Use Password Generation provided by the Mistral workflows

Password generation was recently added to tripleo-common and the Mistral workflows. This patch removes the generation code from tripleoclient as it is no longer needed. Closes-Bug: #1632013 Co-Authored-By: Dougal Matthews <dougal@redhat.com> Depends-On: I94428d1deb000c65a1c0266d01f660b76d4a3ee5 Depends-On: I186217fd0e1125519149763e610d3efdff583388 Change-Id: Ibe76a40b4d19219aa8e4fc72ddde519ea6f6d2ba
2016-09-14 14:56:26 -04:00 · 2016-09-14 14:56:26 -04:00 · 1969ccff64
parent 846e7f35d4
commit 1969ccff64
6 changed files with 88 additions and 305 deletions
--- a/tripleoclient/tests/test_utils.py
+++ b/tripleoclient/tests/test_utils.py
@ -27,132 +27,6 @@ from tripleoclient.tests.v1.utils import (
 from tripleoclient import utils
 class TestPasswordsUtil(TestCase):
    @mock.patch("os.path.isfile", return_value=False)
    @mock.patch("passlib.utils.generate_password",
                return_value="PASSWORD")
    @mock.patch("tripleoclient.utils.create_cephx_key",
                return_value="CEPHX_KEY")
    @mock.patch("tripleoclient.utils.create_keystone_credential",
                return_value="PASSWORD")
    def test_generate_passwords(self, create_keystone_creds_mock,
                                create_cephx_key_mock, generate_password_mock,
                                isfile_mock):
        mock_open = mock.mock_open()
        with mock.patch('six.moves.builtins.open', mock_open):
            passwords = utils.generate_overcloud_passwords(
                create_password_file=True)
        mock_calls = [
            mock.call('NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n'),
            mock.call('OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_ADMIN_TOKEN=PASSWORD\n'),
            mock.call('OVERCLOUD_AODH_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_BARBICAN_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_CEILOMETER_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_CEILOMETER_SECRET=PASSWORD\n'),
            mock.call('OVERCLOUD_CEPH_ADMIN_KEY=CEPHX_KEY\n'),
            mock.call('OVERCLOUD_CEPH_CLIENT_KEY=CEPHX_KEY\n'),
            mock.call('OVERCLOUD_CEPH_MON_KEY=CEPHX_KEY\n'),
            mock.call('OVERCLOUD_CEPH_RGW_KEY=CEPHX_KEY\n'),
            mock.call('OVERCLOUD_CINDER_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_DEMO_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_GLANCE_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_GNOCCHI_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_HAPROXY_STATS_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_HEAT_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_IRONIC_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_KEYSTONE_CREDENTIALS_0=PASSWORD\n'),
            mock.call('OVERCLOUD_KEYSTONE_CREDENTIALS_1=PASSWORD\n'),
            mock.call('OVERCLOUD_MANILA_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_MISTRAL_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_MYSQL_CLUSTERCHECK_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_NOVA_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_REDIS_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_SWIFT_HASH=PASSWORD\n'),
            mock.call('OVERCLOUD_SWIFT_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_TROVE_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_ZAQAR_PASSWORD=PASSWORD\n'),
        ]
        self.assertEqual(sorted(mock_open().write.mock_calls), mock_calls)
        self.assertEqual(generate_password_mock.call_count +
                         create_keystone_creds_mock.call_count +
                         create_cephx_key_mock.call_count, len(mock_calls))
        self.assertEqual(len(passwords), len(mock_calls))
    def test_generate_passwords_update(self):
        mock_open = mock.mock_open()
        with mock.patch('six.moves.builtins.open', mock_open):
            with self.assertRaises(exceptions.PasswordFileNotFound):
                utils.generate_overcloud_passwords()
    @mock.patch("os.path.isfile", return_value=True)
    @mock.patch("passlib.utils.generate_password",
                return_value="PASSWORD")
    @mock.patch("tripleoclient.utils.create_cephx_key",
