Clean up kolla-ansible related files from Kolla
- Remove globals.yml and passwords.yml files. - The gate was still using these files from the kolla directory. Modified the gate to prevent using these files from the kolla directory. - Modified the deploy_aio.sh file to populate passwords in passwords.yml using kolla-ansible. Change-Id: I1ed7849d54cab6d5a9217dced73327ea13f06636 Closes-Bug: #1653035
This commit is contained in:
		 Sayantani Goswami
					Sayantani Goswami
				
			
				
					committed by
					
						 sayantani
						sayantani
					
				
			
			
				
	
			
			
			 sayantani
						sayantani
					
				
			
						parent
						
							37168c55a1
						
					
				
				
					commit
					c07d95e1af
				
			
							
								
								
									
										0
									
								
								etc/kolla/.keep
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										0
									
								
								etc/kolla/.keep
									
									
									
									
									
										Normal file
									
								
							| @@ -1,273 +0,0 @@ | ||||
| --- | ||||
| # You can use this file to override _any_ variable throughout Kolla. | ||||
| # Additional options can be found in the 'kolla/ansible/group_vars/all.yml' file. | ||||
| # Default value of all the commented parameters are shown here, To override | ||||
| # the default value uncomment the parameter and change its value. | ||||
|  | ||||
| ################### | ||||
| # Kolla options | ||||
| ################### | ||||
| # Valid options are [ COPY_ONCE, COPY_ALWAYS ] | ||||
| #config_strategy: "COPY_ALWAYS" | ||||
|  | ||||
| # Valid options are [ centos, oraclelinux, ubuntu ] | ||||
| #kolla_base_distro: "centos" | ||||
|  | ||||
| # Valid options are [ binary, source ] | ||||
| #kolla_install_type: "binary" | ||||
|  | ||||
| # Valid option is Docker repository tag | ||||
| #openstack_release: "3.0.0" | ||||
|  | ||||
| # Location of configuration overrides | ||||
| #node_custom_config: "/etc/kolla/config" | ||||
|  | ||||
| # This should be a VIP, an unused IP on your network that will float between | ||||
| # the hosts running keepalived for high-availability. When running an All-In-One | ||||
| # without haproxy and keepalived, this should be the first IP on your | ||||
| # 'network_interface' as set in the Networking section below. | ||||
| kolla_internal_vip_address: "10.10.10.254" | ||||
|  | ||||
| # This is the DNS name that maps to the kolla_internal_vip_address VIP. By | ||||
| # default it is the same as kolla_internal_vip_address. | ||||
| #kolla_internal_fqdn: "{{ kolla_internal_vip_address }}" | ||||
|  | ||||
| # This should be a VIP, an unused IP on your network that will float between | ||||
| # the hosts running keepalived for high-availability. It defaults to the | ||||
| # kolla_internal_vip_address, allowing internal and external communication to | ||||
| # share the same address.  Specify a kolla_external_vip_address to separate | ||||
| # internal and external requests between two VIPs. | ||||
| #kolla_external_vip_address: "{{ kolla_internal_vip_address }}" | ||||
|  | ||||
| # The Public address used to communicate with OpenStack as set in the public_url | ||||
| # for the endpoints that will be created. This DNS name should map to | ||||
| # kolla_external_vip_address. | ||||
| #kolla_external_fqdn: "{{ kolla_external_vip_address }}" | ||||
|  | ||||
| #################### | ||||
| # Docker options | ||||
| #################### | ||||
| # Below is an example of a private repository with authentication. Note the | ||||
| # Docker registry password can also be set in the passwords.yml file. | ||||
