openstack-ansible/scripts/os-ansible-aio-check.sh
Jesse Pretorius 6c7e170d98 Correctly pipe the sshd check to /dev/null
This patch corrects the pipe of the sshd configuration check to
/dev/null. The script therefore no longer leaves a file called 'null'
behind on the deployment host.

Change-Id: Ib707d7462e5e444dddceff105b219263d0283e0c
Closes-Bug: #1401567
2014-12-11 15:20:11 +00:00

473 lines
13 KiB
Bash
Executable File

#!/usr/bin/env bash
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -e -u -v -x
FROZEN_REPO_URL=${FROZEN_REPO_URL:-"http://mirror.rackspace.com/rackspaceprivatecloud"}
MAX_RETRIES=${MAX_RETRIES:-5}
apt-get update
apt-get install -y python-dev \
python2.7 \
build-essential \
curl \
git-core \
ipython \
tmux \
vim \
vlan \
bridge-utils \
lvm2 \
linux-image-extra-$(uname -r)
# Flush all the iptables rules set by openstack-infra
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Ensure that sshd permits root login, or ansible won't be able to connect
if grep "^PermitRootLogin" /etc/ssh/sshd_config > /dev/null; then
sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
else
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
fi
function key_create(){
ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ''
}
# Used to retry process that may fail due to random issues.
function successerator() {
set +e
RETRY=0
# Set the initial return value to failure
false
while [ $? -ne 0 -a ${RETRY} -lt ${MAX_RETRIES} ];do
RETRY=$((${RETRY}+1))
$@
done
if [ ${RETRY} -eq ${MAX_RETRIES} ];then
echo "Hit maximum number of retries, giving up..."
exit 1
fi
set -e
}
function install_bits() {
successerator ansible-playbook -e @/etc/rpc_deploy/user_variables.yml \
playbooks/$@
}
if ! modprobe vxlan; then
MINIMUM_KERNEL_VERSION=$(awk '/required_kernel/ {print $2}' rpc_deployment/inventory/group_vars/all.yml)
echo "A minimum kernel version of ${MINIMUM_KERNEL_VERSION} is required for vxlan support."
echo "This build will not work without it."
exit 1
fi
if [ ! -d "/opt" ];then
mkdir /opt
fi
if [ ! "$(swapon -s | grep -v Filename)" ];then
cat > /opt/swap.sh <<EOF
#!/usr/bin/env bash
if [ ! "\$(swapon -s | grep -v Filename)" ];then
SWAPFILE="/tmp/SwapFile"
if [ -f "\${SWAPFILE}" ];then
swapoff -a
rm \${SWAPFILE}
fi
dd if=/dev/zero of=\${SWAPFILE} bs=1M count=512
mkswap \${SWAPFILE}
swapon \${SWAPFILE}
fi
EOF
chmod +x /opt/swap.sh
/opt/swap.sh
fi
if [ -f "/opt/swap.sh" ];then
if [ ! -f "/etc/rc.local" ];then
touch /etc/rc.local
fi
if [ "$(grep 'exit 0' /etc/rc.local)" ];then
sed -i '/exit\ 0/ s/^/#\ /' /etc/rc.local
fi
if [ ! "$(grep 'swap.sh' /etc/rc.local)" ];then
echo "/opt/swap.sh" | tee -a /etc/rc.local
fi
chmod +x /etc/rc.local
fi
# Make the system key used for bootstrapping self
if [ ! -d /root/.ssh ];then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
pushd /root/.ssh/
if [ ! -f "id_rsa" ];then
key_create
fi
if [ ! -f "id_rsa.pub" ];then
rm "id_rsa"
key_create
fi
KEYENTRY=$(cat id_rsa.pub)
if [ ! "$(grep \"$KEYENTRY\" authorized_keys)" ];then
echo "$KEYENTRY" | tee -a authorized_keys
fi
popd
CINDER="/opt/cinder.img"
if [ ! "$(losetup -a | grep /opt/cinder.img)" ];then
LOOP=$(losetup -f)
dd if=/dev/zero of=${CINDER} bs=1 count=0 seek=1000G
losetup ${LOOP} ${CINDER}
pvcreate ${LOOP}
vgcreate cinder-volumes ${LOOP}
pvscan
fi
# Copy the gate's repo to the expected location
mkdir -p /opt/ansible-lxc-rpc
cp -R * /opt/ansible-lxc-rpc
pushd /opt/ansible-lxc-rpc
# Copy the base etc files
if [ -d "/etc/rpc_deploy" ];then
rm -rf "/etc/rpc_deploy"
fi
cp -R /opt/ansible-lxc-rpc/etc/rpc_deploy /etc/
# Install pip
curl ${FROZEN_REPO_URL}/downloads/get-pip.py | python
# Install requirements
pip install -r /opt/ansible-lxc-rpc/requirements.txt
# Generate the passwords
/opt/ansible-lxc-rpc/scripts/pw-token-gen.py --file /etc/rpc_deploy/user_variables.yml
popd
cat > /etc/rpc_deploy/user_variables.yml <<EOF
---
rpc_repo_url: ${FROZEN_REPO_URL}
required_kernel: 3.13.0-30-generic
## Rackspace Cloud Details
rackspace_cloud_auth_url: https://identity.api.rackspacecloud.com/v2.0
