renamed openstack to nova

README.rdoc

@@ -0,0 +1,8 @@
+= DESCRIPTION:
+
+= REQUIREMENTS:
+
+= ATTRIBUTES: 
+
+= USAGE:
+

attributes/default.rb

@@ -0,0 +1,64 @@
+default[:mysql][:root_pass] = "secrete"
+
+default[:nova][:db] = "nova"
+default[:nova][:db_user] = "nova"
+default[:nova][:db_passwd] = "nova"
+
+default[:glance][:db] = "glance"
+default[:glance][:db_user] = "glance"
+default[:glance][:db_passwd] = "glance"
+default[:glance][:api_port] = "9292"
+default[:glance][:registry_port] = "9191"
+default[:glance][:images] = [ "tty", "natty" ]
+
+default[:keystone][:db] = "keystone"
+default[:keystone][:db_user] = "keystone"
+default[:keystone][:db_passwd] = "keystone"
+default[:keystone][:verbose] = "False"
+default[:keystone][:debug] = "False"
+default[:keystone][:service_port] = "5000"
+default[:keystone][:admin_port] = "35357"
+default[:keystone][:admin_token] = "999888777666"
+
+default[:dash][:db] = "dash"
+default[:dash][:db_user] = "dash"
+default[:dash][:db_passwd] = "dash"
+
+default[:image][:oneiric] = "http://c250663.r63.cf1.rackcdn.com/ubuntu-11.10-server-uec-amd64-multinic.tar.gz"
+default[:image][:natty] = "http://c250663.r63.cf1.rackcdn.com/ubuntu-11.04-server-uec-amd64-multinic.tar.gz"
+default[:image][:maverick] = "http://c250663.r63.cf1.rackcdn.com/ubuntu-10.10-server-uec-amd64-multinic.tar.gz"
+default[:image][:tty] = "http://smoser.brickies.net/ubuntu/ttylinux-uec/ttylinux-uec-amd64-12.1_2.6.35-22_1.tar.gz"
+
+default[:public][:label] = "public"
+default[:public][:ipv4_cidr] = "192.168.100.0/24"
+default[:public][:num_networks] = "1"
+default[:public][:network_size] = "255"
+default[:public][:bridge] = "br100"
+default[:public][:bridge_dev] = "eth2"
+default[:public][:dns1] = "8.8.8.8"
+default[:public][:dns2] = "8.8.4.4"
+
+default[:private][:label] = "private"
+default[:private][:ipv4_cidr] = "192.168.200.0/24"
+default[:private][:num_networks] = "1"
+default[:private][:network_size] = "255"
+default[:private][:bridge] = "br200"
+default[:private][:bridge_dev] = "eth3"
+
+default[:controller_ipaddress] = node[:ipaddress]
+default[:virt_type] = "kvm"
+
+default[:libvirt][:auth_tcp] = "none"
+default[:libvirt][:ssh][:private_key] = "-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDUIz3rg0afavOwNeTJL/112U/l4B08kzZVx+QcflxllpW4sn/f
+c+j+BeQ/sm2oW67vY9O/1GbN3FIN7Um3p0F9ycpfXpEiwk4UYneJtXFNhlu9rSrK
+hWsEWENoKrCFhZ4Zuu8ads0DCMkU/ErumXMvJZQpSe+8CfguYSMbXvkYhQIVAPzY
+syPKqOa3scshLqwPulZF64nZAoGABY60uqcFSJ8agPY2YZmLTsQ/OrVbUsnwT+RE
+eXjqaofUvdlK43kWGw8I1v9Brh+32mFcYu2L0izv3ZvH9wd2OEiZnHxtZEojALBd
+KMFRbC8PLC2Imz3yvNwEo+ZkgSo5LzP9nScyO/JDjbyOJAPEsCtKRxmth4XBcuY5
+lPAtTlECgYEAtFtXDovPhgvLGhFrRZjBzp3HREWW1tihsWZA4qIFib+Rd+/s3lWG
+CYiYhwoK8RM+z0TNXjBIWXpHwAqX5kFhg/xPySxWS58GePmPOXDbFEYq5FRWTx47
+sQqRmVHmlZZ9AhsRfs65g4LlgJyBlWPeZ0xsfShYHKLKg5RrOGn90egCFQCcok5v
+1TpUNWQC3NPFkwWHkp1zrg==
+-----END DSA PRIVATE KEY-----"
+default[:libvirt][:ssh][:public_key] = "ssh-dss AAAAB3NzaC1kc3MAAACBANQjPeuDRp9q87A15Mkv/XXZT+XgHTyTNlXH5Bx+XGWWlbiyf99z6P4F5D+ybahbru9j07/UZs3cUg3tSbenQX3Jyl9ekSLCThRid4m1cU2GW72tKsqFawRYQ2gqsIWFnhm67xp2zQMIyRT8Su6Zcy8llClJ77wJ+C5hIxte+RiFAAAAFQD82LMjyqjmt7HLIS6sD7pWReuJ2QAAAIAFjrS6pwVInxqA9jZhmYtOxD86tVtSyfBP5ER5eOpqh9S92UrjeRYbDwjW/0GuH7faYVxi7YvSLO/dm8f3B3Y4SJmcfG1kSiMAsF0owVFsLw8sLYibPfK83ASj5mSBKjkvM/2dJzI78kONvI4kA8SwK0pHGa2HhcFy5jmU8C1OUQAAAIEAtFtXDovPhgvLGhFrRZjBzp3HREWW1tihsWZA4qIFib+Rd+/s3lWGCYiYhwoK8RM+z0TNXjBIWXpHwAqX5kFhg/xPySxWS58GePmPOXDbFEYq5FRWTx47sQqRmVHmlZZ9AhsRfs65g4LlgJyBlWPeZ0xsfShYHKLKg5RrOGn90eg= root@example.com"

