diff --git a/Overcloud-packages.md b/Overcloud-packages.md index af81f445a..c2891beb7 100644 --- a/Overcloud-packages.md +++ b/Overcloud-packages.md @@ -10,6 +10,11 @@ environment variables. The variables you can set are documented below before the calls to the script. For their default values, see the deploy-overcloud script itself. +1. You must source the contents of `/root/stackrc` into your shell before running the + instack-* scripts that interact with the undercloud and overcloud. In order to do that + you can copy that file to a more convenient location or use sudo to cat the file and copy/paste + the lines into your shell environment. + 1. Run the prepare-for-overcloud script to get setup. This script will re-downloading images if they already exist in the current working directory. If you want to force a redownload of the images, delete them first. diff --git a/README-packages.md b/README-packages.md index 41e9487e1..f5ec5e2e3 100644 --- a/README-packages.md +++ b/README-packages.md @@ -29,5 +29,10 @@ instack-undercloud via packages instack-install-undercloud-packages +4. Once the install script has run to completion, you should take note to secure and save the files + `/root/stackrc` and `/root/tripleo-undercloud-passwords`. Both these files will be needed to interact + with the installed undercloud. You may copy these files to your home directory to make them + easier to source later on, but you should try to keep them as secure and backed up as possible. + That completes the Undercloud install. To proceed with deploying and using the Overcloud see [Overcloud-packages](Overcloud-packages.md). diff --git a/README-source.md b/README-source.md index 562eedd9d..8f36b465c 100644 --- a/README-source.md +++ b/README-source.md @@ -34,5 +34,10 @@ instack-undercloud via source instack-install-undercloud +4. Once the install script has run to completion, you should take note to secure and save the files + `/root/stackrc` and `/root/tripleo-undercloud-passwords`. Both these files will be needed to interact + with the installed undercloud. You may copy these files to your home directory to make them + easier to source later on, but you should try to keep them as secure and backed up as possible. + That completes the Undercloud install. To proceed with deploying and using the Overcloud see [Overcloud-packages](Overcloud-packages.md). diff --git a/elements/undercloud-install/os-refresh-config/configure.d/55-stackrc b/elements/undercloud-install/os-refresh-config/configure.d/55-stackrc deleted file mode 100755 index b6a0b36c4..000000000 --- a/elements/undercloud-install/os-refresh-config/configure.d/55-stackrc +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -set -eux - -cp /root/stackrc /etc/sysconfig/stackrc -chmod 644 /etc/sysconfig/stackrc diff --git a/elements/undercloud-stack-config/config.json.template b/elements/undercloud-stack-config/config.json.template index 44ff45677..675bca5dd 100644 --- a/elements/undercloud-stack-config/config.json.template +++ b/elements/undercloud-stack-config/config.json.template @@ -1,13 +1,13 @@ { "OpenStack::Heat::Stack": { }, - "admin-password": "unset", - "admin-token": "unset", - "db-password": "unset", + "admin-password": "{{UNDERCLOUD_ADMIN_PASSWORD}}", + "admin-token": "{{UNDERCLOUD_ADMIN_TOKEN}}", + "db-password": "{{UNDERCLOUD_DB_PASSWORD}}", "local-ipv4": "{{LOCAL_IP}}", "keystone": { "host": "127.0.0.1", - "db": "mysql://keystone:unset@localhost/keystone" + "db": "mysql://keystone:{{UNDERCLOUD_DB_PASSWORD}}@localhost/keystone" }, "qpid": { "host": "127.0.0.1", @@ -17,15 +17,15 @@ "glance": { "backend": "file", "host": "127.0.0.1", - "db": "mysql://glance:unset@localhost/glance", - "service-password": "unset", + "db": "mysql://glance:{{UNDERCLOUD_DB_PASSWORD}}@localhost/glance", + "service-password": "{{UNDERCLOUD_GLANCE_PASSWORD}}", "notifier-strategy": "noop", "log-file": "''" }, "nova": { "compute_hostname": "undercloud", "host": "127.0.0.1", - "db": "mysql://nova:unset@localhost/nova", + "db": "mysql://nova:{{UNDERCLOUD_DB_PASSWORD}}@localhost/nova", "compute_driver": "baremetal.driver.BareMetalDriver", "tuning": { "ram_allocation_ratio": "1.0", @@ -33,7 +33,7 @@ }, "baremetal": { "arch": "amd64", - "db": "mysql://nova:unset@localhost/nova_bm", + "db": "mysql://nova:{{UNDERCLOUD_DB_PASSWORD}}@localhost/nova_bm", "power_manager": "{{POWER_DRIVER}}", "pxe_deploy_timeout": "2400", "use_file_injection": "False", @@ -46,20 +46,20 @@ } }, "metadata-proxy": "false", - "service-password": "unset" + "service-password": "{{UNDERCLOUD_NOVA_PASSWORD}}" }, "bootstack": { "public_interface_ip": "{{LOCAL_IP}}/24", "masquerade_networks": ["{{MASQUERADE_NETWORK}}"] }, "cinder": { - "db": "mysql://cinder:unset@localhost/cinder", + "db": "mysql://cinder:{{UNDERCLOUD_DB_PASSWORD}}@localhost/cinder", "volume_size_mb": "5000", - "service-password": "unset" + "service-password": "{{UNDERCLOUD_CINDER_PASSWORD}}" }, "neutron": { "host": "127.0.0.1", - "ovs_db": "mysql://neutron:unset@localhost/ovs_neutron?charset=utf8", + "ovs_db": "mysql://neutron:{{UNDERCLOUD_DB_PASSWORD}}@localhost/ovs_neutron?charset=utf8", "ovs": { "bridge_mappings": "ctlplane:br-ctlplane", "dnsmasq_range": ["192.0.2.4", "192.0.2.4"], @@ -70,27 +70,27 @@ "public_interface": "{{LOCAL_INTERFACE}}", "tenant_network_type": "vlan" }, - "service-password": "unset", + "service-password": "{{UNDERCLOUD_NEUTRON_PASSWORD}}", "dhcp_start": "{{DHCP_START}}", "dhcp_end": "{{DHCP_END}}", "network_cidr": "{{NETWORK_CIDR}}", "network_gateway": "{{NETWORK_GATEWAY}}" }, "heat": { - "db": "mysql://heat:unset@localhost/heat", + "db": "mysql://heat:{{UNDERCLOUD_DB_PASSWORD}}@localhost/heat", "auth_encryption_key": "unset___________", "watch_server_url": "http://{{LOCAL_IP}}:8003", "waitcondition_server_url": "http://{{LOCAL_IP}}:8000/v1/waitcondition", "metadata_server_url": "http://{{LOCAL_IP}}:8000", "admin_tenant_name": "service", "admin_user": "heat", - "admin_password": "unset" + "admin_password": "{{UNDERCLOUD_HEAT_PASSWORD}}" }, "horizon": { "secret_key": "unset___________" }, "tuskar": { - "db": "mysql://tuskar:unset@localhost/tuskar?charset=utf8", + "db": "mysql://tuskar:{{UNDERCLOUD_DB_PASSWORD}}@localhost/tuskar?charset=utf8", "heat_keystone": { "username": "admin", "password": "unset", diff --git a/elements/undercloud-stack-config/install.d/02-undercloud-stack-heat-metadata b/elements/undercloud-stack-config/install.d/02-undercloud-stack-heat-metadata index 172ddfd19..0877a9925 100755 --- a/elements/undercloud-stack-config/install.d/02-undercloud-stack-heat-metadata +++ b/elements/undercloud-stack-config/install.d/02-undercloud-stack-heat-metadata @@ -25,6 +25,13 @@ context = { 'DHCP_END': os.environ.get('DHCP_END', '192.0.2.24'), 'NETWORK_CIDR': os.environ.get('NETWORK_CIDR', '192.0.2.0/24'), 'NETWORK_GATEWAY': os.environ.get('NETWORK_GATEWAY', '192.0.2.1'), + 'UNDERCLOUD_DB_PASSWORD': os.environ.get('UNDERCLOUD_DB_PASSWORD', 'unset'), + 'UNDERCLOUD_ADMIN_TOKEN': os.environ.get('UNDERCLOUD_ADMIN_TOKEN', 'unset'), + 'UNDERCLOUD_ADMIN_PASSWORD': os.environ.get('UNDERCLOUD_ADMIN_PASSWORD', 'unset'), + 'UNDERCLOUD_GLANCE_PASSWORD': os.environ.get('UNDERCLOUD_GLANCE_PASSWORD', 'unset'), + 'UNDERCLOUD_HEAT_PASSWORD': os.environ.get('UNDERCLOUD_HEAT_PASSWORD', 'unset'), + 'UNDERCLOUD_NEUTRON_PASSWORD': os.environ.get('UNDERCLOUD_NEUTRON_PASSWORD', 'unset'), + 'UNDERCLOUD_NOVA_PASSWORD': os.environ.get('UNDERCLOUD_NOVA_PASSWORD', 'unset'), } if "SSH_KEY" in os.environ: diff --git a/elements/undercloud-stack-config/os-apply-config/root/tripleo-undercloud-passwords b/elements/undercloud-stack-config/os-apply-config/root/tripleo-undercloud-passwords new file mode 100644 index 000000000..364ef0c2f --- /dev/null +++ b/elements/undercloud-stack-config/os-apply-config/root/tripleo-undercloud-passwords @@ -0,0 +1,7 @@ +UNDERCLOUD_DB_PASSWORD={{db-password}} +UNDERCLOUD_ADMIN_TOKEN={{admin-token}} +UNDERCLOUD_ADMIN_PASSWORD={{admin-password}} +UNDERCLOUD_GLANCE_PASSWORD={{glance.service-password}} +UNDERCLOUD_HEAT_PASSWORD={{heat.admin_password}} +UNDERCLOUD_NEUTRON_PASSWORD={{neutron.service-password}} +UNDERCLOUD_NOVA_PASSWORD={{nova.service-password}} diff --git a/elements/undercloud-stack-config/os-refresh-config/post-configure.d/98-undercloud-setup b/elements/undercloud-stack-config/os-refresh-config/post-configure.d/98-undercloud-setup index 685c7a610..0aac942b1 100755 --- a/elements/undercloud-stack-config/os-refresh-config/post-configure.d/98-undercloud-setup +++ b/elements/undercloud-stack-config/os-refresh-config/post-configure.d/98-undercloud-setup @@ -8,6 +8,7 @@ if [ -f $OK_FILE ]; then exit fi +source /root/tripleo-undercloud-passwords source /root/stackrc # Add scripts directory from tripleo-incubator to the path. @@ -46,15 +47,15 @@ sleep 20 export UNDERCLOUD_IP=$(os-apply-config --key local-ipv4 --type netaddress) -tripleo init-keystone -p unset unset \ +tripleo init-keystone -p $UNDERCLOUD_ADMIN_PASSWORD $UNDERCLOUD_ADMIN_TOKEN \ $UNDERCLOUD_IP admin@example.com root@$UNDERCLOUD_IP tripleo setup-endpoints \ $UNDERCLOUD_IP \ - --glance-password unset \ - --heat-password unset \ - --neutron-password unset \ - --nova-password unset + --glance-password $UNDERCLOUD_GLANCE_PASSWORD \ + --heat-password $UNDERCLOUD_HEAT_PASSWORD \ + --neutron-password $UNDERCLOUD_NEUTRON_PASSWORD \ + --nova-password $UNDERCLOUD_NOVA_PASSWORD keystone role-create --name heat_stack_user diff --git a/instack-baremetal.answers.sample b/instack-baremetal.answers.sample index a842de5a0..a377dd109 100644 --- a/instack-baremetal.answers.sample +++ b/instack-baremetal.answers.sample @@ -38,3 +38,43 @@ NETWORK_CIDR=172.17.0.0/16 ### NETWORK_GATEWAY ### # Network gateway for neturon managed network for Overcloud instances NETWORK_GATEWAY=172.17.0.1 + +### Database password ### +# Password