#!/bin/bash # $Id$ set -uf -o pipefail CTLR_LIST="" declare -A IP_LIST src_config="" dst_config="" sev1_backup="" svc_name="" declare -i restart_svc=0 # This tool is used to push policies on the overcloud [ "$BASH" ] && function whence { type -p "$@" } # TOP_DIR="$(cd $(/usr/bin/dirname $(whence -- $0 || echo $0));cd ..;pwd)" # Sanity checks if [ "x$(id -n -u)" = "xstack" ]; then if [ -f ${HOME}/stackrc ]; then stack_installed=OK else echo "(**) No ${HOME}/stackrc, exit!" ; exit 127 fi else echo "(**) Not stack, exit!" ; exit 127 fi if [ -r ${HOME}/overcloudrc ]; then . ${HOME}/overcloudrc else echo "(**) No ${HOME}/overcloudrc, exit!" ; exit 127 fi for mydir in "${TOP_DIR}/etc" "${TOP_DIR}/etc/nova" "${TOP_DIR}/etc/neutron" do if [ -d ${mydir} ]; then echo "(II) Found directory ${mydir}..." else echo "(**) Directory ${mydir} not found! Exit!" ; exit 127 fi done # Obtain list of Controllers from nova (they will be running consoleauth) CTLR_LIST=$(nova host-list| awk '/consoleauth/ {split($2,a,".") ; print a[1]}'|xargs) if [ "x${CTLR_LIST}" != "x" ]; then echo "(II) Found controller(s): ${CTLR_LIST}" else echo "(**) Unable to find controllers running consoleauth!"; exit 127 fi # Obtain IP addresses from Controllers . ${HOME}/stackrc for myctrl in ${CTLR_LIST} do res=$(openstack server show -c addresses -f value ${myctrl}|sed -e 's/ctlplane=//g') if [ "x${res}" != "x" ]; then IP_LIST["${myctrl}"]="${res}" fi done if [ ${#IP_LIST[@]} -gt 0 ]; then echo "(II) Found this/these IP(s) for controller(s): ${IP_LIST[@]}" else echo "(**) Unable to find controllers IP Addresses!"; exit 127 fi # Inject Services... for myctrl in "${!IP_LIST[@]}" do myip=${IP_LIST[${myctrl}]} # Test controller echo -n "(II) Testing ssh/sudo access to controller ${myctrl} (${myip}): " ssh -q heat-admin@${myip} sudo -l|grep -q 'ALL.*NOPASSWD.*ALL' if [ $? -ne 0 ]; then echo "NOK" ; exit 127 else echo "OK" fi for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar do dst_config="/etc/${mysvc}/policy.json" sev1_backup="${dst_config}.pre-sevone" # Restore backup, if already present, if not then just skip file.. ssh -q heat-admin@${myip} "sudo test -f ${sev1_backup}" if [ $? -eq 0 ]; then # Compare files and copy if necessary... ssh -q heat-admin@${myip} "sudo cmp -s ${sev1_backup} ${dst_config}" if [ $? -eq 0 ]; then echo " (II) No update needed on ${myctrl}:${dst_config}" else # Overwrite service config file.... echo " (WW) Restoring ${myctrl}:${sev1_backup} to ${myctrl}:${dst_config} ..." ssh -q heat-admin@${myip} "sudo /bin/cp -afv ${sev1_backup} ${dst_config} && sudo /bin/rm -f ${sev1_backup}" # Repairs permissions and SELinux context: ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}" ssh -q heat-admin@${myip} "sudo restorecon ${dst_config} 2>/dev/null" # This is disabled by default as restarting services isn't necessary for policy.json updates. if [ ${restart_svc} -eq 1 ]; then # Restart service appropriately... Only 'neutron' does not have an 'openstack' prefix in its service name case "${mysvc}" in neutron) svc_name="${mysvc}" ;; *) svc_name="openstack-${mysvc}" ;; esac echo -n " (WW) Restarting (systemctl) ${svc_name}-\* services on ${myctrl} ..." ssh -q heat-admin@${myip} sudo systemctl restart "${svc_name}-\*" && echo OK fi fi fi done done if [ $? -eq 0 ]; then echo "(II) ALL done." else echo "(**) Failures seen, please check..." fi