Use Password Generation provided by the Mistral workflows
Password generation was recently added to tripleo-common and the Mistral workflows. This patch removes the generation code from tripleoclient as it is no longer needed. Closes-Bug: #1632013 Co-Authored-By: Dougal Matthews <dougal@redhat.com> Depends-On: I94428d1deb000c65a1c0266d01f660b76d4a3ee5 Depends-On: I186217fd0e1125519149763e610d3efdff583388 Change-Id: Ibe76a40b4d19219aa8e4fc72ddde519ea6f6d2ba
This commit is contained in:
parent
846e7f35d4
commit
1969ccff64
|
@ -27,132 +27,6 @@ from tripleoclient.tests.v1.utils import (
|
||||||
from tripleoclient import utils
|
from tripleoclient import utils
|
||||||
|
|
||||||
|
|
||||||
class TestPasswordsUtil(TestCase):
|
|
||||||
|
|
||||||
@mock.patch("os.path.isfile", return_value=False)
|
|
||||||
@mock.patch("passlib.utils.generate_password",
|
|
||||||
return_value="PASSWORD")
|
|
||||||
@mock.patch("tripleoclient.utils.create_cephx_key",
|
|
||||||
return_value="CEPHX_KEY")
|
|
||||||
@mock.patch("tripleoclient.utils.create_keystone_credential",
|
|
||||||
return_value="PASSWORD")
|
|
||||||
def test_generate_passwords(self, create_keystone_creds_mock,
|
|
||||||
create_cephx_key_mock, generate_password_mock,
|
|
||||||
isfile_mock):
|
|
||||||
|
|
||||||
mock_open = mock.mock_open()
|
|
||||||
|
|
||||||
with mock.patch('six.moves.builtins.open', mock_open):
|
|
||||||
passwords = utils.generate_overcloud_passwords(
|
|
||||||
create_password_file=True)
|
|
||||||
mock_calls = [
|
|
||||||
mock.call('NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_ADMIN_TOKEN=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_AODH_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_BARBICAN_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_CEILOMETER_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_CEILOMETER_SECRET=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_CEPH_ADMIN_KEY=CEPHX_KEY\n'),
|
|
||||||
mock.call('OVERCLOUD_CEPH_CLIENT_KEY=CEPHX_KEY\n'),
|
|
||||||
mock.call('OVERCLOUD_CEPH_MON_KEY=CEPHX_KEY\n'),
|
|
||||||
mock.call('OVERCLOUD_CEPH_RGW_KEY=CEPHX_KEY\n'),
|
|
||||||
mock.call('OVERCLOUD_CINDER_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_DEMO_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_GLANCE_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_GNOCCHI_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_HAPROXY_STATS_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_HEAT_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_IRONIC_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_KEYSTONE_CREDENTIALS_0=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_KEYSTONE_CREDENTIALS_1=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_MANILA_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_MISTRAL_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_MYSQL_CLUSTERCHECK_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_NOVA_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_REDIS_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_SWIFT_HASH=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_SWIFT_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_TROVE_PASSWORD=PASSWORD\n'),
|
|
||||||
mock.call('OVERCLOUD_ZAQAR_PASSWORD=PASSWORD\n'),
|
|
||||||
]
|
|
||||||
self.assertEqual(sorted(mock_open().write.mock_calls), mock_calls)
|
|
||||||
self.assertEqual(generate_password_mock.call_count +
|
|
||||||
create_keystone_creds_mock.call_count +
|
|
||||||
create_cephx_key_mock.call_count, len(mock_calls))
|
|
||||||
|
|
||||||
self.assertEqual(len(passwords), len(mock_calls))
|
|
||||||
|
|
||||||
def test_generate_passwords_update(self):
|
|
||||||
|
|
||||||
mock_open = mock.mock_open()
|
|
||||||
|
|
||||||
with mock.patch('six.moves.builtins.open', mock_open):
|
|
||||||
with self.assertRaises(exceptions.PasswordFileNotFound):
|
|
||||||
utils.generate_overcloud_passwords()
|
|
||||||
|
|
||||||
