1e8113866d
Shell scripts preparing dsvm environment for policy enforcement tests. Tests require devstack with Congress installed. Some original scripts where changed to reuse functionality. Jenkins job https://review.openstack.org/#/c/150401/ Partially Implements blueprint congress-support-in-murano Change-Id: Ib3c26168043f74d4e7ec76f3557f8857cf4304a4
266 lines
8.9 KiB
Plaintext
266 lines
8.9 KiB
Plaintext
# lib/murano
|
|
|
|
# Dependencies:
|
|
# ``functions`` file
|
|
# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
|
|
|
|
# ``stack.sh`` calls the entry points in this order:
|
|
#
|
|
# install_murano
|
|
# configure_murano
|
|
# start_murano
|
|
# stop_murano
|
|
|
|
|
|
# Save trace setting
|
|
XTRACE=$(set +o | grep xtrace)
|
|
set -o xtrace
|
|
|
|
|
|
# Defaults
|
|
# --------
|
|
|
|
# Set up default repos
|
|
MURANO_REPO=${MURANO_REPO:-${GIT_BASE}/stackforge/murano.git}
|
|
MURANO_BRANCH=${MURANO_BRANCH:-master}
|
|
|
|
MURANO_PYTHONCLIENT_REPO=${MURANO_PYTHONCLIENT_REPO:-${GIT_BASE}/stackforge/python-muranoclient.git}
|
|
MURANO_PYTHONCLIENT_BRANCH=${MURANO_PYTHONCLIENT_BRANCH:-master}
|
|
MURANO_PYTHONCLIENT_DIR=$DEST/python-muranoclient
|
|
|
|
# Set up default directories
|
|
MURANO_DIR=$DEST/murano
|
|
MURANO_CONF_DIR=${MURANO_CONF_DIR:-/etc/murano}
|
|
MURANO_CONF_FILE=${MURANO_CONF_DIR}/murano.conf
|
|
MURANO_POLICY_FILE=${MURANO_CONF_DIR}/policy.json
|
|
MURANO_DEBUG=${MURANO_DEBUG:-True}
|
|
MURANO_ENABLE_MODEL_POLICY_ENFORCEMENT=${MURANO_ENABLE_MODEL_POLICY_ENFORCEMENT:-False}
|
|
|
|
MURANO_SERVICE_HOST=${MURANO_SERVICE_HOST:-$SERVICE_HOST}
|
|
MURANO_SERVICE_PORT=${MURANO_SERVICE_PORT:-8082}
|
|
MURANO_SERVICE_PROTOCOL=${MURANO_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
|
|
|
MURANO_ADMIN_USER=${MURANO_ADMIN_USER:-murano}
|
|
|
|
MURANO_KEYSTONE_SIGNING_DIR=${MURANO_KEYSTONE_SIGNING_DIR:-/tmp/keystone-signing-muranoapi}
