From 695d96e49c2c44f282fdb432df2b6d22789bb65c Mon Sep 17 00:00:00 2001
From: Giulio Fidente <gfidente@redhat.com>
Date: Mon, 11 May 2020 16:48:30 +0200
Subject: [PATCH] Remove Ceph{Admin,Mon,Mds}Key parameters

ceph-ansible does not support replacing these secrets for existing
clusters and it generates them randomly if unset

customizing the secret for fresh deployments is possible but causes
issues on upgrade to train for pre-existing deployments on queens
where it was generated randomly

this submission removes support for the parameters which allow for
customization of the secret, letting ceph-ansible create one and
reuse the existing one on upgrade

Change-Id: If77935345de70ae261b091b8bf49b997dc71a781
Closes-Bug: 1878014
(cherry picked from commit 18274de03acadcf1ed7cf51226c24ce7b3829bb4)
---
 .../scenario001-multinode-containers.yaml       |  2 --
 ci/environments/scenario001-standalone.yaml     |  2 --
 ci/environments/scenario004-standalone.yaml     |  3 +--
 .../scenario010-multinode-containers.yaml       |  2 --
 ci/environments/scenario010-standalone.yaml     |  2 --
 deployment/ceph-ansible/ceph-mds.yaml           |  7 -------
 deployment/ceph-ansible/ceph-mon.yaml           | 17 +----------------
 environments/storage-environment.yaml           |  4 ----
 8 files changed, 2 insertions(+), 37 deletions(-)

diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml
index 4b8d085fde..d063603d6f 100644
--- a/ci/environments/scenario001-multinode-containers.yaml
+++ b/ci/environments/scenario001-multinode-containers.yaml
@@ -145,8 +145,6 @@ parameter_defaults:
   # a production deployment. What is here is suitable for
   # developer and CI testing only.
   CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
-  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   CephAnsiblePlaybookVerbosity: 1
   CephAnsibleEnvironmentVariables:
diff --git a/ci/environments/scenario001-standalone.yaml b/ci/environments/scenario001-standalone.yaml
index 0d6b93e132..535d5fc607 100644
--- a/ci/environments/scenario001-standalone.yaml
+++ b/ci/environments/scenario001-standalone.yaml
@@ -89,8 +89,6 @@ parameter_defaults:
   # a production deployment. What is here is suitable for
   # developer and CI testing only.
   CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
-  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   CephExtraKeys:
     - name: "client.glance"
diff --git a/ci/environments/scenario004-standalone.yaml b/ci/environments/scenario004-standalone.yaml
index 7622b1b498..bee378736e 100644
--- a/ci/environments/scenario004-standalone.yaml
+++ b/ci/environments/scenario004-standalone.yaml
@@ -58,9 +58,8 @@ parameter_defaults:
   # a production deployment. What is here is suitable for
   # developer and CI testing only.
   CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
-  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+  CephRgwKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephAnsiblePlaybookVerbosity: 1
   CephAnsibleRepo: "tripleo-centos-ceph-nautilus"
   CephAnsibleEnvironmentVariables:
diff --git a/ci/environments/scenario010-multinode-containers.yaml b/ci/environments/scenario010-multinode-containers.yaml
index 5128690c28..8f7de2f584 100644
--- a/ci/environments/scenario010-multinode-containers.yaml
+++ b/ci/environments/scenario010-multinode-containers.yaml
@@ -109,8 +109,6 @@ parameter_defaults:
   CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
   CephAnsibleRepo: "tripleo-centos-ceph-nautilus"
   CephClusterName: mycephcluster
-  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   NovaEnableRbdBackend: true
   CeilometerEnableGnocchi: true
diff --git a/ci/environments/scenario010-standalone.yaml b/ci/environments/scenario010-standalone.yaml
index d193366dd1..25b605566f 100644
--- a/ci/environments/scenario010-standalone.yaml
+++ b/ci/environments/scenario010-standalone.yaml
@@ -61,8 +61,6 @@ parameter_defaults:
   # a production deployment. What is here is suitable for
   # developer and CI testing only.
   CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
-  CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
   CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   CephAnsiblePlaybookVerbosity: 1
   CephAnsibleEnvironmentVariables:
diff --git a/deployment/ceph-ansible/ceph-mds.yaml b/deployment/ceph-ansible/ceph-mds.yaml
index 21f86b7072..278db7e7d1 100644
--- a/deployment/ceph-ansible/ceph-mds.yaml
+++ b/deployment/ceph-ansible/ceph-mds.yaml
@@ -30,13 +30,6 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
-  CephMdsKey:
-    description: The cephx key for the MDS service. Can be created
-                 with ceph-authtool --gen-print-key.
-    type: string
-    hidden: true
-    constraints:
-    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephEnableDashboard:
     type: boolean
     default: false
diff --git a/deployment/ceph-ansible/ceph-mon.yaml b/deployment/ceph-ansible/ceph-mon.yaml
index 6c481f5cc8..9b108e9594 100644
--- a/deployment/ceph-ansible/ceph-mon.yaml
+++ b/deployment/ceph-ansible/ceph-mon.yaml
@@ -30,19 +30,6 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
-  CephMonKey:
-    description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key.
-    type: string
-    hidden: true
-    constraints:
-    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
-  CephAdminKey:
-    default: ''
-    description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
-    type: string
-    hidden: true
-    constraints:
-    - allowed_pattern: "^[a-zA-Z0-9+/]{38}==$"
   CephValidationRetries:
     type: number
     default: 40
@@ -75,9 +62,7 @@ resources:
     properties:
       type: json
       value:
-        vars:
-          monitor_secret: {get_param: CephMonKey}
-          admin_secret: {get_param: CephAdminKey}
+        vars: {}
 
 outputs:
   role_data:
diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml
index eb5439e3a0..352767a5d5 100644
--- a/environments/storage-environment.yaml
+++ b/environments/storage-environment.yaml
@@ -77,10 +77,6 @@ parameter_defaults:
   ## Ceph FSID, e.g. '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
   # CephClusterFSID: ''
   ## Ceph monitor key, e.g. 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
-  # CephMonKey: ''
-  ## Ceph admin key, e.g. 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
-  # CephAdminKey: ''
-  ## Ceph client key, e.g 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
   # CephClientKey: ''
   ## OSDs configuration
   ## See https://github.com/ceph/ceph-ansible/blob/stable-3.0/docs/source/osds/scenarios.rst