|  | ||||
| #docker_registry: "172.16.0.10:4000" | ||||
| #docker_namespace: "companyname" | ||||
| #docker_registry_username: "sam" | ||||
| #docker_registry_password: "correcthorsebatterystaple" | ||||
|  | ||||
|  | ||||
| ############################### | ||||
| # Neutron - Networking Options | ||||
| ############################### | ||||
| # This interface is what all your api services will be bound to by default. | ||||
| # Additionally, all vxlan/tunnel and storage network traffic will go over this | ||||
| # interface by default. This interface must contain an IPv4 address. | ||||
| # It is possible for hosts to have non-matching names of interfaces - these can | ||||
| # be set in an inventory file per host or per group or stored separately, see | ||||
| #     http://docs.ansible.com/ansible/intro_inventory.html | ||||
| # Yet another way to workaround the naming problem is to create a bond for the | ||||
| # interface on all hosts and give the bond name here. Similar strategy can be | ||||
| # followed for other types of interfaces. | ||||
| #network_interface: "eth0" | ||||
|  | ||||
| # These can be adjusted for even more customization. The default is the same as | ||||
| # the 'network_interface'. These interfaces must contain an IPv4 address. | ||||
| #kolla_external_vip_interface: "{{ network_interface }}" | ||||
| #api_interface: "{{ network_interface }}" | ||||
| #storage_interface: "{{ network_interface }}" | ||||
| #cluster_interface: "{{ network_interface }}" | ||||
| #tunnel_interface: "{{ network_interface }}" | ||||
|  | ||||
| # This is the raw interface given to neutron as its external network port. Even | ||||
| # though an IP address can exist on this interface, it will be unusable in most | ||||
| # configurations. It is recommended this interface not be configured with any IP | ||||
| # addresses for that reason. | ||||
| #neutron_external_interface: "eth1" | ||||
|  | ||||
| # Valid options are [ openvswitch, linuxbridge ] | ||||
| #neutron_plugin_agent: "openvswitch" | ||||
|  | ||||
|  | ||||
| #################### | ||||
| # keepalived options | ||||
| #################### | ||||
| # Arbitrary unique number from 0..255 | ||||
| #keepalived_virtual_router_id: "51" | ||||
|  | ||||
|  | ||||
| #################### | ||||
| # TLS options | ||||
| #################### | ||||
| # To provide encryption and authentication on the kolla_external_vip_interface, | ||||
| # TLS can be enabled.  When TLS is enabled, certificates must be provided to | ||||
| # allow clients to perform authentication. | ||||
| #kolla_enable_tls_external: "no" | ||||
| #kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem" | ||||
|  | ||||
|  | ||||
| #################### | ||||
| # OpenStack options | ||||
| #################### | ||||
| # Use these options to set the various log levels across all OpenStack projects | ||||
| # Valid options are [ True, False ] | ||||
| #openstack_logging_debug: "False" | ||||
|  | ||||
| # Valid options are [ novnc, spice ] | ||||
| #nova_console: "novnc" | ||||
|  | ||||
| # OpenStack services can be enabled or disabled with these options | ||||
| #enable_aodh: "no" | ||||
| #enable_barbican: "no" | ||||
| #enable_ceilometer: "no" | ||||
| #enable_central_logging: "no" | ||||
| #enable_ceph: "no" | ||||
| #enable_ceph_rgw: "no" | ||||
| #enable_cinder: "no" | ||||
| #enable_cinder_backend_iscsi: "no" | ||||
| #enable_cinder_backend_lvm: "no" | ||||
| #enable_cinder_backend_nfs: "no" | ||||
| #enable_cloudkitty: "no" | ||||
| #enable_congress: "no" | ||||
