Browse Source

Clean up kolla-ansible related files from Kolla

- Remove globals.yml and passwords.yml files.
- The gate was still using these files from the kolla
directory. Modified the gate to prevent using these files
from the kolla directory.
- Modified the deploy_aio.sh file to populate passwords
in passwords.yml using kolla-ansible.

Change-Id: I1ed7849d54cab6d5a9217dced73327ea13f06636
Closes-Bug: #1653035
changes/29/406429/13
Sayantani Goswami 5 years ago
committed by sayantani
parent
commit
c07d95e1af
  1. 0
      etc/kolla/.keep
  2. 273
      etc/kolla/globals.yml
  3. 154
      etc/kolla/passwords.yml
  4. 96
      kolla/cmd/genpwd.py
  5. 4
      tools/deploy_aio.sh
  6. 1
      tools/generate_passwords.py
  7. 2
      tools/setup_gate.sh

0
etc/kolla/.keep

273
etc/kolla/globals.yml

@ -1,273 +0,0 @@
---
# You can use this file to override _any_ variable throughout Kolla.
# Additional options can be found in the 'kolla/ansible/group_vars/all.yml' file.
# Default value of all the commented parameters are shown here, To override
# the default value uncomment the parameter and change its value.
###################
# Kolla options
###################
# Valid options are [ COPY_ONCE, COPY_ALWAYS ]
#config_strategy: "COPY_ALWAYS"
# Valid options are [ centos, oraclelinux, ubuntu ]
#kolla_base_distro: "centos"
# Valid options are [ binary, source ]
#kolla_install_type: "binary"
# Valid option is Docker repository tag
#openstack_release: "3.0.0"
# Location of configuration overrides
#node_custom_config: "/etc/kolla/config"
# This should be a VIP, an unused IP on your network that will float between
# the hosts running keepalived for high-availability. When running an All-In-One
# without haproxy and keepalived, this should be the first IP on your
# 'network_interface' as set in the Networking section below.
kolla_internal_vip_address: "10.10.10.254"
# This is the DNS name that maps to the kolla_internal_vip_address VIP. By
# default it is the same as kolla_internal_vip_address.
#kolla_internal_fqdn: "{{ kolla_internal_vip_address }}"
# This should be a VIP, an unused IP on your network that will float between
# the hosts running keepalived for high-availability. It defaults to the
# kolla_internal_vip_address, allowing internal and external communication to
# share the same address. Specify a kolla_external_vip_address to separate
# internal and external requests between two VIPs.
#kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
# The Public address used to communicate with OpenStack as set in the public_url
# for the endpoints that will be created. This DNS name should map to
# kolla_external_vip_address.
#kolla_external_fqdn: "{{ kolla_external_vip_address }}"
####################
# Docker options
####################
# Below is an example of a private repository with authentication. Note the
# Docker registry password can also be set in the passwords.yml file.
#docker_registry: "172.16.0.10:4000"
#docker_namespace: "companyname"
#docker_registry_username: "sam"
#docker_registry_password: "correcthorsebatterystaple"
###############################
# Neutron - Networking Options
###############################
# This interface is what all your api services will be bound to by default.
# Additionally, all vxlan/tunnel and storage network traffic will go over this
# interface by default. This interface must contain an IPv4 address.
# It is possible for hosts to have non-matching names of interfaces - these can
# be set in an inventory file per host or per group or stored separately, see
# http://docs.ansible.com/ansible/intro_inventory.html
# Yet another way to workaround the naming problem is to create a bond for the
# interface on all hosts and give the bond name here. Similar strategy can be
# followed for other types of interfaces.
#network_interface: "eth0"
# These can be adjusted for even more customization. The default is the same as
# the 'network_interface'. These interfaces must contain an IPv4 address.
#kolla_external_vip_interface: "{{ network_interface }}"
#api_interface: "{{ network_interface }}"
#storage_interface: "{{ network_interface }}"
#cluster_interface: "{{ network_interface }}"
#tunnel_interface: "{{ network_interface }}"
# This is the raw interface given to neutron as its external network port. Even
# though an IP address can exist on this interface, it will be unusable in most
# configurations. It is recommended this interface not be configured with any IP
# addresses for that reason.
#neutron_external_interface: "eth1"
# Valid options are [ openvswitch, linuxbridge ]
#neutron_plugin_agent: "openvswitch"
####################
# keepalived options
####################
# Arbitrary unique number from 0..255
#keepalived_virtual_router_id: "51"
####################
# TLS options
####################
# To provide encryption and authentication on the kolla_external_vip_interface,
# TLS can be enabled. When TLS is enabled, certificates must be provided to
# allow clients to perform authentication.
#kolla_enable_tls_external: "no"
#kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem"
####################
# OpenStack options
####################
# Use these options to set the various log levels across all OpenStack projects
# Valid options are [ True, False ]
#openstack_logging_debug: "False"
# Valid options are [ novnc, spice ]
#nova_console: "novnc"
# OpenStack services can be enabled or disabled with these options
#enable_aodh: "no"
#enable_barbican: "no"
#enable_ceilometer: "no"
#enable_central_logging: "no"
#enable_ceph: "no"
#enable_ceph_rgw: "no"
#enable_cinder: "no"
#enable_cinder_backend_iscsi: "no"
#enable_cinder_backend_lvm: "no"
#enable_cinder_backend_nfs: "no"
#enable_cloudkitty: "no"
#enable_congress: "no"
#enable_designate: "no"
#enable_etcd: "no"
#enable_gnocchi: "no"
#enable_grafana: "no"
#enable_heat: "yes"
#enable_horizon: "yes"
#enable_influxdb: "no"
#enable_ironic: "no"
#enable_kuryr: "no"
#enable_magnum: "no"
#enable_manila: "no"
#enable_manila_backend_generic: "no"
#enable_manila_backend_hnas: "no"
#enable_mistral: "no"
#enable_mongodb: "no"
#enable_murano: "no"
#enable_multipathd: "no"
#enable_neutron_dvr: "no"
#enable_neutron_lbaas: "no"
#enable_neutron_qos: "no"
#enable_neutron_agent_ha: "no"
#enable_neutron_vpnaas: "no"
#enable_rally: "no"
#enable_sahara: "no"
#enable_searchlight: "no"
#enable_senlin: "no"
#enable_swift: "no"
#enable_telegraf: "no"
#enable_tempest: "no"
#enable_watcher: "no"
###################
# Ceph options
###################
# Ceph can be setup with a caching to improve performance. To use the cache you
# must provide separate disks than those for the OSDs
#ceph_enable_cache: "no"
# Valid options are [ forward, none, writeback ]
#ceph_cache_mode: "writeback"
# A requirement for using the erasure-coded pools is you must setup a cache tier
# Valid options are [ erasure, replicated ]
#ceph_pool_type: "replicated"
##############################
# Keystone - Identity Options
##############################
# Valid options are [ uuid, fernet ]
#keystone_token_provider: 'uuid'
# Interval to rotate fernet keys by (in seconds). Must be an interval of
# 60(1 min), 120(2 min), 180(3 min), 240(4 min), 300(5 min), 360(6 min),
# 600(10 min), 720(12 min), 900(15 min), 1200(20 min), 1800(30 min),
# 3600(1 hour), 7200(2 hour), 10800(3 hour), 14400(4 hour), 21600(6 hour),
# 28800(8 hour), 43200(12 hour), 86400(1 day), 604800(1 week).
#fernet_token_expiry: 86400
#########################
# Glance - Image Options
#########################
# Configure image back end.
#glance_backend_file: "yes"
#glance_backend_ceph: "no"
#######################
# Ceilometer options
#######################
# Valid options are [ mongodb, mysql, gnocchi ]
#ceilometer_database_type: "mongodb"
#######################
# Gnocchi options
#######################
# Valid options are [ file, ceph ]
#gnocchi_backend_storage: "{{ 'ceph' if enable_ceph|bool else 'file' }}"
#################################
# Cinder - Block Storage Options
#################################
# Enable / disable Cinder backends
#cinder_backend_ceph: "{{ enable_ceph }}"
#cinder_volume_group: "cinder-volumes"
#########################
# Nova - Compute Options
#########################
#nova_backend_ceph: "{{ enable_ceph }}"
##############################
# Horizon - Dashboard Options
##############################
#horizon_backend_database: "no"
#######################################
# Manila - Shared File Systems Options
#######################################
# HNAS backend configuration
#hnas_ip:
#hnas_user:
#hnas_password:
#hnas_evs_id:
#hnas_evs_ip:
#hnas_file_system_name:
##################################
# Swift - Object Storage Options
##################################
# Swift expects block devices to be available for storage. Two types of storage
# are supported: 1 - storage device with a special partition name and filesystem
# label, 2 - unpartitioned disk with a filesystem. The label of this filesystem
# is used to detect the disk which Swift will be using.
# Swift support two mathcing modes, valid options are [ prefix, strict ]
#swift_devices_match_mode: "strict"
# This parameter defines matching pattern: if "strict" mode was selected,
# for swift_devices_match_mode then swift_device_name should specify the name of
# the special swift partition for example: "KOLLA_SWIFT_DATA", if "prefix" mode was
# selected then swift_devices_name should specify a pattern which would match to
# filesystems' labels prepared for swift.
#swift_devices_name: "KOLLA_SWIFT_DATA"
################################################
# Tempest - The OpenStack Integration Test Suite
################################################
# following value must be set when enable tempest
tempest_image_id:
tempest_flavor_ref_id:
tempest_public_network_id:
tempest_floating_network_name:
# tempest_image_alt_id: "{{ tempest_image_id }}"
# tempest_flavor_ref_alt_id: "{{ tempest_flavor_ref_id }}"

