diff options
| author | Sean Pryor <spryor@redhat.com> | 2017-09-28 11:29:45 -0400 |
|---|---|---|
| committer | Sean Pryor <spryor@redhat.com> | 2017-09-28 11:29:45 -0400 |
| commit | 874508da8fb6d769dd5f48e94afabd7db7e56025 (patch) | |
| tree | fcb8dd48292792be18ec597a807c9602511ea410 | |
| parent | 3d31f7396fbb0839e9b1fa2c88778eda04bc1341 (diff) | |
| download | openstack-access-policy-874508da8fb6d769dd5f48e94afabd7db7e56025.tar.gz openstack-access-policy-874508da8fb6d769dd5f48e94afabd7db7e56025.tar.xz openstack-access-policy-874508da8fb6d769dd5f48e94afabd7db7e56025.zip | |
Removed the extra sevone files
Change-Id: I33d16ce0bef1104bf91c06c73a09516ef1fcf5cc
| -rw-r--r-- | files/SevoneOSPprereqs_MOPV_1.13.txt | 306 | ||||
| -rw-r--r-- | files/backupdir.tar | bin | 71680 -> 0 bytes | |||
| -rwxr-xr-x | files/logging.sh | 87 | ||||
| -rwxr-xr-x | files/nova_sevone.sh | 13 | ||||
| -rwxr-xr-x | files/push_readonly_policies_to_overcloud.sh | 144 | ||||
| -rwxr-xr-x | files/restore_default_OSP_policies_on_overcloud.sh | 129 | ||||
| -rw-r--r-- | files/sevone.sudoers | 1 | ||||
| -rw-r--r-- | files/snmpd.conf | 74 |
8 files changed, 0 insertions, 754 deletions
diff --git a/files/SevoneOSPprereqs_MOPV_1.13.txt b/files/SevoneOSPprereqs_MOPV_1.13.txt deleted file mode 100644 index cfcfb20..0000000 --- a/files/SevoneOSPprereqs_MOPV_1.13.txt +++ /dev/null @@ -1,306 +0,0 @@ -=========================== -Sevone Manual Configuration -=========================== - -These are the post installation steps to configure an OpenStack deployment for Sevone. -This includes creating the Sevone linux accounts, readonly role and policy, ssh keys, -sudoers, SNMP, and logging configurations. All steps will be run as the stack user on -the OSP director box with the overcloudrc sourced. - - -============= -Foreword -============= - -In v1.10 of this document, all of the commands related to the overcloud nodes have now -been integrated into the templates (WCNEC1 was the first site to receive the updated -templates). There are no actions left to be manually performed on the overcloud nodes. -There are also no verifications left to perform on the overcloud nodes since the tooling -associated with the templates has already been Q/A’ed. If issues/modifications are -needed, they will need to be taken to the team for writing/integrating into the -templates. The only actions left are performed on the undercloud since these cannot be -integrated into OSP-Director. - -============= -Verification of templates level -============= - -To verify that your version of the templates include the Sevone pre-requisities payload, -please perform the following on the undercloud: - -[stack@ospdirector ~]$ grep -A6 Snmp templates/network-environment.yaml - - Expect the following output: - -$ grep -A6 Snmp templates/network-environment.yaml - SnmpTrapTarget1: '192.168.70.83' - SnmpTrapTarget2: '192.168.78.83' - SnmpRoUser: 'sev1snmpuser' - SnmpRoUserPassword: 'Mua12345' - # Rsyslog parameters (Used in /etc/rsyslog.d/client.conf) - SyslogTarget1: '192.168.70.83' - SyslogTarget2: '192.168.78.83' - - #InternalApiNetCidr: 'fd00:4888:2000:f002::/64' - InternalApiNetCidr: 192.168.1.0/24 - - - -If the keywords SnmpTrapTarget1, SnmpTrapTarget2, SnmpRoUser, SnmpRoUserPassword, -SyslogTarget1 and SyslogTarget2 are not all present, then it means your version of the -templates does -NOT- include the Sevone pre-requisites. Please STOP reading this document NOW -and obtain the latest version before continuing!!!! - -============= -User creation -============= - -In this section you will create the Sevone linux user on the controller nodes and the OSP director. - -Create the Sevone linux user on the OSP director - - -[stack@ospdirector ~]$ sudo groupadd --gid 6005 sevone -[stack@ospdirector ~]$ sudo useradd --uid 6005 --gid sevone sevone -[stack@ospdirector ~]$ id sevone - -Openstack role creation - -In this section you will create the readonly role for the overcloud - -[stack@ospdirector ~]$ openstack role create readonly - -============= -Policy Extraction -============= - -In this section you will create the policy directory structure under the stack user, create the policy.json files for -the OpenStack services, and upload them to the controller nodes. You will be supplied a policydir_osp10_v1.XY.tar.gz -file with this documentation. This file should be placed in the /home/stack home directory. This file will typically -be named with digits in place of XY, eg: policydir_osp10_v1.04.tar.gz - - I. Untar policydir_osp10_v1.04.tar.gz - -[stack@ospdirector ~]$ tar -xzvf /home/stack/policydir_osp10_v1.04.tar.gz - -============== -Setup ssh keys -============== - -In this section you will distribute the ssh public keys to the Sevone accounts on the controllers and OSP director. If an ssh key is not provided by your team, see instructions in Appendix B for generating one. - - I. Create the public key file. The utility ssh-keygen can be used to generate a new key or you can provide your own. - -[stack@ospdirector ~]$ cat << EOF > ~/id_rsa.pub -ssh-rsa -<Insert the content of your generated key here> root@SevOne -EOF - - II. Distribute the ssh keys to the controllers - -[stack@ospdirector ~]$ for i in $(nova host-list | \ -awk '/consoleauth/ {split($2,a,"."); print a[1]}') ; \ -do echo $i ; cat id_rsa.pub | \ -ssh heat-admin@$i "sudo sh -c 'cat >> /home/sevone/.ssh/authorized_keys'" ; done - -[stack@ospdirector ~]$ for i in $(nova host-list | \ -awk '/consoleauth/ {split($2,a,"."); print a[1]}') ; \ -do echo $i ; \ -ssh heat-admin@$i sudo chown sevone:sevone /home/sevone/.ssh/authorized_keys ; done - -[stack@ospdirector ~]$ for i in $(nova host-list | \ -awk '/consoleauth/ {split($2,a,"."); print a[1]}') ; \ -do echo $i ; \ -ssh heat-admin@$i sudo chmod 600 /home/sevone/.ssh/authorized_keys ; done - - - III. Distribute the ssh keys to the OSP director - -[stack@ospdirector ~]$ sudo mkdir /home/sevone/.ssh -[stack@ospdirector ~]$ sudo chown sevone:sevone /home/sevone/.ssh -[stack@ospdirector ~]$ sudo chmod 700 /home/sevone/.ssh -[stack@ospdirector ~]$ sudo cp id_rsa.pub /home/sevone/.ssh/authorized_keys -[stack@ospdirector ~]$ sudo chown sevone:sevone /home/sevone/.ssh/authorized_keys -[stack@ospdirector ~]$ sudo chmod 600 /home/sevone/.ssh/authorized_keys - -================== -Setup sudoers file -================== - -In this section you will distribute the Sevone sudoers file to the controllers and the OSP director and set -up the Sevone nova script. - - I. Ensure the nova script for Sevone is in place with the correct permissions. - -[stack@ospdirector ~]$ sudo mkdir /opt/sevone -[stack@ospdirector ~]$ sudo cp ~/policydir/files/nova_sevone.sh /opt/sevone/ -[stack@ospdirector ~]$ sudo chown stack:stack /opt/sevone/nova_sevone.sh -[stack@ospdirector ~]$ sudo chmod 700 /opt/sevone/nova_sevone.sh - - II. Add the additional line to the sevone sudoers file so that the nova script can be called on -the OSP director - -[stack@ospdirector ~]$ sudo echo "sevone ALL=(stack) NOPASSWD:/opt/sevone/nova_sevone.sh" \ ->> ~/policydir/files/sevone.sudoers - - III. Distribute the sevone file to the OSP director - -[stack@ospdirector ~]$ sudo cp ~/policydir/files/sevone.sudoers /etc/sudoers.d/sevone -[stack@ospdirector ~]$ sudo chmod 600 /etc/sudoers.d/sevone -[stack@ospdirector ~]$ sudo -l -U sevone - - IV. Test that sevone user can perform the required commands. If sevone has no password, this step -may first require logging in as root - -[stack@ospdirector ~]$ sudo su - -[root@ospdirector ~]# su - sevone -[sevone@ospdirector ~]$ sudo -u stack /opt/sevone/nova_sevone.sh -[sevone@ospdirector ~]$ ls /tmp/sevone/ -[sevone@ospdirector ~]$ exit -[root@ospdirector ~]# exit -[stack@ospdirector ~]$ - - VI. Allow the sevone user to query mysql status - -[root@slmsc2ctl0 ~]# mysql -e “create user 'sevone'@'localhost';" - -If during this step, you exit the current shell session instead of escalating to root, you will need to -re-source overcloudrc before continuing. - -================== -SNMP configuration -================== - -In this section you will create the SNMP user for Sevone and distribute the SNMP configuration to -OpenStack. You will need to supply the IPV4 addresses for the trap target destinations and a password. -The same password should be used throughout the OSP environment including the OSP director, all -controllers, and all computes. If a password is not provided by your team, see instructions in Appendix A -for generating one. - - I. Create the SNMP user on the OSP director - - -[stack@ospdirector ~]$ sudo systemctl stop snmpd -[stack@ospdirector ~]$ sudo net-snmp-create-v3-user -ro -A <ProvideSnmpPasswordHere> -a SHA \ --X <ProvideSnmpPasswordHere> -x AES sev1snmpuser - - II. Prepare the SNMP configuration file - -[stack@ospdirector ~]$ TRAPDEST1=<Enter First Destination IP> -[stack@ospdirector ~]$ TRAPDEST2=<Enter Second Destination IP> -[stack@ospdirector ~]$ echo -e "TRAPDEST1 = ${TRAPDEST1}\nTRAPDEST2 = ${TRAPDEST2}" -[stack@ospdirector ~]$ sed -i "s/TRAPTARGET1/$TRAPDEST1/" ~/policydir/files/snmpd.conf -[stack@ospdirector ~]$ sed -i "s/TRAPTARGET2/$TRAPDEST2/" ~/policydir/files/snmpd.conf - - III. Distribute the SNMP configuration file to the OSP director - -[stack@ospdirector ~]$ sudo systemctl stop snmpd -[stack@ospdirector ~]$ sudo cp ~/policydir/files/snmpd.conf /etc/snmp/snmpd.local.conf -[stack@ospdirector ~]$ sudo sed -i s/REPLACEENGINEID/$(hostname -s)/ /etc/snmp/snmpd.local.conf -[stack@ospdirector ~]$ sudo chown root:root /etc/snmp/snmpd.local.conf -[stack@ospdirector ~]$ sudo chmod 644 /etc/snmp/snmpd.local.conf -[stack@ospdirector ~]$ sudo restorecon -rv /etc/snmp -[stack@ospdirector ~]$ sudo systemctl start snmpd -[stack@ospdirector ~]$ sudo systemctl status snmpd | grep 'Active:' - -================= -Log configuration -================= - -In this section you will configure logging in OpenStack. You will need to provide the IPV4 addresses of the rsyslog target servers. - - I. Create the client configuration file - -[stack@ospdirector ~]$ cat << EOF > ~/client.conf -*.* @SYSLOGTARGET1:PORTNUM -*.* @SYSLOGTARGET2:PORTNUM -EOF - -[stack@ospdirector ~]$ SYSLOGDEST1=<Enter First Destination IP> -[stack@ospdirector ~]$ SYSLOGDEST2=<Enter Second Destination IP> -[stack@ospdirector ~]$ echo -e "SYSLOGDEST1 = ${SYSLOGDEST1}\nSYSLOGDEST2 = ${SYSLOGDEST2}" -[stack@ospdirector ~]$ sed -i s/SYSLOGTARGET1/$SYSLOGDEST1/ ~/client.conf -[stack@ospdirector ~]$ sed -i s/SYSLOGTARGET2/$SYSLOGDEST2/ ~/client.conf - - II. Configure logging for the overcloud and director - -[stack@ospdirector ~]$ chmod +x ~/policydir/files/logging.sh -[stack@ospdirector ~]$ ~/policydir/files/logging.sh - -======== -Appendix -======== - -A. Password Generation - - I. Creating a password (The length of the password can be adjusted via the variable in the ‘fold’ command): - - [stack@ospdirector ~]$ PASSWORD=`cat /dev/urandom | tr -dc ‘a-zA-Z0-9’ | fold -w 12 | head -n 1` - - II. Assigning a password to a user - - [stack@ospdirector ~]$ sudo "echo $PASSWORD | passwd --stdin $USER" - - -B. SSH Key Generation - - I. Creating an ssh key - A. Become the sevone user - - [stack@ospdirector ~]$ sudo su - sevone - - B. Run ssh-keygen accepting the default file to save the key and empty passphrase - - [sevone@ospdirector ~]$ ssh-keygen - Generating public/private rsa key pair. - Enter file in which to save the key (/home/sevone/.ssh/id_rsa): - Created directory '/home/sevone2/.ssh'. - Enter passphrase (empty for no passphrase): - Enter same passphrase again: - Your identification has been saved in /home/sevone/.ssh/id_rsa. - Your public key has been saved in /home/sevone/.ssh/id_rsa.pub. - The key fingerprint is: - bd:1c:24:3f:43:66:e8:ce:68:a7:06:52:8a:3f:ff:8a sevone2@slmsc2ospd.msc2.solk.lab.vzwnfv.com - The key's randomart image is: - +--[ RSA 2048]----+ - | | - | . | - | o = | - | . . O | - | . o S * | - |. o . + . = | - | . . .o + o | - | o. ..o | - | Eoo+o | - +-----------------+ - - -C. Reducing Log Message Quantity - - In their current configuration, many environments are producing more log messages than are necessary to appropriately debug the -system. One can change this configuration relatively easily by changing some settings in rsyslog.d. - - Edit the /etc/rsyslog.d/client.conf file on the director node - -[stack@ospdirector ~]$ sudo sed -i 's/\*\.\*/*.info/g' /etc/rsyslog.d/client.conf \ -&& cat /etc/rsyslog.d/client.conf && sudo systemctl restart rsyslog \ -&& sudo systemctl status -l rsyslog - - Edit the /etc/rsyslog.d/client.conf file on the controller nodes - -[stack@ospdirector ~]$ for i in $( nova hypervisor-list | \ -awk '/localdomain/ {print $4}' | sed s/.localdomain// | \ -sort -V) ; do echo $i >> rsyslog-level-change.txt; \ -ssh heat-admin@$i "sudo sed –i 's/^\*\.\*/\*\.info/' \ -/etc/rsyslog.d/client.conf && cat /etc/rsyslog.d/client.conf \ -&& sudo systemctl restart rsyslog && sudo systemctl status -l rsyslog" \ ->> rsyslog-level-change.txt; done - - Edit the /etc/rsyslog.d/client.conf file on the compute nodes - -[stack@ospdirector ~]$ for i in $(nova host-list | \ -awk '/consoleauth/ {split($2,a,"."); print a[1]}' | \ -sort -V) ; do echo $i >> rsyslog-level-change.txt; \ -ssh heat-admin@$i "sudo sed -i 's/^\*\.\*/\*\.info/' /etc/rsyslog.d/client.conf \ -&& cat /etc/rsyslog.d/client.conf && sudo systemctl restart rsyslog \ -&& sudo systemctl status -l rsyslog" >> rsyslog-level-change.txt; done diff --git a/files/backupdir.tar b/files/backupdir.tar Binary files differdeleted file mode 100644 index 24df6f3..0000000 --- a/files/backupdir.tar +++ /dev/null diff --git a/files/logging.sh b/files/logging.sh deleted file mode 100755 index f7a51a1..0000000 --- a/files/logging.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash - -if [ ! -e /home/stack/overcloudrc ]; then - echo "/home/stack/overcloudrc not found." - echo "exiting." - exit -fi - -source stackrc -echo "" -echo "Configuring local node for logging..." -echo "" -echo "Configuring glance-api..." - -sudo crudini --set /etc/glance/glance-api.conf DEFAULT use_syslog True; sudo crudini --set /etc/glance/glance-api.conf DEFAULT syslog_log_facility LOG_LOCAL1 - -echo -n "glance-api.conf use_syslog: " ; RESPONSE=$(sudo crudini --get /etc/glance/glance-api.conf DEFAULT use_syslog) ; echo "$RESPONSE" -echo -n "glance-api.conf syslog_log_facility: " ; RESPONSE=$(sudo crudini --get /etc/glance/glance-api.conf DEFAULT syslog_log_facility); echo "$RESPONSE" - -echo "" -echo "Configuring glance-registry..." - -sudo crudini --set /etc/glance/glance-registry.conf DEFAULT use_syslog True; sudo crudini --set /etc/glance/glance-registry.conf DEFAULT syslog_log_facility LOG_LOCAL1 - -echo -n "glance-registry.conf use_syslog: " ; RESPONSE=$(sudo crudini --get /etc/glance/glance-registry.conf DEFAULT use_syslog); echo "$RESPONSE" -echo -n "glance-registry.conf