                return_value="CEPHX_KEY")
    @mock.patch("tripleoclient.utils.create_keystone_credential",
                return_value="PASSWORD")
    def test_load_passwords(self, create_keystone_creds_mock,
                            create_cephx_key_mock, generate_password_mock,
                            isfile_mock):
        PASSWORDS = [
            'OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n',
            'OVERCLOUD_ADMIN_TOKEN=PASSWORD\n',
            'OVERCLOUD_AODH_PASSWORD=PASSWORD\n',
            'OVERCLOUD_BARBICAN_PASSWORD=PASSWORD\n',
            'OVERCLOUD_CEILOMETER_PASSWORD=PASSWORD\n',
            'OVERCLOUD_CEILOMETER_SECRET=PASSWORD\n',
            'OVERCLOUD_CEPH_ADMIN_KEY=CEPHX_KEY\n',
            'OVERCLOUD_CEPH_CLIENT_KEY=CEPHX_KEY\n',
            'OVERCLOUD_CEPH_MON_KEY=CEPHX_KEY\n',
            'OVERCLOUD_CEPH_RGW_KEY=CEPHX_KEY\n',
            'OVERCLOUD_CINDER_PASSWORD=PASSWORD\n',
            'OVERCLOUD_DEMO_PASSWORD=PASSWORD\n',
            'OVERCLOUD_GLANCE_PASSWORD=PASSWORD\n',
            'OVERCLOUD_GNOCCHI_PASSWORD=PASSWORD\n',
            'OVERCLOUD_HAPROXY_STATS_PASSWORD=PASSWORD\n',
            'OVERCLOUD_HEAT_PASSWORD=PASSWORD\n',
            'OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n',
            'OVERCLOUD_IRONIC_PASSWORD=PASSWORD\n',
            'OVERCLOUD_KEYSTONE_CREDENTIALS_0=PASSWORD\n',
            'OVERCLOUD_KEYSTONE_CREDENTIALS_1=PASSWORD\n',
            'OVERCLOUD_MANILA_PASSWORD=PASSWORD\n',
            'OVERCLOUD_MISTRAL_PASSWORD=PASSWORD\n',
            'OVERCLOUD_MYSQL_CLUSTERCHECK_PASSWORD=PASSWORD\n',
            'OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n',
            'OVERCLOUD_NOVA_PASSWORD=PASSWORD\n',
            'OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n',
            'OVERCLOUD_REDIS_PASSWORD=PASSWORD\n',
            'OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n',
            'OVERCLOUD_SWIFT_HASH=PASSWORD\n',
            'OVERCLOUD_SWIFT_PASSWORD=PASSWORD\n',
            'OVERCLOUD_TROVE_PASSWORD=PASSWORD\n',
            'OVERCLOUD_ZAQAR_PASSWORD=PASSWORD\n',
            'NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n',
        ]
        mock_open = mock.mock_open(read_data=''.join(PASSWORDS))
        mock_open.return_value.__iter__ = lambda self: self
        mock_open.return_value.__next__ = lambda self: self.readline()
        with mock.patch('six.moves.builtins.open', mock_open):
            passwords = utils.generate_overcloud_passwords()
        generate_password_mock.assert_not_called()
        self.assertEqual(len(passwords), len(PASSWORDS))
        for name in utils._PASSWORD_NAMES:
            self.assertEqual('PASSWORD', passwords[name])
 class TestCheckHypervisorUtil(TestCase):
    def test_check_hypervisor_stats(self):
@ -460,9 +334,11 @@ class TestCreateOvercloudRC(TestCase):
        tempdir = tempfile.mkdtemp()
        rcfile = os.path.join(tempdir, 'teststackrc')
        rcfile_v3 = os.path.join(tempdir, 'teststackrc.v3')
        mock_clients = mock.Mock()
        try:
-            utils.create_overcloudrc(stack=stack,
+            utils.create_overcloudrc(clients=mock_clients,
                                     stack=stack,
                                     no_proxy='127.0.0.1',
                                     config_directory=tempdir)
            rc = open(rcfile, 'rt').read()
--- a/tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py
+++ b/tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py
@ -499,11 +499,9 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
        mock_create_tempest_deployer_input.assert_called_with()
    @mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
                'set_overcloud_passwords', autospec=True)
    @mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
                '_deploy_tripleo_heat_templates', autospec=True)
-    def test_missing_sat_url(self, mock_deploy_tht, mock_set_ov_passwords):
+    def test_missing_sat_url(self, mock_deploy_tht):
        arglist = ['--templates', '--rhel-reg',
                   '--reg-method', 'satellite', '--reg-org', '123456789',
@ -635,8 +633,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
