From aa8a2174a6fcdaeb3b2cbcb2f5a0bafcb993e9bb Mon Sep 17 00:00:00 2001 From: Tim Miller Date: Wed, 20 Feb 2013 21:50:33 -0800 Subject: [PATCH] Add a cinder element. Change-Id: I4729cf003896c3b4f8267d16e1b4822099231051 --- .../config/etc/cinder/api-paste.ini | 61 +++++++++++++++++++ .../config/etc/cinder/cinder.conf | 20 ++++++ .../config/etc/cinder/policy.json | 34 +++++++++++ .../config/etc/cinder/rootwrap.conf | 27 ++++++++ .../etc/cinder/rootwrap.d/volume.filters | 55 +++++++++++++++++ .../config/etc/default/iscsitarget | 2 + elements/cinder-config/element-deps | 1 + .../cinder-config/install.d/01-cinder-config | 3 + elements/cinder/README.md | 1 + elements/cinder/element-deps | 4 ++ elements/cinder/install.d/72-cinder | 22 +++++++ elements/cinder/migration | 15 +++++ elements/cinder/post-configure | 8 +++ elements/cinder/pre-configure | 8 +++ .../install.d/01-os-refresh-config | 4 ++ 15 files changed, 265 insertions(+) create mode 100644 elements/cinder-config/config/etc/cinder/api-paste.ini create mode 100644 elements/cinder-config/config/etc/cinder/cinder.conf create mode 100644 elements/cinder-config/config/etc/cinder/policy.json create mode 100644 elements/cinder-config/config/etc/cinder/rootwrap.conf create mode 100644 elements/cinder-config/config/etc/cinder/rootwrap.d/volume.filters create mode 100644 elements/cinder-config/config/etc/default/iscsitarget create mode 100644 elements/cinder-config/element-deps create mode 100755 elements/cinder-config/install.d/01-cinder-config create mode 100644 elements/cinder/README.md create mode 100644 elements/cinder/element-deps create mode 100755 elements/cinder/install.d/72-cinder create mode 100755 elements/cinder/migration create mode 100755 elements/cinder/post-configure create mode 100755 elements/cinder/pre-configure diff --git a/elements/cinder-config/config/etc/cinder/api-paste.ini b/elements/cinder-config/config/etc/cinder/api-paste.ini new file mode 100644 index 00000000..d9eaef61 --- /dev/null +++ b/elements/cinder-config/config/etc/cinder/api-paste.ini @@ -0,0 +1,61 @@ +############# +# OpenStack # +############# + +[composite:osapi_volume] +use = call:cinder.api:root_app_factory +/: apiversions +/v1: openstack_volume_api_v1 +/v2: openstack_volume_api_v2 + +[composite:openstack_volume_api_v1] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = faultwrap sizelimit noauth apiv1 +keystone = faultwrap sizelimit authtoken keystonecontext apiv1 +keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv1 + +[composite:openstack_volume_api_v2] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = faultwrap sizelimit noauth apiv2 +keystone = faultwrap sizelimit authtoken keystonecontext apiv2 +keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv2 + +[filter:faultwrap] +paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory + +[filter:noauth] +paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory + +[app:apiv1] +paste.app_factory = cinder.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = cinder.api.v2.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = faultwrap osvolumeversionapp + +[app:osvolumeversionapp] +paste.app_factory = cinder.api.versions:Versions.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystone.middleware.auth_token:filter_factory +service_protocol = http +service_host = {{keystone.host}} +service_port = 5000 +auth_host = {{keystone.host}} +auth_port = 35357 +auth_protocol = http +admin_tenant_name = service +admin_user = cinder +admin_password = {{service-password}} diff --git a/elements/cinder-config/config/etc/cinder/cinder.conf b/elements/cinder-config/config/etc/cinder/cinder.conf new file mode 100644 index 00000000..77f8b17a --- /dev/null +++ b/elements/cinder-config/config/etc/cinder/cinder.conf @@ -0,0 +1,20 @@ +[DEFAULT] +debug = True + +state_path = /var/run/cinder + +rootwrap_config=/etc/cinder/rootwrap.conf +api_paste_config = /etc/cinder/api-paste.ini + +iscsi_helper=tgtadm +volume_name_template = volume-%s +volume_group = cinder-volumes +verbose = True +auth_strategy = keystone + +sql_connection={{cinder.db}} + +rabbit_host = {{rabbit.host}} +rabbit_port = 5672 +rabbit_userid = {{rabbit.user}} +rabbit_password = {{rabbit.password}} diff --git a/elements/cinder-config/config/etc/cinder/policy.json b/elements/cinder-config/config/etc/cinder/policy.json new file mode 100644 index 00000000..a4fd911f --- /dev/null +++ b/elements/cinder-config/config/etc/cinder/policy.json @@ -0,0 +1,34 @@ +{ + "context_is_admin": [["role:admin"]], + "admin_or_owner": [["is_admin:True"], ["project_id:%(project_id)s"]], + "default": [["rule:admin_or_owner"]], + + "admin_api": [["is_admin:True"]], + + "volume:create": [], + "volume:get_all": [], + "volume:get_volume_metadata": [], + "volume:get_snapshot": [], + "volume:get_all_snapshots": [], + + "volume_extension:types_manage": [["rule:admin_api"]], + "volume_extension:types_extra_specs": [["rule:admin_api"]], + "volume_extension:extended_snapshot_attributes": [], + "volume_extension:volume_image_metadata": [], + + "volume_extension:quotas:show": [], + "volume_extension:quotas:update_for_project": [["rule:admin_api"]], + "volume_extension:quotas:update_for_user": [["rule:admin_or_projectadmin"]], + "volume_extension:quota_classes": [], + + "volume_extension:volume_admin_actions:reset_status": [["rule:admin_api"]], + "volume_extension:snapshot_admin_actions:reset_status": [["rule:admin_api"]], + "volume_extension:volume_admin_actions:force_delete": [["rule:admin_api"]], + "volume_extension:snapshot_admin_actions:force_delete": [["rule:admin_api"]], + + "volume_extension:volume_host_attribute": [["rule:admin_api"]], + "volume_extension:volume_tenant_attribute": [["rule:admin_api"]], + "volume_extension:hosts": [["rule:admin_api"]], + "volume_extension:services": [["rule:admin_api"]], + "volume:services": [["rule:admin_api"]] +} diff --git a/elements/cinder-config/config/etc/cinder/rootwrap.conf b/elements/cinder-config/config/etc/cinder/rootwrap.conf new file mode 100644 index 00000000..dfa8a99c --- /dev/null +++ b/elements/cinder-config/config/etc/cinder/rootwrap.conf @@ -0,0 +1,27 @@ +# Configuration for cinder-rootwrap +# This file should be owned by (and only-writeable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap + +# List of directories to search executables in, in case filters do not +# explicitely specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writeable by root ! +exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin + +# Enable logging to syslog +# Default value is False +use_syslog=False + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, user0, user1... +# Default value is 'syslog' +syslog_log_facility=syslog + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=ERROR diff --git a/elements/cinder-config/config/etc/cinder/rootwrap.d/volume.filters b/elements/cinder-config/config/etc/cinder/rootwrap.d/volume.filters