From 3f09cf9c3b45ea4fdd19d641b3f11d1cc3ad6812 Mon Sep 17 00:00:00 2001 From: sayalilunkad Date: Sun, 18 Oct 2015 20:07:28 +0200 Subject: [PATCH] Client-side changes from Juno to Kilo This patch makes all the necessary changes to port the labs scripts from Juno to Kilo. Change-Id: I1ff50dcee2181a209e336cfc70c1164385292568 Co-Authored-By: Pranav Salunke Co-Authored-By: Roger Luethi --- labs/osbash/config/admin-openstackrc.sh | 15 +- labs/osbash/config/config.controller | 6 +- labs/osbash/config/credentials | 22 +- labs/osbash/config/demo-openstackrc.sh | 13 +- labs/osbash/config/openstack | 4 +- labs/osbash/config/scripts.ubuntu_cluster | 11 +- labs/osbash/lib/functions.guest | 29 +- .../osbash/scripts/config_external_network.sh | 10 +- labs/osbash/scripts/config_tenant_network.sh | 6 +- .../scripts/ubuntu/apt_install_mysql.sh | 28 +- .../osbash/scripts/ubuntu/apt_pre-download.sh | 27 +- .../osbash/scripts/ubuntu/install_rabbitmq.sh | 7 +- .../scripts/ubuntu/setup_cinder_controller.sh | 64 ++-- .../scripts/ubuntu/setup_cinder_volumes.sh | 37 ++- labs/osbash/scripts/ubuntu/setup_glance.sh | 82 +++-- .../scripts/ubuntu/setup_heat_controller.sh | 87 +++--- .../scripts/ubuntu/setup_heat_network.sh | 2 +- labs/osbash/scripts/ubuntu/setup_horizon.sh | 7 +- labs/osbash/scripts/ubuntu/setup_keystone.sh | 289 +++++++++++++----- .../scripts/ubuntu/setup_lbaas_controller.sh | 1 + .../scripts/ubuntu/setup_neutron_compute.sh | 33 +- .../ubuntu/setup_neutron_controller.sh | 85 +++--- .../scripts/ubuntu/setup_neutron_network.sh | 50 +-- .../scripts/ubuntu/setup_nova_compute.sh | 27 +- .../scripts/ubuntu/setup_nova_controller.sh | 83 +++-- .../scripts/ubuntu/setup_telemetry_compute.sh | 27 +- .../ubuntu/setup_telemetry_controller.sh | 66 ++-- 27 files changed, 732 insertions(+), 386 deletions(-) diff --git a/labs/osbash/config/admin-openstackrc.sh b/labs/osbash/config/admin-openstackrc.sh index dfd8ba6b..07208e46 100644 --- a/labs/osbash/config/admin-openstackrc.sh +++ b/labs/osbash/config/admin-openstackrc.sh @@ -9,7 +9,18 @@ CONFIG_DIR=$(dirname "$BASH_SOURCE") source "$CONFIG_DIR/openstack" source "$CONFIG_DIR/credentials" +#------------------------------------------------------------------------------ +# OpenStack client environment scripts +# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-client-environment-scripts.html +#------------------------------------------------------------------------------ + +export OS_PROJECT_DOMAIN_ID=default +export OS_USER_DOMAIN_ID=default +export OS_PROJECT_NAME=$ADMIN_PROJECT_NAME +export OS_TENANT_NAME=$ADMIN_PROJECT_NAME export OS_USERNAME=$ADMIN_USER_NAME export OS_PASSWORD=$ADMIN_PASSWORD -export OS_TENANT_NAME=$ADMIN_TENANT_NAME -export OS_AUTH_URL="http://controller-mgmt:35357/v2.0" +export OS_AUTH_URL=http://controller-mgmt:35357/v3 +export OS_IMAGE_API_VERSION=2 +export OS_VOLUME_API_VERSION=2 +export OS_REGION_NAME=$REGION diff --git a/labs/osbash/config/config.controller b/labs/osbash/config/config.controller index 384e7aec..08d28a7c 100644 --- a/labs/osbash/config/config.controller +++ b/labs/osbash/config/config.controller @@ -12,9 +12,9 @@ NET_IF_0=nat NET_IF_1=MGMT_NET NET_IF_2=API_NET -# Controller node is running many services. It needs 1 GB RAM for better -# performance. -VM_MEM=1024 +# Controller node is running many services. For Kilo, 2GB RAM +# is required for expected performance. +VM_MEM=2048 # Override number of virtual CPUs (default is 1) # To edit uncomment the line below diff --git a/labs/osbash/config/credentials b/labs/osbash/config/credentials index ee2c8666..b5edd239 100644 --- a/labs/osbash/config/credentials +++ b/labs/osbash/config/credentials @@ -12,9 +12,9 @@ # Used for MySQL or whatever other DBMS is configured : ${RABBIT_PASSWORD:=rabbitPass} -# Tenant and role for admin accounts +# Project and role for admin accounts : ${ADMIN_ROLE_NAME:=admin} -: ${ADMIN_TENANT_NAME:=admin} +: ${ADMIN_PROJECT_NAME:=admin} # Member role for generic use : ${MEMBER_ROLE_NAME:=_member_} @@ -23,18 +23,21 @@ : ${ADMIN_USER_NAME:=admin} : ${ADMIN_PASSWORD:=admin_pass} -# Tenant name, user name and password for normal (demo) user -: ${DEMO_TENANT_NAME:=demo} +# Project name, user name and password for normal (demo) user +: ${DEMO_PROJECT_NAME:=demo} : ${DEMO_USER_NAME:=demo} : ${DEMO_PASSWORD:=demo_pass} +# User role +: ${USER_ROLE_NAME:=user} + # OpenStack Services needs to be affiliated with a tenant to provide # authentication to other OpenStack services. We create a "service" tenant for # the OpenStack services. All the OpenStack services will be registered via # service tenant. -# Tenant and role for service accounts. -: ${SERVICE_TENANT_NAME:=service} +# Project and role for service accounts. +: ${SERVICE_PROJECT_NAME:=service} # Domain to use for email addresses (e.g. admin@example.com) : ${MAIL_DOMAIN:=example.com} @@ -42,7 +45,10 @@ # Metadata secret used by neutron and nova. : ${METADATA_SECRET:=osbash_training} -# Metering secret used by ceilometer. -: ${METERING_SECRET:=osbash_training} +# Heat domain password +: ${HEAT_DOMAIN_PASS:=heat_dom_pw} + +# Telemetry secret used by ceilometer. +: ${TELEMETRY_SECRET:=osbash_training} # vim: set ai ts=4 sw=4 et ft=sh: diff --git a/labs/osbash/config/demo-openstackrc.sh b/labs/osbash/config/demo-openstackrc.sh index ffa1218b..9fbf4912 100644 --- a/labs/osbash/config/demo-openstackrc.sh +++ b/labs/osbash/config/demo-openstackrc.sh @@ -9,7 +9,16 @@ CONFIG_DIR=$(dirname "$BASH_SOURCE") source "$CONFIG_DIR/openstack" source "$CONFIG_DIR/credentials" +#------------------------------------------------------------------------------ +# OpenStack client environment scripts +# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-client-environment-scripts.html +#------------------------------------------------------------------------------ + +export OS_PROJECT_DOMAIN_ID=default +export OS_USER_DOMAIN_ID=default +export OS_PROJECT_NAME=$DEMO_PROJECT_NAME +export OS_TENANT_NAME=$DEMO_PROJECT_NAME export OS_USERNAME=$DEMO_USER_NAME export OS_PASSWORD=$DEMO_PASSWORD -export OS_TENANT_NAME=$DEMO_TENANT_NAME -export OS_AUTH_URL="http://controller-mgmt:5000/v2.0" +export OS_AUTH_URL=http://controller-mgmt:5000/v3 +export OS_REGION_NAME=$REGION diff --git a/labs/osbash/config/openstack b/labs/osbash/config/openstack index 4feeb49e..7f1e8d37 100644 --- a/labs/osbash/config/openstack +++ b/labs/osbash/config/openstack @@ -1,8 +1,8 @@ # This file contains OpenStack configuration data. It is used by both # host (osbash, Windows batch) and VM guest scripts. -# one of: icehouse, juno -: ${OPENSTACK_RELEASE:=juno} +# one of: icehouse, juno, kilo +: ${OPENSTACK_RELEASE:=kilo} # CirrOS image URL CIRROS_URL="http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img" diff --git a/labs/osbash/config/scripts.ubuntu_cluster b/labs/osbash/config/scripts.ubuntu_cluster index 71555783..060fff6d 100644 --- a/labs/osbash/config/scripts.ubuntu_cluster +++ b/labs/osbash/config/scripts.ubuntu_cluster @@ -32,8 +32,10 @@ cmd queue config_external_network.sh cmd queue config_tenant_network.sh cmd snapshot_cycle -n controller openstack_networks_configured -cmd queue ubuntu/setup_lbaas_controller.sh -cmd snapshot_cycle -n controller lbaas-controller_installed +# FIXME Our LBaaS support for kilo is broken; the configuration edits +# in setup_lbaas_controller.sh break neutron +#cmd queue ubuntu/setup_lbaas_controller.sh +#cmd snapshot_cycle -n controller