Add functionality to create Salt keypairs
Create Salt key pair if needed Move Salt key pair creation above bootstrap_server Pre-seed Salt Minion keys Use fqdn instead of cert name. Set the Minion ID to be the fqdn Logic improvements in add_salt_keypair Use proper splitext, some suggested fixes Remove minion_id definition. Let fqdn define minion id Change-Id: I74e5ffb1a414ee61f1214332be34b5ed0fd26e95 Reviewed-on: https://review.openstack.org/26046 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Nicolas Simonds <nic@metacloud.com> Reviewed-by: Anita Kuno <anita.kuno@enovance.com> Reviewed-by: Matthew Sherborne <msherborne+openstack@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
This commit is contained in:
David Boucha
Jenkins
parent
05cd301f8b
commit
e8862b1d1a
@ -28,6 +28,7 @@ import socket
|
|||||||
import argparse
|
import argparse
|
||||||
import utils
|
import utils
|
||||||
import dns
|
import dns
|
||||||
|
import shutil
|
||||||
|
|
||||||
NOVA_USERNAME=os.environ['OS_USERNAME']
|
NOVA_USERNAME=os.environ['OS_USERNAME']
|
||||||
NOVA_PASSWORD=os.environ['OS_PASSWORD']
|
NOVA_PASSWORD=os.environ['OS_PASSWORD']
|
||||||
@ -37,6 +38,10 @@ NOVA_REGION_NAME=os.environ['OS_REGION_NAME']
|
|||||||
|
|
||||||
SCRIPT_DIR = os.path.dirname(sys.argv[0])
|
SCRIPT_DIR = os.path.dirname(sys.argv[0])
|
||||||
|
|
||||||
|
SALT_MASTER_PKI = os.environ.get('SALT_MASTER_PKI', '/etc/salt/pki/master')
|
||||||
|
SALT_MINION_PKI = os.environ.get('SALT_MINION_PKI', '/etc/salt/pki/minion')
|
||||||
|
|
||||||
|
|
||||||
def get_client():
|
def get_client():
|
||||||
args = [NOVA_USERNAME, NOVA_PASSWORD, NOVA_PROJECT_ID, NOVA_URL]
|
args = [NOVA_USERNAME, NOVA_PASSWORD, NOVA_PROJECT_ID, NOVA_URL]
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
@ -46,7 +51,8 @@ def get_client():
|
|||||||
client = Client(*args, **kwargs)
|
client = Client(*args, **kwargs)
|
||||||
return client
|
return client
|
||||||
|
|
||||||
def bootstrap_server(server, admin_pass, key, cert, environment):
|
def bootstrap_server(server, admin_pass, key, cert, environment, name,
|
||||||
|
salt_priv, salt_pub):
|
||||||
client = server.manager.api
|
client = server.manager.api
|
||||||
ip = utils.get_public_ip(server)
|
ip = utils.get_public_ip(server)
|
||||||
if not ip:
|
if not ip:
|
||||||
@ -87,6 +93,16 @@ def bootstrap_server(server, admin_pass, key, cert, environment):
|
|||||||
ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys")
|
ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys")
|
||||||
ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys")
|
ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys")
|
||||||
|
|
||||||
|
|
||||||
|
# Assuming salt-master is running on the puppetmaster
|
||||||
|
shutil.copyfile(salt_pub,
|
||||||
|
os.path.join(SALT_MASTER_PKI, 'minions', name))
|
||||||
|
ssh_client.ssh('mkdir -p {0}'.format(SALT_MINION_PKI))
|
||||||
|
ssh_client.scp(salt_pub,
|
||||||
|
os.path.join(SALT_MINION_PKI, 'minion.pub'))
|
||||||
|
ssh_client.scp(salt_priv,
|
||||||
|
os.path.join(SALT_MINION_PKI, 'minion.pem'))
|
||||||
|
|
||||||
for ssldir in ['/var/lib/puppet/ssl/certs/',
|
for ssldir in ['/var/lib/puppet/ssl/certs/',
|
||||||
'/var/lib/puppet/ssl/private_keys/',
|
'/var/lib/puppet/ssl/private_keys/',
|
||||||
'/var/lib/puppet/ssl/public_keys/']:
|
'/var/lib/puppet/ssl/public_keys/']:
|
||||||
@ -125,10 +141,12 @@ def build_server(client, name, image, flavor, cert, environment):
|
|||||||
traceback.print_exc()
|
traceback.print_exc()
|
||||||
raise
|
raise
|
||||||
|
|
||||||
|
salt_priv, salt_pub = utils.add_salt_keypair(SALT_MASTER_PKI, name, 2048)
|
||||||
try:
|
try:
|
||||||
admin_pass = server.adminPass
|
admin_pass = server.adminPass
|
||||||
server = utils.wait_for_resource(server)
|
server = utils.wait_for_resource(server)
|
||||||
bootstrap_server(server, admin_pass, key, cert, environment)
|
bootstrap_server(server, admin_pass, key, cert, environment, name,
|
||||||
|
salt_priv, salt_pub)
|
||||||
print('UUID=%s\nIPV4=%s\nIPV6=%s\n' % (server.id,
|
print('UUID=%s\nIPV4=%s\nIPV6=%s\n' % (server.id,
|
||||||
server.accessIPv4,
|
server.accessIPv4,
|
||||||
server.accessIPv6))
|
server.accessIPv6))
|
||||||
|
|||||||
@ -29,6 +29,7 @@ import os
|
|||||||
import traceback
|
import traceback
|
||||||
import paramiko
|
import paramiko
|
||||||
import socket
|
import socket
|
||||||
|
import salt.crypt
|
||||||
from sshclient import SSHClient
|
from sshclient import SSHClient
|
||||||
|
|
||||||
|
|
||||||
@ -124,6 +125,25 @@ def add_keypair(client, name):
|
|||||||
kp = client.keypairs.create(name, public_key)
|
kp = client.keypairs.create(name, public_key)
|
||||||
return key, kp
|
return key, kp
|
||||||
|
|
||||||
|
def add_salt_keypair(keydir, keyname, keysize=2048):
|
||||||
|
'''
|
||||||
|
Generate a key pair for use with Salt
|
||||||
|
'''
|
||||||
|
salt_priv = '{0}.pem'.format(keyname)
|
||||||
|
salt_pub = '{0}.pub'.format(keyname)
|
||||||
|
priv_key = os.path.join(keydir, salt_priv)
|
||||||
|
pub_key = os.path.join(keydir, salt_pub)
|
||||||
|
if not os.path.exists(priv_key) or \
|
||||||
|
not os.path.exists(pub_key):
|
||||||
|
try:
|
||||||
|
os.makedirs(keydir)
|
||||||
|
except OSError:
|
||||||
|
pass
|
||||||
|
priv_key = salt.crypt.gen_keys(keydir, keyname, keysize)
|
||||||
|
path, ext = os.path.splitext(priv_key)
|
||||||
|
pub_key = '{0}.pub'.format(path)
|
||||||
|
return priv_key, pub_key
|
||||||
|
|
||||||
def wait_for_resource(wait_resource):
|
def wait_for_resource(wait_resource):
|
||||||
last_progress = None
|
last_progress = None
|
||||||
last_status = None
|
last_status = None
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user