Clean up options: remove cacert, add password-file
Remove the unused cacert option. Rely instead on system certificates. Add password-file option to pass in the IPA admin password. Use the IPA-provided user_input which is more robust. Drop message about loading metadata as it is done automatically now.
This commit is contained in:
parent
0a7a89cf34
commit
61d08ba025
|
@ -44,8 +44,6 @@ CONF.register_opts([
|
||||||
cfg.StrOpt('service_name', default=None,
|
cfg.StrOpt('service_name', default=None,
|
||||||
help='HTTP IPA Kerberos service name '
|
help='HTTP IPA Kerberos service name '
|
||||||
'(e.g. HTTP@ipa.host.domain)'),
|
'(e.g. HTTP@ipa.host.domain)'),
|
||||||
cfg.StrOpt('cacert', default='/etc/ipa/ca.crt',
|
|
||||||
help='CA certificate for use with https to IPA'),
|
|
||||||
cfg.StrOpt('domain', default='test',
|
cfg.StrOpt('domain', default='test',
|
||||||
help='Domain for new hosts'),
|
help='Domain for new hosts'),
|
||||||
cfg.IntOpt('connect_retries', default=1,
|
cfg.IntOpt('connect_retries', default=1,
|
||||||
|
|
|
@ -30,7 +30,7 @@ from string import Template
|
||||||
from six.moves import input
|
from six.moves import input
|
||||||
from six.moves.configparser import ConfigParser
|
from six.moves.configparser import ConfigParser
|
||||||
from ipalib.config import Env
|
from ipalib.config import Env
|
||||||
from ipapython.ipautil import run, kinit_password
|
from ipapython.ipautil import run, kinit_password, user_input
|
||||||
|
|
||||||
|
|
||||||
DATADIR = '/usr/share/novajoin'
|
DATADIR = '/usr/share/novajoin'
|
||||||
|
@ -86,16 +86,6 @@ def write_from_template(destfile, template, opts):
|
||||||
logger.debug(text)
|
logger.debug(text)
|
||||||
|
|
||||||
|
|
||||||
def user_input(prompt):
|
|
||||||
while True:
|
|
||||||
try:
|
|
||||||
ret = input("%s: " % prompt)
|
|
||||||
if ret.strip():
|
|
||||||
return ret.strip()
|
|
||||||
except EOFError:
|
|
||||||
raise ConfigurationError('Failed to get user input')
|
|
||||||
|
|
||||||
|
|
||||||
def install(args):
|
def install(args):
|
||||||
logger.info('Installation initiated')
|
logger.info('Installation initiated')
|
||||||
|
|
||||||
|
@ -179,16 +169,16 @@ def install(args):
|
||||||
os.chmod('/etc/nova/ipauser.keytab', 0o600)
|
os.chmod('/etc/nova/ipauser.keytab', 0o600)
|
||||||
|
|
||||||
logger.info('Importing IPA metadata')
|
logger.info('Importing IPA metadata')
|
||||||
(stdin, stdout, returncode) = run(
|
(stdout, stderr, returncode) = run(
|
||||||
['glance',
|
['glance',
|
||||||
'md-namespace-import',
|
'md-namespace-import',
|
||||||
'--file',
|
'--file',
|
||||||
'/usr/share/freeipa.json'], raiseonerr=False)
|
'/usr/share/freeipa.json'], raiseonerr=False)
|
||||||
if returncode != 0:
|
if returncode != 0:
|
||||||
logger.error('Adding IPA metadata failed')
|
logger.error('Adding IPA metadata failed: %s' % stderr)
|
||||||
|
|
||||||
logger.info('Creating IPA permissions')
|
logger.info('Creating IPA permissions')
|
||||||
(stdin, stdout, returncode) = run(
|
(stdout, stderr, returncode) = run(
|
||||||
['/usr/libexec/novajoin-ipa-setup.sh'], raiseonerr=False)
|
['/usr/libexec/novajoin-ipa-setup.sh'], raiseonerr=False)
|
||||||
if returncode != 0:
|
if returncode != 0:
|
||||||
logger.error('Creating IPA permissions failed')
|
logger.error('Creating IPA permissions failed')
|
||||||
|
@ -196,29 +186,36 @@ def install(args):
|
||||||
|
|
||||||
def parse_args():
|
def parse_args():
|
||||||
parser = argparse.ArgumentParser(description='Nova join Install Options')
|
parser = argparse.ArgumentParser(description='Nova join Install Options')
|
||||||
parser.add_argument('--version',
|
|
||||||
action='version', version='%(prog)s 0.1')
|
|
||||||
parser.add_argument('--hostname',
|
parser.add_argument('--hostname',
|
||||||
help='Machine\'s fully qualified host name')
|
help='Machine\'s fully qualified host name')
|
||||||
parser.add_argument('--user',
|
parser.add_argument('--user',
|
||||||
help='User that nova services run as',
|
help='User that nova services run as',
|
||||||
default='nova')
|
default='nova')
|
||||||
parser.add_argument('--principal', dest='principal',
|
parser.add_argument('--principal', dest='principal', default='admin',
|
||||||
help='principal to use to for IPA host management')
|
help='principal to use to setup IPA integration')
|
||||||
parser.add_argument('--password', dest='password',
|
parser.add_argument('--password', dest='password',
|
||||||
help='password for the principal')
|
help='password for the principal')
|
||||||
parser.add_argument('--prompt_password', dest='prompt_password',
|
parser.add_argument('--password-file', dest='passwordfile',
|
||||||
action='store_true', default=False,
|
help='path to file containing password for '
|
||||||
help='prompt for the principal password')
|
'the principal')
|
||||||
|
|
||||||
args = vars(parser.parse_args())
|
args = vars(parser.parse_args())
|
||||||
|
|
||||||
if not args['principal']:
|
if not args['principal']:
|
||||||
args['principal'] = user_input("User authorized to manage hosts")
|
args['principal'] = user_input("IPA admin user", "admin",
|
||||||
|
allow_empty=False)
|
||||||
|
|
||||||
|
if args['passwordfile']:
|
||||||
|
try:
|
||||||
|
with open(args['passwordfile']) as f:
|
||||||
|
args['password'] = f.read()
|
||||||
|
except IOError as e:
|
||||||
|
raise ConfigurationError('Unable to read password file: %s'
|
||||||
|
% e)
|
||||||
if not args['password']:
|
if not args['password']:
|
||||||
try:
|
try:
|
||||||
args['password'] = getpass.getpass("Password: ")
|
args['password'] = getpass.getpass("Password for %s: " %
|
||||||
|
args['principal'])
|
||||||
except EOFError:
|
except EOFError:
|
||||||
password = None
|
password = None
|
||||||
if not args['password']:
|
if not args['password']:
|
||||||
|
@ -268,6 +265,4 @@ if __name__ == '__main__':
|
||||||
logger.info('Installation complete.')
|
logger.info('Installation complete.')
|
||||||
logger.info(
|
logger.info(
|
||||||
'Please restart nova-compute to enable the join service.')
|
'Please restart nova-compute to enable the join service.')
|
||||||
logger.info(
|
|
||||||
'The freeipa.json metadata needs to be added using Horizon')
|
|
||||||
sys.exit(out)
|
sys.exit(out)
|
||||||
|
|
Loading…
Reference in New Issue