summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Wiest <twiest@redhat.com>2014-10-29 15:06:30 -0400
committerThomas Wiest <twiest@redhat.com>2014-10-29 15:06:30 -0400
commit4d828882e623c36d498a88b8f632c0de2db553a3 (patch)
treeb6ce2a7743c90217949a315c4b9500b809240308
parente1f362d24763a28c383468248517e4dbb5036de4 (diff)
downloadopenshift-4d828882e623c36d498a88b8f632c0de2db553a3.tar.gz
openshift-4d828882e623c36d498a88b8f632c0de2db553a3.tar.bz2
openshift-4d828882e623c36d498a88b8f632c0de2db553a3.tar.xz
openshift-4d828882e623c36d498a88b8f632c0de2db553a3.zip
removed gce.ini and instead added instructions for setting up secrets.py
-rw-r--r--.gitignore1
-rw-r--r--README_GCE.md27
-rw-r--r--inventory/gce/gce.ini47
3 files changed, 22 insertions, 53 deletions
diff --git a/.gitignore b/.gitignore
index 9dcdf22c4..d94cd3718 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,4 @@
.sass-cache
.rvmrc
.DS_Store
+secrets.py
diff --git a/README_GCE.md b/README_GCE.md
index 343d3aedd..bac3f58b5 100644
--- a/README_GCE.md
+++ b/README_GCE.md
@@ -11,7 +11,8 @@ Note: If your GCE project does not show a Service Account under <Project>/APIs &
Convert a GCE service key into a pem (for ansible)
--------------------------------------------------
-1. The gce service key looks something like this: os302gce-ef83bd90f261.p12
+1. mkdir -p ~/.gce
+1. The gce service key looks something like this: projectname-ef83bd90f261.p12
.. the ef83bd90f261 part is the public hash
1. Be in the same directory as the p12 key file.
1. The commands below should be copy / paste-able
@@ -21,18 +22,32 @@ Convert a GCE service key into a pem (for ansible)
export GCE_KEY_HASH=ef83bd90f261
# Convert the service key (note: 'notasecret' is literally what we want here)
- openssl pkcs12 -in os302gce-${GCE_KEY_HASH}.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out os302gce-${GCE_KEY_HASH}.pem
+ openssl pkcs12 -in projectname-${GCE_KEY_HASH}.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out projectname-${GCE_KEY_HASH}.pem
- # Move the converted service key to the .ssh dir
- mv os302gce-${GCE_KEY_HASH}.pem ~/.ssh
+ # Move the converted service key to the .gce dir
+ mv projectname-${GCE_KEY_HASH}.pem ~/.gce
# Set a sym link so it is easy to reference
- ln -s ~/.ssh/os302gce-${GCE_KEY_HASH}.pem ~/.ssh/os302gce_priv_key.pem
+ ln -s ~/.gce/projectname-${GCE_KEY_HASH}.pem ~/.gce/projectname_priv_key.pem
```
-1. Once this is done, put the original service key file (os302gce-ef83bd90f261.p12) somewhere safe, or delete it (your call, I don not know what else we will use it for, and we can always regen it if needed).
+1. Once this is done, put the original service key file (projectname-ef83bd90f261.p12) somewhere safe, or delete it (your call, I don not know what else we will use it for, and we can always regen it if needed).
+Create a secrets.py file for GCE
+--------------------------------
+1. vi ~/.gce/secrets.py
+1. make the contents look like this:
+```
+ GCE_PARAMS = ('long...@developer.gserviceaccount.com', '/full/path/to/projectname_priv_key.pem')
+ GCE_KEYWORD_PARAMS = {'project': 'my_project_id'}
+```
+1. Setup a sym link so that gce.py will pick it up (must be in same dir as gce.py)
+```
+ cd openshift-online-ansible/inventory/gce
+ ln -s ~/.gce/secrets.py secrets.py
+```
+
Install Dependencies
--------------------
diff --git a/inventory/gce/gce.ini b/inventory/gce/gce.ini
deleted file mode 100644
index 3d6403c20..000000000
--- a/inventory/gce/gce.ini
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/bin/python
-# Copyright 2013 Google Inc.
-#
-# This file is part of Ansible
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
-
-# The GCE inventory script has the following dependencies:
-# 1. A valid Google Cloud Platform account with Google Compute Engine
-# enabled. See https://cloud.google.com
-# 2. An OAuth2 Service Account flow should be enabled. This will generate
-# a private key file that the inventory script will use for API request
-# authorization. See https://developers.google.com/accounts/docs/OAuth2
-# 3. Convert the private key from PKCS12 to PEM format
-# $ openssl pkcs12 -in pkey.pkcs12 -passin pass:notasecret \
-# > -nodes -nocerts | openssl rsa -out pkey.pem
-# 4. The libcloud (>=0.13.3) python libray. See http://libcloud.apache.org
-#
-# (See ansible/test/gce_tests.py comments for full install instructions)
-#
-# Author: Eric Johnson <erjohnso@google.com>
-
-[gce]
-# GCE Service Account configuration information can be stored in the
-# libcloud 'secrets.py' file. Ideally, the 'secrets.py' file will already
-# exist in your PYTHONPATH and be picked up automatically with an import
-# statement in the inventory script. However, you can specify an absolute
-# path to the secrets.py file with 'libcloud_secrets' parameter.
-libcloud_secrets =
-
-# If you are not going to use a 'secrets.py' file, you can set the necessary
-# authorization parameters here.
-gce_service_account_email_address = 198287808360-f457cs26hutqeosmlje1eosfeqo0krlg@developer.gserviceaccount.com
-gce_service_account_pem_file_path = ~/.ssh/os302gce_priv_key.pem
-gce_project_id = corded-cable-672
-