def _config_reset_cmd(): """config_reset command args for config_reset command - none """ kolla_etc = get_kolla_etc() kolla_home = get_kolla_ansible_home() kollacli_etc = get_kolla_cli_etc() group_vars_path = os.path.join(kolla_home, 'ansible/group_vars') host_vars_path = os.path.join(kolla_home, 'ansible/host_vars') globals_path = os.path.join(group_vars_path, '__GLOBAL__') inventory_path = os.path.join(kollacli_etc, 'ansible/inventory.json') # truncate global property and inventory files with open(globals_path, 'w') as globals_file: globals_file.truncate() with open(inventory_path, 'w') as inventory_file: inventory_file.truncate() # clear all passwords clear_all_passwords() # nuke all files under the kolla etc base, skipping everything # in the kolla-cli directory and the globals.yml and passwords.yml files for dir_path, dir_names, file_names in os.walk(kolla_etc, topdown=False): if 'kolla-cli' not in dir_path: for dir_name in dir_names: if dir_name != 'kolla-cli': os.rmdir(os.path.join(dir_path, dir_name)) for file_name in file_names: if file_name == 'passwords.yml' or file_name == 'globals.yml': continue os.remove(os.path.join(dir_path, file_name)) # nuke all property files under the kolla-ansible base other than # all.yml and the global property file which we truncate above for dir_path, _, file_names in os.walk(group_vars_path): for file_name in file_names: if (file_name != '__GLOBAL__' and file_name != 'all.yml'): os.remove(os.path.join(dir_path, file_name)) for dir_path, _, file_names in os.walk(host_vars_path): for file_name in file_names: os.remove(os.path.join(dir_path, file_name))
def precheck(self, hostnames=[], servicenames=[]): '''run check playbooks on a set of hosts''' # check that password file has no empty password values empty_keys = get_empty_password_values() if empty_keys: raise InvalidConfiguration( u._('password check failed. There are empty password values ' 'in {etc}passwords.yml. ' 'Please run kolla-cli password init or ' 'kolla-cli password set(key) to correct them. ' '\nEmpty passwords: ' '{keys}').format(etc=get_kolla_etc(), keys=empty_keys)) # define 'hosts' to be all, but inventory filtering will subset # that down to the hosts in playbook.hosts. self.playbook.hosts = hostnames self.playbook.services = servicenames self.playbook.extra_vars = 'kolla_action=precheck' self.playbook.print_output = True job = self.playbook.run() return job
def test_password_set_clear(self): # test list msg = self.run_cli_cmd('password list') key = 'database_password' value = '-' ok = self._password_value_exists(key, value, msg) self.assertTrue( ok, 'list failed. Password (%s/%s) not in output: %s' % (key, value, msg)) # test setting empty password self.run_cli_cmd('password set %s --insecure' % key) msg = self.run_cli_cmd('password list') ok = self._password_value_exists(key, '-', msg) self.assertTrue( ok, 'set empty password failed. Password ' + '(%s/-) not in output: %s' % (key, msg)) # test setting None password CLIENT.password_set(key, None) msg = self.run_cli_cmd('password list') ok = self._password_value_exists(key, '-', msg) self.assertTrue( ok, 'set None password failed. Password ' + '(%s/-) not in output: %s' % (key, msg)) # test clear key = 'database_password' value = '-' self.run_cli_cmd('password clear %s' % key) msg = self.run_cli_cmd('password list') ok = self._password_value_exists(key, value, msg) self.assertTrue( ok, 'clear password failed. Password ' + '(%s/%s) not in output: %s' % (key, value, msg)) # test setting an ssh key key = 'nova_ssh_key' CLIENT.password_set_sshkey(key, PRIVATE_KEY, PUBLIC_KEY) keynames = CLIENT.password_get_names() self.assertIn(key, keynames, 'ssh key not in passwords') # test modify non-ssh password key = 'database_password' value = '-' self.run_cli_cmd('password set %s --insecure %s' % (key, value)) msg = self.run_cli_cmd('password list') ok = self._password_value_exists(key, value, msg) self.assertTrue( ok, 'set modify password failed. Password ' + '(%s/%s) not in output: %s' % (key, value, msg)) # test to make sure that saves / loads aren't doing something # bad to the password file size CLIENT.password_clear(key) # snapshot file size with key cleared password_file_path = os.path.join(get_kolla_etc(), 'passwords.yml') size_start = os.path.getsize(password_file_path) # set and clear password CLIENT.password_set(key, value) CLIENT.password_clear(key) size_end = os.path.getsize(password_file_path) self.assertEqual( size_start, size_end, 'password file size changed ' + 'during set/clear (%s/%s)' % (size_start, size_end)) # make sure to end the test with the password init, as some other # non-password related tests require that all passwords in the file # be populated CLIENT.password_init()
# # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import os import sys from kolla_cli.common import utils kolla_ansible_source_base = '../kolla-ansible' kolla_ansible_home_target = utils.get_kolla_ansible_home() kolla_ansible_etc_target = utils.get_kolla_etc() ansible = 'ansible' kolla = 'kolla' kolla_cli = 'kolla-cli' tools = 'tools' def setup_ansible_etc(): # if the kolla-cli directory for the inventory doesn't exist # already then make it. this will also create the directory the # globals and password file goes into cli_etc_dir = os.path.join(kolla_ansible_etc_target, kolla_cli, ansible) if not os.path.exists(cli_etc_dir): make_cli_etc_dir_cmd = ('mkdir -p %s' % cli_etc_dir) _command_exec(make_cli_etc_dir_cmd)
def _get_password_path(self): kolla_etc = get_kolla_etc() return ('-e @' + os.path.join(kolla_etc, 'passwords.yml '))
