Shared filesystem management project for OpenStack.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

1337 lines
56 KiB

  1. #!/bin/bash
  2. # Plugin file for enabling manila services
  3. # ----------------------------------------
  4. # Save trace setting
  5. XTRACE=$(set +o | grep xtrace)
  6. set -o xtrace
  7. # Entry Points
  8. # ------------
  9. function _clean_share_group {
  10. local vg=$1
  11. local vg_prefix=$2
  12. # Clean out existing shares
  13. for lv in `sudo lvs --noheadings -o lv_name $vg`; do
  14. # vg_prefix prefixes the LVs we want
  15. if [[ "${lv#$vg_prefix}" != "$lv" ]]; then
  16. sudo umount -f $MANILA_MNT_DIR/$lv
  17. sudo lvremove -f $vg/$lv
  18. sudo rm -rf $MANILA_MNT_DIR/$lv
  19. fi
  20. done
  21. }
  22. function _clean_manila_lvm_backing_file {
  23. local vg=$1
  24. # if there is no logical volume left, it's safe to attempt a cleanup
  25. # of the backing file
  26. if [ -z "`sudo lvs --noheadings -o lv_name $vg`" ]; then
  27. # if the backing physical device is a loop device, it was probably setup by devstack
  28. VG_DEV=$(sudo losetup -j $DATA_DIR/${vg}-backing-file | awk -F':' '/backing-file/ { print $1
  29. }')
  30. if [[ -n "$VG_DEV" ]]; then
  31. sudo losetup -d $VG_DEV
  32. rm -f $DATA_DIR/${vg}-backing-file
  33. fi
  34. fi
  35. }
  36. function _clean_zfsonlinux_data {
  37. for filename in "$MANILA_ZFSONLINUX_BACKEND_FILES_CONTAINER_DIR"/*; do
  38. if [[ $(sudo zpool list | grep $filename) ]]; then
  39. echo "Destroying zpool named $filename"
  40. sudo zpool destroy -f $filename
  41. file="$MANILA_ZFSONLINUX_BACKEND_FILES_CONTAINER_DIR$filename"
  42. echo "Destroying file named $file"
  43. rm -f $file
  44. fi
  45. done
  46. }
  47. # cleanup_manila - Remove residual data files, anything left over from previous
  48. # runs that a clean run would need to clean up
  49. function cleanup_manila {
  50. # All stuff, that are created by share drivers will be cleaned up by other services.
  51. _clean_share_group $SHARE_GROUP $SHARE_NAME_PREFIX
  52. _clean_manila_lvm_backing_file $SHARE_GROUP
  53. _clean_zfsonlinux_data
  54. if [ $(trueorfalse False MANILA_USE_UWSGI) == True ]; then
  55. remove_uwsgi_config "$MANILA_UWSGI_CONF" "$MANILA_WSGI"
  56. fi
  57. }
  58. # _config_manila_apache_wsgi() - Configure manila-api wsgi application.
  59. function _config_manila_apache_wsgi {
  60. local manila_api_apache_conf
  61. local venv_path=""
  62. manila_api_apache_conf=$(apache_site_config_for manila-api)
  63. sudo cp $MANILA_DIR/devstack/apache-manila.template $manila_api_apache_conf
  64. sudo sed -e "
  65. s|%APACHE_NAME%|$APACHE_NAME|g;
  66. s|%MANILA_BIN_DIR%|$MANILA_BIN_DIR|g;
  67. s|%PORT%|$REAL_MANILA_SERVICE_PORT|g;
  68. s|%APIWORKERS%|$API_WORKERS|g;
  69. s|%USER%|$STACK_USER|g;
  70. " -i $manila_api_apache_conf
  71. }
  72. # configure_default_backends - configures default Manila backends with generic driver.
  73. function configure_default_backends {
  74. # Configure two default backends with generic drivers onboard
  75. for group_name in $MANILA_BACKEND1_CONFIG_GROUP_NAME $MANILA_BACKEND2_CONFIG_GROUP_NAME; do
  76. iniset $MANILA_CONF $group_name share_driver $SHARE_DRIVER
  77. if [ "$MANILA_BACKEND1_CONFIG_GROUP_NAME" == "$group_name" ]; then
  78. iniset $MANILA_CONF $group_name share_backend_name $MANILA_SHARE_BACKEND1_NAME
  79. else
  80. iniset $MANILA_CONF $group_name share_backend_name $MANILA_SHARE_BACKEND2_NAME
  81. fi
  82. iniset $MANILA_CONF $group_name path_to_public_key $MANILA_PATH_TO_PUBLIC_KEY
  83. iniset $MANILA_CONF $group_name path_to_private_key $MANILA_PATH_TO_PRIVATE_KEY
  84. iniset $MANILA_CONF $group_name service_image_name $MANILA_SERVICE_IMAGE_NAME
  85. iniset $MANILA_CONF $group_name service_instance_user $MANILA_SERVICE_INSTANCE_USER
  86. iniset $MANILA_CONF $group_name driver_handles_share_servers True
  87. if [ "$SHARE_DRIVER" == $MANILA_CONTAINER_DRIVER ]; then
  88. iniset $MANILA_CONF $group_name network_api_class $MANILA_NETWORK_API_CLASS
  89. iniset $MANILA_CONF $group_name neutron_host_id $(hostname)
  90. iniset $MANILA_CONF $group_name neutron_vnic_type $MANILA_NEUTRON_VNIC_TYPE
  91. fi
  92. if [ $(trueorfalse False MANILA_USE_SERVICE_INSTANCE_PASSWORD) == True ]; then
  93. iniset $MANILA_CONF $group_name service_instance_password $MANILA_SERVICE_INSTANCE_PASSWORD
  94. fi
  95. if [ "$SHARE_DRIVER" == "manila.share.drivers.generic.GenericShareDriver" ]; then
  96. iniset $MANILA_CONF $group_name ssh_conn_timeout $MANILA_SSH_TIMEOUT
  97. fi
  98. done
  99. }
  100. # set_config_opts - this allows to set any config opt to any config group,
  101. # parsing env vars by prefix special 'MANILA_OPTGROUP_'.
  102. function set_config_opts {
  103. # expects only one param - name of config group(s) as list separated by commas
  104. GROUP_NAMES=$1
  105. if [[ -n "$GROUP_NAMES" ]]; then
  106. for be in ${GROUP_NAMES//,/ }; do
  107. # get backend_specific opt values
  108. prefix=MANILA_OPTGROUP_$be\_
  109. ( set -o posix ; set ) | grep ^$prefix | while read -r line ; do
  110. # parse it to opt names and values
  111. opt=${line#$prefix}
  112. opt_name=${opt%%=*}
  113. opt_value=${opt##*=}
  114. iniset $MANILA_CONF $be $opt_name $opt_value
  115. done
  116. done
  117. fi
  118. }
  119. # set_cinder_quotas - Sets Cinder quotas, that is useful for generic driver,
  120. # which uses Cinder volumes and snapshots.
  121. function set_cinder_quotas {
  122. # Update Cinder configuration to make sure default quotas are enough
  123. # for Manila using Generic driver with parallel testing.
  124. if is_service_enabled cinder; then
  125. if [[ ! "$CINDER_CONF" ]]; then
  126. CINDER_CONF=/etc/cinder/cinder.conf
  127. fi
  128. iniset $CINDER_CONF DEFAULT quota_volumes 50
  129. iniset $CINDER_CONF DEFAULT quota_snapshots 50
  130. iniset $CINDER_CONF DEFAULT quota_gigabytes 1000
  131. fi
  132. }
  133. function set_backend_availability_zones {
  134. ENABLED_BACKENDS=$1
  135. echo_summary "Setting up backend_availability_zone option \
  136. for any enabled backends that do not use the Generic driver. \
  137. Availability zones for the Generic driver must coincide with those \
  138. created for Nova and Cinder."
