From c991e1e122db066f386c8ba4295f206fbae818e5 Mon Sep 17 00:00:00 2001 From: Bin Qian Date: Wed, 20 Jan 2021 14:23:47 -0500 Subject: [PATCH] cert-mon secret data migration for upgrade to stx5 Add data migration code to populate secret data for cert-mon service. The secret data is stored in static secret data file. The data in static secret is only configured in initial bootstrap. Closes-bug: 1913173 Change-Id: I9ddb1aca9b2ba136facf1b3c294a273010e2a26b Signed-off-by: Bin Qian --- .../controllerconfig/upgrades/controller.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py b/controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py index 8d1726e7f6..38516a40d7 100644 --- a/controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py +++ b/controllerconfig/controllerconfig/controllerconfig/upgrades/controller.py @@ -800,6 +800,23 @@ def migrate_hiera_data(from_release, to_release, role=None): secure_static_config.update({ 'platform::helm::v2::db::postgresql::password': helmv2_db_pw }) + + # update below static secure config + # sysinv::certmon::local_keystone_password + # sysinv::certmon::dc_keystone_password + sysinv_pass = utils.get_password_from_keyring('sysinv', 'services') + secure_static_config.update({ + 'sysinv::certmon::local_keystone_password': sysinv_pass + }) + + dc_pass = '' + if role == sysinv_constants.DISTRIBUTED_CLOUD_ROLE_SYSTEMCONTROLLER: + dc_pass = utils.get_password_from_keyring('dcmanager', 'services') + + secure_static_config.update({ + 'sysinv::certmon::dc_keystone_password': dc_pass + }) + with open(secure_static_file, 'w') as yaml_file: yaml.dump(secure_static_config, yaml_file, default_flow_style=False)