Merge "Move generate keys from astute"
This commit is contained in:
commit
8384b8ca4d
@ -11,6 +11,7 @@ $dependent_dirs = ["/var/log/docker-logs", "/var/log/docker-logs/remote",
|
||||
"/var/log/docker-logs/nginx", "/var/log/docker-logs/ntpstats",
|
||||
"/var/log/docker-logs/puppet", "/var/log/docker-logs/rabbitmq",
|
||||
"/var/log/docker-logs/rhsm", "/var/log/docker-logs/supervisor",
|
||||
"/var/lib/fuel", "/var/lib/fuel/keys",
|
||||
]
|
||||
) {
|
||||
|
||||
|
@ -71,6 +71,7 @@ HOST_VOL['puppet']="-v /etc/puppet:/etc/puppet:ro"
|
||||
HOST_VOL['sshkey']="-v /root/.ssh:/root/.ssh:ro"
|
||||
HOST_VOL['astuteyaml']="-v /etc/fuel:/etc/fuel:ro"
|
||||
HOST_VOL['logs']="-v /var/log/docker-logs:/var/log"
|
||||
HOST_VOL['keys']="-v /var/lib/fuel/keys:/var/lib/fuel/keys:rw"
|
||||
|
||||
#Storage container volume mounts
|
||||
declare -A CONTAINER_VOLUMES
|
||||
@ -95,6 +96,7 @@ ASTUTE_VOL="--volumes-from ${CONTAINER_NAMES['astute']}"
|
||||
###astute: mcollective
|
||||
declare -A REQS
|
||||
REQS["${HOST_VOL['astuteyaml']}"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective keystone"
|
||||
REQS["${HOST_VOL['keys']}"]="mcollective astute"
|
||||
REQS["${HOST_VOL['repo']}"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective keystone"
|
||||
REQS["${HOST_VOL['logs']}"]="cobbler postgres rabbitmq rsync astute nailgun ostf nginx rsyslog mcollective keystone"
|
||||
#Most containers work from local integrated puppet, but rsync needs to serve host puppet
|
||||
|
@ -0,0 +1,46 @@
|
||||
#!/bin/sh
|
||||
|
||||
while getopts ":i:o:s:p:" opt; do
|
||||
case $opt in
|
||||
i) cluster_id=$OPTARG
|
||||
;;
|
||||
o) open_ssl_keys=$OPTARG
|
||||
;;
|
||||
s) ssh_keys=$OPTARG
|
||||
;;
|
||||
p) keys_path=$OPTARG
|
||||
;;
|
||||
esac
|
||||
done
|
||||
BASE_PATH=$keys_path/$cluster_id/
|
||||
|
||||
function generate_open_ssl_keys {
|
||||
for i in $open_ssl_keys
|
||||
do
|
||||
local dir_path=$BASE_PATH$i/
|
||||
local key_path=$dir_path$i.key
|
||||
mkdir -p $dir_path
|
||||
if [ ! -f $key_path ]; then
|
||||
openssl rand -base64 741 > $key_path 2>&1
|
||||
else
|
||||
echo 'Key $key_path already exists'
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
function generate_ssh_keys {
|
||||
for i in $ssh_keys
|
||||
do
|
||||
local dir_path=$BASE_PATH$i/
|
||||
local key_path=$dir_path$i
|
||||
mkdir -p $dir_path
|
||||
if [ ! -f $key_path ]; then
|
||||
ssh-keygen -b 2048 -t rsa -N '' -f $key_path 2>&1
|
||||
else
|
||||
echo 'Key $key_path already exists'
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
generate_open_ssl_keys
|
||||
generate_ssh_keys
|
@ -43,6 +43,7 @@
|
||||
timeout: 3600
|
||||
cwd: /
|
||||
|
||||
|
||||
- id: vcenter_compute_zones_create
|
||||
type: shell
|
||||
role: [primary-controller]
|
||||
@ -52,6 +53,7 @@
|
||||
cmd: /usr/bin/python /etc/puppet/modules/osnailyfacter/modular/astute/vcenter_compute_zones.py
|
||||
timeout: 180
|
||||
|
||||
|
||||
- id: upload_core_repos
|
||||
type: upload_file
|
||||
role: '*'
|
||||
@ -74,3 +76,41 @@
|
||||
parameters:
|
||||
cmd: rm -f /etc/hiera/nodes.yaml
|
||||
retries: 1
|
||||
|
||||
#PREDEPLOYMENT HOOKS
|
||||
- id: copy_keys
|
||||
type: copy_files
|
||||
role: '*'
|
||||
stage: pre_deployment
|
||||
requires: [generate_keys]
|
||||
parameters:
|
||||
files:
|
||||
- src: /var/lib/fuel/keys/{CLUSTER_ID}/neutron/neutron.pub
|
||||
dst: /var/lib/astute/neutron/neutron.pub
|
||||
- src: /var/lib/fuel/keys/{CLUSTER_ID}/neutron/neutron
|
||||
dst: /var/lib/astute/neutron/neutron
|
||||
- src: /var/lib/fuel/keys/{CLUSTER_ID}/nova/nova.pub
|
||||
dst: /var/lib/astute/nova/nova.pub
|
||||
- src: /var/lib/fuel/keys/{CLUSTER_ID}/nova/nova
|
||||
dst: /var/lib/astute/nova/nova
|
||||
- src: /var/lib/fuel/keys/{CLUSTER_ID}/ceph/ceph.pub
|
||||
dst: /var/lib/astute/ceph/ceph.pub
|
||||
- src: /var/lib/fuel/keys/{CLUSTER_ID}/ceph/ceph
|
||||
dst: /var/lib/astute/ceph/ceph
|
||||
- src: /var/lib/fuel/keys/{CLUSTER_ID}/mysql/mysql.pub
|
||||
dst: /var/lib/astute/mysql/mysql.pub
|
||||
- src: /var/lib/fuel/keys/{CLUSTER_ID}/mysql/mysql
|
||||
dst: /var/lib/astute/mysql/mysql
|
||||
- src: /var/lib/fuel/keys/{CLUSTER_ID}/mongodb/mongodb.key
|
||||
dst: /var/lib/astute/mongodb/mongodb.key
|
||||
permissions: '0600'
|
||||
dir_permissions: '0700'
|
||||
|
||||
- id: generate_keys
|
||||
type: shell
|
||||
role: master
|
||||
stage: pre_deployment
|
||||
required_for: [copy_keys]
|
||||
parameters:
|
||||
cmd: sh /etc/puppet/modules/osnailyfacter/modular/astute/generate_keys.sh -i {CLUSTER_ID} -o 'mongodb' -s 'neutron nova ceph mysql' -p /var/lib/fuel/keys/
|
||||
timeout: 180
|
||||
|
@ -32,8 +32,8 @@ TASK_SCHEMA = {
|
||||
'required': ['type', 'id'],
|
||||
'properties': {
|
||||
'id': {'type': 'string'},
|
||||
'type': {'enum': ['puppet', 'shell', 'group',
|
||||
'stage', 'upload_file', 'sync'],
|
||||
'type': {'enum': ['puppet', 'shell', 'group', 'stage', 'copy_files',
|
||||
'sync', 'upload_file'],
|
||||
'type': 'string'},
|
||||
'parameters': {'type': 'object'},
|
||||
'required_for': {'type': 'array'},
|
||||
|
Loading…
Reference in New Issue
Block a user