  139. local zonenum
  140. generic_driver='manila.share.drivers.generic.GenericShareDriver'
  141. for BE in ${ENABLED_BACKENDS//,/ }; do
  142. share_driver=$(iniget $MANILA_CONF $BE share_driver)
  143. if [[ $share_driver != $generic_driver ]]; then
  144. zone="manila-zone-$((zonenum++))"
  145. iniset $MANILA_CONF $BE backend_availability_zone $zone
  146. fi
  147. done
  148. }
  149. # configure_manila - Set config files, create data dirs, etc
  150. function configure_manila {
  151. if [[ ! -d $MANILA_CONF_DIR ]]; then
  152. sudo mkdir -p $MANILA_CONF_DIR
  153. fi
  154. sudo chown $STACK_USER $MANILA_CONF_DIR
  155. if [[ -f $MANILA_DIR/etc/manila/policy.json ]]; then
  156. cp -p $MANILA_DIR/etc/manila/policy.json $MANILA_CONF_DIR
  157. fi
  158. # Set the paths of certain binaries
  159. MANILA_ROOTWRAP=$(get_rootwrap_location manila)
  160. # If Manila ships the new rootwrap filters files, deploy them
  161. # (owned by root) and add a parameter to $MANILA_ROOTWRAP
  162. ROOTWRAP_MANILA_SUDOER_CMD="$MANILA_ROOTWRAP"
  163. if [[ -d $MANILA_DIR/etc/manila/rootwrap.d ]]; then
  164. # Wipe any existing rootwrap.d files first
  165. if [[ -d $MANILA_CONF_DIR/rootwrap.d ]]; then
  166. sudo rm -rf $MANILA_CONF_DIR/rootwrap.d
  167. fi
  168. # Deploy filters to /etc/manila/rootwrap.d
  169. sudo mkdir -m 755 $MANILA_CONF_DIR/rootwrap.d
  170. sudo cp $MANILA_DIR/etc/manila/rootwrap.d/*.filters $MANILA_CONF_DIR/rootwrap.d
  171. sudo chown -R root:root $MANILA_CONF_DIR/rootwrap.d
  172. sudo chmod 644 $MANILA_CONF_DIR/rootwrap.d/*
  173. # Set up rootwrap.conf, pointing to /etc/manila/rootwrap.d
  174. sudo cp $MANILA_DIR/etc/manila/rootwrap.conf $MANILA_CONF_DIR/
  175. sudo sed -e "s:^filters_path=.*$:filters_path=$MANILA_CONF_DIR/rootwrap.d:" -i $MANILA_CONF_DIR/rootwrap.conf
  176. sudo chown root:root $MANILA_CONF_DIR/rootwrap.conf
  177. sudo chmod 0644 $MANILA_CONF_DIR/rootwrap.conf
  178. # Specify rootwrap.conf as first parameter to manila-rootwrap
  179. MANILA_ROOTWRAP="$MANILA_ROOTWRAP $MANILA_CONF_DIR/rootwrap.conf"
  180. ROOTWRAP_MANILA_SUDOER_CMD="$MANILA_ROOTWRAP *"
  181. fi
  182. TEMPFILE=`mktemp`
  183. echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_MANILA_SUDOER_CMD" >$TEMPFILE
  184. chmod 0440 $TEMPFILE
  185. sudo chown root:root $TEMPFILE
  186. sudo mv $TEMPFILE /etc/sudoers.d/manila-rootwrap
  187. cp $MANILA_DIR/etc/manila/api-paste.ini $MANILA_API_PASTE_INI
  188. # Remove old conf file if exists
  189. rm -f $MANILA_CONF
  190. configure_keystone_authtoken_middleware $MANILA_CONF manila
  191. iniset $MANILA_CONF DEFAULT auth_strategy keystone
  192. iniset $MANILA_CONF DEFAULT debug True
  193. iniset $MANILA_CONF DEFAULT scheduler_driver $MANILA_SCHEDULER_DRIVER
  194. iniset $MANILA_CONF DEFAULT share_name_template ${SHARE_NAME_PREFIX}%s
  195. iniset $MANILA_CONF DATABASE connection `database_connection_url manila`
  196. iniset $MANILA_CONF DATABASE max_pool_size 40
  197. iniset $MANILA_CONF DEFAULT api_paste_config $MANILA_API_PASTE_INI
  198. iniset $MANILA_CONF DEFAULT rootwrap_config $MANILA_CONF_DIR/rootwrap.conf
  199. iniset $MANILA_CONF DEFAULT osapi_share_extension manila.api.contrib.standard_extensions
  200. iniset $MANILA_CONF DEFAULT state_path $MANILA_STATE_PATH
  201. # Note: Sample share types will still be created if the below is False
  202. if [ $(trueorfalse False MANILA_CONFIGURE_DEFAULT_TYPES) == True ]; then
  203. iniset $MANILA_CONF DEFAULT default_share_type $MANILA_DEFAULT_SHARE_TYPE
  204. iniset $MANILA_CONF DEFAULT default_share_group_type $MANILA_DEFAULT_SHARE_GROUP_TYPE
  205. fi
  206. if ! [[ -z $MANILA_SHARE_MIGRATION_PERIOD_TASK_INTERVAL ]]; then
  207. iniset $MANILA_CONF DEFAULT migration_driver_continue_update_interval $MANILA_SHARE_MIGRATION_PERIOD_TASK_INTERVAL
  208. fi
  209. if ! [[ -z $MANILA_SERVER_MIGRATION_PERIOD_TASK_INTERVAL ]]; then
  210. iniset $MANILA_CONF DEFAULT server_migration_driver_continue_update_interval $MANILA_SERVER_MIGRATION_PERIOD_TASK_INTERVAL
  211. fi
  212. if ! [[ -z $MANILA_DATA_COPY_CHECK_HASH ]]; then
  213. iniset $MANILA_CONF DEFAULT check_hash $MANILA_DATA_COPY_CHECK_HASH
  214. fi
  215. iniset $MANILA_CONF DEFAULT enabled_share_protocols $MANILA_ENABLED_SHARE_PROTOCOLS
  216. iniset $MANILA_CONF oslo_concurrency lock_path $MANILA_LOCK_PATH
  217. iniset $MANILA_CONF DEFAULT wsgi_keep_alive False
  218. iniset $MANILA_CONF DEFAULT lvm_share_volume_group $SHARE_GROUP
  219. # Set the replica_state_update_interval
  220. iniset $MANILA_CONF DEFAULT replica_state_update_interval $MANILA_REPLICA_STATE_UPDATE_INTERVAL
  221. # Set the use_scheduler_creating_share_from_snapshot
  222. iniset $MANILA_CONF DEFAULT use_scheduler_creating_share_from_snapshot $MANILA_USE_SCHEDULER_CREATING_SHARE_FROM_SNAPSHOT
  223. if is_service_enabled neutron; then
  224. configure_keystone_authtoken_middleware $MANILA_CONF neutron neutron
  225. fi
  226. if is_service_enabled nova; then
  227. configure_keystone_authtoken_middleware $MANILA_CONF nova nova
  228. fi
  229. if is_service_enabled cinder; then
  230. configure_keystone_authtoken_middleware $MANILA_CONF cinder cinder
  231. fi
  232. if is_service_enabled glance; then
  233. configure_keystone_authtoken_middleware $MANILA_CONF glance glance
  234. fi
  235. # Note: set up config group does not mean that this backend will be enabled.
  236. # To enable it, specify its name explicitly using "enabled_share_backends" opt.
  237. configure_default_backends
  238. default_backends=$MANILA_BACKEND1_CONFIG_GROUP_NAME
  239. if [ "$MANILA_MULTI_BACKEND" = "True" ]; then
  240. default_backends+=,$MANILA_BACKEND2_CONFIG_GROUP_NAME
  241. fi
  242. if [ ! $MANILA_ENABLED_BACKENDS ]; then
  243. # If $MANILA_ENABLED_BACKENDS is not set, use configured backends by default
  244. export MANILA_ENABLED_BACKENDS=$default_backends
  245. fi
  246. iniset $MANILA_CONF DEFAULT enabled_share_backends $MANILA_ENABLED_BACKENDS
  247. if [ ! -f $MANILA_PATH_TO_PRIVATE_KEY ]; then
  248. ssh-keygen -N "" -t rsa -f $MANILA_PATH_TO_PRIVATE_KEY;
  249. fi
  250. iniset $MANILA_CONF DEFAULT manila_service_keypair_name $MANILA_SERVICE_KEYPAIR_NAME
  251. REAL_MANILA_SERVICE_PORT=$MANILA_SERVICE_PORT
  252. if is_service_enabled tls-proxy; then
  253. # Set the protocol to 'https', update the endpoint base and set the default port
  254. MANILA_SERVICE_PROTOCOL="https"
  255. MANILA_ENDPOINT_BASE="${MANILA_ENDPOINT_BASE/http:/https:}"
  256. REAL_MANILA_SERVICE_PORT=$MANILA_SERVICE_PORT_INT
  257. # Set the service port for a proxy to take the original
  258. iniset $MANILA_CONF DEFAULT osapi_share_listen_port $REAL_MANILA_SERVICE_PORT
  259. iniset $MANILA_CONF oslo_middleware enable_proxy_headers_parsing True
  260. fi
  261. iniset_rpc_backend manila $MANILA_CONF DEFAULT
  262. setup_logging $MANILA_CONF
  263. MANILA_CONFIGURE_GROUPS=${MANILA_CONFIGURE_GROUPS:-"$MANILA_ENABLED_BACKENDS"}
  264. set_config_opts $MANILA_CONFIGURE_GROUPS
  265. set_config_opts DEFAULT
  266. set_backend_availability_zones $MANILA_ENABLED_BACKENDS
  267. if [ $(trueorfalse False MANILA_USE_UWSGI) == True ]; then
  268. write_uwsgi_config "$MANILA_UWSGI_CONF" "$MANILA_WSGI" "/share"
  269. fi
  270. if [ $(trueorfalse False MANILA_USE_MOD_WSGI) == True ]; then
  271. _config_manila_apache_wsgi
  272. fi
  273. }
  274. function create_manila_service_keypair {
  275. if is_service_enabled nova; then
  276. local keypair_exists=$( openstack keypair list | grep " $MANILA_SERVICE_KEYPAIR_NAME " )
  277. if [[ -z $keypair_exists ]]; then
  278. openstack keypair create $MANILA_SERVICE_KEYPAIR_NAME --public-key $MANILA_PATH_TO_PUBLIC_KEY
  279. fi
  280. fi
  281. }
  282. function is_driver_enabled {
  283. driver_name=$1
  284. for BE in ${MANILA_ENABLED_BACKENDS//,/ }; do
  285. share_driver=$(iniget $MANILA_CONF $BE share_driver)
  286. if [ "$share_driver" == "$driver_name" ]; then
  287. return 0
  288. fi
  289. done
  290. return 1
  291. }
  292. # create_service_share_servers - creates service Nova VMs, one per generic
  293. # driver, and only if it is configured to mode without handling of share servers.