154
etc/kolla/passwords.yml

@ -1,154 +0,0 @@
---
###################
# Ceph options
####################
# These options must be UUID4 values in string format
# XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX
ceph_cluster_fsid:
rbd_secret_uuid:
###################
# Database options
####################
database_password:
####################
# Docker options
####################
# This should only be set if you require a password for your Docker registry
docker_registry_password:
####################
# OpenStack options
####################
aodh_database_password:
aodh_keystone_password:
barbican_database_password:
barbican_keystone_password:
keystone_admin_password:
keystone_database_password:
grafana_database_password:
grafana_admin_password:
glance_database_password:
glance_keystone_password:
gnocchi_database_password:
gnocchi_keystone_password:
kuryr_keystone_password:
nova_database_password:
nova_api_database_password:
nova_keystone_password:
neutron_database_password:
neutron_keystone_password:
metadata_secret:
cinder_database_password:
cinder_keystone_password:
cloudkitty_database_password:
cloudkitty_keystone_password:
sahara_database_password:
sahara_keystone_password:
designate_database_password:
designate_pool_manager_database_password:
designate_keystone_password:
swift_keystone_password:
swift_hash_path_suffix:
swift_hash_path_prefix:
heat_database_password:
heat_keystone_password:
heat_domain_admin_password:
murano_database_password:
murano_keystone_password:
ironic_database_password:
ironic_keystone_password:
magnum_database_password:
magnum_keystone_password:
mistral_database_password:
mistral_keystone_password:
ceilometer_database_password:
ceilometer_keystone_password:
watcher_database_password:
watcher_keystone_password:
congress_database_password:
congress_keystone_password:
rally_database_password:
senlin_database_password:
senlin_keystone_password:
horizon_secret_key:
horizon_database_password:
telemetry_secret_key:
manila_database_password:
manila_keystone_password:
searchlight_keystone_password:
memcache_secret_key:
nova_ssh_key:
private_key:
public_key:
kolla_ssh_key:
private_key:
public_key:
keystone_ssh_key:
private_key:
public_key:
bifrost_ssh_key:
private_key:
public_key:
####################
# Gnocchi options
####################
gnocchi_project_id:
gnocchi_resource_id:
gnocchi_user_id:
####################
# RabbitMQ options
####################
rabbitmq_password:
rabbitmq_cluster_cookie:
####################
# HAProxy options
####################
haproxy_password:
keepalived_password:
####################
# Kibana options
####################
kibana_password:
####################
# etcd options
####################
etcd_cluster_token:

