From 9b47e9a4c51d51ccf9f4ad726b42d4d8d2d3218a Mon Sep 17 00:00:00 2001 From: Michael Johnson Date: Fri, 3 Apr 2015 17:25:23 +0000 Subject: [PATCH] Updating the disk image builder code Adds haproxy 1.5.x from ubuntu trusty backports Adds a git pull for the amphora agent code Removes check for argparse (internal for python 2.7) Adds sysctl net.ipv4.ip_nonlocal_bind=1 Change-Id: I7aecf727fb5d9be08982c5a32ae3c6e280ebda14 --- diskimage-create/diskimage-create.sh | 13 +++-- elements/amphora-agent/README.rst | 3 ++ elements/amphora-agent/element-deps | 1 + .../source-repository-amphora-agent | 2 + elements/amphora-agent/svc-map | 2 + elements/haproxy-octavia-ubuntu/README.rst | 3 ++ elements/haproxy-octavia-ubuntu/element-deps | 3 ++ .../install.d/76-haproxy | 6 +++ .../configure.d/20-haproxy-selinux | 9 ++++ .../configure.d/20-haproxy-tune-kernel | 47 +++++++++++++++++++ .../package-installs.json | 3 ++ .../pre-install.d/01-backports | 7 +++ elements/haproxy-octavia-ubuntu/svc-map | 2 + .../install.d/package-installs-haproxy | 1 - .../configure.d/20-haproxy-tune-kernel | 1 + .../haproxy-octavia/package-installs.json | 3 ++ 16 files changed, 102 insertions(+), 4 deletions(-) create mode 100644 elements/amphora-agent/README.rst create mode 100644 elements/amphora-agent/element-deps create mode 100644 elements/amphora-agent/source-repository-amphora-agent create mode 100644 elements/amphora-agent/svc-map create mode 100644 elements/haproxy-octavia-ubuntu/README.rst create mode 100644 elements/haproxy-octavia-ubuntu/element-deps create mode 100755 elements/haproxy-octavia-ubuntu/install.d/76-haproxy create mode 100755 elements/haproxy-octavia-ubuntu/os-refresh-config/configure.d/20-haproxy-selinux create mode 100755 elements/haproxy-octavia-ubuntu/os-refresh-config/configure.d/20-haproxy-tune-kernel create mode 100644 elements/haproxy-octavia-ubuntu/package-installs.json create mode 100755 elements/haproxy-octavia-ubuntu/pre-install.d/01-backports create mode 100644 elements/haproxy-octavia-ubuntu/svc-map delete mode 100644 elements/haproxy-octavia/install.d/package-installs-haproxy create mode 100644 elements/haproxy-octavia/package-installs.json diff --git a/diskimage-create/diskimage-create.sh b/diskimage-create/diskimage-create.sh index 84646dbbb3..999a7e991e 100755 --- a/diskimage-create/diskimage-create.sh +++ b/diskimage-create/diskimage-create.sh @@ -261,7 +261,11 @@ else fi fi -PKG_LIST="Babel argparse dib-utils PyYAML" +# "pip freeze" does not show argparse, even if it is explictly installed, +# because it is part of of the standard python library in 2.7. +# See https://github.com/pypa/pip/issues/1570 + +PKG_LIST="Babel dib-utils PyYAML" for pkg in $PKG_LIST; do if ! pip freeze 2>/dev/null| grep -q "^$pkg==" &>/dev/null; then echo "Required python package " $pkg " is not installed. Exiting." @@ -295,18 +299,21 @@ popd > /dev/null if [ "$AMP_BASEOS" = "ubuntu" ]; then AMP_element_sequence=${AMP_element_sequence:-"base vm ubuntu"} + AMP_element_sequence="$AMP_element_sequence $AMP_BACKEND-ubuntu" if [ "$BASE_OS_MIRROR" ]; then AMP_element_sequence="$AMP_element_sequence apt-mirror" export UBUNTU_MIRROR="$BASE_OS_MIRROR" fi elif [ "$AMP_BASEOS" = "fedora" ]; then AMP_element_sequence=${AMP_element_sequence:-"base vm fedora"} + AMP_element_sequence="$AMP_element_sequence $AMP_BACKEND" if [ "$BASE_OS_MIRROR" ]; then AMP_element_sequence="$AMP_element_sequence fedora-mirror" export FEDORA_MIRROR="$BASE_OS_MIRROR" fi elif [ "$AMP_BASEOS" = "centos" ]; then AMP_element_sequence=${AMP_element_sequence:-"base vm centos7"} + AMP_element_sequence="$AMP_element_sequence $AMP_BACKEND" if [ "$BASE_OS_MIRROR" ]; then AMP_element_sequence="$AMP_element_sequence centos-mirror" export CENTOS_MIRROR="$BASE_OS_MIRROR" @@ -318,8 +325,8 @@ if [ "$AMP_ROOTPW" ]; then export DIB_PASSWORD=$AMP_ROOTPW fi -# Add the Octavia Amphora backend element -AMP_element_sequence="$AMP_element_sequence $AMP_BACKEND" +# Add the Octavia Amphora agent element +AMP_element_sequence="$AMP_element_sequence amphora-agent" # Allow full elements override if [ "$DIB_ELEMENTS" ]; then diff --git a/elements/amphora-agent/README.rst b/elements/amphora-agent/README.rst new file mode 100644 index 0000000000..2b6ca5f60d --- /dev/null +++ b/elements/amphora-agent/README.rst @@ -0,0 +1,3 @@ +Element to install an Octavia Amphora agent. + + diff --git a/elements/amphora-agent/element-deps b/elements/amphora-agent/element-deps new file mode 100644 index 0000000000..715c11e2f5 --- /dev/null +++ b/elements/amphora-agent/element-deps @@ -0,0 +1 @@ +source-repositories diff --git a/elements/amphora-agent/source-repository-amphora-agent b/elements/amphora-agent/source-repository-amphora-agent new file mode 100644 index 0000000000..f32d8c16c7 --- /dev/null +++ b/elements/amphora-agent/source-repository-amphora-agent @@ -0,0 +1,2 @@ +# This is temporary until we have a pip package +amphora-agent git /opt/amphora-agent https://review.openstack.org/stackforge/octavia refs/changes/34/160034/16 diff --git a/elements/amphora-agent/svc-map b/elements/amphora-agent/svc-map new file mode 100644 index 0000000000..b850c874db --- /dev/null +++ b/elements/amphora-agent/svc-map @@ -0,0 +1,2 @@ +amphora-agent: + default: amphora-agent diff --git a/elements/haproxy-octavia-ubuntu/README.rst b/elements/haproxy-octavia-ubuntu/README.rst new file mode 100644 index 0000000000..c986ab7727 --- /dev/null +++ b/elements/haproxy-octavia-ubuntu/README.rst @@ -0,0 +1,3 @@ +Element to install an Octavia Amphora with an haproxy backend. + + diff --git a/elements/haproxy-octavia-ubuntu/element-deps b/elements/haproxy-octavia-ubuntu/element-deps new file mode 100644 index 0000000000..80570ab87a --- /dev/null +++ b/elements/haproxy-octavia-ubuntu/element-deps @@ -0,0 +1,3 @@ +os-svc-install +package-installs +sysctl diff --git a/elements/haproxy-octavia-ubuntu/install.d/76-haproxy b/elements/haproxy-octavia-ubuntu/install.d/76-haproxy new file mode 100755 index 0000000000..36be2ced09 --- /dev/null +++ b/elements/haproxy-octavia-ubuntu/install.d/76-haproxy @@ -0,0 +1,6 @@ +#!/bin/bash + +set -eux +set -o pipefail + +[ -d /var/lib/haproxy ] || install -d -D -m 0755 -o root -g root /var/lib/haproxy diff --git a/elements/haproxy-octavia-ubuntu/os-refresh-config/configure.d/20-haproxy-selinux b/elements/haproxy-octavia-ubuntu/os-refresh-config/configure.d/20-haproxy-selinux new file mode 100755 index 0000000000..f5d7acfd9e --- /dev/null +++ b/elements/haproxy-octavia-ubuntu/os-refresh-config/configure.d/20-haproxy-selinux @@ -0,0 +1,9 @@ +#!