lbaas-controller_installed # Telemetry service is disabled for the time being as it overloads # the cluster. For enabling the same, please uncomment the following. @@ -87,8 +89,9 @@ cmd snapshot_cycle -n network network_node_init cmd queue ubuntu/setup_neutron_network.sh cmd snapshot_cycle -n network neutron_configured -cmd queue ubuntu/setup_lbaas_network.sh -cmd snapshot_cycle -n network lbaas-network_installed +# FIXME Our LBaaS support for kilo is broken +#cmd queue ubuntu/setup_lbaas_network.sh +#cmd snapshot_cycle -n network lbaas-network_installed cmd queue ubuntu/setup_heat_network.sh cmd snapshot_cycle -n network heat_network_installed diff --git a/labs/osbash/lib/functions.guest b/labs/osbash/lib/functions.guest index 3df81155..86c92ecf 100644 --- a/labs/osbash/lib/functions.guest +++ b/labs/osbash/lib/functions.guest @@ -145,9 +145,11 @@ function as_root_exec_script { } #------------------------------------------------------------------------------- -# Root wrapper around devstack function for manipulating config files +# Root wrapper around devstack functions for manipulating config files #------------------------------------------------------------------------------- +# Set an option in an INI file +# iniset config-file section option value function iniset_sudo { local file=$1 shift @@ -158,6 +160,29 @@ function iniset_sudo { cat "$tmpfile" | sudo tee "$file" >/dev/null } +# Comment an option in an INI file +# inicomment config-file section option +function inicomment_sudo { + local file=$1 + shift + local tmpfile=$(mktemp) + # Create a temporary copy, work on it, and copy it back into place + sudo cp -fv "$file" "$tmpfile" + inicomment "$tmpfile" "$@" + cat "$tmpfile" | sudo tee "$file" >/dev/null +} + +# Determinate is the given option present in the INI file +# ini_has_option config-file section option +function ini_has_option_sudo { + local file=$1 + shift + local tmpfile=$(mktemp) + # Create a temporary copy, work on it + sudo cp -fv "$file" "$tmpfile" + ini_has_option "$tmpfile" "$@" +} + #------------------------------------------------------------------------------- # Functions for manipulating config files without section #------------------------------------------------------------------------------- @@ -241,7 +266,7 @@ function setup_database { # Wait for keystone to come up function wait_for_keystone { echo -n "Waiting for keystone to come up." - until keystone user-list >/dev/null 2>&1; do + until openstack user list >/dev/null 2>&1; do echo -n . sleep 1 done diff --git a/labs/osbash/scripts/config_external_network.sh b/labs/osbash/scripts/config_external_network.sh index cf416408..5fade3fe 100755 --- a/labs/osbash/scripts/config_external_network.sh +++ b/labs/osbash/scripts/config_external_network.sh @@ -10,7 +10,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Create the external network and a subnet on it -# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron_initial-external-network.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron_initial-external-network.html #------------------------------------------------------------------------------ echo "Sourcing the admin credentials." @@ -23,14 +23,14 @@ done echo "Creating the external network." neutron net-create ext-net \ - --router:external True \ + --router:external \ --provider:physical_network external \ --provider:network_type flat echo "Creating a subnet on the external network." -neutron subnet-create ext-net \ +neutron subnet-create ext-net \ + "$EXTERNAL_NETWORK_CIDR" \ --name ext-subnet \ --allocation-pool start="$FLOATING_IP_START,end=$FLOATING_IP_END" \ --disable-dhcp \ - --gateway "$EXTERNAL_NETWORK_GATEWAY" \ - "$EXTERNAL_NETWORK_CIDR" + --gateway "$EXTERNAL_NETWORK_GATEWAY" diff --git a/labs/osbash/scripts/config_tenant_network.sh b/labs/osbash/scripts/config_tenant_network.sh index 71266f8f..bc06bca0 100755 --- a/labs/osbash/scripts/config_tenant_network.sh +++ b/labs/osbash/scripts/config_tenant_network.sh @@ -10,7 +10,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Create tenant network -# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron_initial-tenant-network.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron_initial-tenant-network.html #------------------------------------------------------------------------------ echo "Sourcing the demo credentials." @@ -26,9 +26,9 @@ neutron net-create demo-net echo "Creating a subnet on the tenant network." neutron subnet-create demo-net \ + "$TENANT_NETWORK_CIDR" \ --name demo-subnet \ - --gateway "$TENANT_NETWORK_GATEWAY" \ - "$TENANT_NETWORK_CIDR" + --gateway "$TENANT_NETWORK_GATEWAY" echo "Creating a router on the tenant network." neutron router-create demo-router diff --git a/labs/osbash/scripts/ubuntu/apt_install_mysql.sh b/labs/osbash/scripts/ubuntu/apt_install_mysql.sh index 75ee9ddc..6d271b8f 100755 --- a/labs/osbash/scripts/ubuntu/apt_install_mysql.sh +++ b/labs/osbash/scripts/ubuntu/apt_install_mysql.sh @@ -21,29 +21,41 @@ source "$CONFIG_DIR/openstack" DB_IP=$(get_ip_from_net_and_fourth "MGMT_NET" "$FOURTH_OCTET") echo "Will bind MySQL server to $DB_IP." +#------------------------------------------------------------------------------ +# Install and configure the database server +# http://docs.openstack.org/kilo/install-guide/install/apt/content/ch_basic_environment.html +#------------------------------------------------------------------------------ + echo "Sourced MySQL password from credentials: $DATABASE_PASSWORD" sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password password '$DATABASE_PASSWORD'' sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password '$DATABASE_PASSWORD'' echo "Installing MySQL." -sudo apt-get install -y mysql-server python-mysqldb +sudo apt-get install -y mariadb-server python-mysqldb + +echo "Creating /etc/mysql/conf.d/mysqld_openstack.cnf." + +echo '[mysqld]' | sudo tee -a /etc/mysql/conf.d/mysqld_openstack.cnf + echo "Configuring MySQL to accept requests by other nodes." +conf=/etc/mysql/conf.d/mysqld_openstack.cnf # Enable access by other nodes via the management network -iniset_sudo /etc/mysql/my.cnf mysqld bind-address "$DB_IP" +iniset_sudo $conf mysqld bind-address "$DB_IP" # Enable InnoDB -iniset_sudo /etc/mysql/my.cnf mysqld default-storage-engine innodb -iniset_sudo /etc/mysql/my.cnf mysqld innodb_file_per_table 1 +iniset_sudo $conf mysqld default-storage-engine innodb +iniset_sudo $conf mysqld innodb_file_per_table 1 # Enable UTF-8 character set and UTF-8 collation by default -iniset_sudo /etc/mysql/my.cnf mysqld collation-server utf8_general_ci -iniset_sudo /etc/mysql/my.cnf mysqld init-connect "'SET NAMES utf8'" -iniset_sudo /etc/mysql/my.cnf mysqld character-set-server utf8 +iniset_sudo $conf mysqld collation-server utf8_general_ci +iniset_sudo $conf mysqld init-connect "'SET NAMES utf8'" +iniset_sudo $conf mysqld character-set-server utf8 echo "Restarting MySQL service." -sudo service mysql restart +# Close the file descriptor or the script will hang due to open ssh connection +sudo service mysql restart 2>/dev/null # TODO(rluethi) do we need mysql_secure_installation? # XXX --use-default only in MySQL 5.7.4+ (Ubuntu 12.04 LTS: MySQL 5.5) diff --git a/labs/osbash/scripts/ubuntu/apt_pre-download.sh b/labs/osbash/scripts/ubuntu/apt_pre-download.sh index 671b4f0e..1a69df27 100755 --- a/labs/osbash/scripts/ubuntu/apt_pre-download.sh +++ b/labs/osbash/scripts/ubuntu/apt_pre-download.sh @@ -39,6 +39,12 @@ function get_cirros { } get_cirros +function get_keystone_httpd_files { + + wget --directory-prefix "$HOME" -O "keystone.py" "http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo" +} +get_keystone_httpd_files + function apt_download { sudo apt-get install -y --download-only "$@" @@ -48,36 +54,41 @@ function apt_download { # Download packages for all nodes # MySQL, RabbitMQ -apt_download mysql-server python-mysqldb rabbitmq-server +apt_download mariadb-server python-mysqldb rabbitmq-server + +# Other dependencies +apt_download python-argparse # Keystone -apt_download keystone +apt_download keystone python-openstackclient apache2 \ + libapache2-mod-wsgi memcached python-memcache # Glance -apt_download glance +apt_download glance python-glanceclient # Nova Controller apt_download nova-api nova-cert nova-conductor nova-consoleauth \ nova-novncproxy nova-scheduler python-novaclient # Neutron Controller -apt_download neutron-server neutron-plugin-ml2 neutron-lbaas-agent +apt_download neutron-server neutron-plugin-ml2 neutron-lbaas-agent \ + python-neutronclient # Cinder Controller -apt_download cinder-api cinder-scheduler +apt_download cinder-api cinder-scheduler python-cinderclient # Horizon -apt_download openstack-dashboard memcached +apt_download openstack-dashboard # Cinder Volumes apt_download lvm2 cinder-volume # Nova Compute -apt_download nova-compute-qemu sysfsutils +apt_download nova-compute-qemu qemu sysfsutils # Neutron Compute apt_download neutron-common neutron-plugin-ml2 \ - neutron-plugin-openvswitch-agent + neutron-plugin-openvswitch-agent openvswitch-datapath-dkms # Neutron Network apt_download neutron-common neutron-plugin-ml2 \ diff --git a/labs/osbash/scripts/ubuntu/install_rabbitmq.sh b/labs/osbash/scripts/ubuntu/install_rabbitmq.sh index 1be38aa8..ed35a99b 100755 --- a/labs/osbash/scripts/ubuntu/install_rabbitmq.sh +++ b/labs/osbash/scripts/ubuntu/install_rabbitmq.sh @@ -15,5 +15,8 @@ indicate_current_auto echo "Installing RabbitMQ." sudo apt-get install -y rabbitmq-server -echo "Setting RabbitMQ password to '$RABBIT_PASSWORD'." -sudo rabbitmqctl change_password guest "$RABBIT_PASSWORD" +echo "Adding openstack user to messaging service." +sudo rabbitmqctl add_user openstack "$RABBIT_PASSWORD" + +echo "Permit configuration, write and read access for the openstack user." +sudo rabbitmqctl set_permissions openstack ".*" ".*" ".*" diff --git a/labs/osbash/scripts/ubuntu/setup_cinder_controller.sh b/labs/osbash/scripts/ubuntu/setup_cinder_controller.sh index a0c77bec..f43be34e 100755 --- a/labs/osbash/scripts/ubuntu/setup_cinder_controller.sh +++ b/labs/osbash/scripts/ubuntu/setup_cinder_controller.sh @@ -10,7 +10,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Set up Block Storage service controller (cinder controller node) -# http://docs.openstack.org/juno/install-guide/install/apt/content/cinder-install-controller-node.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/cinder-install-controller-node.html #------------------------------------------------------------------------------ echo "Setting up database for cinder." @@ -25,40 +25,40 @@ cinder_admin_password=$(service_to_user_password cinder) wait_for_keystone echo "Creating cinder user." -keystone user-create \ - --name "$cinder_admin_user" \ - --pass "$cinder_admin_password" +openstack user create \ + --password "$cinder_admin_password" \ + "$cinder_admin_user" echo "Linking cinder user, service tenant and admin role." -keystone user-role-add \ +openstack role add \ --user "$cinder_admin_user" \ - --tenant "$SERVICE_TENANT_NAME" \ - --role "$ADMIN_ROLE_NAME" + --project "$SERVICE_PROJECT_NAME" \ + "$ADMIN_ROLE_NAME" echo "Registering cinder with keystone so that other services can locate it." -keystone service-create \ +openstack service create \ --name cinder \ - --type volume \ - --description "OpenStack Block Storage" + --description "OpenStack Block Storage" \ + volume -keystone service-create \ +openstack service create \ --name cinderv2 \ - --type volumev2 \ - --description "OpenStack Block Storage v2" + --description "OpenStack Block Storage v2" \ + volumev2 -cinder_service_id=$(keystone service-list | awk '/ volume / {print $2}') -keystone endpoint-create \ - --service-id "$cinder_service_id" \ +openstack endpoint create \ --publicurl 'http://controller-api:8776/v1/%(tenant_id)s' \ --adminurl 'http://controller-mgmt:8776/v1/%(tenant_id)s' \ - --internalurl 'http://controller-mgmt:8776/v1/%(tenant_id)s' + --internalurl 'http://controller-mgmt:8776/v1/%(tenant_id)s' \ + --region "$REGION" \ + volume -cinder_v2_service_id=$(keystone service-list | awk '/ volumev2 / {print $2}') -keystone endpoint-create \ - --service-id "$cinder_v2_service_id" \ +openstack endpoint create \ --publicurl 'http://controller-api:8776/v2/%(tenant_id)s' \ --adminurl 'http://controller-mgmt:8776/v2/%(tenant_id)s' \ - --internalurl 'http://controller-mgmt:8776/v2/%(tenant_id)s' + --internalurl 'http://controller-mgmt:8776/v2/%(tenant_id)s' \ + --region "$REGION" \ + volumev2 echo "Installing cinder." sudo apt-get install -y cinder-api cinder-scheduler python-cinderclient \ @@ -85,19 +85,27 @@ iniset_sudo $conf database connection "$database_url" # Configure [DEFAULT] section to use RabbitMQ message broker. iniset_sudo $conf DEFAULT rpc_backend rabbit -iniset_sudo $conf DEFAULT rabbit_host controller-mgmt -iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" + +iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt +iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack +iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD" + iniset_sudo $conf DEFAULT auth_strategy keystone # Configure [keystone_authtoken] section. -iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0" -iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357" -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" -iniset_sudo $conf keystone_authtoken admin_user "$cinder_admin_user" -iniset_sudo $conf keystone_authtoken admin_password "$cinder_admin_password" +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000 +iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken auth_plugin password +iniset_sudo $conf keystone_authtoken project_domain_id default +iniset_sudo $conf keystone_authtoken user_domain_id default +iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf keystone_authtoken username "$cinder_admin_user" +iniset_sudo $conf keystone_authtoken password "$cinder_admin_password" iniset_sudo $conf DEFAULT my_ip "$(hostname_to_ip controller-mgmt)" +iniset_sudo $conf oslo_concurrency lock_path /var/lock/cinder + iniset_sudo $conf DEFAULT verbose True echo "Creating the database tables for cinder." diff --git a/labs/osbash/scripts/ubuntu/setup_cinder_volumes.sh b/labs/osbash/scripts/ubuntu/setup_cinder_volumes.sh index a8333e27..6184ed18 100755 --- a/labs/osbash/scripts/ubuntu/setup_cinder_volumes.sh +++ b/labs/osbash/scripts/ubuntu/setup_cinder_volumes.sh @@ -12,7 +12,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Set up Block Storage service (cinder). -# http://docs.openstack.org/juno/install-guide/install/apt/content/cinder-install-storage-node.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/cinder-install-storage-node.html #------------------------------------------------------------------------------ # Get FOURTH_OCTET for this node @@ -21,6 +21,9 @@ source "$CONFIG_DIR/config.