From fcfa4a6d8b1640a905c4977cdfabfce718dfb8ac Mon Sep 17 00:00:00 2001 From: "Vincent S. Cojot" Date: Tue, 18 Apr 2017 15:56:47 -0400 Subject: Rename --- files/push_readonly_policies_to_overcloud.sh | 143 +++++++++++++++++++++++++++ files/push_sevone_policies_to_overcloud.sh | 143 --------------------------- 2 files changed, 143 insertions(+), 143 deletions(-) create mode 100755 files/push_readonly_policies_to_overcloud.sh delete mode 100755 files/push_sevone_policies_to_overcloud.sh diff --git a/files/push_readonly_policies_to_overcloud.sh b/files/push_readonly_policies_to_overcloud.sh new file mode 100755 index 0000000..5a4295b --- /dev/null +++ b/files/push_readonly_policies_to_overcloud.sh @@ -0,0 +1,143 @@ +#!/bin/bash +# $Id$ +set -uf -o pipefail +CTLR_LIST="" +declare -A IP_LIST +src_config="" +dst_config="" +sev1_backup="" +svc_name="" +declare -i restart_svc=0 + +# This tool is used to push policies on the overcloud +[ "$BASH" ] && function whence +{ + type -p "$@" +} +# +TOP_DIR="$(cd $(/usr/bin/dirname $(whence -- $0 || echo $0));cd ..;pwd)" + + +# Sanity checks +if [ "x$(id -n -u)" = "xstack" ]; then + if [ -f ${HOME}/stackrc ]; then + stack_installed=OK + else + echo "(**) No ${HOME}/stackrc, exit!" ; exit 127 + fi +else + echo "(**) Not stack, exit!" ; exit 127 +fi + +if [ -r ${HOME}/overcloudrc ]; then + . ${HOME}/overcloudrc +else + echo "(**) No ${HOME}/overcloudrc, exit!" ; exit 127 +fi + +for mydir in "${TOP_DIR}/etc" "${TOP_DIR}/etc/nova" "${TOP_DIR}/etc/neutron" +do + if [ -d ${mydir} ]; then + echo "(II) Found directory ${mydir}..." + else + echo "(**) Directory ${mydir} not found! Exit!" ; exit 127 + fi +done + +# Verify syntax, abort if error.. +for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar +do + src_config="${TOP_DIR}/etc/${mysvc}/policy.json" + json_verify -q < ${src_config} + if [ $? -ne 0 ]; then + echo "Testing JSON syntax of ${src_config} failed!!" ; exit 127 + fi +done + +# Obtain list of Controllers from nova (they will be running consoleauth) +CTLR_LIST=$(nova host-list| awk '/consoleauth/ {split($2,a,".") ; print a[1]}'|xargs) +if [ "x${CTLR_LIST}" != "x" ]; then + echo "(II) Found controller(s): ${CTLR_LIST}" +else + echo "(**) Unable to find controllers running consoleauth!"; exit 127 +fi + + +# Obtain IP addresses from Controllers +. ${HOME}/stackrc +for myctrl in ${CTLR_LIST} +do + res=$(openstack server show -c addresses -f value ${myctrl}|sed -e 's/ctlplane=//g') + if [ "x${res}" != "x" ]; then + IP_LIST["${myctrl}"]="${res}" + fi +done +if [ ${#IP_LIST[@]} -gt 0 ]; then + echo "(II) Found this/these IP(s) for controller(s): ${IP_LIST[@]}" +else + echo "(**) Unable to find controllers IP Addresses!"; exit 127 +fi + +# Inject Services... +for myctrl in "${!IP_LIST[@]}" +do + myip=${IP_LIST[${myctrl}]} + # Test controller + echo -n "(II) Testing ssh/sudo access to controller ${myctrl} (${myip}): " + ssh -q heat-admin@${myip} sudo -l|grep -q 'ALL.*NOPASSWD.*ALL' + if [ $? -ne 0 ]; then + echo "NOK" ; exit 127 + else + echo "OK" + fi + + rsync -a ${TOP_DIR}/etc heat-admin@${myip}:/home/heat-admin + + for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar + do + src_config="/home/heat-admin/etc/${mysvc}/policy.json" + dst_config="/etc/${mysvc}/policy.json" + sev1_backup="${dst_config}.pre-sevone" + + # Take a backup, if not present already.. + ssh -q heat-admin@${myip} "sudo test -f ${sev1_backup}" + if [ $? -ne 0 ]; then + ssh -q heat-admin@${myip} "sudo test -f ${dst_config}" && ssh -q heat-admin@${myip} "sudo /bin/cp -afv ${dst_config} ${sev1_backup}" + fi + + # Compare files and copy if necessary... + ssh -q heat-admin@${myip} "sudo cmp -s ${src_config} ${dst_config}" + if [ $? -eq 0 ]; then + echo " (II) No update needed on ${myctrl}:${dst_config}" + else + # Overwrite service config file.... + echo " (WW) Updating ${myctrl}:${dst_config} with ${src_config}..." + ssh -q heat-admin@${myip} "sudo /bin/cp -f ${src_config} ${dst_config}" + + # Repairs permissions and SELinux context: + ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}" + ssh -q heat-admin@${myip} "sudo restorecon ${dst_config} 2>/dev/null" + + # This is disabled by default as restarting services isn't necessary for policy.json updates. + if [ ${restart_svc} -eq 1 ]; then + # Restart service appropriately... Only 'neutron' does not have an 'openstack' prefix in its service name + case "${mysvc}" in + neutron) + svc_name="${mysvc}" + ;; + *) + svc_name="openstack-${mysvc}" + ;; + esac + echo -n " (WW) Restarting (systemctl) ${svc_name}-\* services on ${myctrl} ..." + ssh -q heat-admin@${myip} sudo systemctl restart "${svc_name}-\*" && echo OK + fi + fi + done +done + +if [ $? -eq 0 ]; then + echo "(II) ALL done." +else + echo "(**) Failures seen, please check..." +fi \ No newline at end of file diff --git a/files/push_sevone_policies_to_overcloud.sh b/files/push_sevone_policies_to_overcloud.sh deleted file mode 100755 index 5a4295b..0000000 --- a/files/push_sevone_policies_to_overcloud.sh +++ /dev/null @@ -1,143 +0,0 @@ -#!