new file mode 100644 index 00000000..a51cad89 --- /dev/null +++ b/elements/cinder-config/config/etc/cinder/rootwrap.d/volume.filters @@ -0,0 +1,55 @@ +# cinder-rootwrap command filters for volume nodes +# This file should be owned by (and only-writeable by) the root user + +[Filters] +# cinder/volume/iscsi.py: iscsi_helper '--op' ... +ietadm: CommandFilter, /usr/sbin/ietadm, root +tgtadm: CommandFilter, /usr/sbin/tgtadm, root +tgt-admin: CommandFilter, /usr/sbin/tgt-admin, root + +# cinder/volume/driver.py: 'vgs', '--noheadings', '-o', 'name' +vgs: CommandFilter, /sbin/vgs, root + +# cinder/volume/driver.py: 'lvcreate', '-L', sizestr, '-n', volume_name,.. +# cinder/volume/driver.py: 'lvcreate', '-L', ... +lvcreate: CommandFilter, /sbin/lvcreate, root + +# cinder/volume/driver.py: 'dd', 'if=%s' % srcstr, 'of=%s' % deststr,... +dd: CommandFilter, /bin/dd, root + +# cinder/volume/driver.py: 'lvremove', '-f', %s/%s % ... +lvremove: CommandFilter, /sbin/lvremove, root + +# cinder/volume/driver.py: 'lvdisplay', '--noheading', '-C', '-o', 'Attr',.. +lvdisplay: CommandFilter, /sbin/lvdisplay, root + +# cinder/volume/driver.py: 'iscsiadm', '-m', 'discovery', '-t',... +# cinder/volume/driver.py: 'iscsiadm', '-m', 'node', '-T', ... +iscsiadm: CommandFilter, /sbin/iscsiadm, root +iscsiadm_usr: CommandFilter, /usr/bin/iscsiadm, root + +# cinder/volume/drivers/lvm.py: 'shred', '-n3' +# cinder/volume/drivers/lvm.py: 'shred', '-n0', '-z', '-s%dMiB' +shred: CommandFilter, /usr/bin/shred, root + +#cinder/volume/.py: utils.temporary_chown(path, 0), ... +chown: CommandFilter, /bin/chown, root + +# cinder/volume/driver.py +dmsetup: CommandFilter, /sbin/dmsetup, root +dmsetup_usr: CommandFilter, /usr/sbin/dmsetup, root +ln: CommandFilter, /bin/ln, root +qemu-img: CommandFilter, /usr/bin/qemu-img, root +env: CommandFilter, /usr/bin/env, root + +# cinder/volume/driver.py: utils.read_file_as_root() +cat: CommandFilter, /bin/cat, root + +# cinder/volume/nfs.py +stat: CommandFilter, /usr/bin/stat, root +mount: CommandFilter, /bin/mount, root +df: CommandFilter, /bin/df, root +truncate: CommandFilter, /usr/bin/truncate, root +chmod: CommandFilter, /bin/chmod, root +rm: CommandFilter, /bin/rm, root +lvs: CommandFilter, /sbin/lvs, root diff --git a/elements/cinder-config/config/etc/default/iscsitarget b/elements/cinder-config/config/etc/default/iscsitarget new file mode 100644 index 00000000..70d645c8 --- /dev/null +++ b/elements/cinder-config/config/etc/default/iscsitarget @@ -0,0 +1,2 @@ +ISCSITARGET_ENABLE=true + diff --git a/elements/cinder-config/element-deps b/elements/cinder-config/element-deps new file mode 100644 index 00000000..c2199a4e --- /dev/null +++ b/elements/cinder-config/element-deps @@ -0,0 +1 @@ +os-config-applier diff --git a/elements/cinder-config/install.d/01-cinder-config b/elements/cinder-config/install.d/01-cinder-config new file mode 100755 index 00000000..1acd3748 --- /dev/null +++ b/elements/cinder-config/install.d/01-cinder-config @@ -0,0 +1,3 @@ +#!/bin/bash +set -eu +use-config-templates $(dirname $0)/../config diff --git a/elements/cinder/README.md b/elements/cinder/README.md new file mode 100644 index 00000000..1497c878 --- /dev/null +++ b/elements/cinder/README.md @@ -0,0 +1 @@ +Install cinder service from git. diff --git a/elements/cinder/element-deps b/elements/cinder/element-deps new file mode 100644 index 00000000..6bde56d4 --- /dev/null +++ b/elements/cinder/element-deps @@ -0,0 +1,4 @@ +os-svc-install +os-refresh-config +os-config-applier +cinder-config diff --git a/elements/cinder/install.d/72-cinder b/elements/cinder/install.d/72-cinder new file mode 100755 index 00000000..df00c5c0 --- /dev/null +++ b/elements/cinder/install.d/72-cinder @@ -0,0 +1,22 @@ +#!