Revert "Merge pull request #35 from mbukatov/issue_34"

This reverts commit 598fc9b, reversing
changes made to 5b0b06b.

.gitignore

@@ -8,7 +8,6 @@ site.yml
 # vagrant files
 .vagrant
 # ansible password lookup files
-etcd_root_passwd
 grafana_admin_passwd
 # rpm build artefacts (created via Makefile)
 *.tar.gz

roles/tendrl-server/README.md

@@ -10,17 +10,8 @@ with both api and web interface), and that new random default password is
 stored on *Tendrl Server* machine in `/root/password` file (based on
 [TEN-257](https://tendrl.atlassian.net/browse/TEN-257)).
 
-Also note that this role enables [etcd
-authentication](https://coreos.com/etcd/docs/latest/op-guide/authentication.html)
-by default (see description of `etcd_authentication` variable below), creating
-etcd root user account with new default random password via [ansible password
-lookup
-plugin](https://docs.ansible.com/ansible/latest/playbooks_lookups.html#the-password-lookup).
-This means that the password of etcd root user will be stored in current working
-directory (from where you run ansible), in `etcd_root_passwd` file. Don't
-delete this password file, as this role can't regenerate etcd root password.
-
-Moreover it also generates new random password for grafana admin user account
+Also note that this role
+also generates new random password for grafana admin user account
 via [ansible password lookup
 plugin](https://docs.ansible.com/ansible/latest/playbooks_lookups.html#the-password-lookup),
 which is then stored in `grafana_admin_passwd` file in current working
@@ -53,23 +44,6 @@ Role Variables
     config file (as shipped in rpm package) will be used. *If you are not sure*
     if you need to reconfigure this, *leave this variable undefined*.
 
- *  When `etcd_authentication` variable is undefined or set to `False` (which
-    is the default value), ansible would just skip all etcd authentication
-    tasks (icluding both etcd auth setup and tendrl configuration),
-    which means that if the etcd auth has been already enabled, it will still
-    be enabled and when etcd auth is disabled, it will continue to be disabled.
-    In other words, **this role can't disable nor reconfigura etcd
-    authentication, it can only skip etcd auth setup and config tasks**.
-
-    Since authentication is disabled in etcd by default, the only way to
-    configure Tendrl to run without etcd authentication is to set
-    `etcd_authentication` to `False` for the 1st time you run ansible to deploy
-    Tendrl, and keep it this way every other run of tendrl-ansible.
-
-    When the value is `True`, this role will enable [etcd
-    authentication](https://coreos.com/etcd/docs/latest/op-guide/authentication.html)
-    and configure tendrl components accordingly.
-
  *  When one or both of variables `tendrl_notifier_email_id` and
     `tendrl_notifier_email_smtp_server` is undefined (which is
     the default state for both variables), email configuration of

roles/tendrl-server/defaults/main.yml

@@ -1,4 +1,3 @@
 ---
 # defaults file for tendrl-server
-etcd_authentication: False
 tendrl_notifier_email_smtp_port: 25

roles/tendrl-server/tasks/etcd.yml

@@ -32,57 +32,4 @@
     name=etcd
     state=started
 
-#
-# https://coreos.com/etcd/docs/latest/op-guide/authentication.html
-#
-
-- name: Detection of current etcd authentication mode (etcdctl run)
-  command: etcdctl --endpoints http://{{ etcd_ip_address }}:2379 user list
-  changed_when: False
-  failed_when: False
-  register: detect_etcd_auth
-
-- name: Detection of current etcd authentication mode (checking stderr)
-  set_fact:
-    is_etcd_auth_already_enabled: "{{ 'Insufficient credentials' in detect_etcd_auth.stderr }}"
-
-- name: Detected status of etcd authentication (based on previous tasks)
-  debug:
-    var: is_etcd_auth_already_enabled
-
-- name: Detection if etcd_root_passwd (ansible password lookup file) exists
-  local_action: stat path=etcd_root_passwd
-  register: stat_etcd_root_passwd
-  run_once: True
-
-- name: Detected status of local etcd_root_passwd file (based on previous task)
-  debug:
-    var: stat_etcd_root_passwd['stat']['exists']
-
-- name: Prevent breaking etcd auth configuration when necessary
-  fail:
-    msg:
-      - "etcd auth is already enabled, but etcd_root_passwd file is missing"
-      - "to prevent misconfiguration of the cluster, ansible run stopped"
-      - "you need to save etcd root admin password into local etcd_root_passwd file to be able to run this playbook again"
-      - "another option is to skip etcd auth configuration by setting etcd_authentication ansible variable to False"
-  when: is_etcd_auth_already_enabled == True and stat_etcd_root_passwd['stat']['exists'] == False and etcd_authentication == True
-
-- name: Make it clear that we will not disable etcd auth when etcd_authentication == False
-  debug:
-    msg: "Since etcd_authentication == False, tasks dealing with etcd auth are just skipped."
-  when: is_etcd_auth_already_enabled == True and etcd_authentication == False
-
-- name: Add etcd root user account
-  command: etcdctl --endpoints http://{{ etcd_ip_address }}:2379 user add root:{{ lookup('password', 'etcd_root_passwd chars=ascii_letters length=30') }}
-  when: etcd_authentication == True and is_etcd_auth_already_enabled == False
-
-- name: Enable etcd authentication
-  command: etcdctl --endpoints http://{{ etcd_ip_address }}:2379 auth enable
-  when: etcd_authentication == True and is_etcd_auth_already_enabled == False
-
-- name: Remove etcd guest group
-  command: etcdctl --endpoints http://{{ etcd_ip_address }}:2379 --username root:{{ lookup('password', 'etcd_root_passwd chars=ascii_letters length=30') }} role remove guest
-  when: etcd_authentication == True and is_etcd_auth_already_enabled == False
-
 - meta: flush_handlers

