Support creating users via configdrive

Change-Id: I93259ccd98d4153f1ed370541e2208124ddb0ca1
This commit is contained in:
Dmitry Tantsur 2018-06-28 16:25:39 +02:00
parent 6030b02bb3
commit e2085dc026
6 changed files with 200 additions and 0 deletions

View File

@ -53,6 +53,8 @@ def _do_deploy(api, args, formatter):
raise RuntimeError("%s cannot be used as a hostname" % args.hostname) raise RuntimeError("%s cannot be used as a hostname" % args.hostname)
config = _config.InstanceConfig(ssh_keys=ssh_keys) config = _config.InstanceConfig(ssh_keys=ssh_keys)
if args.user_name:
config.add_user(args.user_name, sudo=args.passwordless_sudo)
node = api.reserve_node(args.resource_class, capabilities=capabilities) node = api.reserve_node(args.resource_class, capabilities=capabilities)
instance = api.provision_node(node, instance = api.provision_node(node,
@ -124,6 +126,9 @@ def _parse_args(args, config):
'Node\'s name or UUID') 'Node\'s name or UUID')
deploy.add_argument('--resource-class', required=True, deploy.add_argument('--resource-class', required=True,
help='node resource class to deploy') help='node resource class to deploy')
deploy.add_argument('--user-name', help='Name of the admin user to create')
deploy.add_argument('--passwordless-sudo', action='store_true',
help='allow password-less sudo for the user')
undeploy = subparsers.add_parser('undeploy') undeploy = subparsers.add_parser('undeploy')
undeploy.set_defaults(func=_do_undeploy) undeploy.set_defaults(func=_do_undeploy)

View File

@ -27,10 +27,34 @@ class InstanceConfig(object):
to the instance's first boot script (e.g. cloud-init). to the instance's first boot script (e.g. cloud-init).
:ivar ssh_keys: List of SSH public keys. :ivar ssh_keys: List of SSH public keys.
:ivar users: Users to add on first boot.
""" """
def __init__(self, ssh_keys=None): def __init__(self, ssh_keys=None):
self.ssh_keys = ssh_keys or [] self.ssh_keys = ssh_keys or []
self.users = []
def add_user(self, name, admin=True, password_hash=None, sudo=False,
**kwargs):
"""Add a user to be created on first boot.
:param name: user name.
:param admin: whether to add the user to the admin group (wheel).
:param password_hash: user password hash, if password authentication
is expected.
:param sudo: whether to allow the user sudo without password.
:param kwargs: other arguments to pass.
"""
kwargs['name'] = name
if admin:
kwargs.setdefault('groups', []).append('wheel')
if password_hash:
kwargs['passwd'] = password_hash
if sudo:
kwargs['sudo'] = 'ALL=(ALL) NOPASSWD:ALL'
if self.ssh_keys:
kwargs.setdefault('ssh_authorized_keys', self.ssh_keys)
self.users.append(kwargs)
@contextlib.contextmanager @contextlib.contextmanager
def build_configdrive_directory(self, node, hostname): def build_configdrive_directory(self, node, hostname):
@ -50,6 +74,10 @@ class InstanceConfig(object):
'availability_zone': '', 'availability_zone': '',
'files': [], 'files': [],
'meta': {}} 'meta': {}}
user_data = {}
if self.users:
user_data['users'] = self.users
for version in ('2012-08-10', 'latest'): for version in ('2012-08-10', 'latest'):
subdir = os.path.join(d, 'openstack', version) subdir = os.path.join(d, 'openstack', version)
if not os.path.exists(subdir): if not os.path.exists(subdir):
@ -58,6 +86,11 @@ class InstanceConfig(object):
with open(os.path.join(subdir, 'meta_data.json'), 'w') as fp: with open(os.path.join(subdir, 'meta_data.json'), 'w') as fp:
json.dump(metadata, fp) json.dump(metadata, fp)
if user_data:
with open(os.path.join(subdir, 'user_data'), 'w') as fp:
fp.write("#cloud-config\n")
json.dump(user_data, fp)
yield d yield d
finally: finally:
shutil.rmtree(d) shutil.rmtree(d)

View File

@ -22,6 +22,7 @@ import six
import testtools import testtools
from metalsmith import _cmd from metalsmith import _cmd
from metalsmith import _config
from metalsmith import _instance from metalsmith import _instance
from metalsmith import _provisioner from metalsmith import _provisioner
@ -409,6 +410,58 @@ class TestDeploy(testtools.TestCase):
config = mock_pr.return_value.provision_node.call_args[1]['config'] config = mock_pr.return_value.provision_node.call_args[1]['config']
self.assertEqual(['foo'], config.ssh_keys) self.assertEqual(['foo'], config.ssh_keys)
@mock.patch.object(_config.InstanceConfig, 'add_user', autospec=True)
def test_args_user_name(self, mock_add_user, mock_os_conf, mock_pr):
args = ['deploy', '--network', 'mynet', '--image', 'myimg',
'--user-name', 'banana', '--resource-class', 'compute']
_cmd.main(args)
mock_pr.assert_called_once_with(
cloud_region=mock_os_conf.return_value.get_one.return_value,
dry_run=False)
mock_pr.return_value.reserve_node.assert_called_once_with(
resource_class='compute',
capabilities={}
)
mock_pr.return_value.provision_node.assert_called_once_with(
mock_pr.return_value.reserve_node.return_value,
image='myimg',
nics=[{'network': 'mynet'}],
root_disk_size=None,
config=mock.ANY,
hostname=None,
netboot=False,
wait=1800)
config = mock_pr.return_value.provision_node.call_args[1]['config']
self.assertEqual([], config.ssh_keys)
mock_add_user.assert_called_once_with(config, 'banana', sudo=False)
@mock.patch.object(_config.InstanceConfig, 'add_user', autospec=True)
def test_args_user_name_with_sudo(self, mock_add_user, mock_os_conf,
mock_pr):
args = ['deploy', '--network', 'mynet', '--image', 'myimg',
'--user-name', 'banana', '--resource-class', 'compute',
'--passwordless-sudo']
_cmd.main(args)
mock_pr.assert_called_once_with(
cloud_region=mock_os_conf.return_value.get_one.return_value,
dry_run=False)
mock_pr.return_value.reserve_node.assert_called_once_with(
resource_class='compute',
capabilities={}
)
mock_pr.return_value.provision_node.assert_called_once_with(
mock_pr.return_value.reserve_node.return_value,
image='myimg',
nics=[{'network': 'mynet'}],
root_disk_size=None,
config=mock.ANY,
hostname=None,
netboot=False,
wait=1800)
config = mock_pr.return_value.provision_node.call_args[1]['config']
self.assertEqual([], config.ssh_keys)
mock_add_user.assert_called_once_with(config, 'banana', sudo=True)
def test_args_port(self, mock_os_conf, mock_pr): def test_args_port(self, mock_os_conf, mock_pr):
args = ['deploy', '--port', 'myport', '--image', 'myimg', args = ['deploy', '--port', 'myport', '--image', 'myimg',
'--resource-class', 'compute'] '--resource-class', 'compute']

