Accueil Explorer Aide
S'inscrire Connexion
shixiong
/
okd
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

removed gce.ini and instead added instructions for setting up secrets.py

Thomas Wiest il y a 10 ans
Parent
e1f362d247
commit
4d828882e6
3 fichiers modifiés avec 22 ajouts et 53 suppressions
Vue unifiée Afficher les stats Diff
  1. 1 0
      .gitignore
  2. 21 6
      README_GCE.md
  3. 0 47
      inventory/gce/gce.ini

+ 1 - 0
.gitignore
Voir le fichier 

@@ -13,3 +13,4 @@
 
 .sass-cache
 
 .sass-cache
 
 .rvmrc
 
 .rvmrc
 
 .DS_Store
 
 .DS_Store
 
+secrets.py

+ 21 - 6
README_GCE.md
Voir le fichier 

@@ -11,7 +11,8 @@ Note: If your GCE project does not show a Service Account under <Project>/APIs &
 
 
 
 Convert a GCE service key into a pem (for ansible)
 
 Convert a GCE service key into a pem (for ansible)
 
 --------------------------------------------------
 
 --------------------------------------------------
 
-1. The gce service key looks something like this: os302gce-ef83bd90f261.p12
 
+1. mkdir -p ~/.gce
 
+1. The gce service key looks something like this: projectname-ef83bd90f261.p12
 
 .. the ef83bd90f261 part is the public hash
 
 .. the ef83bd90f261 part is the public hash
 
 1. Be in the same directory as the p12 key file.
 
 1. Be in the same directory as the p12 key file.
 
 1. The commands below should be copy / paste-able
 
 1. The commands below should be copy / paste-able
 
@@ -21,18 +22,32 @@ Convert a GCE service key into a pem (for ansible)
 
    export GCE_KEY_HASH=ef83bd90f261
 
    export GCE_KEY_HASH=ef83bd90f261
 
 
 
    # Convert the service key (note: 'notasecret' is literally what we want here)
 
    # Convert the service key (note: 'notasecret' is literally what we want here)
 
-   openssl pkcs12 -in os302gce-${GCE_KEY_HASH}.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out os302gce-${GCE_KEY_HASH}.pem
 
+   openssl pkcs12 -in projectname-${GCE_KEY_HASH}.p12 -passin pass:notasecret -nodes -nocerts | openssl rsa -out projectname-${GCE_KEY_HASH}.pem
 
 
 
-   # Move the converted service key to the .ssh dir
 
-   mv os302gce-${GCE_KEY_HASH}.pem ~/.ssh
 
+   # Move the converted service key to the .gce dir
 
+   mv projectname-${GCE_KEY_HASH}.pem ~/.gce
 
 
 
    # Set a sym link so it is easy to reference
 
    # Set a sym link so it is easy to reference
 
-   ln -s ~/.ssh/os302gce-${GCE_KEY_HASH}.pem ~/.ssh/os302gce_priv_key.pem
 
+   ln -s ~/.gce/projectname-${GCE_KEY_HASH}.pem ~/.gce/projectname_priv_key.pem
 
 ```
 
 ```
 
 
 
-1. Once this is done, put the original service key file (os302gce-ef83bd90f261.p12) somewhere safe, or delete it (your call, I don not know what else we will use it for, and we can always regen it if needed).
 
+1. Once this is done, put the original service key file (projectname-ef83bd90f261.p12) somewhere safe, or delete it (your call, I don not know what else we will use it for, and we can always regen it if needed).
 
 
 
 
 
+Create a secrets.py file for GCE
 
+--------------------------------
 
+1. vi ~/.gce/secrets.py
 
+1. make the contents look like this:
 
+```
 
+  GCE_PARAMS = ('long...@developer.gserviceaccount.com', '/full/path/to/projectname_priv_key.pem')
 
+  GCE_KEYWORD_PARAMS = {'project': 'my_project_id'}
 
+```
 
+1. Setup a sym link so that gce.py will pick it up (must be in same dir as gce.py)
 
+```
 
+  cd openshift-online-ansible/inventory/gce
 
+  ln -s ~/.gce/secrets.py secrets.py
 
+```
 
+
 
 
 
 Install Dependencies
 
 Install Dependencies
 
 --------------------
 
 --------------------

+ 0 - 47
inventory/gce/gce.ini
Voir le fichier 

@@ -1,47 +0,0 @@
 
-#!/usr/bin/python
 
-# Copyright 2013 Google Inc.
 
-#
 
-# This file is part of Ansible
 
-#
 
-# Ansible is free software: you can redistribute it and/or modify
 
-# it under the terms of the GNU General Public License as published by
 
-# the Free Software Foundation, either version 3 of the License, or
 
-# (at your option) any later version.
 
-#
 
-# Ansible is distributed in the hope that it will be useful,
 
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
 
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
-# GNU General Public License for more details.
 
-#
 
-# You should have received a copy of the GNU General Public License
 
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
 
-
 
-# The GCE inventory script has the following dependencies:
 
-#   1. A valid Google Cloud Platform account with Google Compute Engine
 
-#      enabled.  See https://cloud.google.com
 
-#   2. An OAuth2 Service Account flow should be enabled.  This will generate
 
-#      a private key file that the inventory script will use for API request
 
-#      authorization.  See https://developers.google.com/accounts/docs/OAuth2
 
-#   3. Convert the private key from PKCS12 to PEM format
 
-#      $ openssl pkcs12 -in pkey.pkcs12 -passin pass:notasecret \
 
-#      > -nodes -nocerts | openssl rsa -out pkey.pem
 
-#   4. The libcloud (>=0.13.3) python libray.  See http://libcloud.apache.org
 
-#
 
-# (See ansible/test/gce_tests.py comments for full install instructions)
 
-#
 
-# Author: Eric Johnson <erjohnso@google.com>
 
-
 
-[gce]
 
-# GCE Service Account configuration information can be stored in the
 
-# libcloud 'secrets.py' file.  Ideally, the 'secrets.py' file will already
 
-# exist in your PYTHONPATH and be picked up automatically with an import
 
-# statement in the inventory script.  However, you can specify an absolute
 
-# path to the secrets.py file with 'libcloud_secrets' parameter.
 
-libcloud_secrets = 
-
 
-# If you are not going to use a 'secrets.py' file, you can set the necessary
 
-# authorization parameters here.
 
-gce_service_account_email_address = 198287808360-f457cs26hutqeosmlje1eosfeqo0krlg@developer.gserviceaccount.com
 
-gce_service_account_pem_file_path = ~/.ssh/os302gce_priv_key.pem
 
-gce_project_id = corded-cable-672
 
-