    @mock.patch('tripleoclient.utils.create_tempest_deployer_input',
                autospec=True)
    @mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
                'set_overcloud_passwords', autospec=True)
    @mock.patch('tripleoclient.utils.create_overcloudrc', autospec=True)
    @mock.patch('tripleoclient.utils.get_overcloud_endpoint', autospec=True)
    @mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
@ -645,7 +641,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
    def test_rhel_reg_params_provided(self, mock_copytree, mock_deploy_tht,
                                      mock_oc_endpoint,
                                      mock_create_ocrc,
                                      mock_set_oc_passwords,
                                      mock_create_tempest_deployer_input):
        arglist = ['--templates', '--rhel-reg',
@ -950,8 +945,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
    @mock.patch('tripleoclient.utils.create_tempest_deployer_input',
                autospec=True)
    @mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
                'set_overcloud_passwords', autospec=True)
    @mock.patch('tripleoclient.utils.create_overcloudrc', autospec=True)
    @mock.patch('tripleoclient.utils.get_overcloud_endpoint', autospec=True)
    @mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
@ -959,7 +952,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
    def test_dry_run(self, mock_deploy_tht,
                     mock_oc_endpoint,
                     mock_create_ocrc,
                     mock_set_ov_passwords,
                     mock_create_tempest_deployer_input):
        arglist = ['--templates', '--dry-run']
@ -985,13 +977,10 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
    @mock.patch('tripleoclient.utils.get_overcloud_endpoint', autospec=True)
    @mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
                '_heat_deploy', autospec=True)
    @mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
                'set_overcloud_passwords', autospec=True)
    @mock.patch('shutil.copytree', autospec=True)
    @mock.patch('tempfile.mkdtemp', autospec=True)
    @mock.patch('shutil.rmtree', autospec=True)
    def test_answers_file(self, mock_rmtree, mock_tmpdir, mock_copy,
                          mock_set_overcloud_passwords,
                          mock_heat_deploy,
                          mock_oc_endpoint,
                          mock_create_ocrc,
--- a/tripleoclient/tests/v1/utils.py
+++ b/tripleoclient/tests/v1/utils.py
@ -13,11 +13,40 @@
 #   under the License.
 #
-from tripleoclient import utils
+_EXISTING_PASSWORDS = (
    'MistralPassword',
    'BarbicanPassword',
    'AdminPassword',
    'CeilometerMeteringSecret',
    'ZaqarPassword',
    'NovaPassword',
    'IronicPassword',
    'RedisPassword',
    'SaharaPassword',
    'AdminToken',
    'CinderPassword',
    'GlancePassword',
    'RabbitPassword',
    'CephAdminKey',
    'HAProxyStatsPassword',
    'TrovePassword',
    'CeilometerPassword',
    'GnocchiPassword',
    'HeatStackDomainAdminPassword',
    'CephRgwKey',
    'AodhPassword',
    'ManilaPassword',
    'NeutronMetadataProxySharedSecret',
    'CephMonKey',
    'SwiftHashSuffix',
    'SnmpdReadonlyUserPassword',
    'SwiftPassword',
    'HeatPassword',
    'MysqlClustercheckPassword',
    'CephClientKey',
    'NeutronPassword',
 )
-def generate_overcloud_passwords_mock():
+def generate_overcloud_passwords_mock(*args):
-    passwords = utils._PASSWORD_NAMES + utils._CEPH_PASSWORD_NAMES + \
+    return dict((password, 'password') for password in _EXISTING_PASSWORDS)
        utils._KEYSTONE_CREDENTIALS_NAME
    return dict((password, 'password') for password in passwords)
--- a/tripleoclient/utils.py
+++ b/tripleoclient/utils.py
@ -21,13 +21,13 @@ import json
 import logging
 import os
 import os.path
 import passlib.utils as passutils
 import six
 import socket
 import struct
 import subprocess
 import sys
 import time
 import uuid
 import yaml
 from heatclient.common import event_utils
@ -37,91 +37,20 @@ from six.moves import configparser
 from six.moves import urllib
 from tripleoclient import exceptions
-
+from tripleoclient.workflows import parameters
