From 18274de03acadcf1ed7cf51226c24ce7b3829bb4 Mon Sep 17 00:00:00 2001
From: Giulio Fidente <gfidente@redhat.com>
Date: Mon, 11 May 2020 16:48:30 +0200
Subject: [PATCH] Remove Ceph{Admin,Mon,Mds}Key parameters

ceph-ansible does not support replacing these secrets for existing
clusters and it generates them randomly if unset

customizing the secret for fresh deployments is possible but causes
issues on upgrade to train for pre-existing deployments on queens
where it was generated randomly

this submission removes support for the parameters which allow for
customization of the secret, letting ceph-ansible create one and
reuse the existing one on upgrade

Change-Id: If77935345de70ae261b091b8bf49b997dc71a781
Closes-Bug: 1878014
---
 .../scenario001-multinode-containers.yaml       |  2 --
 ci/environments/scenario001-standalone.yaml     |  2 --
 ci/environments/scenario004-standalone.yaml     |  3 +--
 .../scenario010-multinode-containers.yaml       |  2 --
 ci/environments/scenario010-standalone.yaml     |  2 --
 deployment/ceph-ansible/ceph-mds.yaml           |  7 -------
 deployment/ceph-ansible/ceph-mon.yaml           | 17 +----------------
 environments/storage-environment.yaml           |  4 ----
 8 files changed, 2 insertions(+), 37 deletions(-)

diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml
index abc850fafe..ea9eabd31a 100644
--- a/ci/environments/scenario001-multinode-containers.yaml
+++ b/ci/environments/scenario001-multinode-containers.yaml
@@ -149,8 +149,6 @@ parameter_defaults:
   # a production deployment. What is here is suitable for
   # developer and CI testing only.
   CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
-  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   CephAnsiblePlaybookVerbosity: 1
   CephAnsibleEnvironmentVariables:
diff --git a/ci/environments/scenario001-standalone.yaml b/ci/environments/scenario001-standalone.yaml
index 096e504f0f..fc03b61679 100644
--- a/ci/environments/scenario001-standalone.yaml
+++ b/ci/environments/scenario001-standalone.yaml
@@ -88,8 +88,6 @@ parameter_defaults:
   # a production deployment. What is here is suitable for
   # developer and CI testing only.
   CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
-  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   CephExtraKeys:
     - name: "client.glance"
diff --git a/ci/environments/scenario004-standalone.yaml b/ci/environments/scenario004-standalone.yaml
index 52b89a12f9..4f3acafdb5 100644
--- a/ci/environments/scenario004-standalone.yaml
+++ b/ci/environments/scenario004-standalone.yaml
@@ -56,9 +56,8 @@ parameter_defaults:
   # a production deployment. What is here is suitable for
   # developer and CI testing only.
   CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
-  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+  CephRgwKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephAnsiblePlaybookVerbosity: 1
   CephAnsibleRepo: "tripleo-centos-ceph-nautilus"
   CephAnsibleEnvironmentVariables:
diff --git a/ci/environments/scenario010-multinode-containers.yaml b/ci/environments/scenario010-multinode-containers.yaml
index 34dd0a83c8..7c0af7d600 100644
--- a/ci/environments/scenario010-multinode-containers.yaml
+++ b/ci/environments/scenario010-multinode-containers.yaml
@@ -107,8 +107,6 @@ parameter_defaults:
   CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
   CephAnsibleRepo: "tripleo-centos-ceph-nautilus"
   CephClusterName: mycephcluster
-  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   NovaEnableRbdBackend: true
   CeilometerEnableGnocchi: true
diff --git a/ci/environments/scenario010-standalone.yaml b/ci/environments/scenario010-standalone.yaml
index f9c455e216..8769b4c574 100644
--- a/ci/environments/scenario010-standalone.yaml
+++ b/ci/environments/scenario010-standalone.yaml
@@ -62,8 +62,6 @@ parameter_defaults:
   # a production deployment. What is here is suitable for
   # developer and CI testing only.
   CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
-  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   CephAnsiblePlaybookVerbosity: 1
   CephAnsibleEnvironmentVariables:
diff --git a/deployment/ceph-ansible/ceph-mds.yaml b/deployment/ceph-ansible/ceph-mds.yaml
index 90f5bb041a..bf8eeec0b7 100644
--- a/deployment/ceph-ansible/ceph-mds.yaml
+++ b/deployment/ceph-ansible/ceph-mds.yaml
@@ -30,13 +30,6 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
-  CephMdsKey:
-    description: The cephx key for the MDS service. Can be created
-                 with ceph-authtool --gen-print-key.
-    type: string
-    hidden: true
-    constraints:
-    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephEnableDashboard:
     type: boolean
     default: false
diff --git a/deployment/ceph-ansible/ceph-mon.yaml b/deployment/ceph-ansible/ceph-mon.yaml
index 032344c7bf..e01dc634f2 100644
--- a/deployment/ceph-ansible/ceph-mon.yaml
+++ b/deployment/ceph-ansible/ceph-mon.yaml
@@ -30,19 +30,6 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
-  CephMonKey:
-    description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key.
-    type: string
-    hidden: true
-    constraints:
-    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
-  CephAdminKey:
-    default: ''
-    description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
-    type: string
-    hidden: true
-    constraints:
-    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephValidationRetries:
     type: number
     default: 40
@@ -75,9 +62,7 @@ resources:
     properties:
       type: json
       value:
-        vars:
-          monitor_secret: {get_param: CephMonKey}
-          admin_secret: {get_param: CephAdminKey}
+        vars: {}
 
 outputs:
   role_data:
diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml
index f6191b5d48..523a091cb4 100644
--- a/environments/storage-environment.yaml
+++ b/environments/storage-environment.yaml
@@ -77,10 +77,6 @@ parameter_defaults:
   ## Ceph FSID, e.g. '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
   # CephClusterFSID: ''
   ## Ceph monitor key, e.g. 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  # CephMonKey: ''
-  ## Ceph admin key, e.g. 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
-  # CephAdminKey: ''
-  ## Ceph client key, e.g 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   # CephClientKey: ''
   ## OSDs configuration
   ## See https://github.com/ceph/ceph-ansible/blob/stable-3.0/docs/source/osds/scenarios.rst