File: magnum-common.postinst.in

package info (click to toggle)
magnum 11.0.0-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 7,600 kB
  • sloc: python: 38,851; sh: 10,144; makefile: 71
file content (279 lines) | stat: -rw-r--r-- 13,122 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
#!/bin/sh

set -e

CONF=/etc/magnum/magnum.conf

#PKGOS-INCLUDE#

create_magnum_domain () {
        local ADMIN_USER ADMIN_PASS NO_PROTO AFTER_PORT WRITE_CRED_URL WRITE_CRED_PROTO
        ADMIN_USER=${1}
        ADMIN_PASS=${2}

        db_get magnum/ksat-public-url
        KEYSTONE_PUBLIC_ENDPOINT=${RET}

        # Should we create a new keystone user?
        db_get magnum/ksat-create-service-user
        if [ "${RET}" = "true" ] ; then
                # Set command line credentials
                export OS_USERNAME=${ADMIN_USER}
                db_get magnum/ksat-admin-project-name
                export OS_TENANT_NAME=${RET}
                export OS_PROJECT_NAME=${RET}
                export OS_PASSWORD=${ADMIN_PASS}
                export OS_AUTH_URL=${KEYSTONE_PUBLIC_ENDPOINT}
                export OS_IDENTITY_API_VERSION=3
                export OS_PROJECT_DOMAIN_ID=default
                export OS_USER_DOMAIN_ID=default
                export OS_AUTH_TYPE=password

                db_get magnum/magnum_domain_name
                if [ -n "${RET}" ] ; then
                    MAGNUM_DOMAIN_NAME=${RET}
                fi

                echo "===> magnum-common: Creating domain ${MAGNUM_DOMAIN_NAME} ..."
                openstack domain create --or-show --description "Owns users and projects created by magnum" ${MAGNUM_DOMAIN_NAME}
        fi
}

write_admin_creds () {
        local WRITE_CRED_CONF_FNAME WRITE_CRED_PKG_NAME WRITE_CRED_SECTION NO_PROTO AFTER_PORT WRITE_CRED_URL WRITE_CRED_PROTO
        WRITE_CRED_CONF_FNAME=${1}
        WRITE_CRED_SECTION_KSAT=${2}
        WRITE_CRED_SECTION_MAGNUM=${3}
        WRITE_CRED_PKG_NAME=${4}

        db_get ${WRITE_CRED_PKG_NAME}/configure_ksat
        if [ "${RET}" = "true" ] ; then
                db_get ${WRITE_CRED_PKG_NAME}/ksat-public-url
                KEYSTONE_PUBLIC_ENDPOINT=${RET}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_KSAT} www_authenticate_uri ${KEYSTONE_PUBLIC_ENDPOINT}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_MAGNUM} www_authenticate_uri ${KEYSTONE_PUBLIC_ENDPOINT}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_KSAT} auth_uri ${KEYSTONE_PUBLIC_ENDPOINT}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_MAGNUM} auth_uri ${KEYSTONE_PUBLIC_ENDPOINT}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_KSAT} auth_url ${KEYSTONE_PUBLIC_ENDPOINT}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_MAGNUM} auth_url ${KEYSTONE_PUBLIC_ENDPOINT}
                db_get ${WRITE_CRED_PKG_NAME}/ksat-region
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_KSAT} region_name ${RET}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_MAGNUM} region_name ${RET}

                db_get ${WRITE_CRED_PKG_NAME}/ksat-service-username
                SERVICE_USERNAME=${RET}
                db_get ${WRITE_CRED_PKG_NAME}/ksat-service-project-name
                SERVICE_PROJECTNAME=${RET}
                db_get ${WRITE_CRED_PKG_NAME}/ksat-service-password
                SERVICE_PASSWORD=${RET}

                # Should we create a new keystone user?
                db_get ${WRITE_CRED_PKG_NAME}/ksat-create-service-user
                if [ "${RET}" = "true" ] ; then
                        # Set command line credentials
                        db_get ${WRITE_CRED_PKG_NAME}/ksat-admin-username
                        export OS_USERNAME=${RET}
                        db_get ${WRITE_CRED_PKG_NAME}/ksat-admin-project-name
                        export OS_TENANT_NAME=${RET}
                        export OS_PROJECT_NAME=${RET}
                        db_get ${WRITE_CRED_PKG_NAME}/ksat-admin-password
                        export OS_PASSWORD=${RET}
                        export OS_AUTH_URL=${KEYSTONE_PUBLIC_ENDPOINT}
                        export OS_IDENTITY_API_VERSION=3
                        export OS_PROJECT_DOMAIN_ID=default
                        export OS_USER_DOMAIN_ID=default
                        export OS_AUTH_TYPE=password

                        # And create that new service user with role admin
                        echo "Creating project ${SERVICE_PROJECTNAME} ..."
                        openstack project create --or-show ${SERVICE_PROJECTNAME} --description "Debian service project"