| #enable_designate: "no" | ||||
| #enable_etcd: "no" | ||||
| #enable_gnocchi: "no" | ||||
| #enable_grafana: "no" | ||||
| #enable_heat: "yes" | ||||
| #enable_horizon: "yes" | ||||
| #enable_influxdb: "no" | ||||
| #enable_ironic: "no" | ||||
| #enable_kuryr: "no" | ||||
| #enable_magnum: "no" | ||||
| #enable_manila: "no" | ||||
| #enable_manila_backend_generic: "no" | ||||
| #enable_manila_backend_hnas: "no" | ||||
| #enable_mistral: "no" | ||||
| #enable_mongodb: "no" | ||||
| #enable_murano: "no" | ||||
| #enable_multipathd: "no" | ||||
| #enable_neutron_dvr: "no" | ||||
| #enable_neutron_lbaas: "no" | ||||
| #enable_neutron_qos: "no" | ||||
| #enable_neutron_agent_ha: "no" | ||||
| #enable_neutron_vpnaas: "no" | ||||
| #enable_rally: "no" | ||||
| #enable_sahara: "no" | ||||
| #enable_searchlight: "no" | ||||
| #enable_senlin: "no" | ||||
| #enable_swift: "no" | ||||
| #enable_telegraf: "no" | ||||
| #enable_tempest: "no" | ||||
| #enable_watcher: "no" | ||||
|  | ||||
| ################### | ||||
| # Ceph options | ||||
| ################### | ||||
| # Ceph can be setup with a caching to improve performance. To use the cache you | ||||
| # must provide separate disks than those for the OSDs | ||||
| #ceph_enable_cache: "no" | ||||
| # Valid options are [ forward, none, writeback ] | ||||
| #ceph_cache_mode: "writeback" | ||||
|  | ||||
| # A requirement for using the erasure-coded pools is you must setup a cache tier | ||||
| # Valid options are [ erasure, replicated ] | ||||
| #ceph_pool_type: "replicated" | ||||
|  | ||||
|  | ||||
| ############################## | ||||
| # Keystone - Identity Options | ||||
| ############################## | ||||
|  | ||||
| # Valid options are [ uuid, fernet ] | ||||
| #keystone_token_provider: 'uuid' | ||||
|  | ||||
| # Interval to rotate fernet keys by (in seconds). Must be an interval of | ||||
| # 60(1 min), 120(2 min), 180(3 min), 240(4 min), 300(5 min), 360(6 min), | ||||
| # 600(10 min), 720(12 min), 900(15 min), 1200(20 min), 1800(30 min), | ||||
| # 3600(1 hour), 7200(2 hour), 10800(3 hour), 14400(4 hour), 21600(6 hour), | ||||
| # 28800(8 hour), 43200(12 hour), 86400(1 day), 604800(1 week). | ||||
| #fernet_token_expiry: 86400 | ||||
|  | ||||
|  | ||||
| ######################### | ||||
| # Glance - Image Options | ||||
| ######################### | ||||
| # Configure image back end. | ||||
| #glance_backend_file: "yes" | ||||
| #glance_backend_ceph: "no" | ||||
|  | ||||
| ####################### | ||||
| # Ceilometer options | ||||
| ####################### | ||||
| # Valid options are [ mongodb, mysql, gnocchi ] | ||||
| #ceilometer_database_type: "mongodb" | ||||
|  | ||||
|  | ||||
| ####################### | ||||
| # Gnocchi options | ||||
| ####################### | ||||
| # Valid options are [ file, ceph ] | ||||
| #gnocchi_backend_storage: "{{ 'ceph' if enable_ceph|bool else 'file' }}" | ||||
|  | ||||
|  | ||||
| ################################# | ||||
| # Cinder - Block Storage Options | ||||
| ################################# | ||||
| # Enable / disable Cinder backends | ||||
| #cinder_backend_ceph: "{{ enable_ceph }}" | ||||
|  | ||||
| #cinder_volume_group: "cinder-volumes" | ||||
|  | ||||
|  | ||||
| ######################### | ||||
| # Nova - Compute Options | ||||
| ######################### | ||||
| #nova_backend_ceph: "{{ enable_ceph }}" | ||||
|  | ||||
|  | ||||
| ############################## | ||||
| # Horizon - Dashboard Options | ||||
| ############################## | ||||
| #horizon_backend_database: "no" | ||||
|  | ||||
