openstack/training-labs
Code Issues Proposed changes

Client-side changes from Juno to Kilo

Browse Source 
This patch makes all the necessary changes to port the labs scripts
from Juno to Kilo.

Change-Id: I1ff50dcee2181a209e336cfc70c1164385292568
Co-Authored-By: Pranav Salunke <dguitarbite@gmail.com>
Co-Authored-By: Roger Luethi <rl@patchworkscience.org>
This commit is contained in:
sayalilunkad
2015-10-18 20:07:28 +02:00
committed by Roger Luethi
parent a263b9eb46
commit 3f09cf9c3b
27 changed files with 732 additions and 386 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
labs/osbash/config/admin-openstackrc.sh
View File

@@ -9,7 +9,18 @@ CONFIG_DIR=$(dirname "$BASH_SOURCE")
source "$CONFIG_DIR/openstack"
source "$CONFIG_DIR/credentials"
#------------------------------------------------------------------------------
# OpenStack client environment scripts
# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-client-environment-scripts.html
#------------------------------------------------------------------------------
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=$ADMIN_PROJECT_NAME
export OS_TENANT_NAME=$ADMIN_PROJECT_NAME
export OS_USERNAME=$ADMIN_USER_NAME
export OS_PASSWORD=$ADMIN_PASSWORD
export OS_TENANT_NAME=$ADMIN_TENANT_NAME
export OS_AUTH_URL="http://controller-mgmt:35357/v2.0"
export OS_AUTH_URL=http://controller-mgmt:35357/v3
export OS_IMAGE_API_VERSION=2
export OS_VOLUME_API_VERSION=2
export OS_REGION_NAME=$REGION

6
labs/osbash/config/config.controller
View File

@@ -12,9 +12,9 @@ NET_IF_0=nat
NET_IF_1=MGMT_NET
NET_IF_2=API_NET
# Controller node is running many services. It needs 1 GB RAM for better
# performance.
VM_MEM=1024
# Controller node is running many services. For Kilo, 2GB RAM
# is required for expected performance.
VM_MEM=2048
# Override number of virtual CPUs (default is 1)
# To edit uncomment the line below

22
labs/osbash/config/credentials
View File

@@ -12,9 +12,9 @@
# Used for MySQL or whatever other DBMS is configured
: ${RABBIT_PASSWORD:=rabbitPass}
# Tenant and role for admin accounts
# Project and role for admin accounts
: ${ADMIN_ROLE_NAME:=admin}
: ${ADMIN_TENANT_NAME:=admin}
: ${ADMIN_PROJECT_NAME:=admin}
# Member role for generic use
: ${MEMBER_ROLE_NAME:=_member_}
@@ -23,18 +23,21 @@
: ${ADMIN_USER_NAME:=admin}
: ${ADMIN_PASSWORD:=admin_pass}
# Tenant name, user name and password for normal (demo) user
: ${DEMO_TENANT_NAME:=demo}
# Project name, user name and password for normal (demo) user
: ${DEMO_PROJECT_NAME:=demo}
: ${DEMO_USER_NAME:=demo}
: ${DEMO_PASSWORD:=demo_pass}
# User role
: ${USER_ROLE_NAME:=user}
# OpenStack Services needs to be affiliated with a tenant to provide
# authentication to other OpenStack services. We create a "service" tenant for
# the OpenStack services. All the OpenStack services will be registered via
# service tenant.
# Tenant and role for service accounts.
: ${SERVICE_TENANT_NAME:=service}
# Project and role for service accounts.
: ${SERVICE_PROJECT_NAME:=service}
# Domain to use for email addresses (e.g. admin@example.com)
: ${MAIL_DOMAIN:=example.com}
@@ -42,7 +45,10 @@
# Metadata secret used by neutron and nova.
: ${METADATA_SECRET:=osbash_training}
# Metering secret used by ceilometer.
: ${METERING_SECRET:=osbash_training}
# Heat domain password
: ${HEAT_DOMAIN_PASS:=heat_dom_pw}
# Telemetry secret used by ceilometer.
: ${TELEMETRY_SECRET:=osbash_training}
# vim: set ai ts=4 sw=4 et ft=sh:

13
labs/osbash/config/demo-openstackrc.sh
View File

@@ -9,7 +9,16 @@ CONFIG_DIR=$(dirname "$BASH_SOURCE")
source "$CONFIG_DIR/openstack"
source "$CONFIG_DIR/credentials"
#------------------------------------------------------------------------------
# OpenStack client environment scripts
# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-client-environment-scripts.html
#------------------------------------------------------------------------------
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=$DEMO_PROJECT_NAME
export OS_TENANT_NAME=$DEMO_PROJECT_NAME
export OS_USERNAME=$DEMO_USER_NAME
export OS_PASSWORD=$DEMO_PASSWORD
export OS_TENANT_NAME=$DEMO_TENANT_NAME
export OS_AUTH_URL="http://controller-mgmt:5000/v2.0"
export OS_AUTH_URL=http://controller-mgmt:5000/v3
export OS_REGION_NAME=$REGION

4
labs/osbash/config/openstack
View File

@@ -1,8 +1,8 @@
# This file contains OpenStack configuration data. It is used by both
# host (osbash, Windows batch) and VM guest scripts.
# one of: icehouse, juno
: ${OPENSTACK_RELEASE:=juno}
# one of: icehouse, juno, kilo
: ${OPENSTACK_RELEASE:=kilo}
# CirrOS image URL
CIRROS_URL="http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img"

11
labs/osbash/config/scripts.ubuntu_cluster
View File

@@ -32,8 +32,10 @@ cmd queue config_external_network.sh
cmd queue config_tenant_network.sh
cmd snapshot_cycle -n controller openstack_networks_configured
cmd queue ubuntu/setup_lbaas_controller.sh
cmd snapshot_cycle -n controller lbaas-controller_installed
# FIXME Our LBaaS support for kilo is broken; the configuration edits
# in setup_lbaas_controller.sh break neutron
#cmd queue ubuntu/setup_lbaas_controller.sh
#cmd snapshot_cycle -n controller lbaas-controller_installed
# Telemetry service is disabled for the time being as it overloads
# the cluster. For enabling the same, please uncomment the following.
@@ -87,8 +89,9 @@ cmd snapshot_cycle -n network network_node_init
cmd queue ubuntu/setup_neutron_network.sh
cmd snapshot_cycle -n network neutron_configured
cmd queue ubuntu/setup_lbaas_network.sh
cmd snapshot_cycle -n network lbaas-network_installed
# FIXME Our LBaaS support for kilo is broken
#cmd queue ubuntu/setup_lbaas_network.sh
#cmd snapshot_cycle -n network lbaas-network_installed
cmd queue ubuntu/setup_heat_network.sh
cmd snapshot_cycle -n network heat_network_installed

29
labs/osbash/lib/functions.guest
View File

@@ -145,9 +145,11 @@ function as_root_exec_script {
}
#-------------------------------------------------------------------------------
# Root wrapper around devstack function for manipulating config files
# Root wrapper around devstack functions for manipulating config files
#-------------------------------------------------------------------------------
# Set an option in an INI file
# iniset config-file section option value
function iniset_sudo {
local file=$1
shift
@@ -158,6 +160,29 @@ function iniset_sudo {
cat "$tmpfile" | sudo tee "$file" >/dev/null
}
# Comment an option in an INI file
# inicomment config-file section option
function inicomment_sudo {
local file=$1
shift
local tmpfile=$(mktemp)
# Create a temporary copy, work on it, and copy it back into place
sudo cp -fv "$file" "$tmpfile"
inicomment "$tmpfile" "$@"
cat "$tmpfile" | sudo tee "$file" >/dev/null
}
# Determinate is the given option present in the INI file
# ini_has_option config-file section option
function ini_has_option_sudo {
local file=$1
shift
local tmpfile=$(mktemp)
# Create a temporary copy, work on it
sudo cp -fv "$file" "$tmpfile"
ini_has_option "$tmpfile" "$@"
}
#-------------------------------------------------------------------------------
# Functions for manipulating config files without section
#-------------------------------------------------------------------------------
@@ -241,7 +266,7 @@ function setup_database {
# Wait for keystone to come up
function wait_for_keystone {
echo -n "Waiting for keystone to come up."
until keystone user-list >/dev/null 2>&1; do
until openstack user list >/dev/null 2>&1; do
echo -n .
sleep 1
done

