Move token generation to ansible

[BillAnastasiadis]

This pr enables qe-sap-deployment to generate the SAS token in ansible when it is not defined in the config.yaml. It requires providing the key name for the generation of the token. It can be used both for manual deployments (by providing the key name instead of the generated key) and openqa runs (if the key is provided as a setting instead of the generated SAS token).

• Related ticket: https://jira.suse.com/browse/TEAM-9540
• Verification Runs:
  With token generated in openqa and 'QESAPDEPLOY_HANA_KENAME not set:
  https://openqaworker15.qa.suse.cz/tests/295828
  Without token generated in openqa and QESAPDEPLOY_HANA_KEYNAME set as an openqa variable:
  https://openqaworker15.qa.suse.cz/tests/296013

[alvarocarvajald]

Seems QESAPDEPLOY_HANA_KEYNAME was set in both verification runs. Not sure if that has an impact though.

[alvarocarvajald]

LGTM. But I have a question.

[alvarocarvajald]

I guess 20 minutes is enough in a normal deployment, but what happens when it fails and we need to re-deploy? A new token will be generated?

[mpagot]

Good point! We could make it configurable. On the other hand token is not needed across all the test or even not across all the deployment. Token just needs to be valid during installer download Ansible task in same playbook

[BillAnastasiadis]

Hmmm you are correct. I will increase it and run a final VR, merging automatically if it passes since there are 2 approvals

[mpagot]

Seems QESAPDEPLOY_HANA_KEYNAME was set in both verification runs. Not sure if that has an impact though.

It's fine to do... after this PR we can move to a new situation where we only have QESAPDEPLOY_HANA_KEYNAME

[mpagot]

LGTM

[mpagot]

We should also update the documentation and example files to explain and suggesting the usage of the new key approach. One file to be updated is https://github.com/SUSE/qe-sap-deployment/pull/263/files#diff-4cd7c4907a755b045fd47cc82f36e9d7f1b39cd595156a707502729220d5398aR49