Pass ssh public key as string

* Fedora CoreOS need the key to be passed as a string. * We can adopt in all drivers so that users in the same project can do cluster resize. story: 2005201 task: 36934 Change-Id: I9a18ce4dcbd74f0dcd23274baed7c8c3d2029d50 Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
openstack · Oct 8, 2019 · 2f72fdf · 2f72fdf
1 parent 8d8e052
commit 2f72fdf
Show file tree

Hide file tree

Showing 12 changed files with 111 additions and 0 deletions.
diff --git a/contrib/drivers/dcos_centos_v1/templates/dcoscluster.yaml b/contrib/drivers/dcos_centos_v1/templates/dcoscluster.yaml
@@ -46,6 +46,11 @@ parameters:
     type: string
     description: name of ssh key to be provisioned on our server
 
+  ssh_public_key:
+    type: string
+    description: The public ssh key to add in all nodes
+    default: ""
+
   external_network:
     type: string
     description: uuid/name of a network to use for floating ip addresses

diff --git a/magnum/common/nova.py b/magnum/common/nova.py
@@ -0,0 +1,34 @@
+# Copyright 2019 Catalyst Cloud Ltd.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+from oslo_config import cfg
+from oslo_log import log as logging
+
+from magnum.common import clients
+from novaclient import exceptions as nova_exception
+
+LOG = logging.getLogger(__name__)
+CONF = cfg.CONF
+
+
+def get_ssh_key(context, keypair_ident):
+    try:
+        n_client = clients.OpenStackClients(context).nova()
+        keypair = n_client.keypairs.get(keypair_ident)
+        # no spaces or break lines at the end, single line string
+        return keypair.public_key.strip()
+    except nova_exception.NotFound:
+        # we don't have a way to tell if the keypair doesn't
+        # exist or the cluster is already creted
+        return ""
diff --git a/magnum/drivers/heat/template_def.py b/magnum/drivers/heat/template_def.py
@@ -23,6 +23,7 @@
 from magnum.common import clients
 from magnum.common import exception
 from magnum.common import keystone
+from magnum.common import nova
 from magnum.common import utils
 import magnum.conf
 
@@ -370,6 +371,9 @@ def get_params(self, context, cluster_template, cluster, **kwargs):
         extra_params['trustee_password'] = cluster.trustee_password
         extra_params['verify_ca'] = CONF.drivers.verify_ca
         extra_params['openstack_ca'] = utils.get_openstack_ca()
+        ssh_public_key = nova.get_ssh_key(context, cluster.keypair)
+        if ssh_public_key != "":
+            extra_params['ssh_public_key'] = ssh_public_key
 
         # Only pass trust ID into the template if allowed by the config file
         if CONF.trust.cluster_user_trust:

diff --git a/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml
@@ -16,6 +16,11 @@ parameters:
     description: name of ssh key to be provisioned on our server
     default: ""
 
+  ssh_public_key:
+    type: string
+    description: The public ssh key to add in all nodes
+    default: ""
+
   external_network:
     type: string
     description: uuid/name of a network to use for floating ip addresses

diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@@ -53,6 +53,11 @@ parameters:
     description: name of ssh key to be provisioned on our server
     default: ""
 
+  ssh_public_key:
+    type: string
+    description: The public ssh key to add in all nodes
+    default: ""
+
   external_network:
     type: string
     description: uuid of a network to use for floating ip addresses

diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
@@ -12,6 +12,11 @@ parameters:
     description: name of ssh key to be provisioned on our server
     default: ""
 
+  ssh_public_key:
+    type: string
+    description: The public ssh key to add in all nodes
+    default: ""
+
   external_network:
     type: string
     description: uuid/name of a network to use for floating ip addresses

diff --git a/magnum/drivers/mesos_ubuntu_v1/templates/mesoscluster.yaml b/magnum/drivers/mesos_ubuntu_v1/templates/mesoscluster.yaml
@@ -13,6 +13,11 @@ parameters:
     description: name of ssh key to be provisioned on our server
     default: ""
 