/bin/bash -# $Id$ -set -uf -o pipefail -CTLR_LIST="" -declare -A IP_LIST -src_config="" -dst_config="" -sev1_backup="" -svc_name="" -declare -i restart_svc=0 - -# This tool is used to push policies on the overcloud -[ "$BASH" ] && function whence -{ - type -p "$@" -} -# -TOP_DIR="$(cd $(/usr/bin/dirname $(whence -- $0 || echo $0));cd ..;pwd)" - - -# Sanity checks -if [ "x$(id -n -u)" = "xstack" ]; then - if [ -f ${HOME}/stackrc ]; then - stack_installed=OK - else - echo "(**) No ${HOME}/stackrc, exit!" ; exit 127 - fi -else - echo "(**) Not stack, exit!" ; exit 127 -fi - -if [ -r ${HOME}/overcloudrc ]; then - . ${HOME}/overcloudrc -else - echo "(**) No ${HOME}/overcloudrc, exit!" ; exit 127 -fi - -for mydir in "${TOP_DIR}/etc" "${TOP_DIR}/etc/nova" "${TOP_DIR}/etc/neutron" -do - if [ -d ${mydir} ]; then - echo "(II) Found directory ${mydir}..." - else - echo "(**) Directory ${mydir} not found! Exit!" ; exit 127 - fi -done - -# Verify syntax, abort if error.. -for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar -do - src_config="${TOP_DIR}/etc/${mysvc}/policy.json" - json_verify -q < ${src_config} - if [ $? -ne 0 ]; then - echo "Testing JSON syntax of ${src_config} failed!!" ; exit 127 - fi -done - -# Obtain list of Controllers from nova (they will be running consoleauth) -CTLR_LIST=$(nova host-list| awk '/consoleauth/ {split($2,a,".") ; print a[1]}'|xargs) -if [ "x${CTLR_LIST}" != "x" ]; then - echo "(II) Found controller(s): ${CTLR_LIST}" -else - echo "(**) Unable to find controllers running consoleauth!"; exit 127 -fi - - -# Obtain IP addresses from Controllers -. ${HOME}/stackrc -for myctrl in ${CTLR_LIST} -do - res=$(openstack server show -c addresses -f value ${myctrl}|sed -e 's/ctlplane=//g') - if [ "x${res}" != "x" ]; then - IP_LIST["${myctrl}"]="${res}" - fi -done -if [ ${#IP_LIST[@]} -gt 0 ]; then - echo "(II) Found this/these IP(s) for controller(s): ${IP_LIST[@]}" -else - echo "(**) Unable to find controllers IP Addresses!"; exit 127 -fi - -# Inject Services... -for myctrl in "${!IP_LIST[@]}" -do - myip=${IP_LIST[${myctrl}]} - # Test controller - echo -n "(II) Testing ssh/sudo access to controller ${myctrl} (${myip}): " - ssh -q heat-admin@${myip} sudo -l|grep -q 'ALL.*NOPASSWD.*ALL' - if [ $? -ne 0 ]; then - echo "NOK" ; exit 127 - else - echo "OK" - fi - - rsync -a ${TOP_DIR}/etc heat-admin@${myip}:/home/heat-admin - - for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar - do - src_config="/home/heat-admin/etc/${mysvc}/policy.json" - dst_config="/etc/${mysvc}/policy.json" - sev1_backup="${dst_config}.pre-sevone" - - # Take a backup, if not present already.. - ssh -q heat-admin@${myip} "sudo test -f ${sev1_backup}" - if [ $? -ne 0 ]; then - ssh -q heat-admin@${myip} "sudo test -f ${dst_config}" && ssh -q heat-admin@${myip} "sudo /bin/cp -afv ${dst_config} ${sev1_backup}" - fi - - # Compare files and copy if necessary... - ssh -q heat-admin@${myip} "sudo cmp -s ${src_config} ${dst_config}" - if [ $? -eq 0 ]; then - echo " (II) No update needed on ${myctrl}:${dst_config}" - else - # Overwrite service config file.... - echo " (WW) Updating ${myctrl}:${dst_config} with ${src_config}..." - ssh -q heat-admin@${myip} "sudo /bin/cp -f ${src_config} ${dst_config}" - - # Repairs permissions and SELinux context: - ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}" - ssh -q heat-admin@${myip} "sudo restorecon ${dst_config} 2>/dev/null" - - # This is disabled by default as restarting services isn't necessary for policy.json updates. - if [ ${restart_svc} -eq 1 ]; then - # Restart service appropriately... Only 'neutron' does not have an 'openstack' prefix in its service name - case "${mysvc}" in - neutron) - svc_name="${mysvc}" - ;; - *) - svc_name="openstack-${mysvc}" - ;; - esac - echo -n " (WW) Restarting (systemctl) ${svc_name}-\* services on ${myctrl} ..." - ssh -q heat-admin@${myip} sudo systemctl restart "${svc_name}-\*" && echo OK - fi - fi - done -done - -if [ $? -eq 0 ]; then - echo "(II) ALL done." -else - echo "(**) Failures seen, please check..." -fi \ No newline at end of file -- cgit