Add ssh-key
sshpass will be removed as it is not necessary and it is not included in the Ubuntu repo mirror list by default and may block installation. Change-Id: I347297aba72fbeb07cc4113e5ea21acd2e59652d (cherry picked from commit f0f19a26a081615591657552f8aaaf449027c8ea)
This commit is contained in:
parent
071339ecf2
commit
f1e04a0537
|
@ -9,9 +9,11 @@ from socket import inet_ntoa
|
|||
from struct import pack
|
||||
import subprocess
|
||||
import sys
|
||||
import stat
|
||||
import yaml
|
||||
|
||||
|
||||
XS_RSA = '/root/.ssh/xs_rsa'
|
||||
ASTUTE_PATH = '/etc/astute.yaml'
|
||||
ASTUTE_SECTION = 'fuel-plugin-xenserver'
|
||||
LOG_ROOT = '/var/log/fuel-plugin-xenserver'
|
||||
|
@ -29,15 +31,24 @@ logging.basicConfig(filename=os.path.join(LOG_ROOT, LOG_FILE),
|
|||
|
||||
|
||||
def reportError(err):
|
||||
logging.warning(err)
|
||||
logging.error(err)
|
||||
raise Exception(err)
|
||||
|
||||
|
||||
def execute(*cmd, **kwargs):
|
||||
cmd = map(str, cmd)
|
||||
logging.info(' '.join(cmd))
|
||||
_env = kwargs.get('env')
|
||||
env_prefix = ''
|
||||
if _env:
|
||||
env_prefix = ''.join(['%s=%s ' % (k, _env[k]) for k in _env])
|
||||
|
||||
env = dict(os.environ)
|
||||
env.update(_env)
|
||||
else:
|
||||
env = None
|
||||
logging.info(env_prefix + ' '.join(cmd))
|
||||
proc = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE)
|
||||
stderr=subprocess.PIPE, env=env)
|
||||
|
||||
if 'prompt' in kwargs:
|
||||
prompt = kwargs.get('prompt')
|
||||
|
@ -53,28 +64,54 @@ def execute(*cmd, **kwargs):
|
|||
|
||||
if out:
|
||||
logging.debug(out)
|
||||
if err:
|
||||
logging.error(err)
|
||||
|
||||
if proc.returncode is not None and proc.returncode != 0:
|
||||
reportError(err)
|
||||
raise Exception(err)
|
||||
|
||||
return out
|
||||
|
||||
|
||||
def ssh(host, username, password, *cmd, **kwargs):
|
||||
def ssh(host, username, *cmd, **kwargs):
|
||||
cmd = map(str, cmd)
|
||||
|
||||
return execute('sshpass', '-p', password, 'ssh',
|
||||
return execute('ssh', '-i', XS_RSA,
|
||||
'-o', 'StrictHostKeyChecking=no',
|
||||
'%s@%s' % (username, host), *cmd,
|
||||
prompt=kwargs.get('prompt'))
|
||||
|
||||
|
||||
def scp(host, username, password, target_path, filename):
|
||||
return execute('sshpass', '-p', password, 'scp',
|
||||
def scp(host, username, target_path, filename):
|
||||
return execute('scp', '-i', XS_RSA,
|
||||
'-o', 'StrictHostKeyChecking=no', filename,
|
||||
'%s@%s:%s' % (username, host, target_path))
|
||||
|
||||
|
||||
def ssh_copy_id(host, username, password):
|
||||
ssh_askpass = "askpass.sh"
|
||||
|
||||
s = ('#!/bin/sh\n'
|
||||
'echo "{password}"').format(password=password)
|
||||
with open(ssh_askpass, 'w') as f:
|
||||
f.write(s)
|
||||
os.chmod(ssh_askpass, stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)
|
||||
|
||||
if os.path.exists(XS_RSA):
|
||||
os.remove(XS_RSA)
|
||||
if os.path.exists(XS_RSA + ".pub"):
|
||||
os.remove(XS_RSA + ".pub")
|
||||
execute('ssh-keygen', '-f', XS_RSA, '-t', 'rsa', '-N', '')
|
||||
|
||||
env = {
|
||||
"HOME": "/root",
|
||||
"SSH_ASKPASS": os.path.abspath(ssh_askpass),
|
||||
"DISPLAY": ":.",
|
||||
}
|
||||
execute("setsid", "ssh-copy-id", "-o", "StrictHostKeyChecking=no",
|
||||
"-i", XS_RSA, "%s@%s" % (username, host), env=env)
|
||||
|
||||
|
||||
def get_astute(astute_path):
|
||||
"""Return the root object read from astute.yaml"""
|
||||
if not os.path.exists(astute_path):
|
||||
|
@ -171,11 +208,11 @@ def init_eth():
|
|||
reportError('HIMN failed to get IP address from XenServer')
|
||||
|
||||
|
||||
def check_host_compatibility(himn, username, password):
|
||||
def check_host_compatibility(himn, username):
|
||||
hotfix = 'XS65ESP1013'
|
||||
installed = ssh(himn, username, password,
|
||||