  294. function create_service_share_servers {
  295. created_admin_network=false
  296. for BE in ${MANILA_ENABLED_BACKENDS//,/ }; do
  297. driver_handles_share_servers=$(iniget $MANILA_CONF $BE driver_handles_share_servers)
  298. share_driver=$(iniget $MANILA_CONF $BE share_driver)
  299. generic_driver='manila.share.drivers.generic.GenericShareDriver'
  300. if [[ $share_driver == $generic_driver ]]; then
  301. if [[ $(trueorfalse False driver_handles_share_servers) == False ]]; then
  302. vm_name='manila_service_share_server_'$BE
  303. local vm_exists=$( openstack server list --all-projects | grep " $vm_name " )
  304. if [[ -z $vm_exists ]]; then
  305. private_net_id=$(openstack network show $PRIVATE_NETWORK_NAME -f value -c id)
  306. vm_id=$(openstack server create $vm_name \
  307. --flavor $MANILA_SERVICE_VM_FLAVOR_NAME \
  308. --image $MANILA_SERVICE_IMAGE_NAME \
  309. --nic net-id=$private_net_id \
  310. --security-group $MANILA_SERVICE_SECGROUP \
  311. --key-name $MANILA_SERVICE_KEYPAIR_NAME \
  312. | grep ' id ' | get_field 2)
  313. else
  314. vm_id=$(openstack server show $vm_name -f value -c id)
  315. fi
  316. floating_ip=$(openstack floating ip create $PUBLIC_NETWORK_NAME --subnet $PUBLIC_SUBNET_NAME | grep 'floating_ip_address' | get_field 2)
  317. openstack server add floating ip $vm_id $floating_ip
  318. iniset $MANILA_CONF $BE service_instance_name_or_id $vm_id
  319. iniset $MANILA_CONF $BE service_net_name_or_ip $floating_ip
  320. iniset $MANILA_CONF $BE tenant_net_name_or_ip $PRIVATE_NETWORK_NAME
  321. else
  322. if is_service_enabled neutron; then
  323. if ! [[ -z $MANILA_ADMIN_NET_RANGE ]]; then
  324. if [ $created_admin_network == false ]; then
  325. project_id=$(openstack project show $SERVICE_PROJECT_NAME -c id -f value)
  326. local admin_net_id=$( openstack network show admin_net -f value -c id )
  327. if [[ -z $admin_net_id ]]; then
  328. openstack network create admin_net --project $project_id
  329. admin_net_id=$(openstack network show admin_net -f value -c id)
  330. fi
  331. local admin_subnet_id=$( openstack subnet show admin_subnet -f value -c id )
  332. if [[ -z $admin_subnet_id ]]; then
  333. openstack subnet create admin_subnet --project $project_id --ip-version 4 --network $admin_net_id --gateway None --subnet-range $MANILA_ADMIN_NET_RANGE
  334. admin_subnet_id=$(openstack subnet show admin_subnet -f value -c id)
  335. fi
  336. created_admin_network=true
  337. fi
  338. iniset $MANILA_CONF $BE admin_network_id $admin_net_id
  339. iniset $MANILA_CONF $BE admin_subnet_id $admin_subnet_id
  340. fi
  341. fi
  342. fi
  343. fi
  344. done
  345. configure_data_service_generic_driver
  346. }
  347. function configure_data_service_generic_driver {
  348. enabled_backends=(${MANILA_ENABLED_BACKENDS//,/ })
  349. share_driver=$(iniget $MANILA_CONF ${enabled_backends[0]} share_driver)
  350. generic_driver='manila.share.drivers.generic.GenericShareDriver'
  351. if [[ $share_driver == $generic_driver ]]; then
  352. driver_handles_share_servers=$(iniget $MANILA_CONF ${enabled_backends[0]} driver_handles_share_servers)
  353. if [[ $(trueorfalse False driver_handles_share_servers) == False ]]; then
  354. iniset $MANILA_CONF DEFAULT data_node_access_ips $PUBLIC_NETWORK_GATEWAY
  355. else
  356. if ! [[ -z $MANILA_DATA_NODE_IP ]]; then
  357. iniset $MANILA_CONF DEFAULT data_node_access_ips $MANILA_DATA_NODE_IP
  358. fi
  359. fi
  360. fi
  361. }
  362. # create_manila_service_flavor - creates flavor, that will be used by backends
  363. # with configured generic driver to boot Nova VMs with.
  364. function create_manila_service_flavor {
  365. if is_service_enabled nova; then
  366. local flavor_exists=$( openstack flavor list | grep " $MANILA_SERVICE_VM_FLAVOR_NAME " )
  367. if [[ -z $flavor_exists ]]; then
  368. # Create flavor for Manila's service VM
  369. openstack flavor create \
  370. $MANILA_SERVICE_VM_FLAVOR_NAME \
  371. --id $MANILA_SERVICE_VM_FLAVOR_REF \
  372. --ram $MANILA_SERVICE_VM_FLAVOR_RAM \
  373. --disk $MANILA_SERVICE_VM_FLAVOR_DISK \
  374. --vcpus $MANILA_SERVICE_VM_FLAVOR_VCPUS
  375. fi
  376. fi
  377. }
  378. # create_manila_service_image - creates image, that will be used by backends
  379. # with configured generic driver to boot Nova VMs from.
  380. function create_manila_service_image {
  381. if is_service_enabled nova g-api; then
  382. TOKEN=$(openstack token issue -c id -f value)
  383. local image_exists=$( openstack image list | grep " $MANILA_SERVICE_IMAGE_NAME " )
  384. if [[ -z $image_exists ]]; then
  385. # Download Manila's image
  386. upload_image $MANILA_SERVICE_IMAGE_URL $TOKEN
  387. fi
  388. fi
  389. }
  390. # create_manila_service_secgroup - creates security group that is used by
  391. # Nova VMs when generic driver is configured.
  392. function create_manila_service_secgroup {
  393. # Create a secgroup
  394. if ! openstack security group list | grep -q $MANILA_SERVICE_SECGROUP; then
  395. openstack security group create $MANILA_SERVICE_SECGROUP --description "$MANILA_SERVICE_SECGROUP description"
  396. if ! timeout 30 sh -c "while ! openstack security group list | grep -q $MANILA_SERVICE_SECGROUP; do sleep 1; done"; then
  397. echo "Security group not created"
  398. exit 1
  399. fi
  400. fi
  401. # Configure Security Group Rules
  402. if ! openstack security group rule list $MANILA_SERVICE_SECGROUP | grep -q icmp; then
  403. openstack security group rule create $MANILA_SERVICE_SECGROUP --protocol icmp
  404. fi
  405. if ! openstack security group rule list $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 22 "; then
  406. openstack security group rule create $MANILA_SERVICE_SECGROUP --protocol tcp --dst-port 22
  407. fi
  408. if ! openstack security group rule list $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 2049 "; then
  409. openstack security group rule create $MANILA_SERVICE_SECGROUP --protocol tcp --dst-port 2049
  410. fi
  411. if ! openstack security group rule list $MANILA_SERVICE_SECGROUP | grep -q " udp .* 2049 "; then
  412. openstack security group rule create $MANILA_SERVICE_SECGROUP --protocol udp --dst-port 2049
  413. fi
  414. if ! openstack security group rule list $MANILA_SERVICE_SECGROUP | grep -q " udp .* 445 "; then
  415. openstack security group rule create $MANILA_SERVICE_SECGROUP --protocol udp --dst-port 445
  416. fi
  417. if ! openstack security group rule list $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 445 "; then
  418. openstack security group rule create $MANILA_SERVICE_SECGROUP --protocol tcp --dst-port 445
  419. fi
  420. if ! openstack security group rule list $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 139 "; then
  421. openstack security group rule create $MANILA_SERVICE_SECGROUP --protocol tcp --dst-port 137:139
  422. fi
  423. if ! openstack security group rule list $MANILA_SERVICE_SECGROUP | grep -q " udp .* 139 "; then
  424. openstack security group rule create $MANILA_SERVICE_SECGROUP --protocol udp --dst-port 137:139
  425. fi
  426. # List secgroup rules
  427. openstack security group rule list $MANILA_SERVICE_SECGROUP
  428. }
  429. # create_manila_accounts - Set up common required manila accounts
  430. function create_manila_accounts {
  431. create_service_user "manila"
  432. get_or_create_service "manila" "share" "Manila Shared Filesystem Service"
  433. get_or_create_endpoint "share" "$REGION_NAME" \
  434. "$MANILA_ENDPOINT_BASE/v1/\$(project_id)s"
  435. # Set up Manila v2 service and endpoint
  436. get_or_create_service "manilav2" "sharev2" "Manila Shared Filesystem Service V2"
  437. get_or_create_endpoint "sharev2" "$REGION_NAME" \
  438. "$MANILA_ENDPOINT_BASE/v2/\$(project_id)s"
  439. }
  440. # create_default_share_group_type - create share group type that will be set as default.