10
labs/osbash/scripts/config_external_network.sh
View File

@@ -10,7 +10,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Create the external network and a subnet on it
# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron_initial-external-network.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron_initial-external-network.html
#------------------------------------------------------------------------------
echo "Sourcing the admin credentials."
@@ -23,14 +23,14 @@ done
echo "Creating the external network."
neutron net-create ext-net \
--router:external True \
--router:external \
--provider:physical_network external \
--provider:network_type flat
echo "Creating a subnet on the external network."
neutron subnet-create ext-net \
neutron subnet-create ext-net \
"$EXTERNAL_NETWORK_CIDR" \
--name ext-subnet \
--allocation-pool start="$FLOATING_IP_START,end=$FLOATING_IP_END" \
--disable-dhcp \
--gateway "$EXTERNAL_NETWORK_GATEWAY" \
"$EXTERNAL_NETWORK_CIDR"
--gateway "$EXTERNAL_NETWORK_GATEWAY"

6
labs/osbash/scripts/config_tenant_network.sh
View File

@@ -10,7 +10,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Create tenant network
# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron_initial-tenant-network.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron_initial-tenant-network.html
#------------------------------------------------------------------------------
echo "Sourcing the demo credentials."
@@ -26,9 +26,9 @@ neutron net-create demo-net
echo "Creating a subnet on the tenant network."
neutron subnet-create demo-net \
"$TENANT_NETWORK_CIDR" \
--name demo-subnet \
--gateway "$TENANT_NETWORK_GATEWAY" \
"$TENANT_NETWORK_CIDR"
--gateway "$TENANT_NETWORK_GATEWAY"
echo "Creating a router on the tenant network."
neutron router-create demo-router

28
labs/osbash/scripts/ubuntu/apt_install_mysql.sh
View File

@@ -21,29 +21,41 @@ source "$CONFIG_DIR/openstack"
DB_IP=$(get_ip_from_net_and_fourth "MGMT_NET" "$FOURTH_OCTET")
echo "Will bind MySQL server to $DB_IP."
#------------------------------------------------------------------------------
# Install and configure the database server
# http://docs.openstack.org/kilo/install-guide/install/apt/content/ch_basic_environment.html
#------------------------------------------------------------------------------
echo "Sourced MySQL password from credentials: $DATABASE_PASSWORD"
sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password password '$DATABASE_PASSWORD''
sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password '$DATABASE_PASSWORD''
echo "Installing MySQL."
sudo apt-get install -y mysql-server python-mysqldb
sudo apt-get install -y mariadb-server python-mysqldb
echo "Creating /etc/mysql/conf.d/mysqld_openstack.cnf."
echo '[mysqld]' | sudo tee -a /etc/mysql/conf.d/mysqld_openstack.cnf
echo "Configuring MySQL to accept requests by other nodes."
conf=/etc/mysql/conf.d/mysqld_openstack.cnf
# Enable access by other nodes via the management network
iniset_sudo /etc/mysql/my.cnf mysqld bind-address "$DB_IP"
iniset_sudo $conf mysqld bind-address "$DB_IP"
# Enable InnoDB
iniset_sudo /etc/mysql/my.cnf mysqld default-storage-engine innodb
iniset_sudo /etc/mysql/my.cnf mysqld innodb_file_per_table 1
iniset_sudo $conf mysqld default-storage-engine innodb
iniset_sudo $conf mysqld innodb_file_per_table 1
# Enable UTF-8 character set and UTF-8 collation by default
iniset_sudo /etc/mysql/my.cnf mysqld collation-server utf8_general_ci
iniset_sudo /etc/mysql/my.cnf mysqld init-connect "'SET NAMES utf8'"
iniset_sudo /etc/mysql/my.cnf mysqld character-set-server utf8
iniset_sudo $conf mysqld collation-server utf8_general_ci
iniset_sudo $conf mysqld init-connect "'SET NAMES utf8'"
iniset_sudo $conf mysqld character-set-server utf8
echo "Restarting MySQL service."
sudo service mysql restart
# Close the file descriptor or the script will hang due to open ssh connection
sudo service mysql restart 2>/dev/null
# TODO(rluethi) do we need mysql_secure_installation?
# XXX --use-default only in MySQL 5.7.4+ (Ubuntu 12.04 LTS: MySQL 5.5)

27
labs/osbash/scripts/ubuntu/apt_pre-download.sh
View File

@@ -39,6 +39,12 @@ function get_cirros {
}
get_cirros
function get_keystone_httpd_files {
wget --directory-prefix "$HOME" -O "keystone.py" "http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo"
}
get_keystone_httpd_files
function apt_download {
sudo apt-get install -y --download-only "$@"
@@ -48,36 +54,41 @@ function apt_download {
# Download packages for all nodes
# MySQL, RabbitMQ
apt_download mysql-server python-mysqldb rabbitmq-server
apt_download mariadb-server python-mysqldb rabbitmq-server
# Other dependencies
apt_download python-argparse
# Keystone
apt_download keystone
apt_download keystone python-openstackclient apache2 \
libapache2-mod-wsgi memcached python-memcache
# Glance
apt_download glance
apt_download glance python-glanceclient
# Nova Controller
apt_download nova-api nova-cert nova-conductor nova-consoleauth \
nova-novncproxy nova-scheduler python-novaclient
# Neutron Controller
apt_download neutron-server neutron-plugin-ml2 neutron-lbaas-agent
apt_download neutron-server neutron-plugin-ml2 neutron-lbaas-agent \
python-neutronclient
# Cinder Controller
apt_download cinder-api cinder-scheduler
apt_download cinder-api cinder-scheduler python-cinderclient
# Horizon
apt_download openstack-dashboard memcached
apt_download openstack-dashboard
# Cinder Volumes
apt_download lvm2 cinder-volume
# Nova Compute
apt_download nova-compute-qemu sysfsutils
apt_download nova-compute-qemu qemu sysfsutils
# Neutron Compute
apt_download neutron-common neutron-plugin-ml2 \
neutron-plugin-openvswitch-agent
neutron-plugin-openvswitch-agent openvswitch-datapath-dkms
# Neutron Network
apt_download neutron-common neutron-plugin-ml2 \

7
labs/osbash/scripts/ubuntu/install_rabbitmq.sh
View File

@@ -15,5 +15,8 @@ indicate_current_auto
echo "Installing RabbitMQ."
sudo apt-get install -y rabbitmq-server
echo "Setting RabbitMQ password to '$RABBIT_PASSWORD'."
sudo rabbitmqctl change_password guest "$RABBIT_PASSWORD"
echo "Adding openstack user to messaging service."
sudo rabbitmqctl add_user openstack "$RABBIT_PASSWORD"
echo "Permit configuration, write and read access for the openstack user."
sudo rabbitmqctl set_permissions openstack ".*" ".*" ".*"

64
labs/osbash/scripts/ubuntu/setup_cinder_controller.sh
View File

@@ -10,7 +10,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Set up Block Storage service controller (cinder controller node)
# http://docs.openstack.org/juno/install-guide/install/apt/content/cinder-install-controller-node.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/cinder-install-controller-node.html
#------------------------------------------------------------------------------
echo "Setting up database for cinder."
@@ -25,40 +25,40 @@ cinder_admin_password=$(service_to_user_password cinder)
wait_for_keystone
echo "Creating cinder user."
keystone user-create \
--name "$cinder_admin_user" \
--pass "$cinder_admin_password"
openstack user create \
--password "$cinder_admin_password" \
"$cinder_admin_user"
echo "Linking cinder user, service tenant and admin role."
keystone user-role-add \
openstack role add \
--user "$cinder_admin_user" \
--tenant "$SERVICE_TENANT_NAME" \
--role "$ADMIN_ROLE_NAME"
--project "$SERVICE_PROJECT_NAME" \
"$ADMIN_ROLE_NAME"
echo "Registering cinder with keystone so that other services can locate it."
keystone service-create \
openstack service create \
--name cinder \
--type volume \
--description "OpenStack Block Storage"
--description "OpenStack Block Storage" \
volume
keystone service-create \
openstack service create \
--name cinderv2 \
--type volumev2 \
--description "OpenStack Block Storage v2"
--description "OpenStack Block Storage v2" \
volumev2
cinder_service_id=$(keystone service-list | awk '/ volume / {print $2}')
keystone endpoint-create \
--service-id "$cinder_service_id" \
openstack endpoint create \
--publicurl 'http://controller-api:8776/v1/%(tenant_id)s' \
--adminurl 'http://controller-mgmt:8776/v1/%(tenant_id)s' \
--internalurl 'http://controller-mgmt:8776/v1/%(tenant_id)s'
--internalurl 'http://controller-mgmt:8776/v1/%(tenant_id)s' \
--region "$REGION" \
volume
cinder_v2_service_id=$(keystone service-list | awk '/ volumev2 / {print $2}')
keystone endpoint-create \
--service-id "$cinder_v2_service_id" \
openstack endpoint create \
--publicurl 'http://controller-api:8776/v2/%(tenant_id)s' \
--adminurl 'http://controller-mgmt:8776/v2/%(tenant_id)s' \
--internalurl 'http://controller-mgmt:8776/v2/%(tenant_id)s'
--internalurl 'http://controller-mgmt:8776/v2/%(tenant_id)s' \
--region "$REGION" \
volumev2
echo "Installing cinder."
sudo apt-get install -y cinder-api cinder-scheduler python-cinderclient \
@@ -85,19 +85,27 @@ iniset_sudo $conf database connection "$database_url"
# Configure [DEFAULT] section to use RabbitMQ message broker.
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf DEFAULT auth_strategy keystone
# Configure [keystone_authtoken] section.
iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$cinder_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$cinder_admin_password"
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken auth_plugin password
iniset_sudo $conf keystone_authtoken project_domain_id default
iniset_sudo $conf keystone_authtoken user_domain_id default
iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken username "$cinder_admin_user"
iniset_sudo $conf keystone_authtoken password "$cinder_admin_password"
iniset_sudo $conf DEFAULT my_ip "$(hostname_to_ip controller-mgmt)"
iniset_sudo $conf oslo_concurrency lock_path /var/lock/cinder
iniset_sudo $conf DEFAULT verbose True
echo "Creating the database tables for cinder."