metadata.rb

@@ -0,0 +1,19 @@
+maintainer        "Rackspace Hosting, Inc."
+license           "Apache 2.0"
+description       "Installs and configures Openstack"
+long_description  IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version           "1.0.0"
+# recipe            "mysql", "Includes the client recipe to configure a client"
+# recipe            "mysql::client", "Installs packages required for mysql clients using run_action magic"
+
+%w{ ubuntu }.each do |os|
+  supports os
+end
+
+depends "apt"
+depends "openssh"
+depends "keystone"
+depends "glance"
+depends "mysql"
+depends "database"
+depends "rabbitmq"

recipes/allinone.rb

@@ -0,0 +1,23 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::apt"
+
+include_recipe "nova::controller"
+include_recipe "nova::compute"

recipes/api.rb

@@ -0,0 +1,70 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::nova-common"
+
+# Distribution specific settings go here
+if platform?(%w{fedora})
+  # Fedora
+  nova_api_package = "openstack-nova"
+  nova_api_service = "openstack-nova-api"
+  nova_api_package_options = ""
+else
+  # All Others (right now Debian and Ubuntu)
+  nova_api_package = "nova-api"
+  nova_api_service = nova_api_package
+  nova_api_package_options = "-o Dpkg::Options::='--force-confold' --force-yes"
+end
+
+directory "/var/lock/nova" do
+    owner "nova"
+    group "nova"
+    mode "0755"
+    action :create
+end
+
+package "python-keystone" do
+  action :upgrade
+end
+
+package nova_api_package do
+  action :upgrade
+  options nova_api_package_options
+end
+
+service nova_api_service do
+  supports :status => true, :restart => true
+  action :enable
+  subscribes :restart, resources(:template => "/etc/nova/nova.conf"), :delayed
+end
+
+template "/etc/nova/api-paste.ini" do
+  source "api-paste.ini.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+  variables(
+    :ip_address => node[:controller_ipaddress],
+    :component  => node[:package_component],
+    :service_port => node[:keystone][:service_port],
+    :admin_port => node[:keystone][:admin_port],
+    :admin_token => node[:keystone][:admin_token]
+  )
+  notifies :restart, resources(:service => nova_api_service), :immediately
+end

recipes/apt.rb

@@ -0,0 +1,22 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+execute "apt-get update" do
+  command "apt-get update"
+end

recipes/compute.rb

@@ -0,0 +1,57 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::nova-common"
+include_recipe "nova::api"
+include_recipe "nova::network"
+
+# package "mysql-client" do
+#	action :install
+#end
+
+# Distribution specific settings go here
+if platform?(%w{fedora})
+  # Fedora
+  nova_compute_package = "openstack-nova"
+  nova_compute_service = "openstack-nova-compute"
+  nova_compute_package_options = ""
+else
+  # All Others (right now Debian and Ubuntu)
+  nova_compute_package = "nova-compute"
+  nova_compute_service = nova_compute_package
+  nova_compute_package_options = "-o Dpkg::Options::='--force-confold' --force-yes"
+  if node[:virt_type] == "kvm"
+    nova_compute_package = "nova-compute-kvm"
+  elsif node[:virt_type] == "qemu"
+    nova_compute_package = "nova-compute-qemu"
+  end
+end
+
+package nova_compute_package do
+  action :upgrade
+  options "-o Dpkg::Options::='--force-confold' --force-yes"
+end
+
+service nova_compute_service do
+  supports :status => true, :restart => true
+  action :enable
+  subscribes :restart, resources(:template => "/etc/nova/nova.conf"), :delayed
+end
+
+include_recipe "nova::libvirt"

recipes/controller.rb

@@ -0,0 +1,35 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "mysql::server"
+include_recipe "openssh::default"
+
+include_recipe "rabbitmq::default"
+include_recipe "keystone::server"
+include_recipe "glance::registry"
+include_recipe "glance::api"
+include_recipe "nova::nova-setup"
+include_recipe "nova::scheduler"
+include_recipe "nova::api"
+
+if platform?(%w{fedora})
+  # Fedora skipping vncproxy for right now
+else
+  include_recipe "nova::vncproxy"
+end

recipes/default.rb

@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::allinone"

recipes/libvirt.rb

@@ -0,0 +1,112 @@
+#
+# Cookbook Name:: openstack
+# Recipe:: libvirt
+#
+
+# Distribution specific settings go here
+if platform?(%w{fedora})
+  # Fedora
+  libvirt_package = "libvirt"
+  libvirt_service = "libvirtd"
+  libvirt_package_options = ""
+else
+  # All Others (right now Debian and Ubuntu)
+  libvirt_package = "libvirt-bin"
+  libvirt_service = libvirt_package
+  libvirt_package_options = "-o Dpkg::Options::='--force-confold' --force-yes"
+end
+
+package libvirt_package do
+  action :install
+end
+
+if platform?(%w{fedora})
+  # oh fedora...
+  bash "create libvirtd group" do
+    cwd "/tmp"
+    user "root"
+    code <<-EOH
+        set -e
+        set -x
+        groupadd -f libvirtd
+        usermod -G libvirtd nova
+    EOH
+  end
+end
+
+service libvirt_service do
+  supports :status => true, :restart => true
+  action :enable
+end
+
+
+directory "/var/lib/nova/.ssh" do
+    owner "nova"
+    group "nova"
+    mode "0700"
+    action :create
+end
+
+template "/var/lib/nova/.ssh/id_dsa.pub" do
+    # public key
+    source "libvirtd-ssh-public-key.erb"
+    owner "nova"
+    group "nova"
+    mode "0644"
+    variables(
+      :public_key => node[:libvirt][:ssh][:public_key]
+    )
+end
+
+template "/var/lib/nova/.ssh/id_dsa" do
+    # private key
+    source "libvirtd-ssh-private-key.erb"
+    owner "nova"
+    group "nova"
+    mode "0600"
+    variables(
+      :private_key => node[:libvirt][:ssh][:private_key]
+    )
+end
+
+template "/var/lib/nova/.ssh/config" do
+    # default config
+    source "libvirtd-ssh-config"
+    owner "nova"
+    group "nova"
+    mode "0644"
+end
+
+template "/var/lib/nova/.ssh/authorized_keys" do
+    # copy of the public key
+    source "libvirtd-ssh-public-key.erb"
+    owner "nova"
+    group "nova"
+    mode "0600"
+    variables(
+      :public_key => node[:libvirt][:ssh][:public_key]
+    )
+end
+
+#
+# TODO(breu): this section needs to be rewritten to support key privisioning
+#
+template "/etc/libvirt/libvirtd.conf" do
+  source "libvirtd.conf.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+  variables(
+    :auth_tcp => node[:libvirt][:auth_tcp]
+  )
+  notifies :restart, resources(:service => libvirt_service), :immediately
+end
+
+template "/etc/default/libvirt-bin" do
+  source "libvirt-bin.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+  notifies :restart, resources(:service => libvirt_service), :immediately
+end
+