 _MIN_PASSWORD_SIZE = 25
 _PASSWORD_NAMES = (
    "OVERCLOUD_ADMIN_PASSWORD",
    "OVERCLOUD_ADMIN_TOKEN",
    "OVERCLOUD_AODH_PASSWORD",
    "OVERCLOUD_BARBICAN_PASSWORD",
    "OVERCLOUD_CEILOMETER_PASSWORD",
    "OVERCLOUD_CEILOMETER_SECRET",
    "OVERCLOUD_CINDER_PASSWORD",
    "OVERCLOUD_DEMO_PASSWORD",
    "OVERCLOUD_GLANCE_PASSWORD",
    "OVERCLOUD_GNOCCHI_PASSWORD",
    "OVERCLOUD_HAPROXY_STATS_PASSWORD",
    "OVERCLOUD_HEAT_PASSWORD",
    "OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD",
    "OVERCLOUD_IRONIC_PASSWORD",
    "OVERCLOUD_MANILA_PASSWORD",
    "OVERCLOUD_MISTRAL_PASSWORD",
    "OVERCLOUD_MYSQL_CLUSTERCHECK_PASSWORD",
    "OVERCLOUD_NEUTRON_PASSWORD",
    "OVERCLOUD_NOVA_PASSWORD",
    "OVERCLOUD_RABBITMQ_PASSWORD",
    "OVERCLOUD_REDIS_PASSWORD",
    "OVERCLOUD_SAHARA_PASSWORD",
    "OVERCLOUD_SWIFT_HASH",
    "OVERCLOUD_SWIFT_PASSWORD",
    "OVERCLOUD_TROVE_PASSWORD",
    "OVERCLOUD_ZAQAR_PASSWORD",
    "NEUTRON_METADATA_PROXY_SHARED_SECRET"
 )
 _CEPH_PASSWORD_NAMES = (
    "OVERCLOUD_CEPH_MON_KEY",
    "OVERCLOUD_CEPH_ADMIN_KEY",
    "OVERCLOUD_CEPH_CLIENT_KEY",
    "OVERCLOUD_CEPH_RGW_KEY"
 )
 _KEYSTONE_CREDENTIALS_NAME = (
    "OVERCLOUD_KEYSTONE_CREDENTIALS_0",
    "OVERCLOUD_KEYSTONE_CREDENTIALS_1"
 )
-def generate_overcloud_passwords(output_file="tripleo-overcloud-passwords",
+def generate_overcloud_passwords(clients, plan_name):
-                                 create_password_file=False):
+    """Retrieve passwords needed for the overcloud
    """Create the passwords needed for the overcloud
-    This will create the set of passwords required by the overcloud, store
+    This will retrieve the set of passwords required by the overcloud stored
-    them in the output file path and return a dictionary of passwords. If the
+    in the deployment plan and accessible via a workflow.
    file already exists the existing passwords will be returned instead,
    """
-
+    workflow_input = {
-    log = logging.getLogger(__name__ + ".generate_overcloud_passwords")
+        "container": plan_name,
-
+        "queue_name": str(uuid.uuid4()),
-    log.debug("Using password file: {0}".format(os.path.abspath(output_file)))
+    }
-
+    return parameters.get_overcloud_passwords(clients, **workflow_input)
    passwords = {}
    if os.path.isfile(output_file):
        with open(output_file) as f:
            passwords = dict(line.split('=', 1)
                             for line in f.read().splitlines())
    elif not create_password_file:
        raise exceptions.PasswordFileNotFound(
            "The password file could not be found!")
    for name in _PASSWORD_NAMES:
        if not passwords.get(name):
            passwords[name] = passutils.generate_password(
                size=_MIN_PASSWORD_SIZE)
    # CephX keys aren't random strings
    for name in _CEPH_PASSWORD_NAMES:
        if not passwords.get(name):
            passwords[name] = create_cephx_key()
    for name in _KEYSTONE_CREDENTIALS_NAME:
        if not passwords.get(name):
            passwords[name] = create_keystone_credential()
    with open(output_file, 'w') as f:
        for name, password in passwords.items():
            f.write("{0}={1}\n".format(name, password))
    return passwords
 def bracket_ipv6(address):
@ -151,7 +80,7 @@ def unbracket_ipv6(address):
    return address
-def create_overcloudrc(stack, no_proxy, config_directory='.'):
+def create_overcloudrc(clients, stack, no_proxy, config_directory='.'):
    """Given proxy settings and stack, create the overcloudrc
    stack: Heat stack containing the deployed overcloud
@ -176,7 +105,8 @@ def create_overcloudrc(stack, no_proxy, config_directory='.'):
                           'SSLContext object is not available"'),
    }
    rc_params.update({
-        'OS_PASSWORD': get_password('OVERCLOUD_ADMIN_PASSWORD'),
+        'OS_PASSWORD': get_password(clients, stack.stack_name,
                                    'AdminPassword'),
        'OS_AUTH_URL': overcloud_endpoint,
    })
@ -502,14 +432,14 @@ def get_endpoint(key, stack):
 __password_cache = None
-def get_password(pass_name):
+def get_password(clients, plan_name, pass_name):
-    """Retrieve a password by name, such as 'OVERCLOUD_ADMIN_PASSWORD'.
