diff --git a/bin/cinder-keystone-setup b/bin/cinder-keystone-setup new file mode 100755 index 0000000000..19165fd2c4 --- /dev/null +++ b/bin/cinder-keystone-setup @@ -0,0 +1,17 @@ +#!/bin/bash + +set +e + +SERVICE_PASSWORD='servicepass' +CINDER_USERNAME='cinder' + +source `dirname $0`/heat-keystone-setup + +ADMIN_ROLE=$(get_data 2 admin 1 keystone role-list) +SERVICE_TENANT=$(get_data 2 service 1 keystone tenant-list) + +CINDER_USERID=$(get_user $CINDER_USERNAME) +add_role $CINDER_USERID $SERVICE_TENANT $ADMIN_ROLE $CINDER_USERNAME + +CINDER_SERVICE=$(get_service cinder volume "Cinder Volume Service") +add_endpoint $CINDER_SERVICE 'http://localhost:8776/v1/$(tenant_id)s' diff --git a/bin/heat-keystone-setup b/bin/heat-keystone-setup index 9e6394b976..8d3f9aa3f3 100755 --- a/bin/heat-keystone-setup +++ b/bin/heat-keystone-setup @@ -68,7 +68,7 @@ get_user() { get_id keystone user-create --name=$username \ --pass="$SERVICE_PASSWORD" \ --tenant_id $SERVICE_TENANT \ - --email=heat@example.com + --email=$username@example.com fi } @@ -128,9 +128,16 @@ get_endpoint() { delete_endpoint() { local service_type=$1 + case $service_type in + volume) urlsuffix='\\\\$\\\\(tenant_id)s';; + orchestration) urlsuffix='%[(]tenant_id[)]s';; + # cloudformation has no hash suffix + *) urlsuffix='' + esac + local url=$(get_data 1 "${service_type}[.]publicURL" 2 \ get_endpoint $service_type 2>/dev/null | \ - sed -e "s/${TENANT_ID}/%[(]tenant_id[)]s/") + sed -r "s/[a-f0-9]{32}/$urlsuffix/") if [ -n "$url" ]; then local endpoints=$(get_data 3 $url 1 keystone endpoint-list) @@ -186,38 +193,43 @@ add_endpoint() { --publicurl "$url" --adminurl "$url" --internalurl "$url" >&2 } +keystone_setup() { + TENANT_ID=$(get_data 1 tenant_id 2 keystone token-get) + set_admin_token -TENANT_ID=$(get_data 1 tenant_id 2 keystone token-get) -set_admin_token + ADMIN_ROLE=$(get_data 2 admin 1 keystone role-list) + SERVICE_TENANT=$(get_data 2 service 1 keystone tenant-list) + SERVICE_PASSWORD=${SERVICE_PASSWORD:-$OS_PASSWORD} + if [[ "$SERVICE_PASSWORD" == "$OS_PASSWORD" ]]; then + echo "Using the OS_PASSWORD for the SERVICE_PASSWORD." >&2 + fi -ADMIN_ROLE=$(get_data 2 admin 1 keystone role-list) -SERVICE_TENANT=$(get_data 2 service 1 keystone tenant-list) -SERVICE_PASSWORD=${SERVICE_PASSWORD:-$OS_PASSWORD} -if [[ "$SERVICE_PASSWORD" == "$OS_PASSWORD" ]]; then - echo "Using the OS_PASSWORD for the SERVICE_PASSWORD." >&2 + echo ADMIN_ROLE $ADMIN_ROLE + echo SERVICE_TENANT $SERVICE_TENANT + echo SERVICE_PASSWORD $SERVICE_PASSWORD + echo SERVICE_TOKEN $SERVICE_TOKEN + + HEAT_USERNAME="heat" + HEAT_USERID=$(get_user $HEAT_USERNAME) + echo HEAT_USERID $HEAT_USERID + add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME + + # Create a special role which template-defined "stack users" are + # assigned to in the engine when they are created, this allows them + # to be more easily differentiated from other users (e.g so we can + # lock down these implicitly untrusted users via RBAC policy) + STACK_USER_ROLE="heat_stack_user" + create_role $STACK_USER_ROLE + + HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \ + "Heat CloudFormation API") + add_endpoint $HEAT_CFN_SERVICE 'http://localhost:8000/v1' + + HEAT_OS_SERVICE=$(get_service heat orchestration \ + "Heat API") + add_endpoint $HEAT_OS_SERVICE 'http://localhost:8004/v1/%(tenant_id)s' +} + +if [[ ${BASH_SOURCE[0]} == ${0} ]]; then + keystone_setup fi - -echo ADMIN_ROLE $ADMIN_ROLE -echo SERVICE_TENANT $SERVICE_TENANT -echo SERVICE_PASSWORD $SERVICE_PASSWORD -echo SERVICE_TOKEN $SERVICE_TOKEN - -HEAT_USERNAME="heat" -HEAT_USERID=$(get_user $HEAT_USERNAME) -echo HEAT_USERID $HEAT_USERID -add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME - -# Create a special role which template-defined "stack users" are -# assigned to in the engine when they