37
labs/osbash/scripts/ubuntu/setup_cinder_volumes.sh
View File

@@ -12,7 +12,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Set up Block Storage service (cinder).
# http://docs.openstack.org/juno/install-guide/install/apt/content/cinder-install-storage-node.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/cinder-install-storage-node.html
#------------------------------------------------------------------------------
# Get FOURTH_OCTET for this node
@@ -21,6 +21,9 @@ source "$CONFIG_DIR/config.$(hostname)"
MY_MGMT_IP=$(get_ip_from_net_and_fourth "MGMT_NET" "$FOURTH_OCTET")
echo "IP address of this node's interface in management network: $MY_MGMT_IP."
echo "Installing qemu support package for non-raw image types."
sudo apt-get install -y qemu
echo "Installing the Logical Volume Manager (LVM)."
sudo apt-get install -y lvm2
@@ -70,24 +73,37 @@ iniset_sudo $conf database connection "$database_url"
# Configure [DEFAULT] section.
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf DEFAULT auth_strategy keystone
# Configure [keystone_authtoken] section.
cinder_admin_user=$(service_to_user_name cinder)
cinder_admin_password=$(service_to_user_password cinder)
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$cinder_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$cinder_admin_password"
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken auth_plugin password
iniset_sudo $conf keystone_authtoken project_domain_id default
iniset_sudo $conf keystone_authtoken user_domain_id default
iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken username "$cinder_admin_user"
iniset_sudo $conf keystone_authtoken password "$cinder_admin_password"
iniset_sudo $conf DEFAULT my_ip "$MY_MGMT_IP"
iniset_sudo $conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
iniset_sudo $conf lvm volume_group cinder-volumes
iniset_sudo $conf lvm iscsi_protocol iscsi
iniset_sudo $conf lvm iscsi_helper tgtadm
iniset_sudo $conf DEFAULT enabled_backends lvm
iniset_sudo $conf DEFAULT glance_host controller-mgmt
iniset_sudo $conf oslo_concurrency lock_path /var/lock/cinder
iniset_sudo $conf DEFAULT verbose True
echo "Restarting cinder service."
@@ -98,7 +114,7 @@ sudo rm -f /var/lib/cinder/cinder.sqlite
#------------------------------------------------------------------------------
# Verify the Block Storage installation
# http://docs.openstack.org/juno/install-guide/install/apt/content/cinder-verify.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/cinder-verify.html
#------------------------------------------------------------------------------
echo "Verifying Block Storage installation on controller node."
@@ -153,8 +169,9 @@ AUTH="source $CONFIG_DIR/demo-openstackrc.sh"
echo "cinder create --display-name demo-volume1 1"
node_ssh controller-mgmt "$AUTH; cinder create --display-name demo-volume1 1;sleep 20"
echo "check if cinder has the given volume"
echo -n "Waiting for cinder to list the new volume."
until node_ssh controller-mgmt "$AUTH; cinder list | grep demo-volume1" > /dev/null 2>&1; do
echo -n .
sleep 1
done

82
labs/osbash/scripts/ubuntu/setup_glance.sh
View File

@@ -10,7 +10,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Install the Image Service (glance).
# http://docs.openstack.org/juno/install-guide/install/apt/content/glance-install.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/glance-install.html
#------------------------------------------------------------------------------
echo "Setting up database for glance."
@@ -26,28 +26,27 @@ glance_admin_password=$(service_to_user_password glance)
wait_for_keystone
echo "Creating glance user and giving it admin role under service tenant."
keystone user-create \
--name "$glance_admin_user" \
--pass "$glance_admin_password" \
openstack user create \
--password "$glance_admin_password" \
"$glance_admin_user"
keystone user-role-add \
openstack role add \
--project "$SERVICE_PROJECT_NAME" \
--user "$glance_admin_user" \
--tenant "$SERVICE_TENANT_NAME" \
--role "$ADMIN_ROLE_NAME"
"$ADMIN_ROLE_NAME"
echo "Registering glance with keystone so that other services can locate it."
keystone service-create \
openstack service create \
--name glance \
--type image \
--description "OpenStack Image Service"
--description "OpenStack Image Service" \
image
glance_service_id=$(keystone service-list | awk '/ image / {print $2}')
keystone endpoint-create \
--service-id "$glance_service_id" \
openstack endpoint create \
--publicurl "http://controller-api:9292" \
--internalurl "http://controller-mgmt:9292" \
--adminurl "http://controller-mgmt:9292" \
--region "$REGION"
--region "$REGION" \
image
echo "Installing glance."
sudo apt-get install -y glance python-glanceclient
@@ -65,26 +64,56 @@ echo "Database connection: $database_url."
echo "Configuring glance-api.conf."
conf=/etc/glance/glance-api.conf
# Database
iniset_sudo $conf database connection "$database_url"
iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$glance_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$glance_admin_password"
# Keystone_authtoken
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken auth_plugin password
iniset_sudo $conf keystone_authtoken project_domain_id default
iniset_sudo $conf keystone_authtoken user_domain_id default
iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken username "$glance_admin_user"
iniset_sudo $conf keystone_authtoken password "$glance_admin_password"
# Paste_deploy
iniset_sudo $conf paste_deploy flavor "keystone"
# Glance_store
iniset_sudo $conf glance_store default_store file
iniset_sudo $conf glance_store filesystem_store_datadir /var/lib/glance/images/
# Default section
iniset_sudo $conf DEFAULT notification_driver noop
iniset_sudo $conf DEFAULT verbose True
echo "Configuring glance-registry.conf."
conf=/etc/glance/glance-registry.conf
# Database section
iniset_sudo $conf database connection "$database_url"
iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$glance_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$glance_admin_password"
# Keystone authtoken section
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken auth_plugin password
iniset_sudo $conf keystone_authtoken project_domain_id default
iniset_sudo $conf keystone_authtoken user_domain_id default
iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken username "$glance_admin_user"
iniset_sudo $conf keystone_authtoken password "$glance_admin_password"
# Glance store
iniset_sudo $conf glance_store default_store file
iniset_sudo $conf glance_store filesystem_store_datadir /var/lib/glance/images/
# Paste deploy section
iniset_sudo $conf paste_deploy flavor "keystone"
# Default section
iniset_sudo $conf DEFAULT notification_driver noop
iniset_sudo $conf DEFAULT verbose True
echo "Creating the database tables for glance."
@@ -99,7 +128,7 @@ sudo rm -f /var/lib/glance/glance.sqlite
#------------------------------------------------------------------------------
# Verify the Image Service installation
# http://docs.openstack.org/juno/install-guide/install/apt/content/glance-verify.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/glance-verify.html
#------------------------------------------------------------------------------
echo "Waiting for glance to start."
@@ -117,7 +146,8 @@ glance image-create \
--file "$HOME/img/$(basename $CIRROS_URL)" \
--disk-format qcow2 \
--container-format bare \
--is-public True
--visibility public \
--progress
echo "Verifying that the image was successfully added to the service."

