From: Pawel Wieczorek Date: Wed, 30 Dec 2020 07:58:46 +0000 (+0100) Subject: Divide OpenStack management access to admin and user X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F45%2F116545%2F2;p=integration.git Divide OpenStack management access to admin and user This patch adds OpenStack admin management access to the local "root" user. Admin access is necessary to make changes to the default DevStack configuration after its creation. Package "python-openstackclient" is now installed globally (as root). This is the reason why it requires additional flag ("--ignore-installed") for overriding packages already available on the system - specifically PyYAML (3.11 available, 3.12 required). Issue-ID: INT-1601 Change-Id: Ia5a1000f2f2066073c4e4a92fcb823eed17c36fd Signed-off-by: Pawel Wieczorek --- diff --git a/deployment/noheat/infra-openstack/vagrant/Vagrantfile b/deployment/noheat/infra-openstack/vagrant/Vagrantfile index 618a71b49..3bb009338 100644 --- a/deployment/noheat/infra-openstack/vagrant/Vagrantfile +++ b/deployment/noheat/infra-openstack/vagrant/Vagrantfile @@ -6,8 +6,11 @@ synced_folder_ansible = "/ansible" synced_folder_main = "/vagrant" synced_folder_config = "#{synced_folder_main}/config" os_config = "#{synced_folder_config}/local.conf" -os_clouds = "#{synced_folder_config}/clouds.yaml" +os_clouds_template = "#{synced_folder_config}/clouds.yaml" os_clouds_dir = "${HOME}/.config/openstack" +os_clouds_config = "#{os_clouds_dir}/clouds.yaml" +os_admin = "admin" +os_user = "demo" vm_cpu = 1 vm_cpus = 4 @@ -54,20 +57,28 @@ SCRIPT $setup_py = <<-SCRIPT export DEBIAN_FRONTEND=noninteractive - sudo -E apt-get update - sudo -E apt-get install -yq python3-distutils + apt-get update + apt-get install -yq python3-distutils curl -fsSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py - sudo -H python3 get-pip.py - pip install ansible python-openstackclient + python3 get-pip.py +SCRIPT + +$setup_openstackclient = <<-SCRIPT + pip install --ignore-installed python-openstackclient + mkdir -p #{os_clouds_dir} +SCRIPT + +$setup_openstacksdk = <<-SCRIPT + pip install ansible openstacksdk mkdir -p #{os_clouds_dir} SCRIPT -$link_file = <<-SCRIPT - src="$1" - dst="$2" - echo "Symlinking ${src} to ${dst}" - ln -sf "$src" "$dst" +$create_os_clouds = <<-SCRIPT + user="$1" + template="$2" + config="$3" + OS_USERNAME="$user" envsubst < "$template" > "$config" SCRIPT $run_playbook = <<-SCRIPT @@ -111,11 +122,17 @@ Vagrant.configure("2") do |config| config.vm.synced_folder ".", synced_folder_main, type: "rsync", rsync__exclude: "Vagrantfile" config.vm.synced_folder host_folder_ansible, synced_folder_ansible, type: "rsync" - config.vm.provision "setup_openstacksdk", type: :shell, privileged: false, inline: $setup_py - config.vm.provision "link_os_clouds", type: :shell, run: "always" do |s| + config.vm.provision "setup_py", type: :shell, inline: $setup_py + config.vm.provision "setup_openstackclient", type: :shell, inline: $setup_openstackclient + config.vm.provision "create_os_clouds_admin", type: :shell, run: "always" do |s| + s.inline = $create_os_clouds + s.args = [os_admin, os_clouds_template, os_clouds_config] + end + config.vm.provision "setup_openstacksdk", type: :shell, privileged: false, inline: $setup_openstacksdk + config.vm.provision "create_os_clouds", type: :shell, run: "always" do |s| s.privileged = false - s.inline = $link_file - s.args = [os_clouds, os_clouds_dir] + s.inline = $create_os_clouds + s.args = [os_user, os_clouds_template, os_clouds_config] end config.vm.post_up_message = operation_post_msg diff --git a/deployment/noheat/infra-openstack/vagrant/config/clouds.yaml b/deployment/noheat/infra-openstack/vagrant/config/clouds.yaml index 2763c896e..f4a009302 100644 --- a/deployment/noheat/infra-openstack/vagrant/config/clouds.yaml +++ b/deployment/noheat/infra-openstack/vagrant/config/clouds.yaml @@ -2,7 +2,7 @@ clouds: openstack: auth: auth_url: http://172.17.5.200/identity - username: "demo" + username: "${OS_USERNAME}" password: "default123456!" project_name: "demo" project_domain_name: "Default"