From d05c20bb60c0443bc6fa167cfc525d5701408e5b Mon Sep 17 00:00:00 2001 From: "harsha.dhake" Date: Wed, 27 Mar 2019 16:25:01 +0530 Subject: [PATCH] Adding credsmgr support in devstack Change-Id: Ied7da6e314d81426e60063f7347dbeb1dc05216b --- .gitignore | 4 + .gitreview | 2 +- devstack/README.rst | 18 +- devstack/lib/creds_mgr | 179 ++++++++++++++++++ devstack/lib/omni_aws | 41 ++-- devstack/plugin.sh | 20 ++ .../plugins/ml2/drivers/aws/mechanism_aws.py | 20 +- nova/virt/ec2/config.py | 17 ++ scripts/create-glance-images-aws.py | 4 +- 9 files changed, 280 insertions(+), 25 deletions(-) create mode 100644 devstack/lib/creds_mgr diff --git a/.gitignore b/.gitignore index 075d9a6..6206182 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,7 @@ build/* creds_manager/build/* .testrepository openstack +.DS_Store +devstack/.DS_Store +.gitreview + diff --git a/.gitreview b/.gitreview index 8078b3a..5590ddd 100644 --- a/.gitreview +++ b/.gitreview @@ -1,4 +1,4 @@ [gerrit] host=review.openstack.org port=29418 -project=openstack/omni.git +project=x/omni.git diff --git a/devstack/README.rst b/devstack/README.rst index f4d5091..90ac83d 100644 --- a/devstack/README.rst +++ b/devstack/README.rst @@ -26,15 +26,15 @@ Following lines need to be added in local.conf to enable Omni plugin: *3. Parameters required for Omni drivers:* -================== ===== ---------------------------- - AWS GCE -================== ===== -SECRET_KEY ZONE -ACCESS_KEY PROJECT_ID -REGION_NAME REGION -AVAILABILITY_ZONE -================== ===== +================== ===== +------------------------------------- + AWS GCE +================== ===== +AWS_SECRET_KEY ZONE +AWS_ACCESS_KEY PROJECT_ID +AWS_REGION_NAME REGION +AWS_AVAILABILITY_ZONE +================== ===== Run stack.sh in your devstack tree to get started. diff --git a/devstack/lib/creds_mgr b/devstack/lib/creds_mgr new file mode 100644 index 0000000..8a1236f --- /dev/null +++ b/devstack/lib/creds_mgr @@ -0,0 +1,179 @@ +#!/bin/bash -xe + +# Save trace setting +XTRACE=$(set +o | grep xtrace) +set +o xtrace + + +PROJECT_NAME="credsmgr" +OMNI_DATA_DIR="/opt/stack/omni" +CINDER_DIR="/opt/stack/cinder" +NOVA_DIR="/opt/stack/nova" +CREDSMGR_DIR="/opt/stack/credsmgr" +CREDSMGR_SERVICE_NAME=devstack@credsmgr.service +STACK_USER="stack" +CREDSMGR_CONF="/etc/credsmgr/credsmgr.conf" +CREDSMGR_URL="http://${SERVICE_HOST}:8091/" +FERNET_SALT=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) +FERNET_PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) + +function install_credsmgr { + install_dependencies + + sudo cp -R $OMNI_DATA_DIR/creds_manager/credsmgr $CREDSMGR_DIR/lib/python2.?/site-packages/ + sudo cp -R $OMNI_DATA_DIR/creds_manager/etc/* /etc/ + + # Remove the default credsmgr.conf and write the file afresh. + sudo rm -f /etc/credsmgr/credsmgr.conf + + # Grant permissions on /etc folders + sudo chown -R $STACK_USER:$STACK_USER /etc/credsmgr + sudo chown -R $STACK_USER:$STACK_USER /etc/logrotate.d + sudo chown -R $STACK_USER:$STACK_USER /etc/rsyslog.d + + create_service_file + + init_credsmgr + update_credsmgr_config + create_credsmgr_accounts + + configure_creds_decryption_for_ostack_components $NOVA_CONF + configure_creds_decryption_for_ostack_components $NEUTRON_CONF + configure_creds_decryption_for_ostack_components $GLANCE_API_CONF + configure_creds_decryption_for_ostack_components $CINDER_CONF + + # Change the code in specific services' file to fetch credsmgr endpoints in the service_catalog object created in their contexts + fetch_credsmgr_in_service_catalog + + restart_services + start_credsmgr_service + sleep 20 + + # Create and associate credentials with tenant id + create_and_associate_credentials +} + +function install_dependencies { + # Create virtualenv and install credsmgr dependencies + virtualenv $CREDSMGR_DIR + + export PBR_VERSION=1.8.1 + $CREDSMGR_DIR/bin/python $CREDSMGR_DIR/bin/pip install \ + -chttps://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=stable/newton \ + -r $OMNI_DATA_DIR/creds_manager/requirements.txt + + cp -r $OMNI_DATA_DIR/credsmgrclient $CREDSMGR_DIR/lib/python2.?/site-packages/ + + cd $OMNI_DATA_DIR/creds_manager + $CREDSMGR_DIR/bin/python setup.py install +} + +function create_service_file { +cat <