87
labs/osbash/scripts/ubuntu/setup_heat_controller.sh
View File

@@ -11,7 +11,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Install the Orchestration Service (heat).
# http://docs.openstack.org/juno/install-guide/install/apt/content/heat-install-controller-node.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/heat-install-controller-node.html
#------------------------------------------------------------------------------
echo "Setting up database for heat."
@@ -27,58 +27,53 @@ heat_admin_password=$(service_to_user_password heat)
wait_for_keystone
echo "Creating heat user and giving it admin role under service tenant."
keystone user-create \
--name "$heat_admin_user" \
--pass "$heat_admin_password" \
openstack user create \
--password "$heat_admin_password" \
"$heat_admin_user"
keystone user-role-add \
openstack role add \
--project "$SERVICE_PROJECT_NAME" \
--user "$heat_admin_user" \
--tenant "$SERVICE_TENANT_NAME" \
--role "$ADMIN_ROLE_NAME"
"$ADMIN_ROLE_NAME"
echo "Creating the heat stack owner role."
keystone role-create --name "heat_stack_owner"
openstack role create "heat_stack_owner"
keystone user-role-add \
openstack role add \
--project "$DEMO_PROJECT_NAME" \
--user "$DEMO_USER_NAME" \
--tenant "$DEMO_TENANT_NAME" \
--role heat_stack_owner
"heat_stack_owner"
echo "Creating the heat stack user role."
keystone role-create --name "heat_stack_user"
openstack role create "heat_stack_user"
echo "Registering heat with keystone so that other services can locate it."
keystone service-create \
echo "Creating the heat and heat-cfn service entities."
openstack service create \
--name heat \
--type orchestration \
--description "Orchestration"
--description "Orchestration" \
orchestration
keystone service-create \
openstack service create \
--name heat-cfn \
--type cloudformation \
--description "Orchestration"
--description "Orchestration" \
cloudformation
heat_service_id=$(keystone service-list | awk '/ orchestration / {print $2}')
keystone endpoint-create \
--service-id "$heat_service_id" \
openstack endpoint create \
--publicurl "http://controller-api:8004/v1/%(tenant_id)s" \
--internalurl "http://controller-mgmt:8004/v1/%(tenant_id)s" \
--adminurl "http://controller-mgmt:8004/v1/%(tenant_id)s" \
--region "$REGION"
--region "$REGION" \
orchestration
heatcfn_service_id=$(keystone service-list | awk '/ cloudformation / {print $2}')
keystone endpoint-create \
--service-id "$heatcfn_service_id" \
openstack endpoint create \
--publicurl "http://controller-api:8000/v1" \
--internalurl "http://controller-mgmt:8000/v1" \
--adminurl "http://controller-mgmt:8000/v1" \
--region "$REGION"
--region "$REGION" \
cloudformation
echo "Installing heat."
sudo apt-get install -y heat-api heat-api-cfn heat-engine \
python-heatclient
sudo apt-get install -y heat-api heat-api-cfn heat-engine python-heatclient
function get_database_url {
local db_user=$(service_to_db_user heat)
@@ -99,19 +94,30 @@ echo "Configuring [DEFAULT] section in /etc/heat/heat.conf."
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_userid openstack
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$heat_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$heat_admin_password"
iniset_sudo $conf ec2authtoken auth_uri "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf DEFAULT heat_metadata_server_url "http://controller-mgmt:8000"
iniset_sudo $conf DEFAULT heat_waitcondition_server_url "http://controller-mgmt:8000/v1/waitcondition"
iniset_sudo $conf ec2authtoken auth_uri http://controller-mgmt:5000/v2.0
iniset_sudo $conf DEFAULT heat_metadata_server_url http://controller-mgmt:8000
iniset_sudo $conf DEFAULT heat_waitcondition_server_url http://controller-mgmt:8000/v1/waitcondition
iniset_sudo $conf DEFAULT stack_domain_admin heat_domain_admin
iniset_sudo $conf DEFAULT stack_domain_admin_password "$HEAT_DOMAIN_PASS"
iniset_sudo $conf DEFAULT stack_user_domain_name heat_user_domain
iniset_sudo $conf DEFAULT verbose True
heat-keystone-setup-domain \
--stack-user-domain-name heat_user_domain \
--stack-domain-admin heat_domain_admin \
--stack-domain-admin-password "$HEAT_DOMAIN_PASS"
echo "Creating the database tables for heat."
sudo heat-manage db_sync
@@ -121,5 +127,10 @@ sudo service heat-api restart
sudo service heat-api-cfn restart
sudo service heat-engine restart
echo "Waiting for heat stack-list."
until heat stack-list; do
sleep 1
done
echo "Removing default SQLite database."
sudo rm -f /var/lib/heat/heat.sqlite

2
labs/osbash/scripts/ubuntu/setup_heat_network.sh
View File

@@ -12,7 +12,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Verify the Orchestration Service installation
# http://docs.openstack.org/juno/install-guide/install/apt/content/heat-verify.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/heat-verify.html
#------------------------------------------------------------------------------
echo "Verifying heat installation."

7
labs/osbash/scripts/ubuntu/setup_horizon.sh
View File

@@ -9,12 +9,11 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Set up OpenStack Dashboard (horizon)
# http://docs.openstack.org/juno/install-guide/install/apt/content/install_dashboard.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/install_dashboard.html
#------------------------------------------------------------------------------
echo "Installing horizon."
sudo apt-get install -y openstack-dashboard apache2 libapache2-mod-wsgi \
memcached python-memcache
sudo apt-get install -y openstack-dashboard
echo "Purging Ubuntu theme."
sudo dpkg --purge openstack-dashboard-ubuntu-theme
@@ -71,4 +70,4 @@ function check_apache_service {
echo "Reloading apache and memcached service."
sudo service apache2 stop
check_apache_service
sudo service memcached restart
sudo service apache2 start

