a40f9cb91f
Since we are python3 only for openstack we create a single python3 virtualenv to install all the packages into. This gives us the benefits of installing into a virtualenv while still ensuring coinstallability. This is a major change and will likely break many things. There are several reasons for this. The change that started this effort was pip stopped uninstalling packages which used distutils to generate their package installation. Many distro packages do this which meant that pip installed packages and distro packages could not coexist in the global install space. More recently git has made pip installing repos as root more difficult due to file ownership concerns. Currently the switch to the global venv is optional, but if we go down this path we should very quickly remove the old global installation method as it has only caused us problems. Major hurdles we have to get over are convincing rootwrap to trust binaries in the virtualenvs (so you'll notice we update rootwrap configs). Some distros still have issues, keep them using the old setup for now. Depends-On: https://review.opendev.org/c/openstack/grenade/+/880266 Co-Authored-By: Dr. Jens Harbott <frickler@offenerstapel.de> Change-Id: If9bc7ba45522189d03f19b86cb681bb150ee2f25
1613 lines
47 KiB
Bash
Executable File
1613 lines
47 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
|
|
# ``stack.sh`` is an opinionated OpenStack developer installation. It
|
|
# installs and configures various combinations of **Cinder**, **Glance**,
|
|
# **Horizon**, **Keystone**, **Nova**, **Neutron**, and **Swift**
|
|
|
|
# This script's options can be changed by setting appropriate environment
|
|
# variables. You can configure things like which git repositories to use,
|
|
# services to enable, OS images to use, etc. Default values are located in the
|
|
# ``stackrc`` file. If you are crafty you can run the script on multiple nodes
|
|
# using shared settings for common resources (eg., mysql or rabbitmq) and build
|
|
# a multi-node developer install.
|
|
|
|
# To keep this script simple we assume you are running on a recent **Ubuntu**
|
|
# (Bionic or newer) or **CentOS/RHEL/RockyLinux**
|
|
# (7 or newer) machine. (It may work on other platforms but support for those
|
|
# platforms is left to those who added them to DevStack.) It should work in
|
|
# a VM or physical server. Additionally, we maintain a list of ``deb`` and
|
|
# ``rpm`` dependencies and other configuration files in this repo.
|
|
|
|
# Learn more and get the most recent version at http://devstack.org
|
|
|
|
# Print the commands being run so that we can see the command that triggers
|
|
# an error. It is also useful for following along as the install occurs.
|
|
set -o xtrace
|
|
|
|
# Make sure custom grep options don't get in the way
|
|
unset GREP_OPTIONS
|
|
|
|
# NOTE(sdague): why do we explicitly set locale when running stack.sh?
|
|
#
|
|
# Devstack is written in bash, and many functions used throughout
|
|
# devstack process text coming off a command (like the ip command)
|
|
# and do transforms using grep, sed, cut, awk on the strings that are
|
|
# returned. Many of these programs are internationalized, which is
|
|
# great for end users, but means that the strings that devstack
|
|
# functions depend upon might not be there in other locales. We thus
|
|
# need to pin the world to an english basis during the runs.
|
|
#
|
|
# Previously we used the C locale for this, every system has it, and
|
|
# it gives us a stable sort order. It does however mean that we
|
|
# effectively drop unicode support.... boo! :(
|
|
#
|
|
# With python3 being more unicode aware by default, that's not the
|
|
# right option. While there is a C.utf8 locale, some distros are
|
|
# shipping it as C.UTF8 for extra confusingness. And it's support
|
|
# isn't super clear across distros. This is made more challenging when
|
|
# trying to support both out of the box distros, and the gate which
|
|
# uses diskimage builder to build disk images in a different way than
|
|
# the distros do.
|
|
#
|
|
# So... en_US.utf8 it is. That's existed for a very long time. It is a
|
|
# compromise position, but it is the least worse idea at the time of
|
|
# this comment.
|
|
#
|
|
# We also have to unset other variables that might impact LC_ALL
|
|
# taking effect.
|
|
unset LANG
|
|
unset LANGUAGE
|
|
LC_ALL=en_US.utf8
|
|
export LC_ALL
|
|
|
|
# Clear all OpenStack related envvars
|
|
unset `env | grep -E '^OS_' | cut -d = -f 1`
|
|
|
|
# Make sure umask is sane
|
|
umask 022
|
|
|
|
# Not all distros have sbin in PATH for regular users.
|
|
# osc will normally be installed at /usr/local/bin/openstack so ensure
|
|
# /usr/local/bin is also in the path
|
|
PATH=$PATH:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin
|
|
|
|
# Keep track of the DevStack directory
|
|
TOP_DIR=$(cd $(dirname "$0") && pwd)
|
|
|
|
# Check for uninitialized variables, a big cause of bugs
|
|
NOUNSET=${NOUNSET:-}
|
|
if [[ -n "$NOUNSET" ]]; then
|
|
set -o nounset
|
|
fi
|
|
|
|
# Set start of devstack timestamp
|
|
DEVSTACK_START_TIME=$(date +%s)
|
|
|
|
# Configuration
|
|
# =============
|
|
|
|
# Sanity Checks
|
|
# -------------
|
|
|
|
# Clean up last environment var cache
|
|
if [[ -r $TOP_DIR/.stackenv ]]; then
|
|
rm $TOP_DIR/.stackenv
|
|
fi
|
|
|
|
# ``stack.sh`` keeps the list of ``deb`` and ``rpm`` dependencies, config
|
|
# templates and other useful files in the ``files`` subdirectory
|
|
FILES=$TOP_DIR/files
|
|
if [ ! -d $FILES ]; then
|
|
set +o xtrace
|
|
echo "missing devstack/files"
|
|
exit 1
|
|
fi
|
|
|
|
# ``stack.sh`` keeps function libraries here
|
|
# Make sure ``$TOP_DIR/inc`` directory is present
|
|
if [ ! -d $TOP_DIR/inc ]; then
|
|
set +o xtrace
|
|
echo "missing devstack/inc"
|
|
exit 1
|
|
fi
|
|
|
|
# ``stack.sh`` keeps project libraries here
|
|
# Make sure ``$TOP_DIR/lib`` directory is present
|
|
if [ ! -d $TOP_DIR/lib ]; then
|
|
set +o xtrace
|
|
echo "missing devstack/lib"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if run in POSIX shell
|
|
if [[ "${POSIXLY_CORRECT}" == "y" ]]; then
|
|
set +o xtrace
|
|
echo "You are running POSIX compatibility mode, DevStack requires bash 4.2 or newer."
|
|
exit 1
|
|
fi
|
|
|
|
# OpenStack is designed to be run as a non-root user; Horizon will fail to run
|
|
# as **root** since Apache will not serve content from **root** user).
|
|
# ``stack.sh`` must not be run as **root**. It aborts and suggests one course of
|
|
# action to create a suitable user account.
|
|
|
|
if [[ $EUID -eq 0 ]]; then
|
|
set +o xtrace
|
|
echo "DevStack should be run as a user with sudo permissions, "
|
|
echo "not root."
|
|
echo "A \"stack\" user configured correctly can be created with:"
|
|
echo " $TOP_DIR/tools/create-stack-user.sh"
|
|
exit 1
|
|
fi
|
|
|
|
# OpenStack is designed to run at a system level, with system level
|
|
# installation of python packages. It does not support running under a
|
|
# virtual env, and will fail in really odd ways if you do this. Make
|
|
# this explicit as it has come up on the mailing list.
|
|
if [[ -n "$VIRTUAL_ENV" ]]; then
|
|
set +o xtrace
|
|
echo "You appear to be running under a python virtualenv."
|
|
echo "DevStack does not support this, as we may break the"
|
|
echo "virtualenv you are currently in by modifying "
|
|
echo "external system-level components the virtualenv relies on."
|
|
echo "We recommend you use a separate virtual-machine if "
|
|
echo "you are worried about DevStack taking over your system."
