# lib/manila # Install and start **Manila** file shares service # Dependencies: # - functions # - DEST, DATA_DIR, STACK_USER must be defined # SERVICE_{TENANT_NAME|PASSWORD} must be defined # ``KEYSTONE_TOKEN_FORMAT`` must be defined # stack.sh # --------- # install_manila # # configure_manila # # init_manila # # start_manila # # stop_manila # # cleanup_manila # # Save trace setting XTRACE=$(set +o | grep xtrace) set +o xtrace # Defaults # -------- MANILA_REPO_ROOT=stackforge MANILA_GIT_BASE=${MANILA_GIT_BASE:-https://github.com} MANILA_REPO=${MANILA_GIT_BASE}/${MANILA_REPO_ROOT}/manila.git MANILA_BRANCH=master MANILACLIENT_REPO=${MANILA_GIT_BASE}/${MANILA_REPO_ROOT}/python-manilaclient.git MANILACLIENT_BRANCH=master # set up default directories MANILA_DIR=${MANILA_DIR:=$DEST/manila} MANILA_LOCK_PATH=${MANILA_LOCK_PATH:=$MANILA_DIR/manila_locks} MANILACLIENT_DIR=${MANILACLIENT_DIR:=$DEST/python-manilaclient} MANILA_STATE_PATH=${MANILA_STATE_PATH:=$DATA_DIR/manila} MANILA_MNT_DIR=${MANILA_MNT_DIR:=$MANILA_STATE_PATH/mnt} MANILA_AUTH_CACHE_DIR=${MANILA_AUTH_CACHE_DIR:-/var/cache/manila} MANILA_CONF_DIR=/etc/manila MANILA_CONF=$MANILA_CONF_DIR/manila.conf MANILA_API_PASTE_INI=$MANILA_CONF_DIR/api-paste.ini # Public facing bits MANILA_SERVICE_HOST=${MANILA_SERVICE_HOST:-$SERVICE_HOST} MANILA_SERVICE_PORT=${MANILA_SERVICE_PORT:-8786} MANILA_SERVICE_PORT_INT=${MANILA_SERVICE_PORT_INT:-18776} MANILA_SERVICE_PROTOCOL=${MANILA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} # Support entry points installation of console scripts if [[ -d $MANILA_DIR/bin ]]; then MANILA_BIN_DIR=$MANILA_DIR/bin else MANILA_BIN_DIR=$(get_python_exec_prefix) fi # Support for multi backend configuration (default is no support) MANILA_MULTI_BACKEND=$(trueorfalse False $MANILA_MULTI_BACKEND) # First share backend data, that will be used in any installation MANILA_BACKEND1_CONFIG_GROUP_NAME=${MANILA_BACKEND1_CONFIG_GROUP_NAME:-backend1} MANILA_SHARE_BACKEND1_NAME=${MANILA_SHARE_BACKEND1_NAME:-BACKEND1} # Second share backend data, that will be used only with MANILA_MULTI_BACKEND=True MANILA_BACKEND2_CONFIG_GROUP_NAME=${MANILA_BACKEND2_CONFIG_GROUP_NAME:-backend2} MANILA_SHARE_BACKEND2_NAME=${MANILA_SHARE_BACKEND2_NAME:-BACKEND2} SHARE_NAME_PREFIX=${SHARE_NAME_PREFIX:-share-} SHARE_DRIVER=${SHARE_DRIVER:-manila.share.drivers.generic.GenericShareDriver} MANILA_SCHEDULER_DRIVER=${MANILA_SCHEDULER_DRIVER:-manila.scheduler.filter_scheduler.FilterScheduler} eval USER_HOME=~ # These are used by generic driver MANILA_PATH_TO_PUBLIC_KEY=${MANILA_PATH_TO_PUBLIC_KEY:-"$USER_HOME/.ssh/id_rsa.pub"} MANILA_PATH_TO_PRIVATE_KEY=${MANILA_PATH_TO_PRIVATE_KEY:-"$USER_HOME/.ssh/id_rsa"} MANILA_SERVICE_INSTANCE_USER=${MANILA_SERVICE_INSTANCE_USER:-"ubuntu"} MANILA_SERVICE_INSTANCE_PASSWORD=${MANILA_SERVICE_INSTANCE_PASSWORD:-"ubuntu"} MANILA_SERVICE_IMAGE_URL=${MANILA_SERVICE_IMAGE_URL:-"https://www.dropbox.com/s/vi5oeh10q1qkckh/ubuntu_1204_nfs_cifs.qcow2"} MANILA_SERVICE_IMAGE_NAME=${MANILA_SERVICE_IMAGE_NAME:-"ubuntu_1204_nfs_cifs"} MANILA_SERVICE_VM_FLAVOR_REF=${MANILA_SERVICE_VM_FLAVOR_REF:-100} MANILA_SERVICE_VM_FLAVOR_NAME=${MANILA_SERVICE_VM_FLAVOR_NAME:-"manila-service-flavor"} MANILA_SERVICE_VM_FLAVOR_RAM=${MANILA_SERVICE_VM_FLAVOR_RAM:-64} MANILA_SERVICE_VM_FLAVOR_DISK=${MANILA_SERVICE_VM_FLAVOR_DISK:-0} MANILA_SERVICE_VM_FLAVOR_VCPUS=${MANILA_SERVICE_VM_FLAVOR_VCPUS:-1} # cleanup_manila - Remove residual data files, anything left over from previous # runs that a clean run would need to clean up function cleanup_manila { # This is placeholder. # All stuff, that are created by Generic driver will be cleaned up by other services. : } function add_share_backend { # Expects two args: # 1: config group name # 2: share_backend_name iniset $MANILA_CONF $1 share_driver $SHARE_DRIVER iniset $MANILA_CONF $1 share_backend_name $2 iniset $MANILA_CONF $1 path_to_public_key $MANILA_PATH_TO_PUBLIC_KEY iniset $MANILA_CONF $1 path_to_private_key $MANILA_PATH_TO_PRIVATE_KEY iniset $MANILA_CONF $1 service_image_name $MANILA_SERVICE_IMAGE_NAME iniset $MANILA_CONF $1 service_instance_user $MANILA_SERVICE_INSTANCE_USER iniset $MANILA_CONF $1 service_instance_password $MANILA_SERVICE_INSTANCE_PASSWORD } # configure_manila - Set config files, create data dirs, etc function configure_manila { setup_develop $MANILA_DIR setup_develop $MANILACLIENT_DIR if [[ ! -d $MANILA_CONF_DIR ]]; then sudo mkdir -p $MANILA_CONF_DIR fi sudo chown $STACK_USER $MANILA_CONF_DIR cp -p $MANILA_DIR/etc/manila/policy.json $MANILA_CONF_DIR # Set the paths of certain binaries MANILA_ROOTWRAP=$(get_rootwrap_location manila) # If Manila ships the new rootwrap filters files, deploy them # (owned by root) and add a parameter to $MANILA_ROOTWRAP ROOTWRAP_MANILA_SUDOER_CMD="$MANILA_ROOTWRAP" if [[ -d $MANILA_DIR/etc/manila/rootwrap.d ]]; then # Wipe any existing rootwrap.d files first if [[ -d $MANILA_CONF_DIR/rootwrap.d ]]; then sudo rm -rf $MANILA_CONF_DIR/rootwrap.d fi # Deploy filters to /etc/manila/rootwrap.d sudo mkdir -m 755 $MANILA_CONF_DIR/rootwrap.d sudo cp $MANILA_DIR/etc/manila/rootwrap.d/*.filters $MANILA_CONF_DIR/rootwrap.d sudo chown -R root:root $MANILA_CONF_DIR/rootwrap.d sudo chmod 644 $MANILA_CONF_DIR/rootwrap.d/* # Set up rootwrap.conf, pointing to /etc/manila/rootwrap.d sudo cp $MANILA_DIR/etc/manila/rootwrap.conf $MANILA_CONF_DIR/ sudo sed -e "s:^filters_path=.*$:filters_path=$MANILA_CONF_DIR/rootwrap.d:" -i $MANILA_CONF_DIR/rootwrap.conf sudo chown root:root $MANILA_CONF_DIR/rootwrap.conf sudo chmod 0644 $MANILA_CONF_DIR/rootwrap.conf # Specify rootwrap.conf as first parameter to manila-rootwrap MANILA_ROOTWRAP="$MANILA_ROOTWRAP $MANILA_CONF_DIR/rootwrap.conf" ROOTWRAP_MANILA_SUDOER_CMD="$MANILA_ROOTWRAP *" fi TEMPFILE=`mktemp` echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_MANILA_SUDOER_CMD" >$TEMPFILE chmod 0440 $TEMPFILE sudo chown root:root $TEMPFILE sudo mv $TEMPFILE /etc/sudoers.d/manila-rootwrap cp $MANILA_DIR/etc/manila/api-paste.ini $MANILA_API_PASTE_INI iniset $MANILA_API_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST iniset $MANILA_API_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT iniset $MANILA_API_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL iniset $MANILA_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME iniset $MANILA_API_PASTE_INI filter:authtoken admin_user manila iniset $MANILA_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD iniset $MANILA_API_PASTE_INI filter:authtoken signing_dir $MANILA_AUTH_CACHE_DIR # Remove old conf file if exists rm -f $MANILA_CONF iniset $MANILA_CONF DEFAULT auth_strategy keystone iniset $MANILA_CONF DEFAULT debug True iniset $MANILA_CONF DEFAULT verbose True iniset $MANILA_CONF DEFAULT scheduler_driver $MANILA_SCHEDULER_DRIVER iniset $MANILA_CONF DEFAULT