From 76c11a56706e67bfc641336e3181acf276678b73 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 8 Aug 2022 16:29:41 +0900 Subject: [PATCH] Remove migration from undercloud-passwords.conf This removes the logic to look up the existing passwords from the undercloud-passwords.conf file during upgrade. The file was generated by instackenv which is no longer used since Rocky, thus the migration should have been done when a deployment is upgraded from Queens to Rocky(Upgrade) or Train(FFU), and the logic is no longer required in recent releases. Change-Id: Id0aa63e4909aac5309c3828d0334cbeca08f5b30 --- .../tests/v1/tripleo/test_tripleo_deploy.py | 66 +--------------- tripleoclient/v1/tripleo_deploy.py | 77 +------------------ 2 files changed, 3 insertions(+), 140 deletions(-) diff --git a/tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py b/tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py index 232b3f159..eca626849 100644 --- a/tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py +++ b/tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py @@ -227,8 +227,6 @@ class TestDeployUndercloud(TestPluginV1): def test_update_passwords_env(self, mock_dump, mock_pw, mock_cc, mock_exists, mock_chmod, mock_user): pw_dict = {"GeneratedPassword": 123, "LegacyPass": "override me"} - pw_conf_path = os.path.join(self.temp_homedir, - 'undercloud-passwords.conf') t_pw_conf_path = os.path.join( self.temp_homedir, 'tripleo-undercloud-passwords.yaml') @@ -246,14 +244,7 @@ class TestDeployUndercloud(TestPluginV1): 'LegacyPass: pick-me-legacy-tht, ' 'RpcPassword: pick-me-rpc}\n') - with open(pw_conf_path, 'w') as t_pw: - t_pw.write('[auth]\nundercloud_db_password = ignore-me-mysql\n' - 'undercloud_rabbit_password = ignore-me-rabbit\n' - 'undercloud_rpc_password = ignore-me-rpc\n' - 'undercloud_legacy_pass = ignore-me-legacy\n') - - self.cmd._update_passwords_env(self.temp_homedir, - 'stack', upgrade=False, + self.cmd._update_passwords_env(self.temp_homedir, 'stack', passwords={'ADefault': 456, 'ExistingKey': 'dontupdate'}) @@ -267,61 +258,6 @@ class TestDeployUndercloud(TestPluginV1): mock.ANY, default_flow_style=False) - # TODO(bogdando) drop once we have proper oslo.privsep - @mock.patch('getpass.getuser', return_value='stack') - @mock.patch('os.chmod') - @mock.patch('os.path.exists') - # TODO(bogdando) drop once we have proper oslo.privsep - @mock.patch('subprocess.check_call', autospec=True) - @mock.patch('tripleo_common.utils.passwords.generate_passwords') - @mock.patch('yaml.safe_dump') - def test_update_passwords_env_upgrade(self, mock_dump, mock_pw, mock_cc, - mock_exists, mock_chmod, mock_user): - pw_dict = {"GeneratedPassword": 123, "LegacyPass": "override me"} - pw_conf_path = os.path.join(self.temp_homedir, - 'undercloud-passwords.conf') - t_pw_conf_path = os.path.join( - self.temp_homedir, 'tripleo-undercloud-passwords.yaml') - - mock_pw.return_value = pw_dict - - old_pw_file = os.path.join(constants.CLOUD_HOME_DIR, - 'tripleo-undercloud-passwords.yaml') - - def mock_file_exists(file_name): - return not (file_name.startswith('/etc/keystone') or - file_name == old_pw_file) - mock_exists.side_effect = mock_file_exists - with open(t_pw_conf_path, 'w') as t_pw: - t_pw.write('parameter_defaults: {ExistingKey: xyz, ' - 'LegacyPass: override-me-legacy, ' - 'RpcPassword: override-me-rpc}\n') - - with open(pw_conf_path, 'w') as t_pw: - t_pw.write('[auth]\nundercloud_db_password = pick-me-mysql\n' - 'undercloud_rabbit_password = pick-me-rabbit\n' - 'undercloud_rpc_password = pick-me-rpc\n' - 'undercloud_legacy_pass = pick-me-legacy-instack\n') - - with mock.patch('tripleoclient.constants.CLOUD_HOME_DIR', - self.temp_homedir): - self.cmd._update_passwords_env(self.temp_homedir, - 'stack', upgrade=True, - passwords={'ADefault': 456, - 'ExistingKey': - 'dontupdate'}) - expected_dict = { - 'parameter_defaults': {'GeneratedPassword': 123, - 'ExistingKey': 'xyz', - 'MysqlRootPassword': 'pick-me-mysql', - 'RpcPassword': 'pick-me-rpc', - 'RabbitPassword': 'pick-me-rabbit', - 'LegacyPass': 'pick-me-legacy-instack', - 'ADefault': 