                        echo "Creating user ${SERVICE_USERNAME} ..."
                        openstack user create --or-show --password ${SERVICE_PASSWORD} --project ${SERVICE_PROJECTNAME} --email root@localhost --enable ${SERVICE_USERNAME}

                        # This should not be needed right now, so removing it...
                        # Edit: This is not truth, admin role is needed, it is also documented in documentation {kevko}
                        echo "Adding role admin to the user ${SERVICE_USERNAME}"
                        openstack role add --project ${SERVICE_PROJECTNAME} --user ${SERVICE_USERNAME} admin
                        # Edit : This is bad >> {kevko}
                        #echo "Adding role service to the user ${SERVICE_USERNAME} ..."
                        #openstack role add --project ${SERVICE_PROJECTNAME} --user ${SERVICE_USERNAME} service
                fi
                echo "===> opensatck-pkg-tools: writing ${WRITE_CRED_SECTION_KSAT} credentials for user ${SERVICE_USERNAME} and project ${SERVICE_PROJECTNAME} ..."
                echo "===> opensatck-pkg-tools: writing ${WRITE_CRED_SECTION_MAGNUM} credentials for user ${SERVICE_USERNAME} and project ${SERVICE_PROJECTNAME} ..."
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_KSAT} username ${SERVICE_USERNAME}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_MAGNUM} username ${SERVICE_USERNAME}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_KSAT} project_name ${SERVICE_PROJECTNAME}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_MAGNUM} project_name ${SERVICE_PROJECTNAME}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_KSAT} password ${SERVICE_PASSWORD}
                pkgos_inifile set ${WRITE_CRED_CONF_FNAME} ${WRITE_CRED_SECTION_MAGNUM} password ${SERVICE_PASSWORD}
        fi
	# For security reasons, we don't keep the auth-token in the debconf
	# memory, so we purge it with db_unregister.
	db_unregister ${WRITE_CRED_PKG_NAME}/ksat-admin-password
	# Very likely, we don't want any upgrade to touch an already
	# working value of keystone_authtoken, so it's best to just
	# unregister this.
	db_unregister ${WRITE_CRED_PKG_NAME}/configure_ksat
}

create_magnum_domain_admin () {
        local ADMIN_USER ADMIN_PASS NO_PROTO AFTER_PORT WRITE_CRED_URL WRITE_CRED_PROTO
        ADMIN_USER=${1}
        ADMIN_PASS=${2}

        db_get magnum/ksat-public-url
        KEYSTONE_PUBLIC_ENDPOINT=${RET}

        # Should we create a new keystone user?
        db_get magnum/ksat-create-service-user
        if [ "${RET}" = "true" ] ; then
                # Set command line credentials
                export OS_USERNAME=${ADMIN_USER}
                db_get magnum/ksat-admin-project-name
                export OS_TENANT_NAME=${RET}
                export OS_PROJECT_NAME=${RET}
                export OS_PASSWORD=${ADMIN_PASS}
                export OS_AUTH_URL=${KEYSTONE_PUBLIC_ENDPOINT}
                export OS_IDENTITY_API_VERSION=3
                export OS_PROJECT_DOMAIN_ID=default
                export OS_USER_DOMAIN_ID=default
                export OS_AUTH_TYPE=password

                db_get magnum/magnum_domain_admin_username
                if [ -n "${RET}" ] ; then
                    MAGNUM_DOMAIN_ADMIN=${RET}
                fi
                db_get magnum/magnum_domain_admin_password
                if [ -n "${RET}" ] ; then
                    MAGNUM_DOMAIN_ADMIN_PASS=${RET}
                fi
                db_get magnum/magnum_domain_name
                if [ -n "${RET}" ] ; then
                    MAGNUM_DOMAIN_NAME=${RET}
                fi

                echo "===> magnum-common: Creating user ${MAGNUM_DOMAIN_ADMIN} ..."
                openstack user create --or-show --domain ${MAGNUM_DOMAIN_NAME} --password ${MAGNUM_DOMAIN_ADMIN_PASS} --email root@localhost --enable ${MAGNUM_DOMAIN_ADMIN}

                echo "===> magnum-common: Adding role domain admin to the user ${MAGNUM_DOMAIN_ADMIN} for domain ${MAGNUM_DOMAIN_NAME}"
                openstack role add --domain ${MAGNUM_DOMAIN_NAME} --user-domain ${MAGNUM_DOMAIN_NAME} --user ${MAGNUM_DOMAIN_ADMIN} admin
        fi
}

create_docker_volume_type () {
        local ADMIN_USER ADMIN_PASS NO_PROTO AFTER_PORT WRITE_CRED_URL WRITE_CRED_PROTO
        ADMIN_USER=${1}
        ADMIN_PASS=${2}

