summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Hua <john.hua@citrix.com>2016-05-10 17:45:56 +0800
committerBob Ball <bob.ball@citrix.com>2016-05-16 09:22:28 +0100
commitf1e04a0537c5253cfe54a648809c40e32e058ddd (patch)
treecd2a1dbd232a61dbb3640c385075711ddf034ff5
parent071339ecf29fa15934ff72a5f8298a860703bc01 (diff)
Add ssh-key
sshpass will be removed as it is not necessary and it is not included in the Ubuntu repo mirror list by default and may block installation. Change-Id: I347297aba72fbeb07cc4113e5ea21acd2e59652d (cherry picked from commit f0f19a26a081615591657552f8aaaf449027c8ea)
Notes
Notes (review): Code-Review+2: huan <huan.xie@citrix.com> Workflow+1: Bob Ball <bob.ball@citrix.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Mon, 16 May 2016 09:30:08 +0000 Reviewed-on: https://review.openstack.org/316648 Project: openstack/fuel-plugin-xenserver Branch: refs/heads/8.0
-rwxr-xr-xdeployment_scripts/compute_post_deployment.py116
-rw-r--r--deployment_tasks.yaml10
2 files changed, 77 insertions, 49 deletions
diff --git a/deployment_scripts/compute_post_deployment.py b/deployment_scripts/compute_post_deployment.py
index f4164c6..8e9a12b 100755
--- a/deployment_scripts/compute_post_deployment.py
+++ b/deployment_scripts/compute_post_deployment.py
@@ -9,9 +9,11 @@ from socket import inet_ntoa
9from struct import pack 9from struct import pack
10import subprocess 10import subprocess
11import sys 11import sys
12import stat
12import yaml 13import yaml
13 14
14 15
16XS_RSA = '/root/.ssh/xs_rsa'
15ASTUTE_PATH = '/etc/astute.yaml' 17ASTUTE_PATH = '/etc/astute.yaml'
16ASTUTE_SECTION = 'fuel-plugin-xenserver' 18ASTUTE_SECTION = 'fuel-plugin-xenserver'
17LOG_ROOT = '/var/log/fuel-plugin-xenserver' 19LOG_ROOT = '/var/log/fuel-plugin-xenserver'
@@ -29,15 +31,24 @@ logging.basicConfig(filename=os.path.join(LOG_ROOT, LOG_FILE),
29 31
30 32
31def reportError(err): 33def reportError(err):
32 logging.warning(err) 34 logging.error(err)
33 raise Exception(err) 35 raise Exception(err)
34 36
35 37
36def execute(*cmd, **kwargs): 38def execute(*cmd, **kwargs):
37 cmd = map(str, cmd) 39 cmd = map(str, cmd)
38 logging.info(' '.join(cmd)) 40 _env = kwargs.get('env')
41 env_prefix = ''
42 if _env:
43 env_prefix = ''.join(['%s=%s ' % (k, _env[k]) for k in _env])
44
45 env = dict(os.environ)
46 env.update(_env)
47 else:
48 env = None
49 logging.info(env_prefix + ' '.join(cmd))
39 proc = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, 50 proc = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
40 stderr=subprocess.PIPE) 51 stderr=subprocess.PIPE, env=env)
41 52
42 if 'prompt' in kwargs: 53 if 'prompt' in kwargs:
43 prompt = kwargs.get('prompt') 54 prompt = kwargs.get('prompt')
@@ -53,28 +64,54 @@ def execute(*cmd, **kwargs):
53 64
54 if out: 65 if out:
55 logging.debug(out) 66 logging.debug(out)
67 if err:
68 logging.error(err)
56 69
57 if proc.returncode is not None and proc.returncode != 0: 70 if proc.returncode is not None and proc.returncode != 0:
58 reportError(err) 71 raise Exception(err)
59 72
60 return out 73 return out
61 74
62 75
63def ssh(host, username, password, *cmd, **kwargs): 76def ssh(host, username, *cmd, **kwargs):
64 cmd = map(str, cmd) 77 cmd = map(str, cmd)
65 78
66 return execute('sshpass', '-p', password, 'ssh', 79 return execute('ssh', '-i', XS_RSA,
67 '-o', 'StrictHostKeyChecking=no', 80 '-o', 'StrictHostKeyChecking=no',
68 '%s@%s' % (username, host), *cmd, 81 '%s@%s' % (username, host), *cmd,
69 prompt=kwargs.get('prompt')) 82 prompt=kwargs.get('prompt'))
70 83
71 84
72def scp(host, username, password, target_path, filename): 85def scp(host, username, target_path, filename):
73 return execute('sshpass', '-p', password, 'scp', 86 return execute('scp', '-i', XS_RSA,
74 '-o', 'StrictHostKeyChecking=no', filename, 87 '-o', 'StrictHostKeyChecking=no', filename,
