Allow skipping sections when passwordstore is not available #2
Description
Many steps are safe to execute even without password store available. For example, basic-host can ensure the default root password is correctly set, but all other steps work fine without password store.
To prevent wide access to a password store or limiting the amount of users capable of running ansible availability of password store should be checked - either by decrypting a test password, or through explicit variable.
Based on that we should have three outcomes:
- if a single task can be skipped easily (like root password) it should just be skipped
- if a complete role can't be executed without passwords the role should check at the very beginning, and skip, if it's safely possible to do so
- if it's not safely possible to skip a role an error for that host should be reported.
The first two parts should be easy to implement, the last one might be a bit more tricky as the definition of 'safe' may depend on which other roles are supposed to be executed later on, or which hosts are selected for execution. For example, parts of a cluster setup can be safely skipped when touching only one host, but should not be skipped when running against the cluster host group.