289
labs/osbash/scripts/ubuntu/setup_keystone.sh
View File

@@ -13,20 +13,25 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Set up keystone for controller node
# http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-install.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-install.html
#------------------------------------------------------------------------------
echo "Setting up database for keystone."
setup_database keystone
# Create a "shared secret" used as OS_SERVICE_TOKEN, together with
# OS_SERVICE_ENDPOINT, before keystone can be used for authentication
# Create a "shared secret" used as OS_TOKEN, together with OS_URL, before
# keystone can be used for authentication
echo -n "Using openssl to generate a random admin token: "
ADMIN_TOKEN=$(openssl rand -hex 10)
echo "$ADMIN_TOKEN"
echo "Disabling the keystone service from starting automatically after installation."
echo "manual" | sudo tee /etc/init/keystone.override
echo "Installing keystone."
sudo apt-get install -y keystone python-keystoneclient
sudo apt-get install -y keystone python-openstackclient apache2 \
libapache2-mod-wsgi memcached python-memcache
conf=/etc/keystone/keystone.conf
echo "Configuring [DEFAULT] section in $conf."
@@ -49,9 +54,16 @@ echo "Configuring [database] section in /etc/keystone/keystone.conf."
echo "Setting database connection: $database_url."
iniset_sudo $conf database connection "$database_url"
echo "Configuring the Memcache service."
iniset_sudo $conf memcache servers localhost:11211
echo "Configuring the UUID token provider and SQL driver."
iniset_sudo $conf token provider keystone.token.providers.uuid.Provider
iniset_sudo $conf token driver keystone.token.persistence.backends.sql.Token
iniset_sudo $conf token driver keystone.token.persistence.backends.memcache.Token
echo "Configuring the SQL revocation driver."
iniset_sudo $conf revoke driver keystone.contrib.revoke.backends.sql.Revoke
echo "Enabling verbose logging."
iniset_sudo $conf DEFAULT verbose True
@@ -59,110 +71,235 @@ iniset_sudo $conf DEFAULT verbose True
echo "Creating the database tables for keystone."
sudo keystone-manage db_sync
echo "Restarting keystone."
sudo service keystone restart
# Configure Apache HTTP server.
echo "Configuring ServerName option in /etc/apache2/apache2.conf to reference controller node."
echo "ServerName controller-mgmt" | sudo tee -a /etc/apache2/apache2.conf
echo "Creating /etc/apache2/sites-available/wsgi-keystone.conf."
cat << WSGI | sudo tee -a /etc/apache2/sites-available/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel info
ErrorLog /var/log/apache2/keystone-error.log
CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel info
ErrorLog /var/log/apache2/keystone-error.log
CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>
WSGI
echo "Enabling the identity service virtual hosts."
sudo ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
echo "Creating the directory structure for WSGI components."
sudo mkdir -p /var/www/cgi-bin/keystone
echo "Copying WSGI component from upstream repository."
# Note: Since we have offline installation, use pre-cached files.
cat "$HOME/keystone.py" | sudo tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
echo "Adjusting ownership and permissions."
sudo chown -R keystone:keystone /var/www/cgi-bin/keystone
sudo chmod 755 /var/www/cgi-bin/keystone/*
echo "Restarting apache."
sudo service apache2 restart
echo "Removing default SQLite database."
sudo rm -f /var/lib/keystone/keystone.db
if ! sudo crontab -l -u keystone 2>&1 | grep token_flush; then
# No existing crontab entry for token_flush -- add one now.
echo "Adding crontab entry to purge expired tokens:"
cat << CRON | sudo tee -a /var/spool/cron/crontabs/keystone
# Purges expired tokens every hour and logs the output
@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1
CRON
echo "---------------------------------------------"
fi
sudo rm "$HOME/keystone.py"
#------------------------------------------------------------------------------
# Configure keystone services and API endpoints
# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-services.html
#------------------------------------------------------------------------------
echo "Using OS_TOKEN, OS_URL for authentication."
export OS_TOKEN=$ADMIN_TOKEN
export OS_URL=http://controller-mgmt:35357/v2.0
echo "Creating keystone service."
openstack service create \
--name keystone \
--description "OpenStack Identity" \
identity
echo "Creating endpoints for keystone."
openstack endpoint create \
--publicurl http://controller-mgmt:5000/v2.0 \
--internalurl http://controller-mgmt:5000/v2.0 \
--adminurl http://controller-mgmt:35357/v2.0 \
--region "$REGION" \
identity
#------------------------------------------------------------------------------
# Configure keystone users, tenants and roles
# http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-users.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-users.html
#------------------------------------------------------------------------------
echo "Using OS_SERVICE_TOKEN, OS_SERVICE_ENDPOINT for authentication."
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT="http://controller-mgmt:35357/v2.0"
# Wait for keystone to come up
wait_for_keystone
echo "Adding admin tenant."
keystone tenant-create --name "$ADMIN_TENANT_NAME" --description "Admin Tenant"
echo "Creating admin project."
openstack project create \
--description "Admin Project" \
"$ADMIN_PROJECT_NAME"
echo "Creating admin user."
keystone user-create \
--name "$ADMIN_USER_NAME" \
--pass "$ADMIN_PASSWORD" \
--email "admin@$MAIL_DOMAIN"
openstack user create \
--password "$ADMIN_PASSWORD" \
"$ADMIN_USER_NAME"
echo "Creating admin role."
keystone role-create --name "$ADMIN_ROLE_NAME"
openstack role create "$ADMIN_ROLE_NAME"
echo "Linking admin user, admin role and admin tenant."
keystone user-role-add \
echo "Adding admin role to admin project."
openstack role add \
--project "$ADMIN_PROJECT_NAME" \
--user "$ADMIN_USER_NAME" \
--tenant "$ADMIN_TENANT_NAME" \
--role "$ADMIN_ROLE_NAME"
"$ADMIN_ROLE_NAME"
echo "Creating demo tenant."
keystone tenant-create --name "$DEMO_TENANT_NAME" --description "Demo Tenant"
echo "Creating service project."
openstack project create \
--description "Service Project" \
"$SERVICE_PROJECT_NAME"
echo "Creating demo project."
openstack project create \
--description "Demo Project" \
"$DEMO_PROJECT_NAME"
echo "Creating demo user."
# Using the --tenant option automatically assigns the _member_ role to a user.
# This option will also create the _member_ role if it does not exist.
keystone user-create \
--name "$DEMO_USER_NAME" \
--tenant "$DEMO_TENANT_NAME" \
--pass "$DEMO_PASSWORD" \
--email "demo@$MAIL_DOMAIN"
openstack user create \
--password "$DEMO_PASSWORD" \
"$DEMO_USER_NAME"
echo "Adding service tenant."
keystone tenant-create \
--name "$SERVICE_TENANT_NAME" \
--description "Service Tenant"
echo "Creating the user role."
openstack role create \
"$USER_ROLE_NAME"
#------------------------------------------------------------------------------
# Configure keystone services and API endpoints
# http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-services.html
#------------------------------------------------------------------------------
echo "Creating keystone service."
keystone service-create \
--name keystone \
--type identity \
--description 'OpenStack Identity'
echo "Creating endpoints for keystone."
keystone_service_id=$(keystone service-list | awk '/ keystone / {print $2}')
keystone endpoint-create \
--service-id "$keystone_service_id" \
--publicurl "http://controller-api:5000/v2.0" \
--internalurl "http://controller-mgmt:5000/v2.0" \
--adminurl "http://controller-mgmt:35357/v2.0" \
--region "$REGION"
echo "Linking user role to demo project and user."
openstack role add \
--project "$DEMO_PROJECT_NAME" \
--user "$DEMO_USER_NAME" \
"$USER_ROLE_NAME"
#------------------------------------------------------------------------------
# Verify the Identity Service installation
# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-verify.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-verify.html
#------------------------------------------------------------------------------
echo "Verifying keystone installation."
# Disable temporary authentication token mechanism
conf=/etc/keystone/keystone-paste.ini
for section in pipeline:public_api pipeline:admin_api pipeline:api_v3; do
if ini_has_option_sudo $conf $section admin_token_auth; then
echo "Disabling admin_token_auth in section $section."
inicomment_sudo $conf $section admin_token_auth
fi
done
# From this point on, we are going to use keystone for authentication
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
unset OS_TOKEN OS_URL
# Load keystone credentials
source "$CONFIG_DIR/admin-openstackrc.sh"
echo "Requesting an authentication token."
openstack \
--os-auth-url http://controller:35357 \
--os-project-name "$ADMIN_PROJECT_NAME" \
--os-username "$ADMIN_USER_NAME" \
--os-auth-type password \
--os-password "$ADMIN_PASSWORD" \
token issue
# The output of the following commands can be used to verify or debug the
# service.
echo "Requesting an authentication token using the version 3 API."
openstack \
--os-auth-url http://controller:35357 \
--os-project-domain-id default \
--os-user-domain-id default \
--os-project-name "$ADMIN_PROJECT_NAME" \
--os-username "$ADMIN_USER_NAME" \
--os-auth-type password \
--os-password "$ADMIN_PASSWORD" \
token issue
echo "keystone token-get"
keystone token-get
echo "Requesting project list."
openstack \
--os-auth-url http://controller:35357 \
--os-project-name "$ADMIN_PROJECT_NAME" \
--os-username "$ADMIN_USER_NAME" \
--os-auth-type password \
--os-password "$ADMIN_PASSWORD" \
project list
echo "keystone user-list"
keystone user-list
echo "Requesting user list."
openstack \
--os-auth-url http://controller:35357 \
--os-project-name "$ADMIN_PROJECT_NAME" \
--os-username "$ADMIN_USER_NAME" \
--os-auth-type password \
--os-password "$ADMIN_PASSWORD" \
user list
echo "keystone user-role-list --user $ADMIN_USER_NAME --tenant $ADMIN_TENANT_NAME"
keystone user-role-list --user "$ADMIN_USER_NAME" --tenant "$ADMIN_TENANT_NAME"
echo "Requesting role list."
openstack \
--os-auth-url http://controller:35357 \
--os-project-name "$ADMIN_PROJECT_NAME" \
--os-username "$ADMIN_USER_NAME" \
--os-auth-type password \
--os-password "$ADMIN_PASSWORD" \
role list
echo "Requesting an authentication token for the demo user."
openstack \
--os-auth-url http://controller:5000 \
--os-project-domain-id default \
--os-user-domain-id default \
--os-project-name "$DEMO_PROJECT_NAME" \
--os-username "$DEMO_USER_NAME" \
--os-auth-type password \
--os-password "$DEMO_PASSWORD" \
token issue
echo "Verifying that an admin-only request by the demo user is denied."
openstack \
--os-auth-url http://controller:5000 \
--os-project-domain-id default \
--os-user-domain-id default \
--os-project-name "$DEMO_PROJECT_NAME" \
--os-username "$DEMO_USER_NAME" \
--os-auth-type password \
--os-password "$DEMO_PASSWORD" \
user list || rc=$?
echo rc=$rc
if [ $rc -eq 0 ]; then
echo "The request was not denied. This is an error. Exiting."
exit 1
else
echo "The request was correctly denied."
fi

1
labs/osbash/scripts/ubuntu/setup_lbaas_controller.sh
View File

@@ -18,6 +18,7 @@ echo "Configuring neutron lbaas for controller node."
conf=/etc/neutron/neutron.conf
# Configure network plugin parameters
# FIXME The following line breaks neutron
iniset_sudo $conf DEFAULT service_plugins "router,lbaas"
echo "Restarting neutron service."