75 '%s@%s:%s' % (username, host, target_path)) 88 '%s@%s:%s' % (username, host, target_path))
76 89
77 90
91def ssh_copy_id(host, username, password):
92 ssh_askpass = "askpass.sh"
93
94 s = ('#!/bin/sh\n'
95 'echo "{password}"').format(password=password)
96 with open(ssh_askpass, 'w') as f:
97 f.write(s)
98 os.chmod(ssh_askpass, stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)
99
100 if os.path.exists(XS_RSA):
101 os.remove(XS_RSA)
102 if os.path.exists(XS_RSA + ".pub"):
103 os.remove(XS_RSA + ".pub")
104 execute('ssh-keygen', '-f', XS_RSA, '-t', 'rsa', '-N', '')
105
106 env = {
107 "HOME": "/root",
108 "SSH_ASKPASS": os.path.abspath(ssh_askpass),
109 "DISPLAY": ":.",
110 }
111 execute("setsid", "ssh-copy-id", "-o", "StrictHostKeyChecking=no",
112 "-i", XS_RSA, "%s@%s" % (username, host), env=env)
113
114
78def get_astute(astute_path): 115def get_astute(astute_path):
79 """Return the root object read from astute.yaml""" 116 """Return the root object read from astute.yaml"""
80 if not os.path.exists(astute_path): 117 if not os.path.exists(astute_path):
@@ -171,11 +208,11 @@ def init_eth():
171 reportError('HIMN failed to get IP address from XenServer') 208 reportError('HIMN failed to get IP address from XenServer')
172 209
173 210
174def check_host_compatibility(himn, username, password): 211def check_host_compatibility(himn, username):
175 hotfix = 'XS65ESP1013' 212 hotfix = 'XS65ESP1013'
176 installed = ssh(himn, username, password, 213 installed = ssh(himn, username,
177 'xe patch-list name-label=%s --minimal' % hotfix) 214 'xe patch-list name-label=%s --minimal' % hotfix)
178 ver = ssh(himn, username, password, 215 ver = ssh(himn, username,
179 ('xe host-param-get uuid=$(xe host-list --minimal) ' 216 ('xe host-param-get uuid=$(xe host-list --minimal) '
180 'param-name=software-version param-key=product_version_text')) 217 'param-name=software-version param-key=product_version_text'))
181 218
@@ -222,9 +259,9 @@ def create_novacompute_conf(himn, username, password, public_ip, services_ssl):
222 logging.info('%s created' % filename) 259 logging.info('%s created' % filename)
223 260
224 261
225def route_to_compute(endpoints, himn_xs, himn_local, username, password): 262def route_to_compute(endpoints, himn_xs, himn_local, username):
226 """Route storage/mgmt requests to compute nodes. """ 263 """Route storage/mgmt requests to compute nodes. """
227 out = ssh(himn_xs, username, password, 'route', '-n') 264 out = ssh(himn_xs, username, 'route', '-n')
228 _net = lambda ip: '.'.join(ip.split('.')[:-1] + ['0']) 265 _net = lambda ip: '.'.join(ip.split('.')[:-1] + ['0'])
229 _mask = lambda cidr: inet_ntoa(pack( 266 _mask = lambda cidr: inet_ntoa(pack(
230 '>I', 0xffffffff ^ (1 << 32 - int(cidr)) - 1)) 267 '>I', 0xffffffff ^ (1 << 32 - int(cidr)) - 1))
@@ -243,22 +280,22 @@ def route_to_compute(endpoints, himn_xs, himn_local, username, password):
243 if not _routed(net, mask, himn_local): 280 if not _routed(net, mask, himn_local):
244 params = ['route', 'add', '-net', net, 'netmask', 281 params = ['route', 'add', '-net', net, 'netmask',
245 mask, 'gw', himn_local] 282 mask, 'gw', himn_local]
246 ssh(himn_xs, username, password, *params) 283 ssh(himn_xs, username, *params)
247 sh = 'echo \'%s\' >> /etc/sysconfig/static-routes' \ 284 sh = 'echo \'%s\' >> /etc/sysconfig/static-routes' \
248 % ' '.join(params) 285 % ' '.join(params)
249 ssh(himn_xs, username, password, sh) 286 ssh(himn_xs, username, sh)
250 else: 287 else:
251 logging.info('%s network ip is missing' % endpoint_name) 288 logging.info('%s network ip is missing' % endpoint_name)
252 289
253 290
254def install_suppack(himn, username, password): 291def install_suppack(himn, username):
255 """Install xapi driver supplemental pack. """ 292 """Install xapi driver supplemental pack. """
