From 315091e8dc628b27501f23a31848498b9003b978 Mon Sep 17 00:00:00 2001 From: Dan Prince <dprince@redhat.com> Date: Thu, 30 Nov 2017 17:22:39 -0500 Subject: [PATCH] Add a new UndercloudHomeDir parameter Add a parameter to control the homedir of the Undercloud user. Useful if you don't want stackrc and ssh creds in /root/ Change-Id: I2ad703689b600280b2c1ab1752654f2d334cb6db Co-Authored-By: Ian Main <imain@redhat.com> --- extraconfig/post_deploy/undercloud_post.sh | 41 ++++++++++++-------- extraconfig/post_deploy/undercloud_post.yaml | 5 +++ 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh index c93b2981c2..151e0e076f 100755 --- a/extraconfig/post_deploy/undercloud_post.sh +++ b/extraconfig/post_deploy/undercloud_post.sh @@ -3,12 +3,16 @@ set -eux ln -sf /etc/puppet/hiera.yaml /etc/hiera.yaml -# WRITE OUT STACKRC -if [ ! -e /root/stackrc ]; then - touch /root/stackrc - chmod 0600 /root/stackrc +HOMEDIR="$homedir" +USERNAME=`ls -ld $HOMEDIR | awk {'print $3'}` +GROUPNAME=`ls -ld $HOMEDIR | awk {'print $4'}` - cat > /root/stackrc <<-EOF_CAT +# WRITE OUT STACKRC +if [ ! -e $HOMEDIR/stackrc ]; then + touch $HOMEDIR/stackrc + chmod 0600 $HOMEDIR/stackrc + + cat > $HOMEDIR/stackrc <<-EOF_CAT export OS_AUTH_TYPE=password export OS_PASSWORD=$admin_password export OS_AUTH_URL=$auth_url @@ -26,7 +30,7 @@ export OS_PROJECT_DOMAIN_NAME='Default' export OS_USER_DOMAIN_NAME='Default' EOF_CAT - cat >> /root/stackrc <<-"EOF_CAT" + cat >> $HOMEDIR/stackrc <<-"EOF_CAT" # Add OS_CLOUDNAME to PS1 if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then export PS1=${PS1:-""} @@ -36,28 +40,31 @@ fi EOF_CAT if [ -n "$ssl_certificate" ]; then -cat >> /root/stackrc <<-EOF_CAT +cat >> $HOMEDIR/stackrc <<-EOF_CAT export PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available" EOF_CAT fi fi -source /root/stackrc +chown "$USERNAME:$GROUPNAME" "$HOMEDIR/stackrc" -if [ ! -f /root/.ssh/authorized_keys ]; then - sudo mkdir -p /root/.ssh - sudo chmod 7000 /root/.ssh/ - sudo touch /root/.ssh/authorized_keys - sudo chmod 600 /root/.ssh/authorized_keys +source $HOMEDIR/stackrc + +if [ ! -f $HOMEDIR/.ssh/authorized_keys ]; then + sudo mkdir -p $HOMEDIR/.ssh + sudo chmod 7000 $HOMEDIR/.ssh/ + sudo touch $HOMEDIR/.ssh/authorized_keys + sudo chmod 600 $HOMEDIR/.ssh/authorized_keys fi -if [ ! -f /root/.ssh/id_rsa ]; then - ssh-keygen -b 1024 -N '' -f /root/.ssh/id_rsa +if [ ! -f $HOMEDIR/.ssh/id_rsa ]; then + ssh-keygen -b 1024 -N '' -f $HOMEDIR/.ssh/id_rsa fi -if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then - cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys +if ! grep "$(cat $HOMEDIR/.ssh/id_rsa.pub)" $HOMEDIR/.ssh/authorized_keys; then + cat $HOMEDIR/.ssh/id_rsa.pub >> $HOMEDIR/.ssh/authorized_keys fi +chown -R "$USERNAME:$GROUPNAME" "$HOMEDIR/.ssh" if [ "$(hiera neutron_api_enabled)" = "true" ]; then PHYSICAL_NETWORK=ctlplane diff --git a/extraconfig/post_deploy/undercloud_post.yaml b/extraconfig/post_deploy/undercloud_post.yaml index 0bb19a7156..3a2479b37d 100644 --- a/extraconfig/post_deploy/undercloud_post.yaml +++ b/extraconfig/post_deploy/undercloud_post.yaml @@ -9,6 +9,10 @@ parameters: DeployedServerPortMap: default: {} type: json + UndercloudHomeDir: + description: The HOME directory where the stackrc and ssh credentials for the Undercloud will be installed. Set to /home/<user> to customize the location. + type: string + default: '/root' UndercloudDhcpRangeStart: type: string default: '192.168.24.5' @@ -76,6 +80,7 @@ resources: undercloud_network_gateway: {get_param: UndercloudNetworkGateway} undercloud_nameserver: {get_param: UndercloudNameserver} ssl_certificate: {get_param: SSLCertificate} + homedir: {get_param: UndercloudHomeDir} admin_password: {get_param: AdminPassword} snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} # if SSL is enabled we use the public virtual ip as the stackrc endpoint