From deb3ca8295b2e585e47e51730252dc2ec1daa429 Mon Sep 17 00:00:00 2001 From: Todd Malsbary Date: Wed, 4 Nov 2020 10:29:56 -0800 Subject: [PATCH] Use username and password from "os" in nodes.json This removes COMPUTE_NODE_PASSWORD from the environment. A check is left in place to ensure that any existing users of COMPUTE_NODE_PASSWORD will be warned that the nodes.json value is what is used now. Also, COMPUTE_NODE_FQDN is removed from common.sh. It was/is overwritten immediately before use. Note: the "os" object does not exist in the equivalent JSON file for the VM deployment. The default username and password continues to be used in the VM case. Issue-ID: ICN-497 Signed-off-by: Todd Malsbary Change-Id: I3cab61cf610d7ed334ff0043cb5f7f4ed442662f --- deploy/metal3-vm/03_launch_mgmt_cluster.sh | 4 +- deploy/metal3-vm/04_verify.sh | 2 +- deploy/metal3-vm/lib/common.sh | 21 ++++----- deploy/metal3/scripts/01_metal3.sh | 52 +++++++++++++++++------ deploy/metal3/scripts/02_verify.sh | 2 +- deploy/metal3/scripts/03_verify_deprovisioning.sh | 2 +- env/lib/common.sh | 27 +++++------- env/metal3/01_install_package.sh | 3 +- 8 files changed, 65 insertions(+), 48 deletions(-) diff --git a/deploy/metal3-vm/03_launch_mgmt_cluster.sh b/deploy/metal3-vm/03_launch_mgmt_cluster.sh index 0c3e707..93789e1 100755 --- a/deploy/metal3-vm/03_launch_mgmt_cluster.sh +++ b/deploy/metal3-vm/03_launch_mgmt_cluster.sh @@ -78,6 +78,8 @@ runcmd: EOF } +# documentation for the values below may be found at +# https://cloudinit.readthedocs.io/en/latest/topics/modules.html create_userdata() { name="$1" COMPUTE_NODE_FQDN="$name.akraino.icn.org" @@ -120,7 +122,7 @@ EOF } function make_bm_hosts { - while read -r name address user password mac; do + while IFS=',' read -r name address user password mac; do create_userdata $name apply_userdata_credential $name go run "${BMOPATH}"/cmd/make-bm-worker/main.go \ diff --git a/deploy/metal3-vm/04_verify.sh b/deploy/metal3-vm/04_verify.sh index ce42eba..70fbf22 100755 --- a/deploy/metal3-vm/04_verify.sh +++ b/deploy/metal3-vm/04_verify.sh @@ -11,7 +11,7 @@ function check_provisioned { declare -i prev_host_state=0 declare -i j=0 echo "VM state: 1 means provisioned & 0 means not yet provisioned" - while read -r name address user password mac; do + while IFS=',' read -r name address user password mac; do declare -i current_host_state=0 state=$(kubectl get baremetalhosts $name -n metal3 -o json | jq -r '.status.provisioning.state') echo "VM host metal3 state - "$name" : "$state diff --git a/deploy/metal3-vm/lib/common.sh b/deploy/metal3-vm/lib/common.sh index 6c82637..d3d1666 100644 --- a/deploy/metal3-vm/lib/common.sh +++ b/deploy/metal3-vm/lib/common.sh @@ -113,17 +113,12 @@ fi function list_nodes { # Includes -machine and -machine-namespace cat $NODES_FILE | \ - jq '.nodes[] | { - name, - driver, - address:.driver_info.ipmi_address, - port:.driver_info.ipmi_port, - user:.driver_info.ipmi_username, - password:.driver_info.ipmi_password, - mac: .ports[0].address - } | - .name + " " + - .driver + "://" + .address + (if .port then ":" + .port else "" end) + " " + - .user + " " + .password + " " + .mac' \ - | sed 's/"//g' + jq -r '.nodes[] | [ + .name, + .driver + "://" + .driver_info.ipmi_address + (if .driver_info.ipmi_port then ":" + .driver_info.ipmi_port