recipes/network.rb

@@ -0,0 +1,44 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::nova-common"
+
+# Distribution specific settings go here
+if platform?(%w{fedora})
+  # Fedora
+  nova_network_package = "openstack-nova"
+  nova_network_service = "openstack-nova-network"
+  nova_network_package_options = ""
+else
+  # All Others (right now Debian and Ubuntu)
+  nova_network_package = "nova-network"
+  nova_network_service = nova_network_package
+  nova_network_package_options = "-o Dpkg::Options::='--force-confold' --force-yes"
+end
+
+package nova_network_package do
+  action :upgrade
+  options nova_network_package_options
+end
+
+service nova_network_service do
+  supports :status => true, :restart => true
+  action :enable
+  subscribes :restart, resources(:template => "/etc/nova/nova.conf"), :delayed
+end

recipes/nova-common.rb

@@ -0,0 +1,69 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Distribution specific settings go here
+if platform?(%w{fedora})
+  # Fedora
+  nova_common_package = "openstack-nova"
+  nova_common_package_options = ""
+  include_recipe "selinux::disabled"
+else
+  # All Others (right now Debian and Ubuntu)
+  nova_common_package = "nova-common"
+  nova_common_package_options = "-o Dpkg::Options::='--force-confold' --force-yes"
+end
+
+package nova_common_package do
+  action :upgrade
+  options options
+end
+
+template "/etc/nova/nova.conf" do
+  source "nova.conf.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+  variables(
+    :user => node[:nova][:db_user],
+    :passwd => node[:nova][:db_passwd],
+    :ip_address => node[:controller_ipaddress],
+    :db_name => node[:nova][:db],
+    :api_port => node[:glance][:api_port],
+    :ipv4_cidr => node[:public][:ipv4_cidr],
+    :virt_type => node[:virt_type]
+  )
+end
+
+template "/root/.novarc" do
+  source "novarc.erb"
+  owner "root"
+  group "root"
+  mode "0600"
+  variables(
+    :user => 'admin',
+    :tenant => 'openstack',
+    :password => 'secrete',
+    :nova_api_ip => node[:controller_ipaddress],
+    :keystone_api_ip => node[:controller_ipaddress],
+    :keystone_service_port => node[:keystone][:service_port],
+    :nova_api_version => '1.1',
+    :keystone_region => 'RegionOne',
+    :auth_strategy => 'keystone'
+  )
+end

recipes/nova-setup.rb

@@ -0,0 +1,72 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::nova-common"
+include_recipe "mysql::client"
+
+connection_info = {:host => node[:controller_ip], :username => "root", :password => node['mysql']['server_root_password']}
+mysql_database "create nova database" do
+  connection connection_info
+  database_name node[:nova][:db]
+  action :create
+end
+
+mysql_database_user node[:nova][:db_user] do
+  connection connection_info
+  password node[:nova][:db_passwd]
+  action :create
+end
+
+mysql_database_user node[:nova][:db_user] do
+  connection connection_info
+  password node[:nova][:db_passwd]
+  database_name node[:nova][:db]
+  host '%'
+  privileges [:all]
+  action :grant
+end
+
+execute "nova-manage db sync" do
+  command "nova-manage db sync"
+  action :run
+  not_if "nova-manage db version && test $(nova-manage db version) -gt 0"
+end
+
+execute "nova-manage network create --label=public" do
+  command "nova-manage network create --multi_host='T' --label=#{node[:public][:label]} --fixed_range_v4=#{node[:public][:ipv4_cidr]} --num_networks=#{node[:public][:num_networks]} --network_size=#{node[:public][:network_size]} --bridge=#{node[:public][:bridge]} --bridge_interface=#{node[:public][:bridge_dev]} --dns1=#{node[:public][:dns1]} --dns2=#{node[:public][:dns2]}"
+  action :run
+  not_if "nova-manage network list | grep #{node[:public][:ipv4_cidr]}"
+end
+
+execute "nova-manage network create --label=private" do
+  command "nova-manage network create --multi_host='T' --label=#{node[:private][:label]} --fixed_range_v4=#{node[:private][:ipv4_cidr]} --num_networks=#{node[:private][:num_networks]} --network_size=#{node[:private][:network_size]} --bridge=#{node[:private][:bridge]} --bridge_interface=#{node[:private][:bridge_dev]}"
+  action :run
+  not_if "nova-manage network list | grep #{node[:private][:ipv4_cidr]}"
+end
+
+
+if node.has_key?(:floating) and node[:floating].has_key?(:ipv4_cidr)
+  execute "nova-manage floating create" do
+    command "nova-manage floating create --ip_range=#{node[:floating][:ipv4_cidr]}"
+    action :run
+    not_if "nova-manage floating list"
+  end
+end
+
+