|
|
exit 1
|
|
fi
|
|
|
|
# Provide a safety switch for devstack. If you do a lot of devstack,
|
|
# on a lot of different environments, you sometimes run it on the
|
|
# wrong box. This makes there be a way to prevent that.
|
|
if [[ -e $HOME/.no-devstack ]]; then
|
|
set +o xtrace
|
|
echo "You've marked this host as a no-devstack host, to save yourself from"
|
|
echo "running devstack accidentally. If this is in error, please remove the"
|
|
echo "~/.no-devstack file"
|
|
exit 1
|
|
fi
|
|
|
|
# Prepare the environment
|
|
# -----------------------
|
|
|
|
# Initialize variables:
|
|
LAST_SPINNER_PID=""
|
|
|
|
# Import common functions
|
|
source $TOP_DIR/functions
|
|
|
|
# Import 'public' stack.sh functions
|
|
source $TOP_DIR/lib/stack
|
|
|
|
# Determine what system we are running on. This provides ``os_VENDOR``,
|
|
# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
|
|
# and ``DISTRO``
|
|
GetDistro
|
|
|
|
|
|
# Global Settings
|
|
# ---------------
|
|
|
|
# Check for a ``localrc`` section embedded in ``local.conf`` and extract if
|
|
# ``localrc`` does not already exist
|
|
|
|
# Phase: local
|
|
rm -f $TOP_DIR/.localrc.auto
|
|
extract_localrc_section $TOP_DIR/local.conf $TOP_DIR/localrc $TOP_DIR/.localrc.auto
|
|
|
|
# ``stack.sh`` is customizable by setting environment variables. Override a
|
|
# default setting via export:
|
|
#
|
|
# export DATABASE_PASSWORD=anothersecret
|
|
# ./stack.sh
|
|
#
|
|
# or by setting the variable on the command line:
|
|
#
|
|
# DATABASE_PASSWORD=simple ./stack.sh
|
|
#
|
|
# Persistent variables can be placed in a ``local.conf`` file:
|
|
#
|
|
# [[local|localrc]]
|
|
# DATABASE_PASSWORD=anothersecret
|
|
# DATABASE_USER=hellaroot
|
|
#
|
|
# We try to have sensible defaults, so you should be able to run ``./stack.sh``
|
|
# in most cases. ``local.conf`` is not distributed with DevStack and will never
|
|
# be overwritten by a DevStack update.
|
|
#
|
|
# DevStack distributes ``stackrc`` which contains locations for the OpenStack
|
|
# repositories, branches to configure, and other configuration defaults.
|
|
# ``stackrc`` sources the ``localrc`` section of ``local.conf`` to allow you to
|
|
# safely override those settings.
|
|
|
|
if [[ ! -r $TOP_DIR/stackrc ]]; then
|
|
die $LINENO "missing $TOP_DIR/stackrc - did you grab more than just stack.sh?"
|
|
fi
|
|
source $TOP_DIR/stackrc
|
|
|
|
# write /etc/devstack-version
|
|
write_devstack_version
|
|
|
|
# Warn users who aren't on an explicitly supported distro, but allow them to
|
|
# override check and attempt installation with ``FORCE=yes ./stack``
|
|
SUPPORTED_DISTROS="bullseye|focal|jammy|rhel8|rhel9|openEuler-22.03"
|
|
|
|
if [[ ! ${DISTRO} =~ $SUPPORTED_DISTROS ]]; then
|
|
echo "WARNING: this script has not been tested on $DISTRO"
|
|
if [[ "$FORCE" != "yes" ]]; then
|
|
die $LINENO "If you wish to run this script anyway run with FORCE=yes"
|
|
fi
|
|
fi
|
|
|
|
# Local Settings
|
|
# --------------
|
|
|
|
# Make sure the proxy config is visible to sub-processes
|
|
export_proxy_variables
|
|
|
|
# Remove services which were negated in ``ENABLED_SERVICES``
|
|
# using the "-" prefix (e.g., "-rabbit") instead of
|
|
# calling disable_service().
|
|
disable_negated_services
|
|
|
|
|
|
# Configure sudo
|
|
# --------------
|
|
|
|
# We're not as **root** so make sure ``sudo`` is available
|
|
is_package_installed sudo || is_package_installed sudo-ldap || install_package sudo
|
|
|
|
# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
|
|
sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
|
|
echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers
|
|
|
|
# Conditionally setup detailed logging for sudo
|
|
if [[ -n "$LOG_SUDO" ]]; then
|
|
TEMPFILE=`mktemp`
|
|
echo "Defaults log_output" > $TEMPFILE
|
|
chmod 0440 $TEMPFILE
|
|
sudo chown root:root $TEMPFILE
|
|
sudo mv $TEMPFILE /etc/sudoers.d/00_logging
|
|
fi
|
|
|
|
# Set up DevStack sudoers
|
|
TEMPFILE=`mktemp`
|
|
echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
|
|
# Some binaries might be under ``/sbin`` or ``/usr/sbin``, so make sure sudo will
|
|
# see them by forcing ``PATH``
|
|
echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
|
|
echo "Defaults:$STACK_USER !requiretty" >> $TEMPFILE
|
|
chmod 0440 $TEMPFILE
|
|
sudo chown root:root $TEMPFILE
|
|
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
|
|
|
|
# Configure Distro Repositories
|
|
# -----------------------------
|
|
|
|
# For Debian/Ubuntu make apt attempt to retry network ops on it's own
|
|
if is_ubuntu; then
|
|
echo 'APT::Acquire::Retries "20";' | sudo tee /etc/apt/apt.conf.d/80retry >/dev/null
|
|
fi
|
|
|
|
# Some distros need to add repos beyond the defaults provided by the vendor
|
|
# to pick up required packages.
|
|
|
|
function _install_epel {
|
|
# epel-release is in extras repo which is enabled by default
|
|
install_package epel-release
|
|
|
|
# RDO repos are not tested with epel and may have incompatibilities so
|
|
# let's limit the packages fetched from epel to the ones not in RDO repos.
|
|
sudo dnf config-manager --save --setopt=includepkgs=debootstrap,dpkg epel
|
|
}
|
|
|
|
function _install_rdo {
|
|
if [[ $DISTRO == "rhel8" ]]; then
|
|
if [[ "$TARGET_BRANCH" == "master" ]]; then
|
|
# rdo-release.el8.rpm points to latest RDO release, use that for master
|
|
sudo dnf -y install https://rdoproject.org/repos/rdo-release.el8.rpm
|
|
else
|
|
# For stable branches use corresponding release rpm
|
|
rdo_release=$(echo $TARGET_BRANCH | sed "s|stable/||g")
|
|
sudo dnf -y install https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el8.rpm
|
|
fi
|
|
elif [[ $DISTRO == "rhel9" ]]; then
|
|
install_package wget
|
|
# We need to download rdo-release package using wget as installing with dnf from repo.fedoraproject.org fails in
|
|
# FIPS enabled systems after https://bugzilla.redhat.com/show_bug.cgi?id=2157951
|
|
# Until we can pull rdo-release from a server which supports EMS, this workaround is doing wget, which does
|
|
# not relies on openssl but on gnutls, and then install it locally using rpm
|
|
TEMPRDODIR=$(mktemp -d)
|
|
if [[ "$TARGET_BRANCH" == "master" ]]; then
|
|
# rdo-release.el9.rpm points to latest RDO release, use that for master
|
|
wget -P $TEMPRDODIR https://rdoproject.org/repos/rdo-release.el9.rpm
|
|
else
|
|
# For stable branches use corresponding release rpm
|
|
rdo_release=$(echo $TARGET_BRANCH | sed "s|stable/||g")
|
|
wget -P $TEMPRDODIR https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el9.rpm
