bda35e7fd6
This change makes the nova key distribution a lot faster especially when deploying against very large clusters. The change moves away from the authorized_key module and instead generates a script with the same capabilities which is then executed. The generated script is stored in locally on the remote host at "/usr/local/bin/openstack-nova-key.sh" and can be executed at any time to fix and or clean up nova authorized key problems. Change-Id: I0d5ec9d735a104a57ec5cf7938116915af803088 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
32 lines
1010 B
Django/Jinja
32 lines
1010 B
Django/Jinja
#!/usr/bin/env bash
|
|
# Running the script:
|
|
# * The script will exit 99 if the home folder for the user set by
|
|
# "nova_system_user_name" is not found.
|
|
# * If the script adds a key to the authorized keys file it will exit 3.
|
|
# * If the script takes no action it will exit 0.
|
|
|
|
set -ex
|
|
|
|
EXIT_CODE=0
|
|
USER_HOME="$(getent passwd {{ nova_system_user_name }} | awk -F':' '{print $6}')"
|
|
|
|
[[ -d "${USER_HOME}" ]] || exit 99
|
|
if [[ ! -f "${USER_HOME}/.ssh/authorized_keys" ]]; then
|
|
touch "${USER_HOME}/.ssh/authorized_keys"
|
|
chown {{ nova_system_user_name }}:{{ nova_system_group_name }} "${USER_HOME}/.ssh/authorized_keys"
|
|
chmod 0600 "${USER_HOME}/.ssh/authorized_keys"
|
|
fi
|
|
|
|
{% for item in groups['nova_compute'] %}
|
|
{% if hostvars[item]['nova_pubkey'] is defined %}
|
|
KEY="{{ hostvars[item]['nova_pubkey'] | b64decode }}"
|
|
if ! grep -q -w "${KEY}" "${USER_HOME}/.ssh/authorized_keys"; then
|
|
echo "${KEY}" | tee -a "${USER_HOME}/.ssh/authorized_keys"
|
|
EXIT_CODE=3
|
|
fi
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
exit "${EXIT_CODE}"
|
|
|