x
/
novajoin
Code Issues Proposed changes

Clean up options: remove cacert, add password-file 

Remove the unused cacert option. Rely instead on system certificates.

Add password-file option to pass in the IPA admin password.

Use the IPA-provided user_input which is more robust.

Drop message about loading metadata as it is done automatically now.
This commit is contained in:
Rob Crittenden 2016-02-25 21:10:45 +00:00
parent 0a7a89cf34
commit 61d08ba025
2 changed files with 20 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
novajoin/hooks.py
View File

@ -44,8 +44,6 @@ CONF.register_opts([
cfg.StrOpt('service_name', default=None,
help='HTTP IPA Kerberos service name '
'(e.g. HTTP@ipa.host.domain)'),
cfg.StrOpt('cacert', default='/etc/ipa/ca.crt',
help='CA certificate for use with https to IPA'),
cfg.StrOpt('domain', default='test',
help='Domain for new hosts'),
cfg.IntOpt('connect_retries', default=1,

45
scripts/novajoin-install
View File

@ -30,7 +30,7 @@ from string import Template
from six.moves import input
from six.moves.configparser import ConfigParser
from ipalib.config import Env
from ipapython.ipautil import run, kinit_password
from ipapython.ipautil import run, kinit_password, user_input
DATADIR = '/usr/share/novajoin'
@ -86,16 +86,6 @@ def write_from_template(destfile, template, opts):
logger.debug(text)
def user_input(prompt):
while True:
try:
ret = input("%s: " % prompt)
if ret.strip():
return ret.strip()
except EOFError:
raise ConfigurationError('Failed to get user input')
def install(args):
logger.info('Installation initiated')
@ -179,16 +169,16 @@ def install(args):
os.chmod('/etc/nova/ipauser.keytab', 0o600)
logger.info('Importing IPA metadata')
(stdin, stdout, returncode) = run(
(stdout, stderr, returncode) = run(
['glance',
'md-namespace-import',
'--file',
'/usr/share/freeipa.json'], raiseonerr=False)
if returncode != 0:
logger.error('Adding IPA metadata failed')
logger.error('Adding IPA metadata failed: %s' % stderr)
logger.info('Creating IPA permissions')
(stdin, stdout, returncode) = run(
(stdout, stderr, returncode) = run(
['/usr/libexec/novajoin-ipa-setup.sh'], raiseonerr=False)
if returncode != 0:
logger.error('Creating IPA permissions failed')
@ -196,29 +186,36 @@ def install(args):
def parse_args():
parser = argparse.ArgumentParser(description='Nova join Install Options')
parser.add_argument('--version',
action='version', version='%(prog)s 0.1')
parser.add_argument('--hostname',
help='Machine\'s fully qualified host name')
parser.add_argument('--user',
help='User that nova services run as',
default='nova')
parser.add_argument('--principal', dest='principal',
help='principal to use to for IPA host management')
parser.add_argument('--principal', dest='principal', default='admin',
help='principal to use to setup IPA integration')
parser.add_argument('--password', dest='password',
help='password for the principal')
parser.add_argument('--prompt_password', dest='prompt_password',
action='store_true', default=False,
help='prompt for the principal password')
parser.add_argument('--password-file', dest='passwordfile',
help='path to file containing password for '
'the principal')
args = vars(parser.parse_args())
if not args['principal']:
args['principal'] = user_input("User authorized to manage hosts")
args['principal'] = user_input("IPA admin user", "admin",
allow_empty=False)
if args['passwordfile']:
try:
with open(args['passwordfile']) as f:
args['password'] = f.read()
except IOError as e:
raise ConfigurationError('Unable to read password file: %s'
% e)
if not args['password']:
try:
args['password'] = getpass.getpass("Password: ")
args['password'] = getpass.getpass("Password for %s: " %
args['principal'])
except EOFError:
password = None
if not args['password']:
@ -268,6 +265,4 @@ if __name__ == '__main__':
logger.info('Installation complete.')
logger.info(
'Please restart nova-compute to enable the join service.')
logger.info(
'The freeipa.json metadata needs to be added using Horizon')
sys.exit(out)