$(hostname)" MY_MGMT_IP=$(get_ip_from_net_and_fourth "MGMT_NET" "$FOURTH_OCTET") echo "IP address of this node's interface in management network: $MY_MGMT_IP." +echo "Installing qemu support package for non-raw image types." +sudo apt-get install -y qemu + echo "Installing the Logical Volume Manager (LVM)." sudo apt-get install -y lvm2 @@ -70,24 +73,37 @@ iniset_sudo $conf database connection "$database_url" # Configure [DEFAULT] section. iniset_sudo $conf DEFAULT rpc_backend rabbit -iniset_sudo $conf DEFAULT rabbit_host controller-mgmt -iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" + +iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt +iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack +iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD" iniset_sudo $conf DEFAULT auth_strategy keystone # Configure [keystone_authtoken] section. cinder_admin_user=$(service_to_user_name cinder) cinder_admin_password=$(service_to_user_password cinder) -iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0 -iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357 -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" -iniset_sudo $conf keystone_authtoken admin_user "$cinder_admin_user" -iniset_sudo $conf keystone_authtoken admin_password "$cinder_admin_password" +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000 +iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken auth_plugin password +iniset_sudo $conf keystone_authtoken project_domain_id default +iniset_sudo $conf keystone_authtoken user_domain_id default +iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf keystone_authtoken username "$cinder_admin_user" +iniset_sudo $conf keystone_authtoken password "$cinder_admin_password" iniset_sudo $conf DEFAULT my_ip "$MY_MGMT_IP" +iniset_sudo $conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver +iniset_sudo $conf lvm volume_group cinder-volumes +iniset_sudo $conf lvm iscsi_protocol iscsi +iniset_sudo $conf lvm iscsi_helper tgtadm + +iniset_sudo $conf DEFAULT enabled_backends lvm iniset_sudo $conf DEFAULT glance_host controller-mgmt +iniset_sudo $conf oslo_concurrency lock_path /var/lock/cinder + iniset_sudo $conf DEFAULT verbose True echo "Restarting cinder service." @@ -98,7 +114,7 @@ sudo rm -f /var/lib/cinder/cinder.sqlite #------------------------------------------------------------------------------ # Verify the Block Storage installation -# http://docs.openstack.org/juno/install-guide/install/apt/content/cinder-verify.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/cinder-verify.html #------------------------------------------------------------------------------ echo "Verifying Block Storage installation on controller node." @@ -153,8 +169,9 @@ AUTH="source $CONFIG_DIR/demo-openstackrc.sh" echo "cinder create --display-name demo-volume1 1" node_ssh controller-mgmt "$AUTH; cinder create --display-name demo-volume1 1;sleep 20" -echo "check if cinder has the given volume" +echo -n "Waiting for cinder to list the new volume." until node_ssh controller-mgmt "$AUTH; cinder list | grep demo-volume1" > /dev/null 2>&1; do + echo -n . sleep 1 done diff --git a/labs/osbash/scripts/ubuntu/setup_glance.sh b/labs/osbash/scripts/ubuntu/setup_glance.sh index 8676112e..e209f1e9 100755 --- a/labs/osbash/scripts/ubuntu/setup_glance.sh +++ b/labs/osbash/scripts/ubuntu/setup_glance.sh @@ -10,7 +10,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Install the Image Service (glance). -# http://docs.openstack.org/juno/install-guide/install/apt/content/glance-install.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/glance-install.html #------------------------------------------------------------------------------ echo "Setting up database for glance." @@ -26,28 +26,27 @@ glance_admin_password=$(service_to_user_password glance) wait_for_keystone echo "Creating glance user and giving it admin role under service tenant." -keystone user-create \ - --name "$glance_admin_user" \ - --pass "$glance_admin_password" \ +openstack user create \ + --password "$glance_admin_password" \ + "$glance_admin_user" -keystone user-role-add \ +openstack role add \ + --project "$SERVICE_PROJECT_NAME" \ --user "$glance_admin_user" \ - --tenant "$SERVICE_TENANT_NAME" \ - --role "$ADMIN_ROLE_NAME" + "$ADMIN_ROLE_NAME" echo "Registering glance with keystone so that other services can locate it." -keystone service-create \ +openstack service create \ --name glance \ - --type image \ - --description "OpenStack Image Service" + --description "OpenStack Image Service" \ + image -glance_service_id=$(keystone service-list | awk '/ image / {print $2}') -keystone endpoint-create \ - --service-id "$glance_service_id" \ +openstack endpoint create \ --publicurl "http://controller-api:9292" \ --internalurl "http://controller-mgmt:9292" \ --adminurl "http://controller-mgmt:9292" \ - --region "$REGION" + --region "$REGION" \ + image echo "Installing glance." sudo apt-get install -y glance python-glanceclient @@ -65,26 +64,56 @@ echo "Database connection: $database_url." echo "Configuring glance-api.conf." conf=/etc/glance/glance-api.conf + +# Database iniset_sudo $conf database connection "$database_url" -iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0" -iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357" -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" -iniset_sudo $conf keystone_authtoken admin_user "$glance_admin_user" -iniset_sudo $conf keystone_authtoken admin_password "$glance_admin_password" + +# Keystone_authtoken +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000 +iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken auth_plugin password +iniset_sudo $conf keystone_authtoken project_domain_id default +iniset_sudo $conf keystone_authtoken user_domain_id default +iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf keystone_authtoken username "$glance_admin_user" +iniset_sudo $conf keystone_authtoken password "$glance_admin_password" + +# Paste_deploy iniset_sudo $conf paste_deploy flavor "keystone" + +# Glance_store iniset_sudo $conf glance_store default_store file iniset_sudo $conf glance_store filesystem_store_datadir /var/lib/glance/images/ + +# Default section +iniset_sudo $conf DEFAULT notification_driver noop iniset_sudo $conf DEFAULT verbose True echo "Configuring glance-registry.conf." conf=/etc/glance/glance-registry.conf + +# Database section iniset_sudo $conf database connection "$database_url" -iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0" -iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357" -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" -iniset_sudo $conf keystone_authtoken admin_user "$glance_admin_user" -iniset_sudo $conf keystone_authtoken admin_password "$glance_admin_password" + +# Keystone authtoken section +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000 +iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken auth_plugin password +iniset_sudo $conf keystone_authtoken project_domain_id default +iniset_sudo $conf keystone_authtoken user_domain_id default +iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf keystone_authtoken username "$glance_admin_user" +iniset_sudo $conf keystone_authtoken password "$glance_admin_password" + +# Glance store +iniset_sudo $conf glance_store default_store file +iniset_sudo $conf glance_store filesystem_store_datadir /var/lib/glance/images/ + +# Paste deploy section iniset_sudo $conf paste_deploy flavor "keystone" + +# Default section +iniset_sudo $conf DEFAULT notification_driver noop iniset_sudo $conf DEFAULT verbose True echo "Creating the database tables for glance." @@ -99,7 +128,7 @@ sudo rm -f /var/lib/glance/glance.sqlite #------------------------------------------------------------------------------ # Verify the Image Service installation -# http://docs.openstack.org/juno/install-guide/install/apt/content/glance-verify.