Cleaning up murano references on bare metal.

Murano is no longer installed and running on bare metal.

 - Removed the system parameters related to murano.
 - Removed the upgrade code for murano databases.
 - Removed the murano certificate installation code from CLI
 - Removed the murano puppet code
 - Remove murano keystone user special handling
 - Remove armada/helm code to support enabling murano in horizon
 - Cleaned up comments in the code referencing murano.

Story: 2004764
Task: 30667
Change-Id: I4d9f82414043a8cad22220556181b5454572d42d
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
This commit is contained in:
Al Bailey 2019-05-28 07:27:03 -05:00
parent c3607b574d
commit a974b35ce4
17 changed files with 11 additions and 207 deletions

View File

@ -10547,7 +10547,7 @@ System Certificate Configuration
---------------------------------
These APIs allow for the display and configuration of Host certificates
which include SSL, Murano, Docker Registry, Openstack and
which include SSL, Docker Registry, Openstack and
Trusted Platform Module(TPM) certificates.
****************************
@ -10579,7 +10579,7 @@ badMediaType (415)
"Content-Type multipart/form-data", "plain", "xsd:string", "The content of a file. e.g. if using curl, this would be specified as: curl -F name=@full_path_of_filename <div class=""example""><pre>file=@/home/wrsroot/server-with-key.pem </pre></div>"
"passphrase (Optional)", "plain", "xsd:string", "The passphrase for the PEM file."
"mode (Optional)", "plain", "xsd:string", "This parameter specifies the type of System certificate. Possible values are: <emphasis xmlns=""http://docbook.org/ns/docbook"">ssl, tpm_mode, murano, murano_ca, docker_registry, openstack, openstack_ca</emphasis>. Default: <emphasis xmlns=""http://docbook.org/ns/docbook"">ssl</emphasis>"
"mode (Optional)", "plain", "xsd:string", "This parameter specifies the type of System certificate. Possible values are: <emphasis xmlns=""http://docbook.org/ns/docbook"">ssl, tpm_mode, docker_registry, openstack, openstack_ca</emphasis>. Default: <emphasis xmlns=""http://docbook.org/ns/docbook"">ssl</emphasis>"
************************************
List installed System Certificates

View File

@ -555,7 +555,6 @@ def update_oamip_in_archive(tmpdir):
os.path.join(tmpdir, 'etc/haproxy/haproxy.cfg'),
os.path.join(tmpdir, 'etc/heat/heat.conf'),
os.path.join(tmpdir, 'etc/keepalived/keepalived.conf'),
os.path.join(tmpdir, 'etc/murano/murano.conf'),
os.path.join(tmpdir, 'etc/vswitch/vswitch.ini'),
os.path.join(tmpdir, 'etc/nova/nova.conf'),
os.path.join(tmpdir, 'config/hosts'),

View File

@ -93,9 +93,6 @@ def get_db_credentials(shared_services, from_release):
'sysinv': {'hiera_user_key': 'sysinv::db::postgresql::user',
'keyring_password_key': 'sysinv',
},
'murano': {'hiera_user_key': 'murano::db::postgresql::user',
'keyring_password_key': 'murano',
},
'magnum': {'hiera_user_key': 'magnum::db::postgresql::user',
'keyring_password_key': 'magnum',
},
@ -548,10 +545,6 @@ def migrate_databases(from_release, shared_services, db_credentials,
f.write("[api_database]\n")
f.write(get_connection_string(db_credentials, 'nova_api'))
with open("/etc/murano/murano-dbsync.conf", "w") as f:
f.write("[database]\n")
f.write(get_connection_string(db_credentials, 'murano'))
with open("/etc/magnum/magnum-dbsync.conf", "w") as f:
f.write("[database]\n")
f.write(get_connection_string(db_credentials, 'magnum'))
@ -601,10 +594,6 @@ def migrate_databases(from_release, shared_services, db_credentials,
# Migrate nova_api (new in R3)
('nova',
'nova-manage --config-file /etc/nova/nova-dbsync.conf api_db sync'),
# Migrate murano (new in R4)
('murano',
'murano-db-manage --config-file /etc/murano/murano-dbsync.conf ' +
'upgrade'),
# Migrate magnum (new in R5)
('magnum',
'magnum-db-manage --config-file /etc/magnum/magnum-dbsync.conf ' +

