openstack
/
manila
Code Issues Proposed changes
manila/contrib/devstack/lib/manila

358 lines
15 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# lib/manila
# Install and start **Manila** file shares service
# Dependencies:
# - functions
# - DEST, DATA_DIR, STACK_USER must be defined
# SERVICE_{TENANT_NAME|PASSWORD} must be defined
# ``KEYSTONE_TOKEN_FORMAT`` must be defined
# stack.sh
# ---------
# install_manila #
# configure_manila #
# init_manila #
# start_manila #
# stop_manila #
# cleanup_manila #
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
MANILA_REPO_ROOT=stackforge
MANILA_GIT_BASE=${MANILA_GIT_BASE:-https://github.com}
MANILA_REPO=${MANILA_GIT_BASE}/${MANILA_REPO_ROOT}/manila.git
MANILA_BRANCH=master
MANILACLIENT_REPO=${MANILA_GIT_BASE}/${MANILA_REPO_ROOT}/python-manilaclient.git
MANILACLIENT_BRANCH=master
# set up default directories
MANILA_DIR=${MANILA_DIR:=$DEST/manila}
MANILA_LOCK_PATH=${MANILA_LOCK_PATH:=$MANILA_DIR/manila_locks}
MANILACLIENT_DIR=${MANILACLIENT_DIR:=$DEST/python-manilaclient}
MANILA_STATE_PATH=${MANILA_STATE_PATH:=$DATA_DIR/manila}
MANILA_MNT_DIR=${MANILA_MNT_DIR:=$MANILA_STATE_PATH/mnt}
MANILA_AUTH_CACHE_DIR=${MANILA_AUTH_CACHE_DIR:-/var/cache/manila}
MANILA_CONF_DIR=/etc/manila
MANILA_CONF=$MANILA_CONF_DIR/manila.conf
MANILA_API_PASTE_INI=$MANILA_CONF_DIR/api-paste.ini
# Public facing bits
MANILA_SERVICE_HOST=${MANILA_SERVICE_HOST:-$SERVICE_HOST}
MANILA_SERVICE_PORT=${MANILA_SERVICE_PORT:-8786}
MANILA_SERVICE_PORT_INT=${MANILA_SERVICE_PORT_INT:-18776}
MANILA_SERVICE_PROTOCOL=${MANILA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
# Support entry points installation of console scripts
if [[ -d $MANILA_DIR/bin ]]; then
MANILA_BIN_DIR=$MANILA_DIR/bin
else
MANILA_BIN_DIR=$(get_python_exec_prefix)
fi
# Support for multi backend configuration (default is no support)
MANILA_MULTI_BACKEND=$(trueorfalse False $MANILA_MULTI_BACKEND)
# First share backend data, that will be used in any installation
MANILA_BACKEND1_CONFIG_GROUP_NAME=${MANILA_BACKEND1_CONFIG_GROUP_NAME:-backend1}
MANILA_SHARE_BACKEND1_NAME=${MANILA_SHARE_BACKEND1_NAME:-BACKEND1}
# Second share backend data, that will be used only with MANILA_MULTI_BACKEND=True
MANILA_BACKEND2_CONFIG_GROUP_NAME=${MANILA_BACKEND2_CONFIG_GROUP_NAME:-backend2}
MANILA_SHARE_BACKEND2_NAME=${MANILA_SHARE_BACKEND2_NAME:-BACKEND2}
SHARE_NAME_PREFIX=${SHARE_NAME_PREFIX:-share-}
SHARE_DRIVER=${SHARE_DRIVER:-manila.share.drivers.generic.GenericShareDriver}
MANILA_SCHEDULER_DRIVER=${MANILA_SCHEDULER_DRIVER:-manila.scheduler.filter_scheduler.FilterScheduler}
eval USER_HOME=~
# These are used by generic driver
MANILA_PATH_TO_PUBLIC_KEY=${MANILA_PATH_TO_PUBLIC_KEY:-"$USER_HOME/.ssh/id_rsa.pub"}
MANILA_PATH_TO_PRIVATE_KEY=${MANILA_PATH_TO_PRIVATE_KEY:-"$USER_HOME/.ssh/id_rsa"}
MANILA_SERVICE_INSTANCE_USER=${MANILA_SERVICE_INSTANCE_USER:-"ubuntu"}
MANILA_SERVICE_INSTANCE_PASSWORD=${MANILA_SERVICE_INSTANCE_PASSWORD:-"ubuntu"}
MANILA_SERVICE_IMAGE_URL=${MANILA_SERVICE_IMAGE_URL:-"https://www.dropbox.com/s/vi5oeh10q1qkckh/ubuntu_1204_nfs_cifs.qcow2"}
MANILA_SERVICE_IMAGE_NAME=${MANILA_SERVICE_IMAGE_NAME:-"ubuntu_1204_nfs_cifs"}
MANILA_SERVICE_VM_FLAVOR_REF=${MANILA_SERVICE_VM_FLAVOR_REF:-100}
MANILA_SERVICE_VM_FLAVOR_NAME=${MANILA_SERVICE_VM_FLAVOR_NAME:-"manila-service-flavor"}