recipes/scheduler.rb

@@ -0,0 +1,43 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::nova-common"
+
+# Distribution specific settings go here
+if platform?(%w{fedora})
+  # Fedora
+  nova_scheduler_package = "openstack-nova"
+  nova_scheduler_service = "openstack-nova-scheduler"
+  nova_scheduler_package_options = ""
+else
+  # All Others (right now Debian and Ubuntu)
+  nova_scheduler_package = "nova-scheduler"
+  nova_scheduler_service = nova_scheduler_package
+  nova_scheduler_package_options = "-o Dpkg::Options::='--force-confold' --force-yes"
+end
+
+package nova_scheduler_package do
+  action :upgrade
+end
+
+service nova_scheduler_service do
+  supports :status => true, :restart => true
+  action :enable
+  subscribes :restart, resources(:template => "/etc/nova/nova.conf"), :delayed
+end

recipes/vncproxy.rb

@@ -0,0 +1,40 @@
+#
+# Cookbook Name:: memcache
+# Recipe:: default
+#
+# Copyright 2009, Example Com
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "nova::nova-common"
+
+package "nova-novnc" do
+  action :upgrade
+end
+
+package "nova-vncproxy" do
+  action :upgrade
+end
+
+execute "Fix permission Bug" do
+  command "sed -i 's/nova$/root/g' /etc/init/nova-vncproxy.conf"
+  action :run
+  only_if "egrep 'exec.*nova$' /etc/init/nova-vncproxy.conf"
+end
+
+service "nova-vncproxy" do
+  supports :status => true, :restart => true
+  action :enable
+  subscribes :restart, resources(:template => "/etc/nova/nova.conf"), :delayed
+end

templates/default/api-paste.ini.erb

@@ -0,0 +1,165 @@
+############
+# Metadata #
+############
+[composite:metadata]
+use = egg:Paste#urlmap
+/: metaversions
+/latest: meta
+/2007-01-19: meta
+/2007-03-01: meta
+/2007-08-29: meta
+/2007-10-10: meta
+/2007-12-15: meta
+/2008-02-01: meta
+/2008-09-01: meta
+/2009-04-04: meta
+
+[pipeline:metaversions]
+pipeline = ec2faultwrap logrequest metaverapp
+
+[pipeline:meta]
+pipeline = ec2faultwrap logrequest metaapp
+
+[app:metaverapp]
+paste.app_factory = nova.api.metadata.handler:Versions.factory
+
+[app:metaapp]
+paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
+
+#######
+# EC2 #
+#######
+
+[composite:ec2]
+use = egg:Paste#urlmap
+/services/Cloud: ec2cloud
+
+[pipeline:ec2cloud]
+#pipeline = ec2faultwrap logrequest ec2noauth cloudrequest authorizer validator ec2executor
+# NOTE(vish): use the following pipeline for deprecated auth
+# pipeline = ec2faultwrap logrequest authenticate cloudrequest authorizer validator ec2executor
+# NOTE(vish): use the following pipeline for keystone auth
+pipeline = ec2faultwrap logrequest ec2keystoneauth cloudrequest authorizer validator ec2executor
+
+# pipeline = logrequest authenticate cloudrequest authorizer ec2executor
+# pipeline = logrequest ec2lockout authenticate cloudrequest authorizer ec2executor
+#pipeline = logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor
+
+[filter:ec2faultwrap]
+paste.filter_factory = nova.api.ec2:FaultWrapper.factory
+
+[filter:logrequest]
+paste.filter_factory = nova.api.ec2:RequestLogging.factory
+
+[filter:ec2lockout]
+paste.filter_factory = nova.api.ec2:Lockout.factory
+
+# Not referenced anywhere else in this file
+# [filter:totoken]
+# paste.filter_factory = keystone.middleware.ec2_token:EC2Token.factory
+
+[filter:ec2keystoneauth]
+paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory
+
+[filter:ec2noauth]
+paste.filter_factory = nova.api.ec2:NoAuth.factory
+
+[filter:authenticate]
+paste.filter_factory = nova.api.ec2:Authenticate.factory
+
+[filter:cloudrequest]
+controller = nova.api.ec2.cloud.CloudController
+paste.filter_factory = nova.api.ec2:Requestify.factory
+
+[filter:authorizer]
+paste.filter_factory = nova.api.ec2:Authorizer.factory
+
+[filter:validator]
+paste.filter_factory = nova.api.ec2:Validator.factory
+
+[app:ec2executor]
+paste.app_factory = nova.api.ec2:Executor.factory
+
+#############
+# Openstack #
+#############
+
+[composite:osapi_compute]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: oscomputeversions
+/v1.1: openstack_compute_api_v2
+/v2: openstack_compute_api_v2
+
+[composite:osapi_volume]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: osvolumeversions
+/v1: openstack_volume_api_v1
+
+[pipeline:openstack_compute_api_v2]
+#pipeline = faultwrap noauth ratelimit osapi_compute_app_v2
+# NOTE(vish): use the following pipeline for deprecated auth
+# pipeline = faultwrap auth ratelimit osapi_compute_app_v2
+# NOTE(vish): use the following pipeline for keystone auth
+pipeline = faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2
+
+[pipeline:openstack_volume_api_v1]
+#pipeline = faultwrap noauth ratelimit osapi_volume_app_v1
+# NOTE(vish): use the following pipeline for deprecated auth
+# pipeline = faultwrap auth ratelimit osapi_volume_app_v1
+# NOTE(vish): use the following pipeline for keystone auth
+pipeline = faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1
+
+[filter:faultwrap]
+paste.filter_factory = nova.api.openstack:FaultWrapper.factory
+
+[filter:auth]
+paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory
+
+[filter:noauth]
+paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
+
+[filter:ratelimit]
+paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
+
+[app:osapi_compute_app_v2]
+paste.app_factory = nova.api.openstack.compute:APIRouter.factory
+
+[pipeline:oscomputeversions]
+pipeline = faultwrap oscomputeversionapp
+
+[app:osapi_volume_app_v1]
+paste.app_factory = nova.api.openstack.volume:APIRouter.factory
+
+[app:oscomputeversionapp]
+paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
+
+[pipeline:osvolumeversions]
+pipeline = faultwrap osvolumeversionapp
+
+[app:osvolumeversionapp]
+paste.app_factory = nova.api.openstack.volume.versions:Versions.factory
+
+# [filter:extensions]
+# paste.filter_factory = nova.api.openstack.extensions:ExtensionMiddleware.factory
+
+##########
+# Shared #
+##########
+
+[filter:keystonecontext]
+<% if @component == "diablo-final" -%>
+paste.filter_factory = keystone.middleware.nova_keystone_context:NovaKeystoneContext.factory
+<% else -%>
+paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
+<% end -%>
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+service_host = <%= @ip_address %>
+service_port = <%= @service_port %>
+service_protocol = http
+auth_host = <%= @ip_address %>
+auth_port = <%= @admin_port %>
+auth_protocol = http
+auth_uri = http://<%= @ip_address %>:<%= @service_port %>/v2.0/
+admin_token = <%= @admin_token %>

templates/default/libvirt-bin.erb

@@ -0,0 +1,11 @@
+# Defaults for libvirt-bin initscript (/etc/init.d/libvirt-bin)
+# This is a POSIX shell fragment
+
+# Start libvirtd to handle qemu/kvm:
+start_libvirtd="yes"
+
+# options passed to libvirtd, add "-l" to listen on tcp
+libvirtd_opts="-d -l"
+
+# pass in location of kerberos keytab
+#export KRB5_KTNAME=/etc/libvirt/libvirt.keytab

templates/default/libvirtd-ssh-config

@@ -0,0 +1,3 @@
+Host *
+   StrictHostKeyChecking no
+   UserKnownHostsFile=/dev/null

templates/default/libvirtd-ssh-private-key.erb

@@ -0,0 +1 @@
+<%= @private_key %>

templates/default/libvirtd-ssh-public-key.erb

@@ -0,0 +1 @@
+<%= @public_key %>

templates/default/libvirtd.conf.erb

@@ -0,0 +1,393 @@
+# Master libvirt daemon configuration file
+#
+# For further information consult http://libvirt.org/format.html
+#
+# NOTE: the tests/daemon-conf regression test script requires
+# that each "PARAMETER = VALUE" line in this file have the parameter
+# name just after a leading "#".
+
+#################################################################
+#
+# Network connectivity controls
+#
+
+# Flag listening for secure TLS connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# It is necessary to setup a CA and issue server certificates before
+# using this capability.
+#
+# This is enabled by default, uncomment this to disable it
+listen_tls = 0
+
+# Listen for unencrypted TCP connections on the public TCP/IP port.
+# NB, must pass the --listen flag to the libvirtd process for this to
+# have any effect.
+#
+# Using the TCP socket requires SASL authentication by default. Only
+# SASL mechanisms which support data encryption are allowed. This is
+# DIGEST_MD5 and GSSAPI (Kerberos5)
+#
+# This is disabled by default, uncomment this to enable it.
+listen_tcp = 1
+
+
+
+# Override the port for accepting secure TLS connections
+# This can be a port number, or service name
+#
+#tls_port = "16514"
+
+# Override the port for accepting insecure TCP connections
+# This can be a port number, or service name
+#
+#tcp_port = "16509"
+
+
+# Override the default configuration which binds to all network
+# interfaces. This can be a numeric IPv4/6 address, or hostname
+#
+#listen_addr = "192.168.0.1"
+
+
+# Flag toggling mDNS advertizement of the libvirt service.
+#
+# Alternatively can disable for all services on a host by
+# stopping the Avahi daemon
+#
+# This is enabled by default, uncomment this to disable it
+#mdns_adv = 0
+
+# Override the default mDNS advertizement name. This must be
+# unique on the immediate broadcast network.
+#
+# The default is "Virtualization Host HOSTNAME", where HOSTNAME
+# is subsituted for the short hostname of the machine (without domain)
+#
+#mdns_name = "Virtualization Host Joe Demo"
+
+
+#################################################################
+#
+# UNIX socket access controls
+#
+
+# Set the UNIX domain socket group ownership. This can be used to
+# allow a 'trusted' set of users access to management capabilities
+# without becoming root.
+#
+# This is restricted to 'root' by default.
+unix_sock_group = "libvirtd"
+
+# Set the UNIX socket permissions for the R/O socket. This is used
+# for monitoring VM status only
+#
+# Default allows any user. If setting group ownership may want to
+# restrict this to:
+#unix_sock_ro_perms = "0777"
+
+# Set the UNIX socket permissions for the R/W socket. This is used
+# for full management of VMs
+#
+# Default allows only root. If PolicyKit is enabled on the socket,
+# the default will change to allow everyone (eg, 0777)
+#
+# If not using PolicyKit and setting group ownership for access
+# control then you may want to relax this to:
+unix_sock_rw_perms = "0770"
+
+# Set the name of the directory in which sockets will be found/created.
+#unix_sock_dir = "/var/run/libvirt"
+
+#################################################################
+#
+# Authentication.
+#
+#  - none: do not perform auth checks. If you can connect to the
+#          socket you are allowed. This is suitable if there are
+#          restrictions on connecting to the socket (eg, UNIX
+#          socket permissions), or if there is a lower layer in
+#          the network providing auth (eg, TLS/x509 certificates)
+#
+#  - sasl: use SASL infrastructure. The actual auth scheme is then
+#          controlled from /etc/sasl2/libvirt.conf. For the TCP
+#          socket only GSSAPI & DIGEST-MD5 mechanisms will be used.
+#          For non-TCP or TLS sockets,  any scheme is allowed.
+#
+#  - polkit: use PolicyKit to authenticate. This is only suitable
+#            for use on the UNIX sockets. The default policy will
+#            require a user to supply their own password to gain
+#            full read/write access (aka sudo like), while anyone
+#            is allowed read/only access.
+#
+# Set an authentication scheme for UNIX read-only sockets
+# By default socket permissions allow anyone to connect
+#
+# To restrict monitoring of domains you may wish to enable
+# an authentication mechanism here
+auth_unix_ro = "none"
+
+# Set an authentication scheme for UNIX read-write sockets
+# By default socket permissions only allow root. If PolicyKit
+# support was compiled into libvirt, the default will be to
+# use 'polkit' auth.
+#
+# If the unix_sock_rw_perms are changed you may wish to enable
+# an authentication mechanism here
+auth_unix_rw = "none"
+
+# Change the authentication scheme for TCP sockets.
+#
+# If you don't enable SASL, then all TCP traffic is cleartext.
+# Don't do this outside of a dev/test scenario. For real world
+# use, always enable SASL and use the GSSAPI or DIGEST-MD5
+# mechanism in /etc/sasl2/libvirt.conf
+auth_tcp = "<%= node[:libvirt][:auth_tcp] %>"
+
+# Change the authentication scheme for TLS sockets.
+#
+# TLS sockets already have encryption provided by the TLS
+# layer, and limited authentication is done by certificates
+#
+# It is possible to make use of any SASL authentication
+# mechanism as well, by using 'sasl' for this option
+#auth_tls = "none"
+
+
+
+#################################################################
+#
+# TLS x509 certificate configuration
+#
+
+
+# Override the default server key file path
+#
+#key_file = "/etc/pki/libvirt/private/serverkey.pem"
+
+# Override the default server certificate file path
+#
+#cert_file = "/etc/pki/libvirt/servercert.pem"
+
+# Override the default CA certificate path
+#
+#ca_file = "/etc/pki/CA/cacert.pem"
+
+# Specify a certificate revocation list.
+#
+# Defaults to not using a CRL, uncomment to enable it
+#crl_file = "/etc/pki/CA/crl.pem"
+
+
+
+#################################################################
+#
+# Authorization controls
+#
+
+
+# Flag to disable verification of our own server certificates
+#
+# When libvirtd starts it performs some sanity checks against
