Skip to content

Commit

Permalink
Implement support for creating default users in the OVA
Browse files Browse the repository at this point in the history
  • Loading branch information
lcastellano committed Aug 22, 2017
1 parent 4d3812a commit 5f66cda
Show file tree
Hide file tree
Showing 7 changed files with 225 additions and 9 deletions.
20 changes: 20 additions & 0 deletions installer/fileserver/tasks.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,14 @@ func registerWithPSC(ctx context.Context) error {
}
admiralPort := ovf.Properties["management_portal.port"]

// Out of the box users
defCreateUsers, foundCreateUsers := ovf.Properties["default_users.create_def_users"]
defPrefix, foundPrefix := ovf.Properties["default_users.def_user_prefix"]
defPassword, foundPassword := ovf.Properties["default_users.def_user_password"]

log.Infof("PSC Out of the box users. CreateUsers: %s, FoundCreateUsers: %v, Prefix: %s",
defCreateUsers, foundCreateUsers, defPrefix)

// Register all VIC components with PSC
cmdName := "/usr/bin/java"
for _, client := range []string{"harbor", "engine", "admiral"} {
Expand All @@ -83,6 +91,18 @@ func registerWithPSC(ctx context.Context) error {
"--configDir=" + pscConfDir,
}

if client == "admiral" && foundCreateUsers && strings.ToLower(defCreateUsers) == "true" {
if foundPrefix && defPrefix != "" {
arg := "--defaultUserPrefix=" + defPrefix
cmdArgs = append(cmdArgs, arg)
}

if foundPassword && defPrefix != "" && defPassword != "" {
arg := "--defaultUserPassword=" + defPassword
cmdArgs = append(cmdArgs, arg)
}
}

// #nosec: Subprocess launching with variable.
// This runs the PSC tool's register command.
cmd := exec.Command(cmdName, cmdArgs...)
Expand Down
10 changes: 10 additions & 0 deletions installer/packer/packer-vic.json
Original file line number Diff line number Diff line change
Expand Up @@ -287,6 +287,11 @@
"source": "scripts/systemd/admiral/admiral.service",
"destination": "/usr/lib/systemd/system/admiral.service"
},
{
"type": "file",
"source": "scripts/systemd/admiral/admiral_default_users.service",
"destination": "/usr/lib/systemd/system/admiral_default_users.service"
},
{
"type": "file",
"source": "scripts/admiral/configure_admiral.sh",
Expand All @@ -297,6 +302,11 @@
"source": "scripts/admiral/start_admiral.sh",
"destination": "/etc/vmware/admiral/start_admiral.sh"
},
{
"type": "file",
"source": "scripts/admiral/add_default_users.sh",
"destination": "/etc/vmware/admiral/add_default_users.sh"
},
{
"type": "file",
"source": "scripts/systemd/psc/get_token.service",
Expand Down
151 changes: 151 additions & 0 deletions installer/packer/scripts/admiral/add_default_users.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,151 @@
#!/usr/bin/bash
# Copyright 2017 VMware, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -uf -o pipefail

# Populated by configure_admiral.sh
ADMIRAL_EXPOSED_PORT=""
ADMIRAL_DATA_LOCATION=""
OVA_VM_IP=""

# Add default users
# Usage: get_property FILE KEY
function get_property
{
grep "^$2=" "$1" | cut -d'=' -f2
}

create_def_users=$(ovfenv -k default_users.create_def_users)
user_prefix=$(ovfenv -k default_users.def_user_prefix)
user_password=$(ovfenv -k default_users.def_user_password)

echo "add_default_users: $create_def_users, $user_prefix"

if [ ${create_def_users} != "True" ] || [ -z ${user_prefix} ] || [ -z ${user_password} ]; then
echo "add_default_users, not creating default users"
exit 0
fi

psc_prop_file=${ADMIRAL_DATA_LOCATION}/configs/psc-config.properties
token_file=/etc/vmware/psc/admiral/tokens.properties

