diff options
12 files changed, 16 insertions, 53 deletions
diff --git a/ci/deploy.sh b/ci/deploy.sh index ed438324b..c883616f1 100755 --- a/ci/deploy.sh +++ b/ci/deploy.sh @@ -280,6 +280,10 @@ eval "$(parse_yaml "${SCENARIO_DIR}/defaults-$(uname -i).yaml")" eval "$(parse_yaml "${SCENARIO_DIR}/${DEPLOY_SCENARIO}.yaml")" export CLUSTER_DOMAIN=${cluster_domain} +# key might not exist yet ... +generate_ssh_key +export MAAS_SSH_KEY="$(cat "$(basename "${SSH_KEY}").pub")" + # Expand jinja2 templates based on PDF data and env vars do_templates "${REPO_ROOT_PATH}" "${STORAGE_DIR}" "${TARGET_LAB}" \ "${TARGET_POD}" "${BASE_CONFIG_URI}" @@ -336,7 +340,6 @@ elif [ ${USE_EXISTING_INFRA} -gt 0 ]; then notify "[NOTE] Use existing infra" 2 check_connection else - generate_ssh_key prepare_vms "${base_image}" "${STORAGE_DIR}" "${virtual_repos_pkgs}" \ "${virtual_nodes[@]}" create_networks "${OPNFV_BRIDGES[@]}" diff --git a/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch b/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch deleted file mode 100644 index a4fb44b05..000000000 --- a/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch +++ /dev/null @@ -1,45 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2017 Mirantis Inc., Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Charalampos Kominos <Charalampos.Kominos@enea.com> -Date: Sat, 5 Aug 2017 02:03:01 +0200 -Subject: [PATCH] maas: region: use authorized_keys 1st entry - -MaaS custom py modules accepts the "sshprefs" variable via pillar, -however we want to read it from ~ubuntu/.ssh/authorized_keys. - -Bypass the py module and call MaaS CLI directly, passing the first -authorized key, which should be mcp.rsa.pub. - -Signed-off-by: Charalampos Kominos <Charalampos.Kominos@enea.com> ---- - -diff --git a/maas/region.sls b/maas/region.sls ---- a/maas/region.sls -+++ b/maas/region.sls -@@ -242,12 +242,16 @@ - - require: - - module: maas_config - --{%- if region.get('sshprefs', False) %} - maas_sshprefs: -- module.run: -- - name: maas.process_sshprefs -+# NOTE(armband): maas.process_sshprefs also works, but we need to read the key -+# from authorized_keys. Should be reworked at some point. -+# module.run: -+# - name: maas.process_sshprefs -+# - require: -+ cmd.run: -+ - name: "maas login {{ region.admin.username }} http://{{ region.bind.host }}:5240/MAAS/api/2.0 - < /var/lib/maas/.maas_credentials && SSH_KEY=$(cat authorized_keys | head -1) && (maas opnfv sshkeys read | grep -q \"$SSH_KEY\" || maas opnfv sshkeys create \"key=$SSH_KEY\")" -+ - cwd: "/home/ubuntu/.ssh" - - require: - - module: maas_config --{%- endif %} - - {%- endif %} diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list index 703bd0587..1b500254d 100644 --- a/mcp/patches/patches.list +++ b/mcp/patches/patches.list @@ -8,7 +8,6 @@ /usr/share/salt-formulas/env: 0001-opendaylight-formula-neutron.patch /usr/share/salt-formulas/env: 0002-maas-region-skip-credentials-update.patch /usr/share/salt-formulas/env: 0003-maas-region-force-artifact-download.patch -/usr/share/salt-formulas/env: 0004-maas-region-use-authorized_keys-1st-entry.patch /usr/share/salt-formulas/env: 0005-maas-module-Obtain-fabric-ID-from-CIDR.patch /usr/share/salt-formulas/env: 0006-maas-module-Add-VLAN-DHCP-enable-support.patch /usr/share/salt-formulas/env: 0007-network.interface-Fix-ifup-OVS-port-with-route.patch diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-pike-common-ha/include/lab_proxy_pdf.yml.j2 index 0e95d2d1d..0e95d2d1d 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/include/lab_proxy_pdf.yml.j2 diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/include/proxy.yml b/mcp/reclass/classes/cluster/mcp-pike-common-ha/include/maas_proxy.yml index 3c324db8b..3c324db8b 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/include/proxy.yml +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/include/maas_proxy.yml diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/config.yml b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/config.yml