Updates for alignment with RDO Mitaka
Misc updates as a result of testing with latest OpenStack Mitaka RDO packages from IBM: - neutron.conf: disable neutron_rootwrap_daemon - non-functional. - nova.conf: set lock_path to /var/lib/nova/tmp inline with rpm packaging. - run proxy install process during config-changed, ensuring that any new compute hosts get installed and configured. - enable and start services on install, as rpm packages install disabled. - refactor use of proxy in hooks module to ensure its not created on module load, but as an when required. - change behaviour of remote-key to write key to secured local file, avoiding the need to run this charm from a local copy with the key embedded. README updated for any behavioural changes in configuration. Change-Id: I53d7331a2ddcf73bc41bc8d73be5bf165bf55a92
This commit is contained in:
parent
3f7a8fad0c
commit
69fc33656c
17
README.md
17
README.md
|
@ -25,16 +25,27 @@ advance:
|
|||
|
||||
Once you have this setup you must configure the charm as follow:
|
||||
|
||||
* Place the key to the nova-compute node in the files directory of the
|
||||
charm.
|
||||
* Apply the following charm config:
|
||||
* remote-user: username used to access and configure the power node.
|
||||
* remote-repos: Yum repository url(s) or file url(s)
|
||||
* remote-hosts: IP address of power node
|
||||
* remote-key: Private key string to use for access
|
||||
* Example:
|
||||
```
|
||||
remote-user: youruser
|
||||
remote-repos: file:///tmp/openstack-iso/openstack,file:///tmp/other-iso/repofs
|
||||
remote-key: id_dsa
|
||||
remote-key: |
|
||||
-----BEGIN DSA PRIVATE KEY-----
|
||||
MIIBugIBAAKBgQD3IG188Q07kQdbRJhlZqknNpoGDB1r9+XGq9+7nmWGKusbOn6L
|
||||
5VdyoHnx0BvgHHJmOAvJ+39sex9KvToEM0Jfav30EfffVzIrjaZZBMZkO/kWkEdd
|
||||
TJrpMoW5nqiyNQRHCJWKkTiT7hNwS7AzUFkH1cR16bkabUfNhx3nWVsfGQIVAM7l
|
||||
FlrJwujvWxOOHIRrihVmnUylAoGBAKGjWAPuj23p2II8NSTfaK/VJ9CyEF1RQ4Pv
|
||||
+wtCRRE/DoN/3jpFnQz8Yjt6dYEewdcWFDG9aJ/PLvm/qX335TSz86pfYBd2Q3dp
|
||||
9/RuaXTnLK6L/gdgkGcDXG8fy2kk0zteNjMjpzbaYpjZmIQ4lu3StUkwTm8EppZz
|
||||
b0KXUNhwAn8bSTxNIZnlfoYzzwT2XPjHMlqeFbYxJMo9Dk5+AY6+tmr4/uR5ySDD
|
||||
A+Txxh7RPhIBQwrIdGlOYOR3Mh03NcYuU+yrUsv4xLP8SeWcfiuAXFctXu0kzvPC
|
||||
uIQ1EfKCrOtbWPcbza2ipo1J8MN/vzLCu69Jdq8af0OqJFoDcY0vAhUAxh2BNdRr
|
||||
HyF1bGCP1t8JdMJVtb0=
|
||||
-----END DSA PRIVATE KEY-----
|
||||
remote-hosts: 10.10.10.10 10.10.10.11
|
||||
```
|
||||
|
|
|
@ -40,22 +40,30 @@ def copy_file_as_root(src, dest):
|
|||
|
||||
|
||||
def yum_install(packages):
|
||||
sudo('yum install --skip-broken -y %s' % ' '.join(packages))
|
||||
sudo('yum install --skip-broken -y {}'.format(' '.join(packages)))
|
||||
|
||||
|
||||
def restart_service(service):
|
||||
sudo('service %s restart' % service)
|
||||
sudo('systemctl restart {}'.format(service))
|
||||
|
||||
|
||||
def start_service(service):
|
||||
sudo('systemctl start {}'.format(service))
|
||||
|
||||
|
||||
