Add functionality to create Salt keypairs

Create Salt key pair if needed Move Salt key pair creation above bootstrap_server Pre-seed Salt Minion keys Use fqdn instead of cert name. Set the Minion ID to be the fqdn Logic improvements in add_salt_keypair Use proper splitext, some suggested fixes Remove minion_id definition. Let fqdn define minion id Change-Id: I74e5ffb1a414ee61f1214332be34b5ed0fd26e95 Reviewed-on: https://review.openstack.org/26046 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Nicolas Simonds <nic@metacloud.com> Reviewed-by: Anita Kuno <anita.kuno@enovance.com> Reviewed-by: Matthew Sherborne <msherborne+openstack@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-04-03 14:47:16 -06:00
parent 05cd301f8b
commit e8862b1d1a
2 changed files with 40 additions and 2 deletions
--- a/launch/utils.py
+++ b/launch/utils.py
@@ -29,6 +29,7 @@ import os
 import traceback
 import paramiko
 import socket
+import salt.crypt
 from sshclient import SSHClient


@@ -124,6 +125,25 @@ def add_keypair(client, name):
    kp = client.keypairs.create(name, public_key)
    return key, kp

+def add_salt_keypair(keydir, keyname, keysize=2048):
+    '''
+    Generate a key pair for use with Salt
+    '''
+    salt_priv = '{0}.pem'.format(keyname)
+    salt_pub = '{0}.pub'.format(keyname)
+    priv_key = os.path.join(keydir, salt_priv)
+    pub_key = os.path.join(keydir, salt_pub)
+    if not os.path.exists(priv_key) or \
+       not os.path.exists(pub_key):
+        try:
+            os.makedirs(keydir)
+        except OSError:
+            pass
+        priv_key = salt.crypt.gen_keys(keydir, keyname, keysize)
+        path, ext = os.path.splitext(priv_key)
+        pub_key = '{0}.pub'.format(path)
+    return priv_key, pub_key
+
 def wait_for_resource(wait_resource):
    last_progress = None
    last_status = None