index 0fb8e6418..5e416c907 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/config.yml +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/config.yml @@ -25,7 +25,7 @@ classes: # - system.reclass.storage.system.stacklight_monitor_cluster # - system.reclass.storage.system.stacklight_telemetry_cluster - system.reclass.storage.system.infra_maas_single - - cluster.mcp-pike-common-ha.infra.lab_proxy_pdf + - cluster.mcp-pike-common-ha.include.lab_proxy_pdf parameters: _param: salt_master_base_environment: prd diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/kvm.yml b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/kvm.yml index 9f85366c8..b6fb573e8 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/kvm.yml +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/kvm.yml @@ -22,7 +22,8 @@ classes: # - system.salt.control.cluster.stacklight_log_cluster # - system.salt.control.cluster.stacklight_telemetry_cluster - cluster.mcp-pike-common-ha.infra.kvm_pdf - - cluster.mcp-pike-common-ha.include.proxy + - cluster.mcp-pike-common-ha.include.maas_proxy + - cluster.mcp-pike-common-ha.include.lab_proxy_pdf parameters: _param: linux_system_codename: xenial diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas.yml index 3dc99983c..438915c1f 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas.yml +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas.yml @@ -9,7 +9,7 @@ classes: - system.maas.region.single - service.maas.cluster.single - - cluster.mcp-pike-common-ha.infra.lab_proxy_pdf + - cluster.mcp-pike-common-ha.include.lab_proxy_pdf - cluster.mcp-pike-common-ha.infra.maas_pdf parameters: _param: diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 index a875993e3..cff6d9b30 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 @@ -9,6 +9,8 @@ parameters: maas: region: + sshprefs: + - '{{ conf.MAAS_SSH_KEY }}' machines: {%- set pxe_interface = conf.idf.net_config.admin.interface %} {#- We only support exactly 5 nodes for now, hardcoded order #} diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_compute.yml index 2e79f808e..aed8bcb57 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_compute.yml +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_compute.yml @@ -18,7 +18,8 @@ classes: - system.cinder.volume.backend.lvm - system.ceilometer.agent.cluster - cluster.mcp-pike-common-ha.openstack_compute_pdf - - cluster.mcp-pike-common-ha.include.proxy + - cluster.mcp-pike-common-ha.include.maas_proxy + - cluster.mcp-pike-common-ha.include.lab_proxy_pdf parameters: _param: cluster_vip_address: ${_param:openstack_control_address} diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_interface_vcp_biport.yml b/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_interface_vcp_biport.yml index 572aa7d25..1a3a8c112 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_interface_vcp_biport.yml +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_interface_vcp_biport.yml @@ -7,7 +7,8 @@ ############################################################################## --- classes: - - cluster.mcp-pike-common-ha.include.proxy + - cluster.mcp-pike-common-ha.include.maas_proxy + - cluster.mcp-pike-common-ha.include.lab_proxy_pdf parameters: _param: dhcp_nic: ${_param:opnfv_vcp_vm_primary_interface} diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_interface_vcp_triport.yml b/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_interface_vcp_triport.yml index c1fd625bc..d274ecd87 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_interface_vcp_triport.yml +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/openstack_interface_vcp_triport.yml @@ -7,7 +7,8 @@ ############################################################################## --- classes: - - cluster.mcp-pike-common-ha.include.proxy + - cluster.mcp-pike-common-ha.include.maas_proxy + - cluster.mcp-pike-common-ha.include.lab_proxy_pdf parameters: _param: dhcp_nic: ${_param:opnfv_vcp_vm_primary_interface} |