else "" end), + .driver_info.ipmi_username, + .driver_info.ipmi_password, + .ports[0].address + ] | @csv' | \ + sed 's/"//g' } diff --git a/deploy/metal3/scripts/01_metal3.sh b/deploy/metal3/scripts/01_metal3.sh index dbfa2d3..e8bad40 100755 --- a/deploy/metal3/scripts/01_metal3.sh +++ b/deploy/metal3/scripts/01_metal3.sh @@ -66,25 +66,49 @@ function set_compute_ssh_config { EOF } +# documentation for the values below may be found at +# https://cloudinit.readthedocs.io/en/latest/topics/modules.html function create_userdata { name="$1" + username="$2" + password="$3" COMPUTE_NODE_FQDN="$name.akraino.icn.org" + + # validate that the user isn't expecting the deprecated + # COMPUTE_NODE_PASSWORD to be used + if [ "$password" != "${COMPUTE_NODE_PASSWORD:-$password}" ]; then + cat < $name-userdata.yaml - if [ -n "$COMPUTE_NODE_PASSWORD" ]; then - printf "password: ""%s" "$COMPUTE_NODE_PASSWORD" >> $name-userdata.yaml - printf "\nchpasswd: {expire: False}\n" >> $name-userdata.yaml - printf "ssh_pwauth: True\n" >> $name-userdata.yaml + if [ -n "$password" ]; then + if [ -n "$username" ]; then + passwd=$(mkpasswd --method=SHA-512 --rounds 4096 "$password") + printf "users:" >> $name-userdata.yaml + printf "\n - name: ""%s" "$username" >> $name-userdata.yaml + printf "\n lock_passwd: False" >> $name-userdata.yaml # necessary to allow password login + printf "\n passwd: ""%s" "$passwd" >> $name-userdata.yaml + printf "\n sudo: \"ALL=(ALL) NOPASSWD:ALL\"" >> $name-userdata.yaml + else + printf "password: ""%s" "$password" >> $name-userdata.yaml + fi + printf "\nchpasswd: {expire: False}\n" >> $name-userdata.yaml + printf "ssh_pwauth: True\n" >> $name-userdata.yaml fi if [ -n "$COMPUTE_NODE_FQDN" ]; then - printf "fqdn: ""%s" "$COMPUTE_NODE_FQDN" >> $name-userdata.yaml - printf "\n" >> $name-userdata.yaml + printf "fqdn: ""%s" "$COMPUTE_NODE_FQDN" >> $name-userdata.yaml + printf "\n" >> $name-userdata.yaml fi printf "disable_root: false\n" >> $name-userdata.yaml printf "ssh_authorized_keys:\n - " >> $name-userdata.yaml if [ ! -f $HOME/.ssh/id_rsa.pub ]; then - yes y | ssh-keygen -t rsa -N "" -f $HOME/.ssh/id_rsa + yes y | ssh-keygen -t rsa -N "" -f $HOME/.ssh/id_rsa fi cat $HOME/.ssh/id_rsa.pub >> $name-userdata.yaml @@ -158,14 +182,14 @@ EOF } function make_bm_hosts { - while read -r name username password address; do - create_userdata $name + while IFS=',' read -r name ipmi_username ipmi_password ipmi_address os_username os_password os_image_name; do + create_userdata $name $os_username $os_password apply_userdata_credential $name go run $GOPATH/src/github.com/metal3-io/baremetal-operator/cmd/make-bm-worker/main.go \ - -address "ipmi://$address" \ - -password "$password" \ - -user "$username" \ + -address "ipmi://$ipmi_address" \ + -password "$ipmi_password" \ + -user "$ipmi_username" \ "$name" > $name-bm-node.yaml printf " image:" >> $name-bm-node.yaml @@ -190,13 +214,13 @@ function configure_nodes { } function remove_bm_hosts { - while read -r name username password address; do + while IFS=',' read -r name ipmi_username ipmi_password ipmi_address os_username os_password os_image_name; do deprovision_compute_node $name done } function cleanup { - while read -r name username password address; do + while IFS=',' read -r name ipmi_username ipmi_password ipmi_address os_username os_password os_image_name; do kubectl delete bmh $name -n metal3 kubectl delete secrets $name-bmc-secret -n metal3 kubectl delete secrets $name-user-data -n metal3 diff --git a/deploy/metal3/scripts/02_verify.sh b/deploy/metal3/scripts/02_verify.sh index 85a2a29..09030c1 100755 --- a/deploy/metal3/scripts/02_verify.sh +++ b/deploy/metal3/scripts/02_verify.sh @@ -14,7 +14,7 @@ function check_provisioned { declare -i prev_host_state=0 declare -i j=0 echo "Baremetal state: 1 means provisioned & 0 means not yet provisioned" - while read -r name username password address; do + while IFS=',' read -r name ipmi_username ipmi_password ipmi_address os_username os_password os_image_name; do declare -i current_host_state=0 state=$(kubectl get baremetalhosts $name -n metal3 -o json | jq -r '.status.provisioning.state') echo "Baremetal host metal3 state - "$name" : "$state diff --git a/deploy/metal3/scripts/03_verify_deprovisioning.sh b/deploy/metal3/scripts/03_verify_deprovisioning.sh index afe0497..4223cd8 100755 --- a/deploy/metal3/scripts/03_verify_deprovisioning.sh +++ b/deploy/metal3/scripts/03_verify_deprovisioning.sh @@ -14,7 +14,7 @@ function check_deprovisioned { declare -i prev_host_state=0 declare -i j=0 echo "Baremetal state: 1 means deprovisioned & 0 means not yet deprovisioned" - while read -r name username password address; do + while IFS=',' read -r name ipmi_username ipmi_password ipmi_address os_username os_password os_image_name; do declare -i current_host_state=0 state=$(kubectl get baremetalhosts $name -n metal3 -o json | jq -r '.status.provisioning.state') echo "Baremetal host metal3 state - "$name" : "$state diff --git a/env/lib/common.sh b/env/lib/common.sh index 39125ef..8ce0006 100755 --- a/env/lib/common.sh +++ b/env/lib/common.sh @@ -43,10 +43,6 @@ IRONIC_IPMI_INTERFACE_IP=${IRONIC_IPMI_INTERFACE_IP:-} BM_IMAGE_URL=${BM_IMAGE_URL:-"https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img"} BM_IMAGE=${BM_IMAGE:-"bionic-server-cloudimg-amd64.img"} -#Todo change into nodes list in json pattern -COMPUTE_NODE_FQDN=${COMPUTE_NODE_FQDN:-".akraino.org"} -COMPUTE_NODE_PASSWORD=${COMPUTE_NODE_PASSWORD:-"mypasswd"} - #refered from onap function call_api { #Runs curl with passed flags and provides @@ -81,21 +77,20 @@ function call_api { function list_nodes { NODES_FILE="${IRONIC_DATA_DIR}/nodes.json" - if [ ! -f $IRONIC_DATA_DIR/nodes.json ]; then + if [ ! -f "$NODES_FILE" ]; then exit 1 fi cat "$NODES_FILE" | \ - jq '.nodes[] | { - name, - username:.ipmi_driver_info.username, - password:.ipmi_driver_info.password, - address:.ipmi_driver_info.address - } | - .name + " " + - .username + " " + - .password + " " + - .address' \ - | sed 's/"//g' + jq -r '.nodes[] | [ + .name, + .ipmi_driver_info.username, + .ipmi_driver_info.password, + .ipmi_driver_info.address, + .os.username, + .os.password, + .os.image_name + ] | @csv' | \ + sed 's/"//g' } diff --git a/env/metal3/01_install_package.sh b/env/metal3/01_install_package.sh index bff8096..485fd18 100755 --- a/env/metal3/01_install_package.sh +++ b/env/metal3/01_install_package.sh @@ -46,7 +46,8 @@ function install_ironic_packages { python-netaddr \ python-openstackclient \ unzip \ - genisoimage + genisoimage \ + whois if [ "$1" == "offline" ]; then pip install --no-index -- 2.16.6