Don't write <stack_name>-passwords.conf

We don't need to keep writing undercloud-passwords.conf
as tripleo-<stack_name>-passwords.yaml is the
source of old passwords since rocky.

Change-Id: I527d752fbf0713b93354f61acdaf35db8c60f068
This commit is contained in:
ramishra 2021-05-22 19:30:50 +05:30
parent 05acb07684
commit 629945fdec
4 changed files with 13 additions and 26 deletions

View File

@ -297,6 +297,8 @@ class TestDeployUndercloud(TestPluginV1):
'undercloud_rpc_password = pick-me-rpc\n'
'undercloud_legacy_pass = pick-me-legacy-instack\n')
with mock.patch('tripleoclient.constants.CLOUD_HOME_DIR',
self.temp_homedir):
self.cmd._update_passwords_env(self.temp_homedir,
'stack', upgrade=True,
passwords={'ADefault': 456,

View File

@ -19,7 +19,6 @@ import logging
import netaddr
import os
import pwd
import re
import shutil
import six
import subprocess
@ -279,7 +278,7 @@ class Deploy(command.Command):
passwords=None, stack_name='undercloud'):
pw_file = os.path.join(output_dir,
'tripleo-' + stack_name + '-passwords.yaml')
undercloud_pw_file = os.path.join(output_dir,
undercloud_pw_file = os.path.join(constants.CLOUD_HOME_DIR,
stack_name + '-passwords.conf')
# Generated passwords take the lowest precedence, allowing
@ -329,6 +328,7 @@ class Deploy(command.Command):
else:
k = ''.join(i.capitalize() for i in k.split('_')[1:])
legacy_env[k] = v
os.remove(undercloud_pw_file)
# Get the keystone keys before upgrade
keystone_fernet_repo = '/etc/keystone/fernet-keys/'
@ -374,22 +374,6 @@ class Deploy(command.Command):
# TODO(cjeanner) drop that once using oslo.privsep
# Do not forget to re-add os.chmod 0o600 on that one!
self._set_data_rights(pw_file, user=user)
# Write out an instack undercloud compatible version.
# This contains sensitive data so ensure it's not world-readable
with open(undercloud_pw_file, 'w') as pf:
pf.write('[auth]\n')
for p, v in stack_env['parameter_defaults'].items():
if 'Password' in p or 'Token' in p or p.endswith('Kek'):
# Convert camelcase from heat templates into the underscore
# format used by instack undercloud.
s1 = re.sub('(.)([A-Z][a-z]+)', r'\1_\2', p)
pw_key = re.sub('([a-z0-9])([A-Z])',
r'\1_\2', s1).lower()
pf.write('undercloud_%s: %s\n' % (pw_key, v))
# TODO(cjeanner) drop that once using oslo.privsep
# Do not forget to re-add os.chmod 0o600 on that one!
self._set_data_rights(undercloud_pw_file, user=user)
return pw_file

View File

@ -160,7 +160,7 @@ class InstallUndercloud(command.Command):
self.log.warning(UNDERCLOUD_COMPLETION_MESSAGE.format(
os.path.join(
constants.UNDERCLOUD_OUTPUT_DIR,
'undercloud-passwords.conf'
'tripleo-undercloud-passwords.yaml'
),
'~/stackrc'
))
@ -221,7 +221,7 @@ class UpgradeUndercloud(InstallUndercloud):
UNDERCLOUD_UPGRADE_COMPLETION_MESSAGE.format(
os.path.join(
constants.UNDERCLOUD_OUTPUT_DIR,
'undercloud-passwords.conf'
'tripleo-undercloud-passwords.yaml'
),
'~/stackrc'))
except Exception as e:

View File

@ -334,7 +334,8 @@ def _validate_passwords_file():
else:
output_dir = CONF['output_dir']
passwd_path = os.path.join(output_dir, 'undercloud-passwords.conf')
passwd_path = os.path.join(output_dir,
'tripleo-undercloud-passwords.yaml')
if (os.path.isfile(os.path.join(constants.CLOUD_HOME_DIR, 'stackrc')) and
not os.path.isfile(passwd_path)):
message = (_('The %s file is missing. This will cause all service '