33
labs/osbash/scripts/ubuntu/setup_neutron_compute.sh
View File

@@ -11,7 +11,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Set up OpenStack Networking (neutron) for compute node.
# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-compute-node.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-compute-node.html
#------------------------------------------------------------------------------
echo "Editing /etc/sysctl.conf: disable Reverse Path Forwarding filter."
@@ -19,6 +19,12 @@ cat << SYSCTL | sudo tee -a /etc/sysctl.conf
# Disable Reverse Path Forwarding filter (RFC 3704)
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
# XXX NOTE This was added to the install-guide because CentOS needs it. On
# Ubuntu it results in an error because the bridge kernel modules
# are not loaded at this point.
#net.bridge.bridge-nf-call-iptables=1
#net.bridge.bridge-nf-call-ip6tables=1
SYSCTL
# Reload changed file
@@ -38,18 +44,23 @@ echo "Configuring $conf."
# Configure AMQP parameters
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
# Configuring [DEFAULT] section
iniset_sudo $conf DEFAULT auth_strategy keystone
# Configuring [keystone_authtoken] section
iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password"
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken auth_plugin password
iniset_sudo $conf keystone_authtoken project_domain_id default
iniset_sudo $conf keystone_authtoken user_domain_id default
iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken username "$neutron_admin_user"
iniset_sudo $conf keystone_authtoken password "$neutron_admin_password"
# Configure network plugin parameters
iniset_sudo $conf DEFAULT core_plugin ml2
@@ -62,7 +73,7 @@ echo "Configuring the OVS plug-in to use GRE tunneling."
conf=/etc/neutron/plugins/ml2/ml2_conf.ini
# Under the ml2 section
iniset_sudo $conf ml2 type_drivers flat,gre
iniset_sudo $conf ml2 type_drivers flat,vlan,gre,vxlan
iniset_sudo $conf ml2 tenant_network_types gre
iniset_sudo $conf ml2 mechanism_drivers openvswitch
@@ -87,14 +98,14 @@ echo "Configuring Compute to use Networking."
conf=/etc/nova/nova.conf
iniset_sudo $conf DEFAULT network_api_class nova.network.neutronv2.api.API
iniset_sudo $conf DEFAULT security_group_api neutron
iniset_sudo $conf DEFAULT linuxnet_interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
iniset_sudo $conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
iniset_sudo $conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
iniset_sudo $conf neutron url http://controller-mgmt:9696
iniset_sudo $conf neutron auth_strategy keystone
iniset_sudo $conf neutron admin_auth_url http://controller-mgmt:35357/v2.0
iniset_sudo $conf neutron admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf neutron admin_tenant_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf neutron admin_username "$neutron_admin_user"
iniset_sudo $conf neutron admin_password "$neutron_admin_password"

85
labs/osbash/scripts/ubuntu/setup_neutron_controller.sh
View File

@@ -10,7 +10,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Set up OpenStack Networking (neutron) for controller node.
# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-controller-node.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-controller-node.html
#------------------------------------------------------------------------------
echo "Setting up database for neutron."
@@ -25,31 +25,31 @@ neutron_admin_password=$(service_to_user_password neutron)
wait_for_keystone
echo "Creating neutron user and giving it admin role under service tenant."
keystone user-create \
--name "$neutron_admin_user" \
--pass "$neutron_admin_password"
openstack user create \
--password "$neutron_admin_password" \
"$neutron_admin_user"
keystone user-role-add \
openstack role add \
--project "$SERVICE_PROJECT_NAME" \
--user "$neutron_admin_user" \
--tenant "$SERVICE_TENANT_NAME" \
--role "$ADMIN_ROLE_NAME"
"$ADMIN_ROLE_NAME"
echo "Registering neutron with keystone so that other services can locate it."
keystone service-create \
openstack service create \
--name neutron \
--type network \
--description "OpenStack Networking"
--description "OpenStack Networking" \
network
neutron_service_id=$(keystone service-list | awk '/ network / {print $2}')
keystone endpoint-create \
--service-id "$neutron_service_id" \
--publicurl "http://controller-mgmt:9696" \
--adminurl "http://controller-mgmt:9696" \
--internalurl "http://controller-mgmt:9696" \
--region "$REGION"
openstack endpoint create \
--publicurl http://controller-api:9696 \
--adminurl http://controller-mgmt:9696 \
--internalurl http://controller-mgmt:9696 \
--region "$REGION" \
network
echo "Installing neutron for controller node."
sudo apt-get install -y neutron-server neutron-plugin-ml2 python-neutronclient
sudo apt-get install -y \
neutron-server neutron-plugin-ml2 python-neutronclient
echo "Configuring neutron for controller node."
@@ -69,16 +69,24 @@ iniset_sudo $conf database connection "$database_url"
# Configure AMQP parameters
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
# Configuring [DEFAULT] section
iniset_sudo $conf DEFAULT auth_strategy keystone
# Configuring [keystone_authtoken] section
iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken auth_plugin password
iniset_sudo $conf keystone_authtoken project_domain_id default
iniset_sudo $conf keystone_authtoken user_domain_id default
iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken username "$neutron_admin_user"
iniset_sudo $conf keystone_authtoken password "$neutron_admin_password"
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password"
@@ -90,25 +98,26 @@ iniset_sudo $conf DEFAULT allow_overlapping_ips True
nova_admin_user=$(service_to_user_name nova)
nova_admin_password=$(service_to_user_password nova)
service_tenant_id=$(keystone tenant-get "$SERVICE_TENANT_NAME" | awk '/ id / {print $4}')
echo "Service tenant id: $service_tenant_id"
# Configure nova related parameters
iniset_sudo $conf DEFAULT notify_nova_on_port_status_changes True
iniset_sudo $conf DEFAULT notify_nova_on_port_data_changes True
iniset_sudo $conf DEFAULT nova_url http://controller-mgmt:8774/v2
iniset_sudo $conf DEFAULT nova_admin_auth_url http://controller-mgmt:35357/v2.0
iniset_sudo $conf DEFAULT nova_region_name "$REGION"
iniset_sudo $conf DEFAULT nova_admin_username "$nova_admin_user"
iniset_sudo $conf DEFAULT nova_admin_tenant_id "$service_tenant_id"
iniset_sudo $conf DEFAULT nova_admin_password "$nova_admin_password"
iniset_sudo $conf nova auth_url http://controller-mgmt:35357
iniset_sudo $conf nova auth_plugin password
iniset_sudo $conf nova project_domain_id default
iniset_sudo $conf nova user_domain_id default
iniset_sudo $conf nova region_name "$REGION"
iniset_sudo $conf nova project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf nova username "$nova_admin_user"
iniset_sudo $conf nova password "$nova_admin_password"
iniset_sudo $conf DEFAULT verbose True
echo "Configuring the OVS plug-in to use GRE tunneling."
conf=/etc/neutron/plugins/ml2/ml2_conf.ini
# Edit the [ml2] section.
iniset_sudo $conf ml2 type_drivers flat,gre
iniset_sudo $conf ml2 type_drivers flat,vlan,gre,vxlan
iniset_sudo $conf ml2 tenant_network_types gre
iniset_sudo $conf ml2 mechanism_drivers openvswitch
@@ -124,30 +133,28 @@ echo "Configure Compute to use Networking"
conf=/etc/nova/nova.conf
iniset_sudo $conf DEFAULT network_api_class nova.network.neutronv2.api.API
iniset_sudo $conf DEFAULT security_group_api neutron
iniset_sudo $conf DEFAULT linuxnet_interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
iniset_sudo $conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
iniset_sudo $conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
iniset_sudo $conf neutron url http://controller-mgmt:9696
iniset_sudo $conf neutron auth_strategy keystone
iniset_sudo $conf neutron admin_auth_url http://controller-mgmt:35357/v2.0
iniset_sudo $conf neutron admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf neutron admin_tenant_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf neutron admin_username "$neutron_admin_user"
iniset_sudo $conf neutron admin_password "$neutron_admin_password"
# service_neutron_metadata_proxy, neutron_metadata_proxy_shared_secret from:
# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-network-node.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-network-node.html
iniset_sudo $conf neutron service_metadata_proxy True
iniset_sudo $conf neutron metadata_proxy_shared_secret "$METADATA_SECRET"
sudo neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
upgrade juno
upgrade head
echo "Restart nova services"
echo "Restarting nova services."
sudo service nova-api restart
sudo service nova-scheduler restart
sudo service nova-conductor restart
echo "Restarting neutron service."
sudo service neutron-server restart