echo "add_default_users wating for token"
token_tries=0
while true ; do
if [ -f $token_file ]; then
break;
fi
((token_tries++))
sleep 1
if [ ${token_tries} -eq 60 ]; then
echo "add_default_users, admiral start up failed, no tokens after one minute"
exit -1
fi
done

token=`cat $token_file`

echo "add_default_users loaded token"

tenant=`get_property $psc_prop_file "tenant"`
defuser_prefix=`get_property $psc_prop_file "default-user-prefix"`
admiral_url=`get_property $psc_prop_file admiral-url`
# remove backslashes
admiral_url=`echo $admiral_url | sed 's/\\\//g'`

cloud_admin_name=$defuser_prefix
cloud_admin_name+="-cloud-admin"
cloud_admin_name+="@"
cloud_admin_name+=$tenant

# Wait for admiral to come up, max 1 minute
check_admiral_url=$admiral_url
check_admiral_url+="/projects"

echo "add_default_user wating for ping"
current_tries=0
while true ; do
http_code=`curl -s -o /dev/null \
-w "%{http_code}" \
-H 'cache-control: no-cache' \
-H "x-xenon-auth-token: $token" \
--insecure \
--max-time 2 \
${check_admiral_url}`

echo "add_default_users ping result: ${http_code}"

if [ ${http_code} -eq "200" ]; then
break;
fi

echo "add_default_users ping failed"

sleep 1
((current_tries++))
if [ ${current_tries} -eq 30 ]; then
echo "add_default_users Admiral startup failed, no ping after one minute"
exit -1
fi
done

echo "add_default_users successful ping"

add_cloud_admin_url=$admiral_url
add_cloud_admin_url+="/auth/idm/principals/"
add_cloud_admin_url+=$cloud_admin_name
add_cloud_admin_url+="/roles"

echo $add_cloud_admin_url

curl -X PATCH \
-s \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-H "x-xenon-auth-token: $token" \
-d '{ "add":["CLOUD_ADMIN"] }' \
--insecure \
$add_cloud_admin_url

echo
echo "add_default_users added cloud-admin"

add_users_to_project_url=$admiral_url
add_users_to_project_url+="/projects/default-project"

echo $add_users_to_project_url

project_admin_name=$defuser_prefix
project_admin_name+="-project-admin"
project_admin_name+="@"
project_admin_name+=$tenant

project_dev_name=$defuser_prefix
project_dev_name+="-developer"
project_dev_name+="@"
project_dev_name+=$tenant

curl -X PATCH \
-s \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-H "x-xenon-auth-token: $token" \
-d "{ \"administrators\": { \"add\" : [\"$project_admin_name\"] }, \"members\": { \"add\" : [\"$project_dev_name\"] } }" \
--insecure \
$add_users_to_project_url

echo
echo "add_default_users added project-admin"

echo
24 changes: 15 additions & 9 deletions installer/packer/scripts/admiral/configure_admiral.sh
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ keytool="/usr/bin/keytool"
cert_dir="${data_dir}/cert"
flag="${data_dir}/cert_gen_type"
admiral_start_script="${conf_dir}/start_admiral.sh"
admiral_add_default_users_script=${conf_dir}/add_default_users.sh

ca_download_dir="${data_dir}/ca_download"
mkdir -p "${cert_dir}"
Expand All @@ -40,14 +41,15 @@ ca_cert="${cert_dir}/ca.crt"
ca_key="${cert_dir}/ca.key"
ext="${cert_dir}/extfile.cnf"

# Configure attr in start_admiral.sh
function configureAdmiralStart {
cfg_key=$1
cfg_value=$2
#Configure attr in script
function configureScript {
script_name=$1
cfg_key=$2
cfg_value=$3

if [ -n "$cfg_key" ]; then
cfg_value=$(echo "$cfg_value" | sed -r -e 's%[\/&%]%\\&%g')
sed -i -r "s%#?$cfg_key\s*=\s*.*%$cfg_key=$cfg_value%" $admiral_start_script
sed -i -r "s%#?$cfg_key\s*=\s*.*%$cfg_key=$cfg_value%" $script_name
fi
}