256 # TODO(Johnhua): check if installed 293 # TODO(Johnhua): check if installed
257 scp(himn, username, password, '/tmp/', XS_PLUGIN_ISO) 294 scp(himn, username, '/tmp/', XS_PLUGIN_ISO)
258 ssh( 295 ssh(
259 himn, username, password, 'xe-install-supplemental-pack', 296 himn, username, 'xe-install-supplemental-pack',
260 '/tmp/%s' % XS_PLUGIN_ISO, prompt='Y\n') 297 '/tmp/%s' % XS_PLUGIN_ISO, prompt='Y\n')
261 ssh(himn, username, password, 'rm', '/tmp/%s' % XS_PLUGIN_ISO) 298 ssh(himn, username, 'rm', '/tmp/%s' % XS_PLUGIN_ISO)
262 299
263 300
264def forward_from_himn(eth): 301def forward_from_himn(eth):
@@ -303,11 +340,11 @@ def forward_port(eth_in, eth_out, target_host, target_port):
303 execute('service', 'iptables-persistent', 'save') 340 execute('service', 'iptables-persistent', 'save')
304 341
305 342
306def install_logrotate_script(himn, username, password): 343def install_logrotate_script(himn, username):
307 "Install console logrotate script" 344 "Install console logrotate script"
308 scp(himn, username, password, '/root/', 'rotate_xen_guest_logs.sh') 345 scp(himn, username, '/root/', 'rotate_xen_guest_logs.sh')
309 ssh(himn, username, password, 'mkdir -p /var/log/xen/guest') 346 ssh(himn, username, 'mkdir -p /var/log/xen/guest')
310 ssh(himn, username, password, '''crontab - << CRONTAB 347 ssh(himn, username, '''crontab - << CRONTAB
311* * * * * /root/rotate_xen_guest_logs.sh 348* * * * * /root/rotate_xen_guest_logs.sh
312CRONTAB''') 349CRONTAB''')
313 350
@@ -359,7 +396,7 @@ def get_private_network_ethX():
359 if item['action'] == 'add-port' and item['bridge'] == 'br-ex': 396 if item['action'] == 'add-port' and item['bridge'] == 'br-ex':
360 return item['name'] 397 return item['name']
361 398
362def find_bridge_mappings(astute, himn, username, password): 399def find_bridge_mappings(astute, himn, username):
363 ethX = get_private_network_ethX() 400 ethX = get_private_network_ethX()
364 if not ethX: 401 if not ethX:
365 reportError("Cannot find eth used for private network") 402 reportError("Cannot find eth used for private network")
@@ -368,9 +405,9 @@ def find_bridge_mappings(astute, himn, username, password):
368 fo = open('/sys/class/net/%s/address' % ethX, 'r') 405 fo = open('/sys/class/net/%s/address' % ethX, 'r')
369 mac = fo.readline() 406 mac = fo.readline()
370 fo.close() 407 fo.close()
371 network_uuid = ssh(himn, username, password, 408 network_uuid = ssh(himn, username,
372 'xe vif-list params=network-uuid minimal=true MAC=%s' % mac) 409 'xe vif-list params=network-uuid minimal=true MAC=%s' % mac)
373 bridge = ssh(himn, username, password, 410 bridge = ssh(himn, username,
374 'xe network-param-get param-name=bridge uuid=%s' % network_uuid) 411 'xe network-param-get param-name=bridge uuid=%s' % network_uuid)
375 412
376 # find physical network name 413 # find physical network name
@@ -384,11 +421,11 @@ def restart_services(service_name):
384 execute('start', service_name) 421 execute('start', service_name)
385 422
386 423
387def enable_linux_bridge(himn, username, password): 424def enable_linux_bridge(himn, username):
388 # When using OVS under XS6.5, it will prevent use of Linux bridge in 425 # When using OVS under XS6.5, it will prevent use of Linux bridge in
389 # Dom0, but neutron-openvswitch-agent in compute node will use Linux 426 # Dom0, but neutron-openvswitch-agent in compute node will use Linux
390 # bridge, so we remove this restriction here 427 # bridge, so we remove this restriction here
391 ssh(himn, username, password, 'rm -f /etc/modprobe.d/blacklist-bridge*') 428 ssh(himn, username, 'rm -f /etc/modprobe.d/blacklist-bridge*')
392 429
393 430
394def patch_compute_xenapi(): 431def patch_compute_xenapi():
@@ -410,12 +447,12 @@ def patch_neutron_ovs_agent():
410 execute('patch', '-d', '/usr/', '-p1', '-i', patch_file) 447 execute('patch', '-d', '/usr/', '-p1', '-i', patch_file)