|  | ||||
| ####################################### | ||||
| # Manila - Shared File Systems Options | ||||
| ####################################### | ||||
| # HNAS backend configuration | ||||
| #hnas_ip: | ||||
| #hnas_user: | ||||
| #hnas_password: | ||||
| #hnas_evs_id: | ||||
| #hnas_evs_ip: | ||||
| #hnas_file_system_name: | ||||
|  | ||||
| ################################## | ||||
| # Swift - Object Storage Options | ||||
| ################################## | ||||
| # Swift expects block devices to be available for storage. Two types of storage | ||||
| # are supported: 1 - storage device with a special partition name and filesystem | ||||
| # label, 2 - unpartitioned disk  with a filesystem. The label of this filesystem | ||||
| # is used to detect the disk which Swift will be using. | ||||
|  | ||||
| # Swift support two mathcing modes, valid options are [ prefix, strict ] | ||||
| #swift_devices_match_mode: "strict" | ||||
|  | ||||
| # This parameter defines matching pattern: if "strict" mode was selected, | ||||
| # for swift_devices_match_mode then swift_device_name should specify the name of | ||||
| # the special swift partition for example: "KOLLA_SWIFT_DATA", if "prefix" mode was | ||||
| # selected then swift_devices_name should specify a pattern which would match to | ||||
| # filesystems' labels prepared for swift. | ||||
| #swift_devices_name: "KOLLA_SWIFT_DATA" | ||||
|  | ||||
|  | ||||
| ################################################ | ||||
| # Tempest - The OpenStack Integration Test Suite | ||||
| ################################################ | ||||
| # following value must be set when enable tempest | ||||
| tempest_image_id: | ||||
| tempest_flavor_ref_id: | ||||
| tempest_public_network_id: | ||||
| tempest_floating_network_name: | ||||
|  | ||||
| # tempest_image_alt_id: "{{ tempest_image_id }}" | ||||
| # tempest_flavor_ref_alt_id: "{{ tempest_flavor_ref_id }}" | ||||
| @@ -1,154 +0,0 @@ | ||||
| --- | ||||
| ################### | ||||
| # Ceph options | ||||
| #################### | ||||
| # These options must be UUID4 values in string format | ||||
| # XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX | ||||
| ceph_cluster_fsid: | ||||
| rbd_secret_uuid: | ||||
|  | ||||
| ################### | ||||
| # Database options | ||||
| #################### | ||||
| database_password: | ||||
|  | ||||
| #################### | ||||
| # Docker options | ||||
| #################### | ||||
| # This should only be set if you require a password for your Docker registry | ||||
| docker_registry_password: | ||||
|  | ||||
| #################### | ||||
| # OpenStack options | ||||
| #################### | ||||
| aodh_database_password: | ||||
| aodh_keystone_password: | ||||
|  | ||||
| barbican_database_password: | ||||
| barbican_keystone_password: | ||||
|  | ||||
| keystone_admin_password: | ||||
| keystone_database_password: | ||||
|  | ||||
| grafana_database_password: | ||||
| grafana_admin_password: | ||||
|  | ||||
| glance_database_password: | ||||
| glance_keystone_password: | ||||
|  | ||||
| gnocchi_database_password: | ||||
| gnocchi_keystone_password: | ||||
|  | ||||
| kuryr_keystone_password: | ||||
|  | ||||
| nova_database_password: | ||||
| nova_api_database_password: | ||||
| nova_keystone_password: | ||||
|  | ||||
| neutron_database_password: | ||||
| neutron_keystone_password: | ||||
| metadata_secret: | ||||
|  | ||||
| cinder_database_password: | ||||
| cinder_keystone_password: | ||||
|  | ||||
| cloudkitty_database_password: | ||||
| cloudkitty_keystone_password: | ||||