Expand Down Expand Up @@ -164,7 +166,7 @@ ip_address=$(ip addr show dev eth0 | sed -nr 's/.*inet ([^ ]+)\/.*/\1/p')
detectHostname
if [[ x$hostname != "x" ]]; then
echo "Hostname: ${hostname}"
configureAdmiralStart "hostname" ${hostname}
configureScript $admiral_start_script "hostname" ${hostname}
else
echo "Hostname is null, set it to IP"
hostname=${ip_address}
Expand All @@ -176,9 +178,13 @@ $script_dir/set_guestinfo.sh admiral.endpoint https://"$ip_address":"$ADMIRAL_PO
# Init certs
secure

configureAdmiralStart ADMIRAL_DATA_LOCATION $data_dir
configureAdmiralStart ADMIRAL_EXPOSED_PORT "$ADMIRAL_PORT"
configureAdmiralStart OVA_VM_IP "$ip_address"
configureScript $admiral_start_script ADMIRAL_DATA_LOCATION $data_dir
configureScript $admiral_start_script ADMIRAL_EXPOSED_PORT "$ADMIRAL_PORT"
configureScript $admiral_start_script OVA_VM_IP "$ip_address"

configureScript $admiral_add_default_users_script ADMIRAL_DATA_LOCATION $data_dir
configureScript $admiral_add_default_users_script ADMIRAL_EXPOSED_PORT "$ADMIRAL_PORT"
configureScript $admiral_add_default_users_script OVA_VM_IP "$ip_address"

iptables -w -A INPUT -j ACCEPT -p tcp --dport "$ADMIRAL_PORT"

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
[Unit]
Description=Admiral Default Users
Documentation=http://github.com/vmware/admiral
After=admiral.service get_token.service
Requires=iptables.service data.mount

[Service]
Type=oneshot
ExecStart=/usr/bin/bash /etc/vmware/admiral/add_default_users.sh

[Install]
WantedBy=multi-user.target
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ Type=oneshot
ExecStart=/usr/bin/bash /etc/vmware/admiral/configure_admiral.sh
ExecStartPost=/usr/bin/systemctl start admiral.service
ExecStartPost=/usr/bin/systemctl start get_token.service
ExecStartPost=/usr/bin/systemctl start admiral_default_users.service

[Install]
WantedBy=multi-user.target
16 changes: 16 additions & 0 deletions installer/packer/vic-unified.ovf
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,22 @@ EVALUATION LICENSE. If You are licensing the Software for evaluation purposes, Y
<Description>Specifies the port on which fileserver will be published.</Description>
</Property>
</ProductSection>
<ProductSection ovf:class="default_users" ovf:required="false">
<Info>Out-of-the-box VIC users</Info>
<Category>7. Out-of-the box-users configuration</Category>
<Property ovf:key="create_def_users" ovf:type="boolean" ovf:userConfigurable="true" ovf:value="true">
<Label>7.1. Create out-of-the-box-users</Label>
<Description>Uncheck to skip creation of out-of-the-box users.</Description>
</Property>
<Property ovf:key="def_user_prefix" ovf:qualifiers="MinLen(0),MaxLen(64)" ovf:type="string" ovf:userConfigurable="true" ovf:value="vicdef">
<Label>7.2. Out-of-the-box users prefix</Label>
<Description>Prefix to be used to create out-of-the-box VIC users.</Description>
</Property>
<Property ovf:key="def_user_password" ovf:password="true" ovf:qualifiers="MinLen(0),MaxLen(128)" ovf:type="string" ovf:userConfigurable="true" ovf:value="VicPro!23">
<Label>7.3. Out-of-the-box users password</Label>
<Description>Password to be used to create out-of-the-box VIC users. The password must follow the rules set for vSphere.</Description>
</Property>
</ProductSection>
<ProductSection ovf:class="vm" ovf:required="false">
<Info>VM specific properties</Info>
<Property ovf:key="vmname" ovf:type="string" ovf:value="vic"/>
Expand Down

0 comments on commit 5f66cda

Please sign in to comment.