diff options
| author |   Dimitri Mazmanov <dimitri.mazmanov@ericsson.com> | 2016-11-28 13:25:54 +0100 |
|---|---|---|
| committer | Dimitri Mazmanov <dimitri.mazmanov@ericsson.com> | 2017-01-23 11:13:10 +0100 |
| commit | e7fe8818ece870b88556f7bad78b589b26d19151 (patch) | |
| tree | 874f74b7b7d59b3a432fdebb9041a78ad346af26 /tools/keystone/writepass.sh | |
| parent | 60dca59ac451300fae214776e82a068b2e8607da (diff) | |
Common auth configuration for Mulsite deployment
This set of scripts is used to configure centralized Keystone
across multiple regions. Each script is executed during a certain stage
of the automated multisite deployment setup via Jenkins [1].
region.sh - registers new endpoints in Keystone tagging them with
RegionTwo.
fetchpass.sh - reads service passwords in the master region and stores
them in an encrypted file.
endpoint.sh - reads the public_url, private_url and admin_url from
RegionTwo and stores it in a file to be used during region registration
phase.
run.sh - is a generic proxy runner which triggers execution of any
runnable on a target node (compute|controller).
writepass.sh - updates service password entries in the configuration
files for RegionTwo.
[1]
https://wiki.opnfv.org/display/multisite/Multisite+Deployment+Environment
Change-Id: If2c91600237003a13cc0dc822924ab8d27ce202c
Signed-off-by: Dimitri Mazmanov <dimitri.mazmanov@ericsson.com>
Diffstat (limited to 'tools/keystone/writepass.sh')
| -rwxr-xr-x | tools/keystone/writepass.sh | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/tools/keystone/writepass.sh b/tools/keystone/writepass.sh new file mode 100755 index 0000000..2b0a965 --- /dev/null +++ b/tools/keystone/writepass.sh @@ -0,0 +1,130 @@ +#!/bin/bash +# +# Author: Dimitri Mazmanov (dimitri.mazmanov@ericsson.com) +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +# + +set -o xtrace +set -o errexit +set -o nounset +set -o pipefail + +PASSWORD_FILE_ENC="servicepass.ini" +PASSWORD_FILE="/root/passwords.ini" + +function ini_has_option { + local file=$1 + local section=$2 + local option=$3 + local line + line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file") + [ -n "$line" ] +} + +# Get an option from an INI file +# iniget config-file section option +function iniget { + local xtrace + xtrace=$(set +o | grep xtrace) + set +o xtrace + local file=$1 + local section=$2 + local option=$3 + local line + + line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file") + echo ${line#*=} + $xtrace +} + +# Set an option in an INI file +# iniset [-sudo] config-file section option value +# - if the file does not exist, it is created +function iniset { + local file=$1 + local section=$2 + local option=$3 + local value=$4 + + [[ -z $section || -z $option ]] && return + + if ! grep -q "^\[$section\]" "$file" 2>/dev/null; then + echo -e "\n[$section]" >>"$file" + fi + if ! ini_has_option "$file" "$section" "$option"; then + sed -i -e "/^\[$section\]/ a\\ +$option = $value +" "$file" + else + local sep=$(echo -ne "\x01") + # Replace it + sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file" + fi +} + +function decode_passwords() { + openssl enc -aes-256-cbc -d -a -in ${PASSWORD_FILE_ENC} -out /root/passwords.ini -k multisite +} + +function write_controller() { + # For each slave region the following files must be updated on each controller. + iniset "/etc/glance/glance-registry.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT glance_password) + iniset "/etc/glance/glance-api.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT glance_password) + iniset "/etc/glance/glance-glare.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT glare_password) + iniset "/etc/heat/heat.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT heat_password) + iniset "/etc/nova/nova.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT nova_password) + iniset "/etc/nova/nova.conf" neutron password $(iniget ${PASSWORD_FILE} DEFAULT neutron_password) + iniset "/etc/cinder/cinder.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT cinder_password) + iniset "/etc/neutron/neutron.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT neutron_password) + iniset "/etc/ceilometer/ceilometer.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT ceilometer_password) + iniset "/etc/aodh/aodh.conf" keystone_authtoken password $(iniget ${PASSWORD_FILE} DEFAULT aodh_password) +} + +function restart_controller() { + service nova-api restart + service nova-cert restart + service nova-conductor restart + service nova-novncproxy restart + service nova-consoleauth restart + + service neutron-server restart + service heat-api restart + service heat-engine restart + service glance-api restart + service glance-registry restart + service glance-glare restart + + service cinder-api restart + service cinder-volume restart + service cinder-scheduler restart + service cinder-backup restart + + # corosync resources + crm resource restart p_ceilometer-agent-central + crm resource restart p_aodh-evaluator +} + +function write_compute() { + iniset "/etc/nova/nova.conf" neutron password $(iniget ${PASSWORD_FILE} DEFAULT neutron_password) +} + +function restart_compute() { + service nova-compute restart +} + +#begin +decode_passwords + +# are we on the controller? +if pgrep -f nova-api > /dev/null +then + write_controller + restart_controller +else + write_compute + restart_compute +fi |