roles/tendrl-server/tasks/tendrl-api.yml

@@ -17,19 +17,17 @@
   replace:
     dest: /etc/tendrl/etcd.yml
     regexp: "^ +:user_name:.*"
-    replace: "  :user_name: 'root'"
+    replace: "  :user_name: ''"
   notify:
     - restart tendrl-api
-  when: etcd_authentication == True
 
 - name: Configure tendrl-api etcd.yml password
   replace:
     dest: /etc/tendrl/etcd.yml
     regexp: "^ +:password:.*"
-    replace: "  :password: '{{ lookup('password', 'etcd_root_passwd') }}'"
+    replace: "  :password: ''"
   notify:
     - restart tendrl-api
-  when: etcd_authentication == True
 
 # based on description from:
 # https://github.com/Tendrl/api/blob/master/docs/users.adoc#create-admin-user

roles/tendrl-server/tasks/tendrl-monitoring-integration.yml

@@ -87,20 +87,6 @@
   notify:
     - restart tendrl-monitoring-integration
 
-- name: Configure etcd username and password in monitoring-integration.conf.yaml
-  lineinfile:
-    dest: /etc/tendrl/monitoring-integration/monitoring-integration.conf.yaml
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-  with_items:
-    - regexp: '^#? *etcd_username:.*'
-      line: "etcd_username: root"
-    - regexp: '^#? *etcd_password:.*'
-      line: "etcd_password: {{ lookup('password', 'etcd_root_passwd') }}"
-  notify:
-    - restart tendrl-monitoring-integration
-  when: etcd_authentication == True
-
 - name: Configure grafana admin password in monitoring-integration.conf.yaml
   lineinfile:
     dest: /etc/tendrl/monitoring-integration/monitoring-integration.conf.yaml

roles/tendrl-server/tasks/tendrl-node-agent.yml

@@ -18,20 +18,6 @@
   notify:
     - restart tendrl-node-agent
 
-- name: Configure etcd username and password in node-agent.conf.yaml
-  lineinfile:
-    dest: /etc/tendrl/node-agent/node-agent.conf.yaml
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-  with_items:
-    - regexp: '^#? *etcd_username:.*'
-      line: "etcd_username: root"
-    - regexp: '^#? *etcd_password:.*'
-      line: "etcd_password: {{ lookup('password', 'etcd_root_passwd') }}"
-  notify:
-    - restart tendrl-node-agent
-  when: etcd_authentication == True
-
 - name: Configure graphite_port in node-agent.conf.yaml (only when needed)
   lineinfile:
     dest: /etc/tendrl/node-agent/node-agent.conf.yaml

roles/tendrl-storage-node/README.md

@@ -21,15 +21,6 @@ Role Variables
     instance. Specifying this variable is mandatory as there is no default
     value.
 
- *  When `etcd_authentication` variable is undefined or set to `False` (which
-    is the default value), ansible tasks which
-    configures etcd credentials will be just skipped.
-    In other words, **this role can't disable or reconfigure etcd
-    authentication, it can only skip auth config tasks**.
-
-    When the value of `etcd_authentication` is `True`, this role will specify
-    etcd username and password in tendrl config files.
-
 Note that values specified in variables of this role need to match variables
 of *Tendrl Server* role.
 

roles/tendrl-storage-node/defaults/main.yml

@@ -1,3 +1,2 @@
 ---
 # defaults file for tendrl-node
-etcd_authentication: False

roles/tendrl-storage-node/tasks/tendrl-node-agent.yml

@@ -18,36 +18,6 @@
   notify:
     - restart tendrl-node-agent
 
-- name: Detection if etcd_root_passwd (ansible password lookup file) exists
-  local_action: stat path=etcd_root_passwd
-  register: stat_etcd_root_passwd
-  run_once: True
-  when: etcd_authentication == True
-
-- name: Make sure that etcd_root_passwd (ansible password lookup file) exists
-  fail:
-    msg:
-      - "to configure etcd credentials in tendrl config files, etcd_root_passwd (ansible password lookup) file is required"
-      - "since etcd_root_passwd is missing, we can't continue"
-      - "under normal conditions, etcd_root_passwd is created by ansible when tendrl-server role is executed"
-  when: etcd_authentication == True and stat_etcd_root_passwd['stat']['exists'] == False
-  run_once: True
-  delegate_to: localhost
-
-- name: Configure etcd username and password in node-agent.conf.yaml
-  lineinfile:
-    dest: /etc/tendrl/node-agent/node-agent.conf.yaml
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-  with_items:
-    - regexp: '^#? *etcd_username:.*'
-      line: "etcd_username: root"
-    - regexp: '^#? *etcd_password:.*'
-      line: "etcd_password: {{ lookup('password', 'etcd_root_passwd') }}"
-  notify:
-    - restart tendrl-node-agent
-  when: etcd_authentication == True
-
 - name: Enable tendrl-node-agent service
   service:
     name=tendrl-node-agent