View File

@ -26,7 +26,7 @@ LOG = log.get_logger(__name__)
def get_upgrade_databases(shared_services):
UPGRADE_DATABASES = ('postgres', 'template1', 'nova', 'sysinv', 'murano',
UPGRADE_DATABASES = ('postgres', 'template1', 'nova', 'sysinv',
'ceilometer', 'neutron', 'heat', 'nova_api', 'aodh',
'magnum', 'ironic', 'barbican')
@ -35,7 +35,6 @@ def get_upgrade_databases(shared_services):
'sysinv': ('i_alarm',),
'neutron': (),
'aodh': (),
'murano': (),
'magnum': (),
'ironic': (),
'barbican': (),
@ -257,7 +256,6 @@ def abort_upgrade(from_load, to_load, upgrade):
os.path.join(utils.POSTGRES_PATH, "upgrade"),
os.path.join(utils.POSTGRES_PATH, to_load),
os.path.join(utils.RABBIT_PATH, to_load),
os.path.join(utils.MURANO_RABBIT_PATH, to_load),
os.path.join(tsc.CGCS_PATH, "ironic", to_load),
os.path.join(tsc.PLATFORM_PATH, "nfv/vim", to_load),
os.path.join(tsc.PLATFORM_PATH, ".keyring", to_load),
@ -329,7 +327,6 @@ def complete_upgrade(from_load, to_load):
os.path.join(utils.POSTGRES_PATH, "upgrade"),
os.path.join(utils.POSTGRES_PATH, from_load),
os.path.join(utils.RABBIT_PATH, from_load),
os.path.join(utils.MURANO_RABBIT_PATH, from_load),
os.path.join(tsc.CGCS_PATH, "ironic", from_load),
os.path.join(tsc.PLATFORM_PATH, "nfv/vim", from_load),
os.path.join(tsc.PLATFORM_PATH, ".keyring", from_load),

View File

@ -33,7 +33,6 @@ LOG = log.get_logger(__name__)
POSTGRES_PATH = '/var/lib/postgresql'
POSTGRES_DATA_DIR = os.path.join(POSTGRES_PATH, SW_VERSION)
RABBIT_PATH = '/var/lib/rabbitmq'
MURANO_RABBIT_PATH = '/var/lib/rabbitmq/murano'
CONTROLLER_1_HOSTNAME = "controller-1"
DB_CONNECTION = "postgresql://%s:%s@127.0.0.1/%s\n"

View File

@ -2129,7 +2129,6 @@ data:
lockout_retries_num: '3'
# Optional Services
enable_magnum: 'False'
enable_murano: 'False'
# Turn off domain support as we aren't using
keystone_multidomain_support: 'False'
template: |

View File

@ -69,7 +69,7 @@ def do_certificate_list(cc, args):
help='The passphrase for the PEM file')
@utils.arg('-m', '--mode',
metavar='<mode>',
help="optional mode: 'tpm_mode', 'murano', 'murano_ca',"
help="optional mode: 'tpm_mode',"
"'docker_registry, 'openstack', 'openstack_ca'. "
"Default is 'ssl'.")
def do_certificate_install(cc, args):

View File

@ -59,7 +59,6 @@ systemconfig.puppet_plugins =
020_ceilometer = sysinv.puppet.ceilometer:CeilometerPuppet
022_heat = sysinv.puppet.heat:HeatPuppet
023_magnum = sysinv.puppet.magnum:MagnumPuppet
024_murano = sysinv.puppet.murano:MuranoPuppet
025_ironic = sysinv.puppet.ironic:IronicPuppet
027_dcmanager = sysinv.puppet.dcmanager:DCManagerPuppet
028_dcorch = sysinv.puppet.dcorch:DCOrchPuppet