456}} - mock_dump.assert_called_once_with(expected_dict, - mock.ANY, - default_flow_style=False) - @mock.patch('tripleoclient.utils.fetch_roles_file', return_value={}, autospec=True) @mock.patch('heatclient.common.template_utils.' diff --git a/tripleoclient/v1/tripleo_deploy.py b/tripleoclient/v1/tripleo_deploy.py index b25f78fbd..9724dfeff 100644 --- a/tripleoclient/v1/tripleo_deploy.py +++ b/tripleoclient/v1/tripleo_deploy.py @@ -14,7 +14,6 @@ # import argparse -import configparser import json import logging import netaddr @@ -256,14 +255,12 @@ class Deploy(command.Command): constants.PUPPET_MODULES, constants.PUPPET_BASE) - def _update_passwords_env(self, output_dir, user, upgrade=None, - passwords=None, stack_name='undercloud'): + def _update_passwords_env(self, output_dir, user, passwords=None, + stack_name='undercloud'): old_pw_file = os.path.join(constants.CLOUD_HOME_DIR, 'tripleo-' + stack_name + '-passwords.yaml') pw_file = os.path.join(output_dir, 'tripleo-' + stack_name + '-passwords.yaml') - undercloud_pw_file = os.path.join(constants.CLOUD_HOME_DIR, - stack_name + '-passwords.conf') # Generated passwords take the lowest precedence, allowing # custom overrides @@ -287,75 +284,6 @@ class Deploy(command.Command): yaml.safe_load(pf.read())['parameter_defaults']) self.log.warning("Reading passwords from %s" % pw_file) - if upgrade: - # Getting passwords that were managed by instack-undercloud so - # we can upgrade to a containerized undercloud and keep old - # passwords. - legacy_env = {} - if os.path.exists(undercloud_pw_file): - config = configparser.ConfigParser() - config.read(undercloud_pw_file) - for k, v in config.items('auth'): - # Manage exceptions - if k == 'undercloud_db_password': - k = 'MysqlRootPassword' - elif k == 'undercloud_rabbit_username': - k = 'RpcUserName' - elif k == 'undercloud_rabbit_password': - try: - # NOTE(aschultz): Only save rabbit password to rpc - # if it's not already defined for the upgrade case. - # The passwords are usually different so we don't - # want to overwrite it if it already exists because - # we'll end up rewriting the passwords later and - # causing problems. - config.get('auth', 'undercloud_rpc_password') - except configparser.Error: - legacy_env['RpcPassword'] = v - k = 'RabbitPassword' - elif k == 'undercloud_rabbit_cookie': - k = 'RabbitCookie' - elif k == 'undercloud_heat_encryption_key': - k = 'HeatAuthEncryptionKey' - elif k == 'undercloud_libvirt_tls_password': - k = 'LibvirtTLSPassword' - elif k == 'undercloud_ha_proxy_stats_password': - k = 'HAProxyStatsPassword' - else: - k = ''.join(i.capitalize() for i in k.split('_')[1:]) - legacy_env[k] = v - os.remove(undercloud_pw_file) - - # Get the keystone keys before upgrade - keystone_fernet_repo = '/etc/keystone/fernet-keys/' - keystone_credential_repo = '/etc/keystone/credential-keys/' - self._set_data_rights('/etc/keystone', user=user) - - for key_index in range(0, 2): - file_name = keystone_credential_repo + str(key_index) - key = 'KeystoneCredential' + str(key_index) - if os.path.exists(file_name): - with open(file_name, 'r') as file_content: - content = file_content.read() - legacy_env[key] = content - - fernet_keys = {} - file_count = 0 - if os.path.exists(keystone_fernet_repo): - file_count = len(os.listdir(keystone_fernet_repo)) - - for key_index in range(0, file_count): - file_name = keystone_fernet_repo + str(key_index) - if os.path.exists(file_name): - with open(file_name, 'r') as file_content: - content = file_content.read() - fernet_keys[file_name] = {'content': content} - if fernet_keys: - legacy_env['KeystoneFernetKeys'] = fernet_keys - - # Override with picked legacy instack-undercloud values - stack_env['parameter_defaults'].update(legacy_env) - if passwords: # These passwords are the DefaultPasswords so we only # update if they don't already exist in stack_env @@ -616,7 +544,6 @@ class Deploy(command.Command): pw_file = self._update_passwords_env( output_dir=self.output_dir, user=parsed_args.deployment_user, - upgrade=parsed_args.upgrade, stack_name=parsed_args.stack.lower(), ) environments.append(pw_file)