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/glance-verify.html #------------------------------------------------------------------------------ echo "Waiting for glance to start." @@ -117,7 +146,8 @@ glance image-create \ --file "$HOME/img/$(basename $CIRROS_URL)" \ --disk-format qcow2 \ --container-format bare \ - --is-public True + --visibility public \ + --progress echo "Verifying that the image was successfully added to the service." diff --git a/labs/osbash/scripts/ubuntu/setup_heat_controller.sh b/labs/osbash/scripts/ubuntu/setup_heat_controller.sh index 6bc14cab..475ee2d5 100755 --- a/labs/osbash/scripts/ubuntu/setup_heat_controller.sh +++ b/labs/osbash/scripts/ubuntu/setup_heat_controller.sh @@ -11,7 +11,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Install the Orchestration Service (heat). -# http://docs.openstack.org/juno/install-guide/install/apt/content/heat-install-controller-node.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/heat-install-controller-node.html #------------------------------------------------------------------------------ echo "Setting up database for heat." @@ -27,58 +27,53 @@ heat_admin_password=$(service_to_user_password heat) wait_for_keystone echo "Creating heat user and giving it admin role under service tenant." -keystone user-create \ - --name "$heat_admin_user" \ - --pass "$heat_admin_password" \ +openstack user create \ + --password "$heat_admin_password" \ + "$heat_admin_user" -keystone user-role-add \ +openstack role add \ + --project "$SERVICE_PROJECT_NAME" \ --user "$heat_admin_user" \ - --tenant "$SERVICE_TENANT_NAME" \ - --role "$ADMIN_ROLE_NAME" + "$ADMIN_ROLE_NAME" echo "Creating the heat stack owner role." -keystone role-create --name "heat_stack_owner" +openstack role create "heat_stack_owner" -keystone user-role-add \ +openstack role add \ + --project "$DEMO_PROJECT_NAME" \ --user "$DEMO_USER_NAME" \ - --tenant "$DEMO_TENANT_NAME" \ - --role heat_stack_owner + "heat_stack_owner" echo "Creating the heat stack user role." -keystone role-create --name "heat_stack_user" +openstack role create "heat_stack_user" -echo "Registering heat with keystone so that other services can locate it." -keystone service-create \ +echo "Creating the heat and heat-cfn service entities." +openstack service create \ --name heat \ - --type orchestration \ - --description "Orchestration" + --description "Orchestration" \ + orchestration -keystone service-create \ +openstack service create \ --name heat-cfn \ - --type cloudformation \ - --description "Orchestration" + --description "Orchestration" \ + cloudformation - -heat_service_id=$(keystone service-list | awk '/ orchestration / {print $2}') -keystone endpoint-create \ - --service-id "$heat_service_id" \ +openstack endpoint create \ --publicurl "http://controller-api:8004/v1/%(tenant_id)s" \ --internalurl "http://controller-mgmt:8004/v1/%(tenant_id)s" \ --adminurl "http://controller-mgmt:8004/v1/%(tenant_id)s" \ - --region "$REGION" + --region "$REGION" \ + orchestration -heatcfn_service_id=$(keystone service-list | awk '/ cloudformation / {print $2}') -keystone endpoint-create \ - --service-id "$heatcfn_service_id" \ +openstack endpoint create \ --publicurl "http://controller-api:8000/v1" \ --internalurl "http://controller-mgmt:8000/v1" \ --adminurl "http://controller-mgmt:8000/v1" \ - --region "$REGION" - + --region "$REGION" \ + cloudformation echo "Installing heat." -sudo apt-get install -y heat-api heat-api-cfn heat-engine \ - python-heatclient +sudo apt-get install -y heat-api heat-api-cfn heat-engine python-heatclient function get_database_url { local db_user=$(service_to_db_user heat) @@ -99,19 +94,30 @@ echo "Configuring [DEFAULT] section in /etc/heat/heat.conf." iniset_sudo $conf DEFAULT rpc_backend rabbit iniset_sudo $conf DEFAULT rabbit_host controller-mgmt +iniset_sudo $conf DEFAULT rabbit_userid openstack iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" - -iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0" -iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357" -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0 +iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME" iniset_sudo $conf keystone_authtoken admin_user "$heat_admin_user" iniset_sudo $conf keystone_authtoken admin_password "$heat_admin_password" -iniset_sudo $conf ec2authtoken auth_uri "http://controller-mgmt:5000/v2.0" -iniset_sudo $conf DEFAULT heat_metadata_server_url "http://controller-mgmt:8000" -iniset_sudo $conf DEFAULT heat_waitcondition_server_url "http://controller-mgmt:8000/v1/waitcondition" + +iniset_sudo $conf ec2authtoken auth_uri http://controller-mgmt:5000/v2.0 + +iniset_sudo $conf DEFAULT heat_metadata_server_url http://controller-mgmt:8000 +iniset_sudo $conf DEFAULT heat_waitcondition_server_url http://controller-mgmt:8000/v1/waitcondition + +iniset_sudo $conf DEFAULT stack_domain_admin heat_domain_admin +iniset_sudo $conf DEFAULT stack_domain_admin_password "$HEAT_DOMAIN_PASS" +iniset_sudo $conf DEFAULT stack_user_domain_name heat_user_domain + iniset_sudo $conf DEFAULT verbose True +heat-keystone-setup-domain \ + --stack-user-domain-name heat_user_domain \ + --stack-domain-admin heat_domain_admin \ + --stack-domain-admin-password "$HEAT_DOMAIN_PASS" echo "Creating the database tables for heat." sudo heat-manage db_sync @@ -121,5 +127,10 @@ sudo service heat-api restart sudo service heat-api-cfn restart sudo service heat-engine restart +echo "Waiting for heat stack-list." +until heat stack-list; do + sleep 1 +done + echo "Removing default SQLite database." sudo rm -f /var/lib/heat/heat.sqlite diff --git a/labs/osbash/scripts/ubuntu/setup_heat_network.sh b/labs/osbash/scripts/ubuntu/setup_heat_network.sh index 2c3578b9..360628aa 100755 --- a/labs/osbash/scripts/ubuntu/setup_heat_network.sh +++ b/labs/osbash/scripts/ubuntu/setup_heat_network.sh @@ -12,7 +12,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Verify the Orchestration Service installation -# http://docs.openstack.org/juno/install-guide/install/apt/content/heat-verify.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/heat-verify.html #------------------------------------------------------------------------------ echo "Verifying heat installation." diff --git a/labs/osbash/scripts/ubuntu/setup_horizon.sh b/labs/osbash/scripts/ubuntu/setup_horizon.sh index 6dbc3046..c79ee2a5 100755 --- a/labs/osbash/scripts/ubuntu/setup_horizon.sh +++ b/labs/osbash/scripts/ubuntu/setup_horizon.sh @@ -9,12 +9,11 @@ indicate_current_auto #------------------------------------------------------------------------------ # Set up OpenStack Dashboard (horizon) -# http://docs.openstack.org/juno/install-guide/install/apt/content/install_dashboard.