starlingx/ansible-playbooks
Code Issues Proposed changes

Merge "Remove unused upgrade code"

Browse Source
This commit is contained in:
Zuul
2021-06-30 21:21:50 +00:00
committed by Gerrit Code Review
parent 5ad0959350 6503e22fe4
commit bb5c6fbcc7
2 changed files with 0 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
playbookconfig/src/playbooks/enable_secured_etcd.yml
View File

@@ -1,98 +0,0 @@
---
#
# Copyright (c) 2020 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
# ROLE DESCRIPTION:
# Enable secured etcd.
# This file can be removed in the release after STX5.0
- hosts: all
become: yes
become_user: root
tasks:
- name: Create cert for etcd server and client
import_role:
name: common/create-etcd-certs
- name: Create etcd cert permdir
file:
path: "{{ config_permdir + '/etcd' }}"
state: directory
mode: 0700
- name: Copy etcd certificates to config_permdir
copy:
src: "/etc/etcd/{{ item }}"
dest: "{{ config_permdir + '/etcd' }}/{{ item }}"
remote_src: yes
force: yes
with_items:
- "etcd-server.crt"
- "etcd-server.key"
- "etcd-client.crt"
- "etcd-client.key"
- "apiserver-etcd-client.crt"
- "apiserver-etcd-client.key"
- "ca.crt"
- "ca.key"
- name: Copy apiserver-etcd-client cert
copy:
src: "/etc/etcd/{{ item }}"
dest: "/etc/kubernetes/pki/{{ item }}"
remote_src: yes
force: yes
with_items:
- "apiserver-etcd-client.crt"
- "apiserver-etcd-client.key"
- name: Write security settings to hieradata
lineinfile:
path: "{{ puppet_permdir }}/hieradata/static.yaml"
line: "{{ item }}"
with_items:
- "platform::etcd::params::security_enabled: true"
- "platform::etcd::params::bind_address: {{ cluster_floating_address }}"
- "platform::etcd::params::bind_address_version: {{ etcd_listen_address_version }}"
- name: Create list of etcd classes to pass to puppet
copy:
dest: "/tmp/etcd.yml"
content: |
classes:
- platform::etcd::upgrade::runtime
- name: Applying puppet for enabling etcd security
command: >
/usr/local/bin/puppet-manifest-apply.sh
{{ puppet_permdir }}/hieradata/
{{ ipaddress }}
controller runtime /tmp/etcd.yml
register: etcd_apply_result
failed_when: false
environment:
LC_ALL: "en_US.UTF-8"
- block:
- name: Remove bind address and address version
lineinfile:
dest: "{{ puppet_permdir }}/hieradata/static.yaml"
regexp: "{{ item }}"
state: absent
with_items:
- "^platform::etcd::params::bind_address"
- "^platform::etcd::params::bind_address_version"
- name: Revert security_enable flag
lineinfile:
dest: "{{ puppet_permdir }}/hieradata/static.yaml"
regexp: "^platform::etcd::params::security_enabled"
line: "platform::etcd::params::security_enabled: false"
- name: Fail if puppet manifest apply script returns an error
fail:
msg: >-
Failed to apply etcd manifest!
when: etcd_apply_result.rc != 0

71
playbookconfig/src/playbooks/roles/bootstrap/apply-manifest/tasks/apply_bootstrap_manifest.yml
View File

@@ -66,52 +66,6 @@
warn: false
when: migrate_platform_data is defined and migrate_platform_data
# The helmv2 database is new in the release stx5.0. The AIO-SX
# upgrade from stx4.0 to stx5.0 requires a password to be generated
# and written into hieradata to access the DB. This can be removed
# in the release that follows stx5.0
- block:
- name: Generate helmv2 database password and store in keyring
vars:
script_content: |
import keyring
import os
from sysinv.common import utils
helmv2_db_pw = keyring.get_password("helmv2", "database")
if helmv2_db_pw:
print helmv2_db_pw
exit()
os.environ['XDG_DATA_HOME'] = '/tmp'
try:
helmv2_db_pw = utils.generate_random_password(length=16)
keyring.set_password("helmv2", "database", helmv2_db_pw)
print helmv2_db_pw
except Exception as e:
raise Exception("Failed to generate password for helmv2:%s" % e)
finally:
del os.environ['XDG_DATA_HOME']
shell: "{{ script_content }}"
args:
executable: /usr/bin/python
register: helmv2_db_pw_output
no_log: true
- name: Write helmv2 database username to hieradata
lineinfile:
path: "{{ hieradata_workdir }}/static.yaml"
line: "platform::helm::v2::db::postgresql::user: admin-helmv2"
- name: Write helmv2 database password to hieradata
lineinfile:
path: "{{ hieradata_workdir }}/secure_static.yaml"
line: "platform::helm::v2::db::postgresql::password: {{ helmv2_db_pw_output.stdout }}"
when: (migrate_platform_data is defined and
migrate_platform_data and
upgrade_metadata.from_release == "20.06")
- name: Restore etcd certificates.
shell: tar -C / --overwrite -xpf {{ restore_data_file }} {{ item }}
args:
@@ -128,31 +82,6 @@
- '*.key'
register: etcd_certs_find_output
# This is for simplex upgrade from STX 4.0 to 5.0
- block:
- name: set kubeadm_pki_dir
set_fact:
kubeadm_pki_dir: /etc/kubernetes/pki
- name: Create pki directory for kubernetes certificates
file:
path: "{{ kubeadm_pki_dir }}"
state: directory
mode: 0700
- name: Restore CA
shell: tar -C / --overwrite -xpf {{ restore_data_file }} {{ item }}
args:
warn: false
with_items:
- "{{ kubeadm_pki_dir | regex_replace('^\\/', '') }}"
become_user: root
- name: Create certs for etcd server and client for simplex upgrade
import_role:
name: common/create-etcd-certs
when: etcd_certs_find_output.matched == 0
- name: Check if apiserver-keys are present in the backup tarball
shell: "tar -tf {{ restore_data_file }} | grep 'etc/kubernetes/pki/apiserver-etcd-client.*'"
args: