Clean up options: remove cacert, add password-file
Remove the unused cacert option. Rely instead on system certificates. Add password-file option to pass in the IPA admin password. Use the IPA-provided user_input which is more robust. Drop message about loading metadata as it is done automatically now.
This commit is contained in:
parent
0a7a89cf34
commit
61d08ba025
|
@ -44,8 +44,6 @@ CONF.register_opts([
|
|||
cfg.StrOpt('service_name', default=None,
|
||||
help='HTTP IPA Kerberos service name '
|
||||
'(e.g. HTTP@ipa.host.domain)'),
|
||||
cfg.StrOpt('cacert', default='/etc/ipa/ca.crt',
|
||||
help='CA certificate for use with https to IPA'),
|
||||
cfg.StrOpt('domain', default='test',
|
||||
help='Domain for new hosts'),
|
||||
cfg.IntOpt('connect_retries', default=1,
|
||||
|
|
|
@ -30,7 +30,7 @@ from string import Template
|
|||
from six.moves import input
|
||||
from six.moves.configparser import ConfigParser
|
||||
from ipalib.config import Env
|
||||
from ipapython.ipautil import run, kinit_password
|
||||
from ipapython.ipautil import run, kinit_password, user_input
|
||||
|
||||
|
||||
DATADIR = '/usr/share/novajoin'
|
||||
|
@ -86,16 +86,6 @@ def write_from_template(destfile, template, opts):
|
|||
logger.debug(text)
|
||||
|
||||
|
||||
def user_input(prompt):
|
||||
while True:
|
||||
try:
|
||||
ret = input("%s: " % prompt)
|
||||
if ret.strip():
|
||||
return ret.strip()
|
||||
except EOFError:
|
||||
raise ConfigurationError('Failed to get user input')
|
||||
|
||||
|
||||
def install(args):
|
||||
logger.info('Installation initiated')
|
||||
|
||||
|
@ -179,16 +169,16 @@ def install(args):
|
|||
os.chmod('/etc/nova/ipauser.keytab', 0o600)
|
||||
|
||||
logger.info('Importing IPA metadata')
|
||||
(stdin, stdout, returncode) = run(
|
||||
(stdout, stderr, returncode) = run(
|
||||
['glance',
|
||||
'md-namespace-import',
|
||||
'--file',
|
||||
'/usr/share/freeipa.json'], raiseonerr=False)
|
||||
if returncode != 0:
|
||||
logger.error('Adding IPA metadata failed')
|
||||
logger.error('Adding IPA metadata failed: %s' % stderr)
|
||||
|
||||
logger.info('Creating IPA permissions')
|
||||
(stdin, stdout, returncode) = run(
|
||||
(stdout, stderr, returncode) = run(
|
||||
['/usr/libexec/novajoin-ipa-setup.sh'], raiseonerr=False)
|
||||
if returncode != 0:
|
||||
logger.error('Creating IPA permissions failed')
|
||||
|
@ -196,29 +186,36 @@ def install(args):
|
|||
|
||||
def parse_args():
|
||||
parser = argparse.ArgumentParser(description='Nova join Install Options')
|
||||
parser.add_argument('--version',
|
||||
action='version', version='%(prog)s 0.1')
|
||||
parser.add_argument('--hostname',
|
||||
help='Machine\'s fully qualified host name')
|
||||
parser.add_argument('--user',
|
||||
help='User that nova services run as',
|
||||
default='nova')
|
||||
parser.add_argument('--principal', dest='principal',
|
||||
help='principal to use to for IPA host management')
|
||||
parser.add_argument('--principal', dest='principal', default='admin',
|
||||
help='principal to use to setup IPA integration')
|
||||
parser.add_argument('--password', dest='password',
|
||||
help='password for the principal')
|
||||
parser.add_argument('--prompt_password', dest='prompt_password',
|
||||
action='store_true', default=False,
|
||||
help='prompt for the principal password')
|
||||
parser.add_argument('--password-file', dest='passwordfile',
|
||||
help='path to file containing password for '
|
||||
'the principal')
|
||||
|
||||
args = vars(parser.parse_args())
|
||||
|
||||
if not args['principal']:
|
||||
args['principal'] = user_input("User authorized to manage hosts")
|
||||
args['principal'] = user_input("IPA admin user", "admin",
|
||||
allow_empty=False)
|
||||
|
||||
if args['passwordfile']:
|
||||
try:
|
||||
with open(args['passwordfile']) as f:
|
||||
args['password'] = f.read()
|
||||
except IOError as e:
|
||||
raise ConfigurationError('Unable to read password file: %s'
|
||||
% e)
|
||||
if not args['password']:
|
||||
try:
|
||||
args['password'] = getpass.getpass("Password: ")
|
||||
args['password'] = getpass.getpass("Password for %s: " %
|
||||
args['principal'])
|
||||
except EOFError:
|
||||
password = None
|
||||
if not args['password']:
|
||||
|
@ -268,6 +265,4 @@ if __name__ == '__main__':
|
|||
logger.info('Installation complete.')
|
||||
logger.info(
|
||||
'Please restart nova-compute to enable the join service.')
|
||||
logger.info(
|
||||
'The freeipa.json metadata needs to be added using Horizon')
|
||||
sys.exit(out)
|
||||
|
|
Loading…
Reference in New Issue