From c07d95e1afa690d8b4f28072f4d09aa760da91d8 Mon Sep 17 00:00:00 2001 From: Sayantani Goswami Date: Fri, 2 Dec 2016 23:25:29 -0600 Subject: [PATCH] Clean up kolla-ansible related files from Kolla - Remove globals.yml and passwords.yml files. - The gate was still using these files from the kolla directory. Modified the gate to prevent using these files from the kolla directory. - Modified the deploy_aio.sh file to populate passwords in passwords.yml using kolla-ansible. Change-Id: I1ed7849d54cab6d5a9217dced73327ea13f06636 Closes-Bug: #1653035 --- etc/kolla/.keep | 0 etc/kolla/globals.yml | 273 ------------------------------------ etc/kolla/passwords.yml | 154 -------------------- kolla/cmd/genpwd.py | 96 ------------- tools/deploy_aio.sh | 4 + tools/generate_passwords.py | 1 - tools/setup_gate.sh | 2 - 7 files changed, 4 insertions(+), 526 deletions(-) create mode 100644 etc/kolla/.keep delete mode 100644 etc/kolla/globals.yml delete mode 100644 etc/kolla/passwords.yml delete mode 100755 kolla/cmd/genpwd.py delete mode 120000 tools/generate_passwords.py diff --git a/etc/kolla/.keep b/etc/kolla/.keep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml deleted file mode 100644 index c6dfdb6cc1..0000000000 --- a/etc/kolla/globals.yml +++ /dev/null @@ -1,273 +0,0 @@ ---- -# You can use this file to override _any_ variable throughout Kolla. -# Additional options can be found in the 'kolla/ansible/group_vars/all.yml' file. -# Default value of all the commented parameters are shown here, To override -# the default value uncomment the parameter and change its value. - -################### -# Kolla options -################### -# Valid options are [ COPY_ONCE, COPY_ALWAYS ] -#config_strategy: "COPY_ALWAYS" - -# Valid options are [ centos, oraclelinux, ubuntu ] -#kolla_base_distro: "centos" - -# Valid options are [ binary, source ] -#kolla_install_type: "binary" - -# Valid option is Docker repository tag -#openstack_release: "3.0.0" - -# Location of configuration overrides -#node_custom_config: "/etc/kolla/config" - -# This should be a VIP, an unused IP on your network that will float between -# the hosts running keepalived for high-availability. When running an All-In-One -# without haproxy and keepalived, this should be the first IP on your -# 'network_interface' as set in the Networking section below. -kolla_internal_vip_address: "10.10.10.254" - -# This is the DNS name that maps to the kolla_internal_vip_address VIP. By -# default it is the same as kolla_internal_vip_address. -#kolla_internal_fqdn: "{{ kolla_internal_vip_address }}" - -# This should be a VIP, an unused IP on your network that will float between -# the hosts running keepalived for high-availability. It defaults to the -# kolla_internal_vip_address, allowing internal and external communication to -# share the same address. Specify a kolla_external_vip_address to separate -# internal and external requests between two VIPs. -#kolla_external_vip_address: "{{ kolla_internal_vip_address }}" - -# The Public address used to communicate with OpenStack as set in the public_url -# for the endpoints that will be created. This DNS name should map to -# kolla_external_vip_address. -#kolla_external_fqdn: "{{ kolla_external_vip_address }}" - -#################### -# Docker options -#################### -# Below is an example of a private repository with authentication. Note the -# Docker registry password can also be set in the passwords.yml file. - -#docker_registry: "172.16.0.10:4000" -#docker_namespace: "companyname" -#docker_registry_username: "sam" -#docker_registry_password: "correcthorsebatterystaple" - - -############################### -# Neutron - Networking Options -############################### -# This interface is what all your api services will be bound to by default. -# Additionally, all vxlan/tunnel and storage network traffic will go over this -# interface by default. This interface must contain an IPv4 address. -# It is possible for hosts to have non-matching names of interfaces - these can -# be set in an inventory file per host or per group or stored separately, see -# http://docs.ansible.com/ansible/intro_inventory.html -# Yet another way to workaround the naming problem is to create a bond for the -# interface on all hosts and give the bond name here. Similar strategy can be -# followed for other types of interfaces. -#network_interface: "eth0" - -# These can be adjusted for even more customization. The default is the same as -# the 'network_interface'. These interfaces must contain an IPv4 address. -#kolla_external_vip_interface: "{{ network_interface }}" -#api_interface: "{{ network_interface }}" -#storage_interface: "{{ network_interface }}" -#cluster_interface: "{{ network_interface }}" -#tunnel_interface: "{{ network_interface }}" - -# This is the raw interface given to neutron as its external network port. Even -# though an IP address can exist on this interface, it will be unusable in most -# configurations. It is recommended this interface not be configured with any IP -# addresses for that reason. -#neutron_external_interface: "eth1" - -# Valid options are [ openvswitch, linuxbridge ] -#neutron_plugin_agent: "openvswitch" - - -#################### -# keepalived options -#################### -# Arbitrary unique number from 0..255 -#keepalived_virtual_router_id: "51" - - -#################### -# TLS options -#################### -# To provide encryption and authentication on the kolla_external_vip_interface, -# TLS can be enabled. When TLS is enabled, certificates must be provided to -# allow clients to perform authentication. -#kolla_enable_tls_external: "no" -#kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem" - - -#################### -# OpenStack options -#################### -# Use these options to set the various log levels across all OpenStack projects -# Valid options are [ True, False ] -#openstack_logging_debug: "False" - -# Valid options are [ novnc, spice ] -#nova_console: "novnc" - -# OpenStack services can be enabled or disabled with these options -#enable_aodh: "no" -#enable_barbican: "no" -#enable_ceilometer: "no" -#enable_central_logging: "no" -#enable_ceph: "no" -#enable_ceph_rgw: "no" -#enable_cinder: "no" -#enable_cinder_backend_iscsi: "no" -#enable_cinder_backend_lvm: "no" -#enable_cinder_backend_nfs: "no" -#enable_cloudkitty: "no" -#enable_congress: "no" -#enable_designate: "no" -#enable_etcd: "no" -#enable_gnocchi: "no" -#enable_grafana: "no" -#enable_heat: "yes" -#enable_horizon: "yes" -#enable_influxdb: "no" -#enable_ironic: "no" -#enable_kuryr: "no" -#enable_magnum: "no" -#enable_manila: "no" -#enable_manila_backend_generic: "no" -#enable_manila_backend_hnas: "no" -#enable_mistral: "no" -#enable_mongodb: "no" -#enable_murano: "no" -#enable_multipathd: "no" -#enable_neutron_dvr: "no" -#enable_neutron_lbaas: "no" -#enable_neutron_qos: "no" -#enable_neutron_agent_ha: "no" -#enable_neutron_vpnaas: "no" -#enable_rally: "no" -#enable_sahara: "no" -#enable_searchlight: "no" -#enable_senlin: "no" -#enable_swift: "no" -#enable_telegraf: "no" -#enable_tempest: "no" -#enable_watcher: "no" - -################### -# Ceph options -################### -# Ceph can be setup with a caching to improve performance. To use the cache you -# must provide separate disks than those for the OSDs -#ceph_enable_cache: "no" -# Valid options are [ forward, none, writeback ] -#ceph_cache_mode: "writeback" - -# A requirement for using the erasure-coded pools is you must setup a cache tier -# Valid options are [ erasure, replicated ] -#ceph_pool_type: "replicated" - - -############################## -# Keystone - Identity Options -############################## - -# Valid options are [ uuid, fernet ] -#keystone_token_provider: 'uuid' - -# Interval to rotate fernet keys by (in seconds). Must be an interval of -# 60(1 min), 120(2 min), 180(3 min), 240(4 min), 300(5 min), 360(6 min), -# 600(10 min), 720(12 min), 900(15 min), 1200(20 min), 1800(30 min), -# 3600(1 hour), 7200(2 hour), 10800(3 hour), 14400(4 hour), 21600(6 hour), -# 28800(8 hour), 43200(12 hour), 86400(1 day), 604800(1 week). -#fernet_token_expiry: 86400 - - -######################### -# Glance - Image Options -######################### -# Configure image back end. -#glance_backend_file: "yes" -#glance_backend_ceph: "no" - -####################### -# Ceilometer options -####################### -# Valid options are [ mongodb, mysql, gnocchi ] -#ceilometer_database_type: "mongodb" - - -####################### -# Gnocchi options -####################### -# Valid options are [ file, ceph ] -#gnocchi_backend_storage: "{{ 