|  | ||||
| sahara_database_password: | ||||
| sahara_keystone_password: | ||||
|  | ||||
| designate_database_password: | ||||
| designate_pool_manager_database_password: | ||||
| designate_keystone_password: | ||||
|  | ||||
| swift_keystone_password: | ||||
| swift_hash_path_suffix: | ||||
| swift_hash_path_prefix: | ||||
|  | ||||
| heat_database_password: | ||||
| heat_keystone_password: | ||||
| heat_domain_admin_password: | ||||
|  | ||||
| murano_database_password: | ||||
| murano_keystone_password: | ||||
|  | ||||
| ironic_database_password: | ||||
| ironic_keystone_password: | ||||
|  | ||||
| magnum_database_password: | ||||
| magnum_keystone_password: | ||||
|  | ||||
| mistral_database_password: | ||||
| mistral_keystone_password: | ||||
|  | ||||
| ceilometer_database_password: | ||||
| ceilometer_keystone_password: | ||||
|  | ||||
| watcher_database_password: | ||||
| watcher_keystone_password: | ||||
|  | ||||
| congress_database_password: | ||||
| congress_keystone_password: | ||||
|  | ||||
| rally_database_password: | ||||
|  | ||||
| senlin_database_password: | ||||
| senlin_keystone_password: | ||||
|  | ||||
| horizon_secret_key: | ||||
| horizon_database_password: | ||||
|  | ||||
| telemetry_secret_key: | ||||
|  | ||||
| manila_database_password: | ||||
| manila_keystone_password: | ||||
|  | ||||
| searchlight_keystone_password: | ||||
|  | ||||
| memcache_secret_key: | ||||
|  | ||||
| nova_ssh_key: | ||||
|   private_key: | ||||
|   public_key: | ||||
|  | ||||
| kolla_ssh_key: | ||||
|   private_key: | ||||
|   public_key: | ||||
|  | ||||
| keystone_ssh_key: | ||||
|   private_key: | ||||
|   public_key: | ||||
|  | ||||
| bifrost_ssh_key: | ||||
|   private_key: | ||||
|   public_key: | ||||
|  | ||||
| #################### | ||||
| # Gnocchi options | ||||
| #################### | ||||
| gnocchi_project_id: | ||||
| gnocchi_resource_id: | ||||
| gnocchi_user_id: | ||||
|  | ||||
| #################### | ||||
| # RabbitMQ options | ||||
| #################### | ||||
| rabbitmq_password: | ||||
| rabbitmq_cluster_cookie: | ||||
|  | ||||
| #################### | ||||
| # HAProxy options | ||||
| #################### | ||||
| haproxy_password: | ||||
| keepalived_password: | ||||
|  | ||||
| #################### | ||||
| # Kibana options | ||||
| #################### | ||||
| kibana_password: | ||||
|  | ||||
| #################### | ||||
| # etcd options | ||||
| #################### | ||||
| etcd_cluster_token: | ||||
| @@ -1,96 +0,0 @@ | ||||
| #!/usr/bin/env python | ||||
|  | ||||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| # you may not use this file except in compliance with the License. | ||||
| # You may obtain a copy of the License at | ||||
| # | ||||
| #     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| # | ||||
| # Unless required by applicable law or agreed to in writing, software | ||||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| # See the License for the specific language governing permissions and | ||||
| # limitations under the License. | ||||
|  | ||||
| import argparse | ||||
| import os | ||||
| import random | ||||
| import string | ||||
| import sys | ||||
| import yaml | ||||
|  | ||||
| from Crypto.PublicKey import RSA | ||||
| from oslo_utils import uuidutils | ||||
|  | ||||
| # NOTE(SamYaple): Update the search path to prefer PROJECT_ROOT as the source | ||||
| #                 of packages to import if we are using local tools instead of | ||||
| #                 pip installed kolla tools | ||||
| PROJECT_ROOT = os.path.abspath(os.path.join( | ||||