50
labs/osbash/scripts/ubuntu/setup_neutron_network.sh
View File

@@ -11,12 +11,11 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Set up OpenStack Networking (neutron) for network node.
# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-network-node.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-network-node.html
#------------------------------------------------------------------------------
echo "Editing /etc/sysctl.conf: enable IP forwarding, disable RPF filter."
cat << SYSCTL | sudo tee -a /etc/sysctl.conf
# Enable IP forwarding
net.ipv4.ip_forward=1
# Disable Reverse Path Forwarding filter (RFC 3704)
net.ipv4.conf.all.rp_filter=0
@@ -27,8 +26,9 @@ SYSCTL
sudo sysctl -p
echo "Installing networking components for network node."
sudo apt-get install -y neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
neutron-l3-agent neutron-dhcp-agent
sudo apt-get install -y \
neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
# neutron-l3-agent has just been installed and is about to start. We are also
# about to change its configuration file which tends to result in the agent
@@ -50,18 +50,23 @@ echo "Configuring $conf."
# Configure AMQP parameters
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
# Configuring [DEFAULT] section
iniset_sudo $conf DEFAULT auth_strategy keystone
# Configuring [keystone_authtoken] section
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password"
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken auth_plugin password
iniset_sudo $conf keystone_authtoken project_domain_id default
iniset_sudo $conf keystone_authtoken user_domain_id default
iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken username "$neutron_admin_user"
iniset_sudo $conf keystone_authtoken password "$neutron_admin_password"
# Configure network plugin parameters
iniset_sudo $conf DEFAULT core_plugin ml2
@@ -74,7 +79,7 @@ echo "Configuring the OVS plug-in to use GRE tunneling."
conf=/etc/neutron/plugins/ml2/ml2_conf.ini
# Under the ml2 section
iniset_sudo $conf ml2 type_drivers flat,gre
iniset_sudo $conf ml2 type_drivers flat,vlan,gre,vxlan
iniset_sudo $conf ml2 tenant_network_types gre
iniset_sudo $conf ml2 mechanism_drivers openvswitch
@@ -90,7 +95,6 @@ iniset_sudo $conf securitygroup firewall_driver neutron.agent.linux.iptables_fir
# Under the ovs section
iniset_sudo $conf ovs local_ip "$(hostname_to_ip network-data)"
iniset_sudo $conf ovs enable_tunneling True
iniset_sudo $conf ovs bridge_mappings external:br-ex
iniset_sudo $conf agent tunnel_types gre
@@ -98,8 +102,9 @@ iniset_sudo $conf agent tunnel_types gre
echo "Configuring Layer-3 agent."
conf=/etc/neutron/l3_agent.ini
iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
iniset_sudo $conf DEFAULT use_namespaces True
iniset_sudo $conf DEFAULT external_network_bridge br-ex
# The external_network_bridge option intentionally lacks a value to enable
# multiple external networks on a single agent.
iniset_sudo $conf DEFAULT external_network_bridge ""
iniset_sudo $conf DEFAULT router_delete_namespaces True
iniset_sudo $conf DEFAULT verbose True
@@ -107,7 +112,6 @@ echo "Configuring the DHCP agent"
conf=/etc/neutron/dhcp_agent.ini
iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
iniset_sudo $conf DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
iniset_sudo $conf DEFAULT use_namespaces True
iniset_sudo $conf DEFAULT dhcp_delete_namespaces True
iniset_sudo $conf DEFAULT verbose True
iniset_sudo $conf DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf
@@ -137,11 +141,15 @@ sudo killall dnsmasq||rc=$?
echo "Configuring the metadata agent"
conf=/etc/neutron/metadata_agent.ini
iniset_sudo $conf DEFAULT auth_url http://controller-mgmt:5000/v2.0
iniset_sudo $conf DEFAULT auth_uri http://controller-mgmt:5000
iniset_sudo $conf DEFAULT auth_url http://controller-mgmt:35357
iniset_sudo $conf DEFAULT auth_region "$REGION"
iniset_sudo $conf DEFAULT admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf DEFAULT admin_user "$neutron_admin_user"
iniset_sudo $conf DEFAULT admin_password "$neutron_admin_password"
iniset_sudo $conf DEFAULT auth_plugin password
iniset_sudo $conf DEFAULT project_domain_id default
iniset_sudo $conf DEFAULT user_domain_id default
iniset_sudo $conf DEFAULT project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf DEFAULT username "$neutron_admin_user"
iniset_sudo $conf DEFAULT password "$neutron_admin_password"
iniset_sudo $conf DEFAULT nova_metadata_ip "$(hostname_to_ip controller-mgmt)"
iniset_sudo $conf DEFAULT metadata_proxy_shared_secret "$METADATA_SECRET"
iniset_sudo $conf DEFAULT verbose True
@@ -184,6 +192,8 @@ ping -c 1 controller-api
echo "Restarting the network service."
sudo service neutron-plugin-openvswitch-agent restart
# Without sleep, we get port in limbo; FIXME needs a proper test condition
sleep 1
sudo service neutron-l3-agent restart
echo -n "Checking VLAN tags."

27
labs/osbash/scripts/ubuntu/setup_nova_compute.sh
View File

@@ -11,7 +11,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Set up OpenStack Compute (nova) for compute node.
# http://docs.openstack.org/juno/install-guide/install/apt/content/ch_nova.html#nova-compute-install
# http://docs.openstack.org/kilo/install-guide/install/apt/content/ch_nova.html#nova-compute-install
#------------------------------------------------------------------------------
echo "Installing nova for compute node."
@@ -23,10 +23,13 @@ echo "Configuring nova for compute node."
conf=/etc/nova/nova.conf
echo "Configuring $conf."
# Configure RabbitMQ variables
# Configure Default section
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
# Configure oslo_messaging_rabbit
iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
# Configuring [DEFAULT] section
iniset_sudo $conf DEFAULT auth_strategy keystone
@@ -35,11 +38,14 @@ nova_admin_user=$(service_to_user_name nova)
nova_admin_password=$(service_to_user_password nova)
# Configure [keystone_authtoken] section
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$nova_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$nova_admin_password"
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken auth_plugin password
iniset_sudo $conf keystone_authtoken project_domain_id default
iniset_sudo $conf keystone_authtoken user_domain_id default
iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken username "$nova_admin_user"
iniset_sudo $conf keystone_authtoken password "$nova_admin_password"
iniset_sudo $conf DEFAULT my_ip "$(hostname_to_ip compute-mgmt)"
@@ -50,6 +56,8 @@ iniset_sudo $conf DEFAULT novncproxy_base_url http://"$(hostname_to_ip controlle
iniset_sudo $conf glance host controller-mgmt
iniset_sudo $conf glance oslo_concurrency /var/lib/nova/tmp
iniset_sudo $conf DEFAULT verbose True
# Configure nova-compute.conf
@@ -57,6 +65,7 @@ conf=/etc/nova/nova-compute.conf
echo -n "Hardware acceleration for virtualization: "
if sudo egrep -q '(vmx|svm)' /proc/cpuinfo; then
echo "available."
iniset_sudo $conf libvirt virt_type kvm
else
echo "not available."
iniset_sudo $conf libvirt virt_type qemu

83
labs/osbash/scripts/ubuntu/setup_nova_controller.sh
View File

@@ -10,7 +10,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Install Compute controller services
# http://docs.openstack.org/juno/install-guide/install/apt/content/ch_nova.html#nova-controller-install
# http://docs.openstack.org/kilo/install-guide/install/apt/content/ch_nova.html#nova-controller-install
#------------------------------------------------------------------------------
echo "Setting up database for nova."
@@ -25,33 +25,33 @@ nova_admin_password=$(service_to_user_password nova)
# Wait for keystone to come up
wait_for_keystone
echo "Creating nova user and giving it admin role under service tenant."
keystone user-create \
--name "$nova_admin_user" \
--pass "$nova_admin_password"
echo "Creating nova user and giving it the admin role."
openstack user create \
--password "$nova_admin_password" \
"$nova_admin_user"
keystone user-role-add \
openstack role add \
--project "$SERVICE_PROJECT_NAME" \
--user "$nova_admin_user" \
--tenant "$SERVICE_TENANT_NAME" \
--role "$ADMIN_ROLE_NAME"
"$ADMIN_ROLE_NAME"
echo "Registering nova with keystone so that other services can locate it."
keystone service-create \
echo "Creating the nova service entity."
openstack service create \
--name nova \
--type compute \
--description "OpenStack Compute"
--description "OpenStack Compute" \
compute
nova_service_id=$(keystone service-list | awk '/ compute / {print $2}')
keystone endpoint-create \
--service-id "$nova_service_id" \
openstack endpoint create \
--publicurl 'http://controller-api:8774/v2/%(tenant_id)s' \
--internalurl 'http://controller-mgmt:8774/v2/%(tenant_id)s' \
--adminurl 'http://controller-mgmt:8774/v2/%(tenant_id)s' \
--region "$REGION"
--region "$REGION" \
compute
echo "Installing nova for controller node."
sudo apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth \
nova-novncproxy nova-scheduler python-novaclient
sudo apt-get install -y \
nova-api nova-cert nova-conductor nova-consoleauth \
nova-novncproxy nova-scheduler python-novaclient
function get_database_url {
local db_user=$(service_to_db_user nova)
@@ -68,36 +68,53 @@ conf=/etc/nova/nova.conf
echo "Setting database connection: $database_url."
iniset_sudo $conf database connection "$database_url"
echo "Configuring [DEFAULT] section in /etc/nova/nova.conf for controller node."
echo "Configuring nova services."
# Default Section.
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
# oslo_messaging_rabbit section.
iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf DEFAULT auth_strategy keystone
# Configure keystone_authtoken section.
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000
iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$nova_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$nova_admin_password"
iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken auth_plugin password
iniset_sudo $conf keystone_authtoken project_domain_id default
iniset_sudo $conf keystone_authtoken user_domain_id default
iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken username "$nova_admin_user"
iniset_sudo $conf keystone_authtoken password "$nova_admin_password"
# Default section
iniset_sudo $conf DEFAULT my_ip "$(hostname_to_ip controller-mgmt)"
iniset_sudo $conf DEFAULT vncserver_listen controller-mgmt
iniset_sudo $conf DEFAULT vncserver_proxyclient_address controller-mgmt
# Glance section
iniset_sudo $conf glance host controller-mgmt
# oslo_concurrency section
iniset_sudo $conf oslo_concurrency lock_path /var/lib/nova/tmp
# default section
iniset_sudo $conf DEFAULT verbose True
echo "Creating the database tables for nova."
sudo nova-manage db sync
echo "Restarting nova services."
declare -a components=(nova-api nova-cert nova-consoleauth nova-scheduler
nova-conductor nova-novncproxy)
for component in "${components[@]}"; do
echo "Restarting $component"
sudo service "$component" restart
declare -a nova_services=(nova-api nova-cert nova-consoleauth \
nova-scheduler nova-conductor nova-novncproxy)
for nova_service in "${nova_services[@]}"; do
echo "Restarting $nova_service"
sudo service "$nova_service" restart
done
# Remove SQLite database created by Ubuntu package for nova.
@@ -112,6 +129,12 @@ echo "Verify nova service status."
echo "sudo nova-manage service list"
sudo nova-manage service list
echo "nova service-list"
nova service-list
echo "nova endpoints"
nova endpoints
echo "nova image-list"
nova image-list