used for MySQL databases +# If left unset, one will be automatically generated +UNDERCLOUD_DB_PASSWORD= + +### Admin Token ### +# Keystone admin token +# If left unset, one will be automatically generated +UNDERCLOUD_ADMIN_TOKEN= + +### Admin password ### +# Keystone admin password +# If left unset, one will be automatically generated +UNDERCLOUD_ADMIN_PASSWORD= + +### Glance password ### +# Glance service password +# If left unset, one will be automatically generated +UNDERCLOUD_GLANCE_PASSWORD= + +### Heat password ### +# Heat service password +# If left unset, one will be automatically generated +UNDERCLOUD_HEAT_PASSWORD= + +### Neutron password ### +# Neutron service password +# If left unset, one will be automatically generated +UNDERCLOUD_NEUTRON_PASSWORD= + +### Nova password ### +# Nova service password +# If left unset, one will be automatically generated +UNDERCLOUD_NOVA_PASSWORD= + +### Ironic password ### +# Ironic service password +# If left unset, one will be automatically generated +UNDERCLOUD_IRONIC_PASSWORD= diff --git a/instack-virt.answers.sample b/instack-virt.answers.sample index 753db2cad..4a24fed3b 100644 --- a/instack-virt.answers.sample +++ b/instack-virt.answers.sample @@ -58,3 +58,43 @@ NETWORK_CIDR=192.0.2.0/24 ### NETWORK_GATEWAY ### # Network gateway for neturon managed network for Overcloud instances NETWORK_GATEWAY=192.0.2.1 + +### Database password ### +# Password used for MySQL databases +# If left unset, one will be automatically generated +UNDERCLOUD_DB_PASSWORD= + +### Admin Token ### +# Keystone admin token +# If left unset, one will be automatically generated +UNDERCLOUD_ADMIN_TOKEN= + +### Admin password ### +# Keystone admin password +# If left unset, one will be automatically generated +UNDERCLOUD_ADMIN_PASSWORD= + +### Glance password ### +# Glance service password +# If left unset, one will be automatically generated +UNDERCLOUD_GLANCE_PASSWORD= + +### Heat password ### +# Heat service password +# If left unset, one will be automatically generated +UNDERCLOUD_HEAT_PASSWORD= + +### Neutron password ### +# Neutron service password +# If left unset, one will be automatically generated +UNDERCLOUD_NEUTRON_PASSWORD= + +### Nova password ### +# Nova service password +# If left unset, one will be automatically generated +UNDERCLOUD_NOVA_PASSWORD= + +### Ironic password ### +# Ironic service password +# If left unset, one will be automatically generated +UNDERCLOUD_IRONIC_PASSWORD= diff --git a/scripts/instack-deploy-overcloud b/scripts/instack-deploy-overcloud index 1645f96a6..7156d3403 100755 --- a/scripts/instack-deploy-overcloud +++ b/scripts/instack-deploy-overcloud @@ -2,7 +2,11 @@ set -eux -source /etc/sysconfig/stackrc +OS_AUTH_URL=${OS_AUTH_URL:-""} +if [ -z "$OS_AUTH_URL" ]; then + echo "You must source a stackrc file for the Undercloud." + exit 1 +fi # setup-baremetal requires this to be set export TRIPLEO_ROOT=. diff --git a/scripts/instack-deploy-overcloud-tuskarcli b/scripts/instack-deploy-overcloud-tuskarcli index a230d03ef..485ccfbb8 100755 --- a/scripts/instack-deploy-overcloud-tuskarcli +++ b/scripts/instack-deploy-overcloud-tuskarcli @@ -2,7 +2,11 @@ set -eux -source /etc/sysconfig/stackrc +OS_AUTH_URL=${OS_AUTH_URL:-""} +if [ -z "$OS_AUTH_URL" ]; then + echo "You must