/bin/bash +set -eux +set -o pipefail + +# Allow haproxy to proxy any port if SELinux is in enforcing mode +# https://bugs.launchpad.net/tripleo/+bug/1339938 +if [[ -x /usr/sbin/semanage ]]; then + setsebool -P haproxy_connect_any 1 +fi diff --git a/elements/haproxy-octavia-ubuntu/os-refresh-config/configure.d/20-haproxy-tune-kernel b/elements/haproxy-octavia-ubuntu/os-refresh-config/configure.d/20-haproxy-tune-kernel new file mode 100755 index 0000000000..9f7572f34b --- /dev/null +++ b/elements/haproxy-octavia-ubuntu/os-refresh-config/configure.d/20-haproxy-tune-kernel @@ -0,0 +1,47 @@ +#!/bin/bash + +set -eu +set -o pipefail + +sysctl-set-value net.ipv4.tcp_max_tw_buckets 5800000 +sysctl-set-value net.ipv4.tcp_max_orphans 5800000 +sysctl-set-value net.ipv4.tcp_max_syn_backlog 40960 +sysctl-set-value net.ipv4.tcp_keepalive_time 300 +sysctl-set-value net.ipv4.tcp_tw_recycle 0 +sysctl-set-value net.ipv4.tcp_tw_reuse 1 +sysctl-set-value net.ipv4.tcp_timestamps 0 +sysctl-set-value net.ipv4.tcp_ecn 0 +sysctl-set-value net.ipv4.tcp_sack 0 +sysctl-set-value net.ipv4.tcp_dsack 0 +sysctl-set-value net.ipv4.netfilter.ip_conntrack_max 1524288 +sysctl-set-value net.core.somaxconn 40960 +sysctl-set-value net.ipv4.tcp_synack_retries 3 +sysctl-set-value net.core.netdev_max_backlog 40960 +sysctl-set-value fs.file-max 1048576 +sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait 5 +sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait 5 +sysctl-set-value net.ipv4.tcp_fin_timeout 5 +sysctl-set-value net.ipv4.ip_nonlocal_bind 1 + +# Currently the tripleo-image-elements sysctl element can't handle multi-value +# settings, so I will set them manually here +NAME=net.ipv4.tcp_rmem +VALUE="16384 65536 524288" +FILENAME="/etc/sysctl.d/${NAME}.conf" +cat > $FILENAME < $FILENAME < $FILENAME < /etc/apt/sources.list.d/backports.list diff --git a/elements/haproxy-octavia-ubuntu/svc-map b/elements/haproxy-octavia-ubuntu/svc-map new file mode 100644 index 0000000000..bbca347e25 --- /dev/null +++ b/elements/haproxy-octavia-ubuntu/svc-map @@ -0,0 +1,2 @@ +haproxy: + default: haproxy diff --git a/elements/haproxy-octavia/install.d/package-installs-haproxy b/elements/haproxy-octavia/install.d/package-installs-haproxy deleted file mode 100644 index 6968bada42..0000000000 --- a/elements/haproxy-octavia/install.d/package-installs-haproxy +++ /dev/null @@ -1 +0,0 @@ -haproxy diff --git a/elements/haproxy-octavia/os-refresh-config/configure.d/20-haproxy-tune-kernel b/elements/haproxy-octavia/os-refresh-config/configure.d/20-haproxy-tune-kernel index 5e7c1c396a..9f7572f34b 100755 --- a/elements/haproxy-octavia/os-refresh-config/configure.d/20-haproxy-tune-kernel +++ b/elements/haproxy-octavia/os-refresh-config/configure.d/20-haproxy-tune-kernel @@ -21,6 +21,7 @@ sysctl-set-value fs.file-max 1048576 sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait 5 sysctl-set-value net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait 5 sysctl-set-value net.ipv4.tcp_fin_timeout 5 +sysctl-set-value net.ipv4.ip_nonlocal_bind 1 # Currently the tripleo-image-elements sysctl element can't handle multi-value # settings, so I will set them manually here diff --git a/elements/haproxy-octavia/package-installs.json b/elements/haproxy-octavia/package-installs.json new file mode 100644 index 0000000000..6270153dda --- /dev/null +++ b/elements/haproxy-octavia/package-installs.json @@ -0,0 +1,3 @@ +{ + "haproxy": null +}