411 448
412 449
413def apply_sm_patch(himn, username, password): 450def apply_sm_patch(himn, username):
414 ver = ssh(himn, username, password, 451 ver = ssh(himn, username,
415 ('xe host-param-get uuid=$(xe host-list --minimal) ' 452 ('xe host-param-get uuid=$(xe host-list --minimal) '
416 'param-name=software-version param-key=product_version_text')) 453 'param-name=software-version param-key=product_version_text'))
417 if ver == "6.5": 454 if ver == "6.5":
418 ssh(himn, username, password, 455 ssh(himn, username,
419 "sed -i s/\\'phy\\'/\\'aio\\'/g /opt/xensource/sm/ISCSISR.py") 456 "sed -i s/\\'phy\\'/\\'aio\\'/g /opt/xensource/sm/ISCSISR.py")
420 457
421 458
@@ -434,30 +471,29 @@ if __name__ == '__main__':
434 astute, ('public_ssl', 'services')) 471 astute, ('public_ssl', 'services'))
435 472
436 if username and password and endpoints and himn_local: 473 if username and password and endpoints and himn_local:
437 check_host_compatibility(HIMN_IP, username, password) 474 ssh_copy_id(HIMN_IP, username, password)
438 route_to_compute( 475 check_host_compatibility(HIMN_IP, username)
439 endpoints, HIMN_IP, himn_local, username, password) 476 route_to_compute(endpoints, HIMN_IP, himn_local, username)
440 if install_xapi: 477 if install_xapi:
441 install_suppack(HIMN_IP, username, password) 478 install_suppack(HIMN_IP, username)
442 enable_linux_bridge(HIMN_IP, username, password) 479 enable_linux_bridge(HIMN_IP, username)
443 forward_from_himn(himn_eth) 480 forward_from_himn(himn_eth)
444 481
445 # port forwarding for novnc 482 # port forwarding for novnc
446 forward_port('br-mgmt', himn_eth, HIMN_IP, '80') 483 forward_port('br-mgmt', himn_eth, HIMN_IP, '80')
447 484
448 # apply sm patch 485 # apply sm patch
449 apply_sm_patch(HIMN_IP, username, password) 486 apply_sm_patch(HIMN_IP, username)
450 487
451 create_novacompute_conf(HIMN_IP, username, password, public_ip, services_ssl) 488 create_novacompute_conf(HIMN_IP, username, password, public_ip, services_ssl)
452 patch_compute_xenapi() 489 patch_compute_xenapi()
453 restart_services('nova-compute') 490 restart_services('nova-compute')
454 491
455 install_logrotate_script(HIMN_IP, username, password) 492 install_logrotate_script(HIMN_IP, username)
456 493
457 # neutron-l2-agent in compute node 494 # neutron-l2-agent in compute node
458 modify_neutron_rootwrap_conf(HIMN_IP, username, password) 495 modify_neutron_rootwrap_conf(HIMN_IP, username, password)
459 br_mappings = find_bridge_mappings(astute, HIMN_IP, 496 br_mappings = find_bridge_mappings(astute, HIMN_IP, username)
460 username, password)
461 modify_neutron_ovs_agent_conf(INT_BRIDGE, br_mappings) 497 modify_neutron_ovs_agent_conf(INT_BRIDGE, br_mappings)
462 patch_neutron_ovs_agent() 498 patch_neutron_ovs_agent()
463 restart_services('neutron-plugin-openvswitch-agent') 499 restart_services('neutron-plugin-openvswitch-agent')
diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml
index e169eff..4f39f02 100644
--- a/deployment_tasks.yaml
+++ b/deployment_tasks.yaml
@@ -6,18 +6,10 @@
6 parameters: 6 parameters:
7 cmd: 'dpkg -i ./xe-guest-utilities_6.5.0-1393_amd64.deb' 7 cmd: 'dpkg -i ./xe-guest-utilities_6.5.0-1393_amd64.deb'
8 timeout: 10 8 timeout: 10
9- id: 'install-sshpass'
10 role: ['compute']
11 required_for: ['compute-post-deployment']
12 requires: ['post_deployment_start']
13 type: shell
14 parameters:
15 cmd: 'apt-get install sshpass -y'
16 timeout: 60
17- id: 'compute-post-deployment' 9- id: 'compute-post-deployment'
18 role: ['compute'] 10 role: ['compute']
19 required_for: ['post_deployment_end'] 11 required_for: ['post_deployment_end']
20 requires: ['install-pv-tool', 'install-sshpass'] 12 requires: ['install-pv-tool']
21 type: shell 13 type: shell
22 parameters: 14 parameters:
23 cmd: ./compute_post_deployment.py 15 cmd: ./compute_post_deployment.py