From cdb6f11205b9616449a8744368f31c45ed8ec216 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 18 Aug 2016 13:41:59 -0400 Subject: [PATCH] Add Keystone options to template, installer. Add log location Remove some unused options in the Keystone configuration and add options so the installer can automatically configure things to work without manual changes. Add a log_dir to the configuration so all logging is saved. --- files/join.conf.template | 18 ++++++------------ scripts/novajoin-install | 32 +++++++++++++++++++++++++++++--- 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/files/join.conf.template b/files/join.conf.template index 682ceac..bebe1dc 100644 --- a/files/join.conf.template +++ b/files/join.conf.template @@ -3,7 +3,7 @@ join_listen_port = 9999 api_paste_config = /etc/join/api-paste.ini debug = True auth_strategy=keystone - +log_dir=/var/log/novajoin keytab = /etc/join/krb5.keytab url = https://$MASTER/ipa/json domain = $DOMAIN @@ -12,14 +12,8 @@ cacert = /etc/ipa/ca.crt connect_retries = 1 [keystone_authtoken] -memcache_servers = 192.168.0.253:11211 -signing_dir = /var/cache/nova -#cafile = /path/to/ca-bundle.pem -auth_uri = http://192.168.0.253:5000 -project_domain_id = default -project_name = service -user_domain_id = default -password = password -username = nova -auth_url = http://192.168.0.253:35357 -auth_type = password +auth_uri = $KEYSTONE_AUTH +admin_password = $NOVA_PASSWORD +admin_user = nova +admin_tenant_name = services +identity_uri = $KEYSTONE_IDENTITY diff --git a/scripts/novajoin-install b/scripts/novajoin-install index f3e5939..a05efdf 100755 --- a/scripts/novajoin-install +++ b/scripts/novajoin-install @@ -144,7 +144,11 @@ def install(args): confopts = {'FQDN': args['hostname'], 'MASTER': api.env.server, # pylint: disable=no-member - 'DOMAIN': api.env.domain} # pylint: disable=no-member + 'DOMAIN': api.env.domain, # pylint: disable=no-member + 'KEYSTONE_AUTH': args['keystone_auth'], + 'KEYSTONE_IDENTITY': args['keystone_identity'], + 'NOVA_PASSWORD': args['nova_password'], + } write_from_template(JOINCONF, os.path.join(DATADIR, 'join.conf.template'), @@ -186,7 +190,7 @@ def install(args): ['glance', 'md-namespace-import', '--file', - '/usr/share/freeipa.json'], raiseonerr=False) + '/usr/share/novajoin/freeipa.json'], raiseonerr=False) if returncode != 0: logger.error('Adding IPA metadata failed: %s' % stderr) @@ -211,6 +215,12 @@ def parse_args(): parser.add_argument('--password-file', dest='passwordfile', help='path to file containing password for ' 'the principal') + parser.add_argument('--keystone-auth', dest='keystone_auth', + help='Keystone auth URI') + parser.add_argument('--keystone-identity', dest='keystone_identity', + help='Keystone identity URI') + parser.add_argument('--nova-password', dest='nova_password', + help='Nova service user password') args = vars(parser.parse_args()) @@ -230,7 +240,7 @@ def parse_args(): args['password'] = getpass.getpass("Password for %s: " % args['principal']) except EOFError: - password = None + args['password'] = None if not args['password']: raise ConfigurationError('Password must be provided.') @@ -241,6 +251,22 @@ def parse_args(): raise ConfigurationError('Hostname: %s is not a FQDN' % args['hostname']) + if not args['keystone_auth']: + args['keystone_auth'] = user_input("Keysone auth URI", "", + allow_empty=False) + + if not args['keystone_identity']: + args['keystone_identity'] = user_input("Keysone identity URI", "", + allow_empty=False) + + if not args['nova_password']: + try: + args['nova_password'] = getpass.getpass("nova service Password: ") + except EOFError: + args['nova_password'] = None + if not args['nova_password']: + raise ConfigurationError('nova service user password required.') + try: pwd.getpwnam(args['user']) except KeyError: