Use HeatStackDomainAdminPassword during adoption

We assume it's the same as service password which is not correct. Depends-On: openstack-k8s-operators/heat-operator#454 Signed-off-by: rabi <[email protected]>
openstack-k8s-operators · Oct 24, 2024 · 2d97e78 · 2d97e78
1 parent 16f658e
commit 2d97e78
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 2 deletions.
diff --git a/docs_user/modules/proc_adopting-the-orchestration-service.adoc b/docs_user/modules/proc_adopting-the-orchestration-service.adoc
@@ -22,9 +22,10 @@ endif::[]
 . Retrieve the existing `auth_encryption_key` and `service` passwords. You use these passwords to patch the `osp-secret`. In the following example, the `auth_encryption_key` is used as `HeatAuthEncryptionKey` and the `service` password is used as `HeatPassword`:
 +
 ----
-[stack@rhosp17 ~]$ grep -E 'HeatPassword|HeatAuth' ~/overcloud-deploy/overcloud/overcloud-passwords.yaml
+[stack@rhosp17 ~]$ grep -E 'HeatPassword|HeatAuth|HeatStackDomainAdmin' ~/overcloud-deploy/overcloud/overcloud-passwords.yaml
   HeatAuthEncryptionKey: Q60Hj8PqbrDNu2dDCbyIQE2dibpQUPg2
   HeatPassword: dU2N0Vr2bdelYH7eQonAwPfI3
+  HeatStackDomainAdminPassword: dU2N0Vr2bdelYH7eQonAwPfI3
 ----
 
 . Log in to a Controller node and verify the `auth_encryption_key` value in use:
@@ -66,6 +67,7 @@ spec:
       passwordSelectors:
         authEncryptionKey: HeatAuthEncryptionKey
         service: HeatPassword
+        stackDomainAdminPassword: HeatStackDomainAdminPassword
 '
 ----
 

diff --git a/docs_user/modules/proc_deploying-backend-services.adoc b/docs_user/modules/proc_deploying-backend-services.adoc
@@ -64,6 +64,7 @@ CINDER_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' CinderPasswor
 GLANCE_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' GlancePassword:' | awk -F ': ' '{ print $2; }')
 HEAT_AUTH_ENCRYPTION_KEY=$(cat ~/tripleo-standalone-passwords.yaml | grep ' HeatAuthEncryptionKey:' | awk -F ': ' '{ print $2; }')
 HEAT_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' HeatPassword:' | awk -F ': ' '{ print $2; }')
+HEAT_STACK_DOMAIN_ADMIN_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' HeatStackDomainAdminPassword:' | awk -F ': ' '{ print $2; }')
 IRONIC_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' IronicPassword:' | awk -F ': ' '{ print $2; }')
 MANILA_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' ManilaPassword:' | awk -F ': ' '{ print $2; }')
 NEUTRON_PASSWORD=$(cat ~/tripleo-standalone-passwords.yaml | grep ' NeutronPassword:' | awk -F ': ' '{ print $2; }')
@@ -80,6 +81,7 @@ CINDER_PASSWORD=$(cat ~/overcloud-deploy/overcloud/overcloud-passwords.yaml | gr
 GLANCE_PASSWORD=$(cat ~/overcloud-deploy/overcloud/overcloud-passwords.yaml | grep ' GlancePassword:' | awk -F ': ' '{ print $2; }')
 HEAT_AUTH_ENCRYPTION_KEY=$(cat ~/overcloud-deploy/overcloud/overcloud-passwords.yaml | grep ' HeatAuthEncryptionKey:' | awk -F ': ' '{ print $2; }')
 HEAT_PASSWORD=$(cat ~/overcloud-deploy/overcloud/overcloud-passwords.yaml | grep ' HeatPassword:' | awk -F ': ' '{ print $2; }')
+HEAT_STACK_DOMAIN_ADMIN_PASSWORD=$(cat ~/overcloud-deploy/overcloud/overcloud-passwords.yaml | grep ' HeatStackDomainAdminPassword:' | awk -F ': ' '{ print $2; }')
 IRONIC_PASSWORD=$(cat ~/overcloud-deploy/overcloud/overcloud-passwords.yaml | grep ' IronicPassword:' | awk -F ': ' '{ print $2; }')
 MANILA_PASSWORD=$(cat ~/overcloud-deploy/overcloud/overcloud-passwords.yaml | grep ' ManilaPassword:' | awk -F ': ' '{ print $2; }')
 NEUTRON_PASSWORD=$(cat ~/overcloud-deploy/overcloud/overcloud-passwords.yaml | grep ' NeutronPassword:' | awk -F ': ' '{ print $2; }')
@@ -132,6 +134,7 @@ $ oc set data secret/osp-secret "CinderPassword=$CINDER_PASSWORD"
 $ oc set data secret/osp-secret "GlancePassword=$GLANCE_PASSWORD"
 $ oc set data secret/osp-secret "HeatAuthEncryptionKey=$HEAT_AUTH_ENCRYPTION_KEY"
 $ oc set data secret/osp-secret "HeatPassword=$HEAT_PASSWORD"
+$ oc set data secret/osp-secret "HeatStackDomainAdminPassword=$HEAT_STACK_DOMAIN_ADMIN_PASSWORD"
 $ oc set data secret/osp-secret "IronicPassword=$IRONIC_PASSWORD"
 $ oc set data secret/osp-secret "IronicInspectorPassword=$IRONIC_PASSWORD"
 $ oc set data secret/osp-secret "ManilaPassword=$MANILA_PASSWORD"
@@ -359,4 +362,4 @@ $ oc get pod openstack-galera-0 -o jsonpath='{.status.phase}{"\n"}'
 $ oc get pod openstack-cell1-galera-0 -o jsonpath='{.status.phase}{"\n"}'
 ----
 