are created, this allows them -# to be more easily differentiated from other users (e.g so we can -# lock down these implicitly untrusted users via RBAC policy) -STACK_USER_ROLE="heat_stack_user" -create_role $STACK_USER_ROLE - -HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \ - "Heat CloudFormation API") -add_endpoint $HEAT_CFN_SERVICE 'http://localhost:8000/v1' - -HEAT_OS_SERVICE=$(get_service heat orchestration \ - "Heat API") -add_endpoint $HEAT_OS_SERVICE 'http://localhost:8004/v1/%(tenant_id)s' diff --git a/setup.py b/setup.py index 05ccad1edb..33bcb93739 100755 --- a/setup.py +++ b/setup.py @@ -49,5 +49,6 @@ setuptools.setup( 'bin/heat-engine', 'bin/heat-watch', 'bin/heat-db-setup', + 'bin/cinder-keystone-setup', 'bin/heat-keystone-setup'], py_modules=[]) diff --git a/tools/openstack b/tools/openstack index 3e7bbbd605..4098487a15 100755 --- a/tools/openstack +++ b/tools/openstack @@ -21,21 +21,41 @@ BASE_DIR=`dirname $0` +if [[ $1 = '--with-cinder' ]]; then + with_cinder=1 +else + with_cinder=0 +fi + +if [[ `lsb_release -sr` -gt 17 || $with_cinder ]]; then + VOLUME_SERVICE="openstack-cinder" + VOLUME_PATH="/var/lib/cinder/cinder-volumes.img" + VOLUME_NAME="cinder-volumes" +else + VOLUME_SERVICE="openstack-nova" + VOLUME_PATH="/var/lib/nova/nova-volumes.img" + VOLUME_NAME="nova-volumes" +fi + action=$1 if [ -z "$action" ] then echo "openstack [start|stop|install|erase|status]" echo - echo "This tool is designed to control OpenStack on a Fedora 16/17 system" + echo "This tool is designed to control OpenStack on a Fedora 16+ system" echo echo "start - Starts OpenStack" echo "stop - Stops OpenStack" echo "restart - Restart OpenStack" echo "install - Installs a fresh OpenStack system with Keystone from RPM repostories" echo "erase - permanently destroys an existing installation of OpenStack" + echo "status - show service status for all required OpenStack services" fi -OS_SERVICES=(qpidd mysqld openstack-keystone tgtd openstack-glance-api openstack-glance-registry openstack-nova-api openstack-nova-objectstore openstack-nova-compute openstack-nova-network openstack-nova-volume openstack-nova-scheduler openstack-nova-cert) +OS_SERVICES=(qpidd mysqld openstack-keystone tgtd openstack-glance-api openstack-glance-registry openstack-nova-api openstack-nova-objectstore openstack-nova-compute openstack-nova-network openstack-nova-scheduler openstack-nova-cert $VOLUME_SERVICE-volume) +if [[ $VOLUME_SERVICE == "openstack-cinder" ]]; then + OS_SERVICES+=($VOLUME_SERVICE-api $VOLUME_SERVICE-scheduler) +fi function os_status() { for service in ${OS_SERVICES[@]} @@ -79,7 +99,6 @@ function os_check_status() { done } - function os_start() { action=start sudo systemctl $action qpidd.service mysqld.service @@ -90,16 +109,24 @@ function os_start() { do sudo systemctl $action openstack-glance-$svc.service done - if ! sudo vgs | grep -q nova-volumes - then - sudo vgcreate nova-volumes $(sudo losetup --show -f /var/lib/nova/nova-volumes.img) + + if ! sudo vgs | grep -q $VOLUME_NAME; then + sudo vgcreate $VOLUME_NAME $(sudo losetup --show -f $VOLUME_PATH) fi - for svc in api cert objectstore compute volume scheduler + for svc in api cert objectstore compute scheduler do sudo systemctl $action openstack-nova-$svc.service done + sudo systemctl $action $VOLUME_SERVICE-volume.service + if [[ $VOLUME_SERVICE == "openstack-cinder" ]]; then + for svc in api scheduler + do + sudo systemctl $action $VOLUME_SERVICE-$svc.service + done + fi + # This must be started after openstack-nova-cert due to an SELinux # policy problem. See https://bugzilla.redhat.com/show_bug.cgi?id=857747 sleep 2 @@ -109,10 +136,19 @@ function os_start() { function os_stop() { action=stop sudo systemctl $action openstack-keystone.service tgtd.service - for svc in api objectstore compute network volume