+    """Retrieve a password by name, such as 'AdminPassword'.
    Raises KeyError if password does not exist.
    """
    global __password_cache
    if __password_cache is None:
-        __password_cache = generate_overcloud_passwords()
+        __password_cache = generate_overcloud_passwords(clients, plan_name)
    return __password_cache[pass_name]
--- a/tripleoclient/v1/overcloud_deploy.py
+++ b/tripleoclient/v1/overcloud_deploy.py
@ -55,78 +55,11 @@ class DeployOvercloud(command.Command):
    predeploy_errors = 0
    predeploy_warnings = 0
    def set_overcloud_passwords(self, stack_is_new, parameters):
        """Add passwords to the parameters dictionary
        :param parameters: A dictionary for the passwords to be added to
        :type parameters: dict
        """
        undercloud_ceilometer_snmpd_password = utils.get_config_value(
            "auth", "undercloud_ceilometer_snmpd_password")
        if not undercloud_ceilometer_snmpd_password:
            self.log.warning("Undercloud ceilometer SNMPd password missing!")
        passwords = utils.generate_overcloud_passwords(
            create_password_file=stack_is_new)
        ceilometer_pass = passwords['OVERCLOUD_CEILOMETER_PASSWORD']
        ceilometer_secret = passwords['OVERCLOUD_CEILOMETER_SECRET']
        parameters['AdminPassword'] = passwords['OVERCLOUD_ADMIN_PASSWORD']
        parameters['AdminToken'] = passwords['OVERCLOUD_ADMIN_TOKEN']
        parameters['AodhPassword'] = passwords['OVERCLOUD_AODH_PASSWORD']
        parameters['BarbicanPassword'] = (
            passwords['OVERCLOUD_BARBICAN_PASSWORD'])
        parameters['CeilometerPassword'] = ceilometer_pass
        parameters['CeilometerMeteringSecret'] = ceilometer_secret
        parameters['CinderPassword'] = passwords[
            'OVERCLOUD_CINDER_PASSWORD']
        parameters['GlancePassword'] = passwords[
            'OVERCLOUD_GLANCE_PASSWORD']
        parameters['GnocchiPassword'] = passwords['OVERCLOUD_GNOCCHI_PASSWORD']
        parameters['HAProxyStatsPassword'] = passwords[
            'OVERCLOUD_HAPROXY_STATS_PASSWORD']
        parameters['HeatPassword'] = passwords['OVERCLOUD_HEAT_PASSWORD']
        parameters['HeatStackDomainAdminPassword'] = passwords[
            'OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD']
        parameters['IronicPassword'] = passwords['OVERCLOUD_IRONIC_PASSWORD']
        parameters['MistralPassword'] = passwords['OVERCLOUD_MISTRAL_PASSWORD']
        parameters['MysqlClustercheckPassword'] = passwords[
            'OVERCLOUD_MYSQL_CLUSTERCHECK_PASSWORD']
        parameters['NeutronPassword'] = passwords[
            'OVERCLOUD_NEUTRON_PASSWORD']
        parameters['NovaPassword'] = passwords['OVERCLOUD_NOVA_PASSWORD']
        parameters['RabbitPassword'] = passwords['OVERCLOUD_RABBITMQ_PASSWORD']
        parameters['RedisPassword'] = passwords['OVERCLOUD_REDIS_PASSWORD']
        parameters['SaharaPassword'] = (
            passwords['OVERCLOUD_SAHARA_PASSWORD'])
        parameters['SwiftHashSuffix'] = passwords['OVERCLOUD_SWIFT_HASH']
        parameters['SwiftPassword'] = passwords['OVERCLOUD_SWIFT_PASSWORD']
        parameters['SnmpdReadonlyUserPassword'] = (
            undercloud_ceilometer_snmpd_password)
        parameters['TrovePassword'] = (
            passwords['OVERCLOUD_TROVE_PASSWORD'])
        parameters['ZaqarPassword'] = passwords['OVERCLOUD_ZAQAR_PASSWORD']
        parameters['ManilaPassword'] = passwords['OVERCLOUD_MANILA_PASSWORD']
        parameters['NeutronMetadataProxySharedSecret'] = (
            passwords['NEUTRON_METADATA_PROXY_SHARED_SECRET'])
        parameters['CephMonKey'] = passwords['OVERCLOUD_CEPH_MON_KEY']
        parameters['CephAdminKey'] = passwords['OVERCLOUD_CEPH_ADMIN_KEY']
