openstack
/
python-tripleoclient
Code Issues Proposed changes

Merge "Remove migration from undercloud-passwords.conf"

This commit is contained in:
Zuul 2022-09-20 09:50:56 +00:00 committed by Gerrit Code Review
parent 72656b2985 76c11a5670
commit c580b60d71
2 changed files with 3 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py
View File

@ -227,8 +227,6 @@ class TestDeployUndercloud(TestPluginV1):
def test_update_passwords_env(self, mock_dump, mock_pw, mock_cc,
mock_exists, mock_chmod, mock_user):
pw_dict = {"GeneratedPassword": 123, "LegacyPass": "override me"}
pw_conf_path = os.path.join(self.temp_homedir,
'undercloud-passwords.conf')
t_pw_conf_path = os.path.join(
self.temp_homedir, 'tripleo-undercloud-passwords.yaml')
@ -246,14 +244,7 @@ class TestDeployUndercloud(TestPluginV1):
'LegacyPass: pick-me-legacy-tht, '
'RpcPassword: pick-me-rpc}\n')
with open(pw_conf_path, 'w') as t_pw:
t_pw.write('[auth]\nundercloud_db_password = ignore-me-mysql\n'
'undercloud_rabbit_password = ignore-me-rabbit\n'
'undercloud_rpc_password = ignore-me-rpc\n'
'undercloud_legacy_pass = ignore-me-legacy\n')
self.cmd._update_passwords_env(self.temp_homedir,
'stack', upgrade=False,
self.cmd._update_passwords_env(self.temp_homedir, 'stack',
passwords={'ADefault': 456,
'ExistingKey':
'dontupdate'})
@ -267,61 +258,6 @@ class TestDeployUndercloud(TestPluginV1):
mock.ANY,
default_flow_style=False)
# TODO(bogdando) drop once we have proper oslo.privsep
@mock.patch('getpass.getuser', return_value='stack')
@mock.patch('os.chmod')
@mock.patch('os.path.exists')
# TODO(bogdando) drop once we have proper oslo.privsep
@mock.patch('subprocess.check_call', autospec=True)
@mock.patch('tripleo_common.utils.passwords.generate_passwords')
@mock.patch('yaml.safe_dump')
def test_update_passwords_env_upgrade(self, mock_dump, mock_pw, mock_cc,
mock_exists, mock_chmod, mock_user):
pw_dict = {"GeneratedPassword": 123, "LegacyPass": "override me"}
pw_conf_path = os.path.join(self.temp_homedir,
'undercloud-passwords.conf')
t_pw_conf_path = os.path.join(
self.temp_homedir, 'tripleo-undercloud-passwords.yaml')
mock_pw.return_value = pw_dict
old_pw_file = os.path.join(constants.CLOUD_HOME_DIR,
'tripleo-undercloud-passwords.yaml')
def mock_file_exists(file_name):
return not (file_name.startswith('/etc/keystone') or
file_name == old_pw_file)
mock_exists.side_effect = mock_file_exists
with open(t_pw_conf_path, 'w') as t_pw:
t_pw.write('parameter_defaults: {ExistingKey: xyz, '
'LegacyPass: override-me-legacy, '
'RpcPassword: override-me-rpc}\n')
with open(pw_conf_path, 'w') as t_pw:
t_pw.write('[auth]\nundercloud_db_password = pick-me-mysql\n'
'undercloud_rabbit_password = pick-me-rabbit\n'
'undercloud_rpc_password = pick-me-rpc\n'
'undercloud_legacy_pass = pick-me-legacy-instack\n')
with mock.patch('tripleoclient.constants.CLOUD_HOME_DIR',
self.temp_homedir):
self.cmd._update_passwords_env(self.temp_homedir,
'stack', upgrade=True,
passwords={'ADefault': 456,
'ExistingKey':
'dontupdate'})
expected_dict = {
'parameter_defaults': {'GeneratedPassword': 123,
'ExistingKey': 'xyz',
'MysqlRootPassword': 'pick-me-mysql',
'RpcPassword': 'pick-me-rpc',
'RabbitPassword': 'pick-me-rabbit',
'LegacyPass': 'pick-me-legacy-instack',
'ADefault': 456}}
mock_dump.assert_called_once_with(expected_dict,
mock.ANY,
default_flow_style=False)
@mock.patch('tripleoclient.utils.fetch_roles_file',
return_value={}, autospec=True)
@mock.patch('heatclient.common.template_utils.'