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/install_dashboard.html #------------------------------------------------------------------------------ echo "Installing horizon." -sudo apt-get install -y openstack-dashboard apache2 libapache2-mod-wsgi \ - memcached python-memcache +sudo apt-get install -y openstack-dashboard echo "Purging Ubuntu theme." sudo dpkg --purge openstack-dashboard-ubuntu-theme @@ -71,4 +70,4 @@ function check_apache_service { echo "Reloading apache and memcached service." sudo service apache2 stop check_apache_service -sudo service memcached restart +sudo service apache2 start diff --git a/labs/osbash/scripts/ubuntu/setup_keystone.sh b/labs/osbash/scripts/ubuntu/setup_keystone.sh index 8590902e..ebf4c961 100755 --- a/labs/osbash/scripts/ubuntu/setup_keystone.sh +++ b/labs/osbash/scripts/ubuntu/setup_keystone.sh @@ -13,20 +13,25 @@ indicate_current_auto #------------------------------------------------------------------------------ # Set up keystone for controller node -# http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-install.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-install.html #------------------------------------------------------------------------------ echo "Setting up database for keystone." setup_database keystone -# Create a "shared secret" used as OS_SERVICE_TOKEN, together with -# OS_SERVICE_ENDPOINT, before keystone can be used for authentication +# Create a "shared secret" used as OS_TOKEN, together with OS_URL, before +# keystone can be used for authentication echo -n "Using openssl to generate a random admin token: " ADMIN_TOKEN=$(openssl rand -hex 10) echo "$ADMIN_TOKEN" + +echo "Disabling the keystone service from starting automatically after installation." +echo "manual" | sudo tee /etc/init/keystone.override + echo "Installing keystone." -sudo apt-get install -y keystone python-keystoneclient +sudo apt-get install -y keystone python-openstackclient apache2 \ + libapache2-mod-wsgi memcached python-memcache conf=/etc/keystone/keystone.conf echo "Configuring [DEFAULT] section in $conf." @@ -49,9 +54,16 @@ echo "Configuring [database] section in /etc/keystone/keystone.conf." echo "Setting database connection: $database_url." iniset_sudo $conf database connection "$database_url" + +echo "Configuring the Memcache service." +iniset_sudo $conf memcache servers localhost:11211 + echo "Configuring the UUID token provider and SQL driver." iniset_sudo $conf token provider keystone.token.providers.uuid.Provider -iniset_sudo $conf token driver keystone.token.persistence.backends.sql.Token +iniset_sudo $conf token driver keystone.token.persistence.backends.memcache.Token + +echo "Configuring the SQL revocation driver." +iniset_sudo $conf revoke driver keystone.contrib.revoke.backends.sql.Revoke echo "Enabling verbose logging." iniset_sudo $conf DEFAULT verbose True @@ -59,110 +71,235 @@ iniset_sudo $conf DEFAULT verbose True echo "Creating the database tables for keystone." sudo keystone-manage db_sync -echo "Restarting keystone." -sudo service keystone restart +# Configure Apache HTTP server. + +echo "Configuring ServerName option in /etc/apache2/apache2.conf to reference controller node." +echo "ServerName controller-mgmt" | sudo tee -a /etc/apache2/apache2.conf + +echo "Creating /etc/apache2/sites-available/wsgi-keystone.conf." +cat << WSGI | sudo tee -a /etc/apache2/sites-available/wsgi-keystone.conf +Listen 5000 +Listen 35357 + + + WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-public + WSGIScriptAlias / /var/www/cgi-bin/keystone/main + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + = 2.4> + ErrorLogFormat "%{cu}t %M" + + LogLevel info + ErrorLog /var/log/apache2/keystone-error.log + CustomLog /var/log/apache2/keystone-access.log combined + + + + WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-admin + WSGIScriptAlias / /var/www/cgi-bin/keystone/admin + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + = 2.4> + ErrorLogFormat "%{cu}t %M" + + LogLevel info + ErrorLog /var/log/apache2/keystone-error.log + CustomLog /var/log/apache2/keystone-access.log combined + +WSGI + +echo "Enabling the identity service virtual hosts." +sudo ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled + +echo "Creating the directory structure for WSGI components." +sudo mkdir -p /var/www/cgi-bin/keystone + +echo "Copying WSGI component from upstream repository." +# Note: Since we have offline installation, use pre-cached files. +cat "$HOME/keystone.py" | sudo tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin + +echo "Adjusting ownership and permissions." +sudo chown -R keystone:keystone /var/www/cgi-bin/keystone +sudo chmod 755 /var/www/cgi-bin/keystone/* + +echo "Restarting apache." +sudo service apache2 restart echo "Removing default SQLite database." sudo rm -f /var/lib/keystone/keystone.db -if ! sudo crontab -l -u keystone 2>&1 | grep token_flush; then - # No existing crontab entry for token_flush -- add one now. - echo "Adding crontab entry to purge expired tokens:" - cat << CRON | sudo tee -a /var/spool/cron/crontabs/keystone -# Purges expired tokens every hour and logs the output -@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1 -CRON - echo "---------------------------------------------" -fi +sudo rm "$HOME/keystone.py" + +#------------------------------------------------------------------------------ +# Configure keystone services and API endpoints +# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-services.html +#------------------------------------------------------------------------------ + +echo "Using OS_TOKEN, OS_URL for authentication." +export OS_TOKEN=$ADMIN_TOKEN +export OS_URL=http://controller-mgmt:35357/v2.0 + +echo "Creating keystone service." +openstack service create \ + --name keystone \ + --description "OpenStack Identity" \ + identity + +echo "Creating endpoints for keystone." +openstack endpoint create \ + --publicurl http://controller-mgmt:5000/v2.0 \ + --internalurl http://controller-mgmt:5000/v2.0 \ + --adminurl http://controller-mgmt:35357/v2.0 \ + --region "$REGION" \ + identity #------------------------------------------------------------------------------ # Configure keystone users, tenants and roles -# http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-users.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-users.html #------------------------------------------------------------------------------ -echo "Using OS_SERVICE_TOKEN, OS_SERVICE_ENDPOINT for authentication." -export OS_SERVICE_TOKEN=$ADMIN_TOKEN -export OS_SERVICE_ENDPOINT="http://controller-mgmt:35357/v2.0" - # Wait for keystone to come up wait_for_keystone -echo "Adding admin tenant." -keystone tenant-create --name "$ADMIN_TENANT_NAME" --description "Admin Tenant" +echo "Creating admin project." +openstack project create \ + --description "Admin Project" \ + "$ADMIN_PROJECT_NAME" echo "Creating admin user." -keystone user-create \ - --name "$ADMIN_USER_NAME" \ - --pass "$ADMIN_PASSWORD" \ - --email "admin@$MAIL_DOMAIN" +openstack user create \ + --password "$ADMIN_PASSWORD" \ + "$ADMIN_USER_NAME" echo "Creating admin role." -keystone role-create --name "$ADMIN_ROLE_NAME" +openstack role create "$ADMIN_ROLE_NAME" -echo "Linking admin user, admin role and admin tenant." -keystone user-role-add \ +echo "Adding admin role to admin project." +openstack role add \ + --project "$ADMIN_PROJECT_NAME" \ --user "$ADMIN_USER_NAME" \ - --tenant "$ADMIN_TENANT_NAME" \ - --role "$ADMIN_ROLE_NAME" + "$ADMIN_ROLE_NAME" -echo "Creating demo tenant." -keystone tenant-create --name "$DEMO_TENANT_NAME" --description "Demo Tenant" +echo "Creating service project." +openstack project create \ + --description "Service Project" \ + "$SERVICE_PROJECT_NAME" + +echo "Creating demo project." +openstack