From 5d6a4fd8f953fcfa04cb249800f5c324128b7e64 Mon Sep 17 00:00:00 2001 From: bborbely Date: Tue, 2 Jul 2019 16:19:37 +0200 Subject: [PATCH] Move swift authentication data to cm Signed-off-by: bborbely Change-Id: I2456b8805a1d9a6be2ea93d0ee00366c19728456 --- SPECS/swift.spec | 2 +- ansible/roles/swift/tasks/main.yml | 2 +- ansible/roles/swift/tasks/password_handler.yml | 89 ---------------------- ansible/roles/swift/tasks/swift_main.yml | 12 --- ansible/roles/swift/templates/main/admin.yml | 19 ----- ansible/roles/swift/templates/main/admin_envfile | 18 ----- .../roles/swift/templates/main/proxy-server.conf | 4 +- .../roles/swift/templates/main/registry_envfile | 19 ----- ansible/roles/swift/templates/main/swift_main.yml | 6 +- ansible/roles/swift/templates/update/admin.yml | 19 ----- ansible/roles/swift/templates/update/admin_envfile | 18 ----- .../roles/swift/templates/update/proxy-server.conf | 2 +- 12 files changed, 8 insertions(+), 202 deletions(-) delete mode 100644 ansible/roles/swift/templates/main/admin.yml delete mode 100644 ansible/roles/swift/templates/main/admin_envfile delete mode 100644 ansible/roles/swift/templates/main/registry_envfile delete mode 100644 ansible/roles/swift/templates/update/admin.yml delete mode 100644 ansible/roles/swift/templates/update/admin_envfile diff --git a/SPECS/swift.spec b/SPECS/swift.spec index f54cc29..061f8ab 100644 --- a/SPECS/swift.spec +++ b/SPECS/swift.spec @@ -15,7 +15,7 @@ %define COMPONENT swift %define RPM_NAME caas-%{COMPONENT} %define RPM_MAJOR_VERSION 2.21.0 -%define RPM_MINOR_VERSION 3 +%define RPM_MINOR_VERSION 4 %define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} Name: %{RPM_NAME} Version: %{RPM_MAJOR_VERSION} diff --git a/ansible/roles/swift/tasks/main.yml b/ansible/roles/swift/tasks/main.yml index a9e89f7..e139aee 100644 --- a/ansible/roles/swift/tasks/main.yml +++ b/ansible/roles/swift/tasks/main.yml @@ -13,7 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_tasks: password_handler.yml +- import_tasks: password_handler.yml - name: create directories file: diff --git a/ansible/roles/swift/tasks/password_handler.yml b/ansible/roles/swift/tasks/password_handler.yml index 72ea66a..576ade5 100644 --- a/ansible/roles/swift/tasks/password_handler.yml +++ b/ansible/roles/swift/tasks/password_handler.yml @@ -15,18 +15,8 @@ - include_tasks: password_gen.yml with_items: - - "admin" - "registry" -- name: get admin password - command: '/usr/bin/curl - https://{{ ansible_host }}:{{ caas.etcd_api_port }}/v2/keys/swift/admin - --cacert /etc/etcd/ssl/ca.pem - --cert /etc/etcd/ssl/etcd{{ nodeindex }}.pem - --key /etc/etcd/ssl/etcd{{ nodeindex }}-key.pem' - register: admin_pass - become_user: "root" - - name: get registry password command: '/usr/bin/curl https://{{ ansible_host }}:{{ caas.etcd_api_port }}/v2/keys/swift/registry @@ -43,82 +33,3 @@ - name: set registry pass set_fact: swift_registry_pass: "{{ registry_pass.stdout }}" - -- name: decode admin pass - shell: echo {{ (admin_pass.stdout|from_json).node.value }} | /usr/bin/openssl enc -d -aes-256-cbc -a -pass pass:{{ name }} - register: admin_pass - -- name: set admin pass - set_fact: - swift_admin_pass: "{{ admin_pass.stdout }}" - -- name: create dirs - file: - mode: 0750 - name: /etc/swift/usr/{{ item }} - state: directory - owner: swift - group: swift - with_items: - - "admin" - become_user: "root" - -- name: allowing cloud_admin_user to access /etc/swift folder - acl: - name: "/etc/swift" - entity: "{{ users.admin_user_name }}" - etype: user - permissions: rx - state: present - become_user: "root" - -- name: allowing cloud_admin_user to access /etc/swift/usr folder - acl: - name: "/etc/swift/usr" - entity: "{{ users.admin_user_name }}" - etype: user - permissions: rx - state: present - become_user: "root" - -- name: allowing cloud_admin_user to access /etc/swift/usr/admin folder - acl: - name: "/etc/swift/usr/admin" - entity: "{{ users.admin_user_name }}" - etype: user - permissions: rx - state: present - become_user: "root" - -- name: copy admin env_file - template: - src: main/admin_envfile - mode: 0640 - dest: /etc/swift/usr/admin/env_file - become_user: "root" - -- name: Copy admin.yml - template: - src: main/admin.yml - mode: 0640 - dest: /etc/swift/usr/admin/admin.yml - become_user: "root" - -- name: allowing users.admin_user_name to access /etc/swift/usr/admin/env_file - acl: - name: "/etc/swift/usr/admin/env_file" - entity: "{{ users.admin_user_name }}" - etype: user - permissions: r - state: present - become_user: "root" - -- name: allowing cloud_admin_user to access /etc/swift/usr/admin/admin.yml - acl: - name: "/etc/swift/usr/admin/admin.yml" - entity: "{{ users.admin_user_name }}" - etype: user - permissions: r - state: present - become_user: "root" - diff --git a/ansible/roles/swift/tasks/swift_main.yml b/ansible/roles/swift/tasks/swift_main.yml index 5a7267d..1626fd6 