rackspace_cloud_tenant_id: SomeTenantID
rackspace_cloud_username: SomeUserName
rackspace_cloud_password: SomeUsersPassword
rackspace_cloud_api_key: SomeAPIKey
## Rabbit Options
rabbitmq_password: secrete
rabbitmq_cookie_token: secrete
## Tokens
memcached_encryption_key: secrete
## Container default user
container_openstack_password: secrete
## Galera Options
mysql_root_password: secrete
mysql_debian_sys_maint_password: secrete
## Keystone Options
keystone_container_mysql_password: secrete
keystone_auth_admin_token: secrete
keystone_auth_admin_password: secrete
keystone_service_password: secrete
## Cinder Options
cinder_container_mysql_password: secrete
cinder_service_password: secrete
cinder_v2_service_password: secrete
# Set default_store to "swift" if using Cloud Files or swift backend
glance_default_store: file
glance_container_mysql_password: secrete
glance_service_password: secrete
glance_swift_store_auth_address: "{{ rackspace_cloud_auth_url }}"
glance_swift_store_user: "{{ rackspace_cloud_tenant_id }}:{{ rackspace_cloud_username }}"
glance_swift_store_key: "{{ rackspace_cloud_password }}"
glance_swift_store_container: SomeContainerName
glance_swift_store_region: SomeRegion
glance_swift_store_endpoint_type: internalURL
glance_notification_driver: noop
## Heat Options
heat_stack_domain_admin_password: secrete
heat_container_mysql_password: secrete
### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ##
heat_auth_encryption_key: 12345678901234567890123456789012
### THE HEAT AUTH KEY NEEDS TO BE 32 CHARACTERS LONG ##
heat_service_password: secrete
heat_cfn_service_password: secrete
## Horizon Options
horizon_container_mysql_password: secrete
## MaaS Options
maas_auth_method: password
maas_auth_url: "{{ rackspace_cloud_auth_url }}"
maas_username: "{{ rackspace_cloud_username }}"
maas_api_key: "{{ rackspace_cloud_api_key }}"
maas_auth_token: some_token
maas_api_url: https://monitoring.api.rackspacecloud.com/v1.0/{{ rackspace_cloud_tenant_id }}
maas_notification_plan: npManaged
# By default we will create an agent token for each entity, however if you'd
# prefer to use the same agent token for all entities then specify it here
#maas_agent_token: some_token
maas_target_alias: public0_v4
maas_scheme: https
# Override scheme for specific service remote monitor by specifying here: E.g.
# maas_nova_scheme: http
maas_keystone_user: maas
maas_keystone_password: secrete
# Check this number of times before registering state change
maas_alarm_local_consecutive_count: 3
maas_alarm_remote_consecutive_count: 1
# Timeout must be less than period
maas_check_period: 60
maas_check_timeout: 30
maas_monitoring_zones:
- mzdfw
- mziad
- mzord
- mzlon
- mzhkg
## Neutron Options
neutron_container_mysql_password: secrete
neutron_service_password: secrete
## Nova Options
nova_virt_type: qemu
nova_container_mysql_password: secrete
nova_metadata_proxy_secret: secrete
nova_ec2_service_password: secrete
nova_service_password: secrete
nova_v3_service_password: secrete
nova_s3_service_password: secrete
## RPC Support
rpc_support_holland_password: secrete
## Kibana Options
kibana_password: secrete
EOF
cat > /etc/rpc_deploy/rpc_user_config.yml <<EOF
---
# This is the md5 of the environment file
environment_version: $(md5sum /etc/rpc_deploy/rpc_environment.yml | awk '{print $1}')
# User defined CIDR used for containers
cidr_networks:
# Cidr used in the Management network
container: 172.29.236.0/22
# Cidr used in the Service network
snet: 172.29.248.0/22
# Cidr used in the VM network
tunnel: 172.29.240.0/22
# Cidr used in the Storage network
storage: 172.29.244.0/22
used_ips:
- 172.29.236.1,172.29.236.50
- 172.29.244.1,172.29.244.50
global_overrides:
rpc_repo_url: ${FROZEN_REPO_URL}
# Internal Management vip address
internal_lb_vip_address: 172.29.236.100
# External DMZ VIP address
external_lb_vip_address: 10.200.200.146
# Bridged interface to use with tunnel type networks
tunnel_bridge: "br-vxlan"
# Bridged interface to build containers with
management_bridge: "br-mgmt"
