Generate CephX keys via generate_overcloud_passwords

Change-Id: Iadac22a96f182bf4ac45fdee56c9333d5b6aa111 Closes-Bug: 1607407 Depends-On: If238f34fe5ac9b9990044020d039a281536c47ee
2016-07-28 16:58:29 +02:00 · 2016-07-28 16:58:29 +02:00 · ce0f9b8f83
parent defa3f3dbd
commit ce0f9b8f83
5 changed files with 48 additions and 24 deletions
--- a/tripleoclient/tests/test_utils.py
+++ b/tripleoclient/tests/test_utils.py
@ -31,7 +31,10 @@ class TestPasswordsUtil(TestCase):
    @mock.patch("os.path.isfile", return_value=False)
    @mock.patch("passlib.utils.generate_password",
                return_value="PASSWORD")
-    def test_generate_passwords(self, generate_password_mock, isfile_mock):
+    @mock.patch("tripleoclient.utils.create_cephx_key",
+                return_value="CEPHX_KEY")
+    def test_generate_passwords(self, create_cephx_key_mock,
+                                generate_password_mock, isfile_mock):

        mock_open = mock.mock_open()

@ -45,6 +48,10 @@ class TestPasswordsUtil(TestCase):
            mock.call('OVERCLOUD_AODH_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_CEILOMETER_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_CEILOMETER_SECRET=PASSWORD\n'),
+            mock.call('OVERCLOUD_CEPH_ADMIN_KEY=CEPHX_KEY\n'),
+            mock.call('OVERCLOUD_CEPH_CLIENT_KEY=CEPHX_KEY\n'),
+            mock.call('OVERCLOUD_CEPH_MON_KEY=CEPHX_KEY\n'),
+            mock.call('OVERCLOUD_CEPH_RGW_KEY=CEPHX_KEY\n'),
            mock.call('OVERCLOUD_CINDER_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_DEMO_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_GLANCE_PASSWORD=PASSWORD\n'),
@ -67,7 +74,8 @@ class TestPasswordsUtil(TestCase):
            mock.call('OVERCLOUD_ZAQAR_PASSWORD=PASSWORD\n'),
        ]
        self.assertEqual(sorted(mock_open().write.mock_calls), mock_calls)
-        self.assertEqual(generate_password_mock.call_count, len(mock_calls))
+        self.assertEqual(generate_password_mock.call_count +
+                         create_cephx_key_mock.call_count, len(mock_calls))

        self.assertEqual(len(passwords), len(mock_calls))

@ -82,13 +90,20 @@ class TestPasswordsUtil(TestCase):
    @mock.patch("os.path.isfile", return_value=True)
    @mock.patch("passlib.utils.generate_password",
                return_value="PASSWORD")
-    def test_load_passwords(self, generate_password_mock, isfile_mock):
+    @mock.patch("tripleoclient.utils.create_cephx_key",
+                return_value="CEPHX_KEY")
+    def test_load_passwords(self, create_cephx_key_mock,
+                            generate_password_mock, isfile_mock):
        PASSWORDS = [
            'OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n',
            'OVERCLOUD_ADMIN_TOKEN=PASSWORD\n',
            'OVERCLOUD_AODH_PASSWORD=PASSWORD\n',
            'OVERCLOUD_CEILOMETER_PASSWORD=PASSWORD\n',
            'OVERCLOUD_CEILOMETER_SECRET=PASSWORD\n',
+            'OVERCLOUD_CEPH_ADMIN_KEY=CEPHX_KEY\n',
+            'OVERCLOUD_CEPH_CLIENT_KEY=CEPHX_KEY\n',
+            'OVERCLOUD_CEPH_MON_KEY=CEPHX_KEY\n',
+            'OVERCLOUD_CEPH_RGW_KEY=CEPHX_KEY\n',
            'OVERCLOUD_CINDER_PASSWORD=PASSWORD\n',
            'OVERCLOUD_DEMO_PASSWORD=PASSWORD\n',
            'OVERCLOUD_GLANCE_PASSWORD=PASSWORD\n',
@ -111,7 +126,6 @@ class TestPasswordsUtil(TestCase):
            'OVERCLOUD_ZAQAR_PASSWORD=PASSWORD\n',
            'NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n',
        ]
-
        mock_open = mock.mock_open(read_data=''.join(PASSWORDS))
        mock_open.return_value.__iter__ = lambda self: self
        mock_open.return_value.__next__ = lambda self: self.readline()
--- a/tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py
+++ b/tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py
@ -85,11 +85,9 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
    @mock.patch('tripleoclient.utils.get_config_value', autospec=True)
    @mock.patch('tripleoclient.utils.check_hypervisor_stats',
                autospec=True)
-    @mock.patch('tripleoclient.utils.create_cephx_key',
-                autospec=True)
    @mock.patch('uuid.uuid1', autospec=True)
    @mock.patch('time.time', autospec=True)
-    def test_tht_scale(self, mock_time, mock_uuid1, mock_create_cephx_key,
+    def test_tht_scale(self, mock_time, mock_uuid1,
                       mock_check_hypervisor_stats, mock_get_key,
                       mock_create_env, generate_certs_mock,
                       mock_get_templte_contents, mock_process_multiple_env,
@ -110,7 +108,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
            ('ceph_storage_scale', 3)
        ]

-        mock_create_cephx_key.return_value = "cephx_key"
        mock_uuid1.return_value = "uuid"
        mock_time.return_value = 123456789