installed = ssh(himn, username,
|
||||
'xe patch-list name-label=%s --minimal' % hotfix)
|
||||
ver = ssh(himn, username, password,
|
||||
ver = ssh(himn, username,
|
||||
('xe host-param-get uuid=$(xe host-list --minimal) '
|
||||
'param-name=software-version param-key=product_version_text'))
|
||||
|
||||
|
@ -222,9 +259,9 @@ def create_novacompute_conf(himn, username, password, public_ip, services_ssl):
|
|||
logging.info('%s created' % filename)
|
||||
|
||||
|
||||
def route_to_compute(endpoints, himn_xs, himn_local, username, password):
|
||||
def route_to_compute(endpoints, himn_xs, himn_local, username):
|
||||
"""Route storage/mgmt requests to compute nodes. """
|
||||
out = ssh(himn_xs, username, password, 'route', '-n')
|
||||
out = ssh(himn_xs, username, 'route', '-n')
|
||||
_net = lambda ip: '.'.join(ip.split('.')[:-1] + ['0'])
|
||||
_mask = lambda cidr: inet_ntoa(pack(
|
||||
'>I', 0xffffffff ^ (1 << 32 - int(cidr)) - 1))
|
||||
|
@ -243,22 +280,22 @@ def route_to_compute(endpoints, himn_xs, himn_local, username, password):
|
|||
if not _routed(net, mask, himn_local):
|
||||
params = ['route', 'add', '-net', net, 'netmask',
|
||||
mask, 'gw', himn_local]
|
||||
ssh(himn_xs, username, password, *params)
|
||||
ssh(himn_xs, username, *params)
|
||||
sh = 'echo \'%s\' >> /etc/sysconfig/static-routes' \
|
||||
% ' '.join(params)
|
||||
ssh(himn_xs, username, password, sh)
|
||||
ssh(himn_xs, username, sh)
|
||||
else:
|
||||
logging.info('%s network ip is missing' % endpoint_name)
|
||||
|
||||
|
||||
def install_suppack(himn, username, password):
|
||||
def install_suppack(himn, username):
|
||||
"""Install xapi driver supplemental pack. """
|
||||
# TODO(Johnhua): check if installed
|
||||
scp(himn, username, password, '/tmp/', XS_PLUGIN_ISO)
|
||||
scp(himn, username, '/tmp/', XS_PLUGIN_ISO)
|
||||
ssh(
|
||||
himn, username, password, 'xe-install-supplemental-pack',
|
||||
himn, username, 'xe-install-supplemental-pack',
|
||||
'/tmp/%s' % XS_PLUGIN_ISO, prompt='Y\n')
|
||||
ssh(himn, username, password, 'rm', '/tmp/%s' % XS_PLUGIN_ISO)
|
||||
ssh(himn, username, 'rm', '/tmp/%s' % XS_PLUGIN_ISO)
|
||||
|
||||
|
||||
def forward_from_himn(eth):
|
||||
|
@ -303,11 +340,11 @@ def forward_port(eth_in, eth_out, target_host, target_port):
|
|||
execute('service', 'iptables-persistent', 'save')
|
||||
|
||||
|
||||
def install_logrotate_script(himn, username, password):
|
||||
def install_logrotate_script(himn, username):
|
||||
"Install console logrotate script"
|
||||
scp(himn, username, password, '/root/', 'rotate_xen_guest_logs.sh')
|
||||
ssh(himn, username, password, 'mkdir -p /var/log/xen/guest')
|
||||
ssh(himn, username, password, '''crontab - << CRONTAB
|
||||
scp(himn, username, '/root/', 'rotate_xen_guest_logs.sh')
|
||||
ssh(himn, username, 'mkdir -p /var/log/xen/guest')
|
||||
ssh(himn, username, '''crontab - << CRONTAB
|
||||
* * * * * /root/rotate_xen_guest_logs.sh
|
||||
CRONTAB''')
|
||||
|
||||
|
@ -359,7 +396,7 @@ def get_private_network_ethX():
|
|||
if item['action'] == 'add-port' and item['bridge'] == 'br-ex':
|
||||
return item['name']
|
||||
|
||||
def find_bridge_mappings(astute, himn, username, password):
|
||||
def find_bridge_mappings(astute, himn, username):
|
||||
ethX = get_private_network_ethX()
|
||||
if not ethX:
|
||||
reportError("Cannot find eth used for private network")
|
||||
|
@ -368,9 +405,9 @@ def find_bridge_mappings(astute, himn, username, password):
|
|||
fo = open('/sys/class/net/%s/address' % ethX, 'r')
|
||||
mac = fo.readline()
|
||||
fo.close()
|
||||
network_uuid = ssh(himn, username, password,
|
||||
network_uuid = ssh(himn, username,
|
||||
'xe vif-list params=network-uuid minimal=true MAC=%s' % mac)
|
||||
bridge = ssh(himn, username, password,
