summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTim Rozet <trozet@redhat.com>2017-09-28 15:00:17 -0400
committerTim Rozet <trozet@redhat.com>2017-09-30 00:42:57 +0000
commit5bbba78faa198976be1a1a5437d39cfa5059d896 (patch)
treea6c5d5f0c00201c16df59d3bbb7540883c0a4847
parentc104a284855069882e2625c57b5c2c78b0c6ba4d (diff)
Fixes nova migration
Nova migration was failing in rally sanity test. Looking at the keys nova is configured with, the newlines in the private key were being converted to spaces in hieradata, thus making the key invalid. This patch corrects the yaml so it is multiline data. Also, corrects the parameter being set to the right THT parameter and adds sshd service to the control/compute roles which is required for migration to work. JIRA: APEX-525 Change-Id: Ic57db5c0b27df2e1f584f3c1a379e067291d892d Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 8a8cb8e901db314fa59ed5275040b9e49b36663c)
-rw-r--r--apex/overcloud/overcloud_deploy.py11
-rw-r--r--build/opnfv-environment.yaml32
-rwxr-xr-xbuild/overcloud-full.sh2
3 files changed, 33 insertions, 12 deletions
diff --git a/apex/overcloud/overcloud_deploy.py b/apex/overcloud/overcloud_deploy.py
index ec07b33d..93732bf3 100644
--- a/apex/overcloud/overcloud_deploy.py
+++ b/apex/overcloud/overcloud_deploy.py
@@ -308,8 +308,7 @@ def make_ssh_key():
crypto_serialization.Encoding.OpenSSH,
crypto_serialization.PublicFormat.OpenSSH
)
- pub_key = re.sub('ssh-rsa\s*', '', public_key.decode('utf-8'))
- return private_key.decode('utf-8'), pub_key
+ return private_key.decode('utf-8'), public_key.decode('utf-8')
def prep_env(ds, ns, inv, opnfv_env, net_env, tmp_dir):
@@ -370,9 +369,13 @@ def prep_env(ds, ns, inv, opnfv_env, net_env, tmp_dir):
if 'CloudDomain' in line:
output_line = " CloudDomain: {}".format(ns['domain_name'])
elif 'replace_private_key' in line:
- output_line = " key: '{}'".format(private_key)
+ output_line = " private_key: |\n"
+ key_out = ''
+ for line in private_key.splitlines():
+ key_out += " {}\n".format(line)
+ output_line += key_out
elif 'replace_public_key' in line:
- output_line = " key: '{}'".format(public_key)
+ output_line = " public_key: '{}'".format(public_key)
if ds_opts['sdn_controller'] == 'opendaylight' and \
'odl_vpp_routing_node' in ds_opts:
diff --git a/build/opnfv-environment.yaml b/build/opnfv-environment.yaml
index a2732659..9d049028 100644
--- a/build/opnfv-environment.yaml
+++ b/build/opnfv-environment.yaml
@@ -27,14 +27,32 @@ parameter_defaults:
# NeutronDpdkMemoryChannels:
# ControllerExtraConfig:
# NovaComputeExtraConfig:
+ MigrationSshKey:
+ public_key: replace_public_key
+ private_key: replace_private_key
+ SshServerOptions:
+ HostKey:
+ - '/etc/ssh/ssh_host_rsa_key'
+ - '/etc/ssh/ssh_host_ecdsa_key'
+ - '/etc/ssh/ssh_host_ed25519_key'
+ SyslogFacility: 'AUTHPRIV'
+ AuthorizedKeysFile: '.ssh/authorized_keys'
+ PasswordAuthentication: 'no'
+ ChallengeResponseAuthentication: 'no'
+ GSSAPIAuthentication: 'no'
+ GSSAPICleanupCredentials: 'no'
+ UsePAM: 'yes'
+ X11Forwarding: 'yes'
+ UsePrivilegeSeparation: 'sandbox'
+ AcceptEnv:
+ - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
+ - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
+ - 'LC_IDENTIFICATION LC_ALL LANGUAGE'
+ - 'XMODIFIERS'
+ Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
+ UseDNS: 'no'
ExtraConfig:
tripleo::ringbuilder::build_ring: false
- nova::nova_public_key:
- type: 'ssh-rsa'
- replace_public_key:
- nova::nova_private_key:
- type: 'ssh-rsa'
- replace_private_key:
nova::policy::policies:
nova-os_compute_api:servers:show:host_status:
key: 'os_compute_api:servers:show:host_status'
@@ -51,6 +69,7 @@ parameter_defaults:
# value updated via lib/overcloud-deploy-functions.sh
# opendaylight::vpp_routing_node: overcloud-novacompute-0.opnfvlf.org
ControllerServices:
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
@@ -135,6 +154,7 @@ parameter_defaults:
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::NeutronBgpVpnApi
ComputeServices:
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Barometer
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient
diff --git a/build/overcloud-full.sh b/build/overcloud-full.sh
index 1bf4bb42..006dc8f9 100755
--- a/build/overcloud-full.sh
+++ b/build/overcloud-full.sh
@@ -56,8 +56,6 @@ LIBGUESTFS_BACKEND=direct virt-customize \
--run-command "cd /usr/lib/python2.7/site-packages/ && rm -rf os_net_config && tar xzf apex-os-net-config.tar.gz" \
--run-command "if ! rpm -qa | grep python-redis; then yum install -y python-redis; fi" \
--install epel-release \
- --run-command "sed -i 's/^#UseDNS.*$/UseDNS no/' /etc/ssh/sshd_config" \
- --run-command "sed -i 's/^GSSAPIAuthentication.*$/GSSAPIAuthentication no/' /etc/ssh/sshd_config" \
--install unzip \
--upload ${BUILD_DIR}/vsperf.tar.gz:/var/opt \
--run-command "cd /var/opt && tar xzf vsperf.tar.gz" \