summaryrefslogtreecommitdiffstats
path: root/tools/keystone/writepass.sh
diff options
context:
space:
mode:
authorDimitri Mazmanov <dimitri.mazmanov@ericsson.com>2016-11-28 13:25:54 +0100
committerDimitri Mazmanov <dimitri.mazmanov@ericsson.com>2017-01-23 11:13:10 +0100
commite7fe8818ece870b88556f7bad78b589b26d19151 (patch)
tree874f74b7b7d59b3a432fdebb9041a78ad346af26 /tools/keystone/writepass.sh
parent60dca59ac451300fae214776e82a068b2e8607da (diff)
Common auth configuration for Mulsite deployment
This set of scripts is used to configure centralized Keystone across multiple regions. Each script is executed during a certain stage of the automated multisite deployment setup via Jenkins [1]. region.sh - registers new endpoints in Keystone tagging them with RegionTwo. fetchpass.sh - reads service passwords in the master region and stores them in an encrypted file. endpoint.sh - reads the public_url, private_url and admin_url from RegionTwo and stores it in a file to be used during region registration phase. run.sh - is a generic proxy runner which triggers execution of any runnable on a target node (compute|controller). writepass.sh - updates service password entries in the configuration files for RegionTwo. [1] https://wiki.opnfv.org/display/multisite/Multisite+Deployment+Environment Change-Id: If2c91600237003a13cc0dc822924ab8d27ce202c Signed-off-by: Dimitri Mazmanov <dimitri.mazmanov@ericsson.com>
Diffstat (limited to 'tools/keystone/writepass.sh')
-rwxr-xr-xtools/keystone/writepass.sh130
1 files changed, 130 insertions, 0 deletions
diff --git a/tools/keystone/writepass.sh b/tools/keystone/writepass.sh
new file mode 100755
index 0000000..2b0a965
--- /dev/null
+++ b/tools/keystone/writepass.sh
@@ -0,0 +1,130 @@
+#!/bin/bash
+#
+# Author: Dimitri Mazmanov (dimitri.mazmanov@ericsson.com)
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+
+set -o xtrace
+set -o errexit
+set -o nounset
+set -o pipefail
+
+PASSWORD_FILE_ENC="servicepass.ini"
+PASSWORD_FILE="/root/passwords.ini"
+
+function ini_has_option {
+ local file=$1
+ local section=$2
+ local option=$3
+ local line
+ line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
+ [ -n "$line" ]
+}
+
+# Get an option from an INI file
+# iniget config-file section option
+function iniget {
+ local xtrace
+ xtrace=$(set +o | grep xtrace)
+ set +o xtrace
+ local file=$1
+ local section=$2
+ local option=$3
+ local line
+
+ line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
+ echo ${line#*=}
+ $xtrace
+}
+
+# Set an option in an INI file
+# iniset [-sudo] config-file section option value
+# - if the file does not exist, it is created
+function iniset {
+ local file=$1
+ local section=$2
+ local option=$3
+ local value=$4
+
+ [[ -z $section || -z $option ]] && return
+
+ if ! grep -q "^\[$section\]" "$file" 2>/dev/null; then
+ echo -e "\n[$section]" >>"$file"
+ fi
+ if ! ini_has_option "$file" "$section" "$option"; then
+ sed -i -e "/^\[$section\]/ a\\
+$option = $value
+" "$file"
+ else
+ local sep=$(echo -ne "\x01")
+ # Replace it
+ sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file"
+ fi
+}
+
+function decode_passwords() {
+ openssl enc -aes-256-cbc -d -a -in ${PASSWORD_FILE_ENC} -out /root/passwords.ini -k multisite
+}
+
+function write_controller() {
+ # For each slave region the following files must be updated on each controller.
+ iniset "/etc/glance/glance-registry.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT glance_password)
+ iniset "/etc/glance/glance-api.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT glance_password)
+ iniset "/etc/glance/glance-glare.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT glare_password)
+ iniset "/etc/heat/heat.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT heat_password)
+ iniset "/etc/nova/nova.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT nova_password)
+ iniset "/etc/nova/nova.conf" neutron password $(iniget ${PASSWORD_FILE} DEFAULT neutron_password)
+ iniset "/etc/cinder/cinder.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT cinder_password)
+ iniset "/etc/neutron/neutron.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT neutron_password)
+ iniset "/etc/ceilometer/ceilometer.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT ceilometer_password)
+ iniset "/etc/aodh/aodh.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT aodh_password)
+}
+
+function restart_controller() {
+ service nova-api restart
+ service nova-cert restart
+ service nova-conductor restart
+ service nova-novncproxy restart
+ service nova-consoleauth restart
+
+ service neutron-server restart
+ service heat-api restart
+ service heat-engine restart
+ service glance-api restart
+ service glance-registry restart
+ service glance-glare restart
+
+ service cinder-api restart
+ service cinder-volume restart
+ service cinder-scheduler restart
+ service cinder-backup restart
+
+ # corosync resources
+ crm resource restart p_ceilometer-agent-central
+ crm resource restart p_aodh-evaluator
+}
+
+function write_compute() {
+ iniset "/etc/nova/nova.conf" neutron password $(iniget ${PASSWORD_FILE} DEFAULT neutron_password)
+}
+
+function restart_compute() {
+ service nova-compute restart
+}
+
+#begin
+decode_passwords
+
+# are we on the controller?
+if pgrep -f nova-api > /dev/null
+then
+ write_controller
+ restart_controller
+else
+ write_compute
+ restart_compute
+fi