MANILA_SERVICE_VM_FLAVOR_RAM=${MANILA_SERVICE_VM_FLAVOR_RAM:-64}
MANILA_SERVICE_VM_FLAVOR_DISK=${MANILA_SERVICE_VM_FLAVOR_DISK:-0}
MANILA_SERVICE_VM_FLAVOR_VCPUS=${MANILA_SERVICE_VM_FLAVOR_VCPUS:-1}
# cleanup_manila - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_manila {
# This is placeholder.
# All stuff, that are created by Generic driver will be cleaned up by other services.
:
}
function add_share_backend {
# Expects two args:
# 1: config group name
# 2: share_backend_name
iniset $MANILA_CONF $1 share_driver $SHARE_DRIVER
iniset $MANILA_CONF $1 share_backend_name $2
iniset $MANILA_CONF $1 path_to_public_key $MANILA_PATH_TO_PUBLIC_KEY
iniset $MANILA_CONF $1 path_to_private_key $MANILA_PATH_TO_PRIVATE_KEY
iniset $MANILA_CONF $1 service_image_name $MANILA_SERVICE_IMAGE_NAME
iniset $MANILA_CONF $1 service_instance_user $MANILA_SERVICE_INSTANCE_USER
iniset $MANILA_CONF $1 service_instance_password $MANILA_SERVICE_INSTANCE_PASSWORD
}
# configure_manila - Set config files, create data dirs, etc
function configure_manila {
setup_develop $MANILA_DIR
setup_develop $MANILACLIENT_DIR
if [[ ! -d $MANILA_CONF_DIR ]]; then
sudo mkdir -p $MANILA_CONF_DIR
fi
sudo chown $STACK_USER $MANILA_CONF_DIR
cp -p $MANILA_DIR/etc/manila/policy.json $MANILA_CONF_DIR
# Set the paths of certain binaries
MANILA_ROOTWRAP=$(get_rootwrap_location manila)
# If Manila ships the new rootwrap filters files, deploy them
# (owned by root) and add a parameter to $MANILA_ROOTWRAP
ROOTWRAP_MANILA_SUDOER_CMD="$MANILA_ROOTWRAP"
if [[ -d $MANILA_DIR/etc/manila/rootwrap.d ]]; then
# Wipe any existing rootwrap.d files first
if [[ -d $MANILA_CONF_DIR/rootwrap.d ]]; then
sudo rm -rf $MANILA_CONF_DIR/rootwrap.d
fi
# Deploy filters to /etc/manila/rootwrap.d
sudo mkdir -m 755 $MANILA_CONF_DIR/rootwrap.d
sudo cp $MANILA_DIR/etc/manila/rootwrap.d/*.filters $MANILA_CONF_DIR/rootwrap.d
sudo chown -R root:root $MANILA_CONF_DIR/rootwrap.d
sudo chmod 644 $MANILA_CONF_DIR/rootwrap.d/*
# Set up rootwrap.conf, pointing to /etc/manila/rootwrap.d
sudo cp $MANILA_DIR/etc/manila/rootwrap.conf $MANILA_CONF_DIR/
sudo sed -e "s:^filters_path=.*$:filters_path=$MANILA_CONF_DIR/rootwrap.d:" -i $MANILA_CONF_DIR/rootwrap.conf
sudo chown root:root $MANILA_CONF_DIR/rootwrap.conf
sudo chmod 0644 $MANILA_CONF_DIR/rootwrap.conf
# Specify rootwrap.conf as first parameter to manila-rootwrap
MANILA_ROOTWRAP="$MANILA_ROOTWRAP $MANILA_CONF_DIR/rootwrap.conf"
ROOTWRAP_MANILA_SUDOER_CMD="$MANILA_ROOTWRAP *"
fi
TEMPFILE=`mktemp`
echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_MANILA_SUDOER_CMD" >$TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/manila-rootwrap
cp $MANILA_DIR/etc/manila/api-paste.ini $MANILA_API_PASTE_INI
iniset $MANILA_API_PASTE_INI filter:authtoken auth_host $KEYSTONE_AUTH_HOST
iniset $MANILA_API_PASTE_INI filter:authtoken auth_port $KEYSTONE_AUTH_PORT
iniset $MANILA_API_PASTE_INI filter:authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
iniset $MANILA_API_PASTE_INI filter:authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $MANILA_API_PASTE_INI filter:authtoken admin_user manila
iniset $MANILA_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
iniset $MANILA_API_PASTE_INI filter:authtoken signing_dir $MANILA_AUTH_CACHE_DIR
# Remove old conf file if exists
rm -f $MANILA_CONF
iniset $MANILA_CONF DEFAULT auth_strategy keystone
iniset $MANILA_CONF DEFAULT debug True
iniset $MANILA_CONF DEFAULT verbose True