|
|
fi
|
|
sudo rpm -ivh $TEMPRDODIR/rdo-release*rpm
|
|
rm -rf $TEMPRDODIR
|
|
fi
|
|
sudo dnf -y update
|
|
}
|
|
|
|
|
|
# Configure Target Directories
|
|
# ----------------------------
|
|
|
|
# Destination path for installation ``DEST``
|
|
DEST=${DEST:-/opt/stack}
|
|
|
|
# Create the destination directory and ensure it is writable by the user
|
|
# and read/executable by everybody for daemons (e.g. apache run for horizon)
|
|
# If directory exists do not modify the permissions.
|
|
if [[ ! -d $DEST ]]; then
|
|
sudo mkdir -p $DEST
|
|
safe_chown -R $STACK_USER $DEST
|
|
safe_chmod 0755 $DEST
|
|
fi
|
|
|
|
# Destination path for devstack logs
|
|
if [[ -n ${LOGDIR:-} ]]; then
|
|
mkdir -p $LOGDIR
|
|
fi
|
|
|
|
# Destination path for service data
|
|
DATA_DIR=${DATA_DIR:-${DEST}/data}
|
|
if [[ ! -d $DATA_DIR ]]; then
|
|
sudo mkdir -p $DATA_DIR
|
|
safe_chown -R $STACK_USER $DATA_DIR
|
|
safe_chmod 0755 $DATA_DIR
|
|
fi
|
|
|
|
# Create and/or clean the async state directory
|
|
async_init
|
|
|
|
# Configure proper hostname
|
|
# Certain services such as rabbitmq require that the local hostname resolves
|
|
# correctly. Make sure it exists in /etc/hosts so that is always true.
|
|
LOCAL_HOSTNAME=`hostname -s`
|
|
if ! fgrep -qwe "$LOCAL_HOSTNAME" /etc/hosts; then
|
|
sudo sed -i "s/\(^127.0.0.1.*\)/\1 $LOCAL_HOSTNAME/" /etc/hosts
|
|
fi
|
|
|
|
# If you have all the repos installed above already setup (e.g. a CI
|
|
# situation where they are on your image) you may choose to skip this
|
|
# to speed things up
|
|
SKIP_EPEL_INSTALL=$(trueorfalse False SKIP_EPEL_INSTALL)
|
|
|
|
if [[ $DISTRO == "rhel8" ]]; then
|
|
# If we have /etc/ci/mirror_info.sh assume we're on a OpenStack CI
|
|
# node, where EPEL is installed (but disabled) and already
|
|
# pointing at our internal mirror
|
|
if [[ -f /etc/ci/mirror_info.sh ]]; then
|
|
SKIP_EPEL_INSTALL=True
|
|
sudo dnf config-manager --set-enabled epel
|
|
fi
|
|
|
|
# PowerTools repo provides libyaml-devel required by devstack itself and
|
|
# EPEL packages assume that the PowerTools repository is enable.
|
|
sudo dnf config-manager --set-enabled PowerTools
|
|
|
|
# CentOS 8.3 changed the repository name to lower case.
|
|
sudo dnf config-manager --set-enabled powertools
|
|
|
|
if [[ ${SKIP_EPEL_INSTALL} != True ]]; then
|
|
_install_epel
|
|
fi
|
|
# Along with EPEL, CentOS (and a-likes) require some packages only
|
|
# available in RDO repositories (e.g. OVS, or later versions of
|
|
# kvm) to run.
|
|
_install_rdo
|
|
|
|
# NOTE(cgoncalves): workaround RHBZ#1154272
|
|
# dnf fails for non-privileged users when expired_repos.json doesn't exist.
|
|
# RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1154272
|
|
# Patch: https://github.com/rpm-software-management/dnf/pull/1448
|
|
echo "[]" | sudo tee /var/cache/dnf/expired_repos.json
|
|
elif [[ $DISTRO == "rhel9" ]]; then
|
|
# for CentOS Stream 9 repository
|
|
sudo dnf config-manager --set-enabled crb
|
|
# for RHEL 9 repository
|
|
sudo dnf config-manager --set-enabled codeready-builder-for-rhel-9-x86_64-rpms
|
|
# rabbitmq and other packages are provided by RDO repositories.
|
|
_install_rdo
|
|
|
|
# Some distributions (Rocky Linux 9) provide curl-minimal instead of curl,
|
|
# it triggers a conflict when devstack wants to install "curl".
|
|
# Swap curl-minimal with curl.
|
|
if is_package_installed curl-minimal; then
|
|
sudo dnf swap -y curl-minimal curl
|
|
fi
|
|
elif [[ $DISTRO == "openEuler-22.03" ]]; then
|
|
# There are some problem in openEuler. We should fix it first. Some required
|
|
# package/action runs before fixup script. So we can't fix there.
|
|
#
|
|
# 1. the hostname package is not installed by default
|
|
# 2. Some necessary packages are in openstack repo, for example liberasurecode-devel
|
|
# 3. python3-pip can be uninstalled by `get_pip.py` automaticly.
|
|
install_package hostname openstack-release-wallaby
|
|
uninstall_package python3-pip
|
|
fi
|
|
|
|
# Ensure python is installed
|
|
# --------------------------
|
|
install_python
|
|
|
|
|
|
# Configure Logging
|
|
# -----------------
|
|
|
|
# Set up logging level
|
|
VERBOSE=$(trueorfalse True VERBOSE)
|
|
VERBOSE_NO_TIMESTAMP=$(trueorfalse False VERBOSE)
|
|
|
|
# Draw a spinner so the user knows something is happening
|
|
function spinner {
|
|
local delay=0.75
|
|
local spinstr='/-\|'
|
|
printf "..." >&3
|
|
while [ true ]; do
|
|
local temp=${spinstr#?}
|
|
printf "[%c]" "$spinstr" >&3
|
|
local spinstr=$temp${spinstr%"$temp"}
|
|
sleep $delay
|
|
printf "\b\b\b" >&3
|
|
done
|
|
}
|
|
|
|
function kill_spinner {
|
|
if [ ! -z "$LAST_SPINNER_PID" ]; then
|
|
kill >/dev/null 2>&1 $LAST_SPINNER_PID
|
|
printf "\b\b\bdone\n" >&3
|
|
fi
|
|
}
|
|
|
|
# Echo text to the log file, summary log file and stdout
|
|
# echo_summary "something to say"
|
|
function echo_summary {
|
|
if [[ -t 3 && "$VERBOSE" != "True" ]]; then
|
|
kill_spinner
|
|
echo -n -e $@ >&6
|
|
spinner &
|
|
LAST_SPINNER_PID=$!
|
|
else
|
|
echo -e $@ >&6
|
|
fi
|
|
}
|
|
|
|
# Echo text only to stdout, no log files
|
|
# echo_nolog "something not for the logs"
|
|
function echo_nolog {
|
|
echo $@ >&3
|
|
}
|
|
|
|
# Set up logging for ``stack.sh``
|
|
# Set ``LOGFILE`` to turn on logging
|
|
# Append '.xxxxxxxx' to the given name to maintain history
|
|
# where 'xxxxxxxx' is a representation of the date the file was created
|
|
TIMESTAMP_FORMAT=${TIMESTAMP_FORMAT:-"%F-%H%M%S"}
|
|
LOGDAYS=${LOGDAYS:-7}
|
|
CURRENT_LOG_TIME=$(date "+$TIMESTAMP_FORMAT")
|
|
|
|
if [[ -n "$LOGFILE" ]]; then
|
|
# Clean up old log files. Append '.*' to the user-specified
|
|
# ``LOGFILE`` to match the date in the search template.
|
|
LOGFILE_DIR="${LOGFILE%/*}" # dirname
|
|
LOGFILE_NAME="${LOGFILE##*/}" # basename
|
|
mkdir -p $LOGFILE_DIR
|
|
find $LOGFILE_DIR -maxdepth 1 -name $LOGFILE_NAME.\* -mtime +$LOGDAYS -exec rm {} \;
