From 4d828882e623c36d498a88b8f632c0de2db553a3 Mon Sep 17 00:00:00 2001 From: Thomas Wiest Date: Wed, 29 Oct 2014 15:06:30 -0400 Subject: removed gce.ini and instead added instructions for setting up secrets.py --- .gitignore | 1 + README_GCE.md | 27 +++++++++++++++++++++------ inventory/gce/gce.ini | 47 ----------------------------------------------- 3 files changed, 22 insertions(+), 53 deletions(-) delete mode 100644 inventory/gce/gce.ini diff --git a/.gitignore b/.gitignore index 9dcdf22c4..d94cd3718 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ .sass-cache .rvmrc .DS_Store +secrets.py diff --git a/README_GCE.md b/README_GCE.md index 343d3aedd..bac3f58b5 100644 --- a/README_GCE.md +++ b/README_GCE.md @@ -11,7 +11,8 @@ Note: If your GCE project does not show a Service Account under /APIs & Convert a GCE service key into a pem (for ansible) -------------------------------------------------- -1. The gce service key looks something like this: os302gce-ef83bd90f261.p12 +1. mkdir -p ~/.gce +1. The gce service key looks something like this: projectname-ef83bd90f261.p12 .. the ef83bd90f261 part is the public hash 1. Be in the same directory as the p12 key file. 1. The commands below should be copy / paste-able @@ -21,18 +22,32 @@ Convert a GCE service key into a pem (for ansible) export GCE_KEY_HASH=ef83bd90f261 # Convert the service key (note: 'notasecret' is literally what we want here) - openssl pkcs12 -in os302gce-${GCE_KEY_HASH}.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out os302gce-${GCE_KEY_HASH}.pem + openssl pkcs12 -in projectname-${GCE_KEY_HASH}.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out projectname-${GCE_KEY_HASH}.pem - # Move the converted service key to the .ssh dir - mv os302gce-${GCE_KEY_HASH}.pem ~/.ssh + # Move the converted service key to the .gce dir + mv projectname-${GCE_KEY_HASH}.pem ~/.gce # Set a sym link so it is easy to reference - ln -s ~/.ssh/os302gce-${GCE_KEY_HASH}.pem ~/.ssh/os302gce_priv_key.pem + ln -s ~/.gce/projectname-${GCE_KEY_HASH}.pem ~/.gce/projectname_priv_key.pem ``` -1. Once this is done, put the original service key file (os302gce-ef83bd90f261.p12) somewhere safe, or delete it (your call, I don not know what else we will use it for, and we can always regen it if needed). +1. Once this is done, put the original service key file (projectname-ef83bd90f261.p12) somewhere safe, or delete it (your call, I don not know what else we will use it for, and we can always regen it if needed). +Create a secrets.py file for GCE +-------------------------------- +1. vi ~/.gce/secrets.py +1. make the contents look like this: +``` + GCE_PARAMS = ('long...@developer.gserviceaccount.com', '/full/path/to/projectname_priv_key.pem') + GCE_KEYWORD_PARAMS = {'project': 'my_project_id'} +``` +1. Setup a sym link so that gce.py will pick it up (must be in same dir as gce.py) +``` + cd openshift-online-ansible/inventory/gce + ln -s ~/.gce/secrets.py secrets.py +``` + Install Dependencies -------------------- diff --git a/inventory/gce/gce.ini b/inventory/gce/gce.ini deleted file mode 100644 index 3d6403c20..000000000 --- a/inventory/gce/gce.ini +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/python -# Copyright 2013 Google Inc. -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . - -# The GCE inventory script has the following dependencies: -# 1. A valid Google Cloud Platform account with Google Compute Engine -# enabled. See https://cloud.google.com -# 2. An OAuth2 Service Account flow should be enabled. This will generate -# a private key file that the inventory script will use for API request -# authorization. See https://developers.google.com/accounts/docs/OAuth2 -# 3. Convert the private key from PKCS12 to PEM format -# $ openssl pkcs12 -in pkey.pkcs12 -passin pass:notasecret \ -# > -nodes -nocerts | openssl rsa -out pkey.pem -# 4. The libcloud (>=0.13.3) python libray. See http://libcloud.apache.org -# -# (See ansible/test/gce_tests.py comments for full install instructions) -# -# Author: Eric Johnson - -[gce] -# GCE Service Account configuration information can be stored in the -# libcloud 'secrets.py' file. Ideally, the 'secrets.py' file will already -# exist in your PYTHONPATH and be picked up automatically with an import -# statement in the inventory script. However, you can specify an absolute -# path to the secrets.py file with 'libcloud_secrets' parameter. -libcloud_secrets = - -# If you are not going to use a 'secrets.py' file, you can set the necessary -# authorization parameters here. -gce_service_account_email_address = 198287808360-f457cs26hutqeosmlje1eosfeqo0krlg@developer.gserviceaccount.com -gce_service_account_pem_file_path = ~/.ssh/os302gce_priv_key.pem -gce_project_id = corded-cable-672 - -- cgit v1.2.3