syslog_log_facility: " ; RESPONSE=$(sudo crudini --get /etc/glance/glance-registry.conf DEFAULT syslog_log_facility); echo "$RESPONSE" - -echo "" -echo "Configuring ceilometer..." - -sudo crudini --set /etc/ceilometer/ceilometer.conf DEFAULT use_syslog True; sudo crudini --set /etc/ceilometer/ceilometer.conf DEFAULT syslog_log_facility LOG_LOCAL4 - -echo -n "ceilometer.conf use_syslog: " ; RESPONSE=$(sudo crudini --get /etc/ceilometer/ceilometer.conf DEFAULT use_syslog); echo "$RESPONSE" -echo -n "ceilometer.conf syslog_log_facility: " ; RESPONSE=$(sudo crudini --get /etc/ceilometer/ceilometer.conf DEFAULT syslog_log_facility); echo "$RESPONSE" - -echo "" -echo "Configuring heat..." - -sudo crudini --set /etc/heat/heat.conf DEFAULT use_syslog True; sudo crudini --set /etc/heat/heat.conf DEFAULT syslog_log_facility LOG_LOCAL5 - -echo -n "heat.conf use_syslog: " ; RESPONSE=$(sudo crudini --get /etc/heat/heat.conf DEFAULT use_syslog); echo "$RESPONSE" -echo -n "heat.conf syslog_log_facility: " ; RESPONSE=$(sudo crudini --get /etc/heat/heat.conf DEFAULT syslog_log_facility); echo "$RESPONSE" - -echo "" -echo "Configuring keystone..." - -sudo crudini --set /etc/keystone/keystone.conf DEFAULT use_syslog True; sudo crudini --set /etc/keystone/keystone.conf DEFAULT syslog_log_facility LOG_LOCAL3 - -echo -n "keystone.conf use_syslog: " ; RESPONSE=$(sudo crudini --get /etc/keystone/keystone.conf DEFAULT use_syslog); echo "$RESPONSE" -echo -n "keystone.conf syslog_log_facility: " ; RESPONSE=$(sudo crudini --get /etc/keystone/keystone.conf DEFAULT syslog_log_facility); echo "$RESPONSE" - -echo "" -echo "Configuring neutron..." - -sudo crudini --set /etc/neutron/neutron.conf DEFAULT use_syslog True; sudo crudini --set /etc/neutron/neutron.conf DEFAULT syslog_log_facility LOG_LOCAL4 - -echo -n "neutron.conf use_syslog: " ; RESPONSE=$(sudo crudini --get /etc/neutron/neutron.conf DEFAULT use_syslog); echo "$RESPONSE" -echo -n "neutron.conf syslog_log_facility: " ; RESPONSE=$(sudo crudini --get /etc/neutron/neutron.conf DEFAULT syslog_log_facility); echo "$RESPONSE" - -echo "" -echo "Configuring nova..." - -sudo crudini --set /etc/nova/nova.conf DEFAULT use_syslog True; sudo crudini --set /etc/nova/nova.conf DEFAULT syslog_log_facility LOG_LOCAL0 - -echo -n "nova.conf use_syslog: " ; RESPONSE=$(sudo crudini --get /etc/nova/nova.conf DEFAULT use_syslog); echo "$RESPONSE" -echo -n "nova.conf syslog_log_facility: " ; RESPONSE=$(sudo crudini --get /etc/nova/nova.conf DEFAULT syslog_log_facility); echo "$RESPONSE" - -echo "" -echo "Setting up /etc/rsyslog.d/client.conf on localhost..." - -sudo cp client.conf /etc/rsyslog.d/client.conf -sudo sed -i s/PORTNUM/50001/g /etc/rsyslog.d/client.conf -sudo chown root:root /etc/rsyslog.d/client.conf -sudo chmod 644 /etc/rsyslog.d/client.conf - -echo "Restarting services on localhost..." - -sudo systemctl | awk '/openstack/ {print $1}' | xargs -n1 sudo systemctl restart -sudo systemctl restart rsyslog - -echo "Checking that services on localhost are active:" - -sleep 1 -sudo systemctl | awk '/openstack/ {print $1}' | xargs -n1 sudo systemctl status | grep "Active:" - -sleep 1 -sudo systemctl status rsyslog diff --git a/files/nova_sevone.sh b/files/nova_sevone.sh deleted file mode 100755 index 0f5ccf5..0000000 --- a/files/nova_sevone.