iniset $MANILA_CONF DEFAULT scheduler_driver $MANILA_SCHEDULER_DRIVER
iniset $MANILA_CONF DEFAULT share_name_template ${SHARE_NAME_PREFIX}%s
iniset $MANILA_CONF DEFAULT sql_connection `database_connection_url manila`
iniset $MANILA_CONF DEFAULT api_paste_config $MANILA_API_PASTE_INI
iniset $MANILA_CONF DEFAULT rootwrap_config $MANILA_CONF_DIR/rootwrap.conf
iniset $MANILA_CONF DEFAULT osapi_share_extension manila.api.openstack.share.contrib.standard_extensions
iniset $MANILA_CONF DEFAULT state_path $MANILA_STATE_PATH
iniset $MANILA_CONF DEFAULT nova_admin_password $SERVICE_PASSWORD
iniset $MANILA_CONF DEFAULT cinder_admin_password $SERVICE_PASSWORD
iniset $MANILA_CONF DEFAULT neutron_admin_password $SERVICE_PASSWORD
iniset $MANILA_CONF DEFAULT lock_path $MANILA_LOCK_PATH
add_share_backend $MANILA_BACKEND1_CONFIG_GROUP_NAME $MANILA_SHARE_BACKEND1_NAME
enabled_backends=$MANILA_BACKEND1_CONFIG_GROUP_NAME
if [ "$MANILA_MULTI_BACKEND" = "True" ]; then
add_share_backend $MANILA_BACKEND2_CONFIG_GROUP_NAME $MANILA_SHARE_BACKEND2_NAME
enabled_backends+=,$MANILA_BACKEND2_CONFIG_GROUP_NAME
fi
iniset $MANILA_CONF DEFAULT enabled_share_backends $enabled_backends
if [ ! -f $MANILA_PATH_TO_PRIVATE_KEY ];
then ssh-keygen -N "" -t rsa -f $MANILA_PATH_TO_PRIVATE_KEY;
fi
if is_service_enabled tls-proxy; then
# Set the service port for a proxy to take the original
iniset $MANILA_CONF DEFAULT osapi_share_listen_port $MANILA_SERVICE_PORT_INT
fi
if [ "$SYSLOG" != "False" ]; then
iniset $MANILA_CONF DEFAULT use_syslog True
fi
iniset_rpc_backend manila $MANILA_CONF DEFAULT
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
# Add color to logging output
iniset $MANILA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)d %(color)s%(levelname)s %(name)s [%(request_id)s %(user_id)s %(project_id)s%(color)s] %(instance)s%(color)s%(message)s"
iniset $MANILA_CONF DEFAULT logging_default_format_string "%(asctime)s.%(msecs)d %(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s"
iniset $MANILA_CONF DEFAULT logging_debug_format_suffix "from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d"
iniset $MANILA_CONF DEFAULT logging_exception_prefix "%(color)s%(asctime)s.%(msecs)d TRACE %(name)s %(instance)s"
fi
}
function create_manila_service_flavor {
# Create flavor for Manila's service VM
nova flavor-create $MANILA_SERVICE_VM_FLAVOR_NAME $MANILA_SERVICE_VM_FLAVOR_REF $MANILA_SERVICE_VM_FLAVOR_RAM $MANILA_SERVICE_VM_FLAVOR_DISK $MANILA_SERVICE_VM_FLAVOR_VCPUS
}
function create_manila_service_image {
TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
# Download Manila's image
if is_service_enabled g-reg; then
upload_image $MANILA_SERVICE_IMAGE_URL $TOKEN
fi
}
function create_manila_service_secgroup {
MANILA_SERVICE_SECGROUP="manila-service"
# Create a secgroup
if ! nova secgroup-list | grep -q $MANILA_SERVICE_SECGROUP; then
nova secgroup-create $MANILA_SERVICE_SECGROUP "$MANILA_SERVICE_SECGROUP description"
if ! timeout 30 sh -c "while ! nova secgroup-list | grep -q $MANILA_SERVICE_SECGROUP; do sleep 1; done"; then
echo "Security group not created"
exit 1
fi
fi
# Configure Security Group Rules
if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q icmp; then
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP icmp -1 -1 0.0.0.0/0
fi
if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 22 "; then
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 22 22 0.0.0.0/0
fi
if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 2049 "; then