|
|
LOGFILE=$LOGFILE.${CURRENT_LOG_TIME}
|
|
SUMFILE=$LOGFILE.summary.${CURRENT_LOG_TIME}
|
|
|
|
# Redirect output according to config
|
|
|
|
# Set fd 3 to a copy of stdout. So we can set fd 1 without losing
|
|
# stdout later.
|
|
exec 3>&1
|
|
if [[ "$VERBOSE" == "True" ]]; then
|
|
_of_args="-v"
|
|
if [[ "$VERBOSE_NO_TIMESTAMP" == "True" ]]; then
|
|
_of_args="$_of_args --no-timestamp"
|
|
fi
|
|
# Set fd 1 and 2 to write the log file
|
|
exec 1> >( $PYTHON $TOP_DIR/tools/outfilter.py $_of_args -o "${LOGFILE}" ) 2>&1
|
|
# Set fd 6 to summary log file
|
|
exec 6> >( $PYTHON $TOP_DIR/tools/outfilter.py -o "${SUMFILE}" )
|
|
else
|
|
# Set fd 1 and 2 to primary logfile
|
|
exec 1> >( $PYTHON $TOP_DIR/tools/outfilter.py -o "${LOGFILE}" ) 2>&1
|
|
# Set fd 6 to summary logfile and stdout
|
|
exec 6> >( $PYTHON $TOP_DIR/tools/outfilter.py -v -o "${SUMFILE}" >&3 )
|
|
fi
|
|
|
|
echo_summary "stack.sh log $LOGFILE"
|
|
# Specified logfile name always links to the most recent log
|
|
ln -sf $LOGFILE $LOGFILE_DIR/$LOGFILE_NAME
|
|
ln -sf $SUMFILE $LOGFILE_DIR/$LOGFILE_NAME.summary
|
|
else
|
|
# Set up output redirection without log files
|
|
# Set fd 3 to a copy of stdout. So we can set fd 1 without losing
|
|
# stdout later.
|
|
exec 3>&1
|
|
if [[ "$VERBOSE" != "True" ]]; then
|
|
# Throw away stdout and stderr
|
|
exec 1>/dev/null 2>&1
|
|
fi
|
|
# Always send summary fd to original stdout
|
|
exec 6> >( $PYTHON $TOP_DIR/tools/outfilter.py -v >&3 )
|
|
fi
|
|
|
|
# Basic test for ``$DEST`` path permissions (fatal on error unless skipped)
|
|
check_path_perm_sanity ${DEST}
|
|
|
|
# Configure Error Traps
|
|
# ---------------------
|
|
|
|
# Kill background processes on exit
|
|
trap exit_trap EXIT
|
|
function exit_trap {
|
|
local r=$?
|
|
jobs=$(jobs -p)
|
|
# Only do the kill when we're logging through a process substitution,
|
|
# which currently is only to verbose logfile
|
|
if [[ -n $jobs && -n "$LOGFILE" && "$VERBOSE" == "True" ]]; then
|
|
echo "exit_trap: cleaning up child processes"
|
|
kill 2>&1 $jobs
|
|
fi
|
|
|
|
#Remove timing data file
|
|
if [ -f "$OSCWRAP_TIMER_FILE" ] ; then
|
|
rm "$OSCWRAP_TIMER_FILE"
|
|
fi
|
|
|
|
# Kill the last spinner process
|
|
kill_spinner
|
|
|
|
if [[ $r -ne 0 ]]; then
|
|
echo "Error on exit"
|
|
# If we error before we've installed os-testr, this will fail.
|
|
if type -p generate-subunit > /dev/null; then
|
|
generate-subunit $DEVSTACK_START_TIME $SECONDS 'fail' >> ${SUBUNIT_OUTPUT}
|
|
fi
|
|
if [[ -z $LOGDIR ]]; then
|
|
${PYTHON} $TOP_DIR/tools/worlddump.py
|
|
else
|
|
${PYTHON} $TOP_DIR/tools/worlddump.py -d $LOGDIR
|
|
fi
|
|
else
|
|
# If we error before we've installed os-testr, this will fail.
|
|
if type -p generate-subunit > /dev/null; then
|
|
generate-subunit $DEVSTACK_START_TIME $SECONDS >> ${SUBUNIT_OUTPUT}
|
|
fi
|
|
fi
|
|
|
|
exit $r
|
|
}
|
|
|
|
# Exit on any errors so that errors don't compound
|
|
trap err_trap ERR
|
|
function err_trap {
|
|
local r=$?
|
|
set +o xtrace
|
|
if [[ -n "$LOGFILE" ]]; then
|
|
echo "${0##*/} failed: full log in $LOGFILE"
|
|
else
|
|
echo "${0##*/} failed"
|
|
fi
|
|
exit $r
|
|
}
|
|
|
|
# Begin trapping error exit codes
|
|
set -o errexit
|
|
|
|
# Print the kernel version
|
|
uname -a
|
|
|
|
# Reset the bundle of CA certificates
|
|
SSL_BUNDLE_FILE="$DATA_DIR/ca-bundle.pem"
|
|
rm -f $SSL_BUNDLE_FILE
|
|
|
|
# Import common services (database, message queue) configuration
|
|
source $TOP_DIR/lib/database
|
|
source $TOP_DIR/lib/rpc_backend
|
|
|
|
# Configure Projects
|
|
# ==================
|
|
|
|
# Clone all external plugins
|
|
fetch_plugins
|
|
|
|
# Plugin Phase 0: override_defaults - allow plugins to override
|
|
# defaults before other services are run
|
|
run_phase override_defaults
|
|
|
|
# Import Apache functions
|
|
source $TOP_DIR/lib/apache
|
|
|
|
# Import TLS functions
|
|
source $TOP_DIR/lib/tls
|
|
|
|
# Source project function libraries
|
|
source $TOP_DIR/lib/infra
|
|
source $TOP_DIR/lib/libraries
|
|
source $TOP_DIR/lib/lvm
|
|
source $TOP_DIR/lib/horizon
|
|
source $TOP_DIR/lib/keystone
|
|
source $TOP_DIR/lib/glance
|
|
source $TOP_DIR/lib/nova
|
|
source $TOP_DIR/lib/placement
|
|
source $TOP_DIR/lib/cinder
|
|
source $TOP_DIR/lib/swift
|
|
source $TOP_DIR/lib/neutron
|
|
source $TOP_DIR/lib/ldap
|
|
source $TOP_DIR/lib/dstat
|
|
source $TOP_DIR/lib/tcpdump
|
|
source $TOP_DIR/lib/etcd3
|
|
source $TOP_DIR/lib/os-vif
|
|
|
|
# Extras Source
|
|
# --------------
|
|
|
|
# Phase: source
|
|
run_phase source
|
|
|
|
|
|
# Interactive Configuration
|
|
# -------------------------
|
|
|
|
# Do all interactive config up front before the logging spew begins
|
|
|
|
# Generic helper to configure passwords
|
|
function read_password {
|
|
local xtrace
|
|
xtrace=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
var=$1; msg=$2
|
|
pw=${!var}
|
|
|
|
if [[ -f $RC_DIR/localrc ]]; then
|
|
localrc=$TOP_DIR/localrc
|
|
else
|
|
localrc=$TOP_DIR/.localrc.password
|
|
fi
|
|
|
|
# If the password is not defined yet, proceed to prompt user for a password.
|
|
if [ ! $pw ]; then
|
|
# If there is no localrc file, create one
|
|
if [ ! -e $localrc ]; then
|
|
touch $localrc
|
|
fi
|
|
|
|
# Presumably if we got this far it can only be that our
|
|
# localrc is missing the required password. Prompt user for a
|
|
# password and write to localrc.
|
|
|
|
echo ''
|
|
echo '################################################################################'
|
|
echo $msg
|
|
echo '################################################################################'
|
|
echo "This value will be written to ${localrc} file so you don't have to enter it "
|
|
echo "again. Use only alphanumeric characters."
|
|
echo "If you leave this blank, a random default value will be used."
|
|
pw=" "
|
|
while true; do
|
|
echo "Enter a password now:"
|
|
read -e $var
|
|
pw=${!var}
|
|
[[ "$pw" = "`echo $pw | tr -cd [:alnum:]`" ]] && break
|
|
echo "Invalid chars in password. Try again:"
|
|
done
|
|
if [ ! $pw ]; then
|
|
pw=$(generate_hex_string 10)
|
|
fi
|
|
eval "$var=$pw"
|
|
echo "$var=$pw" >> $localrc
|
|
fi
|
|
|
|
# restore previous xtrace value
|
|
$xtrace
|
|
}
|
|
|
|
|
|
# Database Configuration
|
|
# ----------------------
|
|
|
|
# To select between database backends, add the following to ``local.conf``:
|
|
#
|
|
# disable_service mysql
|
|
# enable_service postgresql
|
|
#
|
|
# The available database backends are listed in ``DATABASE_BACKENDS`` after
|
|
# ``lib/database`` is sourced. ``mysql`` is the default.
|
|
|
|
if initialize_database_backends; then
|
|
echo "Using $DATABASE_TYPE database backend"
|
|
# Last chance for the database password. This must be handled here
|
|
# because read_password is not a library function.
|
|
read_password DATABASE_PASSWORD "ENTER A PASSWORD TO USE FOR THE DATABASE."
