Update nova helm overrides for cold migration
Adds generation of public and private rsa ssh keys in nova overrides. These will be used by nova helm charts (see dependent commit) to fill appropriate files in all nova-compute pods in cluster. ssh keys are stored in sysinv db to maintain consistency. Also need to provide subnet used for ssh which will be cluster host network per recent commit (If6b918665131f01bc62687fbdc7978c5c103e3b7). Story: 2003909 Task: 28925 Depends-On: Id789ba051cec019e8b7564c713cf1b5296ecf9f6 Change-Id: I13aa90b1204e698846d4402048b3ca7f544da551 Signed-off-by: Gerry Kopec <gerry.kopec@windriver.com>
This commit is contained in:
Gerry Kopec
Gerry Kopec
parent
dd7fa2eff3
commit
a0be71beaa
|
|
@ -52,6 +52,8 @@ class NovaHelm(openstack.OpenstackBaseHelm):
|
|||
def get_overrides(self, namespace=None):
|
||||
scheduler_filters = SCHEDULER_FILTERS_COMMON
|
||||
|
||||
ssh_privatekey, ssh_publickey = \
|
||||
self._get_or_generate_ssh_keys(self.SERVICE_NAME, common.HELM_NS_OPENSTACK)
|
||||
overrides = {
|
||||
common.HELM_NS_OPENSTACK: {
|
||||
'pod': {
|
||||
|
|
@ -156,10 +158,18 @@ class NovaHelm(openstack.OpenstackBaseHelm):
|
|||
'nova_compute': {
|
||||
'hosts': self._get_per_host_overrides()
|
||||
}
|
||||
}
|
||||
},
|
||||
'ssh_private': ssh_privatekey,
|
||||
'ssh_public': ssh_publickey,
|
||||
},
|
||||
'endpoints': self._get_endpoints_overrides(),
|
||||
'images': self._get_images_overrides(),
|
||||
'network': {
|
||||
'sshd': {
|
||||
'enabled': True,
|
||||
'from_subnet': self._get_ssh_subnet(),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -357,6 +367,12 @@ class NovaHelm(openstack.OpenstackBaseHelm):
|
|||
libvirt_config.update({'live_migration_inbound_addr': cluster_host_ip})
|
||||
vnc_config.update({'vncserver_proxyclient_address': cluster_host_ip})
|
||||
|
||||
def _get_ssh_subnet(self):
|
||||
cluster_host_network = self.dbapi.network_get_by_type(
|
||||
constants.NETWORK_TYPE_CLUSTER_HOST)
|
||||
address_pool = self.dbapi.address_pool_get(cluster_host_network.pool_uuid)
|
||||
return '%s/%s' % (str(address_pool.network), str(address_pool.prefix))
|
||||
|
||||
def _update_host_memory(self, host, default_config):
|
||||
vswitch_2M_pages = []
|
||||
vswitch_1G_pages = []
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@
|
|||
import keyring
|
||||
import subprocess
|
||||
|
||||
from Crypto.PublicKey import RSA
|
||||
from sysinv.helm import base
|
||||
from sysinv.helm import common
|
||||
|
||||
|
|
@ -227,3 +228,34 @@ class OpenstackBaseHelm(base.BaseHelm):
|
|||
service, user, pw_format=common.PASSWORD_FORMAT_CEPH)
|
||||
|
||||
return passwords[service][user]
|
||||
|
||||
def _get_or_generate_ssh_keys(self, chart, namespace):
|
||||
try:
|
||||
override = self.dbapi.helm_override_get(name=chart,
|
||||
namespace=namespace)
|
||||
except exception.HelmOverrideNotFound:
|
||||
# Override for this chart not found, so create one
|
||||
values = {
|
||||
'name': chart,
|
||||
'namespace': namespace,
|
||||
}
|
||||
override = self.dbapi.helm_override_create(values=values)
|
||||
|
||||
privatekey = override.system_overrides.get('privatekey', None)
|
||||
publickey = override.system_overrides.get('publickey', None)
|
||||
|
||||
if privatekey and publickey:
|
||||
return str(privatekey), str(publickey)
|
||||
|
||||
# ssh keys are not set so generate them and store in overrides
|
||||
key = RSA.generate(2048)
|
||||
pubkey = key.publickey()
|
||||
newprivatekey = key.exportKey('PEM')
|
||||
newpublickey = pubkey.exportKey('OpenSSH')
|
||||
values = {'system_overrides': override.system_overrides}
|
||||
values['system_overrides'].update({'privatekey': newprivatekey,
|
||||
'publickey': newpublickey})
|
||||
self.dbapi.helm_override_update(
|
||||
name=chart, namespace=namespace, values=values)
|
||||
|
||||
return newprivatekey, newpublickey
|
||||
|
|
|
|||
Loading…
Reference in New Issue