scheduler cert + for svc in api objectstore compute network scheduler cert do sudo systemctl $action openstack-nova-$svc.service done + + sudo systemctl $action $VOLUME_SERVICE-volume.service + if [[ $VOLUME_SERVICE == "openstack-cinder" ]]; then + for svc in api scheduler + do + sudo systemctl $action $VOLUME_SERVICE-$svc.service + done + fi + for svc in api registry do sudo systemctl $action openstack-glance-$svc.service @@ -151,21 +187,23 @@ function os_erase() { sudo openstack-db --service nova --drop $* sudo openstack-db --service glance --drop $* sudo openstack-db --service keystone --drop $* + if [[ $VOLUME_SERVICE == "openstack-cinder" ]]; then + sudo openstack-db --service cinder --drop $* + fi + sudo yum -q -y erase openstack-utils - sudo vgchange -an nova-volumes + sudo vgchange -an $VOLUME_NAME sudo losetup -d /dev/loop0 - sudo rm -f /var/lib/nova/nova-volumes.img - sudo rm -rf /etc/{glance,nova,swift,keystone,openstack-dashboard} /var/lib/{glance,nova,swift,keystone} /var/log/{glance,nova,swift,keystone} /var/run/{glance,nova,swift,keystone} + sudo rm -f $VOLUME_PATH + sudo rm -rf /etc/{glance,nova,swift,keystone,openstack-dashboard,cinder} /var/lib/{glance,nova,swift,keystone,cinder} /var/log/{glance,nova,swift,keystone,cinder} /var/run/{glance,nova,swift,keystone,cinder} rm -f $HOME/.openstack/.keystonerc } - - function os_install() { sudo yum -q -y groupinstall Virtualization - sudo yum -q -y install openstack-utils openstack-nova openstack-glance openstack-keystone openstack-dashboard scsi-target-utils qpid-cpp-server mysql-server qpid-cpp-server-daemon - sudo dd if=/dev/zero of=/var/lib/nova/nova-volumes.img bs=1M seek=20k count=0 + sudo yum -q -y install openstack-utils openstack-nova openstack-glance openstack-keystone openstack-dashboard scsi-target-utils qpid-cpp-server mysql-server qpid-cpp-server-daemon $VOLUME_SERVICE + sudo dd if=/dev/zero of=$VOLUME_PATH bs=1M seek=20k count=0 sudo systemctl start mysqld.service sudo systemctl enable libvirtd.service sudo systemctl start libvirtd.service @@ -174,6 +212,9 @@ function os_install() { sudo openstack-db --service nova --init $* sudo openstack-db --service glance --init $* sudo openstack-db --service keystone --init $* + if [[ $VOLUME_SERVICE == "openstack-cinder" ]]; then + sudo openstack-db --service cinder --init $* + fi # Create a keystone RC file mkdir -p $HOME/.openstack @@ -208,11 +249,24 @@ EOF sudo openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_user glance sudo openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_password servicepass + if [[ $VOLUME_SERVICE == "openstack-cinder" ]]; then + sudo openstack-config --set /etc/cinder/api-paste.ini filter:authtoken admin_tenant_name service + sudo openstack-config --set /etc/cinder/api-paste.ini filter:authtoken admin_user cinder + sudo openstack-config --set /etc/cinder/api-paste.ini filter:authtoken admin_password servicepass + sudo openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone + # must disable implicit osapi_volume + sudo openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis ec2,osapi_compute,metadata + sudo openstack-config --set /etc/nova/nova.conf DEFAULT volume_api_class nova.volume.cinder.API + fi + os_stop sleep 1 - sudo rm -rf /var/log/{glance,nova,swift,keystone}/* + sudo rm -rf /var/log/{glance,nova,swift,keystone,cinder}/* os_start sleep 1 + if [[ $VOLUME_SERVICE -eq "openstack-cinder" ]]; then + ${BASE_DIR}/../bin/cinder-keystone-setup + fi echo "Installation Complete." echo "Checking all expected services are running" diff --git a/tools/pip-requires b/tools/pip-requires index ff25d544b4..6328424f1f 100644 --- a/tools/pip-requires +++ b/tools/pip-requires @@ -29,4 +29,5 @@ python-keystoneclient python-memcached python-swiftclient python-quantumclient +python-cinderclient PyYAML>=3.1.0