diff options
author | Vincent S. Cojot <vcojot@redhat.com> | 2017-02-08 19:25:13 -0500 |
---|---|---|
committer | Vincent S. Cojot <vcojot@redhat.com> | 2017-02-08 19:25:13 -0500 |
commit | c8ac98e3a8b3e7e6ca2c61f83618d70c1c122bb7 (patch) | |
tree | c0238f32cf9a694896fc817562ef5b69ef1aded6 | |
parent | 97f7e224a46b427e0616b94378abdce8c2973cd3 (diff) | |
download | openstack-access-policy-c8ac98e3a8b3e7e6ca2c61f83618d70c1c122bb7.tar.gz openstack-access-policy-c8ac98e3a8b3e7e6ca2c61f83618d70c1c122bb7.tar.xz openstack-access-policy-c8ac98e3a8b3e7e6ca2c61f83618d70c1c122bb7.zip |
Working set...
-rwxr-xr-x | files/push_sevone_policies_to_overcloud.sh | 46 |
1 files changed, 34 insertions, 12 deletions
diff --git a/files/push_sevone_policies_to_overcloud.sh b/files/push_sevone_policies_to_overcloud.sh index 7a46880..aa4c697 100755 --- a/files/push_sevone_policies_to_overcloud.sh +++ b/files/push_sevone_policies_to_overcloud.sh @@ -1,10 +1,12 @@ #!/bin/bash # $Id$ -set -euf +set -uf -o pipefail CTLR_LIST="" declare -A IP_LIST src_config="" dst_config="" +sev1_backup="" +svc_name="" # This tool is used to push policies on the overcloud [ "$BASH" ] && function whence @@ -44,7 +46,7 @@ done # Obtain list of Controllers from nova (they will be running consoleauth) CTLR_LIST=$(nova host-list| awk '/consoleauth/ {split($2,a,".") ; print a[1]}'|xargs) if [ "x${CTLR_LIST}" != "x" ]; then - echo "(II) Found these controllers: ${CTLR_LIST}" + echo "(II) Found these controller(s): ${CTLR_LIST}" else echo "(**) Unable to find controllers running consoleauth!"; exit 127 fi @@ -71,7 +73,7 @@ for myctrl in "${!IP_LIST[@]}" do myip=${IP_LIST[${myctrl}]} # Test controller - echo -n "(II) Testing ssh and sudo access to controller ${myctrl} (${myip}): " + echo -n "(II) Testing ssh/sudo access to controller ${myctrl} (${myip}): " ssh -q heat-admin@${myip} sudo -l|grep -q 'ALL.*NOPASSWD.*ALL' if [ $? -ne 0 ]; then echo "NOK" ; exit 127 @@ -79,21 +81,41 @@ do echo "OK" fi - rsync -a ${TOP_DIR}/etc heat-admin@${myip}: + rsync -a ${TOP_DIR}/etc heat-admin@${myip}:/home/heat-admin for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar do - src_config="${TOP_DIR}/etc/${mysvc}/policy.json" + src_config="/home/heat-admin/etc/${mysvc}/policy.json" dst_config="/etc/${mysvc}/policy.json" sev1_backup="${dst_config}.sevone" - ssh heat-admin@${myip} "sudo test -f ${sev1_backup} || sudo /bin/cp -afv ${dst_config} ${sev1_backup}" + # Take a backup + ssh -q heat-admin@${myip} "sudo test -f ${sev1_backup} || sudo /bin/cp -afv ${dst_config} ${sev1_backup}" - # Start by backing up config files.. - #if [ -f ${src_config} ]; then - # echo " (II) Uploading ${src_config} to ${myip}:${dst_config}..." - #else - # echo "(**) Unable to find new policy file at ${src_config}! Exit!"; exit 127 - #fi + # Compare files and copy if necessary... + ssh -q heat-admin@${myip} "sudo cmp -s ${src_config} ${dst_config}" + if [ $? -eq 0 ]; then + echo " (II) No update needed on ${myctrl}:${dst_config}" + else + # Overwrite service config file.... + echo " (WW) Updating ${myctrl}:${dst_config} with ${src_config}..." + ssh -q heat-admin@${myip} "sudo cp -f ${src_config} ${dst_config}" + + # Repairs permissions and SELinux context: + ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}" + ssh -q heat-admin@${myip} "sudo restorecon ${dst_config} 2>/dev/null" + + # Restart service appropriately... Only 'neutron' does not have an openstack prefix in the service name + case "${mysvc}" in + neutron) + svc_name="${mysvc}" + ;; + *) + svc_name="openstack-${mysvc}" + ;; + esac + echo -n " (WW) Restarting (systemctl) ${svc_name}-\* services on ${myctrl} ..." + ssh -q heat-admin@${myip} sudo systemctl restart "${svc_name}-\*" && echo OK + fi done done |