From 46db458e62202c34321d1b8bea5422c2e82b38c8 Mon Sep 17 00:00:00 2001 From: Raphael Lima Date: Thu, 21 Mar 2024 16:58:47 -0300 Subject: [PATCH] Remove sysinv bootstrap This commit removes the sysinv bootstrap class from Puppet, following the migration of sysinv bootstrap to Ansible: https://review.opendev.org/c/starlingx/ansible-playbooks/+/913930. Test plan: All of the following items were tested with the addition of the changes from the above specified commit. 1. PASS: Deploy a DC system with one system controller and two subclouds and ensure the subclouds can be managed 2. PASS: Deploy an AIO-SX system and verify the host unlocks 3. PASS: Perform bootstrap replay and ensure the host unlocks after re-execution 4. PASS: Verify the openstack user, role, service and endpoints configuration for sysinv after bootstrap for each deployment type 5. PASS: Verify the sysinv.conf and api-paste.ini file for each deployment type Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/913930 Story: 2011035 Task: 49765 Change-Id: Ide37577c6ec580acfd468819428a4f80e21625f8 Signed-off-by: Raphael Lima --- .../src/manifests/ansible_bootstrap.pp | 2 - .../modules/openstack/manifests/keystone.pp | 36 +-------------- .../src/modules/platform/manifests/sysinv.pp | 45 ------------------- 3 files changed, 2 insertions(+), 81 deletions(-) diff --git a/puppet-manifests/src/manifests/ansible_bootstrap.pp b/puppet-manifests/src/manifests/ansible_bootstrap.pp index a3ae671a6..7240f605a 100644 --- a/puppet-manifests/src/manifests/ansible_bootstrap.pp +++ b/puppet-manifests/src/manifests/ansible_bootstrap.pp @@ -18,8 +18,6 @@ include ::platform::amqp::bootstrap include ::openstack::keystone::bootstrap include ::platform::client::bootstrap -include ::platform::sysinv::bootstrap - # Puppet classes to enable the bring up of kubernetes master include ::platform::docker::bootstrap include ::platform::etcd::bootstrap diff --git a/puppet-manifests/src/modules/openstack/manifests/keystone.pp b/puppet-manifests/src/modules/openstack/manifests/keystone.pp index e3dba28a3..877bd99de 100644 --- a/puppet-manifests/src/modules/openstack/manifests/keystone.pp +++ b/puppet-manifests/src/modules/openstack/manifests/keystone.pp @@ -191,24 +191,6 @@ define openstack::keystone::delete_endpoints ( } } -define openstack::keystone::user::option ( - $admin_username, - $admin_password, - $auth_url, - $username, - $option, - String $option_value, -) { - exec { "Set user ${username} option ${option} to ${option_value}": - command => @("EOC"/L), - /usr/local/bin/set_keystone_user_option.sh \ - ${admin_username} '${admin_password}' ${auth_url} ${username} ${option} ${option_value} - | EOC - logoutput => true, - provider => shell, - } -} - class openstack::keystone::api inherits ::openstack::keystone::params { @@ -302,8 +284,7 @@ class openstack::keystone::bootstrap( include ::keystone::roles::admin # disabling the admin token per openstack recommendation include ::keystone::disable_admin_token_auth - $dc_required_classes = [ Class['::keystone::roles::admin'], - Class['::platform::sysinv::bootstrap'] ] + $dc_required_classes = [ Class['::keystone::roles::admin'] ] } default: { @@ -322,8 +303,7 @@ class openstack::keystone::bootstrap( class { '::keystone::bootstrap': password => lookup('keystone::roles::admin::password'), } - $dc_required_classes = [ Class['::keystone::bootstrap'], - Class['::platform::sysinv::bootstrap'] ] + $dc_required_classes = [ Class['::keystone::bootstrap'] ] } } @@ -331,18 +311,6 @@ class openstack::keystone::bootstrap( keystone_role { '_member_': ensure => present, } - - # set admin ignore_lockout_failure_attempts option to true to exempt - # admin user from auth fail lockout. - Keystone::Resource::Service_identity <||> - -> openstack::keystone::user::option { 'Set user option': - admin_username => $::platform::client::params::admin_username, - admin_password => $::platform::client::params::admin_password, - auth_url => $::platform::client::params::identity_auth_url, - username => $::platform::client::params::admin_username, - option => 'ignore_lockout_failure_attempts', - option_value => bool2str(true), - } } } diff --git a/puppet-manifests/src/modules/platform/manifests/sysinv.pp b/puppet-manifests/src/modules/platform/manifests/sysinv.pp index e9bab9c41..eb87d139e 100644 --- a/puppet-manifests/src/modules/platform/manifests/sysinv.pp +++ b/puppet-manifests/src/modules/platform/manifests/sysinv.pp @@ -144,48 +144,3 @@ class platform::sysinv::api } include ::platform::sysinv::haproxy } - - -class platform::sysinv::bootstrap ( - $dc_sysinv_user_id = undef, -) { - include ::sysinv::db::postgresql - include ::sysinv::keystone::auth - include ::platform::client::params - - if $dc_sysinv_user_id { - exec { 'update keystone sysinv assignment actor_id to match system controller': - command => "psql -d keystone -c \"update public.assignment set actor_id='${dc_sysinv_user_id}' from public.local_user where\ - public.assignment.actor_id=public.local_user.user_id and public.local_user.name='sysinv'\"", - user => 'postgres', - require => Class['::sysinv::keystone::auth'], - } - -> exec { 'update keystone sysinv user id to match system controller': - command => "psql -d keystone -c \"update public.user set id='${dc_sysinv_user_id}' from public.local_user where\ - public.user.id=public.local_user.user_id and public.local_user.name='sysinv'\"", - user => 'postgres', - } - } - - include ::platform::sysinv - - class { '::sysinv::api': - enabled => true - } - - class { '::sysinv::conductor': - enabled => true - } - - # set sysinv ignore_lockout_failure_attempts option to true to - # exempt it from auth fail lockout. - Class['::sysinv::keystone::auth'] - -> openstack::keystone::user::option { 'Set sysinv user option': - admin_username => $::platform::client::params::admin_username, - admin_password => $::platform::client::params::admin_password, - auth_url => $::platform::client::params::identity_auth_url, - username => $::sysinv::keystone::auth::auth_name, - option => 'ignore_lockout_failure_attempts', - option_value => bool2str(true), - } -}