  441. function create_default_share_group_type {
  442. local type_exists=$( manila share-group-type-list | grep " $MANILA_DEFAULT_SHARE_GROUP_TYPE " )
  443. if [[ -z $type_exists ]]; then
  444. manila share-group-type-create $MANILA_DEFAULT_SHARE_GROUP_TYPE $MANILA_DEFAULT_SHARE_TYPE
  445. fi
  446. if [[ $MANILA_DEFAULT_SHARE_GROUP_TYPE_SPECS ]]; then
  447. manila share-group-type-key $MANILA_DEFAULT_SHARE_GROUP_TYPE set $MANILA_DEFAULT_SHARE_GROUP_TYPE_SPECS
  448. fi
  449. }
  450. # create_default_share_type - create share type that will be set as default
  451. # if $MANILA_CONFIGURE_DEFAULT_TYPES is set to True, if set to False, the share
  452. # type identified by $MANILA_DEFAULT_SHARE_TYPE is still created, but not
  453. # configured as default.
  454. function create_default_share_type {
  455. enabled_backends=(${MANILA_ENABLED_BACKENDS//,/ })
  456. driver_handles_share_servers=$(iniget $MANILA_CONF ${enabled_backends[0]} driver_handles_share_servers)
  457. local type_exists=$( manila type-list | grep " $MANILA_DEFAULT_SHARE_TYPE " )
  458. if [[ -z $type_exists ]]; then
  459. local command_args="$MANILA_DEFAULT_SHARE_TYPE $driver_handles_share_servers"
  460. #if is_driver_enabled $MANILA_CONTAINER_DRIVER; then
  461. # # TODO(aovchinnikov): Remove this condition when Container driver supports
  462. # # snapshots
  463. # command_args="$command_args --snapshot_support false"
  464. #fi
  465. manila type-create $command_args
  466. fi
  467. if [[ $MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS ]]; then
  468. manila type-key $MANILA_DEFAULT_SHARE_TYPE set $MANILA_DEFAULT_SHARE_TYPE_EXTRA_SPECS
  469. fi
  470. }
  471. # create_custom_share_types - create share types suitable for both possible
  472. # driver modes with names "dhss_true" and "dhss_false".
  473. function create_custom_share_types {
  474. manila type-create dhss_true True
  475. if [[ $MANILA_DHSS_TRUE_SHARE_TYPE_EXTRA_SPECS ]]; then
  476. manila type-key dhss_true set $MANILA_DHSS_TRUE_SHARE_TYPE_EXTRA_SPECS
  477. fi
  478. manila type-create dhss_false False
  479. if [[ $MANILA_DHSS_FALSE_SHARE_TYPE_EXTRA_SPECS ]]; then
  480. manila type-key dhss_false set $MANILA_DHSS_FALSE_SHARE_TYPE_EXTRA_SPECS
  481. fi
  482. }
  483. # configure_backing_file - Set up backing file for LVM
  484. function configure_backing_file {
  485. sudo vgscan
  486. if ! sudo vgs $SHARE_GROUP; then
  487. if [ "$CONFIGURE_BACKING_FILE" = "True" ]; then
  488. SHARE_BACKING_FILE=${SHARE_BACKING_FILE:-$DATA_DIR/${SHARE_GROUP}-backing-file}
  489. # Only create if the file doesn't already exists
  490. [[ -f $SHARE_BACKING_FILE ]] || truncate -s $SHARE_BACKING_FILE_SIZE $SHARE_BACKING_FILE
  491. DEV=`sudo losetup -f --show $SHARE_BACKING_FILE`
  492. else
  493. DEV=$SHARE_BACKING_FILE
  494. fi
  495. # Only create if the loopback device doesn't contain $SHARE_GROUP
  496. if ! sudo vgs $SHARE_GROUP; then sudo vgcreate $SHARE_GROUP $DEV; fi
  497. fi
  498. mkdir -p $MANILA_STATE_PATH/shares
  499. mkdir -p /tmp/shares
  500. }
  501. # init_manila - Initializes database and creates manila dir if absent
  502. function init_manila {
  503. if is_service_enabled $DATABASE_BACKENDS; then
  504. # (re)create manila database
  505. recreate_database manila
  506. $MANILA_BIN_DIR/manila-manage db sync
  507. if [[ $(trueorfalse False MANILA_USE_DOWNGRADE_MIGRATIONS) == True ]]; then
  508. # Use both - upgrade and downgrade migrations to verify that
  509. # downgrade migrations do not break structure of Manila database.
  510. $MANILA_BIN_DIR/manila-manage db downgrade
  511. $MANILA_BIN_DIR/manila-manage db sync
  512. fi
  513. # Display version as debug-action (see bug/1473400)
  514. $MANILA_BIN_DIR/manila-manage db version
  515. fi
  516. if [ "$SHARE_DRIVER" == "manila.share.drivers.lvm.LVMShareDriver" ]; then
  517. if is_service_enabled m-shr; then
  518. # Configure a default volume group called '`lvm-shares`' for the share
  519. # service if it does not yet exist. If you don't wish to use a file backed
  520. # volume group, create your own volume group called ``stack-volumes`` before
  521. # invoking ``stack.sh``.
  522. #
  523. # By default, the backing file is 8G in size, and is stored in ``/opt/stack/data``.
  524. configure_backing_file
  525. fi
  526. elif [ "$SHARE_DRIVER" == $MANILA_CONTAINER_DRIVER ]; then
  527. if is_service_enabled m-shr; then
  528. SHARE_GROUP=$MANILA_CONTAINER_VOLUME_GROUP_NAME
  529. configure_backing_file
  530. fi
  531. elif [ "$SHARE_DRIVER" == "manila.share.drivers.zfsonlinux.driver.ZFSonLinuxShareDriver" ]; then
  532. if is_service_enabled m-shr; then
  533. mkdir -p $MANILA_ZFSONLINUX_BACKEND_FILES_CONTAINER_DIR
  534. file_counter=0
  535. MANILA_ZFSONLINUX_SERVICE_IP=${MANILA_ZFSONLINUX_SERVICE_IP:-"127.0.0.1"}
  536. for BE in ${MANILA_ENABLED_BACKENDS//,/ }; do
  537. if [[ $file_counter == 0 ]]; then
  538. # NOTE(vponomaryov): create two pools for first ZFS backend
  539. # to cover different use cases that are supported by driver:
  540. # - Support of more than one zpool for share backend.
  541. # - Support of nested datasets.
