Browse Source

Use correct default key file and normalize the usage

The provision command was defaulting to id_rsa.pub, however the deploy
command uses id_rsa_tripleo for initial setup.

When using the deploy command for provision as well, use the public
key, not the private id_rsa_tripleo.

This option was being processed in several different ways, this change
normalize it by creating a single function in the Command class, which
all inheriting methods will consume. Tests have been updated to
accomodate this change.

Related-Bug: #1863920
Change-Id: I221480f3cfc77545a8fcbef777829239c3bad0a0
Signed-off-by: Kevin Carter <kecarter@redhat.com>
changes/81/708781/7
Kevin Carter 1 year ago
parent
commit
af749d1a6a
No known key found for this signature in database GPG Key ID: CE94BD890A47B20A
  1. 23
      tripleoclient/command.py
  2. 4
      tripleoclient/tests/fakes.py
  3. 3
      tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py
  4. 2
      tripleoclient/tests/v1/overcloud_ffwd_upgrade/test_overcloud_ffwd_upgrade.py
  5. 2
      tripleoclient/tests/v1/overcloud_node/test_overcloud_node.py
  6. 2
      tripleoclient/tests/v1/overcloud_upgrade/test_overcloud_upgrade.py
  7. 2
      tripleoclient/tests/v1/test_overcloud_admin.py
  8. 6
      tripleoclient/tests/v1/test_plugin.py
  9. 18
      tripleoclient/utils.py
  10. 9
      tripleoclient/v1/overcloud_admin.py
  11. 17
      tripleoclient/v1/overcloud_deploy.py
  12. 2
      tripleoclient/v1/overcloud_ffwd_upgrade.py
  13. 17
      tripleoclient/v1/overcloud_node.py
  14. 2
      tripleoclient/v1/overcloud_upgrade.py

23
tripleoclient/command.py

@ -70,6 +70,29 @@ class Command(command.Command):
key = '.ssh/tripleo-admin-rsa'
return key, None
def get_key_pair(self, parsed_args):
"""Autodetect or return a user defined key file.
:param parsed_args: An argparse object.
:type parsed_args: Object
:returns: String
"""
if not parsed_args.overcloud_ssh_key:
key = utils.get_key(
stack=parsed_args.stack,
needs_pair=True
)
if not key:
raise oscexc.CommandError(
'No key pair found, set the ssh key using'
'the --overcloud-ssh-key switch.'
)
return key
else:
return parsed_args.overcloud_ssh_key
class Lister(Command, command.Lister):
pass

4
tripleoclient/tests/fakes.py

@ -194,6 +194,10 @@ class FakePlaybookExecution(utils.TestCommand):
)
self.config_action.start()
self.addCleanup(self.config_action.stop)
get_key = mock.patch('tripleoclient.utils.get_key')
get_key.start()
get_key.return_value = 'keyfile-path'
self.addCleanup(get_key.stop)
if ansible_mock:
get_stack = mock.patch('tripleoclient.utils.get_stack')

3
tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py

@ -1580,6 +1580,9 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
with open(ssh_key_path, 'w') as temp_file:
temp_file.write('sekrit')
with open('{}.pub'.format(ssh_key_path), 'w') as f:
f.write('sekrit')
arglist = [
'--baremetal-deployment', bm_deploy_path,
'--overcloud-ssh-key', ssh_key_path

2
tripleoclient/tests/v1/overcloud_ffwd_upgrade/test_overcloud_ffwd_upgrade.py

@ -100,7 +100,7 @@ class TestFFWDUpgradePrepare(fakes.TestFFWDUpgradePrepare):
mock_stack,
parsed_args.overcloud_ssh_network,
parsed_args.overcloud_ssh_user,
parsed_args.overcloud_ssh_key,
mock.ANY,
parsed_args.overcloud_ssh_port_timeout
)
mock_overcloud_deploy.assert_called_once_with(parsed_args)

2
tripleoclient/tests/v1/overcloud_node/test_overcloud_node.py

@ -1290,6 +1290,8 @@ class TestProvisionNode(fakes.TestOvercloudNode):
inp.flush()
keyf.write(b'I am a key')
keyf.flush()
with open('{}.pub'.format(keyf.name), 'w') as f:
f.write('I am a key')
argslist = ['--output', outp.name,
'--overcloud-ssh-key', keyf.name,

2
tripleoclient/tests/v1/overcloud_upgrade/test_overcloud_upgrade.py

@ -105,7 +105,7 @@ class TestOvercloudUpgradePrepare(fakes.TestOvercloudUpgradePrepare):
mock_stack,
parsed_args.overcloud_ssh_network,
parsed_args.overcloud_ssh_user,
parsed_args.overcloud_ssh_key,
mock.ANY,
parsed_args.overcloud_ssh_port_timeout
)

2
tripleoclient/tests/v1/test_overcloud_admin.py

@ -37,6 +37,6 @@ class TestAdminAuthorize(test_plugin.TestPluginV1):
mock_stack,
parsed_args.overcloud_ssh_network,
parsed_args.overcloud_ssh_user,
parsed_args.overcloud_ssh_key,
mock.ANY,
parsed_args.overcloud_ssh_port_timeout
)

6
tripleoclient/tests/v1/test_plugin.py

@ -13,6 +13,8 @@
# under the License.
#
import mock
from tripleoclient.tests import base
from tripleoclient.tests import fakes
@ -35,3 +37,7 @@ class TestPluginV1(base.TestCommand):
endpoint=fakes.AUTH_URL,
token=fakes.AUTH_TOKEN,
)
get_key = mock.patch('tripleoclient.utils.get_key')
get_key.start()
get_key.return_value = 'keyfile-path'
self.addCleanup(get_key.stop)

18
tripleoclient/utils.py

@ -1404,7 +1404,7 @@ def get_config(clients, container):
config_action.run(context=context)
def get_key(stack):
def get_key(stack, needs_pair=False):
"""Returns the private key from the local file system.
Searches for and returns the stack private key. If the key is inaccessible
@ -1414,18 +1414,26 @@ def get_key(stack):
:params stack: name of the stack to use
:type stack: String
:param needs_pair: Enable key pair search
:type needs_pair: Boolean
:returns: String || None
"""
key_files = list()
stack_dir = os.path.join(constants.DEFAULT_WORK_DIR, stack)
stack_key_file = os.path.join(stack_dir, 'ssh_private_key')
key_files.append(os.path.join(stack_dir, 'ssh_private_key'))
user_dir = os.path.join(os.path.expanduser("~"), '.ssh')
user_key_file = os.path.join(user_dir, 'id_rsa_tripleo')
key_files.append(os.path.join(user_dir, 'id_rsa_tripleo'))
key_files.append(os.path.join(user_dir, 'id_rsa'))
legacy_dir = os.path.join(constants.DEFAULT_WORK_DIR, '.ssh')
legacy_key_file = os.path.join(legacy_dir, 'tripleo-admin-rsa')
for key_file in [stack_key_file, user_key_file, legacy_key_file]:
key_files.append(os.path.join(legacy_dir, 'tripleo-admin-rsa'))
for key_file in key_files:
try:
if os.path.exists(key_file):
if needs_pair:
if not os.path.exists('{}.pub'.format(key_file)):
continue
with open(key_file):
return key_file
except IOError:

9
tripleoclient/v1/overcloud_admin.py

@ -12,7 +12,6 @@
# License for the specific language governing permissions and limitations
# under the License.
#
import os
from oslo_config import cfg
from oslo_log import log as logging
@ -51,9 +50,9 @@ class Authorize(command.Command):
)
parser.add_argument(
'--overcloud-ssh-key',
default=os.path.join(
os.path.expanduser('~'), '.ssh', 'id_rsa'),
help=_('Key path for ssh access to overcloud nodes.')
default=None,
help=_('Key path for ssh access to overcloud nodes. When'
'undefined the key will be autodetected.')
)
parser.add_argument(
'--overcloud-ssh-network',
@ -83,6 +82,6 @@ class Authorize(command.Command):
stack,
parsed_args.overcloud_ssh_network,
parsed_args.overcloud_ssh_user,
parsed_args.overcloud_ssh_key,
self.get_key_pair(parsed_args),
parsed_args.overcloud_ssh_port_timeout
)

17
tripleoclient/v1/overcloud_deploy.py

@ -608,14 +608,17 @@ class DeployOvercloud(command.Command):
with open(parsed_args.baremetal_deployment, 'r') as fp:
roles = yaml.safe_load(fp)
with open(parsed_args.overcloud_ssh_key, 'rt') as fp:
key = self.get_key_pair(parsed_args)
with open('{}.pub'.format(key), 'rt') as fp:
ssh_key = fp.read()
parameter_defaults = baremetal.deploy_roles(
self.app.client_manager,
plan=parsed_args.stack,
roles=roles, ssh_keys=[ssh_key],
ssh_user_name=parsed_args.overcloud_ssh_user)
roles=roles,
ssh_keys=[ssh_key],
ssh_user_name=parsed_args.overcloud_ssh_user
)
env_path, swift_path = self._write_user_environment(
parameter_defaults,
@ -674,9 +677,9 @@ class DeployOvercloud(command.Command):
)
parser.add_argument(
'--overcloud-ssh-key',
default=os.path.join(
os.path.expanduser('~'), '.ssh', 'id_rsa_tripleo'),
help=_('Key path for ssh access to overcloud nodes.')
default=None,
help=_('Key path for ssh access to overcloud nodes. When'
'undefined the key will be autodetected.')
)
parser.add_argument(
'--overcloud-ssh-network',
@ -956,7 +959,7 @@ class DeployOvercloud(command.Command):
stack,
parsed_args.overcloud_ssh_network,
parsed_args.overcloud_ssh_user,
parsed_args.overcloud_ssh_key,
self.get_key_pair(parsed_args),
parsed_args.overcloud_ssh_port_timeout
)

2
tripleoclient/v1/overcloud_ffwd_upgrade.py

@ -95,7 +95,7 @@ class FFWDUpgradePrepare(DeployOvercloud):
stack,
parsed_args.overcloud_ssh_network,
parsed_args.overcloud_ssh_user,
parsed_args.overcloud_ssh_key,
self.get_key_pair(parsed_args),
parsed_args.overcloud_ssh_port_timeout
)

17
tripleoclient/v1/overcloud_node.py

@ -617,10 +617,10 @@ class ProvisionNode(command.Command):
help=_('User for SSH access to newly deployed '
'nodes'))
parser.add_argument('--overcloud-ssh-key',
default=os.path.join(
os.path.expanduser('~'), '.ssh', 'id_rsa.pub'),
help=_('Public key path for SSH access to newly '
'deployed nodes'))
default=None,
help=_('Key path for ssh access to'
'overcloud nodes. When undefined the key'
'will be autodetected.'))
return parser
def take_action(self, parsed_args):
@ -629,14 +629,17 @@ class ProvisionNode(command.Command):
with open(parsed_args.input, 'r') as fp:
roles = yaml.safe_load(fp)
with open(parsed_args.overcloud_ssh_key, 'rt') as fp:
key = self.get_key_pair(parsed_args)
with open('{}.pub'.format(key), 'rt') as fp:
ssh_key = fp.read()
output = baremetal.deploy_roles(
self.app.client_manager,
plan=parsed_args.stack,
roles=roles, ssh_keys=[ssh_key],
ssh_user_name=parsed_args.overcloud_ssh_user)
roles=roles,
ssh_keys=[ssh_key],
ssh_user_name=parsed_args.overcloud_ssh_user
)
with open(parsed_args.output, 'w') as fp:
yaml.safe_dump(output['environment'], fp, default_flow_style=False)

2
tripleoclient/v1/overcloud_upgrade.py

@ -85,7 +85,7 @@ class UpgradePrepare(DeployOvercloud):
stack,
parsed_args.overcloud_ssh_network,
parsed_args.overcloud_ssh_user,
parsed_args.overcloud_ssh_key,
self.get_key_pair(parsed_args),
parsed_args.overcloud_ssh_port_timeout
)

Loading…
Cancel
Save