From af65ce60c5ab69816cbe8b4c1c7b4c5922304205 Mon Sep 17 00:00:00 2001 From: Alexandru Avadanii Date: Tue, 13 Feb 2018 03:34:10 +0100 Subject: [patch] MaaS: mcp.rsa.pub to auth keys via pillar Drop one questionable patch responsible for MaaS node authorized keys to include mcp.rsa.pub by reading the contents of authorized keys on mas01, assuming mcp.rsa.pub will be on the first line. Instead, export the contents of the public key using a shell env var during deploy, which gets expanded via maas_pdf j2 template into a reclass param, leveraging existing salt-formula-maas sshprefs mechanism for delivering the key to MaaS. Since we require the public key to exist before expanding templates, move `generate_ssh_key` call outside the current infrastructure handling block, allowing it to execute during all `deploy.sh` calls, even for dry-runs. Change-Id: I0f53b0f764a2fafd292e0ffd399c284acf61bd30 Signed-off-by: Alexandru Avadanii --- ...maas-region-use-authorized_keys-1st-entry.patch | 45 ---------------------- 1 file changed, 45 deletions(-) delete mode 100644 mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch (limited to 'mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch') diff --git a/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch b/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch deleted file mode 100644 index a4fb44b05..000000000 --- a/mcp/patches/0004-maas-region-use-authorized_keys-1st-entry.patch +++ /dev/null @@ -1,45 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2017 Mirantis Inc., Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Charalampos Kominos -Date: Sat, 5 Aug 2017 02:03:01 +0200 -Subject: [PATCH] maas: region: use authorized_keys 1st entry - -MaaS custom py modules accepts the "sshprefs" variable via pillar, -however we want to read it from ~ubuntu/.ssh/authorized_keys. - -Bypass the py module and call MaaS CLI directly, passing the first -authorized key, which should be mcp.rsa.pub. - -Signed-off-by: Charalampos Kominos ---- - -diff --git a/maas/region.sls b/maas/region.sls ---- a/maas/region.sls -+++ b/maas/region.sls -@@ -242,12 +242,16 @@ - - require: - - module: maas_config - --{%- if region.get('sshprefs', False) %} - maas_sshprefs: -- module.run: -- - name: maas.process_sshprefs -+# NOTE(armband): maas.process_sshprefs also works, but we need to read the key -+# from authorized_keys. Should be reworked at some point. -+# module.run: -+# - name: maas.process_sshprefs -+# - require: -+ cmd.run: -+ - name: "maas login {{ region.admin.username }} http://{{ region.bind.host }}:5240/MAAS/api/2.0 - < /var/lib/maas/.maas_credentials && SSH_KEY=$(cat authorized_keys | head -1) && (maas opnfv sshkeys read | grep -q \"$SSH_KEY\" || maas opnfv sshkeys create \"key=$SSH_KEY\")" -+ - cwd: "/home/ubuntu/.ssh" - - require: - - module: maas_config --{%- endif %} - - {%- endif %} -- cgit 1.2.3-korg