-. Verify that you can access the `OpenStackClient` pod. For more information, see link:{defaultURL}/maintaining_the_red_hat_openstack_services_on_openshift_deployment/assembly_accessing-the-rhoso-cloud#proc_accessing-the-OpenStackClient-pod_cloud-access-admin[Accessing the OpenStackClient pod] in _Maintaining the {rhos_long_noacro} deployment_.
+. Verify that you can access the `OpenStackClient` pod. For more information, see link:{defaultURL}/maintaining_the_red_hat_openstack_services_on_openshift_deployment/assembly_accessing-the-rhoso-cloud#proc_accessing-the-OpenStackClient-pod_cloud-access-admin[Accessing the OpenStackClient pod] in _Maintaining the {rhos_long_noacro} deployment_.
diff --git a/tests/roles/backend_services/defaults/main.yaml b/tests/roles/backend_services/defaults/main.yaml
@@ -14,6 +14,7 @@ octavia_password: ''
 placement_password: ''
 heat_password: ''
 heat_auth_encryption_key: ''
+heat_stack_domain_admin_password: ''
 swift_password: ''
 dns_lb_ip: 192.168.122.80
 dns_server_ip: 192.168.122.1
diff --git a/tests/roles/backend_services/tasks/main.yaml b/tests/roles/backend_services/tasks/main.yaml
@@ -50,6 +50,7 @@
     {% if heat_password %}
         oc set data secret/osp-secret "HeatPassword={{ heat_password }}"
         oc set data secret/osp-secret "HeatAuthEncryptionKey={{ heat_auth_encryption_key }}"
+        oc set data secret/osp-secret "HeatStackDomainAdminPassword={{ heat_stack_domain_admin_password }}"
     {% endif %}
     {% if manila_password %}
         oc set data secret/osp-secret "ManilaPassword={{ manila_password }}"

diff --git a/tests/roles/heat_adoption/defaults/main.yaml b/tests/roles/heat_adoption/defaults/main.yaml
@@ -13,5 +13,6 @@ heat_patch: |
         passwordSelectors:
           authEncryptionKey: HeatAuthEncryptionKey
           service: HeatPassword
+          stackDomainAdminPassword: HeatStackDomainAdminPassword
         rabbitMqClusterName: rabbitmq
         serviceUser: heat
diff --git a/tests/secrets.sample.yaml b/tests/secrets.sample.yaml
@@ -24,6 +24,7 @@ ironic_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.g
 manila_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.ManilaPassword') | first }}"
 neutron_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.NeutronPassword') | first }}"
 heat_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.HeatPassword') | first }}"
+heat_stack_domain_admin_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.HeatStackDomainAdminPassword') | first }}"
 heat_auth_encryption_key: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.HeatAuthEncryptionKey') | first }}"
 nova_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.NovaPassword') | first }}"
 octavia_password: "{{ lookup('file', tripleo_passwords) | from_yaml | community.general.json_query('*.OctaviaPassword') | first }}"