        parameters['CephClientKey'] = passwords['OVERCLOUD_CEPH_CLIENT_KEY']
        parameters['CephRgwKey'] = passwords['OVERCLOUD_CEPH_RGW_KEY']
        parameters['KeystoneCredential0'] = passwords[
            'OVERCLOUD_KEYSTONE_CREDENTIALS_0']
        parameters['KeystoneCredential1'] = passwords[
            'OVERCLOUD_KEYSTONE_CREDENTIALS_1']
    def _update_parameters(self, args, network_client, stack):
        parameters = {}
        stack_is_new = stack is None
        self.log.debug("Generating overcloud passwords")
        self.set_overcloud_passwords(stack_is_new, parameters)
        timestamp = int(time.time())
        parameters['DeployIdentifier'] = timestamp
        parameters['UpdateIdentifier'] = ''
@ -578,7 +511,7 @@ class DeployOvercloud(command.Command):
        keystone_client = clients.get_keystone_client(
            'admin',
-            utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
+            utils.get_password(stack.stack_name, 'AdminPassword'),
            'admin',
            overcloud_endpoint)
@ -616,11 +549,13 @@ class DeployOvercloud(command.Command):
                admin_port = endpoint_map.get('KeystoneAdmin').get('port')
                internal_port = endpoint_map.get(
                    'KeystoneInternal').get('port')
            # TODO(rbrady): check usages of get_password
            keystone.initialize(
                keystone_admin_ip,
-                utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
+                utils.get_password(stack.stack_name, 'AdminToken'),
                'admin@example.com',
-                utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
+                utils.get_password(stack.stack_name, 'AdminPassword'),
                ssl=keystone_tls_host,
                public=overcloud_ip_or_fqdn,
                user=parsed_args.overcloud_ssh_user,
@ -670,8 +605,8 @@ class DeployOvercloud(command.Command):
        service_data = {}
        password_field = data.get('password_field')
        if password_field:
-            service_data['password'] = utils.get_password(
+            service_data['password'] = utils.get_password(stack.stack_name,
-                password_field)
+                                                          password_field)
        # Set internal endpoint
        service_name_internal = self._format_endpoint_name(service, 'internal')
@ -1226,7 +1161,7 @@ class DeployOvercloud(command.Command):
        # Force fetching of attributes
        stack.get()
-        utils.create_overcloudrc(stack, parsed_args.no_proxy)
+        utils.create_overcloudrc(clients, stack, parsed_args.no_proxy)
        utils.create_tempest_deployer_input()
        # Run postconfig on create or force. Use force to makes sure endpoints
--- a/tripleoclient/workflows/parameters.py
+++ b/tripleoclient/workflows/parameters.py
@ -21,3 +21,27 @@ def update_parameters(workflow_client, **input_):
 def reset_parameters(workflow_client, **input_):
    return base.call_action(workflow_client, 'tripleo.parameters.reset',
                            **input_)
 def get_overcloud_passwords(clients, **workflow_input):
    """Retrieves overcloud passwords from a plan via a workflow
    :param clients:
    :param workflow_input:
    :return:
    """
    workflow_client = clients.workflow_engine
    tripleoclients = clients.tripleoclient
    queue_name = workflow_input['queue_name']
    execution = base.start_workflow(
        workflow_client,
        'tripleo.plan_management.v1.get_passwords',
        workflow_input=workflow_input
    )
    with tripleoclients.messaging_websocket(queue_name) as ws:
        message = ws.wait_for_message(execution.id)
        assert message['status'] == "SUCCESS"
        return message['message']