From 1fea3c06a3f64c7a9c06c04c01698808469061df Mon Sep 17 00:00:00 2001 From: Jan Provaznik Date: Fri, 23 May 2014 03:38:30 -0400 Subject: [PATCH] Generate overcloud keystone keys/certs Same keys/certs are required on all overcloud control nodes in HA mode. This script generates keys/certs and passes them as params to heat-template. Currently keys/certs are created directly on control node by command "keystone-manage pki_setup". This command is not needed now because keys/certs are provided in heat metadata for seed, undercloud and overcloud. "keystone-manage pki_setup" will be removed an upcoming patch. Relies on: Iad9c670dba0f57219f47792f44d60341ab58cdb3 Related to blueprint tripleo-icehouse-ha-production-configuration Change-Id: I6d4efa753b97bb8cdbd07b1bf7b1cd123f7a32ed --- scripts/devtest_overcloud.sh | 4 ++++ scripts/devtest_seed.sh | 4 +++- scripts/devtest_undercloud.sh | 4 ++++ scripts/setup-clienttools | 2 +- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/scripts/devtest_overcloud.sh b/scripts/devtest_overcloud.sh index 2f5b60e2..7ed30044 100755 --- a/scripts/devtest_overcloud.sh +++ b/scripts/devtest_overcloud.sh @@ -300,6 +300,10 @@ ENV_JSON=$(jq '.parameters = { jq . > "${HEAT_ENV}" <<< $ENV_JSON chmod 0600 "${HEAT_ENV}" +## #. Add Keystone certs/key into the environment file.:: + +generate-keystone-pki --heatenv $HEAT_ENV + ## #. Deploy an overcloud:: make -C $TRIPLEO_ROOT/tripleo-heat-templates overcloud.yaml \ diff --git a/scripts/devtest_seed.sh b/scripts/devtest_seed.sh index e7a13bcc..8895e6dc 100755 --- a/scripts/devtest_seed.sh +++ b/scripts/devtest_seed.sh @@ -80,6 +80,9 @@ else jq -s '.[1] as $config |(.[0].ironic |= (.virtual_power_ssh_key=$config["ssh-key"]))|.[0].nova.compute_driver="ironic.nova.virt.ironic.driver.IronicDriver"|.[0].nova.compute_manager="ironic.nova.compute.manager.ClusteredComputeManager"|.[0].nova.baremetal={}| .[0]' config.json $TE_DATAFILE > tmp_local.json fi +# Add Keystone certs/key into the environment file +generate-keystone-pki --heatenv tmp_local.json -s + # Apply custom BM network settings to the seeds local.json config BM_NETWORK_CIDR=$(OS_CONFIG_FILES=$TE_DATAFILE os-apply-config --key baremetal-network.cidr --type raw --key-default '192.0.2.0/24') # FIXME: Once we support jq 1.3 we can use --arg here instead of writing @@ -100,7 +103,6 @@ jq -s ' rm tmp_local.json rm cidr.json - ### --end # If running in a CI environment then the user and ip address should be read # from the json describing the environment diff --git a/scripts/devtest_undercloud.sh b/scripts/devtest_undercloud.sh index 088b75c9..8cc529d2 100755 --- a/scripts/devtest_undercloud.sh +++ b/scripts/devtest_undercloud.sh @@ -232,6 +232,10 @@ ENV_JSON=$(jq '.parameters = { jq . > "${HEAT_ENV}" <<< $ENV_JSON chmod 0600 "${HEAT_ENV}" +## #. Add Keystone certs/key into the environment file.:: + +generate-keystone-pki --heatenv $HEAT_ENV + ## #. Deploy an undercloud. ## :: diff --git a/scripts/setup-clienttools b/scripts/setup-clienttools index 45186709..fa5915d7 100755 --- a/scripts/setup-clienttools +++ b/scripts/setup-clienttools @@ -24,7 +24,7 @@ pip install -U 'pbr>=0.5.21,<1.0' pip install -U python-cinderclient python-novaclient python-glanceclient python-heatclient python-keystoneclient python-neutronclient python-swiftclient python-ironicclient python-openstackclient os-apply-config os-cloud-config -for tool in os-apply-config cinder nova glance heat keystone neutron swift ironic openstack init-keystone; do +for tool in os-apply-config cinder nova glance heat keystone neutron swift ironic openstack init-keystone generate-keystone-pki; do ln -sf $VENV_HOME/bin/$tool $BASE/scripts/$tool ; done echo "Installed openstack client tool symlinks in $BASE/scripts"