From 315091e8dc628b27501f23a31848498b9003b978 Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Thu, 30 Nov 2017 17:22:39 -0500
Subject: [PATCH] Add a new UndercloudHomeDir parameter

Add a parameter to control the homedir of the
Undercloud user. Useful if you don't want stackrc
and ssh creds in /root/

Change-Id: I2ad703689b600280b2c1ab1752654f2d334cb6db
Co-Authored-By: Ian Main <imain@redhat.com>
---
 extraconfig/post_deploy/undercloud_post.sh   | 41 ++++++++++++--------
 extraconfig/post_deploy/undercloud_post.yaml |  5 +++
 2 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh
index c93b2981c2..151e0e076f 100755
--- a/extraconfig/post_deploy/undercloud_post.sh
+++ b/extraconfig/post_deploy/undercloud_post.sh
@@ -3,12 +3,16 @@ set -eux
 
 ln -sf /etc/puppet/hiera.yaml /etc/hiera.yaml
 
-# WRITE OUT STACKRC
-if [ ! -e /root/stackrc ]; then
-    touch /root/stackrc
-    chmod 0600 /root/stackrc
+HOMEDIR="$homedir"
+USERNAME=`ls -ld $HOMEDIR | awk {'print $3'}`
+GROUPNAME=`ls -ld $HOMEDIR | awk {'print $4'}`
 
-    cat > /root/stackrc <<-EOF_CAT
+# WRITE OUT STACKRC
+if [ ! -e $HOMEDIR/stackrc ]; then
+    touch $HOMEDIR/stackrc
+    chmod 0600 $HOMEDIR/stackrc
+
+    cat > $HOMEDIR/stackrc <<-EOF_CAT
 export OS_AUTH_TYPE=password
 export OS_PASSWORD=$admin_password
 export OS_AUTH_URL=$auth_url
@@ -26,7 +30,7 @@ export OS_PROJECT_DOMAIN_NAME='Default'
 export OS_USER_DOMAIN_NAME='Default'
 EOF_CAT
 
-    cat >> /root/stackrc <<-"EOF_CAT"
+    cat >> $HOMEDIR/stackrc <<-"EOF_CAT"
 # Add OS_CLOUDNAME to PS1
 if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then
     export PS1=${PS1:-""}
@@ -36,28 +40,31 @@ fi
 EOF_CAT
 
     if [ -n "$ssl_certificate" ]; then
-cat >> /root/stackrc <<-EOF_CAT
+cat >> $HOMEDIR/stackrc <<-EOF_CAT
 export PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available"
 EOF_CAT
     fi
 fi
 
-source /root/stackrc
+chown "$USERNAME:$GROUPNAME" "$HOMEDIR/stackrc"
 
-if [ ! -f /root/.ssh/authorized_keys ]; then
-    sudo mkdir -p /root/.ssh
-    sudo chmod 7000 /root/.ssh/
-    sudo touch /root/.ssh/authorized_keys
-    sudo chmod 600 /root/.ssh/authorized_keys
+source $HOMEDIR/stackrc
+
+if [ ! -f $HOMEDIR/.ssh/authorized_keys ]; then
+    sudo mkdir -p $HOMEDIR/.ssh
+    sudo chmod 7000 $HOMEDIR/.ssh/
+    sudo touch $HOMEDIR/.ssh/authorized_keys
+    sudo chmod 600 $HOMEDIR/.ssh/authorized_keys
 fi
 
-if [ ! -f /root/.ssh/id_rsa ]; then
-    ssh-keygen -b 1024 -N '' -f /root/.ssh/id_rsa
+if [ ! -f $HOMEDIR/.ssh/id_rsa ]; then
+    ssh-keygen -b 1024 -N '' -f $HOMEDIR/.ssh/id_rsa
 fi
 
-if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then
-    cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
+if ! grep "$(cat $HOMEDIR/.ssh/id_rsa.pub)" $HOMEDIR/.ssh/authorized_keys; then
+    cat $HOMEDIR/.ssh/id_rsa.pub >> $HOMEDIR/.ssh/authorized_keys
 fi
+chown -R "$USERNAME:$GROUPNAME" "$HOMEDIR/.ssh"
 
 if [ "$(hiera neutron_api_enabled)" = "true" ]; then
     PHYSICAL_NETWORK=ctlplane
diff --git a/extraconfig/post_deploy/undercloud_post.yaml b/extraconfig/post_deploy/undercloud_post.yaml
index 0bb19a7156..3a2479b37d 100644
--- a/extraconfig/post_deploy/undercloud_post.yaml
+++ b/extraconfig/post_deploy/undercloud_post.yaml
@@ -9,6 +9,10 @@ parameters:
   DeployedServerPortMap:
     default: {}
     type: json
+  UndercloudHomeDir:
+    description: The HOME directory where the stackrc and ssh credentials for the Undercloud will be installed. Set to /home/<user> to customize the location.
+    type: string
+    default: '/root'
   UndercloudDhcpRangeStart:
     type: string
     default: '192.168.24.5'
@@ -76,6 +80,7 @@ resources:
         undercloud_network_gateway: {get_param: UndercloudNetworkGateway}
         undercloud_nameserver: {get_param: UndercloudNameserver}
         ssl_certificate: {get_param: SSLCertificate}
+        homedir: {get_param: UndercloudHomeDir}
         admin_password: {get_param: AdminPassword}
         snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
         # if SSL is enabled we use the public virtual ip as the stackrc endpoint