From a0be71beaa137e9116ad55e55d0e5ab88db87e95 Mon Sep 17 00:00:00 2001 From: Gerry Kopec Date: Wed, 9 Jan 2019 07:18:29 -0500 Subject: [PATCH] Update nova helm overrides for cold migration Adds generation of public and private rsa ssh keys in nova overrides. These will be used by nova helm charts (see dependent commit) to fill appropriate files in all nova-compute pods in cluster. ssh keys are stored in sysinv db to maintain consistency. Also need to provide subnet used for ssh which will be cluster host network per recent commit (If6b918665131f01bc62687fbdc7978c5c103e3b7). Story: 2003909 Task: 28925 Depends-On: Id789ba051cec019e8b7564c713cf1b5296ecf9f6 Change-Id: I13aa90b1204e698846d4402048b3ca7f544da551 Signed-off-by: Gerry Kopec --- sysinv/sysinv/sysinv/sysinv/helm/nova.py | 18 ++++++++++- sysinv/sysinv/sysinv/sysinv/helm/openstack.py | 32 +++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) diff --git a/sysinv/sysinv/sysinv/sysinv/helm/nova.py b/sysinv/sysinv/sysinv/sysinv/helm/nova.py index 73333cca37..c3303021d3 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/nova.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/nova.py @@ -52,6 +52,8 @@ class NovaHelm(openstack.OpenstackBaseHelm): def get_overrides(self, namespace=None): scheduler_filters = SCHEDULER_FILTERS_COMMON + ssh_privatekey, ssh_publickey = \ + self._get_or_generate_ssh_keys(self.SERVICE_NAME, common.HELM_NS_OPENSTACK) overrides = { common.HELM_NS_OPENSTACK: { 'pod': { @@ -156,10 +158,18 @@ class NovaHelm(openstack.OpenstackBaseHelm): 'nova_compute': { 'hosts': self._get_per_host_overrides() } - } + }, + 'ssh_private': ssh_privatekey, + 'ssh_public': ssh_publickey, }, 'endpoints': self._get_endpoints_overrides(), 'images': self._get_images_overrides(), + 'network': { + 'sshd': { + 'enabled': True, + 'from_subnet': self._get_ssh_subnet(), + } + } } } @@ -357,6 +367,12 @@ class NovaHelm(openstack.OpenstackBaseHelm): libvirt_config.update({'live_migration_inbound_addr': cluster_host_ip}) vnc_config.update({'vncserver_proxyclient_address': cluster_host_ip}) + def _get_ssh_subnet(self): + cluster_host_network = self.dbapi.network_get_by_type( + constants.NETWORK_TYPE_CLUSTER_HOST) + address_pool = self.dbapi.address_pool_get(cluster_host_network.pool_uuid) + return '%s/%s' % (str(address_pool.network), str(address_pool.prefix)) + def _update_host_memory(self, host, default_config): vswitch_2M_pages = [] vswitch_1G_pages = [] diff --git a/sysinv/sysinv/sysinv/sysinv/helm/openstack.py b/sysinv/sysinv/sysinv/sysinv/helm/openstack.py index dd22efa65e..26624e774c 100644 --- a/sysinv/sysinv/sysinv/sysinv/helm/openstack.py +++ b/sysinv/sysinv/sysinv/sysinv/helm/openstack.py @@ -7,6 +7,7 @@ import keyring import subprocess +from Crypto.PublicKey import RSA from sysinv.helm import base from sysinv.helm import common @@ -227,3 +228,34 @@ class OpenstackBaseHelm(base.BaseHelm): service, user, pw_format=common.PASSWORD_FORMAT_CEPH) return passwords[service][user] + + def _get_or_generate_ssh_keys(self, chart, namespace): + try: + override = self.dbapi.helm_override_get(name=chart, + namespace=namespace) + except exception.HelmOverrideNotFound: + # Override for this chart not found, so create one + values = { + 'name': chart, + 'namespace': namespace, + } + override = self.dbapi.helm_override_create(values=values) + + privatekey = override.system_overrides.get('privatekey', None) + publickey = override.system_overrides.get('publickey', None) + + if privatekey and publickey: + return str(privatekey), str(publickey) + + # ssh keys are not set so generate them and store in overrides + key = RSA.generate(2048) + pubkey = key.publickey() + newprivatekey = key.exportKey('PEM') + newpublickey = pubkey.exportKey('OpenSSH') + values = {'system_overrides': override.system_overrides} + values['system_overrides'].update({'privatekey': newprivatekey, + 'publickey': newpublickey}) + self.dbapi.helm_override_update( + name=chart, namespace=namespace, values=values) + + return newprivatekey, newpublickey