|
|
|
|
MURANO_DEFAULT_ROUTER=${MURANO_DEFAULT_ROUTER:-''}
|
|
MURANO_EXTERNAL_NETWORK=${MURANO_EXTERNAL_NETWORK:-''}
|
|
|
|
# MURANO_RABBIT_VHOST allows to specify a separate virtual host for Murano services.
|
|
# This is not required if all OpenStack services are deployed by devstack scripts
|
|
# on a single node. In this case '/' virtual host (which is the default) is enough.
|
|
# The problem arise when Murano installed in 'devbox' mode, allowing two or more
|
|
# devboxes to use one common OpenStack host. In this case it's better devboxes
|
|
# use separated virtual hosts, to avoid conflicts between Murano services.
|
|
# This couldn't be done using exitsting variables, so that's why this variable was added.
|
|
MURANO_RABBIT_VHOST=${MURANO_RABBIT_VHOST:-''}
|
|
|
|
# Support entry points installation of console scripts
|
|
if [[ -d $MURANO_DIR/bin ]]; then
|
|
MURANO_BIN_DIR=$MURANO_DIR/bin
|
|
else
|
|
MURANO_BIN_DIR=$(get_python_exec_prefix)
|
|
fi
|
|
|
|
|
|
# create_murano_accounts() - Set up common required murano accounts
|
|
#
|
|
# Tenant User Roles
|
|
# ------------------------------
|
|
# service murano admin
|
|
function create_murano_accounts() {
|
|
if ! is_service_enabled key; then
|
|
return
|
|
fi
|
|
|
|
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
|
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
|
|
|
MURANO_USER=$(openstack user create \
|
|
$MURANO_ADMIN_USER \
|
|
--password "$SERVICE_PASSWORD" \
|
|
--project $SERVICE_TENANT \
|
|
--email murano@example.com \
|
|
| grep " id " | get_field 2)
|
|
|
|
openstack role add \
|
|
$ADMIN_ROLE \
|
|
--project $SERVICE_TENANT \
|
|
--user $MURANO_USER
|
|
|
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
|
MURANO_SERVICE=$(openstack service create \
|
|
murano \
|
|
--type=application_catalog \
|
|
--description="Application Catalog" \
|
|
| grep " id " | get_field 2)
|
|
openstack endpoint create \
|
|
$MURANO_SERVICE \
|
|
--region RegionOne \
|
|
--publicurl "$MURANO_SERVICE_PROTOCOL://$MURANO_SERVICE_HOST:$MURANO_SERVICE_PORT" \
|
|
--adminurl "$MURANO_SERVICE_PROTOCOL://$MURANO_SERVICE_HOST:$MURANO_SERVICE_PORT" \
|
|
--internalurl "$MURANO_SERVICE_PROTOCOL://$MURANO_SERVICE_HOST:$MURANO_SERVICE_PORT"
|
|
fi
|
|
}
|
|
|
|
|
|
function mkdir_chown_stack {
|
|
if [[ ! -d "$1" ]]; then
|
|
sudo mkdir -p "$1"
|
|
fi
|
|
sudo chown $STACK_USER "$1"
|
|
}
|
|
|
|
|
|
function configure_murano_rpc_backend() {
|
|
# Configure the rpc service.
|
|
iniset_rpc_backend muranoapi $MURANO_CONF_FILE DEFAULT
|
|
|
|
# TODO(ruhe): get rid of this ugly workaround.
|
|
inicomment $MURANO_CONF_FILE DEFAULT rpc_backend
|
|
|
|
iniset $MURANO_CONF_FILE rabbitmq host $RABBIT_HOST
|
|
iniset $MURANO_CONF_FILE rabbitmq password $RABBIT_PASSWORD
|
|
|
|
# Set non-default rabbit virtual host if required.
|
|
if [[ -n "$MURANO_RABBIT_VHOST" ]]; then
|
|
iniset $MURANO_CONF_FILE DEFAULT rabbit_virtual_host $MURANO_RABBIT_VHOST
|
|
iniset $MURANO_CONF_FILE rabbitmq virtual_host $MURANO_RABBIT_VHOST
|
|
fi
|
|
}
|
|
|
|
function configure_murano_networking {
|
|
# Use keyword 'public' if Murano external network was not set.
|
|
# If it was set but the network is not exist then
|
|
# first available external network will be selected.
|
|
local ext_net=${MURANO_EXTERNAL_NETWORK:-'public'}
|
|
local ext_net_id=$(neutron net-external-list \
|
|
| grep " $ext_net " | get_field 2)
|
|
|
|
# Try to select first available external network
|
|
if [[ -n "$ext_net_id" ]]; then
|
|
ext_net_id=$(neutron net-external-list -f csv -c id \
|
|
| tail -n +2 | tail -n 1)
|
|
fi
|
|
|
|
# Configure networking options for Murano
|
|
if [[ -n "$MURANO_EXTERNAL_NETWORK" ]] && [[ -n "$ext_net_id" ]]; then
|
|
iniset $MURANO_CONF_FILE networking external_network $ext_net_id
|
|
iniset $MURANO_CONF_FILE networking create_router 'true'
|
|
fi
|
|
|
|
if [[ -n "$MURANO_DEFAULT_ROUTER" ]]; then
|
|
iniset $MURANO_CONF_FILE networking router_name $MURANO_DEFAULT_ROUTER
|
|
fi
|
|
}
|
|
|
|
# Entry points
|
|
# ------------
|
|
|
|
# configure_murano() - Set config files, create data dirs, etc
|
|
function configure_murano {
|
|
mkdir_chown_stack "$MURANO_CONF_DIR"
