Create local_starlingxrc script

This change adds an utility script called "local_starlingxrc". It does the following actions: if the file "~/$USER-openrc" exists, sources it; if it doesn't exist, creates and sources it. The openrc file created uses the same Keystone username of the linux user logged in and asks the password. It should be used through command "source local_starlingxrc". Test Plan: PASS: Successfully deploy an AIO-DX containing this change. PASS: In the deployed AIO-DX, check that the command "local_starlingxrc" is available at "/usr/local/bin/local_starlingxrc" with permissions "-r-xr-xr-x", user root, group root. PASS: In the deployed AIO-DX, create linux user user1 that is not part of groups sys_protected and root and create Keystone user user1 with user role "reader". Execute a SSH to the active controller using user1, execute "source local_starlingxrc", inform the password asked and execute "system host-list" with no errors. Check that the file "user1-openrc" is created in user1 home folder with permissions "-rw-------", owner user1. Exit and execute SSH again using user1, execute "source local_starlingxrc", check that no password is asked and execute "system host-list" with no errors. PASS: Repeat the test above using standby controller. Check that the output of "source local_starlingxrc" always prints an error message saying that it is not the active controller and that "system host-list" always returns an error. Partial-Bug: 2024627 Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/886661 Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com> Change-Id: I576bf49cc5db9fef10f26963219d7c179f46a24f
2023-06-27 16:13:16 -03:00 · 2023-06-27 16:13:16 -03:00 · de718da43e
commit de718da43e
parent 8c865c4937
5 changed files with 44 additions and 1 deletions
--- a/utilities/platform-util/centos/platform-util.spec
+++ b/utilities/platform-util/centos/platform-util.spec
@ -68,6 +68,7 @@ install -m 555 %{_buildsubdir}/scripts/stx-iso-utils-centos.sh %{buildroot}%{loc
 install -m 555 %{_buildsubdir}/scripts/show-certs.sh %{buildroot}%{local_bindir}
 install -m 555 %{_buildsubdir}/scripts/update_docker_registry_auth.sh %{buildroot}%{local_bindir}
 install -m 555 %{_buildsubdir}/scripts/change_system_private_registry.sh %{buildroot}%{local_bindir}
+install -m 555 %{_buildsubdir}/scripts/local_starlingxrc %{buildroot}%{local_bindir}

 install -d %{buildroot}%{local_etc_initd}
 install %{_buildsubdir}/scripts/log_functions.sh %{buildroot}%{local_etc_initd}
@ -121,6 +122,7 @@ systemctl enable opt-platform.service
 %{local_bindir}/show-certs.sh
 %{local_bindir}/update_docker_registry_auth.sh
 %{local_bindir}/change_system_private_registry.sh
+%{local_bindir}/local_starlingxrc

 %files noncontroller
 %defattr(-,root,root,-)
--- a/utilities/platform-util/debian/deb_folder/controller.install
+++ b/utilities/platform-util/debian/deb_folder/controller.install
@ -6,3 +6,4 @@ scripts/stx-iso-utils-centos.sh usr/local/bin
 scripts/update-iso.sh usr/local/bin
 scripts/update_docker_registry_auth.sh usr/local/bin
 scripts/change_system_private_registry.sh usr/local/bin
+scripts/local_starlingxrc usr/local/bin
--- a/utilities/platform-util/debian/deb_folder/platform-util-controller.install
+++ b/utilities/platform-util/debian/deb_folder/platform-util-controller.install
@ -6,3 +6,4 @@
 /usr/local/bin/update-iso.sh
 /usr/local/bin/update_docker_registry_auth.sh
 /usr/local/bin/change_system_private_registry.sh
+/usr/local/bin/local_starlingxrc
--- a/utilities/platform-util/debian/deb_folder/rules
+++ b/utilities/platform-util/debian/deb_folder/rules
@ -38,6 +38,7 @@ override_dh_auto_install:
 	install -m 555 scripts/update_docker_registry_auth.sh $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 555 scripts/change_system_private_registry.sh $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 555 scripts/is-rootdisk-device.sh $(DEBIAN_BUILDDIR)/usr/local/bin/
+	install -m 555 scripts/local_starlingxrc $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 755 scripts/connectivity_test $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 750 scripts/set_keystone_user_option.sh $(DEBIAN_BUILDDIR)/usr/local/bin/

@ -51,4 +52,5 @@ override_dh_auto_install:
 override_dh_fixperms:
 	dh_fixperms -Xupdate-iso.sh -Xgen-bootloader-iso.sh -Xstx-iso-utils.sh \
 	-Xshow-certs.sh -Xupdate_docker_registry_auth.sh -Xchange_system_private_registry.sh \
-        -Xis-rootdisk-device.sh -Xpatch-restart-* -Xconnectivity_test -Xset_keystone_user_option.sh
+	-Xis-rootdisk-device.sh -Xlocal_starlingxrc -Xpatch-restart-* -Xconnectivity_test \
+	-Xset_keystone_user_option.sh
--- a/utilities/platform-util/scripts/local_starlingxrc
+++ b/utilities/platform-util/scripts/local_starlingxrc
@ -0,0 +1,37 @@
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Creates and/or loads local file "~/$USER-openrc".
+# It is assumed that the Keystone username is the same as the logged in
+# username.
+#
+
+# Check if openrc file exists.
+if [ -e "$HOME/$USER-openrc" ]; then
+
+    source $HOME/$USER-openrc
+    return $?
+
+else
+
+    # Create and source openrc file.
+    read -s -p "Enter the password to be used with Keystone user $USER: " password
+    echo
+    touch $HOME/$USER-openrc
+    chmod 600 $HOME/$USER-openrc
+    printf "%s\n" \
+           "source /etc/platform/openrc --no_credentials" \
+           "if [[ \"\$?\" != \"0\" ]]; then" \
+           "    return 1" \
+           "fi" \
+           "export OS_USERNAME=$USER" \
+           "export OS_PASSWORD=$password" \
+           "export PS1='[\u@\h \W(keystone_\$OS_USERNAME)]\$ '" \
+           "return 0" >> $HOME/$USER-openrc
+    echo "Created file $HOME/$USER-openrc"
+    source $HOME/$USER-openrc
+    return $?
+
+fi