  542. local first_file="$MANILA_ZFSONLINUX_BACKEND_FILES_CONTAINER_DIR"/alpha
  543. local second_file="$MANILA_ZFSONLINUX_BACKEND_FILES_CONTAINER_DIR"/betta
  544. truncate -s $MANILA_ZFSONLINUX_ZPOOL_SIZE $first_file
  545. truncate -s $MANILA_ZFSONLINUX_ZPOOL_SIZE $second_file
  546. sudo zpool create alpha $first_file
  547. sudo zpool create betta $second_file
  548. # Create subdir (nested dataset) for second pool
  549. sudo zfs create betta/subdir
  550. iniset $MANILA_CONF $BE zfs_zpool_list alpha,betta/subdir
  551. elif [[ $file_counter == 1 ]]; then
  552. local file="$MANILA_ZFSONLINUX_BACKEND_FILES_CONTAINER_DIR"/gamma
  553. truncate -s $MANILA_ZFSONLINUX_ZPOOL_SIZE $file
  554. sudo zpool create gamma $file
  555. iniset $MANILA_CONF $BE zfs_zpool_list gamma
  556. else
  557. local filename=file"$file_counter"
  558. local file="$MANILA_ZFSONLINUX_BACKEND_FILES_CONTAINER_DIR"/"$filename"
  559. truncate -s $MANILA_ZFSONLINUX_ZPOOL_SIZE $file
  560. sudo zpool create $filename $file
  561. iniset $MANILA_CONF $BE zfs_zpool_list $filename
  562. fi
  563. iniset $MANILA_CONF $BE zfs_share_export_ip $MANILA_ZFSONLINUX_SHARE_EXPORT_IP
  564. iniset $MANILA_CONF $BE zfs_service_ip $MANILA_ZFSONLINUX_SERVICE_IP
  565. iniset $MANILA_CONF $BE zfs_dataset_creation_options $MANILA_ZFSONLINUX_DATASET_CREATION_OPTIONS
  566. iniset $MANILA_CONF $BE zfs_use_ssh $MANILA_ZFSONLINUX_USE_SSH
  567. iniset $MANILA_CONF $BE zfs_ssh_username $MANILA_ZFSONLINUX_SSH_USERNAME
  568. iniset $MANILA_CONF $BE replication_domain $MANILA_ZFSONLINUX_REPLICATION_DOMAIN
  569. iniset $MANILA_CONF $BE driver_handles_share_servers False
  570. let "file_counter=file_counter+1"
  571. done
  572. # Install the server's SSH key in our known_hosts file
  573. eval STACK_HOME=~$STACK_USER
  574. ssh-keyscan ${MANILA_ZFSONLINUX_SERVICE_IP} >> $STACK_HOME/.ssh/known_hosts
  575. # If the server is this machine, setup trust for ourselves (otherwise you're on your own)
  576. if [ "$MANILA_ZFSONLINUX_SERVICE_IP" = "127.0.0.1" ] || [ "$MANILA_ZFSONLINUX_SERVICE_IP" = "localhost" ] ; then
  577. # Trust our own SSH keys
  578. eval SSH_USER_HOME=~$MANILA_ZFSONLINUX_SSH_USERNAME
  579. cat $STACK_HOME/.ssh/*.pub >> $SSH_USER_HOME/.ssh/authorized_keys
  580. # Give ssh user sudo access
  581. echo "$MANILA_ZFSONLINUX_SSH_USERNAME ALL=(ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers > /dev/null
  582. iniset $MANILA_CONF DEFAULT data_node_access_ips $MANILA_ZFSONLINUX_SERVICE_IP
  583. fi
  584. fi
  585. fi
  586. }
  587. # check_nfs_kernel_service_state_ubuntu- Make sure nfsd is running
  588. function check_nfs_kernel_service_state_ubuntu {
  589. # (aovchinnikov): Workaround for nfs-utils bug 1052264
  590. if [[ $(sudo service nfs-kernel-server status &> /dev/null || echo 'fail') == 'fail' ]]; then
  591. echo "Apparently nfsd is not running. Trying to fix that."
  592. sudo mkdir -p "/media/nfsdonubuntuhelper"
  593. # (aovchinnikov): shell wrapping is needed for cases when a file to be written
  594. # is owned by root.
  595. sudo sh -c "echo '/media/nfsdonubuntuhelper 127.0.0.1(ro)' >> /etc/exports"
  596. sudo service nfs-kernel-server start
  597. fi
  598. if [[ $(sudo service nfs-kernel-server status &> /dev/null || echo 'fail') == 'fail' ]]; then
  599. echo "Failed to start nfsd. Exiting."
  600. exit 1
  601. fi
  602. }
  603. function _install_nfs_and_samba {
  604. if is_ubuntu; then
  605. install_package nfs-kernel-server nfs-common samba
  606. check_nfs_kernel_service_state_ubuntu
  607. elif is_fedora; then
  608. install_package nfs-utils samba
  609. sudo systemctl enable smb.service
  610. sudo systemctl start smb.service
  611. sudo systemctl enable nfs-server.service
  612. sudo systemctl start nfs-server.service
  613. elif is_suse; then
  614. install_package nfs-kernel-server nfs-utils samba
  615. else
  616. echo "This distro is not supported. Skipping step of NFS and Samba installation."
  617. fi
  618. }
  619. # install_manilaclient - Collect source and prepare
  620. # In order to install from git, add LIBS_FROM_GIT="python-manilaclient"
  621. # to local.conf
  622. function install_manilaclient {
  623. if use_library_from_git "python-manilaclient"; then
  624. git_clone $MANILACLIENT_REPO $MANILACLIENT_DIR $MANILACLIENT_BRANCH
  625. setup_develop $MANILACLIENT_DIR
  626. else
  627. pip_install python-manilaclient
  628. fi
  629. }
  630. # install_manila - Collect source and prepare
  631. function install_manila {
  632. setup_develop $MANILA_DIR
  633. if is_service_enabled m-shr; then
  634. if [[ ! $(systemctl is-active nfs-ganesha.service) == 'active' ]] ; then
  635. if [ "$SHARE_DRIVER" != "manila.share.drivers.cephfs.driver.CephFSDriver" ] ; then
  636. _install_nfs_and_samba
  637. fi
  638. fi
  639. if [ "$SHARE_DRIVER" == "manila.share.drivers.zfsonlinux.driver.ZFSonLinuxShareDriver" ]; then
  640. if [[ $(sudo zfs list &> /dev/null && sudo zpool list &> /dev/null || echo 'absent') == 'absent' ]]; then
  641. # ZFS not found, try to install it
  642. if is_ubuntu; then
  643. if [[ $(lsb_release -s -d) == *"14.04"* ]]; then
  644. # Trusty
  645. sudo apt-get install -y software-properties-common
  646. sudo apt-add-repository --yes ppa:zfs-native/stable
  647. # Workaround for bug #1609696
  648. sudo apt-mark hold grub*
  649. sudo apt-get -y -q update && sudo apt-get -y -q upgrade
  650. # Workaround for bug #1609696
  651. sudo apt-mark unhold grub*
  652. sudo apt-get install -y linux-headers-generic
  653. sudo apt-get install -y build-essential
  654. sudo apt-get install -y ubuntu-zfs
  655. elif [[ $(echo $(lsb_release -rs) '>=' 16.04 | bc -l) == 1 ]]; then
  656. # Xenial and beyond
  657. sudo apt-get install -y zfsutils-linux
  658. else
  659. echo "Only 'Trusty', 'Xenial' and newer releases of Ubuntu are supported."
  660. exit 1
  661. fi
  662. else
  663. echo "Manila Devstack plugin supports installation "\
  664. "of ZFS packages only for 'Ubuntu' distros. "\
  665. "Please, install it first by other means or add its support "\
  666. "for your distro."
  667. exit 1
  668. fi
  669. sudo modprobe zfs
  670. sudo modprobe zpool
  671. fi
  672. check_nfs_kernel_service_state_ubuntu
  673. elif [ "$SHARE_DRIVER" == $MANILA_CONTAINER_DRIVER ]; then
  674. # Remove workaround for https://launchpad.net/bugs/1876820 when
  675. # container driver stops using "brctl"
  676. install_package bridge-utils
  677. if is_ubuntu; then
  678. echo "Installing docker...."
  679. install_docker_ubuntu
  680. echo "Importing docker image"
  681. import_docker_service_image_ubuntu
  682. elif is_fedora; then
  683. echo "Installing docker...."
  684. install_docker_fedora
  685. echo "Importing docker image"
  686. # TODO(tbarron): See if using a fedora container image
  687. # is faster/smaller because of fewer extra dependencies.
  688. import_docker_service_image_ubuntu
  689. else
  690. echo "Manila Devstack plugin does not support Container Driver on"\
  691. " distros other than Ubuntu or Fedora."
  692. exit 1
  693. fi
  694. fi
  695. fi
  696. }
  697. #configure_samba - Configure node as Samba server
  698. function configure_samba {
  699. if [ "$SHARE_DRIVER" == "manila.share.drivers.lvm.LVMShareDriver" ]; then
  700. # TODO(vponomaryov): add here condition for ZFSonLinux driver too
  701. # when it starts to support SAMBA
  702. samba_daemon_name=smbd
  703. if is_service_enabled m-shr; then
  704. if is_fedora; then
  705. samba_daemon_name=smb
  706. fi
  707. sudo service $samba_daemon_name restart || echo "Couldn't restart '$samba_daemon_name' service"
  708. fi
  709. if [[ -e /usr/share/samba/smb.conf ]]; then
  710. sudo cp /usr/share/samba/smb.conf $SMB_CONF
  711. fi
  712. sudo chown $STACK_USER -R /etc/samba
  713. iniset $SMB_CONF global include registry
  714. iniset $SMB_CONF global security user
  715. if [ ! -d "$SMB_PRIVATE_DIR" ]; then
  716. sudo mkdir $SMB_PRIVATE_DIR
  717. sudo touch $SMB_PRIVATE_DIR/secrets.tdb
  718. fi
  719. for backend_name in ${MANILA_ENABLED_BACKENDS//,/ }; do
  720. iniset $MANILA_CONF $backend_name driver_handles_share_servers False
  721. iniset $MANILA_CONF $backend_name lvm_share_export_ips $MANILA_LVM_SHARE_EXPORT_IPS
  722. done
  723. iniset $MANILA_CONF DEFAULT data_node_access_ips $HOST_IP
  724. fi
  725. }
  726. # start_manila_api - starts manila API services and checks its availability
  727. function start_manila_api {
  728. # NOTE(vkmc) If both options are set to true we are using uwsgi
  729. # as the preferred way to deploy manila. See
  730. # https://governance.openstack.org/tc/goals/pike/deploy-api-in-wsgi.html#uwsgi-vs-mod-wsgi
  731. # for more details
  732. if [ $(trueorfalse False MANILA_USE_UWSGI) == True ] && [ $(trueorfalse False MANILA_USE_MOD_WSGI) == True ]; then
