Merge "Move generate keys from astute"
This commit is contained in:
commit
8384b8ca4d
@ -11,6 +11,7 @@ $dependent_dirs = ["/var/log/docker-logs", "/var/log/docker-logs/remote",
|
|||||||
"/var/log/docker-logs/nginx", "/var/log/docker-logs/ntpstats",
|
"/var/log/docker-logs/nginx", "/var/log/docker-logs/ntpstats",
|
||||||
"/var/log/docker-logs/puppet", "/var/log/docker-logs/rabbitmq",
|
"/var/log/docker-logs/puppet", "/var/log/docker-logs/rabbitmq",
|
||||||
"/var/log/docker-logs/rhsm", "/var/log/docker-logs/supervisor",
|
"/var/log/docker-logs/rhsm", "/var/log/docker-logs/supervisor",
|
||||||
|
"/var/lib/fuel", "/var/lib/fuel/keys",
|
||||||
]
|
]
|
||||||
) {
|
) {
|
||||||
|
|
||||||
|
@ -71,6 +71,7 @@ HOST_VOL['puppet']="-v /etc/puppet:/etc/puppet:ro"
|
|||||||
HOST_VOL['sshkey']="-v /root/.ssh:/root/.ssh:ro"
|
HOST_VOL['sshkey']="-v /root/.ssh:/root/.ssh:ro"
|
||||||
HOST_VOL['astuteyaml']="-v /etc/fuel:/etc/fuel:ro"
|
HOST_VOL['astuteyaml']="-v /etc/fuel:/etc/fuel:ro"
|
||||||
HOST_VOL['logs']="-v /var/log/docker-logs:/var/log"
|
HOST_VOL['logs']="-v /var/log/docker-logs:/var/log"
|
||||||
|
HOST_VOL['keys']="-v /var/lib/fuel/keys:/var/lib/fuel/keys:rw"
|
||||||
|
|
||||||
#Storage container volume mounts
|
#Storage container volume mounts
|
||||||
declare -A CONTAINER_VOLUMES
|
declare -A CONTAINER_VOLUMES
|
||||||
@ -95,6 +96,7 @@ ASTUTE_VOL="--volumes-from ${CONTAINER_NAMES['astute']}"
|
|||||||
###astute: mcollective
|
###astute: mcollective
|
||||||
declare -A REQS
|
declare -A REQS
|
||||||
REQS["${HOST_VOL['astuteyaml']}"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective keystone"
|
REQS["${HOST_VOL['astuteyaml']}"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective keystone"
|
||||||
|
REQS["${HOST_VOL['keys']}"]="mcollective astute"
|
||||||
REQS["${HOST_VOL['repo']}"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective keystone"
|
REQS["${HOST_VOL['repo']}"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective keystone"
|
||||||
REQS["${HOST_VOL['logs']}"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective keystone"
|
REQS["${HOST_VOL['logs']}"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective keystone"
|
||||||
#Most containers work from local integrated puppet, but rsync needs to serve host puppet
|
#Most containers work from local integrated puppet, but rsync needs to serve host puppet
|
||||||
|
@ -0,0 +1,46 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
while getopts ":i:o:s:p:" opt; do
|
||||||
|
case $opt in
|
||||||
|
i) cluster_id=$OPTARG
|
||||||
|
;;
|
||||||
|
o) open_ssl_keys=$OPTARG
|
||||||
|
;;
|
||||||
|
s) ssh_keys=$OPTARG
|
||||||
|
;;
|
||||||
|
p) keys_path=$OPTARG
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
BASE_PATH=$keys_path/$cluster_id/
|
||||||
|
|
||||||
|
function generate_open_ssl_keys {
|
||||||
|
for i in $open_ssl_keys
|
||||||
|
do
|
||||||
|
local dir_path=$BASE_PATH$i/
|
||||||
|
local key_path=$dir_path$i.key
|
||||||
|
mkdir -p $dir_path
|
||||||
|
if [ ! -f $key_path ]; then
|
||||||
|
openssl rand -base64 741 > $key_path 2>&1
|
||||||
|
else
|
||||||
|
echo 'Key $key_path already exists'
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
function generate_ssh_keys {
|
||||||
|
for i in $ssh_keys
|
||||||
|
do
|
||||||
|
local dir_path=$BASE_PATH$i/
|
||||||
|
local key_path=$dir_path$i
|
||||||
|
mkdir -p $dir_path
|
||||||
|
if [ ! -f $key_path ]; then
|
||||||
|