source a stackrc file for the Undercloud." + exit 1 +fi # setup-baremetal requires this to be set export TRIPLEO_ROOT=. diff --git a/scripts/instack-install-undercloud b/scripts/instack-install-undercloud index aafa6dcce..b3692cb86 100755 --- a/scripts/instack-install-undercloud +++ b/scripts/instack-install-undercloud @@ -58,6 +58,15 @@ export NETWORK_CIDR export NETWORK_GATEWAY export SSH_KEY +export UNDERCLOUD_DB_PASSWORD=${UNDERCLOUD_DB_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_ADMIN_TOKEN=${UNDERCLOUD_ADMIN_TOKEN:-$(tripleo os-make-password)} +export UNDERCLOUD_ADMIN_PASSWORD=${UNDERCLOUD_ADMIN_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_GLANCE_PASSWORD=${UNDERCLOUD_GLANCE_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_HEAT_PASSWORD=${UNDERCLOUD_HEAT_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_NEUTRON_PASSWORD=${UNDERCLOUD_NEUTRON_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_NOVA_PASSWORD=${UNDERCLOUD_NOVA_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_IRONIC_PASSWORD=${UNDERCLOUD_IRONIC_PASSWORD:-$(tripleo os-make-password)} + sudo -E instack \ -p /usr/share/diskimage-builder/elements/ \ /usr/share/tripleo-image-elements/ \ diff --git a/scripts/instack-install-undercloud-packages b/scripts/instack-install-undercloud-packages index ba9997b20..73d86d382 100755 --- a/scripts/instack-install-undercloud-packages +++ b/scripts/instack-install-undercloud-packages @@ -51,6 +51,15 @@ export NETWORK_CIDR export NETWORK_GATEWAY export SSH_KEY +export UNDERCLOUD_DB_PASSWORD=${UNDERCLOUD_DB_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_ADMIN_TOKEN=${UNDERCLOUD_ADMIN_TOKEN:-$(tripleo os-make-password)} +export UNDERCLOUD_ADMIN_PASSWORD=${UNDERCLOUD_ADMIN_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_GLANCE_PASSWORD=${UNDERCLOUD_GLANCE_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_HEAT_PASSWORD=${UNDERCLOUD_HEAT_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_NEUTRON_PASSWORD=${UNDERCLOUD_NEUTRON_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_NOVA_PASSWORD=${UNDERCLOUD_NOVA_PASSWORD:-$(tripleo os-make-password)} +export UNDERCLOUD_IRONIC_PASSWORD=${UNDERCLOUD_IRONIC_PASSWORD:-$(tripleo os-make-password)} + sudo -E instack \ -p /usr/share/diskimage-builder/elements/ \ /usr/share/tripleo-image-elements/ \ diff --git a/scripts/instack-prepare-for-overcloud b/scripts/instack-prepare-for-overcloud index b1b32827f..62b053f23 100755 --- a/scripts/instack-prepare-for-overcloud +++ b/scripts/instack-prepare-for-overcloud @@ -2,7 +2,11 @@ set -eux -source /etc/sysconfig/stackrc +OS_AUTH_URL=${OS_AUTH_URL:-""} +if [ -z "$OS_AUTH_URL" ]; then + echo "You must source a stackrc file for the Undercloud." + exit 1 +fi # generate ssh authentication keys if they don't exist if [ ! -f ~/.ssh/id_rsa ]; then diff --git a/scripts/instack-test-overcloud b/scripts/instack-test-overcloud index f6e06dc7e..992eefe64 100755 --- a/scripts/instack-test-overcloud +++ b/scripts/instack-test-overcloud @@ -11,7 +11,11 @@ else TRIPLEO_ROOT=/opt/stack/tripleo-incubator fi -source /etc/sysconfig/stackrc +OS_AUTH_URL=${OS_AUTH_URL:-""} +if [ -z "$OS_AUTH_URL" ]; then + echo "You must source a stackrc file for the Undercloud." + exit 1 +fi source tripleo-overcloud-passwords