def enable_service(service):
|
||||
sudo('systemctl enable {}'.format(service))
|
||||
|
||||
|
||||
def add_bridge(bridge_name):
|
||||
sudo('ovs-vsctl -- --may-exist add-br %s' % bridge_name)
|
||||
sudo('ovs-vsctl -- --may-exist add-br {}'.format(bridge_name))
|
||||
|
||||
|
||||
def add_bridge_port(bridge_name, port):
|
||||
sudo('ovs-vsctl -- --may-exist add-port %s %s' % (bridge_name,
|
||||
port))
|
||||
sudo('ip link set %s up' % port)
|
||||
sudo('ip link set %s promisc on' % port)
|
||||
sudo('ovs-vsctl -- --may-exist add-port {} {}'.format(bridge_name,
|
||||
port))
|
||||
sudo('ip link set {} up'.format(port))
|
||||
sudo('ip link set {} promisc on'.format(port))
|
||||
|
||||
|
||||
def enable_shell(user):
|
||||
|
@ -76,4 +84,4 @@ def fix_selinux_permission(path):
|
|||
|
||||
|
||||
def fix_local_ip(f):
|
||||
sudo('sed -i "s!LOCAL_IP!%s!g" %s' % (env.host, f))
|
||||
sudo('sed -i "s!LOCAL_IP!{}!g" {}'.format(env.host, f))
|
||||
|
|
|
@ -31,7 +31,6 @@ from charmhelpers.fetch import (
|
|||
from nova_compute_utils import (
|
||||
restart_map,
|
||||
register_configs,
|
||||
NOVA_CONF,
|
||||
assess_status,
|
||||
)
|
||||
from nova_compute_proxy import (
|
||||
|
@ -41,28 +40,34 @@ from nova_compute_proxy import (
|
|||
|
||||
hooks = Hooks()
|
||||
CONFIGS = register_configs()
|
||||
proxy = REMOTEProxy(user=config('remote-user'),
|
||||
ssh_key=config('remote-key'),
|
||||
hosts=config('remote-hosts'),
|
||||
repository=config('remote-repos'),
|
||||
password=config('remote-password'))
|
||||
|
||||
|
||||
def get_proxy():
|
||||
return REMOTEProxy(user=config('remote-user'),
|
||||
ssh_key=config('remote-key'),
|
||||
hosts=config('remote-hosts'),
|
||||
repository=config('remote-repos'),
|
||||
password=config('remote-password'))
|
||||
|
||||
|
||||
@hooks.hook('install.real')
|
||||
def install():
|
||||
apt_install(['fabric'], fatal=True)
|
||||
proxy.install()
|
||||
|
||||
|
||||
@hooks.hook('config-changed')
|
||||
@restart_on_change(restart_map(), proxy.restart_service)
|
||||
def config_changed():
|
||||
proxy = get_proxy()
|
||||
proxy.install()
|
||||
proxy.configure()
|
||||
if config('instances-path') is not None:
|
||||
proxy.fix_path_ownership(config('instances-path'), user='nova')
|
||||
|
||||
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
|
||||
CONFIGS.write_all()
|
||||
@restart_on_change(restart_map(), proxy.restart_service)
|
||||
def write_config():
|
||||
CONFIGS.write_all()
|
||||
write_config()
|
||||
|
||||
proxy.commit()
|
||||
|
||||
|
||||
|
@ -73,63 +78,31 @@ def amqp_joined(relation_id=None):
|
|||
vhost=config('rabbit-vhost'))
|
||||
|
||||
|
||||
@hooks.hook('amqp-relation-changed')
|
||||
@hooks.hook('amqp-relation-departed')
|
||||
@restart_on_change(restart_map(), proxy.restart_service)
|
||||
def amqp_changed():
|
||||
if 'amqp' not in CONFIGS.complete_contexts():
|
||||
log('amqp relation incomplete. Peer not ready?')