share_name_template ${SHARE_NAME_PREFIX}%s iniset $MANILA_CONF DEFAULT sql_connection `database_connection_url manila` iniset $MANILA_CONF DEFAULT api_paste_config $MANILA_API_PASTE_INI iniset $MANILA_CONF DEFAULT rootwrap_config $MANILA_CONF_DIR/rootwrap.conf iniset $MANILA_CONF DEFAULT osapi_share_extension manila.api.openstack.share.contrib.standard_extensions iniset $MANILA_CONF DEFAULT state_path $MANILA_STATE_PATH iniset $MANILA_CONF DEFAULT nova_admin_password $SERVICE_PASSWORD iniset $MANILA_CONF DEFAULT cinder_admin_password $SERVICE_PASSWORD iniset $MANILA_CONF DEFAULT neutron_admin_password $SERVICE_PASSWORD iniset $MANILA_CONF DEFAULT lock_path $MANILA_LOCK_PATH add_share_backend $MANILA_BACKEND1_CONFIG_GROUP_NAME $MANILA_SHARE_BACKEND1_NAME enabled_backends=$MANILA_BACKEND1_CONFIG_GROUP_NAME if [ "$MANILA_MULTI_BACKEND" = "True" ]; then add_share_backend $MANILA_BACKEND2_CONFIG_GROUP_NAME $MANILA_SHARE_BACKEND2_NAME enabled_backends+=,$MANILA_BACKEND2_CONFIG_GROUP_NAME fi iniset $MANILA_CONF DEFAULT enabled_share_backends $enabled_backends if [ ! -f $MANILA_PATH_TO_PRIVATE_KEY ]; then ssh-keygen -N "" -t rsa -f $MANILA_PATH_TO_PRIVATE_KEY; fi if is_service_enabled tls-proxy; then # Set the service port for a proxy to take the original iniset $MANILA_CONF DEFAULT osapi_share_listen_port $MANILA_SERVICE_PORT_INT fi if [ "$SYSLOG" != "False" ]; then iniset $MANILA_CONF DEFAULT use_syslog True fi iniset_rpc_backend manila $MANILA_CONF DEFAULT if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then # Add color to logging output iniset $MANILA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)d %(color)s%(levelname)s %(name)s [%(request_id)s %(user_id)s %(project_id)s%(color)s] %(instance)s%(color)s%(message)s" iniset $MANILA_CONF DEFAULT logging_default_format_string "%(asctime)s.%(msecs)d %(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s" iniset $MANILA_CONF DEFAULT logging_debug_format_suffix "from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d" iniset $MANILA_CONF DEFAULT logging_exception_prefix "%(color)s%(asctime)s.%(msecs)d TRACE %(name)s %(instance)s" fi } function create_manila_service_flavor { # Create flavor for Manila's service VM nova flavor-create $MANILA_SERVICE_VM_FLAVOR_NAME $MANILA_SERVICE_VM_FLAVOR_REF $MANILA_SERVICE_VM_FLAVOR_RAM $MANILA_SERVICE_VM_FLAVOR_DISK $MANILA_SERVICE_VM_FLAVOR_VCPUS } function create_manila_service_image { TOKEN=$(keystone token-get | grep ' id ' | get_field 2) # Download Manila's image if is_service_enabled g-reg; then upload_image $MANILA_SERVICE_IMAGE_URL $TOKEN fi } function create_manila_service_secgroup { MANILA_SERVICE_SECGROUP="manila-service" # Create a secgroup if ! nova secgroup-list | grep -q $MANILA_SERVICE_SECGROUP; then nova secgroup-create $MANILA_SERVICE_SECGROUP "$MANILA_SERVICE_SECGROUP description" if ! timeout 30 sh -c "while ! nova secgroup-list | grep -q $MANILA_SERVICE_SECGROUP; do sleep 1; done"; then echo "Security group not created" exit 1 fi fi # Configure Security Group Rules if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q icmp; then nova secgroup-add-rule $MANILA_SERVICE_SECGROUP icmp -1 -1 0.0.0.0/0 fi if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 22 "; then nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 22 22 0.0.0.0/0 fi if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 2049 "; then nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 2049 2049 0.0.0.0/0 fi if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " udp .