diff --git a/contrib/drivers/dcos_centos_v1/templates/dcoscluster.yaml b/contrib/drivers/dcos_centos_v1/templates/dcoscluster.yaml index a521822d7e..2df112f16a 100644 --- a/contrib/drivers/dcos_centos_v1/templates/dcoscluster.yaml +++ b/contrib/drivers/dcos_centos_v1/templates/dcoscluster.yaml @@ -46,6 +46,11 @@ parameters: type: string description: name of ssh key to be provisioned on our server + ssh_public_key: + type: string + description: The public ssh key to add in all nodes + default: "" + external_network: type: string description: uuid/name of a network to use for floating ip addresses diff --git a/magnum/common/nova.py b/magnum/common/nova.py new file mode 100644 index 0000000000..d3d379251f --- /dev/null +++ b/magnum/common/nova.py @@ -0,0 +1,34 @@ +# Copyright 2019 Catalyst Cloud Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from oslo_config import cfg +from oslo_log import log as logging + +from magnum.common import clients +from novaclient import exceptions as nova_exception + +LOG = logging.getLogger(__name__) +CONF = cfg.CONF + + +def get_ssh_key(context, keypair_ident): + try: + n_client = clients.OpenStackClients(context).nova() + keypair = n_client.keypairs.get(keypair_ident) + # no spaces or break lines at the end, single line string + return keypair.public_key.strip() + except nova_exception.NotFound: + # we don't have a way to tell if the keypair doesn't + # exist or the cluster is already creted + return "" diff --git a/magnum/drivers/heat/template_def.py b/magnum/drivers/heat/template_def.py index acd3d220a9..c9954aaede 100755 --- a/magnum/drivers/heat/template_def.py +++ b/magnum/drivers/heat/template_def.py @@ -23,6 +23,7 @@ import six from magnum.common import clients from magnum.common import exception from magnum.common import keystone +from magnum.common import nova from magnum.common import utils import magnum.conf @@ -370,6 +371,9 @@ class BaseTemplateDefinition(TemplateDefinition): extra_params['trustee_password'] = cluster.trustee_password extra_params['verify_ca'] = CONF.drivers.verify_ca extra_params['openstack_ca'] = utils.get_openstack_ca() + ssh_public_key = nova.get_ssh_key(context, cluster.keypair) + if ssh_public_key != "": + extra_params['ssh_public_key'] = ssh_public_key # Only pass trust ID into the template if allowed by the config file if CONF.trust.cluster_user_trust: diff --git a/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml index 12349ca83b..834b304079 100644 --- a/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml @@ -16,6 +16,11 @@ parameters: description: name of ssh key to be provisioned on our server default: "" + ssh_public_key: + type: string + description: The public ssh key to add in all nodes + default: "" + external_network: type: string description: uuid/name of a network to use for floating ip addresses diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml index 616da76c09..dc1703ce45 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml @@ -53,6 +53,11 @@ parameters: description: name of ssh key to be provisioned on our server default: "" + ssh_public_key: + type: string + description: The public ssh key to add in all nodes + default: "" + external_network: type: string description: uuid of a network to use for floating ip addresses diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml index 19bf693966..84acdf8cea 100644 --- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml @@ -12,6 +12,11 @@ parameters: description: name of ssh key to be provisioned on our server default: "" + ssh_public_key: + type: string + description: The public ssh key to add in all nodes + default: "" + external_network: type: string description: uuid/name of a network to use for floating ip addresses diff --git a/magnum/drivers/mesos_ubuntu_v1/templates/mesoscluster.yaml b/magnum/drivers/mesos_ubuntu_v1/templates/mesoscluster.yaml index b7b20cf172..0a6ee8e90d 100644 --- a/magnum/drivers/mesos_ubuntu_v1/templates/mesoscluster.yaml +++ b/magnum/drivers/mesos_ubuntu_v1/templates/mesoscluster.yaml @@ -13,6 +13,11 @@ parameters: description: name of ssh key to be provisioned on our server default: "" + ssh_public_key: + type: string + description: The public ssh key to add in all nodes + default: "" + external_network: type: string description: uuid/name of a network to use for floating ip addresses diff --git a/magnum/drivers/swarm_fedora_atomic_v1/templates/cluster.yaml b/magnum/drivers/swarm_fedora_atomic_v1/templates/cluster.yaml index 6b5bbee0d2..1db66e3bef 100644 --- a/magnum/drivers/swarm_fedora_atomic_v1/templates/cluster.yaml +++ b/magnum/drivers/swarm_fedora_atomic_v1/templates/cluster.yaml @@ -18,6 +18,11 @@ parameters: description: name of ssh key to be provisioned on our server default: "" + ssh_public_key: + type: string + description: The public ssh key to add in all nodes + default: "" + external_network: type: string description: uuid/name of a network to use for floating ip addresses diff --git a/magnum/drivers/swarm_fedora_atomic_v2/templates/swarmcluster.yaml b/magnum/drivers/swarm_fedora_atomic_v2/templates/swarmcluster.yaml index 9cb2a6d3a1..82394cd870 100644 --- a/magnum/drivers/swarm_fedora_atomic_v2/templates/swarmcluster.yaml +++ b/magnum/drivers/swarm_fedora_atomic_v2/templates/swarmcluster.yaml @@ -18,6 +18,11 @@ parameters: description: name of ssh key to be provisioned on our server default: "" + ssh_public_key: + type: string + description: The public ssh key to add in all nodes + default: "" + external_network: type: string description: uuid/name of a network to use for floating ip addresses diff --git a/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py b/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py index d0535909aa..90222e625f 100644 --- a/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py +++ b/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py @@ -162,6 +162,13 @@ class TestClusterConductorWithK8s(base.TestCase): self.mock_osc_class = osc_patcher.start() self.addCleanup(osc_patcher.stop) self.mock_osc = mock.MagicMock() + + mock_keypair = mock.MagicMock() + mock_keypair.public_key = 'ssh-rsa AAAAB3Nz' + self.mock_nova = mock.MagicMock() + self.mock_nova.keypairs.get.return_value = mock_keypair + self.mock_osc.nova.return_value = self.mock_nova + self.mock_osc.url_for.return_value = 'http://192.168.10.10:5000/v3' self.mock_osc.magnum_url.return_value = 'http://127.0.0.1:9511/v1' self.mock_osc.cinder_region_name.return_value = 'RegionOne' @@ -338,6 +345,7 @@ class TestClusterConductorWithK8s(base.TestCase): 'kube_version': 'fake-version', 'verify_ca': True, 'openstack_ca': '', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', "nodes_affinity_policy": "soft-anti-affinity", 'availability_zone': 'az_1', 'cert_manager_api': 'False', @@ -485,6 +493,7 @@ class TestClusterConductorWithK8s(base.TestCase): 'kube_version': 'fake-version', 'verify_ca': True, 'openstack_ca': '', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', "nodes_affinity_policy": "soft-anti-affinity", 'availability_zone': 'az_1', 'cert_manager_api': 'False', @@ -615,6 +624,7 @@ class TestClusterConductorWithK8s(base.TestCase): 'username': 'fake_user', 'verify_ca': True, 'openstack_ca': '', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', "nodes_affinity_policy": "soft-anti-affinity", 'availability_zone': 'az_1', 'cert_manager_api': 'False', @@ -733,6 +743,7 @@ class TestClusterConductorWithK8s(base.TestCase): 'kube_version': 'fake-version', 'verify_ca': True, 'openstack_ca': '', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'openstack_ca_coreos': '', 'cert_manager_api': 'False', 'ingress_controller': 'i-controller', @@ -839,6 +850,7 @@ class TestClusterConductorWithK8s(base.TestCase): 'kube_version': 'fake-version', 'verify_ca': True, 'openstack_ca': '', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'openstack_ca_coreos': '', 'cert_manager_api': 'False', 'ingress_controller': 'i-controller', @@ -1057,6 +1069,7 @@ class TestClusterConductorWithK8s(base.TestCase): 'kube_version': 'fake-version', 'verify_ca': True, 