From eec6273084ebc69447c479f559472d741143d0c2 Mon Sep 17 00:00:00 2001 From: Guillermo Herrero Date: Mon, 24 Sep 2018 14:02:04 +0200 Subject: [PATCH] [reclass] Consolidate all passwords JIRA: FUEL-378 Change-Id: I00832d697d83c374628fa9d759c125e0b6ca64cf Signed-off-by: Guillermo Herrero (cherry picked from commit c0de0902fdb9c15033ae830b31bfcade8eb1c3ec) --- .../cluster/all-mcp-arch-common/infra/maas.yml.j2 | 2 - .../cluster/all-mcp-arch-common/init.yml.j2 | 1 + .../cluster/all-mcp-arch-common/passwords.yml | 63 ++++++++++++++++++++++ .../cluster/mcp-common-ha/infra/init.yml.j2 | 1 - .../cluster/mcp-common-ha/openstack_init.yml.j2 | 44 --------------- .../cluster/mcp-common-noha/infra/init.yml.j2 | 1 - .../cluster/mcp-common-noha/openstack_init.yml.j2 | 37 ------------- .../cluster/mcp-odl-ha/openstack/control.yml | 2 +- .../cluster/mcp-odl-noha/openstack/control.yml | 2 +- 9 files changed, 66 insertions(+), 87 deletions(-) create mode 100644 mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 index f028a709b..e16453e03 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 @@ -25,8 +25,6 @@ parameters: pxe_admin_interface_mtu: 1500 linux_system_codename: xenial maas_admin_username: opnfv - maas_admin_password: opnfv_secret - maas_db_password: opnfv_secret dns_server01: '{{ nm.dns_public[0] }}' pxe_admin_address: ${_param:infra_maas_node01_deploy_address} single_address: ${_param:pxe_admin_address} diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2 index 17cf92549..84c82b738 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2 @@ -9,6 +9,7 @@ classes: - system.linux.system.single - cluster.all-mcp-arch-common.opnfv + - cluster.all-mcp-arch-common.passwords parameters: _param: openstack_version: queens diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml b/mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml new file mode 100644 index 000000000..0c6d274b4 --- /dev/null +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml @@ -0,0 +1,63 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +parameters: + _param: + opnfv_main_password: opnfv_secret + + maas_admin_password: ${_param:opnfv_main_password} + maas_db_password: ${_param:opnfv_main_password} + infra_maas_database_password: ${_param:opnfv_main_password} + + galera_server_maintenance_password: ${_param:opnfv_main_password} + galera_server_admin_password: ${_param:opnfv_main_password} + rabbitmq_secret_key: ${_param:opnfv_main_password} + rabbitmq_admin_password: ${_param:opnfv_main_password} + rabbitmq_openstack_password: ${_param:opnfv_main_password} + rabbitmq_cold_password: ${_param:opnfv_main_password} + mysql_admin_password: ${_param:opnfv_main_password} + mysql_cinder_password: ${_param:opnfv_main_password} + mysql_ceilometer_password: ${_param:opnfv_main_password} + mysql_glance_password: ${_param:opnfv_main_password} + mysql_grafana_password: ${_param:opnfv_main_password} + mysql_heat_password: ${_param:opnfv_main_password} + mysql_keystone_password: ${_param:opnfv_main_password} + mysql_neutron_password: ${_param:opnfv_main_password} + mysql_nova_password: ${_param:opnfv_main_password} + mysql_aodh_password: ${_param:opnfv_main_password} + mysql_designate_password: ${_param:opnfv_main_password} + keystone_aodh_password: ${_param:opnfv_main_password} + keystone_service_token: ${_param:opnfv_main_password} + keystone_admin_password: ${_param:opnfv_main_password} + keystone_ceilometer_password: ${_param:opnfv_main_password} + keystone_cinder_password: ${_param:opnfv_main_password} + keystone_glance_password: ${_param:opnfv_main_password} + keystone_heat_password: ${_param:opnfv_main_password} + keystone_keystone_password: ${_param:opnfv_main_password} + keystone_neutron_password: ${_param:opnfv_main_password} + keystone_nova_password: ${_param:opnfv_main_password} + keystone_designate_password: ${_param:opnfv_main_password} + mysql_barbican_password: ${_param:opnfv_main_password} + keystone_barbican_password: ${_param:opnfv_main_password} + metadata_password: ${_param:opnfv_main_password} + openstack_telemetry_keepalived_password: ${_param:opnfv_main_password} + mysql_panko_password: ${_param:opnfv_main_password} + keystone_panko_password: ${_param:opnfv_main_password} + mysql_gnocchi_password: ${_param:opnfv_main_password} + keystone_gnocchi_password: ${_param:opnfv_main_password} + mysql_tacker_password: ${_param:opnfv_main_password} + keystone_tacker_password: ${_param:opnfv_main_password} + heat_domain_admin_password: ${_param:opnfv_main_password} + ceilometer_influxdb_password: ${_param:opnfv_main_password} + ceilometer_secret_key: ${_param:opnfv_main_password} + + opendaylight_password: admin + + barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=" + horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e + designate_bind9_rndc_key: 