diff options
author | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-02-19 12:22:19 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@opnfv.org> | 2018-02-19 12:22:19 +0000 |
commit | 00839253ec6cc31fdabe7cacdc23b9ffadfb2bba (patch) | |
tree | 2507df769d44a37f4b98d95ee78de0cfca48fc3a | |
parent | 30993030ea4b5a35ab4ae9d0aeb6be85c1e259c3 (diff) | |
parent | af65ce60c5ab69816cbe8b4c1c7b4c5922304205 (diff) |
Merge "[patch] MaaS: mcp.rsa.pub to auth keys via pillar"
-rwxr-xr-x | ci/deploy.sh | 5 | ||||
-rw-r--r-- | mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch | 45 | ||||
-rw-r--r-- | mcp/patches/patches.list | 1 | ||||
-rw-r--r-- | mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 | 2 |
4 files changed, 6 insertions, 47 deletions
diff --git a/ci/deploy.sh b/ci/deploy.sh index ed438324b..c883616f1 100755 --- a/ci/deploy.sh +++ b/ci/deploy.sh @@ -280,6 +280,10 @@ eval "$(parse_yaml "${SCENARIO_DIR}/defaults-$(uname -i).yaml")" eval "$(parse_yaml "${SCENARIO_DIR}/${DEPLOY_SCENARIO}.yaml")" export CLUSTER_DOMAIN=${cluster_domain} +# key might not exist yet ... +generate_ssh_key +export MAAS_SSH_KEY="$(cat "$(basename "${SSH_KEY}").pub")" + # Expand jinja2 templates based on PDF data and env vars do_templates "${REPO_ROOT_PATH}" "${STORAGE_DIR}" "${TARGET_LAB}" \ "${TARGET_POD}" "${BASE_CONFIG_URI}" @@ -336,7 +340,6 @@ elif [ ${USE_EXISTING_INFRA} -gt 0 ]; then notify "[NOTE] Use existing infra" 2 check_connection else - generate_ssh_key prepare_vms "${base_image}" "${STORAGE_DIR}" "${virtual_repos_pkgs}" \ "${virtual_nodes[@]}" create_networks "${OPNFV_BRIDGES[@]}" diff --git a/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch b/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch deleted file mode 100644 index a4fb44b05..000000000 --- a/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch +++ /dev/null @@ -1,45 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2017 Mirantis Inc., Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Charalampos Kominos <Charalampos.Kominos@enea.com> -Date: Sat, 5 Aug 2017 02:03:01 +0200 -Subject: [PATCH] maas: region: use authorized_keys 1st entry - -MaaS custom py modules accepts the "sshprefs" variable via pillar, -however we want to read it from ~ubuntu/.ssh/authorized_keys. - -Bypass the py module and call MaaS CLI directly, passing the first -authorized key, which should be mcp.rsa.pub. - -Signed-off-by: Charalampos Kominos <Charalampos.Kominos@enea.com> ---- - -diff --git a/maas/region.sls b/maas/region.sls ---- a/maas/region.sls -+++ b/maas/region.sls -@@ -242,12 +242,16 @@ - - require: - - module: maas_config - --{%- if region.get('sshprefs', False) %} - maas_sshprefs: -- module.run: -- - name: maas.process_sshprefs -+# NOTE(armband): maas.process_sshprefs also works, but we need to read the key -+# from authorized_keys. Should be reworked at some point. -+# module.run: -+# - name: maas.process_sshprefs -+# - require: -+ cmd.run: -+ - name: "maas login {{ region.admin.username }} http://{{ region.bind.host }}:5240/MAAS/api/2.0 - < /var/lib/maas/.maas_credentials && SSH_KEY=$(cat authorized_keys | head -1) && (maas opnfv sshkeys read | grep -q \"$SSH_KEY\" || maas opnfv sshkeys create \"key=$SSH_KEY\")" -+ - cwd: "/home/ubuntu/.ssh" - - require: - - module: maas_config --{%- endif %} - - {%- endif %} diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list index 703bd0587..1b500254d 100644 --- a/mcp/patches/patches.list +++ b/mcp/patches/patches.list @@ -8,7 +8,6 @@ /usr/share/salt-formulas/env: 0001-opendaylight-formula-neutron.patch /usr/share/salt-formulas/env: 0002-maas-region-skip-credentials-update.patch /usr/share/salt-formulas/env: 0003-maas-region-force-artifact-download.patch -/usr/share/salt-formulas/env: 0004-maas-region-use-authorized_keys-1st-entry.patch /usr/share/salt-formulas/env: 0005-maas-module-Obtain-fabric-ID-from-CIDR.patch /usr/share/salt-formulas/env: 0006-maas-module-Add-VLAN-DHCP-enable-support.patch /usr/share/salt-formulas/env: 0007-network.interface-Fix-ifup-OVS-port-with-route.patch diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 index a875993e3..cff6d9b30 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 @@ -9,6 +9,8 @@ parameters: maas: region: + sshprefs: + - '{{ conf.MAAS_SSH_KEY }}' machines: {%- set pxe_interface = conf.idf.net_config.admin.interface %} {#- We only support exactly 5 nodes for now, hardcoded order #} |