|
|
|
|
define_database_baseurl
|
|
else
|
|
echo "No database enabled"
|
|
fi
|
|
|
|
|
|
# Queue Configuration
|
|
# -------------------
|
|
|
|
# Rabbit connection info
|
|
# In multi node DevStack, second node needs ``RABBIT_USERID``, but rabbit
|
|
# isn't enabled.
|
|
if is_service_enabled rabbit; then
|
|
read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."
|
|
fi
|
|
|
|
|
|
# Keystone
|
|
# --------
|
|
|
|
if is_service_enabled keystone; then
|
|
# Services authenticate to Identity with servicename/``SERVICE_PASSWORD``
|
|
read_password SERVICE_PASSWORD "ENTER A SERVICE_PASSWORD TO USE FOR THE SERVICE AUTHENTICATION."
|
|
# Horizon currently truncates usernames and passwords at 20 characters
|
|
read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR HORIZON AND KEYSTONE (20 CHARS OR LESS)."
|
|
|
|
# Keystone can now optionally install OpenLDAP by enabling the ``ldap``
|
|
# service in ``local.conf`` (e.g. ``enable_service ldap``).
|
|
# To clean out the Keystone contents in OpenLDAP set ``KEYSTONE_CLEAR_LDAP``
|
|
# to ``yes`` (e.g. ``KEYSTONE_CLEAR_LDAP=yes``) in ``local.conf``. To enable the
|
|
# Keystone Identity Driver (``keystone.identity.backends.ldap.Identity``)
|
|
# set ``KEYSTONE_IDENTITY_BACKEND`` to ``ldap`` (e.g.
|
|
# ``KEYSTONE_IDENTITY_BACKEND=ldap``) in ``local.conf``.
|
|
|
|
# Only request LDAP password if the service is enabled
|
|
if is_service_enabled ldap; then
|
|
read_password LDAP_PASSWORD "ENTER A PASSWORD TO USE FOR LDAP"
|
|
fi
|
|
fi
|
|
|
|
|
|
# Swift
|
|
# -----
|
|
|
|
if is_service_enabled s-proxy; then
|
|
# We only ask for Swift Hash if we have enabled swift service.
|
|
# ``SWIFT_HASH`` is a random unique string for a swift cluster that
|
|
# can never change.
|
|
read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH."
|
|
|
|
if [[ -z "$SWIFT_TEMPURL_KEY" ]] && [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]]; then
|
|
read_password SWIFT_TEMPURL_KEY "ENTER A KEY FOR SWIFT TEMPURLS."
|
|
fi
|
|
fi
|
|
|
|
# Save configuration values
|
|
save_stackenv $LINENO
|
|
|
|
|
|
# Install Packages
|
|
# ================
|
|
|
|
# OpenStack uses a fair number of other projects.
|
|
|
|
# Bring down global requirements before any use of pip_install. This is
|
|
# necessary to ensure that the constraints file is in place before we
|
|
# attempt to apply any constraints to pip installs.
|
|
# We always need the master branch in addition to any stable branch, so
|
|
# override GIT_DEPTH here.
|
|
GIT_DEPTH=0 git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH
|
|
|
|
# Install package requirements
|
|
# Source it so the entire environment is available
|
|
echo_summary "Installing package prerequisites"
|
|
source $TOP_DIR/tools/install_prereqs.sh
|
|
|
|
# Configure an appropriate Python environment.
|
|
#
|
|
# NOTE(ianw) 2021-08-11 : We install the latest pip here because pip
|
|
# is very active and changes are not generally reflected in the LTS
|
|
# distros. This often involves important things like dependency or
|
|
# conflict resolution, and has often been required because the
|
|
# complicated constraints etc. used by openstack have tickled bugs in
|
|
# distro versions of pip. We want to find these problems as they
|
|
# happen, rather than years later when we try to update our LTS
|
|
# distro. Whilst it is clear that global installations of upstream
|
|
# pip are less and less common, with virtualenv's being the general
|
|
# approach now; there are a lot of devstack plugins that assume a
|
|
# global install environment.
|
|
if [[ "$OFFLINE" != "True" ]]; then
|
|
PYPI_ALTERNATIVE_URL=${PYPI_ALTERNATIVE_URL:-""} $TOP_DIR/tools/install_pip.sh
|
|
fi
|
|
|
|
# Do the ugly hacks for broken packages and distros
|
|
source $TOP_DIR/tools/fixup_stuff.sh
|
|
fixup_all
|
|
|
|
if [[ "$GLOBAL_VENV" == "True" ]] ; then
|
|
# TODO(frickler): find a better solution for this
|
|
sudo ln -sf /opt/stack/data/venv/bin/privsep-helper /usr/local/bin
|
|
sudo ln -sf /opt/stack/data/venv/bin/cinder-rtstool /usr/local/bin
|
|
sudo ln -sf /opt/stack/data/venv/bin/openstack /usr/local/bin
|
|
sudo ln -sf /opt/stack/data/venv/bin/tox /usr/local/bin
|
|
sudo ln -sf /opt/stack/data/venv/bin/nova-manage /usr/local/bin
|
|
|
|
setup_devstack_virtualenv
|
|
fi
|
|
|
|
# Install subunit for the subunit output stream
|
|
pip_install -U os-testr
|
|
|
|
# the default rate limit of 1000 messages / 30 seconds is not
|
|
# sufficient given how verbose our logging is.
|
|
iniset -sudo /etc/systemd/journald.conf "Journal" "RateLimitBurst" "0"
|
|
sudo systemctl restart systemd-journald
|
|
|
|
# Virtual Environment
|
|
# -------------------
|
|
|
|
# Install required infra support libraries
|
|
install_infra
|
|
|
|
# Install bindep
|
|
$VIRTUALENV_CMD $DEST/bindep-venv
|
|
# TODO(ianw) : optionally install from zuul checkout?
|
|
$DEST/bindep-venv/bin/pip install bindep
|
|
export BINDEP_CMD=${DEST}/bindep-venv/bin/bindep
|
|
|
|
# Install packages as defined in plugin bindep.txt files
|
|
pkgs="$( _get_plugin_bindep_packages )"
