openstack-ansible-ops/leap-upgrades/upgrade-utilities-kilo/scripts/new-variable-prep.sh

#!/usr/bin/env bash
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

## Shell Opts ----------------------------------------------------------------
set -e

export MAIN_PATH="${MAIN_PATH:-$(dirname $(dirname $(dirname $(dirname $(readlink -f $0)))))}"
export SCRIPTS_PATH="${SCRIPTS_PATH:-$(dirname $(dirname $(dirname $(readlink -f $0))))}"

# Copy over the new environment map
if [ -f "/etc/openstack_deploy/openstack_environment.yml" ];then
  cp /etc/openstack_deploy/openstack_environment.yml /etc/openstack_deploy/openstack_environment.yml.old
fi
cp ${MAIN_PATH}/etc/openstack_deploy/openstack_environment.yml /etc/openstack_deploy/

for i in $(ls -1 ${MAIN_PATH}/etc/openstack_deploy/env.d/);do
  if [ ! -f "/etc/openstack_deploy/env.d/$i" ];then
    cp "${MAIN_PATH}/etc/openstack_deploy/env.d/$i" /etc/openstack_deploy/env.d/
  fi
done

# Enable the old ha tool in neutron
if ! grep '^neutron_legacy_ha_tool_enabled' /etc/openstack_deploy/user_variables.yml;then
  echo 'neutron_legacy_ha_tool_enabled: true' | tee -a /etc/openstack_deploy/user_variables.yml
fi

# Set the rabbitmq cluster name if its not set to something else.
if ! grep '^rabbit_cluster_name\:' /etc/openstack_deploy/user_variables.yml;then
  echo 'rabbit_cluster_name: rpc' | tee -a /etc/openstack_deploy/user_variables.yml
fi

# Add some new variables to user_variables.yml
if ! grep '^galera_innodb_log_file_size' /etc/openstack_deploy/user_variables.yml;then
  echo 'galera_innodb_log_file_size: 128M' | tee -a /etc/openstack_deploy/user_variables.yml
fi

# Add some new variables to user_variables.yml
if ! grep '^galera_cluster_name' /etc/openstack_deploy/user_variables.yml;then
  echo 'galera_cluster_name: rpc_galera_cluster' | tee -a /etc/openstack_deploy/user_variables.yml
fi

# Set the ssl protocol settings.
if ! grep '^ssl_protocol' /etc/openstack_deploy/user_variables.yml;then
  echo 'ssl_protocol: "ALL -SSLv2 -SSLv3"' | tee -a /etc/openstack_deploy/user_variables.yml
fi

# Cipher suite string from "https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/".
if ! grep '^ssl_cipher_suite' /etc/openstack_deploy/user_variables.yml;then
  echo 'ssl_cipher_suite: "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"' | tee -a /etc/openstack_deploy/user_variables.yml
fi

# We are overriding the default value for neutron_l2_population.
if ! grep '^neutron_l2_population' /etc/openstack_deploy/user_variables.yml;then
  echo 'neutron_l2_population: True' | tee -a /etc/openstack_deploy/user_variables.yml
fi

# Ensure that the user_group_vars.yml file is not present.
if [ -f "/etc/openstack_deploy/user_group_vars.yml" ];then
    rm /etc/openstack_deploy/user_group_vars.yml
fi

# Create secrets file.
if [ ! -f "/etc/openstack_deploy/user_secrets.yml" ];then
  touch /etc/openstack_deploy/user_secrets.yml
fi

# Make newlines the only separator
IFS=$'\n'

# Populate the secrets file with data that should be secret.
if [ -f "/etc/openstack_deploy/user_extras_variables.yml" ];then
  for i in 'key\:' 'token\:' 'password\:' 'secret\:';do
    for l in $(grep "$i" /etc/openstack_deploy/user_extras_variables.yml);do
      if ! grep "$l" /etc/openstack_deploy/user_extras_secrets.yml;then
        echo "$l" | tee -a /etc/openstack_deploy/user_extras_secrets.yml
      fi
    done
  done

  if [ -f "/etc/openstack_deploy/user_extras_secrets.yml" ];then
    # Setting the secret generator to always return true because the file may be a zero byte file
    ${SCRIPTS_PATH}/pw-token-gen.py --file /etc/openstack_deploy/user_extras_secrets.yml || true
  fi
fi

for i in 'key\:' 'token\:' 'swift_hash_path' 'password\:' 'secret\:';do
  for l in $(grep "$i" /etc/openstack_deploy/user_variables.yml);do
    if ! grep "$l" /etc/openstack_deploy/user_secrets.yml; then
      echo "$l" | tee -a /etc/openstack_deploy/user_secrets.yml
    fi
  done
done

# Rename the mysql_root_password to galera_root_password.
sed -i 's/mysql_root_password/galera_root_password/g' /etc/openstack_deploy/user_secrets.yml

# Change the glance swift auth value if set. Done because the glance input variable has changed.
if grep '^glance_swift_store_auth_address\:' /etc/openstack_deploy/user_variables.yml | grep -e 'keystone_service_internaluri' -e 'auth_identity_uri'; then
  sed -i 's/^glance_swift_store_auth_address:.*/glance_swift_store_auth_address: "{{ keystone_service_internalurl }}"/g' /etc/openstack_deploy/user_variables.yml
fi

# Create some new secrets.
for i in 'glance_profiler_hmac_key:' 'cinder_profiler_hmac_key:' 'heat_profiler_hmac_key:' 'nova_v21_service_password:';do
  if ! grep "^$i" /etc/openstack_deploy/user_secrets.yml;then
    echo "$i" | tee -a /etc/openstack_deploy/user_secrets.yml
  fi
done

# Create the horizon secret key if not found.
if ! grep '^horizon_secret_key\:' /etc/openstack_deploy/user_secrets.yml;then
  echo 'horizon_secret_key:' | tee -a /etc/openstack_deploy/user_secrets.yml
fi

# Set the galera monitoring user to the old Juno Value.
if ! grep '^galera_monitoring_user' /etc/openstack_deploy/user_deleteme_post_upgrade_variables.yml;then
  echo 'galera_monitoring_user: "haproxy"' | tee -a /etc/openstack_deploy/user_deleteme_post_upgrade_variables.yml
fi

# Regenerate secrets for the new entries if any
${SCRIPTS_PATH}/pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml