Change enable-ssh-admin.sh script to use playbook
We've removed mistral from undercloud by default and this script still uses mistral. Change it to use the new cli playbook. Change-Id: Ic3e3d4909e61f473a7a9c0686e2374ffaec6b93a
This commit is contained in:
parent
25c07e3fd6
commit
06cbf1c858
@ -2,22 +2,11 @@
|
||||
|
||||
set -eu
|
||||
|
||||
# whitespace (space or newline) separated list
|
||||
OVERCLOUD_PLAN=${OVERCLOUD_PLAN:-"overcloud"}
|
||||
# whitespace (space or newline) separated list
|
||||
OVERCLOUD_HOSTS=${OVERCLOUD_HOSTS:-""}
|
||||
OVERCLOUD_SSH_USER=${OVERCLOUD_SSH_USER:-"$USER"}
|
||||
# this is just for compatibility with CI
|
||||
SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"}
|
||||
# this is the intended variable for overriding
|
||||
OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"}
|
||||
SSH_TIMEOUT_OPTIONS=${SSH_TIMEOUT_OPTIONS:-"-o ConnectionAttempts=6 -o ConnectTimeout=30"}
|
||||
SSH_HOSTKEY_OPTIONS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
|
||||
SHORT_TERM_KEY_COMMENT="TripleO split stack short term key"
|
||||
SLEEP_TIME=5
|
||||
# The default is defined in tripleoclient/constants.py
|
||||
ENABLE_SSH_ADMIN_TIMEOUT=${ENABLE_SSH_ADMIN_TIMEOUT:-"600"}
|
||||
|
||||
# needed to handle where python lives
|
||||
function get_python() {
|
||||
command -v python3 || command -v python2 || command -v python || exit 1
|
||||
}
|
||||
@ -28,87 +17,10 @@ import json, re, sys
|
||||
print(json.dumps(re.split("\s+", sys.stdin.read().strip())))'
|
||||
}
|
||||
|
||||
function overcloud_ssh_key_json {
|
||||
# we pass the contents to Mistral instead of just path, otherwise
|
||||
# the key file would have to be readable for the mistral user
|
||||
cat "$1" | $(get_python) -c 'import json,sys; print(json.dumps(sys.stdin.read()))'
|
||||
}
|
||||
|
||||
function workflow_finished {
|
||||
local execution_id="$1"
|
||||
counter=$(( $ENABLE_SSH_ADMIN_TIMEOUT / $SLEEP_TIME ))
|
||||
|
||||
while [ $counter -gt 0 ]
|
||||
do
|
||||
RESULT=$(openstack workflow execution show -f value -c State $execution_id)
|
||||
if [ "$RESULT" == "ERROR" ]; then
|
||||
echo "Workflow $execution_id finished with error. Check mistral logs."
|
||||
return 1
|
||||
elif [ "$RESULT" == "SUCCESS" ]; then
|
||||
echo "Workflow $execution_id finished with success."
|
||||
return 0
|
||||
else
|
||||
sleep $SLEEP_TIME
|
||||
fi
|
||||
counter=$(( $counter - 1 ))
|
||||
done
|
||||
echo "Workflow $execution_id did not finish after $ENABLE_SSH_ADMIN_TIMEOUT seconds."
|
||||
return 1
|
||||
}
|
||||
|
||||
function generate_short_term_keys {
|
||||
local tmpdir=$(mktemp -d)
|
||||
ssh-keygen -N '' -t rsa -b 4096 -f "$tmpdir/id_rsa" -C "$SHORT_TERM_KEY_COMMENT" > /dev/null
|
||||
echo "$tmpdir"
|
||||
}
|
||||
|
||||
if [ -z "$OVERCLOUD_HOSTS" ]; then
|
||||
echo 'Please set $OVERCLOUD_HOSTS'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Starting workflow to create ssh admin on deployed servers."
|
||||
echo "Running playbook to create ssh admin on deployed servers."
|
||||
echo "SSH user: $OVERCLOUD_SSH_USER"
|
||||
echo "SSH key file: $OVERCLOUD_SSH_KEY"
|
||||
echo "Hosts: $OVERCLOUD_HOSTS"
|
||||
echo
|
||||
|
||||
SHORT_TERM_KEY_DIR=$(generate_short_term_keys)
|
||||
SHORT_TERM_KEY_PRIVATE="$SHORT_TERM_KEY_DIR/id_rsa"
|
||||
SHORT_TERM_KEY_PUBLIC="$SHORT_TERM_KEY_DIR/id_rsa.pub"
|
||||
SHORT_TERM_KEY_PUBLIC_CONTENT=$(cat $SHORT_TERM_KEY_PUBLIC)
|
||||
extra_vars="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"tripleo_cloud_name\": \"$OVERCLOUD_PLAN\"}"
|
||||
|
||||
for HOST in $OVERCLOUD_HOSTS; do
|
||||
echo "Inserting TripleO short term key for $HOST"
|
||||
# prepending an extra newline so that if authorized_keys didn't
|
||||
# end with a newline previously, we don't end up garbling it up
|
||||
ssh $SSH_TIMEOUT_OPTIONS $SSH_HOSTKEY_OPTIONS -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "echo -e '\n$SHORT_TERM_KEY_PUBLIC_CONTENT' >> \$HOME/.ssh/authorized_keys"
|
||||
done
|
||||
|
||||
echo "Starting ssh admin enablement workflow"
|
||||
EXECUTION_PARAMS="{\"plan_name\": \"$OVERCLOUD_PLAN\", \"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json "$SHORT_TERM_KEY_PRIVATE")}"
|
||||
EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS")
|
||||
echo "$EXECUTION_CREATE_OUTPUT"
|
||||
EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }')
|
||||
|
||||
if [ -z "$EXECUTION_ID" ]; then
|
||||
echo "Failed to get workflow execution ID for ssh admin creation workflow"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -n "Waiting for the workflow execution to finish (id $EXECUTION_ID)."
|
||||
if ! workflow_finished $EXECUTION_ID; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo # newline after the previous dots
|
||||
|
||||
for HOST in $OVERCLOUD_HOSTS; do
|
||||
echo "Removing TripleO short term key from $HOST"
|
||||
ssh $SSH_TIMEOUT_OPTIONS $SSH_HOSTKEY_OPTIONS -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "sed -i -e '/$SHORT_TERM_KEY_COMMENT/d' \$HOME/.ssh/authorized_keys"
|
||||
done
|
||||
|
||||
echo "Removing short term keys locally"
|
||||
rm -r "$SHORT_TERM_KEY_DIR"
|
||||
|
||||
echo "Success."
|
||||
ansible-playbook /usr/share/ansible/tripleo-playbooks/cli-enable-ssh-admin.yaml -e "$extra_vars"
|
||||
|
Loading…
Reference in New Issue
Block a user