def _get_cmd_prefix(): actions_path = utils.get_kolla_actions_path() pwd_file_path = os.path.join(utils.get_kolla_etc(), PWDS_FILENAME) prefix = ('%s password -p %s ' % (actions_path, pwd_file_path)) return prefix
def test_password_set_clear(self): # This test should leave the passwords.yml file unchanged # after the test completes. pwds_path = os.path.join(get_kolla_etc(), 'passwords.yml') size_start = os.path.getsize(pwds_path) # test list msg = self.run_cli_cmd('password list') key = 'database_password' value = '-' ok = self._password_value_exists(key, value, msg) self.assertTrue(ok, 'list failed. Password (%s/%s) not in output: %s' % (key, value, msg)) # test append key = 'TeStKeY' value = '-' self.run_cli_cmd('password set %s --insecure %s' % (key, value)) msg = self.run_cli_cmd('password list') ok = self._password_value_exists(key, value, msg) self.assertTrue(ok, 'set new password failed. Password ' + '(%s/%s) not in output: %s' % (key, value, msg)) # test modify existing key = 'TeStKeY' value = '-' self.run_cli_cmd('password set %s --insecure %s' % (key, value)) msg = self.run_cli_cmd('password list') ok = self._password_value_exists(key, value, msg) self.assertTrue(ok, 'set modify password failed. Password ' + '(%s/%s) not in output: %s' % (key, value, msg)) # test setting empty password self.run_cli_cmd('password set %s --insecure' % key) msg = self.run_cli_cmd('password list') ok = self._password_value_exists(key, '-', msg) self.assertTrue(ok, 'set empty password failed. Password ' + '(%s/-) not in output: %s' % (key, msg)) # test setting None password CLIENT.password_set(key, None) msg = self.run_cli_cmd('password list') ok = self._password_value_exists(key, '-', msg) self.assertTrue(ok, 'set None password failed. Password ' + '(%s/-) not in output: %s' % (key, msg)) # test clear key = 'TeStKeY' value = '-' self.run_cli_cmd('password clear %s' % key) msg = self.run_cli_cmd('password list') ok = self._password_value_exists(key, value, msg) self.assertFalse(ok, 'clear password failed. Password ' + '(%s/%s) not in output: %s' % (key, value, msg)) # test setting/clearing an ssh key key = 'TeStKeY' CLIENT.password_set_sshkey(key, PRIVATE_KEY, PUBLIC_KEY) keynames = CLIENT.password_get_names() self.assertIn(key, keynames, 'ssh key not in passwords') CLIENT.password_clear(key) keynames = CLIENT.password_get_names() self.assertNotIn(key, keynames, 'ssh key not cleared from passwords') # check that passwords.yml file size didn't change size_end = os.path.getsize(pwds_path) self.assertEqual(size_start, size_end, 'passwords.yml size changed ' + 'from %s to %s' % (size_start, size_end)) # check that password init does not throw an exception self.run_cli_cmd('password init')
def _run_deploy_rules(playbook): properties = AnsibleProperties() inventory = Inventory.load() # check that password file has no empty password values empty_keys = get_empty_password_values() if empty_keys: raise InvalidConfiguration( u._('Deploy failed. There are empty password values ' 'in {etc}passwords.yml. ' 'Please run kolla-cli password init or ' 'kolla-cli password set(key) to correct them. ' '\nEmpty passwords: ' '{keys}').format(etc=get_kolla_etc(), keys=empty_keys)) # cannot have both groups and hosts if playbook.hosts and playbook.groups: raise InvalidArgument( u._('Hosts and Groups arguments cannot ' 'both be present at the same time.')) # verify that all services exists if playbook.services: for service in playbook.services: valid_service = inventory.get_service(service) if not valid_service: raise NotInInventory(u._('Service'), service) # check that every group with enabled services # has hosts associated to it group_services = inventory.get_group_services() failed_groups = [] failed_services = [] if group_services: for (groupname, servicenames) in group_services.items(): group = inventory.get_group(groupname) hosts = group.get_hostnames() group_needs_host = False if not hosts: for servicename in servicenames: if _is_service_enabled(servicename, inventory, properties): group_needs_host = True failed_services.append(servicename) if group_needs_host: failed_groups.append(groupname) if len(failed_groups) > 0: raise InvalidConfiguration( u._('Deploy failed. ' 'Groups: {groups} with enabled ' 'services : {services} ' 'have no associated hosts').format( groups=failed_groups, services=failed_services)) # check that ring files are in /etc/kolla/config/swift if # swift is enabled expected_files = ['account.ring.gz', 'container.ring.gz', 'object.ring.gz'] is_swift_enabled = _is_service_enabled('swift', inventory, properties) if is_swift_enabled: path_pre = os.path.join(get_kolla_etc(), 'config', 'swift') for expected_file in expected_files: path = os.path.join(path_pre, expected_file) if not os.path.isfile(path): msg = u._('Deploy failed. ' 'Swift is enabled but ring buffers have ' 'not yet been set up. Please see the ' 'documentation for swift configuration ' 'instructions.') raise InvalidConfiguration(msg)