+# its own certificates.
+#
+# Default is to always run sanity checks. Uncommenting this
+# will disable sanity checks which is not a good idea
+#tls_no_sanity_certificate = 1
+
+# Flag to disable verification of client certificates
+#
+# Client certificate verification is the primary authentication mechanism.
+# Any client which does not present a certificate signed by the CA
+# will be rejected.
+#
+# Default is to always verify. Uncommenting this will disable
+# verification - make sure an IP whitelist is set
+#tls_no_verify_certificate = 1
+
+
+# A whitelist of allowed x509  Distinguished Names
+# This list may contain wildcards such as
+#
+#    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no DN's are checked
+#tls_allowed_dn_list = ["DN1", "DN2"]
+
+
+# A whitelist of allowed SASL usernames. The format for usernames
+# depends on the SASL authentication mechanism. Kerberos usernames
+# look like username@REALM
+#
+# This list may contain wildcards such as
+#
+#    "*@EXAMPLE.COM"
+#
+# See the POSIX fnmatch function for the format of the wildcards.
+#
+# NB If this is an empty list, no client can connect, so comment out
+# entirely rather than using empty list to disable these checks
+#
+# By default, no Username's are checked
+#sasl_allowed_username_list = ["joe@EXAMPLE.COM", "fred@EXAMPLE.COM" ]
+
+
+
+#################################################################
+#
+# Processing controls
+#
+
+# The maximum number of concurrent client connections to allow
+# over all sockets combined.
+#max_clients = 20
+
+
+# The minimum limit sets the number of workers to start up
+# initially. If the number of active clients exceeds this,
+# then more threads are spawned, upto max_workers limit.
+# Typically you'd want max_workers to equal maximum number
+# of clients allowed
+#min_workers = 5
+#max_workers = 20
+
+
+# The number of priority workers. If all workers from above
+# pool will stuck, some calls marked as high priority
+# (notably domainDestroy) can be executed in this pool.
+#prio_workers = 5
+
+# Total global limit on concurrent RPC calls. Should be
+# at least as large as max_workers. Beyond this, RPC requests
+# will be read into memory and queued. This directly impact
+# memory usage, currently each request requires 256 KB of
+# memory. So by default upto 5 MB of memory is used
+#
+# XXX this isn't actually enforced yet, only the per-client
+# limit is used so far
+#max_requests = 20
+
+# Limit on concurrent requests from a single client
+# connection. To avoid one client monopolizing the server
+# this should be a small fraction of the global max_requests
+# and max_workers parameter
+#max_client_requests = 5
+
+#################################################################
+#
+# Logging controls
+#
+
+# Logging level: 4 errors, 3 warnings, 2 information, 1 debug
+# basically 1 will log everything possible
+#log_level = 3
+
+# Logging filters:
+# A filter allows to select a different logging level for a given category
+# of logs
+# The format for a filter is:
+#    x:name
+#      where name is a match string e.g. remote or qemu
+# the x prefix is the minimal level where matching messages should be logged
+#    1: DEBUG
+#    2: INFO
+#    3: WARNING
+#    4: ERROR
+#
+# Multiple filter can be defined in a single @filters, they just need to be
+# separated by spaces.
+#
+# e.g:
+# log_filters="3:remote 4:event"
+# to only get warning or errors from the remote layer and only errors from
+# the event layer.
+
+# Logging outputs:
+# An output is one of the places to save logging information
+# The format for an output can be:
+#    x:stderr
+#      output goes to stderr
+#    x:syslog:name
+#      use syslog for the output and use the given name as the ident
+#    x:file:file_path
+#      output to a file, with the given filepath
+# In all case the x prefix is the minimal level, acting as a filter
+#    1: DEBUG
+#    2: INFO
+#    3: WARNING
+#    4: ERROR
+#
+# Multiple output can be defined, they just need to be separated by spaces.
+# e.g.:
+# log_outputs="3:syslog:libvirtd"
+# to log all warnings and errors to syslog under the libvirtd ident
+
+# Log debug buffer size: default 64
+# The daemon keeps an internal debug log buffer which will be dumped in case
+# of crash or upon receiving a SIGUSR2 signal. This setting allows to override
+# the default buffer size in kilobytes.
+# If value is 0 or less the debug log buffer is deactivated
+#log_buffer_size = 64
+
+
+##################################################################
+#
+# Auditing
+#
+# This setting allows usage of the auditing subsystem to be altered:
+#
+#   audit_level == 0  -> disable all auditing
+#   audit_level == 1  -> enable auditing, only if enabled on host (default)
+#   audit_level == 2  -> enable auditing, and exit if disabled on host
+#
+#audit_level = 2
+#
+# If set to 1, then audit messages will also be sent
+# via libvirt logging infrastructure. Defaults to 0
+#
+#audit_logging = 1
+
+###################################################################
+# UUID of the host:
+# Provide the UUID of the host here in case the command
+# 'dmidecode -s system-uuid' does not provide a valid uuid. In case
+# 'dmidecode' does not provide a valid UUID and none is provided here, a
+# temporary UUID will be generated.
+# Keep the format of the example UUID below. UUID must not have all digits
+# be the same.
+
+# NB This default all-zeros UUID will not work. Replace
+# it with the output of the 'uuidgen' command and then
+# uncomment this entry
+#host_uuid = "00000000-0000-0000-0000-000000000000"
+
+###################################################################
+# Keepalive protocol:
+# This allows libvirtd to detect broken client connections or even
+# dead client.  A keepalive message is sent to a client after
+# keepalive_interval seconds of inactivity to check if the client is
+# still responding; keepalive_count is a maximum number of keepalive
+# messages that are allowed to be sent to the client without getting
+# any response before the connection is considered broken.  In other
+# words, the connection is automatically closed approximately after
+# keepalive_interval * (keepalive_count + 1) seconds since the last
+# message received from the client.  If keepalive_interval is set to
+# -1, libvirtd will never send keepalive requests; however clients
+# can still send them and the deamon will send responses.  When
+# keepalive_count is set to 0, connections will be automatically
+# closed after keepalive_interval seconds of inactivity without
+# sending any keepalive messages.
+#
+#keepalive_interval = 5
+#keepalive_count = 5
+#
+# If set to 1, libvirtd will refuse to talk to clients that do not
+# support keepalive protocol.  Defaults to 0.
+#
+#keepalive_required = 1