77
tripleoclient/v1/tripleo_deploy.py
View File

@ -14,7 +14,6 @@
#
import argparse
import configparser
import json
import logging
import netaddr
@ -256,14 +255,12 @@ class Deploy(command.Command):
constants.PUPPET_MODULES,
constants.PUPPET_BASE)
def _update_passwords_env(self, output_dir, user, upgrade=None,
passwords=None, stack_name='undercloud'):
def _update_passwords_env(self, output_dir, user, passwords=None,
stack_name='undercloud'):
old_pw_file = os.path.join(constants.CLOUD_HOME_DIR,
'tripleo-' + stack_name + '-passwords.yaml')
pw_file = os.path.join(output_dir,
'tripleo-' + stack_name + '-passwords.yaml')
undercloud_pw_file = os.path.join(constants.CLOUD_HOME_DIR,
stack_name + '-passwords.conf')
# Generated passwords take the lowest precedence, allowing
# custom overrides
@ -287,75 +284,6 @@ class Deploy(command.Command):
yaml.safe_load(pf.read())['parameter_defaults'])
self.log.warning("Reading passwords from %s" % pw_file)
if upgrade:
# Getting passwords that were managed by instack-undercloud so
# we can upgrade to a containerized undercloud and keep old
# passwords.
legacy_env = {}
if os.path.exists(undercloud_pw_file):
config = configparser.ConfigParser()
config.read(undercloud_pw_file)
for k, v in config.items('auth'):
# Manage exceptions
if k == 'undercloud_db_password':
k = 'MysqlRootPassword'
elif k == 'undercloud_rabbit_username':
k = 'RpcUserName'
elif k == 'undercloud_rabbit_password':
try:
# NOTE(aschultz): Only save rabbit password to rpc
# if it's not already defined for the upgrade case.
# The passwords are usually different so we don't
# want to overwrite it if it already exists because
# we'll end up rewriting the passwords later and
# causing problems.
config.get('auth', 'undercloud_rpc_password')
except configparser.Error:
legacy_env['RpcPassword'] = v
k = 'RabbitPassword'
elif k == 'undercloud_rabbit_cookie':
k = 'RabbitCookie'
elif k == 'undercloud_heat_encryption_key':
k = 'HeatAuthEncryptionKey'
elif k == 'undercloud_libvirt_tls_password':
k = 'LibvirtTLSPassword'
elif k == 'undercloud_ha_proxy_stats_password':
k = 'HAProxyStatsPassword'
else:
k = ''.join(i.capitalize() for i in k.split('_')[1:])
legacy_env[k] = v
os.remove(undercloud_pw_file)
# Get the keystone keys before upgrade
keystone_fernet_repo = '/etc/keystone/fernet-keys/'
keystone_credential_repo = '/etc/keystone/credential-keys/'
self._set_data_rights('/etc/keystone', user=user)
for key_index in range(0, 2):
file_name = keystone_credential_repo + str(key_index)
key = 'KeystoneCredential' + str(key_index)
if os.path.exists(file_name):
with open(file_name, 'r') as file_content:
content = file_content.read()
legacy_env[key] = content
fernet_keys = {}
file_count = 0
if os.path.exists(keystone_fernet_repo):
file_count = len(os.listdir(keystone_fernet_repo))
for key_index in range(0, file_count):
file_name = keystone_fernet_repo + str(key_index)
if os.path.exists(file_name):
with open(file_name, 'r') as file_content:
content = file_content.read()
fernet_keys[file_name] = {'content': content}
if fernet_keys:
legacy_env['KeystoneFernetKeys'] = fernet_keys
# Override with picked legacy instack-undercloud values
stack_env['parameter_defaults'].update(legacy_env)
if passwords:
# These passwords are the DefaultPasswords so we only
# update if they don't already exist in stack_env
@ -616,7 +544,6 @@ class Deploy(command.Command):
pw_file = self._update_passwords_env(
output_dir=self.output_dir,
user=parsed_args.deployment_user,
upgrade=parsed_args.upgrade,
stack_name=parsed_args.stack.lower(),
)
environments.append(pw_file)