View File

@ -266,8 +266,6 @@ class CertificateController(rest.RestController):
Certificates are installed according to one of the following modes:
default: install certificate for ssl
tpm_mode: install certificate to tpm devices for ssl
murano: install certificate for rabbit-murano
murano_ca: install ca certificate for rabbit-murano
docker_registry: install certificate for docker registry
openstack: install certificate for openstack
openstack_ca: install ca certificate for openstack
@ -300,8 +298,7 @@ class CertificateController(rest.RestController):
system = pecan.request.dbapi.isystem_get_one()
capabilities = system.capabilities
if not mode.startswith(constants.CERT_MODE_MURANO) and \
mode != constants.CERT_MODE_DOCKER_REGISTRY:
if mode != constants.CERT_MODE_DOCKER_REGISTRY:
system_https_enabled = capabilities.get('https_enabled', False)
if system_https_enabled is False or system_https_enabled == 'n':
msg = "No certificates have been added, https is not enabled."

View File

@ -894,7 +894,6 @@ SERVICE_TYPE_NETWORK = 'network'
SERVICE_TYPE_HORIZON = "horizon"
SERVICE_TYPE_CEPH = 'ceph'
SERVICE_TYPE_CINDER = 'cinder'
SERVICE_TYPE_MURANO = 'murano'
SERVICE_TYPE_MAGNUM = 'magnum'
SERVICE_TYPE_PLATFORM = 'platform'
SERVICE_TYPE_NOVA = 'nova'
@ -906,9 +905,6 @@ SERVICE_TYPE_DOCKER = 'docker'
SERVICE_TYPE_HTTP = 'http'
SERVICE_TYPE_OPENSTACK = 'openstack'
SERVICE_PARAM_SECTION_MURANO_RABBITMQ = 'rabbitmq'
SERVICE_PARAM_SECTION_MURANO_ENGINE = 'engine'
SERVICE_PARAM_SECTION_IRONIC_NEUTRON = 'neutron'
SERVICE_PARAM_SECTION_IRONIC_PXE = 'pxe'
@ -950,8 +946,6 @@ SERVICE_PARAM_SECTION_NETWORK_SFC = 'sfc'
SERVICE_PARAM_SECTION_NETWORK_DHCP = 'dhcp'
SERVICE_PARAM_PARAMETER_NAME_EXTERNAL_ADMINURL = 'external-admin-url'
SERVICE_PARAM_NAME_MURANO_DISABLE_AGENT = 'disable_murano_agent'
SERVICE_PARAM_NAME_MURANO_SSL = 'ssl'
SERVICE_PARAM_NAME_IRONIC_TFTP_SERVER = 'tftp_server'
SERVICE_PARAM_NAME_IRONIC_CONTROLLER_0_NIC = 'controller_0_if'
SERVICE_PARAM_NAME_IRONIC_CONTROLLER_1_NIC = 'controller_1_if'
@ -1255,7 +1249,7 @@ LINUX_LVM_PARTITION = "e6d6d379-f507-44c2-a23c-238f2a3df928"
CEPH_DATA_PARTITION = "4fbd7e29-9d25-41b8-afd0-062c0ceff05d"
CEPH_JOURNAL_PARTITION = "45b0969e-9b03-4f30-b4c6-b4b80ceff106"
# Partition name for those partitions deignated for PV use.
# Partition name for those partitions designated for PV use.
PARTITION_NAME_PV = "LVM Physical Volume"
# Partition table types.
@ -1265,7 +1259,7 @@ PARTITION_TABLE_MSDOS = "msdos"
PARTITION_MANAGE_LOCK = "partition-manage"
# Optional services
ALL_OPTIONAL_SERVICES = [SERVICE_TYPE_CINDER, SERVICE_TYPE_MURANO,
ALL_OPTIONAL_SERVICES = [SERVICE_TYPE_CINDER,
SERVICE_TYPE_MAGNUM, SERVICE_TYPE_SWIFT,
SERVICE_TYPE_IRONIC]
@ -1309,7 +1303,6 @@ SSL_CERT_DIR = "/etc/ssl/private/"
SSL_CERT_FILE = "server-cert.pem" # pem with PK and cert
# self signed pem to get started
SSL_CERT_SS_FILE = "self-signed-server-cert.pem"
CERT_MURANO_DIR = "/etc/ssl/private/murano-rabbit"
CERT_FILE = "cert.pem"
CERT_KEY_FILE = "key.pem"
CERT_CA_FILE = "ca-cert.pem"
@ -1317,10 +1310,6 @@ SSL_PEM_FILE = os.path.join(SSL_CERT_DIR, SSL_CERT_FILE)
SSL_PEM_SS_FILE = os.path.join(SSL_CERT_DIR, SSL_CERT_SS_FILE)
SSL_PEM_FILE_SHARED = os.path.join(tsc.CONFIG_PATH, SSL_CERT_FILE)
MURANO_CERT_KEY_FILE = os.path.join(CERT_MURANO_DIR, CERT_KEY_FILE)
MURANO_CERT_FILE = os.path.join(CERT_MURANO_DIR, CERT_FILE)
MURANO_CERT_CA_FILE = os.path.join(CERT_MURANO_DIR, CERT_CA_FILE)
DOCKER_REGISTRY_HOST = 'registry.local'
DOCKER_REGISTRY_PORT = '9001'
DOCKER_REGISTRY_SERVER = '%s:%s' % (DOCKER_REGISTRY_HOST, DOCKER_REGISTRY_PORT)
@ -1354,16 +1343,12 @@ OPENSTACK_CERT_CA_FILE_SHARED = os.path.join(CERT_OPENSTACK_SHARED_DIR,
CERT_MODE_SSL = 'ssl'
CERT_MODE_SSL_CA = 'ssl_ca'
CERT_MODE_TPM = 'tpm_mode'
CERT_MODE_MURANO = 'murano'
CERT_MODE_MURANO_CA = 'murano_ca'
CERT_MODE_DOCKER_REGISTRY = 'docker_registry'
CERT_MODE_OPENSTACK = 'openstack'
CERT_MODE_OPENSTACK_CA = 'openstack_ca'
CERT_MODES_SUPPORTED = [CERT_MODE_SSL,
CERT_MODE_SSL_CA,
CERT_MODE_TPM,
CERT_MODE_MURANO,
CERT_MODE_MURANO_CA,
CERT_MODE_DOCKER_REGISTRY,
CERT_MODE_OPENSTACK,
CERT_MODE_OPENSTACK_CA,