* 2049 "; then nova secgroup-add-rule $MANILA_SERVICE_SECGROUP udp 2049 2049 0.0.0.0/0 fi if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " udp .* 445 "; then nova secgroup-add-rule $MANILA_SERVICE_SECGROUP udp 445 445 0.0.0.0/0 fi if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 445 "; then nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 445 445 0.0.0.0/0 fi if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 139 "; then nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 137 139 0.0.0.0/0 fi if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " udp .* 139 "; then nova secgroup-add-rule $MANILA_SERVICE_SECGROUP udp 137 139 0.0.0.0/0 fi # List secgroup rules nova secgroup-list-rules $MANILA_SERVICE_SECGROUP } # create_manila_accounts - Set up common required manila accounts # Tenant User Roles # ------------------------------------------------------------------ # service manila admin # if enabled # Migrated from keystone_data.sh function create_manila_accounts { SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") # Manila if [[ "$ENABLED_SERVICES" =~ "m-api" ]]; then MANILA_USER=$(keystone user-create \ --name=manila \ --pass="$SERVICE_PASSWORD" \ --tenant_id $SERVICE_TENANT \ --email=manila@example.com \ | grep " id " | get_field 2) keystone user-role-add \ --tenant_id $SERVICE_TENANT \ --user_id $MANILA_USER \ --role_id $ADMIN_ROLE if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then MANILA_SERVICE=$(keystone service-create \ --name=manila \ --type=share \ --description="Manila Shared Filesystem Service" \ | grep " id " | get_field 2) keystone endpoint-create \ --region RegionOne \ --service_id $MANILA_SERVICE \ --publicurl "$MANILA_SERVICE_PROTOCOL://$MANILA_SERVICE_HOST:$MANILA_SERVICE_PORT/v1/\$(tenant_id)s" \ --adminurl "$MANILA_SERVICE_PROTOCOL://$MANILA_SERVICE_HOST:$MANILA_SERVICE_PORT/v1/\$(tenant_id)s" \ --internalurl "$MANILA_SERVICE_PROTOCOL://$MANILA_SERVICE_HOST:$MANILA_SERVICE_PORT/v1/\$(tenant_id)s" fi fi } # init_manila - Initialize database and volume group function init_manila { if is_service_enabled $DATABASE_BACKENDS; then # (re)create manila database recreate_database manila utf8 $MANILA_BIN_DIR/manila-manage db sync fi # Create cache dir sudo mkdir -p $MANILA_AUTH_CACHE_DIR sudo chown $STACK_USER $MANILA_AUTH_CACHE_DIR rm -f $MANILA_AUTH_CACHE_DIR/* } # install_manila - Collect source and prepare function install_manila { git_clone $MANILA_REPO $MANILA_DIR $MANILA_BRANCH git_clone $MANILACLIENT_REPO $MANILACLIENT_DIR $MANILACLIENT_BRANCH } # start_manila - Start running processes, including screen function start_manila { screen_it m-api "cd $MANILA_DIR && $MANILA_BIN_DIR/manila-api --config-file $MANILA_CONF" screen_it m-shr "cd $MANILA_DIR && $MANILA_BIN_DIR/manila-share --config-file $MANILA_CONF" screen_it m-sch "cd $MANILA_DIR && $MANILA_BIN_DIR/manila-scheduler --config-file $MANILA_CONF" # Start proxies if enabled if is_service_enabled m-api && is_service_enabled tls-proxy; then start_tls_proxy '*' $MANILA_SERVICE_PORT $MANILA_SERVICE_HOST $MANILA_SERVICE_PORT_INT & fi } # stop_manila - Stop running processes function stop_manila { # Kill the manila screen windows for serv in m-api m-sch m-shr; do screen -S $SCREEN_NAME -p $serv -X kill done } # Restore xtrace $XTRACE