|
|
if [[ -n "${pkgs}" ]]; then
|
|
install_package ${pkgs}
|
|
fi
|
|
|
|
# Extras Pre-install
|
|
# ------------------
|
|
# Phase: pre-install
|
|
run_phase stack pre-install
|
|
|
|
# NOTE(danms): Set global limits before installing anything
|
|
set_systemd_override DefaultLimitNOFILE ${ULIMIT_NOFILE}
|
|
|
|
install_rpc_backend
|
|
restart_rpc_backend
|
|
|
|
if is_service_enabled $DATABASE_BACKENDS; then
|
|
install_database
|
|
fi
|
|
if [ -n "$DATABASE_TYPE" ]; then
|
|
install_database_python
|
|
fi
|
|
|
|
if is_service_enabled neutron; then
|
|
install_neutron_agent_packages
|
|
fi
|
|
|
|
if is_service_enabled etcd3; then
|
|
install_etcd3
|
|
fi
|
|
|
|
# Setup TLS certs
|
|
# ---------------
|
|
|
|
# Do this early, before any webservers are set up to ensure
|
|
# we don't run into problems with missing certs when apache
|
|
# is restarted.
|
|
if is_service_enabled tls-proxy; then
|
|
configure_CA
|
|
init_CA
|
|
init_cert
|
|
fi
|
|
|
|
# Dstat
|
|
# -----
|
|
|
|
# Install dstat services prerequisites
|
|
install_dstat
|
|
|
|
|
|
# Check Out and Install Source
|
|
# ----------------------------
|
|
|
|
echo_summary "Installing OpenStack project source"
|
|
|
|
# Install additional libraries
|
|
install_libs
|
|
|
|
# Install uwsgi
|
|
install_apache_uwsgi
|
|
|
|
# Install client libraries
|
|
install_keystoneauth
|
|
install_keystoneclient
|
|
install_glanceclient
|
|
install_cinderclient
|
|
install_novaclient
|
|
if is_service_enabled swift glance horizon; then
|
|
install_swiftclient
|
|
fi
|
|
if is_service_enabled neutron nova horizon; then
|
|
install_neutronclient
|
|
fi
|
|
|
|
# Install middleware
|
|
install_keystonemiddleware
|
|
|
|
if is_service_enabled keystone; then
|
|
if [ "$KEYSTONE_SERVICE_HOST" == "$SERVICE_HOST" ]; then
|
|
stack_install_service keystone
|
|
configure_keystone
|
|
fi
|
|
fi
|
|
|
|
if is_service_enabled swift; then
|
|
if is_service_enabled ceilometer; then
|
|
install_ceilometermiddleware
|
|
fi
|
|
stack_install_service swift
|
|
configure_swift
|
|
|
|
# s3api middleware to provide S3 emulation to Swift
|
|
if is_service_enabled s3api; then
|
|
# Replace the nova-objectstore port by the swift port
|
|
S3_SERVICE_PORT=8080
|
|
fi
|
|
fi
|
|
|
|
if is_service_enabled g-api n-api; then
|
|
# Image catalog service
|
|
stack_install_service glance
|
|
configure_glance
|
|
fi
|
|
|
|
if is_service_enabled cinder; then
|
|
# Block volume service
|
|
stack_install_service cinder
|
|
configure_cinder
|
|
fi
|
|
|
|
if is_service_enabled neutron; then
|
|
# Network service
|
|
stack_install_service neutron
|
|
fi
|
|
|
|
if is_service_enabled nova; then
|
|
# Compute service
|
|
stack_install_service nova
|
|
configure_nova
|
|
fi
|
|
|
|
if is_service_enabled placement; then
|
|
# placement api
|
|
stack_install_service placement
|
|
configure_placement
|
|
fi
|
|
|
|
# create a placement-client fake service to know we need to configure
|
|
# placement connectivity. We configure the placement service for nova
|
|
# if placement-api or placement-client is active, and n-cpu on the
|
|
# same box.
|
|
if is_service_enabled placement placement-client; then
|
|
if is_service_enabled n-cpu || is_service_enabled n-sch; then
|
|
configure_placement_nova_compute
|
|
fi
|
|
fi
|
|
|
|
if is_service_enabled horizon; then
|
|
# dashboard
|
|
stack_install_service horizon
|
|
fi
|
|
|
|
if is_service_enabled tls-proxy; then
|
|
fix_system_ca_bundle_path
|
|
fi
|
|
|
|
# Extras Install
|
|
# --------------
|
|
|
|
# Phase: install
|
|
run_phase stack install
|
|
|
|
# Install the OpenStack client, needed for most setup commands
|
|
if use_library_from_git "python-openstackclient"; then
|
|
git_clone_by_name "python-openstackclient"
|
|
setup_dev_lib "python-openstackclient"
|
|
else
|
|
pip_install_gr python-openstackclient
|
|
fi
|
|
|
|
# Installs alias for osc so that we can collect timing for all
|
|
# osc commands. Alias dies with stack.sh.
|
|
install_oscwrap
|
|
|
|
# Syslog
|
|
# ------
|
|
|
|
if [[ $SYSLOG != "False" ]]; then
|
|
if [[ "$SYSLOG_HOST" = "$HOST_IP" ]]; then
|
|
# Configure the master host to receive
|
|
cat <<EOF | sudo tee /etc/rsyslog.d/90-stack-m.conf >/dev/null
|
|
\$ModLoad imrelp
|
|
\$InputRELPServerRun $SYSLOG_PORT
|
|
EOF
|
|
else
|
|
# Set rsyslog to send to remote host
|
|
cat <<EOF | sudo tee /etc/rsyslog.d/90-stack-s.conf >/dev/null
|
|
*.* :omrelp:$SYSLOG_HOST:$SYSLOG_PORT
|
|
EOF
|
|
fi
|
|
|
|
RSYSLOGCONF="/etc/rsyslog.conf"
|
|
if [ -f $RSYSLOGCONF ]; then
|
|
sudo cp -b $RSYSLOGCONF $RSYSLOGCONF.bak
|
|
if [[ $(grep '$SystemLogRateLimitBurst' $RSYSLOGCONF) ]]; then
|
|
sudo sed -i 's/$SystemLogRateLimitBurst\ .*/$SystemLogRateLimitBurst\ 0/' $RSYSLOGCONF
|
|
else
|
|
sudo sed -i '$ i $SystemLogRateLimitBurst\ 0' $RSYSLOGCONF
|
|
fi
|
|
if [[ $(grep '$SystemLogRateLimitInterval' $RSYSLOGCONF) ]]; then
|
|
sudo sed -i 's/$SystemLogRateLimitInterval\ .*/$SystemLogRateLimitInterval\ 0/' $RSYSLOGCONF
|
|
else
|
|
sudo sed -i '$ i $SystemLogRateLimitInterval\ 0' $RSYSLOGCONF
|
|
fi
|
|
fi
|
|
|
|
echo_summary "Starting rsyslog"
|
|
restart_service rsyslog
|
|
fi
|
|
|
|
|
|
# Export Certificate Authority Bundle
|
|
# -----------------------------------
|
|
|
|
# If certificates were used and written to the SSL bundle file then these
|
|
# should be exported so clients can validate their connections.
|
|
|
|
if [ -f $SSL_BUNDLE_FILE ]; then
|
|
export OS_CACERT=$SSL_BUNDLE_FILE
|
|
fi
|
|
|
|
|
|
# Configure database
|
|
# ------------------
|
|
|
|
if is_service_enabled $DATABASE_BACKENDS; then
|
|
configure_database
|
|
fi
|
|
|
|
# Save configuration values
|
|
save_stackenv $LINENO
|
|
|
|
# Kernel Samepage Merging (KSM)
|
|
# -----------------------------
|
|
|
|
# Processes that mark their memory as mergeable can share identical memory
|
|
# pages if KSM is enabled. This is particularly useful for nova + libvirt
|
|
# backends but any other setup that marks its memory as mergeable can take
|
|
# advantage. The drawback is there is higher cpu load; however, we tend to
|
|
# be memory bound not cpu bound so enable KSM by default but allow people
|
|
# to opt out if the CPU time is more important to them.
|
|
|
|
if [[ $ENABLE_KSM == "True" ]] ; then
|
|
if [[ -f /sys/kernel/mm/ksm/run ]] ; then
|
|
sudo sh -c "echo 1 > /sys/kernel/mm/ksm/run"
|
|
fi
|
|
fi
|
|
|
|
|
|
# Start Services
|
|
# ==============
|
|
|
|
# Dstat
|
|
# -----
|
|
|
|
# A better kind of sysstat, with the top process per time slice
|
|
start_dstat
|
|
|
|
# Run a background tcpdump for debugging
|
|
# Note: must set TCPDUMP_ARGS with the enabled service
|
|
if is_service_enabled tcpdump; then
|
|
start_tcpdump
|
|
fi
|
|
|
|
# Etcd
|
|
# -----
|
|
|
|
# etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines
|
|
if is_service_enabled etcd3; then
|
|
start_etcd3
|
|
fi
|
|
|
|
# Keystone
|
|
# --------
|
|
|
|
if is_service_enabled tls-proxy; then
|
|
start_tls_proxy http-services '*' 443 $SERVICE_HOST 80
|
|
fi
|
|
|
|
# Write a clouds.yaml file and use the devstack-admin cloud
|
|
write_clouds_yaml
|
|
export OS_CLOUD=${OS_CLOUD:-devstack-admin}
|
|
|
|
if is_service_enabled keystone; then
|
|
echo_summary "Starting Keystone"
|
|
|
|
if [ "$KEYSTONE_SERVICE_HOST" == "$SERVICE_HOST" ]; then
|
|
init_keystone
|
|
start_keystone
|
|
bootstrap_keystone
|
|
fi
|
|
|
|
create_keystone_accounts
|
|
if is_service_enabled nova; then
|
|
async_runfunc create_nova_accounts
|
|
fi
|
|
if is_service_enabled glance; then
|
|
async_runfunc create_glance_accounts
|
|
fi
|
|
if is_service_enabled cinder; then
|
|
async_runfunc create_cinder_accounts
|
|
fi
|
|
if is_service_enabled neutron; then
|
|
async_runfunc create_neutron_accounts
|
|
fi
|
|
if is_service_enabled swift; then
|
|
async_runfunc create_swift_accounts
|
|
fi
|
|
|
|
fi
|
|
|
|
# Horizon
|
|
# -------
|
|
|
|
if is_service_enabled horizon; then
|
|
echo_summary "Configuring Horizon"
|
|
async_runfunc configure_horizon
|
|
fi
|
|
|
|
async_wait create_nova_accounts create_glance_accounts create_cinder_accounts
|
|
async_wait create_neutron_accounts create_swift_accounts configure_horizon
|
|
|
|
# Glance
|
|
# ------
|
|
|
|
# NOTE(yoctozepto): limited to node hosting the database which is the controller
|
|
if is_service_enabled $DATABASE_BACKENDS && is_service_enabled glance; then
|
|
echo_summary "Configuring Glance"
|
|
async_runfunc init_glance
|
|
fi
|
|
|
|
|
|
# Neutron
|
|
# -------
|
|
|
|
if is_service_enabled neutron; then
|
|
echo_summary "Configuring Neutron"
