From 21e952d975539e609eff7389ecada8686525affa Mon Sep 17 00:00:00 2001
From: Marcelo Loebens <Marcelo.DeCastroLoebens@windriver.com>
Date: Tue, 28 Nov 2023 11:41:41 -0400
Subject: [PATCH] Enable upgrade script to create platform certs

Enabled upgrade script to verify the existence and issue if necessary
the now (after this Story) required platform certificates (REST API &
Web Server, Docker Registry and local OpenLDAP), using the
'system-local-ca' ClusterIssuer for DX systems.

The proper system upgrades tests weren't executed due to instability
in upgrades to stx 9.0. Manual tests were executed instead, and should
cover the upgrade scenario correctly.

Test plan:
PASS: Execute the upgrade script manually and verify that the required
      platform certificates are not altered.

PASS: Delete the required platform certificates. Execute the upgrade
      script manually and verify that the required platform
      certificates are issued.

Story: 2009811
Task: 49160

Depends-on: https://review.opendev.org/c/starlingx/ansible-playbooks/+/902088

Change-Id: I50c98bfa289b3a37e1a53a79315594e5ac3bd344
Signed-off-by: Marcelo Loebens <Marcelo.DeCastroLoebens@windriver.com>
---
 .../81-create-required-platform-certs.py      | 21 +++++--------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/controllerconfig/controllerconfig/upgrade-scripts/81-create-required-platform-certs.py b/controllerconfig/controllerconfig/upgrade-scripts/81-create-required-platform-certs.py
index 662121f37a..0d43bddfdc 100644
--- a/controllerconfig/controllerconfig/upgrade-scripts/81-create-required-platform-certs.py
+++ b/controllerconfig/controllerconfig/upgrade-scripts/81-create-required-platform-certs.py
@@ -6,15 +6,9 @@
 # This script creates required platform certificates for DX systems.
 # SX systems leverage the execution ansible upgrade playbook for this.
 #
-# Note: A file is used as temporary feature flag for
-#       https://storyboard.openstack.org/#!/story/2009811
-#       to avoid interfering with current behavior before the feature is
-#       completed (see variable 'feature_flag').
-#
 
 import subprocess
 import sys
-import os.path
 from controllerconfig.common import log
 LOG = log.get_logger(__name__)
 
@@ -30,12 +24,13 @@ def get_system_mode():
     return None
 
 
-def create_platform_certificates():
+def create_platform_certificates(to_release):
     """Run ansible playbook to create platform certificates
     """
     playbooks_root = '/usr/share/ansible/stx-ansible/playbooks'
     upgrade_script = 'create-platform-certificates-in-upgrade.yml'
-    cmd = 'ansible-playbook {}/{}'.format(playbooks_root, upgrade_script)
+    cmd = 'ansible-playbook {}/{} -e "software_version={}"'.format(
+        playbooks_root, upgrade_script, to_release)
     sub = subprocess.Popen(cmd, shell=True,
                            stdout=subprocess.PIPE, stderr=subprocess.PIPE)
     stdout, stderr = sub.communicate()
@@ -63,13 +58,7 @@ def main():
         arg += 1
     log.configure()
 
-    # Temporary feature flag file
-    config_dir = '/opt/platform/config/' + to_release
-    feature_flag = config_dir + '/.create_platform_certificates'
-
-    if (action == 'activate' and
-            from_release == '22.12' and
-            os.path.exists(feature_flag)):
+    if (action == 'activate' and from_release == '22.12'):
         LOG.info("%s invoked with from_release = %s to_release = %s "
                  "action = %s"
                  % (sys.argv[0], from_release, to_release, action))
@@ -81,7 +70,7 @@ def main():
                      % (sys.argv[0], mode))
             return 0
 
-        create_platform_certificates()
+        create_platform_certificates(to_release)
 
 
 if __name__ == "__main__":