ssh-keygen -b 2048 -t rsa -N '' -f $key_path 2>&1
|
||||||
|
else
|
||||||
|
echo 'Key $key_path already exists'
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
generate_open_ssl_keys
|
||||||
|
generate_ssh_keys
|
@ -43,6 +43,7 @@
|
|||||||
timeout: 3600
|
timeout: 3600
|
||||||
cwd: /
|
cwd: /
|
||||||
|
|
||||||
|
|
||||||
- id: vcenter_compute_zones_create
|
- id: vcenter_compute_zones_create
|
||||||
type: shell
|
type: shell
|
||||||
role: [primary-controller]
|
role: [primary-controller]
|
||||||
@ -52,6 +53,7 @@
|
|||||||
cmd: /usr/bin/python /etc/puppet/modules/osnailyfacter/modular/astute/vcenter_compute_zones.py
|
cmd: /usr/bin/python /etc/puppet/modules/osnailyfacter/modular/astute/vcenter_compute_zones.py
|
||||||
timeout: 180
|
timeout: 180
|
||||||
|
|
||||||
|
|
||||||
- id: upload_core_repos
|
- id: upload_core_repos
|
||||||
type: upload_file
|
type: upload_file
|
||||||
role: '*'
|
role: '*'
|
||||||
@ -74,3 +76,41 @@
|
|||||||
parameters:
|
parameters:
|
||||||
cmd: rm -f /etc/hiera/nodes.yaml
|
cmd: rm -f /etc/hiera/nodes.yaml
|
||||||
retries: 1
|
retries: 1
|
||||||
|
|
||||||
|
#PREDEPLOYMENT HOOKS
|
||||||
|
- id: copy_keys
|
||||||
|
type: copy_files
|
||||||
|
role: '*'
|
||||||
|
stage: pre_deployment
|
||||||
|
requires: [generate_keys]
|
||||||
|
parameters:
|
||||||
|
files:
|
||||||
|
- src: /var/lib/fuel/keys/{CLUSTER_ID}/neutron/neutron.pub
|
||||||
|
dst: /var/lib/astute/neutron/neutron.pub
|
||||||
|
- src: /var/lib/fuel/keys/{CLUSTER_ID}/neutron/neutron
|
||||||
|
dst: /var/lib/astute/neutron/neutron
|
||||||
|
- src: /var/lib/fuel/keys/{CLUSTER_ID}/nova/nova.pub
|
||||||
|
dst: /var/lib/astute/nova/nova.pub
|
||||||
|
- src: /var/lib/fuel/keys/{CLUSTER_ID}/nova/nova
|
||||||
|
dst: /var/lib/astute/nova/nova
|
||||||
|
- src: /var/lib/fuel/keys/{CLUSTER_ID}/ceph/ceph.pub
|
||||||
|
dst: /var/lib/astute/ceph/ceph.pub
|
||||||
|
- src: /var/lib/fuel/keys/{CLUSTER_ID}/ceph/ceph
|
||||||
|
dst: /var/lib/astute/ceph/ceph
|
||||||
|
- src: /var/lib/fuel/keys/{CLUSTER_ID}/mysql/mysql.pub
|
||||||
|
dst: /var/lib/astute/mysql/mysql.pub
|
||||||
|
- src: /var/lib/fuel/keys/{CLUSTER_ID}/mysql/mysql
|
||||||
|
dst: /var/lib/astute/mysql/mysql
|
||||||
|
- src: /var/lib/fuel/keys/{CLUSTER_ID}/mongodb/mongodb.key
|
||||||
|
dst: /var/lib/astute/mongodb/mongodb.key
|
||||||
|
permissions: '0600'
|
||||||
|
dir_permissions: '0700'
|
||||||
|
|
||||||
|
- id: generate_keys
|
||||||
|
type: shell
|
||||||
|
role: master
|
||||||
|
stage: pre_deployment
|
||||||
|
required_for: [copy_keys]
|
||||||
|
parameters:
|
||||||
|
cmd: sh /etc/puppet/modules/osnailyfacter/modular/astute/generate_keys.sh -i {CLUSTER_ID} -o 'mongodb' -s 'neutron nova ceph mysql' -p /var/lib/fuel/keys/
|
||||||
|
timeout: 180
|
||||||
|
@ -32,8 +32,8 @@ TASK_SCHEMA = {
|
|||||||
'required': ['type', 'id'],
|
'required': ['type', 'id'],
|
||||||
'properties': {
|
'properties': {
|
||||||
'id': {'type': 'string'},
|
'id': {'type': 'string'},
|
||||||
'type': {'enum': ['puppet', 'shell', 'group',
|
'type': {'enum': ['puppet', 'shell', 'group', 'stage', 'copy_files',
|
||||||
'stage', 'upload_file', 'sync'],
|
'sync', 'upload_file'],
|
||||||
'type': 'string'},
|
'type': 'string'},
|
||||||
'parameters': {'type': 'object'},
|
'parameters': {'type': 'object'},
|
||||||
'required_for': {'type': 'array'},
|
'required_for': {'type': 'array'},
|
||||||
|
Loading…
Reference in New Issue
Block a user