From e8862b1d1aa1d48397786c015c8e4b06960a4503 Mon Sep 17 00:00:00 2001 From: David Boucha Date: Wed, 3 Apr 2013 14:47:16 -0600 Subject: [PATCH] Add functionality to create Salt keypairs Create Salt key pair if needed Move Salt key pair creation above bootstrap_server Pre-seed Salt Minion keys Use fqdn instead of cert name. Set the Minion ID to be the fqdn Logic improvements in add_salt_keypair Use proper splitext, some suggested fixes Remove minion_id definition. Let fqdn define minion id Change-Id: I74e5ffb1a414ee61f1214332be34b5ed0fd26e95 Reviewed-on: https://review.openstack.org/26046 Reviewed-by: James E. Blair Reviewed-by: Nicolas Simonds Reviewed-by: Anita Kuno Reviewed-by: Matthew Sherborne Reviewed-by: Clark Boylan Approved: Jeremy Stanley Reviewed-by: Jeremy Stanley Tested-by: Jenkins --- launch/launch-node.py | 22 ++++++++++++++++++++-- launch/utils.py | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/launch/launch-node.py b/launch/launch-node.py index 0af7da213b..6ff1f56d34 100755 --- a/launch/launch-node.py +++ b/launch/launch-node.py @@ -28,6 +28,7 @@ import socket import argparse import utils import dns +import shutil NOVA_USERNAME=os.environ['OS_USERNAME'] NOVA_PASSWORD=os.environ['OS_PASSWORD'] @@ -37,6 +38,10 @@ NOVA_REGION_NAME=os.environ['OS_REGION_NAME'] SCRIPT_DIR = os.path.dirname(sys.argv[0]) +SALT_MASTER_PKI = os.environ.get('SALT_MASTER_PKI', '/etc/salt/pki/master') +SALT_MINION_PKI = os.environ.get('SALT_MINION_PKI', '/etc/salt/pki/minion') + + def get_client(): args = [NOVA_USERNAME, NOVA_PASSWORD, NOVA_PROJECT_ID, NOVA_URL] kwargs = {} @@ -46,7 +51,8 @@ def get_client(): client = Client(*args, **kwargs) return client -def bootstrap_server(server, admin_pass, key, cert, environment): +def bootstrap_server(server, admin_pass, key, cert, environment, name, + salt_priv, salt_pub): client = server.manager.api ip = utils.get_public_ip(server) if not ip: @@ -87,6 +93,16 @@ def bootstrap_server(server, admin_pass, key, cert, environment): ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys") ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys") + + # Assuming salt-master is running on the puppetmaster + shutil.copyfile(salt_pub, + os.path.join(SALT_MASTER_PKI, 'minions', name)) + ssh_client.ssh('mkdir -p {0}'.format(SALT_MINION_PKI)) + ssh_client.scp(salt_pub, + os.path.join(SALT_MINION_PKI, 'minion.pub')) + ssh_client.scp(salt_priv, + os.path.join(SALT_MINION_PKI, 'minion.pem')) + for ssldir in ['/var/lib/puppet/ssl/certs/', '/var/lib/puppet/ssl/private_keys/', '/var/lib/puppet/ssl/public_keys/']: @@ -125,10 +141,12 @@ def build_server(client, name, image, flavor, cert, environment): traceback.print_exc() raise + salt_priv, salt_pub = utils.add_salt_keypair(SALT_MASTER_PKI, name, 2048) try: admin_pass = server.adminPass server = utils.wait_for_resource(server) - bootstrap_server(server, admin_pass, key, cert, environment) + bootstrap_server(server, admin_pass, key, cert, environment, name, + salt_priv, salt_pub) print('UUID=%s\nIPV4=%s\nIPV6=%s\n' % (server.id, server.accessIPv4, server.accessIPv6)) diff --git a/launch/utils.py b/launch/utils.py index 399df8545a..17f16cab15 100644 --- a/launch/utils.py +++ b/launch/utils.py @@ -29,6 +29,7 @@ import os import traceback import paramiko import socket +import salt.crypt from sshclient import SSHClient @@ -124,6 +125,25 @@ def add_keypair(client, name): kp = client.keypairs.create(name, public_key) return key, kp +def add_salt_keypair(keydir, keyname, keysize=2048): + ''' + Generate a key pair for use with Salt + ''' + salt_priv = '{0}.pem'.format(keyname) + salt_pub = '{0}.pub'.format(keyname) + priv_key = os.path.join(keydir, salt_priv) + pub_key = os.path.join(keydir, salt_pub) + if not os.path.exists(priv_key) or \ + not os.path.exists(pub_key): + try: + os.makedirs(keydir) + except OSError: + pass + priv_key = salt.crypt.gen_keys(keydir, keyname, keysize) + path, ext = os.path.splitext(priv_key) + pub_key = '{0}.pub'.format(path) + return priv_key, pub_key + def wait_for_resource(wait_resource): last_progress = None last_status = None