@mock.patch("os.path.isfile", return_value=True)
|
|
||||||
@mock.patch("passlib.utils.generate_password",
|
|
||||||
return_value="PASSWORD")
|
|
||||||
@mock.patch("tripleoclient.utils.create_cephx_key",
|
|
||||||
return_value="CEPHX_KEY")
|
|
||||||
@mock.patch("tripleoclient.utils.create_keystone_credential",
|
|
||||||
return_value="PASSWORD")
|
|
||||||
def test_load_passwords(self, create_keystone_creds_mock,
|
|
||||||
create_cephx_key_mock, generate_password_mock,
|
|
||||||
isfile_mock):
|
|
||||||
PASSWORDS = [
|
|
||||||
'OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_ADMIN_TOKEN=PASSWORD\n',
|
|
||||||
'OVERCLOUD_AODH_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_BARBICAN_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_CEILOMETER_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_CEILOMETER_SECRET=PASSWORD\n',
|
|
||||||
'OVERCLOUD_CEPH_ADMIN_KEY=CEPHX_KEY\n',
|
|
||||||
'OVERCLOUD_CEPH_CLIENT_KEY=CEPHX_KEY\n',
|
|
||||||
'OVERCLOUD_CEPH_MON_KEY=CEPHX_KEY\n',
|
|
||||||
'OVERCLOUD_CEPH_RGW_KEY=CEPHX_KEY\n',
|
|
||||||
'OVERCLOUD_CINDER_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_DEMO_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_GLANCE_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_GNOCCHI_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_HAPROXY_STATS_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_HEAT_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_IRONIC_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_KEYSTONE_CREDENTIALS_0=PASSWORD\n',
|
|
||||||
'OVERCLOUD_KEYSTONE_CREDENTIALS_1=PASSWORD\n',
|
|
||||||
'OVERCLOUD_MANILA_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_MISTRAL_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_MYSQL_CLUSTERCHECK_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_NOVA_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_REDIS_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_SWIFT_HASH=PASSWORD\n',
|
|
||||||
'OVERCLOUD_SWIFT_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_TROVE_PASSWORD=PASSWORD\n',
|
|
||||||
'OVERCLOUD_ZAQAR_PASSWORD=PASSWORD\n',
|
|
||||||
'NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n',
|
|
||||||
]
|
|
||||||
mock_open = mock.mock_open(read_data=''.join(PASSWORDS))
|
|
||||||
mock_open.return_value.__iter__ = lambda self: self
|
|
||||||
mock_open.return_value.__next__ = lambda self: self.readline()
|
|
||||||
|
|
||||||
with mock.patch('six.moves.builtins.open', mock_open):
|
|
||||||
passwords = utils.generate_overcloud_passwords()
|
|
||||||
|
|
||||||
generate_password_mock.assert_not_called()
|
|
||||||
self.assertEqual(len(passwords), len(PASSWORDS))
|
|
||||||
for name in utils._PASSWORD_NAMES:
|
|
||||||
self.assertEqual('PASSWORD', passwords[name])
|
|
||||||
|
|
||||||
|
|
||||||
class TestCheckHypervisorUtil(TestCase):
|
class TestCheckHypervisorUtil(TestCase):
|
||||||
def test_check_hypervisor_stats(self):
|
def test_check_hypervisor_stats(self):
|
||||||
|
|
||||||
|
@ -460,9 +334,11 @@ class TestCreateOvercloudRC(TestCase):
|
||||||
tempdir = tempfile.mkdtemp()
|
tempdir = tempfile.mkdtemp()
|
||||||
rcfile = os.path.join(tempdir, 'teststackrc')
|
rcfile = os.path.join(tempdir, 'teststackrc')
|
||||||
rcfile_v3 = os.path.join(tempdir, 'teststackrc.v3')
|
rcfile_v3 = os.path.join(tempdir, 'teststackrc.v3')
|
||||||
|
mock_clients = mock.Mock()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
utils.create_overcloudrc(stack=stack,
|
utils.create_overcloudrc(clients=mock_clients,
|
||||||
|
stack=stack,
|
||||||
no_proxy='127.0.0.1',
|
no_proxy='127.0.0.1',
|
||||||
config_directory=tempdir)
|
config_directory=tempdir)
|
||||||
rc = open(rcfile, 'rt').read()
|
rc = open(rcfile, 'rt').read()
|
||||||
|
|
|
@ -499,11 +499,9 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
||||||
|
|
||||||
mock_create_tempest_deployer_input.assert_called_with()
|
mock_create_tempest_deployer_input.assert_called_with()
|
||||||
|
|
||||||