|     os.path.dirname(os.path.realpath(__file__)), '../..')) | ||||
| if PROJECT_ROOT not in sys.path: | ||||
|     sys.path.insert(0, PROJECT_ROOT) | ||||
|  | ||||
|  | ||||
| def generate_RSA(bits=4096): | ||||
|     new_key = RSA.generate(bits, os.urandom) | ||||
|     private_key = new_key.exportKey("PEM") | ||||
|     public_key = new_key.publickey().exportKey("OpenSSH") | ||||
|     return private_key, public_key | ||||
|  | ||||
|  | ||||
| def main(): | ||||
|     parser = argparse.ArgumentParser() | ||||
|     parser.add_argument( | ||||
|         '-p', '--passwords', type=str, | ||||
|         default=os.path.abspath('/etc/kolla/passwords.yml'), | ||||
|         help=('Path to the passwords yml file')) | ||||
|  | ||||
|     args = parser.parse_args() | ||||
|     passwords_file = os.path.expanduser(args.passwords) | ||||
|  | ||||
|     # These keys should be random uuids | ||||
|     uuid_keys = ['ceph_cluster_fsid', 'rbd_secret_uuid', | ||||
|                  'gnocchi_project_id', 'gnocchi_resource_id', | ||||
|                  'gnocchi_user_id'] | ||||
|  | ||||
|     # SSH key pair | ||||
|     ssh_keys = ['kolla_ssh_key', 'nova_ssh_key', | ||||
|                 'keystone_ssh_key', 'bifrost_ssh_key'] | ||||
|  | ||||
|     # If these keys are None, leave them as None | ||||
|     blank_keys = ['docker_registry_password'] | ||||
|  | ||||
|     # length of password | ||||
|     length = 40 | ||||
|  | ||||
|     with open(passwords_file, 'r') as f: | ||||
|         passwords = yaml.safe_load(f.read()) | ||||
|  | ||||
|     for k, v in passwords.items(): | ||||
|         if (k in ssh_keys and | ||||
|                 (v is None | ||||
|                  or v.get('public_key') is None | ||||
|                  and v.get('private_key') is None)): | ||||
|             private_key, public_key = generate_RSA() | ||||
|             passwords[k] = { | ||||
|                 'private_key': private_key, | ||||
|                 'public_key': public_key | ||||
|             } | ||||
|             continue | ||||
|         if v is None: | ||||
|             if k in blank_keys and v is None: | ||||
|                 continue | ||||
|             if k in uuid_keys: | ||||
|                 passwords[k] = uuidutils.generate_uuid() | ||||
|             else: | ||||
|                 passwords[k] = ''.join([ | ||||
|                     random.SystemRandom().choice( | ||||
|                         string.ascii_letters + string.digits) | ||||
|                     for n in range(length) | ||||
|                 ]) | ||||
|  | ||||
|     with open(passwords_file, 'w') as f: | ||||
|         f.write(yaml.dump(passwords, default_flow_style=False)) | ||||
|  | ||||
| if __name__ == '__main__': | ||||
|     main() | ||||
| @@ -20,5 +20,9 @@ EOF | ||||
|     openstack/kolla-ansible | ||||
|  | ||||
| pushd "${KOLLA_ANSIBLE_DIR}" | ||||
| # Copy configs | ||||
| sudo cp -a etc/kolla /etc/ | ||||
| # Generate passwords | ||||
| sudo tools/generate_passwords.py | ||||
| ./tools/deploy_aio.sh "$KOLLA_BASE" "$KOLLA_TYPE" | ||||
| popd | ||||
|   | ||||
| @@ -1 +0,0 @@ | ||||
| ../kolla/cmd/genpwd.py | ||||
| @@ -22,8 +22,6 @@ function setup_config { | ||||
|     tox -e genconfig | ||||
|     # Copy configs | ||||
|     sudo cp -a etc/kolla /etc/ | ||||
|     # Generate passwords | ||||
|     sudo tools/generate_passwords.py | ||||
|  | ||||
|     # Use Infra provided pypi. | ||||
|     # Wheel package mirror may be not compatible. So do not enable it. | ||||
|   | ||||
		Reference in New Issue
	
	Block a user