }}"
+
+- name: Fetch default credentials
+  ansible.builtin.include_tasks: prompt_credentials.yml
+  loop: "{{ type.value | dict2items }}"
+  loop_control:
+    loop_var: field
diff --git a/utils/credential_utility/roles/update_config/tasks/fetch_mandatory_credentials.yml b/utils/credential_utility/roles/update_config/tasks/fetch_mandatory_credentials.yml
@@ -0,0 +1,32 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Set mandatory credentials status
+  ansible.builtin.set_fact:
+    mandatory_credentials_status: true
+
+- name: Notify user about mandatory inputs
+  ansible.builtin.debug:
+    msg: "{{ mandatory_warning_msg }}"
+
+- name: Fetch mandatory credentials
+  ansible.builtin.include_tasks: prompt_credentials.yml
+  loop: "{{ type.value | dict2items }}"
+  loop_control:
+    loop_var: field
+
+- name: Reset mandatory credentials status
+  ansible.builtin.set_fact:
+    mandatory_credentials_status: false
diff --git a/utils/credential_utility/roles/update_config/tasks/fetch_optional_credentials.yml b/utils/credential_utility/roles/update_config/tasks/fetch_optional_credentials.yml
@@ -0,0 +1,24 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Notify user about optional inputs
+  ansible.builtin.debug:
+    msg: "{{ optional_warning_msg }}"
+
+- name: Fetch optional credentials
+  ansible.builtin.include_tasks: prompt_credentials.yml
+  loop: "{{ type.value | dict2items }}"
+  loop_control:
+    loop_var: field
diff --git a/utils/credential_utility/roles/update_config/tasks/fetch_password.yml b/utils/credential_utility/roles/update_config/tasks/fetch_password.yml
@@ -0,0 +1,61 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Fetch "{{ password }}" if empty # noqa name[template]
+  when:
+    - vars[password] is defined
+    - (vars[password] | length == 0) or (type.key == "default")
+  block:
+    - name: Prompt user for Password
+      ansible.builtin.pause:
+        prompt: "Enter [{{ type.key }}] - {{ password }}"
+        echo: false
+      register: password_input
+
+    - name: Validate mandatory password not empty
+      ansible.builtin.fail:
+        msg: "{{ mandatory_password_fail_msg }}"
+      when:
+        - mandatory_credentials_status
+        - password_input.user_input | length == 0
+
+    - name: Prompt user to confirm password
+      ansible.builtin.pause:
+        prompt: "Confirm [{{ type.key }}] - {{ password }}"
+        echo: false
+      register: confirm_password
+      when: password_input.user_input | length != 0
+
+    - name: Ensure passwords match
+      ansible.builtin.fail:
+        msg: "{{ password_match_fail_msg }}"
+      when:
+        - password_input.user_input | length != 0
+        - password_input.user_input != confirm_password.user_input
+
+    - name: Update vars file with entered password
+      ansible.builtin.lineinfile:
+        path: "{{ omnia_credential_file }}"
+        regexp: '^{{ password }}:'
+        line: "{{ password }}: \"{{ password_input.user_input }}\""
+      no_log: true
+      when: password_input.user_input | length != 0
+  rescue:
+    - name: Invalid Password provided
+      ansible.builtin.include_tasks: encrypt_credentials_file.yml
+
+    - name: Failed to credentials with entered password
+      ansible.builtin.fail:
+        msg: "{{ password_fail_msg }}"
diff --git a/utils/credential_utility/roles/update_config/tasks/fetch_username.yml b/utils/credential_utility/roles/update_config/tasks/fetch_username.yml
@@ -0,0 +1,47 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Fetch "{{ username }}" if empty # noqa name[template]
+  when:
+    - vars[username] is defined
+    - (vars[username] | length == 0) or (type.key == "default")
+  block:
+    - name: Prompt user for Username
+      ansible.builtin.pause:
+        prompt: "Enter the [{{ type.key }}] - {{ username }}:"
+      register: username_input
+
+    - name: Validate mandatory username not empty
+      ansible.builtin.fail:
+        msg: "{{ mandatory_credentials_msg }}"
+      when:
+        - mandatory_credentials_status
+        - password_input.user_input | length == 0
+
+    - name: Update vars file with entered username
+      ansible.builtin.lineinfile:
+        path: "{{ omnia_credential_file }}"
+        regexp: '^{{ username }}:'
+        line: "{{ username }}: \"{{ username_input.user_input }}\""
+      no_log: true
+      when: username_input.user_input | length != 0
+
+  rescue:
+    - name: Invalid Username provided
+      ansible.builtin.include_tasks: encrypt_credentials_file.yml
+
+    - name: Failed to credentials with entered username
+      ansible.builtin.fail:
+        msg: "{{ username_fail_msg }}"
diff --git a/utils/credential_utility/roles/update_config/tasks/main.yml b/utils/credential_utility/roles/update_config/tasks/main.yml
@@ -0,0 +1,32 @@
+# Copyright 2025 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Initialize list of tags
+  ansible.builtin.set_fact:
+    omnia_run_tags: "{{ ansible_run_tags | default([]) }}"
+  when: omnia_run_tags is not defined
+
+- name: Fetch omnia credentials
+  ansible.builtin.include_tasks: fetch_credentials.yml
+  loop: "{{ omnia_credentials | dict2items }}"
+  loop_control:
+    loop_var: service
+
+- name: Include updated credentials
+  ansible.builtin.include_vars: "{{ omnia_credential_file }}"
+  no_log: true
+
+- name: Encrypt omnia credentials config
+  ansible.builtin.include_tasks: encrypt_credentials_file.yml