View File

@ -738,30 +738,6 @@ IDENTITY_ADMIN_ENDPOINT_TYPE_PARAMETER_OPTIONAL = [
constants.SERVICE_PARAM_PARAMETER_NAME_EXTERNAL_ADMINURL,
]
MURANO_ENGINE_PARAMETER_OPTIONAL = [
constants.SERVICE_PARAM_NAME_MURANO_DISABLE_AGENT,
]
MURANO_ENGINE_PARAMETER_VALIDATOR = {
constants.SERVICE_PARAM_NAME_MURANO_DISABLE_AGENT: _validate_boolean,
}
MURANO_ENGINE_PARAMETER_RESOURCE = {
constants.SERVICE_PARAM_NAME_MURANO_DISABLE_AGENT: 'openstack::murano::params::disable_murano_agent',
}
MURANO_RABBITMQ_PARAMETER_OPTIONAL = [
constants.SERVICE_PARAM_NAME_MURANO_SSL,
]
MURANO_RABBITMQ_PARAMETER_VALIDATOR = {
constants.SERVICE_PARAM_NAME_MURANO_SSL: _validate_boolean,
}
MURANO_RABBITMQ_PARAMETER_RESOURCE = {
constants.SERVICE_PARAM_NAME_MURANO_SSL: 'openstack::murano::params::ssl',
}
IRONIC_NEUTRON_PARAMETER_OPTIONAL = [
constants.SERVICE_PARAM_NAME_IRONIC_PROVISIONING_NETWORK,
]
@ -1683,18 +1659,6 @@ SERVICE_PARAMETER_SCHEMA = {
},
},
constants.SERVICE_TYPE_MURANO: {
constants.SERVICE_PARAM_SECTION_MURANO_ENGINE: {
SERVICE_PARAM_OPTIONAL: MURANO_ENGINE_PARAMETER_OPTIONAL,
SERVICE_PARAM_VALIDATOR: MURANO_ENGINE_PARAMETER_VALIDATOR,
SERVICE_PARAM_RESOURCE: MURANO_ENGINE_PARAMETER_RESOURCE,
},
constants.SERVICE_PARAM_SECTION_MURANO_RABBITMQ: {
SERVICE_PARAM_OPTIONAL: MURANO_RABBITMQ_PARAMETER_OPTIONAL,
SERVICE_PARAM_VALIDATOR: MURANO_RABBITMQ_PARAMETER_VALIDATOR,
SERVICE_PARAM_RESOURCE: MURANO_RABBITMQ_PARAMETER_RESOURCE,
},
},
constants.SERVICE_TYPE_NOVA: {
constants.SERVICE_PARAM_SECTION_NOVA_PCI_ALIAS: {
SERVICE_PARAM_OPTIONAL: NOVA_PCI_ALIAS_PARAMETER_OPTIONAL,

