Generate CephX keys via generate_overcloud_passwords
Change-Id: Iadac22a96f182bf4ac45fdee56c9333d5b6aa111 Closes-Bug: 1607407 Depends-On: If238f34fe5ac9b9990044020d039a281536c47ee
This commit is contained in:
parent
defa3f3dbd
commit
ce0f9b8f83
|
@ -31,7 +31,10 @@ class TestPasswordsUtil(TestCase):
|
|||
@mock.patch("os.path.isfile", return_value=False)
|
||||
@mock.patch("passlib.utils.generate_password",
|
||||
return_value="PASSWORD")
|
||||
def test_generate_passwords(self, generate_password_mock, isfile_mock):
|
||||
@mock.patch("tripleoclient.utils.create_cephx_key",
|
||||
return_value="CEPHX_KEY")
|
||||
def test_generate_passwords(self, create_cephx_key_mock,
|
||||
generate_password_mock, isfile_mock):
|
||||
|
||||
mock_open = mock.mock_open()
|
||||
|
||||
|
@ -45,6 +48,10 @@ class TestPasswordsUtil(TestCase):
|
|||
mock.call('OVERCLOUD_AODH_PASSWORD=PASSWORD\n'),
|
||||
mock.call('OVERCLOUD_CEILOMETER_PASSWORD=PASSWORD\n'),
|
||||
mock.call('OVERCLOUD_CEILOMETER_SECRET=PASSWORD\n'),
|
||||
mock.call('OVERCLOUD_CEPH_ADMIN_KEY=CEPHX_KEY\n'),
|
||||
mock.call('OVERCLOUD_CEPH_CLIENT_KEY=CEPHX_KEY\n'),
|
||||
mock.call('OVERCLOUD_CEPH_MON_KEY=CEPHX_KEY\n'),
|
||||
mock.call('OVERCLOUD_CEPH_RGW_KEY=CEPHX_KEY\n'),
|
||||
mock.call('OVERCLOUD_CINDER_PASSWORD=PASSWORD\n'),
|
||||
mock.call('OVERCLOUD_DEMO_PASSWORD=PASSWORD\n'),
|
||||
mock.call('OVERCLOUD_GLANCE_PASSWORD=PASSWORD\n'),
|
||||
|
@ -67,7 +74,8 @@ class TestPasswordsUtil(TestCase):
|
|||
mock.call('OVERCLOUD_ZAQAR_PASSWORD=PASSWORD\n'),
|
||||
]
|
||||
self.assertEqual(sorted(mock_open().write.mock_calls), mock_calls)
|
||||
self.assertEqual(generate_password_mock.call_count, len(mock_calls))
|
||||
self.assertEqual(generate_password_mock.call_count +
|
||||
create_cephx_key_mock.call_count, len(mock_calls))
|
||||
|
||||
self.assertEqual(len(passwords), len(mock_calls))
|
||||
|
||||
|
@ -82,13 +90,20 @@ class TestPasswordsUtil(TestCase):
|
|||
@mock.patch("os.path.isfile", return_value=True)
|
||||
@mock.patch("passlib.utils.generate_password",
|
||||
return_value="PASSWORD")
|
||||
def test_load_passwords(self, generate_password_mock, isfile_mock):
|
||||
@mock.patch("tripleoclient.utils.create_cephx_key",
|
||||
return_value="CEPHX_KEY")
|
||||
def test_load_passwords(self, create_cephx_key_mock,
|
||||
generate_password_mock, isfile_mock):
|
||||
PASSWORDS = [
|
||||
'OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n',
|
||||
'OVERCLOUD_ADMIN_TOKEN=PASSWORD\n',
|
||||
'OVERCLOUD_AODH_PASSWORD=PASSWORD\n',
|
||||
'OVERCLOUD_CEILOMETER_PASSWORD=PASSWORD\n',
|
||||
'OVERCLOUD_CEILOMETER_SECRET=PASSWORD\n',
|
||||
'OVERCLOUD_CEPH_ADMIN_KEY=CEPHX_KEY\n',
|
||||
'OVERCLOUD_CEPH_CLIENT_KEY=CEPHX_KEY\n',
|
||||
'OVERCLOUD_CEPH_MON_KEY=CEPHX_KEY\n',
|
||||
'OVERCLOUD_CEPH_RGW_KEY=CEPHX_KEY\n',
|
||||
'OVERCLOUD_CINDER_PASSWORD=PASSWORD\n',
|
||||
'OVERCLOUD_DEMO_PASSWORD=PASSWORD\n',
|
||||
'OVERCLOUD_GLANCE_PASSWORD=PASSWORD\n',
|
||||
|
@ -111,7 +126,6 @@ class TestPasswordsUtil(TestCase):
|
|||
'OVERCLOUD_ZAQAR_PASSWORD=PASSWORD\n',
|
||||
'NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n',
|
||||
]
|
||||
|
||||
mock_open = mock.mock_open(read_data=''.join(PASSWORDS))
|
||||
mock_open.return_value.__iter__ = lambda self: self
|
||||
mock_open.return_value.__next__ = lambda self: self.readline()
|
||||
|
|
|
@ -85,11 +85,9 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
|||
@mock.patch('tripleoclient.utils.get_config_value', autospec=True)
|
||||
@mock.patch('tripleoclient.utils.check_hypervisor_stats',
|
||||
autospec=True)
|
||||
@mock.patch('tripleoclient.utils.create_cephx_key',
|
||||
autospec=True)
|
||||
@mock.patch('uuid.uuid1', autospec=True)
|
||||
@mock.patch('time.time', autospec=True)
|
||||
def test_tht_scale(self, mock_time, mock_uuid1, mock_create_cephx_key,
|
||||
def test_tht_scale(self, mock_time, mock_uuid1,
|
||||
mock_check_hypervisor_stats, mock_get_key,
|
||||
mock_create_env, generate_certs_mock,
|
||||
mock_get_templte_contents, mock_process_multiple_env,
|
||||
|
@ -110,7 +108,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
|||
('ceph_storage_scale', 3)
|
||||
]
|
||||
|
||||
mock_create_cephx_key.return_value = "cephx_key"
|
||||
mock_uuid1.return_value = "uuid"
|
||||
mock_time.return_value = 123456789
|
||||
|
||||
|
@ -149,6 +146,11 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
|||
'AodhPassword': 'password',
|
||||
'CeilometerMeteringSecret': 'password',
|
||||
'CeilometerPassword': 'password',
|
||||
'CephAdminKey': 'password',
|
||||
'CephClientKey': 'password',
|
||||
'CephClusterFSID': 'uuid',
|
||||
'CephMonKey': 'password',
|
||||
'CephRgwKey': 'password',
|
||||
'CephStorageCount': 3,
|
||||
'CinderPassword': 'password',
|
||||
'ExtraConfig': '{}',
|
||||
|
@ -247,11 +249,9 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
|||
@mock.patch('tripleoclient.utils.get_config_value', autospec=True)
|
||||
@mock.patch('tripleoclient.utils.check_hypervisor_stats',
|
||||
autospec=True)
|
||||
@mock.patch('tripleoclient.utils.create_cephx_key',
|
||||
autospec=True)
|
||||
@mock.patch('uuid.uuid1', autospec=True)
|
||||
@mock.patch('time.time', autospec=True)
|
||||
def test_tht_deploy(self, mock_time, mock_uuid1, mock_create_cephx_key,
|
||||
def test_tht_deploy(self, mock_time, mock_uuid1,
|
||||
mock_check_hypervisor_stats, mock_get_key,
|
||||
mock_create_env, generate_certs_mock,
|
||||
mock_get_templte_contents, mock_process_multiple_env,
|
||||
|
@ -271,7 +271,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
|||
('ceph_storage_scale', 3)
|
||||
]
|
||||
|
||||
mock_create_cephx_key.return_value = "cephx_key"
|
||||
mock_uuid1.return_value = "uuid"
|
||||
mock_time.return_value = 123456789
|
||||
|
||||
|
@ -313,11 +312,11 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
|||
'AodhPassword': 'password',
|
||||
'CeilometerMeteringSecret': 'password',
|
||||
'CeilometerPassword': 'password',
|
||||
'CephAdminKey': 'cephx_key',
|
||||
'CephClientKey': 'cephx_key',
|
||||
'CephAdminKey': 'password',
|
||||
'CephClientKey': 'password',
|
||||
'CephClusterFSID': 'uuid',
|
||||
'CephMonKey': 'cephx_key',
|