27
labs/osbash/scripts/ubuntu/setup_telemetry_compute.sh
View File

@@ -11,7 +11,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Install the Telemetry service
# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-nova.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-nova.html
#------------------------------------------------------------------------------
echo "Installing ceilometer."
@@ -23,27 +23,28 @@ ceilometer_admin_password=$(service_to_user_password ceilometer)
echo "Configuring ceilometer.conf."
conf=/etc/ceilometer/ceilometer.conf
iniset_sudo $conf publisher metering_secret "$METERING_SECRET"
iniset_sudo $conf publisher telemetry_secret "$TELEMETRY_SECRET"
# Configure RabbitMQ variables
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$ceilometer_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$ceilometer_admin_password"
iniset_sudo $conf service_credentials os_auth_url "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf service_credentials os_auth_url http://controller-mgmt:5000/v2.0
iniset_sudo $conf service_credentials os_username "$ceilometer_admin_user"
iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf service_credentials os_password "$ceilometer_admin_password"
iniset_sudo $conf service_credentials os_endpoint_type internalURL
iniset_sudo $conf service_credentials os_region_name "$REGION"
iniset_sudo $conf DEFAULT verbose True
echo "Configuring nova.conf."
@@ -62,7 +63,7 @@ sudo service nova-compute restart
#------------------------------------------------------------------------------
# Configure the Block Storage service(cinder-volume)
# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-cinder.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-cinder.html
#------------------------------------------------------------------------------
# Configure the Block Storage Service to send notifications to the message bus
@@ -78,7 +79,7 @@ sudo service cinder-volume restart
#------------------------------------------------------------------------------
# Verify the Telemetry installation
# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-verify.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-verify.html
#------------------------------------------------------------------------------
echo "Verifying the telemetry installation."

66
labs/osbash/scripts/ubuntu/setup_telemetry_controller.sh
View File

@@ -12,7 +12,7 @@ indicate_current_auto
#------------------------------------------------------------------------------
# Install the Telemetry service
# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-controller-install.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-controller-install.html
#------------------------------------------------------------------------------
echo "Setting up database for telemetry."
@@ -28,7 +28,7 @@ iniset_sudo_no_section $conf smallfiles true
echo "Restarting mongodb."
sudo service mongodb restart
echo "Waiting for mongodb to start."
echo -n "Waiting for mongodb to start."
while sudo service mongodb status 2>/dev/null | grep "stop"; do
sleep 5
echo -n .
@@ -51,28 +51,27 @@ echo "Sourcing the admin credentials."
source "$CONFIG_DIR/admin-openstackrc.sh"
echo "Creating ceilometer user and giving it admin role under service tenant."
keystone user-create \
--name "$ceilometer_admin_user" \
--pass "$ceilometer_admin_password" \
openstack user create \
--password "$ceilometer_admin_password" \
"$ceilometer_admin_user"
keystone user-role-add \
openstack role add \
--project "$SERVICE_PROJECT_NAME" \
--user "$ceilometer_admin_user" \
--tenant "$SERVICE_TENANT_NAME" \
--role "$ADMIN_ROLE_NAME"
"$ADMIN_ROLE_NAME"
echo "Registering ceilometer with keystone so that other services can locate it."
keystone service-create \
openstack service create \
--name ceilometer \
--type metering \
--description "Telemetry"
--description "Telemetry" \
metering
ceilometer_service_id=$(keystone service-list | awk '/ metering / {print $2}')
keystone endpoint-create \
--service-id "$ceilometer_service_id" \
--publicurl "http://controller-api:8777" \
--internalurl "http://controller-mgmt:8777" \
--adminurl "http://controller-mgmt:8777" \
--region "$REGION"
openstack endpoint create \
--publicurl http://controller-api:8777 \
--internalurl http://controller-mgmt:8777 \
--adminurl http://controller-mgmt:8777 \
--region "$REGION" \
metering
echo "Installing ceilometer."
sudo apt-get install -y ceilometer-api ceilometer-collector \
@@ -83,11 +82,9 @@ sudo apt-get install -y ceilometer-api ceilometer-collector \
python-ceilometerclient
function get_database_url {
local db_user=$(service_to_db_user ceilometer)
local db_password=$(service_to_db_password ceilometer)
local database_host=controller-mgmt
echo "mongodb://$db_user:$db_password@$database_host:27017/ceilometer"
echo "mongodb://$mongodb_user:$mongodb_password@$database_host:27017/ceilometer"
}
database_url=$(get_database_url)
@@ -99,28 +96,31 @@ iniset_sudo $conf database connection "$database_url"
# Configure RabbitMQ variables
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt
iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack
iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD"
# Configure the [DEFAULT] section
iniset_sudo $conf DEFAULT auth_strategy keystone
iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357"
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0
iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357
iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf keystone_authtoken admin_user "$ceilometer_admin_user"
iniset_sudo $conf keystone_authtoken admin_password "$ceilometer_admin_password"
iniset_sudo $conf service_credentials os_auth_url "http://controller-mgmt:5000/v2.0"
iniset_sudo $conf service_credentials os_auth_url http://controller-mgmt:5000/v2.0
iniset_sudo $conf service_credentials os_username "$ceilometer_admin_user"
iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_TENANT_NAME"
iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_PROJECT_NAME"
iniset_sudo $conf service_credentials os_password "$ceilometer_admin_password"
iniset_sudo $conf service_credentials os_endpoint_type internalURL
iniset_sudo $conf service_credentials os_region_name "$REGION"
iniset_sudo $conf publisher metering_secret "$METERING_SECRET"
iniset_sudo $conf publisher telemetry_secret "$TELEMETRY_SECRET"
iniset_sudo $conf DEFAULT verbose True
echo "Restarting telemetry service."
sudo service ceilometer-agent-central restart
sudo service ceilometer-agent-notification restart
@@ -131,7 +131,7 @@ sudo service ceilometer-alarm-notifier restart
#------------------------------------------------------------------------------
# Configure the Image service
# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-glance.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-glance.html
#------------------------------------------------------------------------------
# Configure the Image Service to send notifications to the message bus
@@ -142,6 +142,7 @@ conf=/etc/glance/glance-api.conf
iniset_sudo $conf DEFAULT notification_driver messagingv2
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_userid openstack
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
echo "Configuring glance-registry.conf."
@@ -150,6 +151,7 @@ conf=/etc/glance/glance-registry.conf
iniset_sudo $conf DEFAULT notification_driver messagingv2
iniset_sudo $conf DEFAULT rpc_backend rabbit
iniset_sudo $conf DEFAULT rabbit_host controller-mgmt
iniset_sudo $conf DEFAULT rabbit_userid openstack
iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD"
sudo service glance-registry restart
@@ -157,7 +159,7 @@ sudo service glance-api restart
#------------------------------------------------------------------------------
# Configure the Block Storage service
# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-cinder.html
# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-cinder.html
#------------------------------------------------------------------------------
# Configure the Block Storage Service to send notifications to the message bus