+  ssh_public_key:
+    type: string
+    description: The public ssh key to add in all nodes
+    default: ""
+
   external_network:
     type: string
     description: uuid/name of a network to use for floating ip addresses

diff --git a/magnum/drivers/swarm_fedora_atomic_v1/templates/cluster.yaml b/magnum/drivers/swarm_fedora_atomic_v1/templates/cluster.yaml
@@ -18,6 +18,11 @@ parameters:
     description: name of ssh key to be provisioned on our server
     default: ""
 
+  ssh_public_key:
+    type: string
+    description: The public ssh key to add in all nodes
+    default: ""
+
   external_network:
     type: string
     description: uuid/name of a network to use for floating ip addresses

diff --git a/magnum/drivers/swarm_fedora_atomic_v2/templates/swarmcluster.yaml b/magnum/drivers/swarm_fedora_atomic_v2/templates/swarmcluster.yaml
@@ -18,6 +18,11 @@ parameters:
     description: name of ssh key to be provisioned on our server
     default: ""
 
+  ssh_public_key:
+    type: string
+    description: The public ssh key to add in all nodes
+    default: ""
+
   external_network:
     type: string
     description: uuid/name of a network to use for floating ip addresses

diff --git a/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py b/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py
@@ -162,6 +162,13 @@ def setUp(self):
         self.mock_osc_class = osc_patcher.start()
         self.addCleanup(osc_patcher.stop)
         self.mock_osc = mock.MagicMock()
+
+        mock_keypair = mock.MagicMock()
+        mock_keypair.public_key = 'ssh-rsa AAAAB3Nz'
+        self.mock_nova = mock.MagicMock()
+        self.mock_nova.keypairs.get.return_value = mock_keypair
+        self.mock_osc.nova.return_value = self.mock_nova
+
         self.mock_osc.url_for.return_value = 'http://192.168.10.10:5000/v3'
         self.mock_osc.magnum_url.return_value = 'http://127.0.0.1:9511/v1'
         self.mock_osc.cinder_region_name.return_value = 'RegionOne'
@@ -338,6 +345,7 @@ def _test_extract_template_definition(
             'kube_version': 'fake-version',
             'verify_ca': True,
             'openstack_ca': '',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             "nodes_affinity_policy": "soft-anti-affinity",
             'availability_zone': 'az_1',
             'cert_manager_api': 'False',
@@ -485,6 +493,7 @@ def test_extract_template_definition_with_registry(
             'kube_version': 'fake-version',
             'verify_ca': True,
             'openstack_ca': '',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             "nodes_affinity_policy": "soft-anti-affinity",
             'availability_zone': 'az_1',
             'cert_manager_api': 'False',
@@ -615,6 +624,7 @@ def test_extract_template_definition_only_required(
             'username': 'fake_user',
             'verify_ca': True,
             'openstack_ca': '',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             "nodes_affinity_policy": "soft-anti-affinity",
             'availability_zone': 'az_1',
             'cert_manager_api': 'False',
@@ -733,6 +743,7 @@ def test_extract_template_definition_coreos_with_disovery(
             'kube_version': 'fake-version',
             'verify_ca': True,
             'openstack_ca': '',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'openstack_ca_coreos': '',
             'cert_manager_api': 'False',
             'ingress_controller': 'i-controller',
@@ -839,6 +850,7 @@ def test_extract_template_definition_coreos_no_discoveryurl(
             'kube_version': 'fake-version',
             'verify_ca': True,
             'openstack_ca': '',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'openstack_ca_coreos': '',
             'cert_manager_api': 'False',
             'ingress_controller': 'i-controller',
@@ -1057,6 +1069,7 @@ def test_extract_template_definition_without_discovery_url(
             'kube_version': 'fake-version',
             'verify_ca': True,
             'openstack_ca': '',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             "nodes_affinity_policy": "soft-anti-affinity",
             'availability_zone': 'az_1',
             'cert_manager_api': 'False',