96
kolla/cmd/genpwd.py

@ -1,96 +0,0 @@
#!/usr/bin/env python
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import argparse
import os
import random
import string
import sys
import yaml
from Crypto.PublicKey import RSA
from oslo_utils import uuidutils
# NOTE(SamYaple): Update the search path to prefer PROJECT_ROOT as the source
# of packages to import if we are using local tools instead of
# pip installed kolla tools
PROJECT_ROOT = os.path.abspath(os.path.join(
os.path.dirname(os.path.realpath(__file__)), '../..'))
if PROJECT_ROOT not in sys.path:
sys.path.insert(0, PROJECT_ROOT)
def generate_RSA(bits=4096):
new_key = RSA.generate(bits, os.urandom)
private_key = new_key.exportKey("PEM")
public_key = new_key.publickey().exportKey("OpenSSH")
return private_key, public_key
def main():
parser = argparse.ArgumentParser()
parser.add_argument(
'-p', '--passwords', type=str,
default=os.path.abspath('/etc/kolla/passwords.yml'),
help=('Path to the passwords yml file'))
args = parser.parse_args()
passwords_file = os.path.expanduser(args.passwords)
# These keys should be random uuids
uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid',
'gnocchi_project_id', 'gnocchi_resource_id',
'gnocchi_user_id']
# SSH key pair
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
'keystone_ssh_key', 'bifrost_ssh_key']
# If these keys are None, leave them as None
blank_keys = ['docker_registry_password']
# length of password
length = 40
with open(passwords_file, 'r') as f:
passwords = yaml.safe_load(f.read())
for k, v in passwords.items():
if (k in ssh_keys and
(v is None
or v.get('public_key') is None
and v.get('private_key') is None)):
private_key, public_key = generate_RSA()
passwords[k] = {
'private_key': private_key,
'public_key': public_key
}
continue
if v is None:
if k in blank_keys and v is None:
continue
if k in uuid_keys:
passwords[k] = uuidutils.generate_uuid()
else:
passwords[k] = ''.join([
random.SystemRandom().choice(
string.ascii_letters + string.digits)
for n in range(length)
])
with open(passwords_file, 'w') as f:
f.write(yaml.dump(passwords, default_flow_style=False))
if __name__ == '__main__':
main()

4
tools/deploy_aio.sh

@ -20,5 +20,9 @@ EOF
openstack/kolla-ansible
pushd "${KOLLA_ANSIBLE_DIR}"
# Copy configs
sudo cp -a etc/kolla /etc/
# Generate passwords
sudo tools/generate_passwords.py
./tools/deploy_aio.sh "$KOLLA_BASE" "$KOLLA_TYPE"
popd

1
tools/generate_passwords.py

@ -1 +0,0 @@
../kolla/cmd/genpwd.py

2
tools/setup_gate.sh

@ -22,8 +22,6 @@ function setup_config {
tox -e genconfig
# Copy configs
sudo cp -a etc/kolla /etc/
# Generate passwords
sudo tools/generate_passwords.py
# Use Infra provided pypi.
# Wheel package mirror may be not compatible. So do not enable it.

Loading…
Cancel
Save