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
|
||||||
'set_overcloud_passwords', autospec=True)
|
|
||||||
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
||||||
'_deploy_tripleo_heat_templates', autospec=True)
|
'_deploy_tripleo_heat_templates', autospec=True)
|
||||||
def test_missing_sat_url(self, mock_deploy_tht, mock_set_ov_passwords):
|
def test_missing_sat_url(self, mock_deploy_tht):
|
||||||
|
|
||||||
arglist = ['--templates', '--rhel-reg',
|
arglist = ['--templates', '--rhel-reg',
|
||||||
'--reg-method', 'satellite', '--reg-org', '123456789',
|
'--reg-method', 'satellite', '--reg-org', '123456789',
|
||||||
|
@ -635,8 +633,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
||||||
|
|
||||||
@mock.patch('tripleoclient.utils.create_tempest_deployer_input',
|
@mock.patch('tripleoclient.utils.create_tempest_deployer_input',
|
||||||
autospec=True)
|
autospec=True)
|
||||||
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
|
||||||
'set_overcloud_passwords', autospec=True)
|
|
||||||
@mock.patch('tripleoclient.utils.create_overcloudrc', autospec=True)
|
@mock.patch('tripleoclient.utils.create_overcloudrc', autospec=True)
|
||||||
@mock.patch('tripleoclient.utils.get_overcloud_endpoint', autospec=True)
|
@mock.patch('tripleoclient.utils.get_overcloud_endpoint', autospec=True)
|
||||||
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
||||||
|
@ -645,7 +641,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
||||||
def test_rhel_reg_params_provided(self, mock_copytree, mock_deploy_tht,
|
def test_rhel_reg_params_provided(self, mock_copytree, mock_deploy_tht,
|
||||||
mock_oc_endpoint,
|
mock_oc_endpoint,
|
||||||
mock_create_ocrc,
|
mock_create_ocrc,
|
||||||
mock_set_oc_passwords,
|
|
||||||
mock_create_tempest_deployer_input):
|
mock_create_tempest_deployer_input):
|
||||||
|
|
||||||
arglist = ['--templates', '--rhel-reg',
|
arglist = ['--templates', '--rhel-reg',
|
||||||
|
@ -950,8 +945,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
||||||
|
|
||||||
@mock.patch('tripleoclient.utils.create_tempest_deployer_input',
|
@mock.patch('tripleoclient.utils.create_tempest_deployer_input',
|
||||||
autospec=True)
|
autospec=True)
|
||||||
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
|
||||||
'set_overcloud_passwords', autospec=True)
|
|
||||||
@mock.patch('tripleoclient.utils.create_overcloudrc', autospec=True)
|
@mock.patch('tripleoclient.utils.create_overcloudrc', autospec=True)
|
||||||
@mock.patch('tripleoclient.utils.get_overcloud_endpoint', autospec=True)
|
@mock.patch('tripleoclient.utils.get_overcloud_endpoint', autospec=True)
|
||||||
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
||||||
|
@ -959,7 +952,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
||||||
def test_dry_run(self, mock_deploy_tht,
|
def test_dry_run(self, mock_deploy_tht,
|
||||||
mock_oc_endpoint,
|
mock_oc_endpoint,
|
||||||
mock_create_ocrc,
|
mock_create_ocrc,
|
||||||
mock_set_ov_passwords,
|
|
||||||
mock_create_tempest_deployer_input):
|
mock_create_tempest_deployer_input):
|
||||||
|
|
||||||
arglist = ['--templates', '--dry-run']
|
arglist = ['--templates', '--dry-run']
|
||||||
|
@ -985,13 +977,10 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
||||||
@mock.patch('tripleoclient.utils.get_overcloud_endpoint', autospec=True)
|
@mock.patch('tripleoclient.utils.get_overcloud_endpoint', autospec=True)
|
||||||
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
||||||
'_heat_deploy', autospec=True)
|
'_heat_deploy', autospec=True)
|
||||||
@mock.patch('tripleoclient.v1.overcloud_deploy.DeployOvercloud.'
|
|
||||||
'set_overcloud_passwords', autospec=True)
|
|
||||||
@mock.patch('shutil.copytree', autospec=True)
|
@mock.patch('shutil.copytree', autospec=True)
|
||||||
@mock.patch('tempfile.mkdtemp', autospec=True)
|
@mock.patch('tempfile.mkdtemp', autospec=True)
|
||||||
@mock.patch('shutil.rmtree', autospec=True)
|
@mock.patch('shutil.rmtree', autospec=True)
