Do not rotate CephX secrets

we do not want the CephX keys to rotate by default, some cannot
be changed at all after the cluster has been deployed

Change-Id: Iefe87eb869e248ea1e98d9ae34cdeeea57aa5426
(cherry picked from commit 621ebcea78)

tripleo_common/constants.py

@@ -154,6 +154,10 @@ DO_NOT_ROTATE_LIST = (
     'KeystoneFernetKey0',
     'KeystoneFernetKey1',
     'KeystoneFernetKeys',
+    'CephClientKey',
+    'CephClusterFSID',
+    'CephManilaClientKey',
+    'CephRgwKey',
 )
 
 PLAN_NAME_PATTERN = '^[a-zA-Z0-9-]+$'

tripleo_common/utils/passwords.py

@@ -52,13 +52,12 @@ def generate_passwords(mistralclient=None, stack_env=None,
         if (stack_env and name in stack_env.get('parameter_defaults', {}) and
                 not rotate_passwords):
             passwords[name] = stack_env['parameter_defaults'][name]
-        elif name.startswith("Ceph"):
+        elif name in ('CephClientKey', 'CephManilaClientKey', 'CephRgwKey'):
-            if name == "CephClusterFSID":
+            # CephX keys aren't random strings
-                # The FSID must be a UUID
+            passwords[name] = create_cephx_key()
-                passwords[name] = six.text_type(uuid.uuid4())
+        elif name == "CephClusterFSID":
-            else:
+            # The FSID must be a UUID
-                # CephX keys aren't random strings
+            passwords[name] = six.text_type(uuid.uuid4())
-                passwords[name] = create_cephx_key()
         # Since by default passlib.pwd.genword uses all digits and ascii upper
         # & lowercase letters, it provides ~5.95 entropy per character.
         # Make the length of the default authkey 4096 bytes, which should give