        db_get magnum/ksat-public-url
        KEYSTONE_PUBLIC_ENDPOINT=${RET}

        # Should we create a new keystone user?
        db_get magnum/ksat-create-service-user
        if [ "${RET}" = "true" ] ; then
                # Set command line credentials
                export OS_USERNAME=${ADMIN_USER}
                db_get magnum/ksat-admin-project-name
                export OS_TENANT_NAME=${RET}
                export OS_PROJECT_NAME=${RET}
                export OS_PASSWORD=${ADMIN_PASS}
                export OS_AUTH_URL=${KEYSTONE_PUBLIC_ENDPOINT}
                export OS_IDENTITY_API_VERSION=3
                export OS_PROJECT_DOMAIN_ID=default
                export OS_USER_DOMAIN_ID=default
                export OS_AUTH_TYPE=password

		db_get magnum/default_docker_volume_type
                if [ -n "${RET}" ] ; then
			# --or-show not working , so we have to do workaround with show
                        if ! openstack volume type show ${RET} > /dev/null; then
                                echo "===> magnum-common: Creating cinder volume type ${RET} ..."
                                openstack volume type create ${RET} --description "Cinder volume type used by magnum."
                        else
                                echo "===> magnum-common: Cinder volume type ${RET} already exist."
                        fi
			pkgos_inifile set ${CONF} cinder default_docker_volume_type ${RET}
		fi
        fi
}

manage_trust_config () {
        db_get magnum/magnum_domain_admin_username
        pkgos_inifile set ${CONF} trust trustee_domain_admin_name ${RET}

	db_get magnum/magnum_domain_admin_password
        pkgos_inifile set ${CONF} trust trustee_domain_admin_password ${RET}

        db_get magnum/magnum_domain_name
        pkgos_inifile set ${CONF} trust trustee_domain_name ${RET}

	db_get magnum/keystone_interface
	pkgos_inifile set ${CONF} trust trustee_keystone_interface ${RET}
}

manage_cinder_os_region () {
        db_get magnum/cinder_os_region_name
        if [ -n "${RET}" ] ; then
                pkgos_inifile set ${CONF} cinder_client region_name ${RET}
        fi
}

if [ "$1" = "configure" ] || [ "$1" = "reconfigure" ] ; then
	. /usr/share/debconf/confmodule
	. /usr/share/dbconfig-common/dpkg/postinst

	pkgos_var_user_group magnum

	pkgos_write_new_conf magnum magnum.conf
	pkgos_write_new_conf magnum policy.json
	pkgos_write_new_conf magnum api-paste.ini
	pkgos_write_new_conf magnum keystone_auth_default_policy.json

	pkgos_rabbit_write_conf ${CONF} oslo_messaging_rabbit magnum


	db_get magnum/configure_db
	if [ "$RET" = "true" ]; then
		pkgos_dbc_postinst ${CONF} database connection magnum $@
		echo "Now calling magnum-db-manage: this may take a while..."
		su -s /bin/sh -c 'magnum-db-manage --config-file=/etc/magnum/magnum.conf upgrade' magnum
	fi
	db_get magnum/configure_ksat
	if [ "${RET}" = "true" ] ; then
		db_get magnum/ksat-admin-password
		ADMIN_PASS=${RET}
		db_get magnum/ksat-admin-username
		ADMIN_USER=${RET}
		db_get magnum/ksat-service-password
		SERVICE_PASS=${RET}
		write_admin_creds ${CONF} keystone_authtoken keystone_auth magnum
		db_get magnum/ksat-service-username
		SERVICE_USER=${RET}
		pkgos_inifile set ${CONF} keystone_authtoken admin_user ${SERVICE_USER}
		pkgos_inifile set ${CONF} keystone_authtoken admin_password ${SERVICE_PASS}
		pkgos_inifile set ${CONF} keystone_auth admin_user ${SERVICE_USER}
		pkgos_inifile set ${CONF} keystone_auth admin_password ${SERVICE_PASS}
		db_get magnum/ksat-service-project-name
		ADMIN_TENANT_NAME=${RET}
		pkgos_inifile set ${CONF} keystone_authtoken admin_tenant_name ${ADMIN_TENANT_NAME}
		pkgos_inifile set ${CONF} keystone_auth admin_tenant_name ${ADMIN_TENANT_NAME}
		
		create_magnum_domain ${ADMIN_USER} ${ADMIN_PASS}
		create_magnum_domain_admin ${ADMIN_USER} ${ADMIN_PASS}
		db_get magnum/create_volume_type
		if [ "${RET}" = "true" ] ; then
			create_docker_volume_type ${ADMIN_USER} ${ADMIN_PASS}
		fi
	fi
	db_get magnum/configure_with_debconf
	if [ "${RET}" = "true" ] ; then
		manage_trust_config
		manage_cinder_os_region
	fi
	db_unregister magnum/configure_with_debconf
fi

#DEBHELPER#

exit 0