|
||||
return
|
||||
CONFIGS.write_all()
|
||||
proxy.commit()
|
||||
|
||||
|
||||
@hooks.hook('image-service-relation-changed')
|
||||
@restart_on_change(restart_map(), proxy.restart_service)
|
||||
def image_service_changed():
|
||||
if 'image-service' not in CONFIGS.complete_contexts():
|
||||
log('image-service relation incomplete. Peer not ready?')
|
||||
return
|
||||
CONFIGS.write(NOVA_CONF)
|
||||
proxy.commit()
|
||||
|
||||
|
||||
@hooks.hook('cloud-compute-relation-joined')
|
||||
def compute_joined(rid=None):
|
||||
pass
|
||||
|
||||
|
||||
@hooks.hook('cloud-compute-relation-changed',
|
||||
'neutron-plugin-api-relation-changed')
|
||||
@restart_on_change(restart_map(), proxy.restart_service)
|
||||
def compute_changed():
|
||||
CONFIGS.write_all()
|
||||
proxy.commit()
|
||||
|
||||
|
||||
@hooks.hook('amqp-relation-broken',
|
||||
'image-service-relation-broken',
|
||||
'neutron-plugin-api-relation-broken')
|
||||
@restart_on_change(restart_map(), proxy.restart_service)
|
||||
'neutron-plugin-api-relation-broken',
|
||||
'nova-ceilometer-relation-changed',
|
||||
'cloud-compute-relation-changed',
|
||||
'neutron-plugin-api-relation-changed',
|
||||
'image-service-relation-changed',
|
||||
'amqp-relation-changed',
|
||||
'amqp-relation-departed')
|
||||
def relation_broken():
|
||||
CONFIGS.write_all()
|
||||
proxy = get_proxy()
|
||||
|
||||
@restart_on_change(restart_map(), proxy.restart_service)
|
||||
def write_config():
|
||||
CONFIGS.write_all()
|
||||
write_config()
|
||||
proxy.commit()
|
||||
|
||||
|
||||
@hooks.hook('upgrade-charm')
|
||||
def upgrade_charm():
|
||||
proxy.install()
|
||||
for r_id in relation_ids('amqp'):
|
||||
amqp_joined(relation_id=r_id)
|
||||
|
||||
|
||||
@hooks.hook('nova-ceilometer-relation-changed')
|
||||
@restart_on_change(restart_map(), proxy.restart_service)
|
||||
def nova_ceilometer_relation_changed():
|
||||
CONFIGS.write_all()
|
||||
proxy.commit()
|
||||
|
||||
|
||||
@hooks.hook('update-status')
|
||||
def update_status():
|
||||
log('Updating status.')
|
||||
|
|
|
@ -17,12 +17,14 @@ import tempfile
|
|||
from collections import OrderedDict
|
||||
|
||||
from charmhelpers.core.hookenv import (
|
||||
charm_dir,
|
||||
log,
|
||||
config,
|
||||
service_name
|
||||
)
|
||||
from charmhelpers.core.host import (
|
||||
file_hash
|
||||
file_hash,
|
||||
mkdir,
|
||||
write_file,
|
||||
)
|
||||
from charmhelpers.fetch import (
|
||||
apt_install,
|
||||
|
@ -33,6 +35,8 @@ from fabfile import (
|
|||
copy_file_as_root,
|
||||
yum_install,
|
||||
restart_service,
|
||||
start_service,
|
||||
enable_service,
|
||||
enable_shell,
|
||||
disable_shell,
|
||||
fix_path_ownership,
|
||||
|
@ -61,6 +65,10 @@ PACKAGES = ['openstack-nova-compute',
|
|||
'openstack-neutron-openvswitch',
|
||||
'python-neutronclient']
|
||||
|
||||
SERVICES = ['openstack-nova-compute',
|
||||
'neutron-openvswitch-agent',
|
||||
'openvswitch']
|
||||
|
||||
CONFIG_FILES = [