# Define your Add on container networks.
provider_networks:
- network:
group_binds:
- all_containers
- hosts
type: "raw"
container_bridge: "br-mgmt"
container_interface: "eth1"
ip_from_q: "container"
- network:
group_binds:
- glance_api
- cinder_api
- cinder_volume
- nova_compute
type: "raw"
container_bridge: "br-storage"
container_interface: "eth2"
ip_from_q: "storage"
- network:
group_binds:
- glance_api
- nova_compute
- neutron_linuxbridge_agent
type: "raw"
container_bridge: "br-snet"
container_interface: "eth3"
ip_from_q: "snet"
- network:
group_binds:
- neutron_linuxbridge_agent
container_bridge: "br-vxlan"
container_interface: "eth10"
ip_from_q: "tunnel"
type: "vxlan"
range: "1:1000"
net_name: "vxlan"
- network:
group_binds:
- neutron_linuxbridge_agent
container_bridge: "br-vlan"
container_interface: "eth11"
type: "flat"
net_name: "vlan"
- network:
group_binds:
- neutron_linuxbridge_agent
container_bridge: "br-vlan"
container_interface: "eth11"
type: "vlan"
range: "1:1"
net_name: "vlan"
# Name of load balancer
lb_name: lb_name_in_core
# User defined Infrastructure Hosts, this should be a required group
infra_hosts:
aio1:
ip: 172.29.236.100
# User defined Compute Hosts, this should be a required group
compute_hosts:
aio1:
ip: 172.29.236.100
# User defined Storage Hosts, this should be a required group
storage_hosts:
aio1:
ip: 172.29.236.100
container_vars:
cinder_backends:
limit_container_types: cinder_volume
lvm:
volume_group: cinder-volumes
volume_driver: cinder.volume.drivers.lvm.LVMISCSIDriver
volume_backend_name: LVM_iSCSI
# User defined Logging Hosts, this should be a required group
log_hosts:
aio1:
ip: 172.29.236.100
# User defined Networking Hosts, this should be a required group
network_hosts:
aio1:
ip: 172.29.236.100
haproxy_hosts:
aio1:
ip: 172.29.236.100
EOF
cat > /etc/network/interfaces.d/aio-bridges.cfg <<EOF
## Required network bridges; br-vlan, br-vxlan, br-mgmt.
auto br-mgmt
iface br-mgmt inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
# Notice the bridge port is the vlan tagged interface
bridge_ports none
address 172.29.236.100
netmask 255.255.252.0
auto br-vxlan
iface br-vxlan inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports none
address 172.29.240.100
netmask 255.255.252.0
auto br-vlan
iface br-vlan inet manual
bridge_stp off
bridge_waitport 0
bridge_fd 0
# Notice this bridge port is an Untagged host interface
bridge_ports none
auto br-storage
iface br-storage inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports none
address 172.29.244.100
netmask 255.255.252.0
auto br-snet
iface br-snet inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports none
# Notice there is NO physical interface in this bridge!
address 172.29.248.100
netmask 255.255.252.0
EOF
# Ensure the network source is in place
if [ ! "$(grep -Rni '^source\ /etc/network/interfaces.d/\*.cfg' /etc/network/interfaces)" ]; then
echo "source /etc/network/interfaces.d/*.cfg" | tee -a /etc/network/interfaces
fi
# Bring up the new interfaces
for i in br-snet br-storage br-vlan br-vxlan br-mgmt; do
/sbin/ifup $i || true
done
# Export the home directory just in case it's not set
export HOME="/root"
pushd /opt/ansible-lxc-rpc/rpc_deployment
# Install all host bits
install_bits setup/host-setup.yml
# Install haproxy for dev purposes only
install_bits infrastructure/haproxy-install.yml
# Install all of the infra bits
install_bits infrastructure/infrastructure-setup.yml
# install all of the Openstack Bits
install_bits openstack/keystone-all.yml
install_bits openstack/glance-all.yml
install_bits openstack/heat-all.yml
install_bits openstack/nova-all.yml
install_bits openstack/neutron-all.yml
install_bits openstack/cinder-all.yml
install_bits openstack/horizon-all.yml
install_bits openstack/utility-all.yml
install_bits openstack/rpc-support-all.yml
# Stop rsyslog container(s)
for i in $(lxc-ls | grep "rsyslog"); do
lxc-stop -k -n $i; lxc-start -d -n $i
done
# Reconfigure Rsyslog
install_bits infrastructure/rsyslog-config.yml
popd