View File

@ -7278,10 +7278,6 @@ class ConductorManager(service.PeriodicService):
# controller hosts will actively apply the manifests
config_uuid = self._config_update_hosts(context,
[constants.CONTROLLER])
elif service == constants.SERVICE_TYPE_MURANO:
config_uuid = self._config_update_hosts(context,
[constants.CONTROLLER],
reboot=True)
elif service == constants.SERVICE_TYPE_MAGNUM:
config_uuid = self._config_update_hosts(context,
[constants.CONTROLLER],
@ -10171,8 +10167,7 @@ class ConductorManager(service.PeriodicService):
passphrase=None):
"""Extract keys from the pem contents
:param mode: mode one of: ssl, tpm_mode, murano, murano_ca,
docker_registry
:param mode: mode one of: ssl, tpm_mode, docker_registry
:param pem_contents: pem_contents
:param cert_format: serialization.PrivateFormat
:param passphrase: passphrase for PEM file
@ -10193,7 +10188,6 @@ class ConductorManager(service.PeriodicService):
private_mode = False
if mode in [constants.CERT_MODE_SSL,
constants.CERT_MODE_TPM,
constants.CERT_MODE_MURANO,
constants.CERT_MODE_DOCKER_REGISTRY,
constants.CERT_MODE_OPENSTACK,
]:
@ -10400,32 +10394,6 @@ class ConductorManager(service.PeriodicService):
self._config_apply_runtime_manifest(context,
config_uuid,
config_dict)
elif mode == constants.CERT_MODE_MURANO:
LOG.info("Murano certificate install")
config_uuid = self._config_update_hosts(context, personalities,
reboot=True)
key_path = constants.MURANO_CERT_KEY_FILE
cert_path = constants.MURANO_CERT_FILE
config_dict = {
'personalities': personalities,
'file_names': [key_path, cert_path],
'file_content': {key_path: private_bytes,
cert_path: public_bytes},
'permissions': constants.CONFIG_FILE_PERMISSION_ROOT_READ_ONLY,
}
self._config_update_file(context, config_uuid, config_dict)
self._remove_certificate_file(mode, certificate_file)
elif mode == constants.CERT_MODE_MURANO_CA:
LOG.info("Murano CA certificate install")
config_uuid = self._config_update_hosts(context, personalities,
reboot=True)
config_dict = {
'personalities': personalities,
'file_names': [constants.MURANO_CERT_CA_FILE],
'file_content': public_bytes,
'permissions': constants.CONFIG_FILE_PERMISSION_DEFAULT,
}
self._config_update_file(context, config_uuid, config_dict)
elif mode == constants.CERT_MODE_DOCKER_REGISTRY:
LOG.info("Docker registry certificate install")
# docker registry requires a PKCS1 key for the token server

View File

@ -2766,7 +2766,7 @@ class Connection(object):
:param values: A dict containing several items used to identify
and track the Services
{
'service': 'murano',
'service': 'some_new_service',
'enabled': 'False',
}
:returns: A Services.