|
||||||
def test_answers_file(self, mock_rmtree, mock_tmpdir, mock_copy,
|
def test_answers_file(self, mock_rmtree, mock_tmpdir, mock_copy,
|
||||||
mock_set_overcloud_passwords,
|
|
||||||
mock_heat_deploy,
|
mock_heat_deploy,
|
||||||
mock_oc_endpoint,
|
mock_oc_endpoint,
|
||||||
mock_create_ocrc,
|
mock_create_ocrc,
|
||||||
|
|
|
@ -13,11 +13,40 @@
|
||||||
# under the License.
|
# under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
from tripleoclient import utils
|
_EXISTING_PASSWORDS = (
|
||||||
|
'MistralPassword',
|
||||||
|
'BarbicanPassword',
|
||||||
|
'AdminPassword',
|
||||||
|
'CeilometerMeteringSecret',
|
||||||
|
'ZaqarPassword',
|
||||||
|
'NovaPassword',
|
||||||
|
'IronicPassword',
|
||||||
|
'RedisPassword',
|
||||||
|
'SaharaPassword',
|
||||||
|
'AdminToken',
|
||||||
|
'CinderPassword',
|
||||||
|
'GlancePassword',
|
||||||
|
'RabbitPassword',
|
||||||
|
'CephAdminKey',
|
||||||
|
'HAProxyStatsPassword',
|
||||||
|
'TrovePassword',
|
||||||
|
'CeilometerPassword',
|
||||||
|
'GnocchiPassword',
|
||||||
|
'HeatStackDomainAdminPassword',
|
||||||
|
'CephRgwKey',
|
||||||
|
'AodhPassword',
|
||||||
|
'ManilaPassword',
|
||||||
|
'NeutronMetadataProxySharedSecret',
|
||||||
|
'CephMonKey',
|
||||||
|
'SwiftHashSuffix',
|
||||||
|
'SnmpdReadonlyUserPassword',
|
||||||
|
'SwiftPassword',
|
||||||
|
'HeatPassword',
|
||||||
|
'MysqlClustercheckPassword',
|
||||||
|
'CephClientKey',
|
||||||
|
'NeutronPassword',
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
def generate_overcloud_passwords_mock():
|
def generate_overcloud_passwords_mock(*args):
|
||||||
passwords = utils._PASSWORD_NAMES + utils._CEPH_PASSWORD_NAMES + \
|
return dict((password, 'password') for password in _EXISTING_PASSWORDS)
|
||||||
utils._KEYSTONE_CREDENTIALS_NAME
|
|
||||||
|
|
||||||
return dict((password, 'password') for password in passwords)
|
|
||||||
|
|
|
@ -21,13 +21,13 @@ import json
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
import os.path
|
import os.path
|
||||||
import passlib.utils as passutils
|
|
||||||
import six
|
import six
|
||||||
import socket
|
import socket
|
||||||
import struct
|
import struct
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
import time
|
import time
|
||||||
|
import uuid
|
||||||
import yaml
|
import yaml
|
||||||
|
|
||||||
from heatclient.common import event_utils
|
from heatclient.common import event_utils
|
||||||
|
@ -37,91 +37,20 @@ from six.moves import configparser
|
||||||
from six.moves import urllib
|
from six.moves import urllib
|
||||||
|
|
||||||
from tripleoclient import exceptions
|
from tripleoclient import exceptions
|
||||||
|
from tripleoclient.workflows import parameters
|
||||||
_MIN_PASSWORD_SIZE = 25
|
|
||||||
_PASSWORD_NAMES = (
|
|
||||||
"OVERCLOUD_ADMIN_PASSWORD",
|
|
||||||
"OVERCLOUD_ADMIN_TOKEN",