@ -149,6 +146,11 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
            'AodhPassword': 'password',
            'CeilometerMeteringSecret': 'password',
            'CeilometerPassword': 'password',
+            'CephAdminKey': 'password',
+            'CephClientKey': 'password',
+            'CephClusterFSID': 'uuid',
+            'CephMonKey': 'password',
+            'CephRgwKey': 'password',
            'CephStorageCount': 3,
            'CinderPassword': 'password',
            'ExtraConfig': '{}',
@ -247,11 +249,9 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
    @mock.patch('tripleoclient.utils.get_config_value', autospec=True)
    @mock.patch('tripleoclient.utils.check_hypervisor_stats',
                autospec=True)
-    @mock.patch('tripleoclient.utils.create_cephx_key',
-                autospec=True)
    @mock.patch('uuid.uuid1', autospec=True)
    @mock.patch('time.time', autospec=True)
-    def test_tht_deploy(self, mock_time, mock_uuid1, mock_create_cephx_key,
+    def test_tht_deploy(self, mock_time, mock_uuid1,
                        mock_check_hypervisor_stats, mock_get_key,
                        mock_create_env, generate_certs_mock,
                        mock_get_templte_contents, mock_process_multiple_env,
@ -271,7 +271,6 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
            ('ceph_storage_scale', 3)
        ]

-        mock_create_cephx_key.return_value = "cephx_key"
        mock_uuid1.return_value = "uuid"
        mock_time.return_value = 123456789

@ -313,11 +312,11 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
            'AodhPassword': 'password',
            'CeilometerMeteringSecret': 'password',
            'CeilometerPassword': 'password',
-            'CephAdminKey': 'cephx_key',
-            'CephClientKey': 'cephx_key',
+            'CephAdminKey': 'password',
+            'CephClientKey': 'password',
            'CephClusterFSID': 'uuid',
-            'CephMonKey': 'cephx_key',
-            'CephRgwKey': 'cephx_key',
+            'CephMonKey': 'password',
+            'CephRgwKey': 'password',
            'CephStorageCount': 3,
            'CinderPassword': 'password',
            'ExtraConfig': '{}',
--- a/tripleoclient/tests/v1/utils.py
+++ b/tripleoclient/tests/v1/utils.py
@ -17,6 +17,6 @@ from tripleoclient import utils


 def generate_overcloud_passwords_mock():
-    passwords = utils._PASSWORD_NAMES
+    passwords = utils._PASSWORD_NAMES + utils._CEPH_PASSWORD_NAMES

    return dict((password, 'password') for password in passwords)
--- a/tripleoclient/utils.py
+++ b/tripleoclient/utils.py
@ -64,6 +64,12 @@ _PASSWORD_NAMES = (
    "OVERCLOUD_ZAQAR_PASSWORD",
    "NEUTRON_METADATA_PROXY_SHARED_SECRET"
 )
+_CEPH_PASSWORD_NAMES = (
+    "OVERCLOUD_CEPH_MON_KEY",
+    "OVERCLOUD_CEPH_ADMIN_KEY",
+    "OVERCLOUD_CEPH_CLIENT_KEY",
+    "OVERCLOUD_CEPH_RGW_KEY"
+)


 def generate_overcloud_passwords(output_file="tripleo-overcloud-passwords",
@ -82,7 +88,8 @@ def generate_overcloud_passwords(output_file="tripleo-overcloud-passwords",
    passwords = {}
    if os.path.isfile(output_file):
        with open(output_file) as f:
-            passwords = dict(line.split('=') for line in f.read().splitlines())
+            passwords = dict(line.split('=', 1)
+                             for line in f.read().splitlines())
    elif not create_password_file:
        raise exceptions.PasswordFileNotFound(
            "The password file could not be found!")
@ -92,6 +99,11 @@ def generate_overcloud_passwords(output_file="tripleo-overcloud-passwords",
            passwords[name] = passutils.generate_password(
                size=_MIN_PASSWORD_SIZE)

+    # CephX keys aren't random strings
+    for name in _CEPH_PASSWORD_NAMES:
+        if not passwords.get(name):
+            passwords[name] = create_cephx_key()
+
    with open(output_file, 'w') as f:
        for name, password in passwords.items():
            f.write("{0}={1}\n".format(name, password))
--- a/tripleoclient/v1/overcloud_deploy.py
+++ b/tripleoclient/v1/overcloud_deploy.py
@ -103,6 +103,10 @@ class DeployOvercloud(command.Command):
        parameters['ManilaPassword'] = passwords['OVERCLOUD_MANILA_PASSWORD']
        parameters['NeutronMetadataProxySharedSecret'] = (
            passwords['NEUTRON_METADATA_PROXY_SHARED_SECRET'])
+        parameters['CephMonKey'] = passwords['OVERCLOUD_CEPH_MON_KEY']
+        parameters['CephAdminKey'] = passwords['OVERCLOUD_CEPH_ADMIN_KEY']
+        parameters['CephClientKey'] = passwords['OVERCLOUD_CEPH_CLIENT_KEY']
+        parameters['CephRgwKey'] = passwords['OVERCLOUD_CEPH_RGW_KEY']

    def _update_parameters(self, args, network_client, stack):
        parameters = {}
@ -196,12 +200,7 @@ class DeployOvercloud(command.Command):

        if stack_is_new:
            parameters.update({
-                'CephClusterFSID': six.text_type(uuid.uuid1()),
-                'CephMonKey': utils.create_cephx_key(),
-                'CephAdminKey': utils.create_cephx_key(),
-                'CephClientKey': utils.create_cephx_key(),
-                'CephRgwKey': utils.create_cephx_key()
-            })
+                'CephClusterFSID': six.text_type(uuid.uuid1())})

        return parameters