View File

@ -95,7 +95,7 @@ def upgrade(migrate_engine):
i_host.create_column(Column('install_state', String(255)))
i_host.create_column(Column('install_state_info', String(255)))
# 048 Replace services enum with string (include ceph, platform, murano)
# 048 Replace services enum with string (include ceph, platform)
service_parameter = Table('service_parameter',
meta,
Column('id', Integer,
@ -259,8 +259,7 @@ def upgrade(migrate_engine):
systems.create_column(Column('timezone', String(255)))
_populate_system_timezone(systems)
# 059_murano_service_parameters.py
# Enhance the services enum to include murano; String per 048
# 059 N/A
# 060_disk_device_path.py
i_pv = Table('i_pv', meta, autoload=True)

View File

@ -107,12 +107,6 @@ class HorizonHelm(openstack.OpenstackBaseHelm):
})
# Optional services settings
service_config = self._get_service_config('murano')
if service_config is not None and service_config.enabled:
local_settings_config.update({
'enable_murano': 'True',
})
service_config = self._get_service_config('magnum')
if service_config is not None and service_config.enabled:
local_settings_config.update({

View File

@ -192,7 +192,6 @@ class KeystoneHelm(openstack.OpenstackBaseHelm):
["'sysinv':%(target.user.name)s"],
["'mtce':%(target.user.name)s"],
["'magnum':%(target.user.name)s"],
["'murano':%(target.user.name)s"],
["'panko':%(target.user.name)s"],
["'gnocchi':%(target.user.name)s"]
],

View File

@ -1,84 +0,0 @@
#
# Copyright (c) 2017 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.puppet import openstack
class MuranoPuppet(openstack.OpenstackBasePuppet):
"""Class to encapsulate puppet operations for murano configuration"""
SERVICE_NAME = 'murano'
SERVICE_PORT = 8082
def get_static_config(self):
dbuser = self._get_database_username(self.SERVICE_NAME)
return {
'murano::db::postgresql::user': dbuser,
}
def get_secure_static_config(self):
dbpass = self._get_database_password(self.SERVICE_NAME)
kspass = self._get_service_password(self.SERVICE_NAME)
return {
'murano::admin_password': kspass,
'murano::db::postgresql::password': dbpass,
'murano::keystone::auth::password': kspass,
'openstack::murano::params::auth_password':
self. _generate_random_password(),
}
def get_system_config(self):
ksuser = self._get_service_user_name(self.SERVICE_NAME) \
+ self._region_name()
config = {
'openstack::murano::params::service_enabled':
self._get_service_enabled(),
'murano::admin_user': ksuser,
'murano::auth_uri': self._keystone_auth_uri(),
'murano::identity_uri': self._keystone_identity_uri(),
'murano::admin_tenant_name': self._get_service_tenant_name(),
}
if self._get_service_enabled():
config.update({
'murano::keystone::auth::public_url': self.get_public_url(),
'murano::keystone::auth::internal_url': self.get_internal_url(),
'murano::keystone::auth::admin_url': self.get_admin_url(),
'murano::keystone::auth::auth_name': ksuser,
'murano::keystone::auth::region': self._region_name(),
'murano::keystone::auth::tenant':
self._get_service_tenant_name(), })
return config
def get_secure_system_config(self):
config = {
'murano::database_connection':
self._format_database_connection(self.SERVICE_NAME),
}
return config
def _get_service_enabled(self):
service_config = self._get_service_config(self.SERVICE_NAME)
if service_config:
return service_config.enabled
else:
return False
def get_public_url(self):
return self._format_public_endpoint(self.SERVICE_PORT)
def get_internal_url(self):
return self._format_private_endpoint(self.SERVICE_PORT)
def get_admin_url(self):
return self._format_private_endpoint(self.SERVICE_PORT)