|
|
||||||
"OVERCLOUD_AODH_PASSWORD",
|
|
||||||
"OVERCLOUD_BARBICAN_PASSWORD",
|
|
||||||
"OVERCLOUD_CEILOMETER_PASSWORD",
|
|
||||||
"OVERCLOUD_CEILOMETER_SECRET",
|
|
||||||
"OVERCLOUD_CINDER_PASSWORD",
|
|
||||||
"OVERCLOUD_DEMO_PASSWORD",
|
|
||||||
"OVERCLOUD_GLANCE_PASSWORD",
|
|
||||||
"OVERCLOUD_GNOCCHI_PASSWORD",
|
|
||||||
"OVERCLOUD_HAPROXY_STATS_PASSWORD",
|
|
||||||
"OVERCLOUD_HEAT_PASSWORD",
|
|
||||||
"OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD",
|
|
||||||
"OVERCLOUD_IRONIC_PASSWORD",
|
|
||||||
"OVERCLOUD_MANILA_PASSWORD",
|
|
||||||
"OVERCLOUD_MISTRAL_PASSWORD",
|
|
||||||
"OVERCLOUD_MYSQL_CLUSTERCHECK_PASSWORD",
|
|
||||||
"OVERCLOUD_NEUTRON_PASSWORD",
|
|
||||||
"OVERCLOUD_NOVA_PASSWORD",
|
|
||||||
"OVERCLOUD_RABBITMQ_PASSWORD",
|
|
||||||
"OVERCLOUD_REDIS_PASSWORD",
|
|
||||||
"OVERCLOUD_SAHARA_PASSWORD",
|
|
||||||
"OVERCLOUD_SWIFT_HASH",
|
|
||||||
"OVERCLOUD_SWIFT_PASSWORD",
|
|
||||||
"OVERCLOUD_TROVE_PASSWORD",
|
|
||||||
"OVERCLOUD_ZAQAR_PASSWORD",
|
|
||||||
"NEUTRON_METADATA_PROXY_SHARED_SECRET"
|
|
||||||
)
|
|
||||||
_CEPH_PASSWORD_NAMES = (
|
|
||||||
"OVERCLOUD_CEPH_MON_KEY",
|
|
||||||
"OVERCLOUD_CEPH_ADMIN_KEY",
|
|
||||||
"OVERCLOUD_CEPH_CLIENT_KEY",
|
|
||||||
"OVERCLOUD_CEPH_RGW_KEY"
|
|
||||||
)
|
|
||||||
|
|
||||||
_KEYSTONE_CREDENTIALS_NAME = (
|
|
||||||
"OVERCLOUD_KEYSTONE_CREDENTIALS_0",
|
|
||||||
"OVERCLOUD_KEYSTONE_CREDENTIALS_1"
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def generate_overcloud_passwords(output_file="tripleo-overcloud-passwords",
|
def generate_overcloud_passwords(clients, plan_name):
|
||||||
create_password_file=False):
|
"""Retrieve passwords needed for the overcloud
|
||||||
"""Create the passwords needed for the overcloud
|
|
||||||
|
|
||||||
This will create the set of passwords required by the overcloud, store
|
This will retrieve the set of passwords required by the overcloud stored
|
||||||
them in the output file path and return a dictionary of passwords. If the
|
in the deployment plan and accessible via a workflow.
|
||||||
file already exists the existing passwords will be returned instead,
|
|
||||||
"""
|
"""
|
||||||
|
workflow_input = {
|
||||||
log = logging.getLogger(__name__ + ".generate_overcloud_passwords")
|
"container": plan_name,
|
||||||
|
"queue_name": str(uuid.uuid4()),
|
||||||
log.debug("Using password file: {0}".format(os.path.abspath(output_file)))
|
}
|
||||||
|
return parameters.get_overcloud_passwords(clients, **workflow_input)
|
||||||
passwords = {}
|
|
||||||
if os.path.isfile(output_file):
|
|
||||||
with open(output_file) as f:
|
|
||||||
passwords = dict(line.split('=', 1)
|
|
||||||
for line in f.read().splitlines())
|
|
||||||
elif not create_password_file:
|
|
||||||
raise exceptions.PasswordFileNotFound(
|
|
||||||
"The password file could not be found!")