'openstack_ca': '', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', "nodes_affinity_policy": "soft-anti-affinity", 'availability_zone': 'az_1', 'cert_manager_api': 'False', diff --git a/magnum/tests/unit/conductor/handlers/test_mesos_cluster_conductor.py b/magnum/tests/unit/conductor/handlers/test_mesos_cluster_conductor.py index 9a8bcfbdab..77e46e764c 100644 --- a/magnum/tests/unit/conductor/handlers/test_mesos_cluster_conductor.py +++ b/magnum/tests/unit/conductor/handlers/test_mesos_cluster_conductor.py @@ -116,6 +116,13 @@ class TestClusterConductorWithMesos(base.TestCase): self.addCleanup(osc_patcher.stop) self.mock_osc = mock.MagicMock() self.mock_osc.cinder_region_name.return_value = 'RegionOne' + + mock_keypair = mock.MagicMock() + mock_keypair.public_key = 'ssh-rsa AAAAB3Nz' + self.mock_nova = mock.MagicMock() + self.mock_nova.keypairs.get.return_value = mock_keypair + self.mock_osc.nova.return_value = self.mock_nova + self.mock_keystone = mock.MagicMock() self.mock_keystone.trustee_domain_id = 'trustee_domain_id' self.mock_osc.keystone.return_value = self.mock_keystone @@ -147,6 +154,7 @@ class TestClusterConductorWithMesos(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'fixed_network': 'fixed_network', 'fixed_subnet': 'fixed_subnet', @@ -222,6 +230,7 @@ class TestClusterConductorWithMesos(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'number_of_slaves': 1, 'number_of_masters': 1, @@ -284,6 +293,7 @@ class TestClusterConductorWithMesos(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'fixed_network': 'fixed_network', 'fixed_subnet': 'fixed_subnet', @@ -359,6 +369,7 @@ class TestClusterConductorWithMesos(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'fixed_network': 'fixed_network', 'fixed_subnet': 'fixed_subnet', @@ -432,6 +443,7 @@ class TestClusterConductorWithMesos(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'fixed_network': 'fixed_network', 'fixed_subnet': 'fixed_subnet', diff --git a/magnum/tests/unit/conductor/handlers/test_swarm_cluster_conductor.py b/magnum/tests/unit/conductor/handlers/test_swarm_cluster_conductor.py index bcdbf9e7f9..241a79145a 100644 --- a/magnum/tests/unit/conductor/handlers/test_swarm_cluster_conductor.py +++ b/magnum/tests/unit/conductor/handlers/test_swarm_cluster_conductor.py @@ -130,6 +130,13 @@ class TestClusterConductorWithSwarm(base.TestCase): self.mock_osc = mock.MagicMock() self.mock_osc.magnum_url.return_value = 'http://127.0.0.1:9511/v1' self.mock_osc.url_for.return_value = 'http://192.168.10.10:5000/v3' + + mock_keypair = mock.MagicMock() + mock_keypair.public_key = 'ssh-rsa AAAAB3Nz' + self.mock_nova = mock.MagicMock() + self.mock_nova.keypairs.get.return_value = mock_keypair + self.mock_osc.nova.return_value = self.mock_nova + self.mock_keystone = mock.MagicMock() self.mock_keystone.trustee_domain_id = 'trustee_domain_id' self.mock_osc.keystone.return_value = self.mock_keystone @@ -167,6 +174,7 @@ class TestClusterConductorWithSwarm(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'fixed_network': 'fixed_network', 'fixed_subnet': 'fixed_subnet', @@ -251,6 +259,7 @@ class TestClusterConductorWithSwarm(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'fixed_network': 'fixed_network', 'fixed_subnet': 'fixed_subnet', @@ -345,6 +354,7 @@ class TestClusterConductorWithSwarm(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'number_of_masters': 1, 'number_of_nodes': 1, @@ -418,6 +428,7 @@ class TestClusterConductorWithSwarm(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'fixed_network': 'fixed_network', 'fixed_subnet': 'fixed_subnet', @@ -506,6 +517,7 @@ class TestClusterConductorWithSwarm(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'fixed_network': 'fixed_network', 'fixed_subnet': 'fixed_subnet', @@ -592,6 +604,7 @@ class TestClusterConductorWithSwarm(base.TestCase): expected = { 'ssh_key_name': 'keypair_id', + 'ssh_public_key': 'ssh-rsa AAAAB3Nz', 'external_network': 'external_network_id', 'fixed_network': 'fixed_network', 'fixed_subnet': 'fixed_subnet',