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -trap '' INT TSTP -source /home/stack/overcloudrc -today=$(date +%Y-%m-%d-%H-%M-%S) -ospdname=$(hostname -s) - -# Check that folder exists -if [ ! -d /tmp/sevone/ ]; then /usr/bin/mkdir -p -m 777 /tmp/sevone; fi - -rm -rf /tmp/sevone/* -/usr/bin/nova hypervisor-list > /tmp/sevone/nova_hypervisor_list_$ospdname_$today.tmp -/usr/bin/nova hypervisor-stats > /tmp/sevone/nova_hypervisor_stats_$ospdname_$today.tmp -/usr/bin/nova list --all --fields id,name,OS-EXT-AZ:availability_zone,OS-EXT-SRV-ATTR:host,OS-EXT-SRV-ATTR:instance_name > /tmp/sevone/nova_list_$ospdname_$today.tmp diff --git a/files/push_readonly_policies_to_overcloud.sh b/files/push_readonly_policies_to_overcloud.sh deleted file mode 100755 index 208a5ed..0000000 --- a/files/push_readonly_policies_to_overcloud.sh +++ /dev/null @@ -1,144 +0,0 @@ -#!/bin/bash -# $Id$ -set -uf -o pipefail -CTLR_LIST="" -declare -A IP_LIST -src_config="" -dst_config="" -sev1_backup="" -svc_name="" -declare -i restart_svc=0 - -# This tool is used to push policies on the overcloud -[ "$BASH" ] && function whence -{ - type -p "$@" -} -# -TOP_DIR="$(cd $(/usr/bin/dirname $(whence -- $0 || echo $0));cd ..;pwd)" - - -# Sanity checks -if [ "x$(id -n -u)" = "xstack" ]; then - if [ -f ${HOME}/stackrc ]; then - stack_installed=OK - else - echo "(**) No ${HOME}/stackrc, exit!" ; exit 127 - fi -else - echo "(**) Not stack, exit!" ; exit 127 -fi - -if [ -r ${HOME}/overcloudrc ]; then - . ${HOME}/overcloudrc -else - echo "(**) No ${HOME}/overcloudrc, exit!" ; exit 127 -fi - -for mydir in "${TOP_DIR}/etc" "${TOP_DIR}/etc/nova" "${TOP_DIR}/etc/neutron" -do - if [ -d ${mydir} ]; then - echo "(II) Found directory ${mydir}..." - else - echo "(**) Directory ${mydir} not found! Exit!" ; exit 127 - fi -done - -# Verify syntax, abort if error.. -for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar -do - src_config="${TOP_DIR}/etc/${mysvc}/policy.json" - json_verify -q < ${src_config} - if [ $? -ne 0 ]; then - echo "Testing JSON syntax of ${src_config} failed!!" ; exit 127 - fi -done - -# Obtain list of Controllers from nova (they will be running consoleauth) -CTLR_LIST=$(nova host-list| awk '/consoleauth/ {split($2,a,".") ; print a[1]}'|xargs) -if [ "x${CTLR_LIST}" != "x" ]; then - echo "(II) Found controller(s): ${CTLR_LIST}" -else - echo "(**) Unable to find controllers running consoleauth!"; exit 127 -fi - - -# Obtain IP addresses from Controllers -. ${HOME}/stackrc -for myctrl in ${CTLR_LIST} -do - res=$(openstack server show -c addresses -f value ${myctrl}|sed -e 's/ctlplane=//g') - if [ "x${res}" != "x" ]; then - IP_LIST["${myctrl}"]="${res}" - fi -done -if [ ${#IP_LIST[@]} -gt 0 ]; then - echo "(II) Found this/these IP(s) for controller(s): ${IP_LIST[@]}" -else - echo "(**) Unable to find controllers IP Addresses!"; exit 127 -fi - -# Inject Services... -for myctrl in "${!IP_LIST[@]}" -do - myip=${IP_LIST[${myctrl}]} - # Test controller - echo -n "(II) Testing ssh/sudo access to controller ${myctrl} (${myip}): " - ssh -q heat-admin@${myip} sudo -l|grep -q 'ALL.*NOPASSWD.*ALL' - if [ $? -ne 0 ]; then - echo "NOK" ; exit 127 - else - echo "OK" - fi - - rsync -a ${TOP_DIR}/etc heat-admin@${myip}:/home/heat-admin - - for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar - do - src_config="/home/heat-admin/etc/${mysvc}/policy.json" - dst_config="/etc/${mysvc}/policy.json" - sev1_backup="${dst_config}.pre-sevone" - - # Take a backup, if not present already.. - ssh -q heat-admin@${myip} "sudo test -f ${sev1_backup}" - if [ $? -ne 0 ]; then - echo " (II) Taking a backup of ${dst_config} as ${sev1_backup}" - ssh -q heat-admin@${myip} "sudo test -f ${dst_config}" && ssh -q heat-admin@${myip} "sudo /bin/cp -afx ${dst_config} ${sev1_backup}" - fi - - # Compare files and copy if necessary... - ssh -q heat-admin@${myip} "sudo cmp -s ${src_config} ${dst_config}" - if [ $? -eq 0 ]; then - echo " (II) No update needed on ${myctrl}:${dst_config}" - else - # Overwrite service config file.... - echo " (WW) Updating ${myctrl}:${dst_config} with ${src_config}..." - ssh -q heat-admin@${myip} "sudo /bin/cp -f ${src_config} ${dst_config}" - - # Repairs permissions and SELinux context: - ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}" - ssh -q heat-admin@${myip} "sudo restorecon ${dst_config} 2>/dev/null" - - # This is disabled by default as restarting services isn't necessary for policy.json updates. - if [ ${restart_svc} -eq 1 ]; then - # Restart service appropriately... Only 'neutron' does not have an 'openstack' prefix in its service name - case "${mysvc}" in - neutron) - svc_name="${mysvc}" - ;; - *) - svc_name="openstack-${mysvc}" - ;; - esac - echo -n " (WW) Restarting (systemctl) ${svc_name}-\* services on ${myctrl} ..." - ssh -q heat-admin@${myip} sudo systemctl restart "${svc_name}-\*" && echo OK - fi - fi - done -done - -if [ $? -eq 0 ]; then - echo "(II) ALL done." -else - echo "(**) Failures seen, please check..." -fi
\ No newline at end of file diff --git a/files/restore_default_OSP_policies_on_overcloud.sh b/files/restore_default_OSP_policies_on_overcloud.sh deleted file mode 100755 index 7578543..0000000 --- a/files/restore_default_OSP_policies_on_overcloud.sh +++ /dev/null @@ -1,129 +0,0 @@ -#!/bin/bash -# $Id$ -set -uf -o pipefail -CTLR_LIST="" -declare -A IP_LIST -src_config="" -dst_config="" -sev1_backup="" -svc_name="" -declare -i restart_svc=0 - -# This tool is used to push policies on the overcloud -[ "$BASH" ] && function whence -{ - type -p "$@" -} -# -TOP_DIR="$(cd $(/usr/bin/dirname $(whence -- $0 || echo $0));cd ..;pwd)" - - -# Sanity checks -if [ "x$(id -n -u)" = "xstack" ]; then - if [ -f ${HOME}/stackrc ]; then - stack_installed=OK - else - echo "(**) No ${HOME}/stackrc, exit!" ; exit 127 - fi -else - echo "(**) Not stack, exit!" ; exit 127 -fi - -if [ -r ${HOME}/overcloudrc ]; then - . ${HOME}/overcloudrc -else - echo "(**) No ${HOME}/overcloudrc, exit!" ; exit 127 -fi - -for mydir in "${TOP_DIR}/etc" "${TOP_DIR}/etc/nova" "${TOP_DIR}/etc/neutron" -do - if [ -d ${mydir} ]; then - echo "(II) Found directory ${mydir}..." - else - echo "(**) Directory ${mydir} not found! Exit!" ; exit 127 - fi -done - -# Obtain list of Controllers from nova (they will be running consoleauth) -CTLR_LIST=$(nova host-list| awk '/consoleauth/ {split($2,a,".") ; print a[1]}'|xargs) -if [ "x${CTLR_LIST}" != "x" ]; then - echo "(II) Found controller(s): ${CTLR_LIST}" -else - echo "(**) Unable to find controllers running consoleauth!"; exit 127 -fi - - -# Obtain IP addresses from Controllers -. ${HOME}/stackrc -for myctrl in ${CTLR_LIST} -do - res=$(openstack server show -c addresses -f value ${myctrl}|sed -e 's/ctlplane=//g') - if [ "x${res}" != "x" ]; then - IP_LIST["${myctrl}"]="${res}" - fi -done -if [ ${#IP_LIST[@]} -gt 0 ]; then - echo "(II) Found this/these IP(s) for controller(s): ${IP_LIST[@]}" -else - echo "(**) Unable to find controllers IP Addresses!"; exit 127 -fi - -# Inject Services... -for myctrl in "${!IP_LIST[@]}" -do - myip=${IP_LIST[${myctrl}]} - # Test controller - echo -n "(II) Testing ssh/sudo access to controller ${myctrl} (${myip}): " - ssh -q heat-admin@${myip} sudo -l|grep -q 'ALL.*NOPASSWD.*ALL' - if [ $? -ne 0 ]; then - echo "NOK" ; exit 127 - else - echo "OK" - fi - - for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar - do - dst_config="/etc/${mysvc}/policy.json" - sev1_backup="${dst_config}.pre-sevone" - - # Restore backup, if already present, if not then just skip file.. - ssh -q heat-admin@${myip} "sudo test -f ${sev1_backup}" - if [ $? -eq 0 ]; then - - # Compare files and copy if necessary... - ssh -q heat-admin@${myip} "sudo cmp -s ${sev1_backup} ${dst_config}" - if [ $? -eq 0 ]; then - echo " (II) No update needed on ${myctrl}:${dst_config}" - else - # Overwrite service config file.... - echo " (WW) Restoring ${myctrl}:${sev1_backup} to ${myctrl}:${dst_config} ..." - ssh -q heat-admin@${myip} "sudo /bin/cp -afx ${sev1_backup} ${dst_config} && sudo /bin/rm -f ${sev1_backup}" - - # Repairs permissions and SELinux context: - ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}" - ssh -q heat-admin@${myip} "sudo restorecon ${dst_config} 2>/dev/null" - - # This is disabled by default as restarting services isn't necessary for policy.json updates. - if [ ${restart_svc} -eq 1 ]; then - # Restart service appropriately... Only 'neutron' does not have an 'openstack' prefix in its service name - case "${mysvc}" in - neutron) - svc_name="${mysvc}" - ;; - *) - svc_name="openstack-${mysvc}" - ;; - esac - echo -n " (WW) Restarting (systemctl) ${svc_name}-\* services on ${myctrl} ..." - ssh -q heat-admin@${myip} sudo systemctl restart "${svc_name}-\*" && echo OK - fi - fi - fi - done -done - -if [ $? -eq 0 ]; then - echo "(II) ALL done." -else - echo "(**) Failures seen, please check..." -fi
\ No newline at end of file diff --git a/files/sevone.sudoers b/files/sevone.sudoers deleted file mode 100644 index b6911d5..0000000 --- a/files/sevone.sudoers +++ /dev/null @@ -1 +0,0 @@ -sevone ALL=(ALL) NOPASSWD:/sbin/rabbitmqctl status, /sbin/rabbitmqctl cluster_status, /sbin/rabbitmqctl list_queues name messages_ready messages_unacknowledged messages consumers consumer_utilisation memory state, /bin/nova-manage host list, /sbin/crm_mon -AfXr1, /bin/mysql -e SHOW STATUS LIKE *, /bin/mongostat --host * --rowcount 20, /bin/ovs-vsctl show, /bin/heat-manage service list diff --git a/files/snmpd.conf b/files/snmpd.conf deleted file mode 100644 index c472da7..0000000 --- a/files/snmpd.conf +++ /dev/null @@ -1,74 +0,0 @@ -########################################################################### -# -# snmpd.conf - Example SevOne net-snmp Configuration -# -## -agentAddress udp6:161 - -## SNMPv3 Users -rouser sev1snmpuser -#engineIDType 3 engineIDNic eno1 -#engineIDType 1 -engineID REPLACEENGINEID -## - -## SNMPv2c Community -## -com2sec6 sevone_sec ::1 2Y2LHTZP31 -group ROGroup v2c sevone_sec -view alloids included .1 -view limited included .1.3.6.1.2.1.1 -view vzw_view included .1.3.6.1.2.1.1 -view vzw_view included .1.3.6.1.2.1.1.4 -view vzw_view included .1.3.6.1.2.1.1.5 -view vzw_view included .1.3.6.1.2.1.1.6 -view vzw_view included .1.3.6.1.2.1.2.2.1 -view vzw_view included .1.3.6.1.2.1.4.20 -access ROGroup "" any noauth exact alloids none none -## - -## SNMP Trap Destination -trap2sink TRAPTARGET1 sevone -trap2sink TRAPTARGET2 sevone -## - -## SNMP System Table -sysContact VZW Administrator -sysLocation LOCATIONTARGET -## - -## disk: Check for disk space usage of a partition. -includeAllDisks 10% -## - -## load: Check for unreasonable load average values. -load 8 8 8 -## - -## Configure this agent to be the master agent. -master agentx -## - -## Override "lo" to still be softwareLoopback(24), but also have a real "speed". -interface lo 24 1000000000 -## - -## Send authenticationFailure traps. -authtrapenable 1 -## - -## This is the internal user that snmpd will use in order to -# monitor itself for various events. -iquerySecName _internal -## - -## Interface-related notifications. -# This setup will send linkUp and linkDown notifications -# when any interface's ifOperStatus value changes to/from -# disabled(2). -# -notificationEvent linkUpTrap .1.3.6.1.6.3.1.1.5.4 .1.3.6.1.2.1.2.2.1.1 .1.3.6.1.2.1.2.2.1.7 .1.3.6.1.2.1.2.2.1.8 -notificationEvent linkDownTrap .1.3.6.1.6.3.1.1.5.3 .1.3.6.1.2.1.2.2.1.1 .1.3.6.1.2.1.2.2.1.7 .1.3.6.1.2.1.2.2.1.8 -monitor -r 10 -e linkUpTrap "Generate linkUp" .1.3.6.1.2.1.2.2.1.8 != 2 -monitor -r 10 -e linkDownTrap "Generate linkDown" .1.3.6.1.2.1.2.2.1.8 == 2 -## |