View File

@ -0,0 +1,104 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import json
import os
import mock
import testtools
from metalsmith import _config
class TestInstanceConfig(testtools.TestCase):
def setUp(self):
super(TestInstanceConfig, self).setUp()
self.node = mock.Mock(uuid='1234')
self.node.name = 'node name'
def _check(self, config, expected_metadata, expected_userdata=None):
expected_m = {'public_keys': [],
'uuid': '1234',
'name': 'node name',
'hostname': 'example.com',
'launch_index': 0,
'availability_zone': '',
'files': [],
'meta': {}}
expected_m.update(expected_metadata)
with config.build_configdrive_directory(self.node, 'example.com') as d:
for version in ('2012-08-10', 'latest'):
with open(os.path.join(d, 'openstack', version,
'meta_data.json')) as fp:
metadata = json.load(fp)
self.assertEqual(expected_m, metadata)
user_data = os.path.join(d, 'openstack', version, 'user_data')
if expected_userdata is None:
self.assertFalse(os.path.exists(user_data))
else:
with open(user_data) as fp:
lines = list(fp)
self.assertEqual('#cloud-config\n', lines[0])
user_data = json.loads(''.join(lines[1:]))
self.assertEqual(expected_userdata, user_data)
self.assertFalse(os.path.exists(d))
def test_default(self):
config = _config.InstanceConfig()
self._check(config, {})
def test_ssh_keys(self):
config = _config.InstanceConfig(ssh_keys=['abc', 'def'])
self._check(config, {'public_keys': ['abc', 'def']})
def test_add_user(self):
config = _config.InstanceConfig()
config.add_user('admin')
self._check(config, {},
{'users': [{'name': 'admin',
'groups': ['wheel']}]})
def test_add_user_admin(self):
config = _config.InstanceConfig()
config.add_user('admin', admin=False)
self._check(config, {},
{'users': [{'name': 'admin'}]})
def test_add_user_sudo(self):
config = _config.InstanceConfig()
config.add_user('admin', sudo=True)
self._check(config, {},
{'users': [{'name': 'admin',
'groups': ['wheel'],
'sudo': 'ALL=(ALL) NOPASSWD:ALL'}]})
def test_add_user_passwd(self):
config = _config.InstanceConfig()
config.add_user('admin', password_hash='123')
self._check(config, {},
{'users': [{'name': 'admin',
'groups': ['wheel'],
'passwd': '123'}]})
def test_add_user_with_keys(self):
config = _config.InstanceConfig(ssh_keys=['abc', 'def'])
config.add_user('admin')
self._check(config, {'public_keys': ['abc', 'def']},
{'users': [{'name': 'admin',
'groups': ['wheel'],
'ssh_authorized_keys': ['abc', 'def']}]})

View File

@ -5,3 +5,4 @@ metalsmith_netboot: false
metalsmith_nics: [] metalsmith_nics: []
metalsmith_root_size: metalsmith_root_size:
metalsmith_ssh_public_keys: [] metalsmith_ssh_public_keys: []
metalsmith_user_name: metalsmith

View File

@ -22,6 +22,9 @@
{% if netboot %} {% if netboot %}
--netboot --netboot
{% endif %} {% endif %}
{% if user_name %}
--user-name {{ user_name }}
{% endif %}
--resource-class {{ resource_class }} --resource-class {{ resource_class }}
when: state == 'present' when: state == 'present'
vars: vars:
@ -34,6 +37,7 @@
root_size: "{{ instance.root_size | default(metalsmith_root_size) }}" root_size: "{{ instance.root_size | default(metalsmith_root_size) }}"
ssh_public_keys: "{{ instance.ssh_public_keys | default(metalsmith_ssh_public_keys) }}" ssh_public_keys: "{{ instance.ssh_public_keys | default(metalsmith_ssh_public_keys) }}"
state: "{{ instance.state | default('present') }}" state: "{{ instance.state | default('present') }}"
user_name: "{{ instance.user_name | default(metalsmith_user_name) }}"
with_items: "{{ metalsmith_instances }}" with_items: "{{ metalsmith_instances }}"
loop_control: loop_control:
label: "{{ instance.hostname or instance }}" label: "{{ instance.hostname or instance }}"