|
|
||||||
|
|
||||||
for name in _PASSWORD_NAMES:
|
|
||||||
if not passwords.get(name):
|
|
||||||
passwords[name] = passutils.generate_password(
|
|
||||||
size=_MIN_PASSWORD_SIZE)
|
|
||||||
|
|
||||||
# CephX keys aren't random strings
|
|
||||||
for name in _CEPH_PASSWORD_NAMES:
|
|
||||||
if not passwords.get(name):
|
|
||||||
passwords[name] = create_cephx_key()
|
|
||||||
|
|
||||||
for name in _KEYSTONE_CREDENTIALS_NAME:
|
|
||||||
if not passwords.get(name):
|
|
||||||
passwords[name] = create_keystone_credential()
|
|
||||||
|
|
||||||
with open(output_file, 'w') as f:
|
|
||||||
for name, password in passwords.items():
|
|
||||||
f.write("{0}={1}\n".format(name, password))
|
|
||||||
|
|
||||||
return passwords
|
|
||||||
|
|
||||||
|
|
||||||
def bracket_ipv6(address):
|
def bracket_ipv6(address):
|
||||||
|
@ -151,7 +80,7 @@ def unbracket_ipv6(address):
|
||||||
return address
|
return address
|
||||||
|
|
||||||
|
|
||||||
def create_overcloudrc(stack, no_proxy, config_directory='.'):
|
def create_overcloudrc(clients, stack, no_proxy, config_directory='.'):
|
||||||
"""Given proxy settings and stack, create the overcloudrc
|
"""Given proxy settings and stack, create the overcloudrc
|
||||||
|
|
||||||
stack: Heat stack containing the deployed overcloud
|
stack: Heat stack containing the deployed overcloud
|
||||||
|
@ -176,7 +105,8 @@ def create_overcloudrc(stack, no_proxy, config_directory='.'):
|
||||||
'SSLContext object is not available"'),
|
'SSLContext object is not available"'),
|
||||||
}
|
}
|
||||||
rc_params.update({
|
rc_params.update({
|
||||||
'OS_PASSWORD': get_password('OVERCLOUD_ADMIN_PASSWORD'),
|
'OS_PASSWORD': get_password(clients, stack.stack_name,
|
||||||
|
'AdminPassword'),
|
||||||
'OS_AUTH_URL': overcloud_endpoint,
|
'OS_AUTH_URL': overcloud_endpoint,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -502,14 +432,14 @@ def get_endpoint(key, stack):
|
||||||
__password_cache = None
|
__password_cache = None
|
||||||
|
|
||||||
|
|
||||||
def get_password(pass_name):
|
def get_password(clients, plan_name, pass_name):
|
||||||
"""Retrieve a password by name, such as 'OVERCLOUD_ADMIN_PASSWORD'.
|
"""Retrieve a password by name, such as 'AdminPassword'.
|
||||||
|
|
||||||
Raises KeyError if password does not exist.
|
Raises KeyError if password does not exist.
|
||||||
"""
|
"""
|
||||||
global __password_cache
|
global __password_cache
|
||||||
if __password_cache is None:
|
if __password_cache is None:
|
||||||
__password_cache = generate_overcloud_passwords()
|
__password_cache = generate_overcloud_passwords(clients, plan_name)
|
||||||
return __password_cache[pass_name]
|
return __password_cache[pass_name]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -55,78 +55,11 @@ class DeployOvercloud(command.Command):
|
||||||
predeploy_errors = 0
|
predeploy_errors = 0
|
||||||
predeploy_warnings = 0
|
predeploy_warnings = 0
|
||||||
|
|
||||||
def set_overcloud_passwords(self, stack_is_new, parameters):
|
|
||||||
"""Add passwords to the parameters dictionary
|
|
||||||
|
|
||||||
:param parameters: A dictionary for the passwords to be added to
|
|
||||||
:type parameters: dict
|
|
||||||
"""
|
|
||||||
|
|
||||||
undercloud_ceilometer_snmpd_password = utils.get_config_value(
|
|
||||||
"auth", "undercloud_ceilometer_snmpd_password")
|
|
||||||
if not undercloud_ceilometer_snmpd_password:
|
|
||||||
self.log.warning("Undercloud ceilometer SNMPd password missing!")
|
|
||||||
|
|
||||||
passwords = utils.generate_overcloud_passwords(
|
|
||||||
create_password_file=stack_is_new)
|
|
||||||
|
|
||||||
ceilometer_pass = passwords['OVERCLOUD_CEILOMETER_PASSWORD']
|
|
||||||
ceilometer_secret = passwords['OVERCLOUD_CEILOMETER_SECRET']
|
|
