Skip to content

Commit

Permalink
Merge "Partial-Bug: #1595577 Create web-ui SSL keys at provisioning i…
Browse files Browse the repository at this point in the history 
…n /etc/contrail/webui_ssl directory and update in the config file with this path. During upgrade do not update these two files if already available."
  • Loading branch information
@opencontrail-ci-admin
Zuul authored and opencontrail-ci-admin committed Jul 12, 2016
2 parents 3683ab2 + d69c4aa commit 09f5e4e
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 1 deletion.
32 changes: 31 additions & 1 deletion contrail_provisioning/webui/setup.py
View file
Expand Up @@ -78,6 +78,16 @@ def fixup_config_global_js(self):
admin_user = self._args.admin_user
admin_password = self._args.admin_password
admin_tenant_name = self._args.admin_tenant_name
keys_path = '/etc/contrail/webui_ssl/'
keys_re_path = '\/etc\/contrail\/webui_ssl\/'

#Dynamically create keys
local("sudo mkdir -p %s" %(keys_path))
key_cmd = ('sudo openssl req -new -newkey rsa:2048 -nodes -out %s%s -keyout %s%s -subj "/C=US/ST=CA/L=Sunnyvale/O=Juniper Networks/OU=Juniper CA/CN=ContrailCA"') %(keys_path, 'certrequest.csr', keys_path, 'cs-key.pem')
local(key_cmd)
cert_cmd = ('sudo openssl x509 -req -days 730 -in %s%s -signkey %s%s -out %s%s') %(keys_path, 'certrequest.csr', keys_path, 'cs-key.pem', keys_path, 'cs-crt.crt',)
local (cert_cmd)
local('sudo cat %s%s %s%s > %s%s' %(keys_path, 'cs-key.pem', keys_path, 'cs-crt.crt', keys_path, 'cs-cert.pem'))

local("sudo sed \"s/config.cnfg.server_ip.*/config.cnfg.server_ip = '%s';/g\" /etc/contrail/config.global.js > config.global.js.new" %(contrail_internal_vip or self._args.cfgm_ip))
local("sudo mv config.global.js.new /etc/contrail/config.global.js")
Expand Down Expand Up @@ -110,6 +120,25 @@ def fixup_config_global_js(self):
if self._args.redis_password:
local("sudo sed \"s/config.redis_password.*/config.redis_password = '%s';/g\" /etc/contrail/config.global.js > config.global.js.new" %(self._args.redis_password))
local("sudo mv config.global.js.new /etc/contrail/config.global.js")
with settings(warn_only=True):
server_options = local('cat /etc/contrail/config.global.js | grep config.server_options', capture=True)
keys_path_specified = local('cat /etc/contrail/config.global.js | grep config.server_options.key_file', capture=True)
cert_path_specified = local('cat /etc/contrail/config.global.js | grep config.server_options.cert_file', capture=True)
if not server_options:
local("sudo sed \"/config.getDomainsFromApiServer/ a \\\n// server_options\\nconfig.server_options = {};\" /etc/contrail/config.global.js > config.global.js.new")
local("sudo mv config.global.js.new /etc/contrail/config.global.js")
if keys_path_specified:
local("sudo sed \"s/config.server_options.key_file.*/config.server_options.key_file = '" + keys_re_path + "cs-key.pem';/g\" /etc/contrail/config.global.js > config.global.js.new")
local("sudo mv config.global.js.new /etc/contrail/config.global.js")
else:
local("sudo sed \"/config.server_options/ a \\\n// key_file \\nconfig.server_options.key_file = '" + keys_path + "cs-key.pem';\" /etc/contrail/config.global.js > config.global.js.new")
local("sudo mv config.global.js.new /etc/contrail/config.global.js")
if cert_path_specified:
local("sudo sed \"s/config.server_options.cert_file.*/config.server_options.cert_file = '" + keys_re_path + "cs-cert.pem';/g\" /etc/contrail/config.global.js > config.global.js.new")
local("sudo mv config.global.js.new /etc/contrail/config.global.js")
else:
local("sudo sed \"/config.server_options.key_file/ a \\\n// cert_file \\nconfig.server_options.cert_file = '" + keys_path + "cs-cert.pem';\" /etc/contrail/config.global.js > config.global.js.new")
local("sudo mv config.global.js.new /etc/contrail/config.global.js")
if self._args.vcenter_ip:
orchestrator = 'vcenter'
local("sudo sed \"s/config.vcenter.server_ip.*/config.vcenter.server_ip = '%s';/g\" /etc/contrail/config.global.js > config.global.js.new" %(self._args.vcenter_ip))
Expand All @@ -128,14 +157,15 @@ def fixup_config_global_js(self):
if self._args.vcenter_dvswitch:
local("sudo sed \"s/config.vcenter.dvsswitch.*/config.vcenter.dvsswitch = '%s';/g\" /etc/contrail/config.global.js > config.global.js.new" %(self._args.vcenter_dvswitch))
local("sudo mv config.global.js.new /etc/contrail/config.global.js")

if self._args.orchestrator == 'vcenter':
with settings(warn_only=True):
mt_enable_variable = local('cat /etc/contrail/config.global.js | grep config.multi_tenancy', capture=True);
if mt_enable_variable:
local("sudo sed \"s/config.multi_tenancy.enabled.*/config.multi_tenancy.enabled = false;/g\" /etc/contrail/config.global.js > config.global.js.new")
local("sudo mv config.global.js.new /etc/contrail/config.global.js")
else:
local("sudo sed \"/config.vcenter.ca/ a \\\n// multi_tenancy\\nconfig.multi_tenancy = {};\\nconfig.multi_tenancy.enabled = false;\" /etc/contrail/config.global.js > config.global.js.new")
local("sudo sed \"/config.vcenter.wsdl/ a \\\n// multi_tenancy\\nconfig.multi_tenancy = {};\\nconfig.multi_tenancy.enabled = false;\" /etc/contrail/config.global.js > config.global.js.new")
local("sudo mv config.global.js.new /etc/contrail/config.global.js")
with settings(warn_only=True):
static_auth = local('cat /etc/contrail/config.global.js | grep config.staticAuth', capture=True)
Expand Down
4 changes: 4 additions & 0 deletions contrail_provisioning/webui/upgrade.py
View file
Expand Up @@ -24,6 +24,10 @@ def update_upgrade_data(self):
'/etc/contrail/config.global.js')
self.upgrade_data['restore'].append(
'/etc/contrail/contrail-webui-userauth.js')
self.upgrade_data['restore'].append(
'/etc/contrail/webui_ssl/cs-key.pem')
self.upgrade_data['restore'].append(
'/etc/contrail/webui_ssl/cs-cert.pem')

def restart(self):
local('service supervisor-webui restart')
Expand Down

0 comments on commit 09f5e4e

Please sign in to comment.