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 2049 2049 0.0.0.0/0
fi
if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " udp .* 2049 "; then
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP udp 2049 2049 0.0.0.0/0
fi
if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " udp .* 445 "; then
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP udp 445 445 0.0.0.0/0
fi
if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 445 "; then
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 445 445 0.0.0.0/0
fi
if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " tcp .* 139 "; then
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 137 139 0.0.0.0/0
fi
if ! nova secgroup-list-rules $MANILA_SERVICE_SECGROUP | grep -q " udp .* 139 "; then
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP udp 137 139 0.0.0.0/0
fi
# List secgroup rules
nova secgroup-list-rules $MANILA_SERVICE_SECGROUP
}
# create_manila_accounts - Set up common required manila accounts
# Tenant User Roles
# ------------------------------------------------------------------
# service manila admin # if enabled
# Migrated from keystone_data.sh
function create_manila_accounts {
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
# Manila
if [[ "$ENABLED_SERVICES" =~ "m-api" ]]; then
MANILA_USER=$(keystone user-create \
--name=manila \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=manila@example.com \
| grep " id " | get_field 2)
keystone user-role-add \
--tenant_id $SERVICE_TENANT \
--user_id $MANILA_USER \
--role_id $ADMIN_ROLE
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
MANILA_SERVICE=$(keystone service-create \
--name=manila \
--type=share \
--description="Manila Shared Filesystem Service" \
| grep " id " | get_field 2)
keystone endpoint-create \
--region RegionOne \
--service_id $MANILA_SERVICE \
--publicurl "$MANILA_SERVICE_PROTOCOL://$MANILA_SERVICE_HOST:$MANILA_SERVICE_PORT/v1/\$(tenant_id)s" \
--adminurl "$MANILA_SERVICE_PROTOCOL://$MANILA_SERVICE_HOST:$MANILA_SERVICE_PORT/v1/\$(tenant_id)s" \
--internalurl "$MANILA_SERVICE_PROTOCOL://$MANILA_SERVICE_HOST:$MANILA_SERVICE_PORT/v1/\$(tenant_id)s"
fi
fi
}
# init_manila - Initialize database and volume group
function init_manila {
if is_service_enabled $DATABASE_BACKENDS; then
# (re)create manila database
recreate_database manila utf8
$MANILA_BIN_DIR/manila-manage db sync
fi
# Create cache dir
sudo mkdir -p $MANILA_AUTH_CACHE_DIR
sudo chown $STACK_USER $MANILA_AUTH_CACHE_DIR
rm -f $MANILA_AUTH_CACHE_DIR/*
}
# install_manila - Collect source and prepare
function install_manila {
git_clone $MANILA_REPO $MANILA_DIR $MANILA_BRANCH
git_clone $MANILACLIENT_REPO $MANILACLIENT_DIR $MANILACLIENT_BRANCH
}
# start_manila - Start running processes, including screen
function start_manila {
screen_it m-api "cd $MANILA_DIR && $MANILA_BIN_DIR/manila-api --config-file $MANILA_CONF"
screen_it m-shr "cd $MANILA_DIR && $MANILA_BIN_DIR/manila-share --config-file $MANILA_CONF"
screen_it m-sch "cd $MANILA_DIR && $MANILA_BIN_DIR/manila-scheduler --config-file $MANILA_CONF"
# Start proxies if enabled
if is_service_enabled m-api && is_service_enabled tls-proxy; then
start_tls_proxy '*' $MANILA_SERVICE_PORT $MANILA_SERVICE_HOST $MANILA_SERVICE_PORT_INT &
fi
}
# stop_manila - Stop running processes
function stop_manila {
# Kill the manila screen windows
for serv in m-api m-sch m-shr; do
screen -S $SCREEN_NAME -p $serv -X kill
done
}
# Restore xtrace
$XTRACE
View Git Blame Copy Permalink