||||
'CephRgwKey': 'cephx_key',
|
||||
'CephMonKey': 'password',
|
||||
'CephRgwKey': 'password',
|
||||
'CephStorageCount': 3,
|
||||
'CinderPassword': 'password',
|
||||
'ExtraConfig': '{}',
|
||||
|
|
|
@ -17,6 +17,6 @@ from tripleoclient import utils
|
|||
|
||||
|
||||
def generate_overcloud_passwords_mock():
|
||||
passwords = utils._PASSWORD_NAMES
|
||||
passwords = utils._PASSWORD_NAMES + utils._CEPH_PASSWORD_NAMES
|
||||
|
||||
return dict((password, 'password') for password in passwords)
|
||||
|
|
|
@ -64,6 +64,12 @@ _PASSWORD_NAMES = (
|
|||
"OVERCLOUD_ZAQAR_PASSWORD",
|
||||
"NEUTRON_METADATA_PROXY_SHARED_SECRET"
|
||||
)
|
||||
_CEPH_PASSWORD_NAMES = (
|
||||
"OVERCLOUD_CEPH_MON_KEY",
|
||||
"OVERCLOUD_CEPH_ADMIN_KEY",
|
||||
"OVERCLOUD_CEPH_CLIENT_KEY",
|
||||
"OVERCLOUD_CEPH_RGW_KEY"
|
||||
)
|
||||
|
||||
|
||||
def generate_overcloud_passwords(output_file="tripleo-overcloud-passwords",
|
||||
|
@ -82,7 +88,8 @@ def generate_overcloud_passwords(output_file="tripleo-overcloud-passwords",
|
|||
passwords = {}
|
||||
if os.path.isfile(output_file):
|
||||
with open(output_file) as f:
|
||||
passwords = dict(line.split('=') for line in f.read().splitlines())
|
||||
passwords = dict(line.split('=', 1)
|
||||
for line in f.read().splitlines())
|
||||
elif not create_password_file:
|
||||
raise exceptions.PasswordFileNotFound(
|
||||
"The password file could not be found!")
|
||||
|
@ -92,6 +99,11 @@ def generate_overcloud_passwords(output_file="tripleo-overcloud-passwords",
|
|||
passwords[name] = passutils.generate_password(
|
||||
size=_MIN_PASSWORD_SIZE)
|
||||
|
||||
# CephX keys aren't random strings
|
||||
for name in _CEPH_PASSWORD_NAMES:
|
||||
if not passwords.get(name):
|
||||
passwords[name] = create_cephx_key()
|
||||
|
||||
with open(output_file, 'w') as f:
|
||||
for name, password in passwords.items():
|
||||
f.write("{0}={1}\n".format(name, password))
|
||||
|
|
|
@ -103,6 +103,10 @@ class DeployOvercloud(command.Command):
|
|||
parameters['ManilaPassword'] = passwords['OVERCLOUD_MANILA_PASSWORD']
|
||||
parameters['NeutronMetadataProxySharedSecret'] = (
|
||||
passwords['NEUTRON_METADATA_PROXY_SHARED_SECRET'])
|
||||
parameters['CephMonKey'] = passwords['OVERCLOUD_CEPH_MON_KEY']
|
||||
parameters['CephAdminKey'] = passwords['OVERCLOUD_CEPH_ADMIN_KEY']
|
||||
parameters['CephClientKey'] = passwords['OVERCLOUD_CEPH_CLIENT_KEY']
|
||||
parameters['CephRgwKey'] = passwords['OVERCLOUD_CEPH_RGW_KEY']
|
||||
|
||||
def _update_parameters(self, args, network_client, stack):
|
||||
parameters = {}
|
||||
|
@ -196,12 +200,7 @@ class DeployOvercloud(command.Command):
|
|||
|
||||
if stack_is_new:
|
||||
parameters.update({
|
||||
'CephClusterFSID': six.text_type(uuid.uuid1()),
|
||||
'CephMonKey': utils.create_cephx_key(),
|
||||
'CephAdminKey': utils.create_cephx_key(),
|
||||
'CephClientKey': utils.create_cephx_key(),
|
||||
'CephRgwKey': utils.create_cephx_key()
|
||||
})
|
||||
'CephClusterFSID': six.text_type(uuid.uuid1())})
|
||||
|
||||
return parameters
|
||||
|
||||
|
|
Loading…
Reference in New Issue