The passwords template file for generating randomized passwords

Cherry-picked from 5 commits, from PR's #3654 and #3670:

(cherry picked from commit 3df8af7f)

(cherry picked from commit 8cad356a)

(cherry picked from commit 2ef0aa42)

(cherry picked from commit 59b50c82)

(cherry picked from commit 00be986f)

playbooks/roles/rabbitmq/defaults/main.yml

@@ -9,11 +9,13 @@ rabbitmq_cfg_dir: "{{ COMMON_CFG_DIR }}/rabbitmq"
 rabbitmq_user: "rabbitmq"
 rabbitmq_group: "rabbitmq"
 
+RABBIT_ADMIN_PASSWORD: 'the example admin password'
+
 # Environment specific vars
 RABBIT_ERLANG_COOKIE: 'DEFAULT_COOKIE'
 RABBIT_USERS:
   - name: 'admin'
-    password: 'the example admin password'
+    password: "{{ RABBIT_ADMIN_PASSWORD }}"
   - name: 'edx'
     password: 'edx'
   - name: 'celery'

playbooks/sample_vars/password.yml

+# This file is used to generate overriden, unique secrets
+# for Open edX deployment environments
+# 
+# The current process is described here: https://openedx.atlassian.net/wiki/x/dQArCQ
+#
+
+ANALYTICS_API_EMAIL_HOST_PASSWORD: !!null
+ANALYTICS_PIPELINE_OUTPUT_DATABASE_PASSWORD: !!null
+ANALYTICS_SCHEDULE_MASTER_SSH_CREDENTIAL_PASSPHRASE: !!null
+COMMON_HTPASSWD_PASS: !!null
+COMMON_HTPASSWD_USER: !!null
+COMMON_MONGO_READ_ONLY_PASS: !!null
+COMMON_MYSQL_ADMIN_PASS: !!null
+COMMON_MYSQL_MIGRATE_PASS: !!null
+COMMON_MYSQL_READ_ONLY_PASS: !!null
+CREDENTIALS_MYSQL_PASSWORD: !!null
+DISCOVERY_EMAIL_HOST_PASSWORD: !!null
+DISCOVERY_MYSQL_PASSWORD: !!null
+ECOMMERCE_BROKER_PASSWORD: !!null
+ECOMMERCE_DATABASE_PASSWORD: !!null
+ECOMMERCE_WORKER_BROKER_PASSWORD: !!null
+EDXAPP_CELERY_PASSWORD: !!null
+EDXAPP_COMMENTS_SERVICE_KEY: '{{ FORUM_API_KEY }}'
+EDXAPP_EMAIL_HOST_PASSWORD: !!null
+EDXAPP_MYSQL_CSMH_PASSWORD: !!null
+EDXAPP_MYSQL_PASSWORD: !!null
+EDXAPP_MYSQL_PASSWORD_ADMIN: !!null
+EDXAPP_MYSQL_PASSWORD_READ_ONLY: !!null
+EDXAPP_MYSQL_REPLICA_PASSWORD: !!null
+
+EDXAPP_MYSQL_REPLICA_USER: "edxapp_replica001"
+EDXAPP_MYSQL_CSMH_USER: "edxapp_cmsh001"
+
+FLOWER_BROKER_PASSWORD: !!null
+FORUM_API_KEY: !!null
+HIVE_METASTORE_DATABASE_PASSWORD: !!null
+INSIGHTS_DATABASE_PASSWORD: !!null
+INSIGHTS_EMAIL_HOST_PASSWORD: !!null
+JENKINS_ANALYTICS_GITHUB_CREDENTIAL_PASSPHRASE: !!null
+JENKINS_ANALYTICS_USER_PASSWORD_PLAIN: !!null
+MARIADB_CLUSTER_PASSWORD_ADMIN: !!null
+MONGO_ADMIN_PASSWORD: !!null
+mongo_admin_password: '{{ MONGO_ADMIN_PASSWORD }}'
+NOTIFIER_COMMENT_SERVICE_API_KEY: '{{ FORUM_API_KEY }}'
+NOTIFIER_EMAIL_PASS: !!null
+NOTIFIER_USER_SERVICE_HTTP_AUTH_PASS: !!null
+POSTFIX_QUEUE_EXTERNAL_SMTP_PASSWORD: !!null
+PROGRAMS_DATABASE_PASSWORD: !!null
+REDIS_PASSWORD: !!null
+SPLUNKFORWARDER_PASSWORD: !!null
+SPLUNK_SMTP_PASSWORD: !!null
+SPLUNK_SSL_PASSWORD: !!null
+SWIFT_LOG_SYNC_PASSWORD: !!null
+XQUEUE_BASIC_AUTH_PASSWORD: !!null
+XQUEUE_BASIC_AUTH_USER: !!null
+XQUEUE_MYSQL_PASSWORD: !!null
+XQUEUE_RABBITMQ_PASS: !!null
+XSY_PASSWORD: !!null
+
+EDXAPP_MONGO_PASSWORD: !!null
+EDXAPP_MONGO_USER: 'edxapp'
+
+FORUM_MONGO_USER: "cs_comments_service"
+FORUM_MONGO_PASSWORD: !!null
+
+RABBIT_ADMIN_PASSWORD: !!null
+  
+# Secret keys for Django Applicatons
+ANALYTICS_API_SECRET_KEY: !!null #SECRET_KEY
+CREDENTIALS_SECRET_KEY: !!null #SECRET_KEY
+DISCOVERY_SECRET_KEY: !!null #SECRET_KEY
+ECOMMERCE_SECRET_KEY: !!null #SECRET_KEY
+EDX_NOTES_API_SECRET_KEY: !!null #SECRET_KEY
+EDXAPP_EDXAPP_SECRET_KEY: !!null #SECRET_KEY
+EDXAPP_PROFILE_IMAGE_SECRET_KEY:  !!null #SECRET_KEY
+INSIGHTS_SECRET_KEY: !!null #SECRET_KEY
+NOTIFIER_LMS_SECRET_KEY: !!null #SECRET_KEY
+PROGRAMS_SECRET_KEY: !!null #SECRET_KEY
+  
+MONGO_USERS:
+  - user: "{{ FORUM_MONGO_USER }}"
+    password: "{{ FORUM_MONGO_PASSWORD }}"
+    database: cs_comments_service
+    roles: readWrite
+  - user: "{{ EDXAPP_MONGO_USER }}"
+    password: "{{ EDXAPP_MONGO_PASSWORD }}"
+    database: edxapp
+    roles: readWrite
+
+RABBIT_USERS:
+  - name: 'admin'
+    password: "{{ RABBIT_ADMIN_PASSWORD }}"
+  - name: 'edx'
+    password: "{{ XQUEUE_RABBITMQ_PASS }}"
+  - name: 'celery'
+    password: "{{ EDXAPP_CELERY_PASSWORD }}"