diff options
author | Vincent S. Cojot <vcojot@redhat.com> | 2017-02-09 10:59:10 -0500 |
---|---|---|
committer | Vincent S. Cojot <vcojot@redhat.com> | 2017-02-09 10:59:10 -0500 |
commit | 4ff2fbfba66ce1479e04348232ea2d44461a7101 (patch) | |
tree | 76d1d95e302f031c3c01981cc75553b04df6ee42 /files | |
parent | ce3ed51d89a09b36b5610ea37a665b3df3c4e2f3 (diff) | |
download | openstack-access-policy-4ff2fbfba66ce1479e04348232ea2d44461a7101.tar.gz openstack-access-policy-4ff2fbfba66ce1479e04348232ea2d44461a7101.tar.xz openstack-access-policy-4ff2fbfba66ce1479e04348232ea2d44461a7101.zip |
Updates..
Diffstat (limited to 'files')
-rwxr-xr-x | files/push_sevone_policies_to_overcloud.sh | 2 | ||||
-rwxr-xr-x | files/restore_default_OSP_policies_on_overcloud.sh | 129 |
2 files changed, 130 insertions, 1 deletions
diff --git a/files/push_sevone_policies_to_overcloud.sh b/files/push_sevone_policies_to_overcloud.sh index e0cb7cf..5a4295b 100755 --- a/files/push_sevone_policies_to_overcloud.sh +++ b/files/push_sevone_policies_to_overcloud.sh @@ -112,7 +112,7 @@ do else # Overwrite service config file.... echo " (WW) Updating ${myctrl}:${dst_config} with ${src_config}..." - ssh -q heat-admin@${myip} "sudo cp -f ${src_config} ${dst_config}" + ssh -q heat-admin@${myip} "sudo /bin/cp -f ${src_config} ${dst_config}" # Repairs permissions and SELinux context: ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}" diff --git a/files/restore_default_OSP_policies_on_overcloud.sh b/files/restore_default_OSP_policies_on_overcloud.sh new file mode 100755 index 0000000..845b5c7 --- /dev/null +++ b/files/restore_default_OSP_policies_on_overcloud.sh @@ -0,0 +1,129 @@ +#!/bin/bash +# $Id$ +set -uf -o pipefail +CTLR_LIST="" +declare -A IP_LIST +src_config="" +dst_config="" +sev1_backup="" +svc_name="" +declare -i restart_svc=0 + +# This tool is used to push policies on the overcloud +[ "$BASH" ] && function whence +{ + type -p "$@" +} +# +TOP_DIR="$(cd $(/usr/bin/dirname $(whence -- $0 || echo $0));cd ..;pwd)" + + +# Sanity checks +if [ "x$(id -n -u)" = "xstack" ]; then + if [ -f ${HOME}/stackrc ]; then + stack_installed=OK + else + echo "(**) No ${HOME}/stackrc, exit!" ; exit 127 + fi +else + echo "(**) Not stack, exit!" ; exit 127 +fi + +if [ -r ${HOME}/overcloudrc ]; then + . ${HOME}/overcloudrc +else + echo "(**) No ${HOME}/overcloudrc, exit!" ; exit 127 +fi + +for mydir in "${TOP_DIR}/etc" "${TOP_DIR}/etc/nova" "${TOP_DIR}/etc/neutron" +do + if [ -d ${mydir} ]; then + echo "(II) Found directory ${mydir}..." + else + echo "(**) Directory ${mydir} not found! Exit!" ; exit 127 + fi +done + +# Obtain list of Controllers from nova (they will be running consoleauth) +CTLR_LIST=$(nova host-list| awk '/consoleauth/ {split($2,a,".") ; print a[1]}'|xargs) +if [ "x${CTLR_LIST}" != "x" ]; then + echo "(II) Found controller(s): ${CTLR_LIST}" +else + echo "(**) Unable to find controllers running consoleauth!"; exit 127 +fi + + +# Obtain IP addresses from Controllers +. ${HOME}/stackrc +for myctrl in ${CTLR_LIST} +do + res=$(openstack server show -c addresses -f value ${myctrl}|sed -e 's/ctlplane=//g') + if [ "x${res}" != "x" ]; then + IP_LIST["${myctrl}"]="${res}" + fi +done +if [ ${#IP_LIST[@]} -gt 0 ]; then + echo "(II) Found this/these IP(s) for controller(s): ${IP_LIST[@]}" +else + echo "(**) Unable to find controllers IP Addresses!"; exit 127 +fi + +# Inject Services... +for myctrl in "${!IP_LIST[@]}" +do + myip=${IP_LIST[${myctrl}]} + # Test controller + echo -n "(II) Testing ssh/sudo access to controller ${myctrl} (${myip}): " + ssh -q heat-admin@${myip} sudo -l|grep -q 'ALL.*NOPASSWD.*ALL' + if [ $? -ne 0 ]; then + echo "NOK" ; exit 127 + else + echo "OK" + fi + + for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar + do + dst_config="/etc/${mysvc}/policy.json" + sev1_backup="${dst_config}.pre-sevone" + + # Restore backup, if already present, if not then just skip file.. + ssh -q heat-admin@${myip} "sudo test -f ${sev1_backup}" + if [ $? -eq 0 ]; then + + # Compare files and copy if necessary... + ssh -q heat-admin@${myip} "sudo cmp -s ${sev1_backup} ${dst_config}" + if [ $? -eq 0 ]; then + echo " (II) No update needed on ${myctrl}:${dst_config}" + else + # Overwrite service config file.... + echo " (WW) Restoring ${myctrl}:${sev1_backup} to ${myctrl}:${dst_config} ..." + ssh -q heat-admin@${myip} "sudo /bin/cp -afv ${sev1_backup} ${dst_config}" + + # Repairs permissions and SELinux context: + ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}" + ssh -q heat-admin@${myip} "sudo restorecon ${dst_config} 2>/dev/null" + + # This is disabled by default as restarting services isn't necessary for policy.json updates. + if [ ${restart_svc} -eq 1 ]; then + # Restart service appropriately... Only 'neutron' does not have an 'openstack' prefix in its service name + case "${mysvc}" in + neutron) + svc_name="${mysvc}" + ;; + *) + svc_name="openstack-${mysvc}" + ;; + esac + echo -n " (WW) Restarting (systemctl) ${svc_name}-\* services on ${myctrl} ..." + ssh -q heat-admin@${myip} sudo systemctl restart "${svc_name}-\*" && echo OK + fi + fi + fi + done +done + +if [ $? -eq 0 ]; then + echo "(II) ALL done." +else + echo "(**) Failures seen, please check..." +fi
\ No newline at end of file |