summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteven Hardy <shardy@redhat.com>2015-09-03 10:38:59 +0100
committerSteven Hardy <shardy@redhat.com>2015-09-03 13:56:16 +0100
commitd578cf1ac057643428eba77c3c0a0d31b9db6ad3 (patch)
treef26cc28806626c8df99b07b589fdafc15695321f
parente83af2b8c00d8ae21067b5001e70c030116b0dfe (diff)
Add NodeAdminUserData interface for "heat-admin" user
Reinstates the heat-admin user via template user-data, which replaces the previous boothook injected user provided by the (deprecated now removed) heat instance_user option. This has some advantages over the heat.conf option, e.g it allows for much easier customzation of the user configuration (additional SSH keys, adding groups etc), and also in future if we support deploying more than one overcloud you could specify a different user per deployment. Co-Authored-By: Dan Prince <dprince@redhat.com> Change-Id: I2235b9690c01542d8a28ec1c1a4607de751aea29 Closes-Bug: #1229849
-rw-r--r--firstboot/userdata_heat_admin.yaml29
-rw-r--r--overcloud-resource-registry-puppet.yaml4
-rw-r--r--puppet/ceph-storage-puppet.yaml19
-rw-r--r--puppet/cinder-storage-puppet.yaml19
-rw-r--r--puppet/compute-puppet.yaml19
-rw-r--r--puppet/controller-puppet.yaml19
-rw-r--r--puppet/swift-storage-puppet.yaml19
7 files changed, 123 insertions, 5 deletions
diff --git a/firstboot/userdata_heat_admin.yaml b/firstboot/userdata_heat_admin.yaml
new file mode 100644
index 00000000..73481c63
--- /dev/null
+++ b/firstboot/userdata_heat_admin.yaml
@@ -0,0 +1,29 @@
+heat_template_version: 2014-10-16
+
+parameters:
+ # Can be overriden via parameter_defaults in the environment
+ node_admin_username:
+ type: string
+ default: heat-admin
+
+description: >
+ Uses cloud-init to create an additional user with a known name, in addition
+ to the distro-default user created by the cloud-init default.
+
+resources:
+ userdata:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: {get_resource: user_config}
+
+ # Note this requires cloud-init >= 0.7.2 ref bug #1100920
+ user_config:
+ type: OS::Heat::CloudConfig
+ properties:
+ cloud_config:
+ user: {get_param: node_admin_username}
+
+outputs:
+ OS::stack_id:
+ value: {get_resource: userdata}
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 523e4477..39d752f5 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -23,6 +23,10 @@ resource_registry:
OS::TripleO::BootstrapNode::SoftwareConfig: puppet/bootstrap-config.yaml
OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml
+ # This creates the "heat-admin" user for all OS images by default
+ # To disable, replace with firstboot/userdata_default.yaml
+ OS::TripleO::NodeAdminUserData: firstboot/userdata_heat_admin.yaml
+
# Hooks for operator extra config
# NodeUserData == Cloud-init additional user-data, e.g cloud-config
# ControllerExtraConfigPre == Controller configuration pre service deployment
diff --git a/puppet/ceph-storage-puppet.yaml b/puppet/ceph-storage-puppet.yaml
index fcf4259f..db73f03a 100644
--- a/puppet/ceph-storage-puppet.yaml
+++ b/puppet/ceph-storage-puppet.yaml
@@ -66,9 +66,26 @@ resources:
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: NodeUserData}
+ user_data: {get_resource: UserData}
name: {get_param: Hostname}
+ # Combine the NodeAdminUserData and NodeUserData mime archives
+ UserData:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: {get_resource: NodeAdminUserData}
+ type: multipart
+ - config: {get_resource: NodeUserData}
+ type: multipart
+
+ # Creates the "heat-admin" user if configured via the environment
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
+ NodeAdminUserData:
+ type: OS::TripleO::NodeAdminUserData
+
+ # For optional operator additional userdata
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeUserData:
type: OS::TripleO::NodeUserData
diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml
index 091d1f1b..403ce9ce 100644
--- a/puppet/cinder-storage-puppet.yaml
+++ b/puppet/cinder-storage-puppet.yaml
@@ -120,9 +120,26 @@ resources:
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: NodeUserData}
+ user_data: {get_resource: UserData}
name: {get_param: Hostname}
+ # Combine the NodeAdminUserData and NodeUserData mime archives
+ UserData:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: {get_resource: NodeAdminUserData}
+ type: multipart
+ - config: {get_resource: NodeUserData}
+ type: multipart
+
+ # Creates the "heat-admin" user if configured via the environment
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
+ NodeAdminUserData:
+ type: OS::TripleO::NodeAdminUserData
+
+ # For optional operator additional userdata
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeUserData:
type: OS::TripleO::NodeUserData
diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml
index 7966fd48..6648073c 100644
--- a/puppet/compute-puppet.yaml
+++ b/puppet/compute-puppet.yaml
@@ -260,9 +260,26 @@ resources:
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: NodeUserData}
+ user_data: {get_resource: UserData}
name: {get_param: Hostname}
+ # Combine the NodeAdminUserData and NodeUserData mime archives
+ UserData:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: {get_resource: NodeAdminUserData}
+ type: multipart
+ - config: {get_resource: NodeUserData}
+ type: multipart
+
+ # Creates the "heat-admin" user if configured via the environment
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
+ NodeAdminUserData:
+ type: OS::TripleO::NodeAdminUserData
+
+ # For optional operator additional userdata
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeUserData:
type: OS::TripleO::NodeUserData
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index 296388af..ce33d1c5 100644
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -528,9 +528,26 @@ resources:
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: NodeUserData}
+ user_data: {get_resource: UserData}
name: {get_param: Hostname}
+ # Combine the NodeAdminUserData and NodeUserData mime archives
+ UserData:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: {get_resource: NodeAdminUserData}
+ type: multipart
+ - config: {get_resource: NodeUserData}
+ type: multipart
+
+ # Creates the "heat-admin" user if configured via the environment
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
+ NodeAdminUserData:
+ type: OS::TripleO::NodeAdminUserData
+
+ # For optional operator additional userdata
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeUserData:
type: OS::TripleO::NodeUserData
diff --git a/puppet/swift-storage-puppet.yaml b/puppet/swift-storage-puppet.yaml
index b3579429..5ed63bb2 100644
--- a/puppet/swift-storage-puppet.yaml
+++ b/puppet/swift-storage-puppet.yaml
@@ -89,9 +89,26 @@ resources:
networks:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: NodeUserData}
+ user_data: {get_resource: UserData}
name: {get_param: Hostname}
+ # Combine the NodeAdminUserData and NodeUserData mime archives
+ UserData:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: {get_resource: NodeAdminUserData}
+ type: multipart
+ - config: {get_resource: NodeUserData}
+ type: multipart
+
+ # Creates the "heat-admin" user if configured via the environment
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
+ NodeAdminUserData:
+ type: OS::TripleO::NodeAdminUserData
+
+ # For optional operator additional userdata
+ # Should return a OS::Heat::MultipartMime reference via OS::stack_id
NodeUserData:
type: OS::TripleO::NodeUserData