  733. MSG="Both MANILA_USE_UWSGI and MANILA_USE_MOD_WSGI are set to True.
  734. Using UWSGI as the preferred option
  735. Set MANILA_USE_UWSGI to False to deploy manila api with MOD_WSGI"
  736. warn $LINENO $MSG
  737. fi
  738. if [ $(trueorfalse False MANILA_USE_UWSGI) == True ]; then
  739. echo "Deploying with UWSGI"
  740. run_process m-api "$(which uwsgi) --ini $MANILA_UWSGI_CONF --procname-prefix manila-api"
  741. elif [ $(trueorfalse False MANILA_USE_MOD_WSGI) == True ]; then
  742. echo "Deploying with MOD_WSGI"
  743. install_apache_wsgi
  744. enable_apache_site manila-api
  745. restart_apache_server
  746. tail_log m-api /var/log/$APACHE_NAME/manila_api.log
  747. else
  748. echo "Deploying with built-in server"
  749. run_process m-api "$MANILA_BIN_DIR/manila-api --config-file $MANILA_CONF"
  750. fi
  751. echo "Waiting for Manila API to start..."
  752. # This is a health check against the manila-api service we just started.
  753. # We use the port ($REAL_MANILA_SERVICE_PORT) here because we want to hit
  754. # the bare service endpoint, even if the tls tunnel should be enabled.
  755. # We're making sure that the internal port is checked using unencryted
  756. # traffic at this point.
  757. local MANILA_HEALTH_CHECK_URL=$MANILA_SERVICE_PROTOCOL://$MANILA_SERVICE_HOST:$REAL_MANILA_SERVICE_PORT
  758. if [ $(trueorfalse False MANILA_USE_UWSGI) == True ]; then
  759. MANILA_HEALTH_CHECK_URL=$MANILA_ENDPOINT_BASE
  760. fi
  761. if ! wait_for_service $SERVICE_TIMEOUT $MANILA_HEALTH_CHECK_URL; then
  762. die $LINENO "Manila API did not start"
  763. fi
  764. # Start proxies if enabled
  765. #
  766. # If tls-proxy is enabled and MANILA_USE_UWSGI is set to True, a generic
  767. # http-services-tls-proxy will be set up to handle tls-termination to
  768. # manila as well as all the other https services, we don't need to
  769. # create our own.
  770. if [ $(trueorfalse False MANILA_USE_UWSGI) == False ] && is_service_enabled tls-proxy; then
  771. start_tls_proxy manila '*' $MANILA_SERVICE_PORT $MANILA_SERVICE_HOST $MANILA_SERVICE_PORT_INT
  772. fi
  773. }
  774. # start_rest_of_manila - starts non-api manila services
  775. function start_rest_of_manila {
  776. run_process m-shr "$MANILA_BIN_DIR/manila-share --config-file $MANILA_CONF"
  777. run_process m-sch "$MANILA_BIN_DIR/manila-scheduler --config-file $MANILA_CONF"
  778. run_process m-dat "$MANILA_BIN_DIR/manila-data --config-file $MANILA_CONF"
  779. }
  780. # start_manila - start all manila services. This function is kept for compatibility
  781. # reasons with old approach.
  782. function start_manila {
  783. start_manila_api
  784. start_rest_of_manila
  785. }
  786. # stop_manila - Stop running processes
  787. function stop_manila {
  788. # Disable manila api service
  789. if [ $(trueorfalse False MANILA_USE_MOD_WSGI) == True ]; then
  790. disable_apache_site manila-api
  791. restart_apache_server
  792. else
  793. stop_process m-api
  794. fi
  795. # Kill all other manila processes
  796. for serv in m-sch m-shr m-dat; do
  797. stop_process $serv
  798. done
  799. }
  800. function install_manila_tempest_plugin {
  801. MANILA_TEMPEST_PLUGIN_REPO=${MANILA_TEMPEST_PLUGIN_REPO:-${GIT_BASE}/openstack/manila-tempest-plugin}
  802. MANILA_TEMPEST_PLUGIN_BRANCH=${MANILA_TEMPEST_PLUGIN_BRANCH:-master}
  803. MANILA_TEMPEST_PLUGIN_DIR=$DEST/manila-tempest-plugin
  804. git_clone $MANILA_TEMPEST_PLUGIN_REPO $MANILA_TEMPEST_PLUGIN_DIR $MANILA_TEMPEST_PLUGIN_BRANCH
  805. setup_develop $MANILA_TEMPEST_PLUGIN_DIR
  806. }
  807. # update_tempest - Function used for updating Tempest config if Tempest service enabled
  808. function update_tempest {
  809. if is_service_enabled tempest; then
  810. if [[ "$(trueorfalse False MANILA_SETUP_IPV6)" == "True" ]]; then
  811. # The public network was created by us, so set it explicitly in
  812. # tempest.conf
  813. public_net_id=$(openstack network list --name $PUBLIC_NETWORK_NAME -f value -c ID )
  814. iniset $TEMPEST_CONFIG network public_network_id $public_net_id
  815. fi
  816. TEMPEST_CONFIG=${TEMPEST_CONFIG:-$TEMPEST_DIR/etc/tempest.conf}
  817. ADMIN_TENANT_NAME=${ADMIN_TENANT_NAME:-"admin"}
  818. ADMIN_DOMAIN_NAME=${ADMIN_DOMAIN_NAME:-"Default"}
  819. ADMIN_PASSWORD=${ADMIN_PASSWORD:-"secretadmin"}
  820. if [ $(trueorfalse False MANILA_USE_SERVICE_INSTANCE_PASSWORD) == True ]; then
  821. iniset $TEMPEST_CONFIG share image_password $MANILA_SERVICE_INSTANCE_PASSWORD
  822. fi
  823. iniset $TEMPEST_CONFIG share image_with_share_tools $MANILA_SERVICE_IMAGE_NAME
  824. iniset $TEMPEST_CONFIG auth admin_username ${ADMIN_USERNAME:-"admin"}
  825. iniset $TEMPEST_CONFIG auth admin_password ${ADMIN_PASSWORD:-"secretadmin"}
  826. iniset $TEMPEST_CONFIG auth admin_tenant_name $ADMIN_TENANT_NAME
  827. iniset $TEMPEST_CONFIG auth admin_domain_name $ADMIN_DOMAIN_NAME
  828. iniset $TEMPEST_CONFIG identity username ${TEMPEST_USERNAME:-"demo"}
  829. iniset $TEMPEST_CONFIG identity password $ADMIN_PASSWORD
  830. iniset $TEMPEST_CONFIG identity tenant_name ${TEMPEST_TENANT_NAME:-"demo"}
  831. iniset $TEMPEST_CONFIG identity domain_name $ADMIN_DOMAIN_NAME
  832. iniset $TEMPEST_CONFIG identity alt_username ${ALT_USERNAME:-"alt_demo"}
  833. iniset $TEMPEST_CONFIG identity alt_password $ADMIN_PASSWORD
  834. iniset $TEMPEST_CONFIG identity alt_tenant_name ${ALT_TENANT_NAME:-"alt_demo"}
  835. iniset $TEMPEST_CONFIG identity alt_domain_name $ADMIN_DOMAIN_NAME
  836. fi
  837. }
  838. function install_docker_ubuntu {
  839. sudo apt-get update
  840. install_package apparmor
  841. install_package docker.io
  842. }
  843. function install_docker_fedora {
  844. sudo yum install -y docker
  845. sudo systemctl enable docker
  846. sudo systemctl start docker
  847. }
  848. function download_image {
  849. local image_url=$1
  850. local image image_fname
  851. image_fname=`basename "$image_url"`
  852. if [[ $image_url != file* ]]; then
  853. # Downloads the image (uec ami+akistyle), then extracts it.
  854. if [[ ! -f $FILES/$image_fname || "$(stat -c "%s" $FILES/$image_fname)" = "0" ]]; then
  855. wget --progress=dot:giga -c $image_url -O $FILES/$image_fname
  856. if [[ $? -ne 0 ]]; then
  857. echo "Not found: $image_url"
  858. return
  859. fi
  860. fi
  861. image="$FILES/${image_fname}"
  862. else
  863. # File based URL (RFC 1738): ``file://host/path``
  864. # Remote files are not considered here.
