...
One way to ensure that your passwords are overridden is to pass in overrides when you are installing Open edX using Ansible. Ansible lets you pass in a file of overrides using the -e@/path/to/file.yml convention.
As of January 6February 2, 2017, we recommend that you override at least the following values https://gistraw.githubusercontent.com/edx/e0dconfiguration/b603381c076eb747fc807226ccf5486dmaster/rawplaybooks/f32af602a41394a26e4551bd9434a6fb5d1182f4sample_vars/passwordpasswords.yml
That file's contents look like so:
...
| Code Block |
|---|
# Ensure your instance is upgraded to the latest Xenial sudo apt-get update -y sudo apt-get upgrade -y reboot # Installed the edx_ansible role wget https://raw.githubusercontent.com/edx/configuration/master/util/install/ansible-bootstrap.sh -O - | sudo bash # Create passwords specific to your installation. Please consider that you'll need to share these across application nodes if you have multiple # The password files will be owned by root. cd /edx/app/edx_ansible/ sudo wget https://gistraw.githubusercontent.com/e0dedx/configuration/b603381c076eb747fc807226ccf5486dmaster/rawplaybooks/5745b7b20fb33cdce29cb9c7f755c575ac1dd379sample_vars/passwords.yml while IFS= read line; do REPLACE=$(LC_ALL=C < /dev/urandom tr -dc 'A-Za-z0-9' | head -c35) && echo "$line" | sed "s/\!\!null/\'$REPLACE\'/"; done < ./passwords.yml | sudo tee ./my-passwords.yml # Encrypt your environment specific secrets with Ansible vault. This step will prompt you to create a password # for accessing your encrypted data. It is IMPERATIVE that you do not lose or forget this password sudo /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-vault encrypt ./my-passwords.yml # Install the native installation using your encrypted passwords cd /edx/app/edx_ansible/edx_ansible/playbooks/ sudo /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-playbook -c local ./edx_sandbox.yml -i 'localhost,' -e@/edx/app/edx_ansible/my-passwords.yml --ask-vault-pass |
...