Merge "Re-use old fernet and credential keys in containerized undercloud"

changes/34/589134/3
Zuul 4 years ago committed by Gerrit Code Review
commit 867867d141
  1. 5
      tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py
  2. 27
      tripleoclient/v1/tripleo_deploy.py

@ -140,7 +140,10 @@ class TestDeployUndercloud(TestPluginV1):
self.temp_homedir, 'tripleo-undercloud-passwords.yaml')
mock_pw.return_value = pw_dict
mock_exists.return_value = True
def mock_file_exists(file_name):
return not file_name.startswith('/etc/keystone')
mock_exists.side_effect = mock_file_exists
with open(t_pw_conf_path, 'w') as t_pw:
t_pw.write('parameter_defaults: {ExistingKey: xyz}\n')

@ -306,6 +306,33 @@ class Deploy(command.Command):
with open(pw_file) as pf:
stack_env = yaml.safe_load(pf.read())
# Get the keystone keys before upgrade
keystone_fernet_repo = '/etc/keystone/fernet-keys/'
keystone_credential_repo = '/etc/keystone/credential-keys/'
self._set_data_rights('/etc/keystone', user=user)
for key_index in range(0, 2):
file_name = keystone_credential_repo + str(key_index)
key = 'KeystoneCredential' + str(key_index)
if os.path.exists(file_name):
with open(file_name, 'r') as file_content:
content = file_content.read()
legacy_env[key] = content
fernet_keys = {}
file_count = 0
if os.path.exists(keystone_fernet_repo):
file_count = len(os.listdir(keystone_fernet_repo))
for key_index in range(0, file_count):
file_name = keystone_fernet_repo + str(key_index)
if os.path.exists(file_name):
with open(file_name, 'r') as file_content:
content = file_content.read()
fernet_keys[file_name] = {'content': content}
if fernet_keys:
legacy_env['KeystoneFernetKeys'] = fernet_keys
pw = password_utils.generate_passwords(stack_env=stack_env)
stack_env['parameter_defaults'].update(pw)
# Override what has been generated by tripleo-common with old passwords

Loading…
Cancel
Save