x
/
novajoin
Code Issues Proposed changes

Clean up options: remove cacert, add password-file 

Remove the unused cacert option. Rely instead on system certificates.

Add password-file option to pass in the IPA admin password.

Use the IPA-provided user_input which is more robust.

Drop message about loading metadata as it is done automatically now.
This commit is contained in:
Rob Crittenden 2016-02-25 21:10:45 +00:00
parent 0a7a89cf34
commit 61d08ba025
2 changed files with 20 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
novajoin/hooks.py
View File

@ -44,8 +44,6 @@ CONF.register_opts([
cfg.StrOpt('service_name', default=None, cfg.StrOpt('service_name', default=None,
help='HTTP IPA Kerberos service name ' help='HTTP IPA Kerberos service name '
'(e.g. HTTP@ipa.host.domain)'), '(e.g. HTTP@ipa.host.domain)'),
cfg.StrOpt('cacert', default='/etc/ipa/ca.crt',
help='CA certificate for use with https to IPA'),
cfg.StrOpt('domain', default='test', cfg.StrOpt('domain', default='test',
help='Domain for new hosts'), help='Domain for new hosts'),
cfg.IntOpt('connect_retries', default=1, cfg.IntOpt('connect_retries', default=1,

45
scripts/novajoin-install
View File

@ -30,7 +30,7 @@ from string import Template
from six.moves import input from six.moves import input
from six.moves.configparser import ConfigParser from six.moves.configparser import ConfigParser
from ipalib.config import Env from ipalib.config import Env
from ipapython.ipautil import run, kinit_password from ipapython.ipautil import run, kinit_password, user_input
DATADIR = '/usr/share/novajoin' DATADIR = '/usr/share/novajoin'
@ -86,16 +86,6 @@ def write_from_template(destfile, template, opts):
logger.debug(text) logger.debug(text)
def user_input(prompt):
while True:
try:
ret = input("%s: " % prompt)
if ret.strip():
return ret.strip()
except EOFError:
raise ConfigurationError('Failed to get user input')
def install(args): def install(args):
logger.info('Installation initiated') logger.info('Installation initiated')
@ -179,16 +169,16 @@ def install(args):
os.chmod('/etc/nova/ipauser.keytab', 0o600) os.chmod('/etc/nova/ipauser.keytab', 0o600)
logger.info('Importing IPA metadata') logger.info('Importing IPA metadata')
(stdin, stdout, returncode) = run( (stdout, stderr, returncode) = run(
['glance', ['glance',
'md-namespace-import', 'md-namespace-import',
'--file', '--file',
'/usr/share/freeipa.json'], raiseonerr=False) '/usr/share/freeipa.json'], raiseonerr=False)
if returncode != 0: if returncode != 0:
logger.error('Adding IPA metadata failed') logger.error('Adding IPA metadata failed: %s' % stderr)
logger.info('Creating IPA permissions') logger.info('Creating IPA permissions')
(stdin, stdout, returncode) = run( (stdout, stderr, returncode) = run(
['/usr/libexec/novajoin-ipa-setup.sh'], raiseonerr=False) ['/usr/libexec/novajoin-ipa-setup.sh'], raiseonerr=False)
if returncode != 0: if returncode != 0:
logger.error('Creating IPA permissions failed') logger.error('Creating IPA permissions failed')
@ -196,29 +186,36 @@ def install(args):
def parse_args(): def parse_args():
parser = argparse.ArgumentParser(description='Nova join Install Options') parser = argparse.ArgumentParser(description='Nova join Install Options')
parser.add_argument('--version',
action='version', version='%(prog)s 0.1')
parser.add_argument('--hostname', parser.add_argument('--hostname',
help='Machine\'s fully qualified host name') help='Machine\'s fully qualified host name')
parser.add_argument('--user', parser.add_argument('--user',
help='User that nova services run as', help='User that nova services run as',
default='nova') default='nova')
parser.add_argument('--principal', dest='principal', parser.add_argument('--principal', dest='principal', default='admin',
help='principal to use to for IPA host management') help='principal to use to setup IPA integration')
parser.add_argument('--password', dest='password', parser.add_argument('--password', dest='password',
help='password for the principal') help='password for the principal')
parser.add_argument('--prompt_password', dest='prompt_password', parser.add_argument('--password-file', dest='passwordfile',
action='store_true', default=False, help='path to file containing password for '
help='prompt for the principal password') 'the principal')
args = vars(parser.parse_args()) args = vars(parser.parse_args())
if not args['principal']: if not args['principal']:
args['principal'] = user_input("User authorized to manage hosts") args['principal'] = user_input("IPA admin user", "admin",
allow_empty=False)
if args['passwordfile']:
try:
with open(args['passwordfile']) as f:
args['password'] = f.read()
except IOError as e:
raise ConfigurationError('Unable to read password file: %s'
% e)
if not args['password']: if not args['password']:
try: try:
args['password'] = getpass.getpass("Password: ") args['password'] = getpass.getpass("Password for %s: " %
args['principal'])
except EOFError: except EOFError:
password = None password = None
if not args['password']: if not args['password']:
@ -268,6 +265,4 @@ if __name__ == '__main__':
logger.info('Installation complete.') logger.info('Installation complete.')
logger.info( logger.info(
'Please restart nova-compute to enable the join service.') 'Please restart nova-compute to enable the join service.')
logger.info(
'The freeipa.json metadata needs to be added using Horizon')
sys.exit(out) sys.exit(out)