|
|
|
|
configure_neutron
|
|
|
|
# Run init_neutron only on the node hosting the Neutron API server
|
|
if is_service_enabled $DATABASE_BACKENDS && is_service_enabled neutron; then
|
|
async_runfunc init_neutron
|
|
fi
|
|
fi
|
|
|
|
|
|
# Nova
|
|
# ----
|
|
|
|
if is_service_enabled q-dhcp; then
|
|
# TODO(frickler): These are remnants from n-net, check which parts are really
|
|
# still needed for Neutron.
|
|
# Do not kill any dnsmasq instance spawned by NetworkManager
|
|
netman_pid=$(pidof NetworkManager || true)
|
|
if [ -z "$netman_pid" ]; then
|
|
sudo killall dnsmasq || true
|
|
else
|
|
sudo ps h -o pid,ppid -C dnsmasq | grep -v $netman_pid | awk '{print $1}' | sudo xargs kill || true
|
|
fi
|
|
|
|
clean_iptables
|
|
|
|
# Force IP forwarding on, just in case
|
|
sudo sysctl -w net.ipv4.ip_forward=1
|
|
fi
|
|
|
|
# os-vif
|
|
# ------
|
|
if is_service_enabled nova neutron; then
|
|
configure_os_vif
|
|
fi
|
|
|
|
# Storage Service
|
|
# ---------------
|
|
|
|
if is_service_enabled swift; then
|
|
echo_summary "Configuring Swift"
|
|
async_runfunc init_swift
|
|
fi
|
|
|
|
|
|
# Volume Service
|
|
# --------------
|
|
|
|
if is_service_enabled cinder; then
|
|
echo_summary "Configuring Cinder"
|
|
async_runfunc init_cinder
|
|
fi
|
|
|
|
# Placement Service
|
|
# ---------------
|
|
|
|
if is_service_enabled placement; then
|
|
echo_summary "Configuring placement"
|
|
async_runfunc init_placement
|
|
fi
|
|
|
|
# Wait for neutron and placement before starting nova
|
|
async_wait init_neutron
|
|
async_wait init_placement
|
|
async_wait init_glance
|
|
async_wait init_swift
|
|
async_wait init_cinder
|
|
|
|
# Compute Service
|
|
# ---------------
|
|
|
|
if is_service_enabled nova; then
|
|
echo_summary "Configuring Nova"
|
|
init_nova
|
|
|
|
async_runfunc configure_neutron_nova
|
|
fi
|
|
|
|
|
|
# Extras Configuration
|
|
# ====================
|
|
|
|
# Phase: post-config
|
|
run_phase stack post-config
|
|
|
|
|
|
# Local Configuration
|
|
# ===================
|
|
|
|
# Apply configuration from ``local.conf`` if it exists for layer 2 services
|
|
# Phase: post-config
|
|
merge_config_group $TOP_DIR/local.conf post-config
|
|
|
|
|
|
# Launch Services
|
|
# ===============
|
|
|
|
# Only run the services specified in ``ENABLED_SERVICES``
|
|
|
|
# Launch Swift Services
|
|
if is_service_enabled swift; then
|
|
echo_summary "Starting Swift"
|
|
start_swift
|
|
fi
|
|
|
|
# NOTE(lyarwood): By default use a single hardcoded fixed_key across devstack
|
|
# deployments. This ensures the keys match across nova and cinder across all
|
|
# hosts.
|
|
FIXED_KEY=${FIXED_KEY:-bae3516cc1c0eb18b05440eba8012a4a880a2ee04d584a9c1579445e675b12defdc716ec}
|
|
if is_service_enabled cinder; then
|
|
iniset $CINDER_CONF key_manager fixed_key "$FIXED_KEY"
|
|
fi
|
|
|
|
async_wait configure_neutron_nova
|
|
|
|
# NOTE(clarkb): This must come after async_wait configure_neutron_nova because
|
|
# configure_neutron_nova modifies $NOVA_CONF and $NOVA_CPU_CONF as well. If
|
|
# we don't wait then these two ini updates race either other and can result
|
|
# in unexpected configs.
|
|
if is_service_enabled nova; then
|
|
iniset $NOVA_CONF key_manager fixed_key "$FIXED_KEY"
|
|
iniset $NOVA_CPU_CONF key_manager fixed_key "$FIXED_KEY"
|
|
fi
|
|
|
|
# Launch the nova-api and wait for it to answer before continuing
|
|
if is_service_enabled n-api; then
|
|
echo_summary "Starting Nova API"
|
|
start_nova_api
|
|
fi
|
|
|
|
if is_service_enabled ovn-controller ovn-controller-vtep; then
|
|
echo_summary "Starting OVN services"
|
|
start_ovn_services
|
|
fi
|
|
|
|
if is_service_enabled neutron-api; then
|
|
echo_summary "Starting Neutron"
|
|
start_neutron_api
|
|
elif is_service_enabled q-svc; then
|
|
echo_summary "Starting Neutron"
|
|
configure_neutron_after_post_config
|
|
start_neutron_service_and_check
|
|
fi
|
|
|
|
# Start placement before any of the service that are likely to want
|
|
# to use it to manage resource providers.
|
|
if is_service_enabled placement; then
|
|
echo_summary "Starting Placement"
|
|
start_placement
|
|
fi
|
|
|
|
if is_service_enabled neutron; then
|
|
start_neutron
|
|
fi
|
|
# Once neutron agents are started setup initial network elements
|
|
if is_service_enabled q-svc && [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]]; then
|
|
echo_summary "Creating initial neutron network elements"
|
|
# Here's where plugins can wire up their own networks instead
|
|
# of the code in lib/neutron_plugins/services/l3
|
|
if type -p neutron_plugin_create_initial_networks > /dev/null; then
|
|
neutron_plugin_create_initial_networks
|
|
else
|
|
create_neutron_initial_network
|
|
fi
|
|
|
|
fi
|
|
|
|
if is_service_enabled nova; then
|
|
echo_summary "Starting Nova"
|
|
start_nova
|
|
async_runfunc create_flavors
|
|
fi
|
|
if is_service_enabled cinder; then
|
|
echo_summary "Starting Cinder"
|
|
start_cinder
|
|
create_volume_types
|
|
fi
|
|
|
|
# This sleep is required for cinder volume service to become active and
|
|
# publish capabilities to cinder scheduler before creating the image-volume
|
|
if [[ "$USE_CINDER_FOR_GLANCE" == "True" ]]; then
|
|
sleep 30
|
|
fi
|
|
|
|
# Launch the Glance services
|
|
# NOTE (abhishekk): We need to start glance api service only after cinder
|
|
# service has started as on glance startup glance-api queries cinder for
|
|
# validating volume_type configured for cinder store of glance.
|
|
if is_service_enabled glance; then
|
|
echo_summary "Starting Glance"