templates/default/local_settings.py.erb

@@ -0,0 +1,105 @@
+import os
+
+DEBUG = True
+TEMPLATE_DEBUG = DEBUG
+PROD = False
+USE_SSL = False
+
+LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.mysql',
+        'NAME': '<%= @db_name %>',
+        'USER': '<%= @user %>',
+        'PASSWORD': '<%= @passwd %>',
+        'HOST': '<%= @ip_address %>',
+        'default-character-set': 'utf8'
+    },
+}
+
+CACHE_BACKEND = 'dummy://'
+
+
+# Send email to the console by default
+EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+# Or send them to /dev/null
+#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
+
+# django-mailer uses a different settings attribute
+MAILER_EMAIL_BACKEND = EMAIL_BACKEND
+
+# Configure these for your outgoing email host
+# EMAIL_HOST = 'smtp.my-company.com'
+# EMAIL_PORT = 25
+# EMAIL_HOST_USER = 'djangomail'
+# EMAIL_HOST_PASSWORD = 'top-secret!'
+
+HORIZON_CONFIG = {
+    'dashboards': ('nova', 'syspanel', 'settings',),
+    'default_dashboard': 'nova',
+    'user_home': 'dashboard.views.user_home',
+}
+
+# For multiple regions uncomment this configuration, and add (endpoint, title).
+# AVAILABLE_REGIONS = [
+#     ('http://cluster1.example.com:5000/v2.0', 'cluster1'),
+#     ('http://cluster2.example.com:5000/v2.0', 'cluster2'),
+# ]
+
+OPENSTACK_HOST = "<%= @ip_address %>"
+OPENSTACK_KEYSTONE_URL = "http://%s:<%= @service_port %>/v2.0/" % OPENSTACK_HOST
+# FIXME: this is only needed until keystone fixes its GET /tenants call
+# so that it doesn't return everything for admins
+OPENSTACK_KEYSTONE_ADMIN_URL = "http://%s:<%= @admin_port %>/v2.0" % OPENSTACK_HOST
+OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
+# Looks like Horizon no longer needs a Long-Lived Token
+# OPENSTACK_ADMIN_TOKEN = "<%= @admin_token %>"
+
+# The number of Swift containers and objects to display on a single page before
+# providing a paging element (a "more" link) to paginate results.
+API_RESULT_LIMIT = 1000
+SWIFT_ENABLED = False
+
+# NOTE(tres): Available services should come from the service
+#             catalog in Keystone.
+QUANTUM_ENABLED = False
+
+# If you have external monitoring links
+# EXTERNAL_MONITORING = [
+#     ['Nagios','http://foo.com'],
+#     ['Ganglia','http://bar.com'],
+# ]
+
+# Uncomment the following segment to silence most logging
+# django.db and boto DEBUG logging is extremely verbose.
+#LOGGING = {
+#        'version': 1,
+#        # set to True will disable all logging except that specified, unless
+#        # nothing is specified except that django.db.backends will still log,
+#        # even when set to True, so disable explicitly
+#        'disable_existing_loggers': False,
+#        'handlers': {
+#            'null': {
+#                'level': 'DEBUG',
+#                'class': 'django.utils.log.NullHandler',
+#                },
+#            'console': {
+#                'level': 'DEBUG',
+#                'class': 'logging.StreamHandler',
+#                },
+#            },
+#        'loggers': {
+#            # Comment or Uncomment these to turn on/off logging output
+#            'django.db.backends': {
+#                'handlers': ['null'],
+#                'propagate': False,
+#                },
+#            'django_openstack': {
+#                'handlers': ['null'],
+#                'propagate': False,
+#            },
+#        }
+#}
+
+# How much ram on each compute host?
+# COMPUTE_HOST_RAM_GB = 32

