diff options
| author |   Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-02-13 03:34:10 +0100 |
|---|---|---|
| committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-02-13 19:47:17 +0100 |
| commit | af65ce60c5ab69816cbe8b4c1c7b4c5922304205 (patch) | |
| tree | ece84798bf9b73ca7036d136886bb9525b41f806 | |
| parent | bfc61428e35c92cbed253e98133d7891cc2d6833 (diff) | |
[patch] MaaS: mcp.rsa.pub to auth keys via pillar
Drop one questionable patch responsible for MaaS node authorized
keys to include mcp.rsa.pub by reading the contents of authorized
keys on mas01, assuming mcp.rsa.pub will be on the first line.
Instead, export the contents of the public key using a shell env
var during deploy, which gets expanded via maas_pdf j2 template
into a reclass param, leveraging existing salt-formula-maas sshprefs
mechanism for delivering the key to MaaS.
Since we require the public key to exist before expanding templates,
move `generate_ssh_key` call outside the current infrastructure
handling block, allowing it to execute during all `deploy.sh` calls,
even for dry-runs.
Change-Id: I0f53b0f764a2fafd292e0ffd399c284acf61bd30
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
| -rwxr-xr-x | ci/deploy.sh | 5 | ||||
| -rw-r--r-- | mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch | 45 | ||||
| -rw-r--r-- | mcp/patches/patches.list | 1 | ||||
| -rw-r--r-- | mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 | 2 |
4 files changed, 6 insertions, 47 deletions
diff --git a/ci/deploy.sh b/ci/deploy.sh index ed438324b..c883616f1 100755 --- a/ci/deploy.sh +++ b/ci/deploy.sh @@ -280,6 +280,10 @@ eval "$(parse_yaml "${SCENARIO_DIR}/defaults-$(uname -i).yaml")" eval "$(parse_yaml "${SCENARIO_DIR}/${DEPLOY_SCENARIO}.yaml")" export CLUSTER_DOMAIN=${cluster_domain} +# key might not exist yet ... +generate_ssh_key +export MAAS_SSH_KEY="$(cat "$(basename "${SSH_KEY}").pub")" + # Expand jinja2 templates based on PDF data and env vars do_templates "${REPO_ROOT_PATH}" "${STORAGE_DIR}" "${TARGET_LAB}" \ "${TARGET_POD}" "${BASE_CONFIG_URI}" @@ -336,7 +340,6 @@ elif [ ${USE_EXISTING_INFRA} -gt 0 ]; then notify "[NOTE] Use existing infra" 2 check_connection else - generate_ssh_key prepare_vms "${base_image}" "${STORAGE_DIR}" "${virtual_repos_pkgs}" \ "${virtual_nodes[@]}" create_networks "${OPNFV_BRIDGES[@]}" diff --git a/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch b/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch deleted file mode 100644 index a4fb44b05..000000000 --- a/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch +++ /dev/null @@ -1,45 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2017 Mirantis Inc., Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Charalampos Kominos <Charalampos.Kominos@enea.com> -Date: Sat, 5 Aug 2017 02:03:01 +0200 -Subject: [PATCH] maas: region: use authorized_keys 1st entry - -MaaS custom py modules accepts the "sshprefs" variable via pillar, -however we want to read it from ~ubuntu/.ssh/authorized_keys. - -Bypass the py module and call MaaS CLI directly, passing the first -authorized key, which should be mcp.rsa.pub. - -Signed-off-by: Charalampos Kominos <Charalampos.Kominos@enea.com> ---- - -diff --git a/maas/region.sls b/maas/region.sls ---- a/maas/region.sls -+++ b/maas/region.sls -@@ -242,12 +242,16 @@ - - require: - - module: maas_config - --{%- if region.get('sshprefs', False) %} - maas_sshprefs: -- module.run: -- - name: maas.process_sshprefs -+# NOTE(armband): maas.process_sshprefs also works, but we need to read the key -+# from authorized_keys. Should be reworked at some point. -+# module.run: -+# - name: maas.process_sshprefs -+# - require: -+ cmd.run: -+ - name: "maas login {{ region.admin.username }} http://{{ region.bind.host }}:5240/MAAS/api/2.0 - < /var/lib/maas/.maas_credentials && SSH_KEY=$(cat authorized_keys | head -1) && (maas opnfv sshkeys read | grep -q \"$SSH_KEY\" || maas opnfv sshkeys create \"key=$SSH_KEY\")" -+ - cwd: "/home/ubuntu/.ssh" - - require: - - module: maas_config --{%- endif %} - - {%- endif %} diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list index 703bd0587..1b500254d 100644 --- a/mcp/patches/patches.list +++ b/mcp/patches/patches.list @@ -8,7 +8,6 @@ /usr/share/salt-formulas/env: 0001-opendaylight-formula-neutron.patch /usr/share/salt-formulas/env: 0002-maas-region-skip-credentials-update.patch /usr/share/salt-formulas/env: 0003-maas-region-force-artifact-download.patch -/usr/share/salt-formulas/env: 0004-maas-region-use-authorized_keys-1st-entry.patch /usr/share/salt-formulas/env: 0005-maas-module-Obtain-fabric-ID-from-CIDR.patch /usr/share/salt-formulas/env: 0006-maas-module-Add-VLAN-DHCP-enable-support.patch /usr/share/salt-formulas/env: 0007-network.interface-Fix-ifup-OVS-port-with-route.patch diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 index a875993e3..cff6d9b30 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 @@ -9,6 +9,8 @@ parameters: maas: region: + sshprefs: + - '{{ conf.MAAS_SSH_KEY }}' machines: {%- set pxe_interface = conf.idf.net_config.admin.interface %} {#- We only support exactly 5 nodes for now, hardcoded order #} |