|
|
start_glance
|
|
fi
|
|
|
|
# Install Images
|
|
# ==============
|
|
|
|
# Upload an image to Glance.
|
|
#
|
|
# The default image is CirrOS, a small testing image which lets you login as **root**
|
|
# CirrOS has a ``cloud-init`` analog supporting login via keypair and sending
|
|
# scripts as userdata.
|
|
# See https://help.ubuntu.com/community/CloudInit for more on ``cloud-init``
|
|
|
|
# NOTE(yoctozepto): limited to node hosting the database which is the controller
|
|
if is_service_enabled $DATABASE_BACKENDS && is_service_enabled glance; then
|
|
echo_summary "Uploading images"
|
|
|
|
for image_url in ${IMAGE_URLS//,/ }; do
|
|
upload_image $image_url
|
|
done
|
|
fi
|
|
|
|
async_wait create_flavors
|
|
|
|
if is_service_enabled horizon; then
|
|
echo_summary "Starting Horizon"
|
|
init_horizon
|
|
start_horizon
|
|
fi
|
|
|
|
|
|
# Create account rc files
|
|
# =======================
|
|
|
|
# Creates source able script files for easier user switching.
|
|
# This step also creates certificates for tenants and users,
|
|
# which is helpful in image bundle steps.
|
|
|
|
if is_service_enabled nova && is_service_enabled keystone; then
|
|
USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc --os-password $ADMIN_PASSWORD"
|
|
|
|
if [ -f $SSL_BUNDLE_FILE ]; then
|
|
USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE"
|
|
fi
|
|
|
|
$TOP_DIR/tools/create_userrc.sh $USERRC_PARAMS
|
|
fi
|
|
|
|
|
|
# Save some values we generated for later use
|
|
save_stackenv
|
|
|
|
|
|
# Wrapup configuration
|
|
# ====================
|
|
|
|
# local.conf extra
|
|
# ----------------
|
|
|
|
# Apply configuration from ``local.conf`` if it exists for layer 2 services
|
|
# Phase: extra
|
|
merge_config_group $TOP_DIR/local.conf extra
|
|
|
|
|
|
# Run extras
|
|
# ----------
|
|
|
|
# Phase: extra
|
|
run_phase stack extra
|
|
|
|
|
|
# local.conf post-extra
|
|
# ---------------------
|
|
|
|
# Apply late configuration from ``local.conf`` if it exists for layer 2 services
|
|
# Phase: post-extra
|
|
merge_config_group $TOP_DIR/local.conf post-extra
|
|
|
|
|
|
# Sanity checks
|
|
# =============
|
|
|
|
# Check that computes are all ready
|
|
#
|
|
# TODO(sdague): there should be some generic phase here.
|
|
if is_service_enabled n-cpu; then
|
|
is_nova_ready
|
|
fi
|
|
|
|
# Check the status of running services
|
|
service_check
|
|
|
|
# Configure nova cellsv2
|
|
# ----------------------
|
|
|
|
# Do this late because it requires compute hosts to have started
|
|
if is_service_enabled n-api; then
|
|
if is_service_enabled n-cpu; then
|
|
$TOP_DIR/tools/discover_hosts.sh
|
|
else
|
|
# Some CI systems like Hyper-V build the control plane on
|
|
# Linux, and join in non Linux Computes after setup. This
|
|
# allows them to delay the processing until after their whole
|
|
# environment is up.
|
|
echo_summary "SKIPPING Cell setup because n-cpu is not enabled. You will have to do this manually before you have a working environment."
|
|
fi
|
|
# Run the nova-status upgrade check command which can also be used
|
|
# to verify the base install. Note that this is good enough in a
|
|
# single node deployment, but in a multi-node setup it won't verify
|
|
# any subnodes - that would have to be driven from whatever tooling
|
|
# is deploying the subnodes, e.g. the zuul v3 devstack-multinode job.
|
|
$NOVA_BIN_DIR/nova-status --config-file $NOVA_CONF upgrade check
|
|
fi
|
|
|
|
# Run local script
|
|
# ----------------
|
|
|
|
# Run ``local.sh`` if it exists to perform user-managed tasks
|
|
if [[ -x $TOP_DIR/local.sh ]]; then
|
|
echo "Running user script $TOP_DIR/local.sh"
|
|
$TOP_DIR/local.sh
|
|
fi
|
|
|
|
# Bash completion
|
|
# ===============
|
|
|
|
# Prepare bash completion for OSC
|
|
# Note we use "command" to avoid the timing wrapper
|
|
# which isn't relevant here and floods logs
|
|
command openstack complete \
|
|
| sudo tee /etc/bash_completion.d/osc.bash_completion > /dev/null
|
|
|
|
# If cinder is configured, set global_filter for PV devices
|
|
if is_service_enabled cinder; then
|
|
if is_ubuntu; then
|
|
echo_summary "Configuring lvm.conf global device filter"
|
|
set_lvm_filter
|
|
else
|
|
echo_summary "Skip setting lvm filters for non Ubuntu systems"
|
|
fi
|
|
fi
|
|
|
|
# Run test-config
|
|
# ---------------
|
|
|
|
# Phase: test-config
|
|
run_phase stack test-config
|
|
|
|
# Apply late configuration from ``local.conf`` if it exists for layer 2 services
|
|
# Phase: test-config
|
|
merge_config_group $TOP_DIR/local.conf test-config
|
|
|
|
# Fin
|
|
# ===
|
|
|
|
set +o xtrace
|
|
|
|
if [[ -n "$LOGFILE" ]]; then
|
|
exec 1>&3
|
|
# Force all output to stdout and logs now
|
|
exec 1> >( tee -a "${LOGFILE}" ) 2>&1
|
|
else
|
|
# Force all output to stdout now
|
|
exec 1>&3
|
|
fi
|
|
|
|
# Make sure we didn't leak any background tasks
|
|
async_cleanup
|
|
|
|
# Dump out the time totals
|
|
time_totals
|
|
async_print_timing
|
|
|
|
if is_service_enabled mysql; then
|
|
if [[ "$MYSQL_GATHER_PERFORMANCE" == "True" && "$MYSQL_HOST" ]]; then
|
|
echo ""
|
|
echo ""
|
|
echo "Post-stack database query stats:"
|
|
mysql -u $DATABASE_USER -p$DATABASE_PASSWORD -h $MYSQL_HOST stats -e \
|
|
'SELECT * FROM queries' -t 2>/dev/null
|
|
mysql -u $DATABASE_USER -p$DATABASE_PASSWORD -h $MYSQL_HOST stats -e \
|
|
'DELETE FROM queries' 2>/dev/null
|
|
fi
|
|
fi
|
|
|
|
|
|
# Using the cloud
|
|
# ===============
|
|
|
|
echo ""
|
|
echo ""
|
|
echo ""
|
|
echo "This is your host IP address: $HOST_IP"
|
|
if [ "$HOST_IPV6" != "" ]; then
|
|
echo "This is your host IPv6 address: $HOST_IPV6"
|
|
fi
|
|
|
|
# If you installed Horizon on this server you should be able
|
|
# to access the site using your browser.
|
|
if is_service_enabled horizon; then
|
|
echo "Horizon is now available at http://$SERVICE_HOST$HORIZON_APACHE_ROOT"
|
|
fi
|
|
|
|
# If Keystone is present you can point ``nova`` cli to this server
|
|
if is_service_enabled keystone; then
|
|
echo "Keystone is serving at $KEYSTONE_SERVICE_URI/"
|
|
echo "The default users are: admin and demo"
|
|
echo "The password: $ADMIN_PASSWORD"
|
|
fi
|
|
|
|
# Warn that a deprecated feature was used
|
|
if [[ -n "$DEPRECATED_TEXT" ]]; then
|
|
echo
|
|
echo -e "WARNING: $DEPRECATED_TEXT"
|
|
echo
|
|
fi
|
|
|
|
echo
|
|
echo "Services are running under systemd unit files."
|
|
echo "For more information see: "
|
|
echo "https://docs.openstack.org/devstack/latest/systemd.html"
|
|
echo
|
|
|
|
# Useful info on current state
|
|
cat /etc/devstack-version
|
|
echo
|
|
|
|
# Indicate how long this took to run (bash maintained variable ``SECONDS``)
|
|
echo_summary "stack.sh completed in $SECONDS seconds."
|
|
|
|
|
|
# Restore/close logging file descriptors
|
|
exec 1>&3
|
|
exec 2>&3
|
|
exec 3>&-
|
|
exec 6>&-
|