diff options
Diffstat (limited to 'files/push_readonly_policies_to_overcloud.sh')
| -rwxr-xr-x | files/push_readonly_policies_to_overcloud.sh | 144 |
1 files changed, 0 insertions, 144 deletions
diff --git a/files/push_readonly_policies_to_overcloud.sh b/files/push_readonly_policies_to_overcloud.sh deleted file mode 100755 index 208a5ed..0000000 --- a/files/push_readonly_policies_to_overcloud.sh +++ /dev/null @@ -1,144 +0,0 @@ -#!/bin/bash -# $Id$ -set -uf -o pipefail -CTLR_LIST="" -declare -A IP_LIST -src_config="" -dst_config="" -sev1_backup="" -svc_name="" -declare -i restart_svc=0 - -# This tool is used to push policies on the overcloud -[ "$BASH" ] && function whence -{ - type -p "$@" -} -# -TOP_DIR="$(cd $(/usr/bin/dirname $(whence -- $0 || echo $0));cd ..;pwd)" - - -# Sanity checks -if [ "x$(id -n -u)" = "xstack" ]; then - if [ -f ${HOME}/stackrc ]; then - stack_installed=OK - else - echo "(**) No ${HOME}/stackrc, exit!" ; exit 127 - fi -else - echo "(**) Not stack, exit!" ; exit 127 -fi - -if [ -r ${HOME}/overcloudrc ]; then - . ${HOME}/overcloudrc -else - echo "(**) No ${HOME}/overcloudrc, exit!" ; exit 127 -fi - -for mydir in "${TOP_DIR}/etc" "${TOP_DIR}/etc/nova" "${TOP_DIR}/etc/neutron" -do - if [ -d ${mydir} ]; then - echo "(II) Found directory ${mydir}..." - else - echo "(**) Directory ${mydir} not found! Exit!" ; exit 127 - fi -done - -# Verify syntax, abort if error.. -for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar -do - src_config="${TOP_DIR}/etc/${mysvc}/policy.json" - json_verify -q < ${src_config} - if [ $? -ne 0 ]; then - echo "Testing JSON syntax of ${src_config} failed!!" ; exit 127 - fi -done - -# Obtain list of Controllers from nova (they will be running consoleauth) -CTLR_LIST=$(nova host-list| awk '/consoleauth/ {split($2,a,".") ; print a[1]}'|xargs) -if [ "x${CTLR_LIST}" != "x" ]; then - echo "(II) Found controller(s): ${CTLR_LIST}" -else - echo "(**) Unable to find controllers running consoleauth!"; exit 127 -fi - - -# Obtain IP addresses from Controllers -. ${HOME}/stackrc -for myctrl in ${CTLR_LIST} -do - res=$(openstack server show -c addresses -f value ${myctrl}|sed -e 's/ctlplane=//g') - if [ "x${res}" != "x" ]; then - IP_LIST["${myctrl}"]="${res}" - fi -done -if [ ${#IP_LIST[@]} -gt 0 ]; then - echo "(II) Found this/these IP(s) for controller(s): ${IP_LIST[@]}" -else - echo "(**) Unable to find controllers IP Addresses!"; exit 127 -fi - -# Inject Services... -for myctrl in "${!IP_LIST[@]}" -do - myip=${IP_LIST[${myctrl}]} - # Test controller - echo -n "(II) Testing ssh/sudo access to controller ${myctrl} (${myip}): " - ssh -q heat-admin@${myip} sudo -l|grep -q 'ALL.*NOPASSWD.*ALL' - if [ $? -ne 0 ]; then - echo "NOK" ; exit 127 - else - echo "OK" - fi - - rsync -a ${TOP_DIR}/etc heat-admin@${myip}:/home/heat-admin - - for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar - do - src_config="/home/heat-admin/etc/${mysvc}/policy.json" - dst_config="/etc/${mysvc}/policy.json" - sev1_backup="${dst_config}.pre-sevone" - - # Take a backup, if not present already.. - ssh -q heat-admin@${myip} "sudo test -f ${sev1_backup}" - if [ $? -ne 0 ]; then - echo " (II) Taking a backup of ${dst_config} as ${sev1_backup}" - ssh -q heat-admin@${myip} "sudo test -f ${dst_config}" && ssh -q heat-admin@${myip} "sudo /bin/cp -afx ${dst_config} ${sev1_backup}" - fi - - # Compare files and copy if necessary... - ssh -q heat-admin@${myip} "sudo cmp -s ${src_config} ${dst_config}" - if [ $? -eq 0 ]; then - echo " (II) No update needed on ${myctrl}:${dst_config}" - else - # Overwrite service config file.... - echo " (WW) Updating ${myctrl}:${dst_config} with ${src_config}..." - ssh -q heat-admin@${myip} "sudo /bin/cp -f ${src_config} ${dst_config}" - - # Repairs permissions and SELinux context: - ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}" - ssh -q heat-admin@${myip} "sudo restorecon ${dst_config} 2>/dev/null" - - # This is disabled by default as restarting services isn't necessary for policy.json updates. - if [ ${restart_svc} -eq 1 ]; then - # Restart service appropriately... Only 'neutron' does not have an 'openstack' prefix in its service name - case "${mysvc}" in - neutron) - svc_name="${mysvc}" - ;; - *) - svc_name="openstack-${mysvc}" - ;; - esac - echo -n " (WW) Restarting (systemctl) ${svc_name}-\* services on ${myctrl} ..." - ssh -q heat-admin@${myip} sudo systemctl restart "${svc_name}-\*" && echo OK - fi - fi - done -done - -if [ $? -eq 0 ]; then - echo "(II) ALL done." -else - echo "(**) Failures seen, please check..." -fi
\ No newline at end of file |