opendev/system-config
Code Issues Proposed changes

Make salt key management on node launch optional.

Browse Source 
* launch/launch-node.py: Make salt key management when launching nodes
optional as we may not always be running salt or choose to have a node
run a salt daemon. Default to disabling management.

Change-Id: If1bf137e91d250d5c94a957ff00d19401685c730
This commit is contained in:
Clark Boylan 2013-08-26 15:25:22 -07:00
parent 77fc7f08db
commit 5a93318056
1 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
launch/launch-node.py
View File

@ -99,14 +99,15 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys") ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys")
# Assuming salt-master is running on the puppetmaster if salt_pub and salt_priv:
shutil.copyfile(salt_pub, # Assuming salt-master is running on the puppetmaster
os.path.join(SALT_MASTER_PKI, 'minions', name)) shutil.copyfile(salt_pub,
ssh_client.ssh('mkdir -p {0}'.format(SALT_MINION_PKI)) os.path.join(SALT_MASTER_PKI, 'minions', name))
ssh_client.scp(salt_pub, ssh_client.ssh('mkdir -p {0}'.format(SALT_MINION_PKI))
os.path.join(SALT_MINION_PKI, 'minion.pub')) ssh_client.scp(salt_pub,
ssh_client.scp(salt_priv, os.path.join(SALT_MINION_PKI, 'minion.pub'))
os.path.join(SALT_MINION_PKI, 'minion.pem')) ssh_client.scp(salt_priv,
os.path.join(SALT_MINION_PKI, 'minion.pem'))
for ssldir in ['/var/lib/puppet/ssl/certs/', for ssldir in ['/var/lib/puppet/ssl/certs/',
'/var/lib/puppet/ssl/private_keys/', '/var/lib/puppet/ssl/private_keys/',
@ -127,7 +128,7 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
ssh_client.ssh("reboot") ssh_client.ssh("reboot")
def build_server(client, name, image, flavor, cert, environment): def build_server(client, name, image, flavor, cert, environment, salt):
key = None key = None
server = None server = None
@ -148,7 +149,9 @@ def build_server(client, name, image, flavor, cert, environment):
traceback.print_exc() traceback.print_exc()
raise raise
salt_priv, salt_pub = utils.add_salt_keypair(SALT_MASTER_PKI, name, 2048) salt_priv, salt_pub = (None, None)
if salt:
salt_priv, salt_pub = utils.add_salt_keypair(SALT_MASTER_PKI, name, 2048)
try: try:
admin_pass = server.adminPass admin_pass = server.adminPass
server = utils.wait_for_resource(server) server = utils.wait_for_resource(server)
@ -182,6 +185,8 @@ def main():
parser.add_argument("--cert", dest="cert", parser.add_argument("--cert", dest="cert",
help="name of signed puppet certificate file (e.g., " help="name of signed puppet certificate file (e.g., "
"hostname.example.com.pem)") "hostname.example.com.pem)")
parser.add_argument("--salt", dest="salt", action="store_true",
help="Manage salt keys for this host.")
options = parser.parse_args() options = parser.parse_args()
client = get_client() client = get_client()
@ -220,7 +225,8 @@ def main():
image = images[0] image = images[0]
print "Found image", image print "Found image", image
build_server(client, options.name, image, flavor, cert, options.environment) build_server(client, options.name, image, flavor, cert,
options.environment, options.salt)
dns.print_dns(client, options.name) dns.print_dns(client, options.name)
if __name__ == '__main__': if __name__ == '__main__':