|
|
|
|
# Generate Murano configuration file and configure common parameters.
|
|
oslo-config-generator --namespace keystonemiddleware.auth_token \
|
|
--namespace murano \
|
|
--namespace oslo.db \
|
|
--namespace oslo.messaging \
|
|
> $MURANO_CONF_FILE
|
|
cp $MURANO_DIR/etc/murano/murano-paste.ini $MURANO_CONF_DIR
|
|
cp $MURANO_DIR/etc/murano/policy.json $MURANO_POLICY_FILE
|
|
|
|
cleanup_murano
|
|
|
|
iniset $MURANO_CONF_FILE DEFAULT debug $MURANO_DEBUG
|
|
iniset $MURANO_CONF_FILE DEFAULT use_syslog $SYSLOG
|
|
|
|
|
|
# Murano Api Configuration
|
|
#-------------------------
|
|
|
|
# Setup keystone_authtoken section
|
|
iniset $MURANO_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
|
|
iniset $MURANO_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
|
iniset $MURANO_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
|
iniset $MURANO_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
|
iniset $MURANO_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
|
|
iniset $MURANO_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
|
iniset $MURANO_CONF_FILE keystone_authtoken admin_user $MURANO_ADMIN_USER
|
|
iniset $MURANO_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
|
|
|
|
configure_murano_rpc_backend
|
|
|
|
# Configure notifications for status information during provisioning
|
|
iniset $MURANO_CONF_FILE DEFAULT notification_driver messagingv2
|
|
|
|
# configure the database.
|
|
iniset $MURANO_CONF_FILE database connection `database_connection_url murano`
|
|
|
|
# Configure keystone auth url
|
|
iniset $MURANO_CONF_FILE keystone auth_url "http://${KEYSTONE_AUTH_HOST}:5000/v2.0"
|
|
|
|
# Configure Murano API URL
|
|
iniset $MURANO_CONF_FILE murano url "http://127.0.0.1:8082"
|
|
|
|
configure_murano_networking
|
|
}
|
|
|
|
|
|
# init_murano() - Initialize databases, etc.
|
|
function init_murano() {
|
|
# (re)create Murano database
|
|
recreate_database murano utf8
|
|
|
|
$MURANO_BIN_DIR/murano-db-manage --config-file $MURANO_CONF_FILE upgrade
|
|
$MURANO_BIN_DIR/murano-manage --config-file $MURANO_CONF_FILE import-package $MURANO_DIR/meta/io.murano
|
|
}
|
|
|
|
|
|
# install_murano() - Collect source and prepare
|
|
function install_murano() {
|
|
install_murano_pythonclient
|
|
|
|
git_clone $MURANO_REPO $MURANO_DIR $MURANO_BRANCH
|
|
|
|
# TODO(ruhe): use setup_develop once Murano requirements match with global-requirement.txt
|
|
# both functions (setup_develop and setup_package) are defined at:
|
|
# http://git.openstack.org/cgit/openstack-dev/devstack/tree/functions-common
|
|
setup_package $MURANO_DIR -e
|
|
}
|
|
|
|
|
|
function install_murano_pythonclient() {
|
|
git_clone $MURANO_PYTHONCLIENT_REPO $MURANO_PYTHONCLIENT_DIR $MURANO_PYTHONCLIENT_BRANCH
|
|
setup_package $MURANO_PYTHONCLIENT_DIR -e
|
|
}
|
|
|
|
|
|
# start_murano() - Start running processes, including screen
|
|
function start_murano() {
|
|
screen_it murano-api "cd $MURANO_DIR && $MURANO_BIN_DIR/murano-api --config-file $MURANO_CONF_DIR/murano.conf"
|
|
screen_it murano-engine "cd $MURANO_DIR && $MURANO_BIN_DIR/murano-engine --config-file $MURANO_CONF_DIR/murano.conf"
|
|
}
|
|
|
|
|
|
# stop_murano() - Stop running processes
|
|
function stop_murano() {
|
|
# Kill the Murano screen windows
|
|
screen -S $SCREEN_NAME -p murano-api -X kill
|
|
screen -S $SCREEN_NAME -p murano-engine -X kill
|
|
}
|
|
|
|
function cleanup_murano() {
|
|
|
|
# Cleanup keystone signing dir
|
|
sudo rm -rf $MURANO_KEYSTONE_SIGNING_DIR
|
|
}
|
|
|
|
# Restore xtrace
|
|
$XTRACE
|
|
|
|
# Local variables:
|
|
# mode: shell-script
|
|
# End:
|