||||||
parameters['AdminPassword'] = passwords['OVERCLOUD_ADMIN_PASSWORD']
|
|
||||||
parameters['AdminToken'] = passwords['OVERCLOUD_ADMIN_TOKEN']
|
|
||||||
parameters['AodhPassword'] = passwords['OVERCLOUD_AODH_PASSWORD']
|
|
||||||
parameters['BarbicanPassword'] = (
|
|
||||||
passwords['OVERCLOUD_BARBICAN_PASSWORD'])
|
|
||||||
parameters['CeilometerPassword'] = ceilometer_pass
|
|
||||||
parameters['CeilometerMeteringSecret'] = ceilometer_secret
|
|
||||||
parameters['CinderPassword'] = passwords[
|
|
||||||
'OVERCLOUD_CINDER_PASSWORD']
|
|
||||||
parameters['GlancePassword'] = passwords[
|
|
||||||
'OVERCLOUD_GLANCE_PASSWORD']
|
|
||||||
parameters['GnocchiPassword'] = passwords['OVERCLOUD_GNOCCHI_PASSWORD']
|
|
||||||
parameters['HAProxyStatsPassword'] = passwords[
|
|
||||||
'OVERCLOUD_HAPROXY_STATS_PASSWORD']
|
|
||||||
parameters['HeatPassword'] = passwords['OVERCLOUD_HEAT_PASSWORD']
|
|
||||||
parameters['HeatStackDomainAdminPassword'] = passwords[
|
|
||||||
'OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD']
|
|
||||||
parameters['IronicPassword'] = passwords['OVERCLOUD_IRONIC_PASSWORD']
|
|
||||||
parameters['MistralPassword'] = passwords['OVERCLOUD_MISTRAL_PASSWORD']
|
|
||||||
parameters['MysqlClustercheckPassword'] = passwords[
|
|
||||||
'OVERCLOUD_MYSQL_CLUSTERCHECK_PASSWORD']
|
|
||||||
parameters['NeutronPassword'] = passwords[
|
|
||||||
'OVERCLOUD_NEUTRON_PASSWORD']
|
|
||||||
parameters['NovaPassword'] = passwords['OVERCLOUD_NOVA_PASSWORD']
|
|
||||||
parameters['RabbitPassword'] = passwords['OVERCLOUD_RABBITMQ_PASSWORD']
|
|
||||||
parameters['RedisPassword'] = passwords['OVERCLOUD_REDIS_PASSWORD']
|
|
||||||
parameters['SaharaPassword'] = (
|
|
||||||
passwords['OVERCLOUD_SAHARA_PASSWORD'])
|
|
||||||
parameters['SwiftHashSuffix'] = passwords['OVERCLOUD_SWIFT_HASH']
|
|
||||||
parameters['SwiftPassword'] = passwords['OVERCLOUD_SWIFT_PASSWORD']
|
|
||||||
parameters['SnmpdReadonlyUserPassword'] = (
|
|
||||||
undercloud_ceilometer_snmpd_password)
|
|
||||||
parameters['TrovePassword'] = (
|
|
||||||
passwords['OVERCLOUD_TROVE_PASSWORD'])
|
|
||||||
parameters['ZaqarPassword'] = passwords['OVERCLOUD_ZAQAR_PASSWORD']
|
|
||||||
parameters['ManilaPassword'] = passwords['OVERCLOUD_MANILA_PASSWORD']
|
|
||||||
parameters['NeutronMetadataProxySharedSecret'] = (
|
|
||||||
passwords['NEUTRON_METADATA_PROXY_SHARED_SECRET'])
|
|
||||||
parameters['CephMonKey'] = passwords['OVERCLOUD_CEPH_MON_KEY']
|
|
||||||
parameters['CephAdminKey'] = passwords['OVERCLOUD_CEPH_ADMIN_KEY']
|
|
||||||
parameters['CephClientKey'] = passwords['OVERCLOUD_CEPH_CLIENT_KEY']
|
|
||||||
parameters['CephRgwKey'] = passwords['OVERCLOUD_CEPH_RGW_KEY']
|
|
||||||
parameters['KeystoneCredential0'] = passwords[
|
|
||||||
'OVERCLOUD_KEYSTONE_CREDENTIALS_0']
|
|
||||||
parameters['KeystoneCredential1'] = passwords[
|
|
||||||
'OVERCLOUD_KEYSTONE_CREDENTIALS_1']
|
|
||||||
|
|
||||||
def _update_parameters(self, args, network_client, stack):
|
def _update_parameters(self, args, network_client, stack):
|
||||||
parameters = {}
|
parameters = {}
|
||||||
|
|
||||||
stack_is_new = stack is None
|
stack_is_new = stack is None
|
||||||
|
|
||||||
self.log.debug("Generating overcloud passwords")
|
|
||||||
self.set_overcloud_passwords(stack_is_new, parameters)
|
|
||||||
|
|
||||||
timestamp = int(time.time())
|
timestamp = int(time.time())
|
||||||
parameters['DeployIdentifier'] = timestamp
|
parameters['DeployIdentifier'] = timestamp
|
||||||
parameters['UpdateIdentifier'] = ''
|
parameters['UpdateIdentifier'] = ''
|
||||||
|
@ -578,7 +511,7 @@ class DeployOvercloud(command.Command):
|
||||||
|
|
||||||
keystone_client = clients.get_keystone_client(
|
keystone_client = clients.get_keystone_client(