4pc+X4PDqb2q+5o72dISm72LM1Ds9X2EYZjqg+nmsS7FhdTwzFFY8l/iEDmHxnyjkA33EQC8H+z0fLLBunoitw== diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 index 05b96e40b..2f4686767 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 @@ -19,7 +19,6 @@ parameters: reclass_config_master: ${_param:opnfv_infra_config_pxe_admin_address} cluster_public_host: ${_param:openstack_proxy_address} infra_config_hostname: cfg01 - infra_maas_database_password: opnfv_secret # infra service addresses infra_config_address: ${_param:opnfv_infra_config_address} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 index 042a12557..b08837876 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 @@ -133,23 +133,16 @@ parameters: neutron_compute_agent_mode: legacy neutron_compute_external_access: 'True' galera_server_cluster_name: openstack_cluster - galera_server_maintenance_password: opnfv_secret - galera_server_admin_password: opnfv_secret - rabbitmq_secret_key: opnfv_secret - rabbitmq_admin_password: opnfv_secret - rabbitmq_openstack_password: opnfv_secret glance_version: ${_param:openstack_version} glance_service_host: ${_param:openstack_control_address} keystone_version: ${_param:openstack_version} keystone_service_host: ${_param:openstack_control_address} heat_version: ${_param:openstack_version} heat_service_host: ${_param:openstack_control_address} - heat_domain_admin_password: opnfv_secret cinder_version: ${_param:openstack_version} cinder_service_host: ${_param:openstack_control_address} ceilometer_version: ${_param:openstack_version} ceilometer_service_host: ${_param:openstack_telemetry_address} - ceilometer_influxdb_password: opnfv_secret nova_version: ${_param:openstack_version} nova_service_host: ${_param:openstack_control_address} neutron_version: ${_param:openstack_version} @@ -160,59 +153,22 @@ parameters: glusterfs_service_host: ${_param:openstack_control_address} {%- endif %} mysql_admin_user: root - mysql_admin_password: opnfv_secret - mysql_cinder_password: opnfv_secret - mysql_ceilometer_password: opnfv_secret - mysql_glance_password: opnfv_secret - mysql_grafana_password: opnfv_secret - mysql_heat_password: opnfv_secret - mysql_keystone_password: opnfv_secret - mysql_neutron_password: opnfv_secret - mysql_nova_password: opnfv_secret - mysql_aodh_password: opnfv_secret - mysql_designate_password: opnfv_secret - aodh_version: ${_param:openstack_version} - keystone_aodh_password: opnfv_secret - keystone_service_token: opnfv_secret - keystone_admin_password: opnfv_secret - keystone_ceilometer_password: opnfv_secret - keystone_cinder_password: opnfv_secret - keystone_glance_password: opnfv_secret - keystone_heat_password: opnfv_secret - keystone_keystone_password: opnfv_secret - keystone_neutron_password: opnfv_secret - keystone_nova_password: opnfv_secret - keystone_designate_password: opnfv_secret - barbican_version: ${_param:openstack_version} barbican_service_host: ${_param:openstack_control_address} - mysql_barbican_password: opnfv_secret - keystone_barbican_password: opnfv_secret - barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=" barbican_integration_enabled: true - - ceilometer_secret_key: opnfv_secret horizon_version: ${_param:openstack_version} - horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e horizon_identity_host: ${_param:openstack_control_address} horizon_identity_encryption: none horizon_identity_version: 3 - metadata_password: opnfv_secret - openstack_telemetry_keepalived_password: opnfv_secret aodh_service_host: ${_param:openstack_telemetry_address} gnocchi_version: 4.2 gnocchi_service_host: ${_param:openstack_telemetry_address} - mysql_gnocchi_password: opnfv_secret - keystone_gnocchi_password: opnfv_secret panko_version: ${_param:openstack_version} panko_service_host: ${_param:openstack_telemetry_address} - mysql_panko_password: opnfv_secret - keystone_panko_password: opnfv_secret ceilometer_agent_default_polling_interval: 180 ceilometer_agent_default_polling_meters: - "*" designate_service_host: ${_param:openstack_control_address} - designate_bind9_rndc_key: 4pc+X4PDqb2q+5o72dISm72LM1Ds9X2EYZjqg+nmsS7FhdTwzFFY8l/iEDmHxnyjkA33EQC8H+z0fLLBunoitw== designate_domain_id: 5186883b-91fb-4891-bd49-e6769234a8fc designate_pool_ns_records: - hostname: 'ns1.example.org.' diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j2 index 339d81889..e1e62981f 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j2 @@ -12,7 +12,6 @@ classes: parameters: _param: cluster_domain: ${_param:cluster_name}.local - infra_maas_database_password: opnfv_secret reclass_config_master: ${_param:opnfv_infra_config_pxe_admin_address} infra_maas_node01_hostname: mas01 infra_maas_node01_address: ${_param:opnfv_infra_maas_node01_address} diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2 index ba6636da7..54df34cc6 