templates/default/mysql-server.seed.erb

@@ -0,0 +1,10 @@
+mysql-server-5.1 mysql-server/root_password_again select <%= node['mysql']['root_pass'] %>
+mysql-server-5.1 mysql-server/root_password select <%= node['mysql']['root_pass'] %>
+mysql-server-5.1 mysql-server-5.1/really_downgrade boolean false
+mysql-server-5.1 mysql-server-5.1/need_sarge_compat boolean false
+mysql-server-5.1 mysql-server-5.1/start_on_boot boolean true
+mysql-server-5.1 mysql-server/error_setting_password boolean false
+mysql-server-5.1 mysql-server-5.1/nis_warning note
+mysql-server-5.1 mysql-server-5.1/postrm_remove_databases boolean false
+mysql-server-5.1 mysql-server/password_mismatch boolean false
+mysql-server-5.1 mysql-server-5.1/need_sarge_compat_done boolean true

templates/default/nova-mysql.cnf.erb

@@ -0,0 +1,8 @@
+#
+# This forces bind to the admin ip, necessary for nova
+#
+# This file is controlled by Chef.  Do not edit.
+#
+
+[mysqld]
+bind-address = <%= node[:controller_ipaddress] %>

templates/default/nova.conf.erb

@@ -0,0 +1,57 @@
+[DEFAULT]
+
+# LOGS/STATE
+verbose=true
+dhcpbridge_flagfile=/etc/nova/nova.conf
+dhcpbridge=/usr/bin/nova-dhcpbridge
+logdir=/var/log/nova
+state_path=/var/lib/nova
+lock_path=/var/lock/nova
+iscsi_helper=tgtadm
+
+# RABBITMQ
+rabbit_password=guest
+rabbit_port=5672
+rabbit_host=<%= @ip_address %>
+
+# SCHEDULER
+#--scheduler_manager=nova.scheduler.abstract_scheduler.AbstractScheduler
+scheduler_driver=nova.scheduler.simple.SimpleScheduler
+
+# NETWORK
+network_manager=nova.network.manager.FlatDHCPManager
+fixed_range=<%= @ipv4_cidr %>
+ec2_dmz_host=<%= @ip_address %>
+#--flat_interface=eth1
+#--fixed_range=10.20.1.0/24
+#--flat_network_dhcp_start=10.20.1.2
+#--public_interface=eth0
+force_dhcp_release=true
+<% if @virt_type == "qemu" -%>
+libvirt_use_virtio_for_bridges=false
+<% else -%>
+libvirt_use_virtio_for_bridges=true
+<% end -%>
+
+# GLANCE
+image_service=nova.image.glance.GlanceImageService
+glance_api_servers=<%= @ip_address %>:<%= @api_port %>
+
+# COMPUTE
+compute_manager=nova.compute.manager.ComputeManager
+sql_connection=mysql://<%= @user %>:<%= @passwd %>@<%= @ip_address %>/<%= @db_name %>
+connection_type=libvirt
+libvirt_type=<%= @virt_type %>
+root_helper=sudo nova-rootwrap
+
+# VNCPROXY
+vncproxy_url=http://<%= @ip_address %>:6080
+vncproxy_wwwroot=/var/lib/nova/noVNC
+
+# MISC
+use_deprecated_auth=false
+allow_admin_api=true
+enable_zone_routing=true
+
+# KEYSTONE
+keystone_ec2_url=http://<%= @ip_address %>:5000/v2.0/ec2tokens

templates/default/novarc.erb

@@ -0,0 +1,20 @@
+# COMMON OPENSTACK ENVS
+export OS_AUTH_USER=<%= @user %>
+export OS_AUTH_KEY=<%= @password %>
+export OS_AUTH_TENANT=<%= @tenant %>
+export OS_AUTH_URL=http://<%= @keystone_api_ip %>:<%= @keystone_service_port %>/v2.0/
+export OS_AUTH_STRATEGY=<%= @auth_strategy %>
+
+# LEGACY NOVA ENVS
+export NOVA_USERNAME=${OS_AUTH_USER}
+export NOVA_PROJECT_ID=${OS_AUTH_TENANT}
+export NOVA_PASSWORD=${OS_AUTH_KEY}
+export NOVA_API_KEY=${OS_AUTH_KEY}
+export NOVA_URL=${OS_AUTH_URL}
+export NOVA_VERSION=<%= @nova_api_version %>
+export NOVA_REGION_NAME=<%= @keystone_region %>
+
+# EUCA2OOLs ENV VARIABLES
+export EC2_ACCESS_KEY=${OS_AUTH_USER}
+export EC2_SECRET_KEY=${OS_AUTH_KEY}
+export EC2_URL=http://<%= @nova_api_ip %>:8773/services/Cloud