|
||||||
'admin',
|
'admin',
|
||||||
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
|
utils.get_password(stack.stack_name, 'AdminPassword'),
|
||||||
'admin',
|
'admin',
|
||||||
overcloud_endpoint)
|
overcloud_endpoint)
|
||||||
|
|
||||||
|
@ -616,11 +549,13 @@ class DeployOvercloud(command.Command):
|
||||||
admin_port = endpoint_map.get('KeystoneAdmin').get('port')
|
admin_port = endpoint_map.get('KeystoneAdmin').get('port')
|
||||||
internal_port = endpoint_map.get(
|
internal_port = endpoint_map.get(
|
||||||
'KeystoneInternal').get('port')
|
'KeystoneInternal').get('port')
|
||||||
|
|
||||||
|
# TODO(rbrady): check usages of get_password
|
||||||
keystone.initialize(
|
keystone.initialize(
|
||||||
keystone_admin_ip,
|
keystone_admin_ip,
|
||||||
utils.get_password('OVERCLOUD_ADMIN_TOKEN'),
|
utils.get_password(stack.stack_name, 'AdminToken'),
|
||||||
'admin@example.com',
|
'admin@example.com',
|
||||||
utils.get_password('OVERCLOUD_ADMIN_PASSWORD'),
|
utils.get_password(stack.stack_name, 'AdminPassword'),
|
||||||
ssl=keystone_tls_host,
|
ssl=keystone_tls_host,
|
||||||
public=overcloud_ip_or_fqdn,
|
public=overcloud_ip_or_fqdn,
|
||||||
user=parsed_args.overcloud_ssh_user,
|
user=parsed_args.overcloud_ssh_user,
|
||||||
|
@ -670,8 +605,8 @@ class DeployOvercloud(command.Command):
|
||||||
service_data = {}
|
service_data = {}
|
||||||
password_field = data.get('password_field')
|
password_field = data.get('password_field')
|
||||||
if password_field:
|
if password_field:
|
||||||
service_data['password'] = utils.get_password(
|
service_data['password'] = utils.get_password(stack.stack_name,
|
||||||
password_field)
|
password_field)
|
||||||
|
|
||||||
# Set internal endpoint
|
# Set internal endpoint
|
||||||
service_name_internal = self._format_endpoint_name(service, 'internal')
|
service_name_internal = self._format_endpoint_name(service, 'internal')
|
||||||
|
@ -1226,7 +1161,7 @@ class DeployOvercloud(command.Command):
|
||||||
# Force fetching of attributes
|
# Force fetching of attributes
|
||||||
stack.get()
|
stack.get()
|
||||||
|
|
||||||
utils.create_overcloudrc(stack, parsed_args.no_proxy)
|
utils.create_overcloudrc(clients, stack, parsed_args.no_proxy)
|
||||||
utils.create_tempest_deployer_input()
|
utils.create_tempest_deployer_input()
|
||||||
|
|
||||||
# Run postconfig on create or force. Use force to makes sure endpoints
|
# Run postconfig on create or force. Use force to makes sure endpoints
|
||||||
|
|
|
@ -21,3 +21,27 @@ def update_parameters(workflow_client, **input_):
|
||||||
def reset_parameters(workflow_client, **input_):
|
def reset_parameters(workflow_client, **input_):
|
||||||
return base.call_action(workflow_client, 'tripleo.parameters.reset',
|
return base.call_action(workflow_client, 'tripleo.parameters.reset',
|
||||||
**input_)
|
**input_)
|
||||||
|
|
||||||
|
|
||||||
|
def get_overcloud_passwords(clients, **workflow_input):
|
||||||
|
"""Retrieves overcloud passwords from a plan via a workflow
|
||||||
|
|
||||||
|
:param clients:
|
||||||
|
:param workflow_input:
|
||||||
|
:return:
|
||||||
|
"""
|
||||||
|
|
||||||
|
workflow_client = clients.workflow_engine
|
||||||
|
tripleoclients = clients.tripleoclient
|
||||||
|
queue_name = workflow_input['queue_name']
|
||||||
|
|
||||||
|
execution = base.start_workflow(
|
||||||
|
workflow_client,
|
||||||
|
'tripleo.plan_management.v1.get_passwords',
|
||||||
|
workflow_input=workflow_input
|
||||||
|
)
|
||||||
|
|
||||||
|
with tripleoclients.messaging_websocket(queue_name) as ws:
|
||||||
|
message = ws.wait_for_message(execution.id)
|
||||||
|
assert message['status'] == "SUCCESS"
|
||||||
|
return message['message']
|
||||||
|
|
Loading…
Reference in New Issue