diff --git a/magnum/tests/unit/conductor/handlers/test_mesos_cluster_conductor.py b/magnum/tests/unit/conductor/handlers/test_mesos_cluster_conductor.py
@@ -116,6 +116,13 @@ def setUp(self):
         self.addCleanup(osc_patcher.stop)
         self.mock_osc = mock.MagicMock()
         self.mock_osc.cinder_region_name.return_value = 'RegionOne'
+
+        mock_keypair = mock.MagicMock()
+        mock_keypair.public_key = 'ssh-rsa AAAAB3Nz'
+        self.mock_nova = mock.MagicMock()
+        self.mock_nova.keypairs.get.return_value = mock_keypair
+        self.mock_osc.nova.return_value = self.mock_nova
+
         self.mock_keystone = mock.MagicMock()
         self.mock_keystone.trustee_domain_id = 'trustee_domain_id'
         self.mock_osc.keystone.return_value = self.mock_keystone
@@ -147,6 +154,7 @@ def test_extract_template_definition_all_values(
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'fixed_network': 'fixed_network',
             'fixed_subnet': 'fixed_subnet',
@@ -222,6 +230,7 @@ def test_extract_template_definition_only_required(
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'number_of_slaves': 1,
             'number_of_masters': 1,
@@ -284,6 +293,7 @@ def test_extract_template_definition_with_lb_neutron(
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'fixed_network': 'fixed_network',
             'fixed_subnet': 'fixed_subnet',
@@ -359,6 +369,7 @@ def __init__(self):
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'fixed_network': 'fixed_network',
             'fixed_subnet': 'fixed_subnet',
@@ -432,6 +443,7 @@ def test_extract_template_definition_multi_master(
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'fixed_network': 'fixed_network',
             'fixed_subnet': 'fixed_subnet',

diff --git a/magnum/tests/unit/conductor/handlers/test_swarm_cluster_conductor.py b/magnum/tests/unit/conductor/handlers/test_swarm_cluster_conductor.py
@@ -130,6 +130,13 @@ def setUp(self):
         self.mock_osc = mock.MagicMock()
         self.mock_osc.magnum_url.return_value = 'http://127.0.0.1:9511/v1'
         self.mock_osc.url_for.return_value = 'http://192.168.10.10:5000/v3'
+
+        mock_keypair = mock.MagicMock()
+        mock_keypair.public_key = 'ssh-rsa AAAAB3Nz'
+        self.mock_nova = mock.MagicMock()
+        self.mock_nova.keypairs.get.return_value = mock_keypair
+        self.mock_osc.nova.return_value = self.mock_nova
+
         self.mock_keystone = mock.MagicMock()
         self.mock_keystone.trustee_domain_id = 'trustee_domain_id'
         self.mock_osc.keystone.return_value = self.mock_keystone
@@ -167,6 +174,7 @@ def test_extract_template_definition_all_values(
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'fixed_network': 'fixed_network',
             'fixed_subnet': 'fixed_subnet',
@@ -251,6 +259,7 @@ def test_extract_template_definition_with_registry(
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'fixed_network': 'fixed_network',
             'fixed_subnet': 'fixed_subnet',
@@ -345,6 +354,7 @@ def test_extract_template_definition_only_required(
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'number_of_masters': 1,
             'number_of_nodes': 1,
@@ -418,6 +428,7 @@ def test_extract_template_definition_with_lb_neutron(
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'fixed_network': 'fixed_network',
             'fixed_subnet': 'fixed_subnet',
@@ -506,6 +517,7 @@ def __init__(self):
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'fixed_network': 'fixed_network',
             'fixed_subnet': 'fixed_subnet',
@@ -592,6 +604,7 @@ def test_extract_template_definition_multi_master(
 
         expected = {
             'ssh_key_name': 'keypair_id',
+            'ssh_public_key': 'ssh-rsa AAAAB3Nz',
             'external_network': 'external_network_id',
             'fixed_network': 'fixed_network',
             'fixed_subnet': 'fixed_subnet',