blob: 75785430d6e1e82fc9f150ab9fd2c94b5276f618 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
#!/bin/bash
# $Id$
set -uf -o pipefail
CTLR_LIST=""
declare -A IP_LIST
src_config=""
dst_config=""
sev1_backup=""
svc_name=""
declare -i restart_svc=0
# This tool is used to push policies on the overcloud
[ "$BASH" ] && function whence
{
type -p "$@"
}
#
TOP_DIR="$(cd $(/usr/bin/dirname $(whence -- $0 || echo $0));cd ..;pwd)"
# Sanity checks
if [ "x$(id -n -u)" = "xstack" ]; then
if [ -f ${HOME}/stackrc ]; then
stack_installed=OK
else
echo "(**) No ${HOME}/stackrc, exit!" ; exit 127
fi
else
echo "(**) Not stack, exit!" ; exit 127
fi
if [ -r ${HOME}/overcloudrc ]; then
. ${HOME}/overcloudrc
else
echo "(**) No ${HOME}/overcloudrc, exit!" ; exit 127
fi
for mydir in "${TOP_DIR}/etc" "${TOP_DIR}/etc/nova" "${TOP_DIR}/etc/neutron"
do
if [ -d ${mydir} ]; then
echo "(II) Found directory ${mydir}..."
else
echo "(**) Directory ${mydir} not found! Exit!" ; exit 127
fi
done
# Obtain list of Controllers from nova (they will be running consoleauth)
CTLR_LIST=$(nova host-list| awk '/consoleauth/ {split($2,a,".") ; print a[1]}'|xargs)
if [ "x${CTLR_LIST}" != "x" ]; then
echo "(II) Found controller(s): ${CTLR_LIST}"
else
echo "(**) Unable to find controllers running consoleauth!"; exit 127
fi
# Obtain IP addresses from Controllers
. ${HOME}/stackrc
for myctrl in ${CTLR_LIST}
do
res=$(openstack server show -c addresses -f value ${myctrl}|sed -e 's/ctlplane=//g')
if [ "x${res}" != "x" ]; then
IP_LIST["${myctrl}"]="${res}"
fi
done
if [ ${#IP_LIST[@]} -gt 0 ]; then
echo "(II) Found this/these IP(s) for controller(s): ${IP_LIST[@]}"
else
echo "(**) Unable to find controllers IP Addresses!"; exit 127
fi
# Inject Services...
for myctrl in "${!IP_LIST[@]}"
do
myip=${IP_LIST[${myctrl}]}
# Test controller
echo -n "(II) Testing ssh/sudo access to controller ${myctrl} (${myip}): "
ssh -q heat-admin@${myip} sudo -l|grep -q 'ALL.*NOPASSWD.*ALL'
if [ $? -ne 0 ]; then
echo "NOK" ; exit 127
else
echo "OK"
fi
for mysvc in aodh ceilometer cinder glance gnocchi heat ironic keystone manila mistral neutron nova sahara zaqar
do
dst_config="/etc/${mysvc}/policy.json"
sev1_backup="${dst_config}.pre-sevone"
# Restore backup, if already present, if not then just skip file..
ssh -q heat-admin@${myip} "sudo test -f ${sev1_backup}"
if [ $? -eq 0 ]; then
# Compare files and copy if necessary...
ssh -q heat-admin@${myip} "sudo cmp -s ${sev1_backup} ${dst_config}"
if [ $? -eq 0 ]; then
echo " (II) No update needed on ${myctrl}:${dst_config}"
else
# Overwrite service config file....
echo " (WW) Restoring ${myctrl}:${sev1_backup} to ${myctrl}:${dst_config} ..."
ssh -q heat-admin@${myip} "sudo /bin/cp -afx ${sev1_backup} ${dst_config} && sudo /bin/rm -f ${sev1_backup}"
# Repairs permissions and SELinux context:
ssh -q heat-admin@${myip} "sudo chown root:${mysvc} ${dst_config} && sudo chmod 640 ${dst_config}"
ssh -q heat-admin@${myip} "sudo restorecon ${dst_config} 2>/dev/null"
# This is disabled by default as restarting services isn't necessary for policy.json updates.
if [ ${restart_svc} -eq 1 ]; then
# Restart service appropriately... Only 'neutron' does not have an 'openstack' prefix in its service name
case "${mysvc}" in
neutron)
svc_name="${mysvc}"
;;
*)
svc_name="openstack-${mysvc}"
;;
esac
echo -n " (WW) Restarting (systemctl) ${svc_name}-\* services on ${myctrl} ..."
ssh -q heat-admin@${myip} sudo systemctl restart "${svc_name}-\*" && echo OK
fi
fi
fi
done
done
if [ $? -eq 0 ]; then
echo "(II) ALL done."
else
echo "(**) Failures seen, please check..."
fi
|