  865. # unix: ``file:///home/user/path/file``
  866. # windows: ``file:///C:/Documents%20and%20Settings/user/path/file``
  867. image=$(echo $image_url | sed "s/^file:\/\///g")
  868. if [[ ! -f $image || "$(stat -c "%s" $image)" == "0" ]]; then
  869. echo "Not found: $image_url"
  870. return
  871. fi
  872. fi
  873. }
  874. function import_docker_service_image_ubuntu {
  875. GZIPPED_IMG_NAME=`basename "$MANILA_DOCKER_IMAGE_URL"`
  876. IMG_NAME_LOAD=${GZIPPED_IMG_NAME%.*}
  877. LOCAL_IMG_NAME=${IMG_NAME_LOAD%.*}
  878. if [[ "$(sudo docker images -q $LOCAL_IMG_NAME)" == "" ]]; then
  879. download_image $MANILA_DOCKER_IMAGE_URL
  880. # Import image in Docker
  881. gzip -d $FILES/$GZIPPED_IMG_NAME
  882. sudo docker load --input $FILES/$IMG_NAME_LOAD
  883. fi
  884. }
  885. function remove_docker_service_image {
  886. sudo docker rmi $MANILA_DOCKER_IMAGE_ALIAS
  887. }
  888. function install_libraries {
  889. if [ $(trueorfalse False MANILA_MULTI_BACKEND) == True ]; then
  890. if [ $(trueorfalse True RUN_MANILA_HOST_ASSISTED_MIGRATION_TESTS) == True ]; then
  891. if is_ubuntu; then
  892. install_package nfs-common
  893. else
  894. install_package nfs-utils
  895. fi
  896. fi
  897. fi
  898. }
  899. function allow_host_ports_for_share_mounting {
  900. if [[ $MANILA_ENABLED_SHARE_PROTOCOLS =~ NFS ]]; then
  901. # 111 and 2049 are for rpcbind and NFS
  902. # Other ports are for NFSv3 statd, mountd and lockd daemons
  903. MANILA_TCP_PORTS=(2049 111 32803 892 875 662)
  904. MANILA_UDP_PORTS=(111 32769 892 875 662)
  905. fi
  906. if [[ $MANILA_ENABLED_SHARE_PROTOCOLS =~ CEPHFS ]]; then
  907. # clients need access to the ceph daemons
  908. MANILA_TCP_PORTS=(${MANILA_TCP_PORTS[*]} 6789 6800:7300)
  909. fi
  910. if [[ -v MANILA_TCP_PORTS || -v MANILA_UDP_PORTS ]]; then
  911. for ipcmd in iptables ip6tables; do
  912. sudo $ipcmd -N manila-storage
  913. sudo $ipcmd -I INPUT 1 -j manila-storage
  914. for port in ${MANILA_TCP_PORTS[*]}; do
  915. sudo $ipcmd -A manila-storage -m tcp -p tcp --dport $port -j ACCEPT
  916. done
  917. for port in ${MANILA_UDP_PORTS[*]}; do
  918. sudo $ipcmd -A manila-storage -m udp -p udp --dport $port -j ACCEPT
  919. done
  920. done
  921. fi
  922. }
  923. function setup_ipv6 {
  924. # This will fail with multiple default routes and is not needed in CI
  925. # but may be useful when developing with devstack locally
  926. if [ $(trueorfalse False MANILA_RESTORE_IPV6_DEFAULT_ROUTE) == True ]; then
  927. # save IPv6 default route to add back later after enabling forwarding
  928. local default_route=$(ip -6 route | grep default | cut -d ' ' -f1,2,3,4,5)
  929. fi
  930. # make sure those system values are set
  931. sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=0
  932. sudo sysctl -w net.ipv6.conf.all.accept_ra=2
  933. sudo sysctl -w net.ipv6.conf.all.forwarding=1
  934. # Disable in-band as our communication is only internal
  935. sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE other_config:disable-in-band=true
  936. # Create address scopes and subnet pools
  937. openstack address scope create --share --ip-version 4 scope-v4
  938. openstack address scope create --share --ip-version 6 scope-v6
  939. openstack subnet pool create $SUBNETPOOL_NAME_V4 --default-prefix-length $SUBNETPOOL_SIZE_V4 --pool-prefix $SUBNETPOOL_PREFIX_V4 --address-scope scope-v4 --default --share
  940. openstack subnet pool create $SUBNETPOOL_NAME_V6 --default-prefix-length $SUBNETPOOL_SIZE_V6 --pool-prefix $SUBNETPOOL_PREFIX_V6 --address-scope scope-v6 --default --share
  941. # Create example private network and router
  942. openstack router create $Q_ROUTER_NAME
  943. openstack network create $PRIVATE_NETWORK_NAME
  944. openstack subnet create --ip-version 6 --use-default-subnet-pool --ipv6-address-mode $IPV6_ADDRESS_MODE --ipv6-ra-mode $IPV6_RA_MODE --network $PRIVATE_NETWORK_NAME $IPV6_PRIVATE_SUBNET_NAME
  945. openstack subnet create --ip-version 4 --use-default-subnet-pool --network $PRIVATE_NETWORK_NAME $PRIVATE_SUBNET_NAME
  946. openstack router add subnet $Q_ROUTER_NAME $IPV6_PRIVATE_SUBNET_NAME
  947. openstack router add subnet $Q_ROUTER_NAME $PRIVATE_SUBNET_NAME
  948. # Create public network
  949. openstack network create $PUBLIC_NETWORK_NAME --external --default --provider-network-type flat --provider-physical-network $PUBLIC_PHYSICAL_NETWORK
  950. local public_gateway_ipv6=$(openstack subnet create $IPV6_PUBLIC_SUBNET_NAME --ip-version 6 --network $PUBLIC_NETWORK_NAME --subnet-pool $SUBNETPOOL_NAME_V6 --no-dhcp -c gateway_ip -f value)
  951. local public_gateway_ipv4=$(openstack subnet create $PUBLIC_SUBNET_NAME --ip-version 4 --network $PUBLIC_NETWORK_NAME --subnet-range $FLOATING_RANGE --no-dhcp -c gateway_ip -f value)
  952. # Set router to use public network
  953. openstack router set --external-gateway $PUBLIC_NETWORK_NAME $Q_ROUTER_NAME
  954. # Configure interfaces due to NEUTRON_CREATE_INITIAL_NETWORKS=False
  955. local ipv4_cidr_len=${FLOATING_RANGE#*/}
  956. sudo ip -6 addr add "$public_gateway_ipv6"/$SUBNETPOOL_SIZE_V6 dev $PUBLIC_BRIDGE
  957. sudo ip addr add $PUBLIC_NETWORK_GATEWAY/"$ipv4_cidr_len" dev $PUBLIC_BRIDGE
  958. # Enabling interface is needed due to NEUTRON_CREATE_INITIAL_NETWORKS=False
  959. sudo ip link set $PUBLIC_BRIDGE up
  960. if [ "$SHARE_DRIVER" == "manila.share.drivers.lvm.LVMShareDriver" ]; then
  961. for backend_name in ${MANILA_ENABLED_BACKENDS//,/ }; do
  962. iniset $MANILA_CONF $backend_name lvm_share_export_ips $public_gateway_ipv4,$public_gateway_ipv6
  963. done
  964. iniset $MANILA_CONF DEFAULT data_node_access_ips $public_gateway_ipv4
  965. fi
  966. if [ "$SHARE_DRIVER" == "manila.share.drivers.cephfs.driver.CephFSDriver" ]; then
  967. for backend_name in ${MANILA_ENABLED_BACKENDS//,/ }; do
  968. iniset $MANILA_CONF $backend_name cephfs_ganesha_export_ips $public_gateway_ipv4,$public_gateway_ipv6
  969. done
  970. iniset $MANILA_CONF DEFAULT data_node_access_ips $public_gateway_ipv4
  971. fi
  972. # install Quagga for setting up the host routes dynamically
  973. install_package quagga
  974. # set Quagga daemons
  975. (
  976. echo "zebra=yes"
  977. echo "bgpd=yes"
  978. echo "ospfd=no"
  979. echo "ospf6d=no"
  980. echo "ripd=no"
  981. echo "ripngd=no"
  982. echo "isisd=no"
  983. echo "babeld=no"
  984. ) | sudo tee /etc/quagga/daemons > /dev/null
  985. # set Quagga zebra.conf
  986. (
  987. echo "hostname dsvm"
  988. echo "password openstack"
  989. echo "log file /var/log/quagga/zebra.log"
  990. ) | sudo tee /etc/quagga/zebra.conf > /dev/null
  991. # set Quagga vtysh.conf
  992. (
  993. echo "service integrated-vtysh-config"
  994. echo "username quagga nopassword"
  995. ) | sudo tee /etc/quagga/vtysh.conf > /dev/null
  996. # set Quagga bgpd.conf
  997. (
  998. echo "log file /var/log/quagga/bgpd.log"
  999. echo "bgp multiple-instance"
  1000. echo "router bgp 200"
  1001. echo " bgp router-id 1.2.3.4"
  1002. echo " neighbor $public_gateway_ipv6 remote-as 100"
  1003. echo " neighbor $public_gateway_ipv6 passive"
  1004. echo " address-family ipv6"
  1005. echo " neighbor $public_gateway_ipv6 activate"
  1006. echo "line vty"
  1007. echo "debug bgp events"
  1008. echo "debug bgp filters"
  1009. echo "debug bgp fsm"
  1010. echo "debug bgp keepalives"
  1011. echo "debug bgp updates"
  1012. ) | sudo tee /etc/quagga/bgpd.conf > /dev/null
  1013. # Quagga logging
  1014. sudo mkdir -p /var/log/quagga
  1015. sudo touch /var/log/quagga/zebra.log
  1016. sudo touch /var/log/quagga/bgpd.log
  1017. sudo chown -R quagga:quagga /var/log/quagga
  1018. GetOSVersion
  1019. QUAGGA_SERVICES="zebra bgpd"
  1020. if [[ is_ubuntu && "$os_CODENAME" == "xenial" ]]; then
  1021. # In Ubuntu Xenial, the services bgpd and zebra are under
  1022. # one systemd unit: quagga
  1023. QUAGGA_SERVICES="quagga"
  1024. elif is_fedora; then
  1025. # Disable SELinux rule that conflicts with Zebra
  1026. sudo setsebool -P zebra_write_config 1
  1027. fi
  1028. sudo systemctl enable $QUAGGA_SERVICES
  1029. sudo systemctl restart $QUAGGA_SERVICES
  1030. # log the systemd status
  1031. sudo systemctl status $QUAGGA_SERVICES
  1032. # This will fail with mutltiple default routes and is not needed in CI
  1033. # but may be useful when developing with devstack locally
  1034. if [ $(trueorfalse False MANILA_RESTORE_IPV6_DEFAULT_ROUTE) == True ]; then
  1035. # add default IPv6 route back
  1036. if ! [[ -z $default_route ]]; then
  1037. # "replace" should ignore "RTNETLINK answers: File exists"
  1038. # error if the route wasn't flushed by the bgp setup we did earlier.
