Merge "Remove subcloud admin endpoint data migration"

controllerconfig/controllerconfig/scripts/controller_config

@@ -389,15 +389,6 @@ start()
         fi
     fi
 
-    if [ -e $CONFIG_DIR/admin-ep-cert.pem ]
-    then
-        cp $CONFIG_DIR/admin-ep-cert.pem /etc/ssl/private/
-        if [ $? -ne 0 ]
-        then
-            fatal_error "Unable to copy $CONFIG_DIR/admin-ep-cert.pem to certificates dir"
-        fi
-    fi
-
     if [ -e $CONFIG_DIR/dc-adminep-root-ca.crt ]
     then
         cp $CONFIG_DIR/dc-adminep-root-ca.crt /etc/pki/ca-trust/source/anchors/

controllerconfig/controllerconfig/upgrade-scripts/85-update-sc-admin-endpoint-cert.py

@@ -9,15 +9,9 @@
 # This script can be removed in the release that follows stx.5.0
 #
 
-import base64
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
-from cryptography import x509
-from shutil import copyfile
 import socket
 import subprocess
 import sys
-import time
 
 from controllerconfig.common import log
 
@@ -117,67 +111,6 @@ def update_sc_admin_endpoint_cert(to_release):
     else:
         raise Exception('Command failed after retries: %s' % cmd)
 
-    # Extract subcloud admin endpoint certificate.
-    # There is an issue with cert-manager where even though the certificate is
-    # reported as ready from the previous command, the actual data extracted is
-    # still empty. So we retry if no valid certificate data is extracted, and
-    # retry for private key data for the same reason.
-    cmd = "kubectl --kubeconfig=/etc/kubernetes/admin.conf get secret \
-           sc-adminep-certificate -n sc-cert -o=jsonpath='{.data.tls\.crt}'"
-    for attempt in range(3):
-        try:
-            cert = execute_command(cmd)
-            if not cert:
-                raise Exception('Certificate extracted is empty.')
-            cert = base64.b64decode(cert)
-
-            # Test loading the certificate to ensure it's valid
-            x509.load_pem_x509_certificate(cert, default_backend())
-        except Exception as e:
-            LOG.info('Failed to extract certificate: %s Will retry.' % e)
-            time.sleep(5)
-            continue
-        else:
-            break
-    else:
-        raise Exception('Failed to extract certificate from cert-manager.')
-
-    # Extract subcloud admin endpoint private key,
-    # Retry if no valid private key data is extracted.
-    cmd = "kubectl --kubeconfig=/etc/kubernetes/admin.conf get secret \
-           sc-adminep-certificate -n sc-cert -o=jsonpath='{.data.tls\.key}'"
-    for attempt in range(3):
-        try:
-            key = execute_command(cmd)
-            if not key:
-                raise Exception('Private key extracted is empty.')
-            key = base64.b64decode(key)
-
-            # Test loading the private key to ensure it's valid
-            serialization.load_pem_private_key(key, password=None,
-                                               backend=default_backend())
-        except Exception as e:
-            LOG.info('Failed to extract private key: %s Will retry.' % e)
-            time.sleep(5)
-            continue
-        else:
-            break
-    else:
-        raise Exception('Failed to extract private key from cert-manager.')
-
-    # Create haproxy tls certificate
-    cert_file = "/etc/ssl/private/admin-ep-cert.pem"
-    with open(cert_file, 'w') as f:
-        f.write(key + cert)
-
-    # Copy admin endpoint certficates to the shared filesystem directory
-    shared_file = "/opt/platform/config/%s/admin-ep-cert.pem" % to_release
-    copyfile(cert_file, shared_file)
-
-    # Restart haproxy to take the new cert
-    cmd = "sm-restart service haproxy"
-    execute_command(cmd)
-
     LOG.info('Subcloud admin endpoint certificate updated successfully')