/bin/bash +set -eux + +install-packages lvm2 +os-svc-install -n cinder -u cinder -r https://github.com/openstack/cinder.git + +os-svc-upstart cinder-api cinder /usr/local/bin/cinder-api "--config-dir /etc/cinder" +os-svc-upstart cinder-volume cinder /usr/local/bin/cinder-volume "--config-dir /etc/cinder" +os-svc-upstart cinder-scheduler cinder /usr/local/bin/cinder-scheduler "--config-dir /etc/cinder" +mkdir -p /etc/tgt/conf.d +echo 'include /etc/tgt/conf.d/cinder_tgt.conf' > /etc/tgt/targets.conf +echo 'include /var/run/cinder/volumes/*' > /etc/tgt/conf.d/cinder_tgt.conf + +echo "cinder ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/cinder +chmod 0440 /etc/sudoers.d/cinder +visudo -c + +os_refresh=$(os-refresh-config --print-base) + +for stage in pre-configure migration post-configure; do + install -m 0755 -o root -g root $(dirname $0)/../$stage $os_refresh/$stage.d/72-cinder +done diff --git a/elements/cinder/migration b/elements/cinder/migration new file mode 100755 index 00000000..9b1e8264 --- /dev/null +++ b/elements/cinder/migration @@ -0,0 +1,15 @@ +#!/bin/bash +set -eu + +# TODO: resize volume group in response to config changes. +# TODO: is there a safe way to shrink a volume group? +vol_group=cinder-volumes +vol_file=/var/run/cinder/$vol_group-backing-file +size=$(os-config-applier --key cinder.volume_size_mb --type int)M + +if ! vgs $vol_group; then + [[ -f $vol_file ]] || truncate -s $size $vol_file + dev=`sudo losetup -f --show $vol_file` + if ! vgs $vol_group; then vgcreate $vol_group $dev; fi + mkdir -p /var/run/cinder/volumes +fi diff --git a/elements/cinder/post-configure b/elements/cinder/post-configure new file mode 100755 index 00000000..f838be0b --- /dev/null +++ b/elements/cinder/post-configure @@ -0,0 +1,8 @@ +#!/bin/bash +set -eu + +service iscsitarget restart +service open-iscsi restart +service cinder-api restart +service cinder-volume restart +service cinder-scheduler restart diff --git a/elements/cinder/pre-configure b/elements/cinder/pre-configure new file mode 100755 index 00000000..925333ee --- /dev/null +++ b/elements/cinder/pre-configure @@ -0,0 +1,8 @@ +#!/bin/bash +set -eu + +# installation requires building a kernel module. +# - TODO: use generic 'install-packages' instead of apt-get once +# it is available from first-boot scripts. +DEBIAN_FRONTEND=noninteractive apt-get install --yes linux-headers-`uname -r` +DEBIAN_FRONTEND=noninteractive apt-get install --yes iscsitarget iscsitarget-dkms openvswitch-datapath-dkms diff --git a/elements/os-refresh-config/install.d/01-os-refresh-config b/elements/os-refresh-config/install.d/01-os-refresh-config index 116b4783..d4a089be 100755 --- a/elements/os-refresh-config/install.d/01-os-refresh-config +++ b/elements/os-refresh-config/install.d/01-os-refresh-config @@ -8,6 +8,10 @@ install-packages git-core python-pip pip install git+https://github.com/tripleo/os-refresh-config.git +for d in pre-configure.d configure.d migration.d post-configure.d; do + install -m 0755 -o root -g root -d /opt/stack/os-config-refresh/$d +done + cat > /etc/init/os-refresh-config.conf <<- eof start on runlevel [2345] task