From 73427b9aa4eccc21c3a88a48a4f460a3fff5f5d6 Mon Sep 17 00:00:00 2001
From: Justin Wind <j.wind@partner.samsung.com>
Date: Mon, 24 Apr 2017 13:33:18 -0700
Subject: [PATCH] try to reuse quagga password

---
 ansible.cfg                        |  2 +-
 generate-ansible-vpcaccess-vars.sh | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/ansible.cfg b/ansible.cfg
index de5f2b3..03122cf 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -3,4 +3,4 @@ retry_files_enabled = False
 host_key_checking = False
 inventory = inventory
 remote_user = ec2-user
-private_key_file = keys/management.pem
+private_key_file = keys/management
diff --git a/generate-ansible-vpcaccess-vars.sh b/generate-ansible-vpcaccess-vars.sh
index 0a5d14a..e951308 100755
--- a/generate-ansible-vpcaccess-vars.sh
+++ b/generate-ansible-vpcaccess-vars.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 
 set -e
+set -o pipefail
 
 if [ $# -ne 2 ]
 then
@@ -14,6 +15,20 @@ cert="${1}_ca/pki/issued/${2}.${1}.crt"
 key="${1}_ca/pki/private/${2}.${1}.key"
 ta_secret="${1}_ca/pki/ta.key"
 
+# reuse any extant quagga password
+for v in "${1}"/group_vars/*vpcaccess*
+do
+	if [ -n "${quagga_password}" ]
+	then
+		echo "found multiple potential quagga passwords; the chosen one may not be correct" 1>&2
+	fi
+	quagga_password=$(awk '/QUAGGA_PASSWORD:/{print $2}' "${v}")
+done
+if [ -z "${quagga_password}" ]
+then
+	quagga_password=$(pwgen -y 16)
+fi
+
 function onlycert(){
 	sed -n '/-----BEGIN /,/-----END /p' "$@"
 }
@@ -23,7 +38,7 @@ function indent(){
 
 cat<<EOF
 ---
-QUAGGA_PASSWORD: $(pwgen -y 16)
+QUAGGA_PASSWORD: "${quagga_password}"
 ca_name: $1
 ca_cert: |
 $(indent "${ca_cert}")
-- 
2.43.2