d183c7e223
Check for the existence of tripleo-undercloud-passwords and reuse the users/passwords/secrets from that file during instack-install-undercloud if it exists. This makes instack-install-undercloud re-runnable. Since user's are already defined with passwords in Keystone, we need to reuse existing ones on subsequent runs. Additional users/passwords/secrets are written out to the tripleo-undercloud-passwords file since this makes them much easier to reread. There is also no longer a need for the 00-cleanup script at all after the migration to Puppet. This was part of the problem of instack-install-undercloud not being re-runnable b/c the $OK file from 98-undercloud-setup was getting deleted so that script was re-running causing all sorts of problems. 98-undercloud-setup itself has a small change where I experimented with making it entirely re-runnable itself, but that got complex with the call to setup-neutron, so I stopped going down that road. Still, the small change is valuable to have. Change-Id: I3cb3d8f695314840c2d77a2ec9fbea1ac9b8d52e
116 lines
3.4 KiB
Bash
Executable File
116 lines
3.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -eux
|
|
|
|
OK_FILE=/opt/stack/.undercloud-setup
|
|
|
|
if [ -f $OK_FILE ]; then
|
|
exit
|
|
fi
|
|
|
|
source /root/tripleo-undercloud-passwords
|
|
source /root/stackrc
|
|
|
|
export INSTACK_ROOT=${INSTACK_ROOT:-""}
|
|
if [ -n "$INSTACK_ROOT" ]; then
|
|
export PATH=$PATH:$INSTACK_ROOT/instack-undercloud/scripts
|
|
fi
|
|
|
|
if [ ! -f /root/.ssh/authorized_keys ]; then
|
|
sudo mkdir -p /root/.ssh
|
|
sudo chmod 7000 /root/.ssh/
|
|
sudo touch /root/.ssh/authorized_keys
|
|
sudo chmod 600 /root/.ssh/authorized_keys
|
|
fi
|
|
|
|
if [ ! -f /root/.ssh/id_rsa ]; then
|
|
ssh-keygen -b 1024 -N '' -f /root/.ssh/id_rsa
|
|
fi
|
|
|
|
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
|
|
|
|
KEYSTONE_SERVICE=keystone
|
|
if [ -f /lib/systemd/system/openstack-keystone.service ]; then
|
|
KEYSTONE_SERVICE=openstack-keystone
|
|
fi
|
|
|
|
# Ensure keystone is up before continuing on.
|
|
# Waits for up to 2 minutes.
|
|
tripleo wait_for 12 10 service $KEYSTONE_SERVICE status
|
|
|
|
# Because keystone just still isn't up yet...
|
|
sleep 20
|
|
|
|
export UNDERCLOUD_IP=$(os-apply-config --key local-ip --type netaddress)
|
|
|
|
init-keystone -o $UNDERCLOUD_IP -t $UNDERCLOUD_ADMIN_TOKEN \
|
|
-e admin@example.com -p $UNDERCLOUD_ADMIN_PASSWORD -u root
|
|
|
|
# Create service endpoints and optionally include Ceilometer for UI support
|
|
ENDPOINT_LIST="--glance-password $UNDERCLOUD_GLANCE_PASSWORD
|
|
--heat-password $UNDERCLOUD_HEAT_PASSWORD
|
|
--neutron-password $UNDERCLOUD_NEUTRON_PASSWORD
|
|
--nova-password $UNDERCLOUD_NOVA_PASSWORD
|
|
--tuskar-password $UNDERCLOUD_TUSKAR_PASSWORD
|
|
--ironic-password $UNDERCLOUD_IRONIC_PASSWORD
|
|
--ceilometer-password $UNDERCLOUD_CEILOMETER_PASSWORD"
|
|
|
|
REGISTER_SERVICE_OPTS=
|
|
|
|
# Needed by ceilometer user in register-endpoint
|
|
if ! keystone role-get ResellerAdmin; then
|
|
keystone role-create --name=ResellerAdmin
|
|
fi
|
|
|
|
# TODO: this needs to be switched over to use os-cloud-config's setup-endpoints
|
|
tripleo setup-endpoints $UNDERCLOUD_IP $ENDPOINT_LIST $REGISTER_SERVICE_OPTS
|
|
|
|
if ! keystone role-get heat_stack_user; then
|
|
keystone role-create --name heat_stack_user
|
|
fi
|
|
|
|
DHCP_START=$(os-apply-config --key neutron.dhcp_start --type netaddress)
|
|
DHCP_END=$(os-apply-config --key neutron.dhcp_end --type netaddress)
|
|
NETWORK_CIDR=$(os-apply-config --key neutron.network_cidr --type raw)
|
|
NETWORK_GATEWAY=$(os-apply-config --key neutron.network_gateway --type netaddress)
|
|
METADATA_SERVER=$UNDERCLOUD_IP
|
|
PHYSICAL_NETWORK=ctlplane
|
|
|
|
NETWORK_JSON=$(mktemp)
|
|
jq "." <<EOF > $NETWORK_JSON
|
|
{
|
|
"physical": {
|
|
"gateway": "$NETWORK_GATEWAY",
|
|
"metadata_server": "$UNDERCLOUD_IP",
|
|
"cidr": "$NETWORK_CIDR",
|
|
"allocation_start": "$DHCP_START",
|
|
"allocation_end": "$DHCP_END",
|
|
"name": "$PHYSICAL_NETWORK",
|
|
"nameserver": "${UNDERCLOUD_NAMESERVER:-192.168.122.1}"
|
|
}
|
|
}
|
|
EOF
|
|
setup-neutron -n $NETWORK_JSON
|
|
rm $NETWORK_JSON
|
|
|
|
# Delete initial flavors
|
|
for flavor in m1.tiny m1.small m1.medium m1.large m1.xlarge; do
|
|
if nova flavor-show "$flavor" &> /dev/null; then
|
|
nova flavor-delete "$flavor"
|
|
fi
|
|
done
|
|
|
|
# Disable nova quotas
|
|
nova quota-update --cores -1 --instances -1 --ram -1 $(keystone tenant-get admin | awk '$2=="id" {print $4}')
|
|
|
|
# instack-prepare-for-overcloud
|
|
rm -rf $HOME/.novaclient
|
|
|
|
# restart openstack-nova-compute
|
|
# When installing via puppet, nova-compute fails the first time because the
|
|
# ironic user does not yet exist. Now that the user has been created via
|
|
# setup-endpoints, we need to restart the service.
|
|
systemctl restart openstack-nova-compute
|
|
|
|
touch $OK_FILE
|