'ceph' if enable_ceph|bool else 'file' }}" - - -################################# -# Cinder - Block Storage Options -################################# -# Enable / disable Cinder backends -#cinder_backend_ceph: "{{ enable_ceph }}" - -#cinder_volume_group: "cinder-volumes" - - -######################### -# Nova - Compute Options -######################### -#nova_backend_ceph: "{{ enable_ceph }}" - - -############################## -# Horizon - Dashboard Options -############################## -#horizon_backend_database: "no" - - -####################################### -# Manila - Shared File Systems Options -####################################### -# HNAS backend configuration -#hnas_ip: -#hnas_user: -#hnas_password: -#hnas_evs_id: -#hnas_evs_ip: -#hnas_file_system_name: - -################################## -# Swift - Object Storage Options -################################## -# Swift expects block devices to be available for storage. Two types of storage -# are supported: 1 - storage device with a special partition name and filesystem -# label, 2 - unpartitioned disk with a filesystem. The label of this filesystem -# is used to detect the disk which Swift will be using. - -# Swift support two mathcing modes, valid options are [ prefix, strict ] -#swift_devices_match_mode: "strict" - -# This parameter defines matching pattern: if "strict" mode was selected, -# for swift_devices_match_mode then swift_device_name should specify the name of -# the special swift partition for example: "KOLLA_SWIFT_DATA", if "prefix" mode was -# selected then swift_devices_name should specify a pattern which would match to -# filesystems' labels prepared for swift. -#swift_devices_name: "KOLLA_SWIFT_DATA" - - -################################################ -# Tempest - The OpenStack Integration Test Suite -################################################ -# following value must be set when enable tempest -tempest_image_id: -tempest_flavor_ref_id: -tempest_public_network_id: -tempest_floating_network_name: - -# tempest_image_alt_id: "{{ tempest_image_id }}" -# tempest_flavor_ref_alt_id: "{{ tempest_flavor_ref_id }}" diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml deleted file mode 100644 index bde0a324d0..0000000000 --- a/etc/kolla/passwords.yml +++ /dev/null @@ -1,154 +0,0 @@ ---- -################### -# Ceph options -#################### -# These options must be UUID4 values in string format -# XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX -ceph_cluster_fsid: -rbd_secret_uuid: - -################### -# Database options -#################### -database_password: - -#################### -# Docker options -#################### -# This should only be set if you require a password for your Docker registry -docker_registry_password: - -#################### -# OpenStack options -#################### -aodh_database_password: -aodh_keystone_password: - -barbican_database_password: -barbican_keystone_password: - -keystone_admin_password: -keystone_database_password: - -grafana_database_password: -grafana_admin_password: - -glance_database_password: -glance_keystone_password: - -gnocchi_database_password: -gnocchi_keystone_password: - -kuryr_keystone_password: - -nova_database_password: -nova_api_database_password: -nova_keystone_password: - -neutron_database_password: -neutron_keystone_password: -metadata_secret: - -cinder_database_password: -cinder_keystone_password: - -cloudkitty_database_password: -cloudkitty_keystone_password: - -sahara_database_password: -sahara_keystone_password: - -designate_database_password: -designate_pool_manager_database_password: -designate_keystone_password: - -swift_keystone_password: -swift_hash_path_suffix: -swift_hash_path_prefix: - -heat_database_password: -heat_keystone_password: -heat_domain_admin_password: - -murano_database_password: -murano_keystone_password: - -ironic_database_password: -ironic_keystone_password: - -magnum_database_password: -magnum_keystone_password: - -mistral_database_password: -mistral_keystone_password: - -ceilometer_database_password: -ceilometer_keystone_password: - -watcher_database_password: -watcher_keystone_password: - -congress_database_password: -congress_keystone_password: - -rally_database_password: - -senlin_database_password: -senlin_keystone_password: - -horizon_secret_key: -horizon_database_password: - -telemetry_secret_key: - -manila_database_password: -manila_keystone_password: - -searchlight_keystone_password: - -memcache_secret_key: - -nova_ssh_key: - private_key: - public_key: - -kolla_ssh_key: - private_key: - public_key: - -keystone_ssh_key: - private_key: - public_key: - -bifrost_ssh_key: - private_key: - public_key: - -#################### -# Gnocchi options -#################### -gnocchi_project_id: -gnocchi_resource_id: -gnocchi_user_id: - -#################### -# RabbitMQ options -#################### -rabbitmq_password: -rabbitmq_cluster_cookie: - -#################### -# HAProxy options -#################### -haproxy_password: -keepalived_password: - -#################### -# Kibana options -#################### -kibana_password: - -#################### -# etcd options -#################### -etcd_cluster_token: diff --git a/kolla/cmd/genpwd.py b/kolla/cmd/genpwd.py deleted file mode 100755 index 3cc013ee3f..0000000000 --- a/kolla/cmd/genpwd.py +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/bin/env python - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import argparse -import os -import random -import string -import sys -import yaml - -from Crypto.PublicKey import RSA -from oslo_utils import uuidutils - -# NOTE(SamYaple): Update the search path to prefer PROJECT_ROOT as the source -# of packages to import if we are using local tools instead of -# pip installed kolla tools -PROJECT_ROOT = os.path.abspath(os.path.join( - os.path.dirname(os.path.realpath(__file__)), '../..')) -if PROJECT_ROOT not in sys.path: - sys.path.insert(0, PROJECT_ROOT) - - -def generate_RSA(bits=4096): - new_key = RSA.generate(bits, os.urandom) - private_key = new_key.exportKey("PEM") - public_key = new_key.publickey().exportKey("OpenSSH") - return private_key, public_key - - -def main(): - parser = argparse.ArgumentParser() - parser.add_argument( - '-p', '--passwords', type=str, - default=os.path.abspath('/etc/kolla/passwords.yml'), - help=('Path to the passwords yml file')) - - args = parser.parse_args() - passwords_file = os.path.expanduser(args.passwords) - - # These keys should be random uuids - uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid', - 'gnocchi_project_id', 'gnocchi_resource_id', - 'gnocchi_user_id'] - - # SSH key pair - ssh_keys = ['kolla_ssh_key', 'nova_ssh_key', - 'keystone_ssh_key', 'bifrost_ssh_key'] - - # If these keys are None, leave them as None - blank_keys = ['docker_registry_password'] - - # length of password - length = 40 - - with open(passwords_file, 'r') as f: - passwords = yaml.safe_load(f.read()) - - for k, v in passwords.items(): - if (k in ssh_keys and - (v is None - or v.get('public_key') is None - and v.get('private_key') is None)): - private_key, public_key = generate_RSA() - passwords[k] = { - 'private_key': private_key, - 'public_key': public_key - } - continue - if v is None: - if k in blank_keys and v is None: - continue - if k in uuid_keys: - passwords[k] = uuidutils.generate_uuid() - else: - passwords[k] = ''.join([ - random.SystemRandom().choice( - string.ascii_letters + string.digits) - for n in range(length) - ]) - - with open(passwords_file, 'w') as f: - f.write(yaml.dump(passwords, default_flow_style=False)) - -if __name__ == '__main__': - main() diff --git a/tools/deploy_aio.sh b/tools/deploy_aio.sh index e4db712881..bc3c032c9c 100755 --- a/tools/deploy_aio.sh +++ b/tools/deploy_aio.sh @@ -20,5 +20,9 @@ EOF openstack/kolla-ansible pushd "${KOLLA_ANSIBLE_DIR}" +# Copy configs +sudo cp -a etc/kolla /etc/ +# Generate passwords +sudo tools/generate_passwords.py ./tools/deploy_aio.sh "$KOLLA_BASE" "$KOLLA_TYPE" popd diff --git a/tools/generate_passwords.py b/tools/generate_passwords.py deleted file mode 120000 index e157963a38..0000000000 --- a/tools/generate_passwords.py +++ /dev/null @@ -1 +0,0 @@ -../kolla/cmd/genpwd.py \ No newline at end of file diff --git a/tools/setup_gate.sh b/tools/setup_gate.sh index dffcb69f91..7b73b991c0 100755 --- a/tools/setup_gate.sh +++ b/tools/setup_gate.sh @@ -22,8 +22,6 @@ function setup_config { tox -e genconfig # Copy configs sudo cp -a etc/kolla /etc/ - # Generate passwords - sudo tools/generate_passwords.py # Use Infra provided pypi. # Wheel package mirror may be not compatible. So do not enable it.