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2 @@ -26,8 +26,6 @@ parameters: neutron_compute_agent_mode: legacy neutron_compute_external_access: 'False' galera_server_cluster_name: openstack_cluster - galera_server_maintenance_password: opnfv_secret - galera_server_admin_password: opnfv_secret cluster_vip_address: ${_param:cluster_public_host} cluster_local_address: ${_param:openstack_control_address} cluster_node01_hostname: ctl01 @@ -36,17 +34,12 @@ parameters: cluster_node02_address: ${_param:opnfv_openstack_control_node02_address} cluster_node03_hostname: ctl03 cluster_node03_address: ${_param:opnfv_openstack_control_node03_address} - rabbitmq_secret_key: opnfv_secret - rabbitmq_admin_password: opnfv_secret - rabbitmq_openstack_password: opnfv_secret - rabbitmq_cold_password: opnfv_secret glance_version: ${_param:openstack_version} glance_service_host: ${_param:cluster_local_address} keystone_version: ${_param:openstack_version} keystone_service_host: ${_param:cluster_local_address} heat_version: ${_param:openstack_version} heat_service_host: ${_param:cluster_local_address} - heat_domain_admin_password: opnfv_secret ceilometer_version: ${_param:openstack_version} ceilometer_service_host: ${_param:cluster_local_address} ceilometer_database_host: ${_param:cluster_local_address} @@ -58,27 +51,6 @@ parameters: neutron_version: ${_param:openstack_version} neutron_service_host: ${_param:cluster_local_address} mysql_admin_user: root - mysql_admin_password: opnfv_secret - mysql_cinder_password: opnfv_secret - mysql_ceilometer_password: opnfv_secret - mysql_glance_password: opnfv_secret - mysql_grafana_password: opnfv_secret - mysql_heat_password: opnfv_secret - mysql_keystone_password: opnfv_secret - mysql_neutron_password: opnfv_secret - mysql_nova_password: opnfv_secret - mysql_aodh_password: opnfv_secret - keystone_service_token: opnfv_secret - keystone_admin_password: opnfv_secret - keystone_ceilometer_password: opnfv_secret - keystone_cinder_password: opnfv_secret - keystone_glance_password: opnfv_secret - keystone_heat_password: opnfv_secret - keystone_keystone_password: opnfv_secret - keystone_neutron_password: opnfv_secret - keystone_nova_password: opnfv_secret - ceilometer_secret_key: opnfv_secret - metadata_password: opnfv_secret horizon_version: ${_param:openstack_version} horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e horizon_identity_host: ${_param:cluster_vip_address} @@ -88,28 +60,19 @@ parameters: barbican_version: ${_param:openstack_version} barbican_service_host: ${_param:cluster_local_address} apache_barbican_api_address: ${_param:single_address} - mysql_barbican_password: opnfv_secret - keystone_barbican_password: opnfv_secret barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=" barbican_integration_enabled: true {%- if '-sfc-' in conf.MCP_DEPLOY_SCENARIO %} tacker_service_host: ${_param:cluster_local_address} - keystone_tacker_password: opnfv_secret - mysql_tacker_password: opnfv_secret {%- endif %} aodh_version: ${_param:openstack_version} - keystone_aodh_password: opnfv_secret aodh_service_host: ${_param:cluster_local_address} gnocchi_version: 4.2 gnocchi_service_host: ${_param:cluster_local_address} - mysql_gnocchi_password: opnfv_secret - keystone_gnocchi_password: opnfv_secret panko_version: ${_param:openstack_version} panko_service_host: ${_param:cluster_local_address} - mysql_panko_password: opnfv_secret - keystone_panko_password: opnfv_secret ceilometer_agent_default_polling_interval: 180 ceilometer_agent_default_polling_meters: - "*" diff --git a/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml index e2912fa3b..cd0d498f3 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml +++ b/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml @@ -18,6 +18,6 @@ parameters: # For HA, all public services are available through nginx on prx sdn_controller_ip: ${_param:cluster_public_host} sdn_controller_user: admin # Hardcoded to default ODL values for now - sdn_controller_password: admin + sdn_controller_password: ${_param:opendaylight_password} sdn_controller_webport: ${_param:opendaylight_rest_port} sdn_controller_restconfport: ${_param:opendaylight_rest_port} diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml index 03bd1efd4..a41a8b220 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml +++ b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml @@ -31,6 +31,6 @@ parameters: # For noHA, all public services are available through haproxy on ctl sdn_controller_ip: ${_param:cluster_vip_address} sdn_controller_user: admin # Hardcoded to default ODL values for now - sdn_controller_password: admin + sdn_controller_password: ${_param:opendaylight_password} sdn_controller_webport: ${_param:opendaylight_rest_port} sdn_controller_restconfport: ${_param:opendaylight_rest_port} -- 2.16.6