
On Tue, 2018-09-04 at 10:49 +0200, Martin Kletzander wrote: s/manually/ourselves/ in the subject. [...]
def get_root_password_file(self): - root_pass_file = self._get_config_file("root-password") - root_hash_file = self._get_config_file(".root-password.hash") - - try: - with open(root_pass_file, "r") as infile: - root_pass = infile.readline().strip() - except Exception: - raise Error( - "Missing or invalid root password file ({})".format( - root_pass_file, - ) - ) - - # The hash will be different every time we run, but that doesn't - # matter - it will still validate the correct root password - root_hash = crypt.crypt(root_pass, Util.mksalt()) - - try: - with open(root_hash_file, "w") as infile: - infile.write("{}\n".format(root_hash)) - except Exception: - raise Error( - "Can't write hashed root password file ({})".format( - root_hash_file, - ) - ) - - return root_hash_file + return self._get_config_file("root-password")
This is a really nice improvement overall, but we can't quite get rid of the entire function: we still need to try and open the file, or at least stat() it, like we do in get_vault_password_file(), so that we can error out early instead of having Ansible bail out on us really late in the game. -- Andrea Bolognani / Red Hat / Virtualization