|
||||
bridge = ssh(himn, username,
|
||||
'xe network-param-get param-name=bridge uuid=%s' % network_uuid)
|
||||
|
||||
# find physical network name
|
||||
|
@ -384,11 +421,11 @@ def restart_services(service_name):
|
|||
execute('start', service_name)
|
||||
|
||||
|
||||
def enable_linux_bridge(himn, username, password):
|
||||
def enable_linux_bridge(himn, username):
|
||||
# When using OVS under XS6.5, it will prevent use of Linux bridge in
|
||||
# Dom0, but neutron-openvswitch-agent in compute node will use Linux
|
||||
# bridge, so we remove this restriction here
|
||||
ssh(himn, username, password, 'rm -f /etc/modprobe.d/blacklist-bridge*')
|
||||
ssh(himn, username, 'rm -f /etc/modprobe.d/blacklist-bridge*')
|
||||
|
||||
|
||||
def patch_compute_xenapi():
|
||||
|
@ -410,12 +447,12 @@ def patch_neutron_ovs_agent():
|
|||
execute('patch', '-d', '/usr/', '-p1', '-i', patch_file)
|
||||
|
||||
|
||||
def apply_sm_patch(himn, username, password):
|
||||
ver = ssh(himn, username, password,
|
||||
def apply_sm_patch(himn, username):
|
||||
ver = ssh(himn, username,
|
||||
('xe host-param-get uuid=$(xe host-list --minimal) '
|
||||
'param-name=software-version param-key=product_version_text'))
|
||||
if ver == "6.5":
|
||||
ssh(himn, username, password,
|
||||
ssh(himn, username,
|
||||
"sed -i s/\\'phy\\'/\\'aio\\'/g /opt/xensource/sm/ISCSISR.py")
|
||||
|
||||
|
||||
|
@ -434,30 +471,29 @@ if __name__ == '__main__':
|
|||
astute, ('public_ssl', 'services'))
|
||||
|
||||
if username and password and endpoints and himn_local:
|
||||
check_host_compatibility(HIMN_IP, username, password)
|
||||
route_to_compute(
|
||||
endpoints, HIMN_IP, himn_local, username, password)
|
||||
ssh_copy_id(HIMN_IP, username, password)
|
||||
check_host_compatibility(HIMN_IP, username)
|
||||
route_to_compute(endpoints, HIMN_IP, himn_local, username)
|
||||
if install_xapi:
|
||||
install_suppack(HIMN_IP, username, password)
|
||||
enable_linux_bridge(HIMN_IP, username, password)
|
||||
install_suppack(HIMN_IP, username)
|
||||
enable_linux_bridge(HIMN_IP, username)
|
||||
forward_from_himn(himn_eth)
|
||||
|
||||
# port forwarding for novnc
|
||||
forward_port('br-mgmt', himn_eth, HIMN_IP, '80')
|
||||
|
||||
# apply sm patch
|
||||
apply_sm_patch(HIMN_IP, username, password)
|
||||
apply_sm_patch(HIMN_IP, username)
|
||||
|
||||
create_novacompute_conf(HIMN_IP, username, password, public_ip, services_ssl)
|
||||
patch_compute_xenapi()
|
||||
restart_services('nova-compute')
|
||||
|
||||
install_logrotate_script(HIMN_IP, username, password)
|
||||
install_logrotate_script(HIMN_IP, username)
|
||||
|
||||
# neutron-l2-agent in compute node
|
||||
modify_neutron_rootwrap_conf(HIMN_IP, username, password)
|
||||
br_mappings = find_bridge_mappings(astute, HIMN_IP,
|
||||
username, password)
|
||||
br_mappings = find_bridge_mappings(astute, HIMN_IP, username)
|
||||
modify_neutron_ovs_agent_conf(INT_BRIDGE, br_mappings)
|
||||
patch_neutron_ovs_agent()
|
||||
restart_services('neutron-plugin-openvswitch-agent')
|
||||
|
|
|
@ -6,18 +6,10 @@
|
|||
parameters:
|
||||
cmd: 'dpkg -i ./xe-guest-utilities_6.5.0-1393_amd64.deb'
|
||||
timeout: 10
|
||||
- id: 'install-sshpass'
|
||||
role: ['compute']
|
||||
required_for: ['compute-post-deployment']
|
||||
requires: ['post_deployment_start']
|
||||
type: shell
|
||||
parameters:
|
||||
cmd: 'apt-get install sshpass -y'
|
||||
timeout: 60
|
||||
- id: 'compute-post-deployment'
|
||||
role: ['compute']
|
||||
required_for: ['post_deployment_end']
|
||||
requires: ['install-pv-tool', 'install-sshpass']
|
||||
requires: ['install-pv-tool']
|
||||
type: shell
|
||||
parameters:
|
||||
cmd: ./compute_post_deployment.py
|
||||
|
|
Loading…
Reference in New Issue