100644 --- a/ansible/roles/swift/tasks/swift_main.yml +++ b/ansible/roles/swift/tasks/swift_main.yml @@ -13,18 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Get Swift pass from file - shell: 'grep "export SWIFT_PASS=" /etc/swift/usr/admin/env_file | awk -F"=" "{ print \$2 }"' - register: swift_password_for_template - -- name: Get Swift pass from file - shell: 'grep "export SWIFT_USER=" /etc/swift/usr/admin/env_file | awk -F"=" "{ print \$2 }"' - register: swift_user_for_template - -- name: Get Swift pass from file - shell: 'grep "export SWIFT_TENANT=" /etc/swift/usr/admin/env_file | awk -F"=" "{ print \$2 }"' - register: swift_tenant_for_template - - name: template config files template: src: "main/{{ item }}" diff --git a/ansible/roles/swift/templates/main/admin.yml b/ansible/roles/swift/templates/main/admin.yml deleted file mode 100644 index 929fb29..0000000 --- a/ansible/roles/swift/templates/main/admin.yml +++ /dev/null @@ -1,19 +0,0 @@ -{# -Copyright 2019 Nokia - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -#} ---- -swift_user: admin -swift_tenant: admin -swift_password: {{ swift_admin_pass }} diff --git a/ansible/roles/swift/templates/main/admin_envfile b/ansible/roles/swift/templates/main/admin_envfile deleted file mode 100644 index cf9ba16..0000000 --- a/ansible/roles/swift/templates/main/admin_envfile +++ /dev/null @@ -1,18 +0,0 @@ -{# -Copyright 2019 Nokia - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -#} -export SWIFT_USER=admin -export SWIFT_TENANT=admin -export SWIFT_PASS={{ swift_admin_pass }} diff --git a/ansible/roles/swift/templates/main/proxy-server.conf b/ansible/roles/swift/templates/main/proxy-server.conf index def7cf0..1954c21 100644 --- a/ansible/roles/swift/templates/main/proxy-server.conf +++ b/ansible/roles/swift/templates/main/proxy-server.conf @@ -17,7 +17,7 @@ limitations under the License. [DEFAULT] bind_ip = 127.0.0.1 bind_port = 18084 -workers = 4 +workers = 4 user = swift [pipeline:main] @@ -48,5 +48,5 @@ use = egg:swift#healthcheck storage_url_scheme = https use = egg:swift#tempauth # user__ = -user_admin_admin = {{ swift_admin_pass }} .admin .reseller_admin +user_admin_admin = {{ caas.swift_credential.password }} .admin .reseller_admin user_admin_registry = {{ swift_registry_pass }} .admin diff --git a/ansible/roles/swift/templates/main/registry_envfile b/ansible/roles/swift/templates/main/registry_envfile deleted file mode 100644 index 1ec550f..0000000 --- a/ansible/roles/swift/templates/main/registry_envfile +++ /dev/null @@ -1,19 +0,0 @@ -{# -Copyright 2019 Nokia - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -#} -export SWIFT_USER=registry -export SWIFT_TENANT=admin -export SWIFT_PASS={{ swift_registry_pass }} - diff --git a/ansible/roles/swift/templates/main/swift_main.yml b/ansible/roles/swift/templates/main/swift_main.yml index f2c1327..7953160 100644 --- a/ansible/roles/swift/templates/main/swift_main.yml +++ b/ansible/roles/swift/templates/main/swift_main.yml @@ -52,11 +52,11 @@ spec: memory: "1Gi" env: - name: "SWIFT_USER" - value: "{{ swift_user_for_template.stdout }}" + value: "{{ caas.swift_credential.user }}" - name: "SWIFT_TENANT" - value: "{{ swift_tenant_for_template.stdout }}" + value: "{{ caas.swift_credential.tenant }}" - name: "SWIFT_PASS" - value: "{{ swift_password_for_template.stdout }}" + value: "{{ caas.swift_credential.password }}" - name: "SWIFT_PART_POWER" value: "7" - name: "SWIFT_PART_HOUR" diff --git a/ansible/roles/swift/templates/update/admin.yml b/ansible/roles/swift/templates/update/admin.yml deleted file mode 100644 index 8e6515c..0000000 --- a/ansible/roles/swift/templates/update/admin.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -{# -Copyright 2019 Nokia - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -#} -swift_user: admin -swift_tenant: admin -swift_password: {{ swift_admin_pass }} diff --git a/ansible/roles/swift/templates/update/admin_envfile b/ansible/roles/swift/templates/update/admin_envfile deleted file mode 100644 index cf9ba16..0000000 --- a/ansible/roles/swift/templates/update/admin_envfile +++ /dev/null @@ -1,18 +0,0 @@ -{# -Copyright 2019 Nokia - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -#} -export SWIFT_USER=admin -export SWIFT_TENANT=admin -export SWIFT_PASS={{ swift_admin_pass }} diff --git a/ansible/roles/swift/templates/update/proxy-server.conf b/ansible/roles/swift/templates/update/proxy-server.conf index 89bcba6..4855a15 100644 --- a/ansible/roles/swift/templates/update/proxy-server.conf +++ b/ansible/roles/swift/templates/update/proxy-server.conf @@ -43,5 +43,5 @@ use = egg:swift#healthcheck storage_url_scheme = https use = egg:swift#tempauth # user__ = -user_admin_admin = {{ swift_admin_pass }} .admin .reseller_admin +user_admin_admin = {{ caas.swift_credential.password }} .admin .reseller_admin user_admin_registry = {{ swift_registry_pass }} .admin -- 2.16.6