blob: 5a4295ba0993333e4c950d50888b303b6c80d16a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
#!/bin/bash
# $Id$
set -uf -o pipefail
CTLR_LIST=""
declare -A IP_LIST
src_config=""
dst_config=""
sev1_backup=""
svc_name=""
declare -i restart_svc=0
# This tool is used to push policies on the overcloud
[ "$BASH" ] && function whence
{
type -p "$@"
}
#
TOP_DIR="$(cd $(/usr/bin/dirname $(whence -- $0 || echo $0));cd ..;pwd)"
# Sanity checks
if [ "x$(id -n -u)" = "xstack" ]; then
if [ -f ${HOME}/stackrc ]; then
stack_installed=OK
else
echo "(**) No ${HOME}/stackrc, exit!" ; exit 127
fi
else
echo "(**) Not stack, exit!" ; exit 127
fi
if [ -r ${HOME}/overcloudrc ]; then
. ${HOME}/overcloudrc
else
echo "(**) No ${HOME}/overcloudrc, exit!" ; exit 127
fi
for mydir in "${TOP_DIR}/etc" "${TOP_DIR}/etc/nova" "${TOP_DIR}/etc/neutron"
do
if [ -d ${mydir} ]; then
echo "(II) Found directory ${mydir}..."
else
echo "(**) Directory ${mydir} not found! Exit!" ; exit 127
fi
done
# Verify syntax, abort if error..
for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar
do
src_config="${TOP_DIR}/etc/${mysvc}/policy.json"
json_verify -q < ${src_config}
if [ $? -ne 0 ]; then
echo "Testing JSON syntax of ${src_config} failed!!" ; exit 127
fi
done
# Obtain list of Controllers from nova (they will be running consoleauth)
CTLR_LIST=$(nova host-list| awk '/consoleauth/ {split($2,a,".") ; print a[1]}'|xargs)
if [ "x${CTLR_LIST}" != "x" ]; then
echo "(II) Found controller(s): ${CTLR_LIST}"
else
echo "(**) Unable to find controllers running consoleauth!"; exit 127
fi
# Obtain IP addresses from Controllers
. ${HOME}/stackrc
for myctrl in ${CTLR_LIST}
do
res=$(openstack server show -c addresses -f value ${myctrl}|sed -e 's/ctlplane=//g')
if [ "x${res}" != "x" ]; then
IP_LIST["${myctrl}"]="${res}"
fi
done
if [ ${#IP_LIST[@]} -gt 0 ]; then
echo "(II) Found this/these IP(s) for controller(s): ${IP_LIST[@]}"
else
echo "(**) Unable to find controllers IP Addresses!"; exit 127
fi
# Inject Services...
for myctrl in "${!IP_LIST[@]}"
do
myip=${IP_LIST[${myctrl}]}
# Test controller
echo -n "(II) Testing ssh/sudo access to controller ${myctrl} (${myip}): "
ssh -q heat-admin@${myip} sudo -l|grep -q 'ALL.*NOPASSWD.*ALL'
if [ $? -ne 0 ]; then
echo "NOK" ; exit 127
else
echo "OK"
fi
rsync -a ${TOP_DIR}/etc heat-admin@${myip}:/home/heat-admin
for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar
do
src_config="/home/heat-admin/etc/${mysvc}/policy.json"
dst_config="/etc/${mysvc}/policy.json"
sev1_backup="${dst_config}.pre-sevone"
# Take a backup, if not present already..
ssh -q heat-admin@${myip} "sudo test -f ${sev1_backup}"
if [ $? -ne 0 ]; then
ssh -q heat-admin@${myip} "sudo test -f ${dst_config}" && ssh -q heat-admin@${myip} "sudo /bin/cp -afv ${dst_config} ${sev1_backup}"
fi
# Compare files and copy if necessary...
ssh -q heat-admin@${myip} "sudo cmp -s ${src_config} ${dst_config}"
if [ $? -eq 0 ]; then
echo " (II) No update needed on ${myctrl}:${dst_config}"
else
# Overwrite service config file....
echo " (WW) Updating ${myctrl}:${dst_config} with ${src_config}..."
ssh -q heat-admin@${myip} "sudo /bin/cp -f ${src_config} ${dst_config}"
# Repairs permissions and SELinux context:
ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}"
ssh -q heat-admin@${myip} "sudo restorecon ${dst_config} 2>/dev/null"
# This is disabled by default as restarting services isn't necessary for policy.json updates.
if [ ${restart_svc} -eq 1 ]; then
# Restart service appropriately... Only 'neutron' does not have an 'openstack' prefix in its service name
case "${mysvc}" in
neutron)
svc_name="${mysvc}"
;;
*)
svc_name="openstack-${mysvc}"
;;
esac
echo -n " (WW) Restarting (systemctl) ${svc_name}-\* services on ${myctrl} ..."
ssh -q heat-admin@${myip} sudo systemctl restart "${svc_name}-\*" && echo OK
fi
fi
done
done
if [ $? -eq 0 ]; then
echo "(II) ALL done."
else
echo "(**) Failures seen, please check..."
fi
|