|
||||
'/etc/neutron/neutron.conf',
|
||||
'/etc/neutron/plugins/ml2/openvswitch_agent.ini',
|
||||
|
@ -84,7 +92,13 @@ class REMOTEProxy():
|
|||
self._init_fabric()
|
||||
|
||||
def _write_key(self):
|
||||
return os.path.join(charm_dir(), 'files', self.ssh_key)
|
||||
key_path = os.path.join('/var/lib/charm',
|
||||
service_name(),
|
||||
'ssh_key')
|
||||
mkdir(os.path.dirname(key_path))
|
||||
write_file(key_path, self.ssh_key,
|
||||
perms=0o400)
|
||||
return key_path
|
||||
|
||||
def _init_fabric(self):
|
||||
env.warn_only = True
|
||||
|
@ -98,6 +112,7 @@ class REMOTEProxy():
|
|||
def install(self):
|
||||
self._setup_yum()
|
||||
self._install_packages()
|
||||
self._enable_services()
|
||||
|
||||
def _setup_yum(self):
|
||||
log('Setup yum')
|
||||
|
@ -116,6 +131,11 @@ class REMOTEProxy():
|
|||
def _install_packages(self):
|
||||
execute(yum_install, PACKAGES)
|
||||
|
||||
def _enable_services(self):
|
||||
for service in SERVICES:
|
||||
execute(enable_service, service)
|
||||
execute(start_service, service)
|
||||
|
||||
def configure(self):
|
||||
self.add_bridges()
|
||||
|
||||
|
|
|
@ -27,6 +27,10 @@ notification_topics = notifications
|
|||
|
||||
[AGENT]
|
||||
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
|
||||
# NOTE(jamespage): unset daemon helper as this is not functional
|
||||
# neutron will fallback to single commands using
|
||||
# root_helper above.
|
||||
root_helper_daemon =
|
||||
|
||||
[keystone_authtoken]
|
||||
signing_dir = /var/lib/neutron/keystone-signing
|
||||
|
|
|
@ -149,7 +149,7 @@ allow_live_migration = True
|
|||
{% include "parts/section-cinder" %}
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path=/var/lock/nova
|
||||
lock_path = /var/lib/nova/tmp
|
||||
|
||||
[workarounds]
|
||||
disable_libvirt_livesnapshot = False
|
||||
|
|
|
@ -123,6 +123,9 @@ class NovaBasicDeployment(OpenStackAmuletDeployment):
|
|||
if not os.path.exists(key_file_path):
|
||||
raise
|
||||
|
||||
with open('files/id_rsa_tmp', 'r') as key_file:
|
||||
self.ssh_key = key_file.read()
|
||||
|
||||
# Copy new local test pub key into remote-compute and
|
||||
# add it to the authorized_hosts.
|
||||
u.log.debug('Copying pub key into simulated remote-compute host')
|
||||
|
@ -206,7 +209,7 @@ class NovaBasicDeployment(OpenStackAmuletDeployment):
|
|||
nova_config = {
|
||||
'remote-user': 'ubuntu',
|
||||
'remote-repos': "file:///mnt/osmitakacomp,file:///mnt/osprereqs",
|
||||
'remote-key': 'id_rsa_tmp',
|
||||
'remote-key': self.ssh_key,
|
||||
'remote-hosts': str(self.compute_addr),
|
||||
}
|
||||
nova_cc_config = {}
|
||||
|
@ -393,7 +396,7 @@ class NovaBasicDeployment(OpenStackAmuletDeployment):
|
|||
'my_ip': 'LOCAL_IP',
|
||||
},
|
||||
'oslo_concurrency': {
|
||||
'lock_path': '/var/lock/nova'
|
||||
'lock_path': '/var/lib/nova/tmp'
|
||||
},
|
||||
'oslo_messaging_rabbit': {
|
||||
'rabbit_userid': 'nova',
|
||||
|
|
Loading…
Reference in New Issue