  1039. sudo ip -6 route replace $default_route
  1040. fi
  1041. fi
  1042. }
  1043. function setup_bgp_for_ipv6 {
  1044. public_gateway_ipv6=$(openstack subnet show ipv6-public-subnet -c gateway_ip -f value)
  1045. neutron bgp-speaker-create --ip-version 6 --local-as 100 bgpspeaker
  1046. neutron bgp-speaker-network-add bgpspeaker $PUBLIC_NETWORK_NAME
  1047. neutron bgp-peer-create --peer-ip $public_gateway_ipv6 --remote-as 200 bgppeer
  1048. neutron bgp-speaker-peer-add bgpspeaker bgppeer
  1049. }
  1050. # Main dispatcher
  1051. if [[ "$1" == "stack" && "$2" == "install" ]]; then
  1052. echo_summary "Installing Manila Client"
  1053. install_manilaclient
  1054. echo_summary "Installing Manila"
  1055. install_manila
  1056. set_cinder_quotas
  1057. elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
  1058. echo_summary "Configuring Manila"
  1059. configure_manila
  1060. echo_summary "Initializing Manila"
  1061. init_manila
  1062. echo_summary "Installing extra libraries"
  1063. install_libraries
  1064. echo_summary "Creating Manila entities for auth service"
  1065. create_manila_accounts
  1066. # Cinder config update
  1067. if is_service_enabled cinder && [[ -n "$CINDER_OVERSUBSCRIPTION_RATIO" ]]; then
  1068. CINDER_CONF=${CINDER_CONF:-/etc/cinder/cinder.conf}
  1069. CINDER_ENABLED_BACKENDS=$(iniget $CINDER_CONF DEFAULT enabled_backends)
  1070. for BN in ${CINDER_ENABLED_BACKENDS//,/ }; do
  1071. iniset $CINDER_CONF $BN lvm_max_over_subscription_ratio $CINDER_OVERSUBSCRIPTION_RATIO
  1072. done
  1073. iniset $CINDER_CONF DEFAULT max_over_subscription_ratio $CINDER_OVERSUBSCRIPTION_RATIO
  1074. fi
  1075. elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
  1076. if is_service_enabled nova; then
  1077. echo_summary "Creating Manila service flavor"
  1078. create_manila_service_flavor
  1079. echo_summary "Creating Manila service security group"
  1080. create_manila_service_secgroup
  1081. fi
  1082. # Skip image downloads when disabled.
  1083. # This way vendor Manila driver CI tests can skip
  1084. # this potentially long and unnecessary download.
  1085. if [ "$MANILA_SERVICE_IMAGE_ENABLED" = "True" ]; then
  1086. echo_summary "Creating Manila service image"
  1087. create_manila_service_image
  1088. else
  1089. echo_summary "Skipping download of Manila service image"
  1090. fi
  1091. if is_service_enabled nova; then
  1092. echo_summary "Creating Manila service keypair"
  1093. create_manila_service_keypair
  1094. fi
  1095. echo_summary "Configure Samba server"
  1096. configure_samba
  1097. echo_summary "Configuring IPv6"
  1098. if [ $(trueorfalse False MANILA_SETUP_IPV6) == True ]; then
  1099. setup_ipv6
  1100. fi
  1101. echo_summary "Starting Manila API"
  1102. start_manila_api
  1103. # Workaround for bug #1660304
  1104. if [ "$SHARE_DRIVER" != "manila.share.drivers.generic.GenericShareDriver" ]; then
  1105. echo_summary "Starting rest of Manila services - scheduler, share and data"
  1106. start_rest_of_manila
  1107. fi
  1108. echo_summary "Creating Manila default share type"
  1109. create_default_share_type
  1110. echo_summary "Creating Manila default share group type"
  1111. create_default_share_group_type
  1112. echo_summary "Creating Manila custom share types"
  1113. create_custom_share_types
  1114. echo_summary "Manila UI is no longer enabled by default. \
  1115. Add enable_plugin manila-ui https://opendev.org/openstack/manila-ui \
  1116. to your local.conf file to enable Manila UI"
  1117. elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
  1118. ###########################################################################
  1119. # NOTE(vponomaryov): Workaround for bug #1660304
  1120. # We are able to create Nova VMs now only when last Nova step is performed
  1121. # which is registration of cell0. It is registered as last action in
  1122. # "post-extra" section.
  1123. if is_service_enabled nova; then
  1124. echo_summary "Creating Manila service VMs for generic driver \
  1125. backends for which handlng of share servers is disabled."
  1126. create_service_share_servers
  1127. fi
  1128. if [ "$SHARE_DRIVER" == "manila.share.drivers.generic.GenericShareDriver" ]; then
  1129. echo_summary "Starting rest of Manila services - scheduler, share and data"
  1130. start_rest_of_manila
  1131. fi
  1132. ###########################################################################
  1133. if [ $(trueorfalse False MANILA_INSTALL_TEMPEST_PLUGIN_SYSTEMWIDE) == True ]; then
  1134. echo_summary "Fetching and installing manila-tempest-plugin system-wide"
  1135. install_manila_tempest_plugin
  1136. export DEPRECATED_TEXT="$DEPRECATED_TEXT\nInstalling
  1137. manila-tempest-plugin can be done with the help of its own DevStack
  1138. plugin by adding: \n\n\t'enable_plugin manila-tempest-plugin
  1139. https://opendev.org/openstack/manila-tempest-plugin'.\n\nManila's
  1140. DevStack plugin will stop installing it automatically."
  1141. fi
  1142. echo_summary "Update Tempest config"
  1143. update_tempest
  1144. if [[ "$(trueorfalse False MANILA_ALLOW_NAS_SERVER_PORTS_ON_HOST)" == "True" ]]; then
  1145. echo_summary "Allowing IPv4 and IPv6 access to NAS ports on the host"
  1146. allow_host_ports_for_share_mounting
  1147. fi
  1148. if [[ "$(trueorfalse False MANILA_SETUP_IPV6)" == "True" ]]; then
  1149. # Now that all plugins are loaded, setup BGP
  1150. echo_summary "Setting up BGP speaker to advertise routes to project networks"
  1151. setup_bgp_for_ipv6
  1152. fi
  1153. fi
  1154. if [[ "$1" == "unstack" ]]; then
  1155. cleanup_manila
  1156. fi
  1157. if [[ "$1" == "clean" ]]; then
  1158. cleanup_manila
  1159. sudo rm -rf /etc/manila
  1160. fi
  1161. # Restore xtrace
  1162. $XTRACE