project create \ + --description "Demo Project" \ + "$DEMO_PROJECT_NAME" echo "Creating demo user." -# Using the --tenant option automatically assigns the _member_ role to a user. -# This option will also create the _member_ role if it does not exist. -keystone user-create \ - --name "$DEMO_USER_NAME" \ - --tenant "$DEMO_TENANT_NAME" \ - --pass "$DEMO_PASSWORD" \ - --email "demo@$MAIL_DOMAIN" +openstack user create \ + --password "$DEMO_PASSWORD" \ + "$DEMO_USER_NAME" -echo "Adding service tenant." -keystone tenant-create \ - --name "$SERVICE_TENANT_NAME" \ - --description "Service Tenant" +echo "Creating the user role." +openstack role create \ + "$USER_ROLE_NAME" -#------------------------------------------------------------------------------ -# Configure keystone services and API endpoints -# http://docs.openstack.org/juno/install-guide/install/apt/content/keystone-services.html -#------------------------------------------------------------------------------ - -echo "Creating keystone service." -keystone service-create \ - --name keystone \ - --type identity \ - --description 'OpenStack Identity' - -echo "Creating endpoints for keystone." -keystone_service_id=$(keystone service-list | awk '/ keystone / {print $2}') -keystone endpoint-create \ - --service-id "$keystone_service_id" \ - --publicurl "http://controller-api:5000/v2.0" \ - --internalurl "http://controller-mgmt:5000/v2.0" \ - --adminurl "http://controller-mgmt:35357/v2.0" \ - --region "$REGION" +echo "Linking user role to demo project and user." +openstack role add \ + --project "$DEMO_PROJECT_NAME" \ + --user "$DEMO_USER_NAME" \ + "$USER_ROLE_NAME" #------------------------------------------------------------------------------ # Verify the Identity Service installation -# http://docs.openstack.org/icehouse/install-guide/install/apt/content/keystone-verify.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/keystone-verify.html #------------------------------------------------------------------------------ echo "Verifying keystone installation." +# Disable temporary authentication token mechanism +conf=/etc/keystone/keystone-paste.ini + +for section in pipeline:public_api pipeline:admin_api pipeline:api_v3; do + if ini_has_option_sudo $conf $section admin_token_auth; then + echo "Disabling admin_token_auth in section $section." + inicomment_sudo $conf $section admin_token_auth + fi +done + # From this point on, we are going to use keystone for authentication -unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT +unset OS_TOKEN OS_URL -# Load keystone credentials -source "$CONFIG_DIR/admin-openstackrc.sh" +echo "Requesting an authentication token." +openstack \ + --os-auth-url http://controller:35357 \ + --os-project-name "$ADMIN_PROJECT_NAME" \ + --os-username "$ADMIN_USER_NAME" \ + --os-auth-type password \ + --os-password "$ADMIN_PASSWORD" \ + token issue -# The output of the following commands can be used to verify or debug the -# service. +echo "Requesting an authentication token using the version 3 API." +openstack \ + --os-auth-url http://controller:35357 \ + --os-project-domain-id default \ + --os-user-domain-id default \ + --os-project-name "$ADMIN_PROJECT_NAME" \ + --os-username "$ADMIN_USER_NAME" \ + --os-auth-type password \ + --os-password "$ADMIN_PASSWORD" \ + token issue -echo "keystone token-get" -keystone token-get +echo "Requesting project list." +openstack \ + --os-auth-url http://controller:35357 \ + --os-project-name "$ADMIN_PROJECT_NAME" \ + --os-username "$ADMIN_USER_NAME" \ + --os-auth-type password \ + --os-password "$ADMIN_PASSWORD" \ + project list -echo "keystone user-list" -keystone user-list +echo "Requesting user list." +openstack \ + --os-auth-url http://controller:35357 \ + --os-project-name "$ADMIN_PROJECT_NAME" \ + --os-username "$ADMIN_USER_NAME" \ + --os-auth-type password \ + --os-password "$ADMIN_PASSWORD" \ + user list -echo "keystone user-role-list --user $ADMIN_USER_NAME --tenant $ADMIN_TENANT_NAME" -keystone user-role-list --user "$ADMIN_USER_NAME" --tenant "$ADMIN_TENANT_NAME" +echo "Requesting role list." +openstack \ + --os-auth-url http://controller:35357 \ + --os-project-name "$ADMIN_PROJECT_NAME" \ + --os-username "$ADMIN_USER_NAME" \ + --os-auth-type password \ + --os-password "$ADMIN_PASSWORD" \ + role list + +echo "Requesting an authentication token for the demo user." +openstack \ + --os-auth-url http://controller:5000 \ + --os-project-domain-id default \ + --os-user-domain-id default \ + --os-project-name "$DEMO_PROJECT_NAME" \ + --os-username "$DEMO_USER_NAME" \ + --os-auth-type password \ + --os-password "$DEMO_PASSWORD" \ + token issue + +echo "Verifying that an admin-only request by the demo user is denied." +openstack \ + --os-auth-url http://controller:5000 \ + --os-project-domain-id default \ + --os-user-domain-id default \ + --os-project-name "$DEMO_PROJECT_NAME" \ + --os-username "$DEMO_USER_NAME" \ + --os-auth-type password \ + --os-password "$DEMO_PASSWORD" \ + user list || rc=$? + +echo rc=$rc +if [ $rc -eq 0 ]; then + echo "The request was not denied. This is an error. Exiting." + exit 1 +else + echo "The request was correctly denied." +fi diff --git a/labs/osbash/scripts/ubuntu/setup_lbaas_controller.sh b/labs/osbash/scripts/ubuntu/setup_lbaas_controller.sh index 45c2fd4e..a05a6bdc 100755 --- a/labs/osbash/scripts/ubuntu/setup_lbaas_controller.sh +++ b/labs/osbash/scripts/ubuntu/setup_lbaas_controller.sh @@ -18,6 +18,7 @@ echo "Configuring neutron lbaas for controller node." conf=/etc/neutron/neutron.conf # Configure network plugin parameters +# FIXME The following line breaks neutron iniset_sudo $conf DEFAULT service_plugins "router,lbaas" echo "Restarting neutron service." diff --git a/labs/osbash/scripts/ubuntu/setup_neutron_compute.sh b/labs/osbash/scripts/ubuntu/setup_neutron_compute.sh index 31d5b60f..04921115 100755 --- a/labs/osbash/scripts/ubuntu/setup_neutron_compute.sh +++ b/labs/osbash/scripts/ubuntu/setup_neutron_compute.sh @@ -11,7 +11,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Set up OpenStack Networking (neutron) for compute node. -# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-compute-node.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-compute-node.html #------------------------------------------------------------------------------ echo "Editing /etc/sysctl.conf: disable Reverse Path Forwarding filter." @@ -19,6 +19,12 @@ cat << SYSCTL | sudo tee -a /etc/sysctl.conf # Disable Reverse Path Forwarding filter (RFC 3704) net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 + +# XXX NOTE This was added to the install-guide because CentOS needs it. On +# Ubuntu it results in an error because the bridge kernel modules +# are not loaded at this point. +#net.bridge.bridge-nf-call-iptables=1 +#net.bridge.bridge-nf-call-ip6tables=1 SYSCTL # Reload changed file @@ -38,18 +44,23 @@ echo "Configuring $conf." # Configure AMQP parameters iniset_sudo $conf DEFAULT rpc_backend rabbit -iniset_sudo $conf DEFAULT rabbit_host controller-mgmt -iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" + +iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt +iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack +iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD" # Configuring [DEFAULT] section iniset_sudo $conf DEFAULT auth_strategy keystone # Configuring [keystone_authtoken] section -iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0" -iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357 -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" -iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user" -iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password" +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000 +iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken auth_plugin password +iniset_sudo $conf keystone_authtoken project_domain_id default +iniset_sudo $conf keystone_authtoken user_domain_id default +iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf keystone_authtoken username "$neutron_admin_user" +iniset_sudo $conf keystone_authtoken password "$neutron_admin_password" # Configure network plugin parameters iniset_sudo $conf DEFAULT core_plugin ml2 @@ -62,7 +73,7 @@ echo "Configuring the OVS plug-in to use GRE tunneling." conf=/etc/neutron/plugins/ml2/ml2_conf.ini # Under the ml2 section -iniset_sudo $conf ml2 type_drivers flat,gre +iniset_sudo $conf ml2 type_drivers flat,vlan,gre,vxlan iniset_sudo $conf ml2 tenant_network_types gre iniset_sudo $conf ml2 mechanism_drivers openvswitch @@ -87,14 +98,14 @@ echo "Configuring Compute to use Networking." conf=/etc/nova/nova.conf iniset_sudo $conf DEFAULT network_api_class nova.network.neutronv2.api.API iniset_sudo $conf DEFAULT security_group_api neutron -iniset_sudo $conf DEFAULT linuxnet_interface_driver neutron.agent.linux.interface.OVSInterfaceDriver +iniset_sudo $conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver iniset_sudo $conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver iniset_sudo $conf neutron url http://controller-mgmt:9696 iniset_sudo $conf neutron auth_strategy keystone iniset_sudo $conf neutron admin_auth_url http://controller-mgmt:35357/v2.0 -iniset_sudo $conf neutron admin_tenant_name "$SERVICE_TENANT_NAME" +iniset_sudo $conf neutron admin_tenant_name "$SERVICE_PROJECT_NAME" iniset_sudo $conf neutron admin_username "$neutron_admin_user" iniset_sudo $conf neutron admin_password "$neutron_admin_password" diff --git a/labs/osbash/scripts/ubuntu/setup_neutron_controller.sh b/labs/osbash/scripts/ubuntu/setup_neutron_controller.sh index 741f8147..c29106e8 100755 --- a/labs/osbash/scripts/ubuntu/setup_neutron_controller.sh +++ b/labs/osbash/scripts/ubuntu/setup_neutron_controller.sh @@ -10,7 +10,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Set up OpenStack Networking (neutron) for controller node. -# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-controller-node.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-controller-node.html #------------------------------------------------------------------------------ echo "Setting up database for neutron." @@ -25,31 +25,31 @@ neutron_admin_password=$(service_to_user_password neutron) wait_for_keystone echo "Creating neutron user and giving it admin role under service tenant." -keystone user-create \ - --name "$neutron_admin_user" \ - --pass "$neutron_admin_password" +openstack user create \ + --password "$neutron_admin_password" \ + "$neutron_admin_user" -keystone user-role-add \ +openstack role add \ + --project "$SERVICE_PROJECT_NAME" \ --user "$neutron_admin_user" \ - --tenant "$SERVICE_TENANT_NAME" \ - --role "$ADMIN_ROLE_NAME" + "$ADMIN_ROLE_NAME" echo "Registering neutron with keystone so that other services can locate it." -keystone service-create \ +openstack service create \ --name neutron \ - --type network \ - --description "OpenStack Networking" + --description "OpenStack Networking" \ + network -neutron_service_id=$(keystone service-list | awk '/ network / {print $2}') -keystone endpoint-create \ - --service-id "$neutron_service_id" \ - --publicurl "http://controller-mgmt:9696" \ - --adminurl "http://controller-mgmt:9696" \ - --internalurl "http://controller-mgmt:9696" \ - --region "$REGION" +openstack endpoint create \ + --publicurl http://controller-api:9696 \ + --adminurl http://controller-mgmt:9696 \ + --internalurl http://controller-mgmt:9696 \ + --region "$REGION" \ + network echo "Installing neutron for controller node." -sudo apt-get install -y neutron-server neutron-plugin-ml2 python-neutronclient +sudo apt-get install -y \ + neutron-server neutron-plugin-ml2 python-neutronclient echo "Configuring neutron for controller node." @@ -69,16 +69,24 @@ iniset_sudo $conf database connection "$database_url" # Configure AMQP parameters iniset_sudo $conf DEFAULT rpc_backend rabbit -iniset_sudo $conf DEFAULT rabbit_host controller-mgmt -iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" + +iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt +iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack +iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD" # Configuring [DEFAULT] section iniset_sudo $conf DEFAULT auth_strategy keystone # Configuring [keystone_authtoken] section -iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0" -iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357" -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000 +iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken auth_plugin password +iniset_sudo $conf keystone_authtoken project_domain_id default +iniset_sudo $conf keystone_authtoken user_domain_id default +iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf keystone_authtoken username "$neutron_admin_user" +iniset_sudo $conf keystone_authtoken password "$neutron_admin_password" +iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME" iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user" iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password" @@ -90,25 +98,26 @@ iniset_sudo $conf DEFAULT allow_overlapping_ips True nova_admin_user=$(service_to_user_name nova) nova_admin_password=$(service_to_user_password nova) -service_tenant_id=$(keystone tenant-get "$SERVICE_TENANT_NAME" | awk '/ id / {print $4}') -echo "Service tenant id: $service_tenant_id" - # Configure nova related parameters iniset_sudo $conf DEFAULT notify_nova_on_port_status_changes True iniset_sudo $conf DEFAULT notify_nova_on_port_data_changes True iniset_sudo $conf DEFAULT nova_url http://controller-mgmt:8774/v2 -iniset_sudo $conf DEFAULT nova_admin_auth_url http://controller-mgmt:35357/v2.0 -iniset_sudo $conf DEFAULT nova_region_name "$REGION" -iniset_sudo $conf DEFAULT nova_admin_username "$nova_admin_user" -iniset_sudo $conf DEFAULT nova_admin_tenant_id "$service_tenant_id" -iniset_sudo $conf DEFAULT nova_admin_password "$nova_admin_password" + +iniset_sudo $conf nova auth_url http://controller-mgmt:35357 +iniset_sudo $conf nova auth_plugin password +iniset_sudo $conf nova project_domain_id default +iniset_sudo $conf nova user_domain_id default +iniset_sudo $conf nova region_name "$REGION" +iniset_sudo $conf nova project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf nova username "$nova_admin_user" +iniset_sudo $conf nova password "$nova_admin_password" iniset_sudo $conf DEFAULT verbose True echo "Configuring the OVS plug-in to use GRE tunneling." conf=/etc/neutron/plugins/ml2/ml2_conf.ini # Edit the [ml2] section. -iniset_sudo $conf ml2 type_drivers flat,gre +iniset_sudo $conf ml2 type_drivers flat,vlan,gre,vxlan iniset_sudo $conf ml2 tenant_network_types gre iniset_sudo $conf ml2 mechanism_drivers openvswitch @@ -124,30 +133,28 @@ echo "Configure Compute to use Networking" conf=/etc/nova/nova.conf iniset_sudo $conf DEFAULT network_api_class nova.network.neutronv2.api.API iniset_sudo $conf DEFAULT security_group_api neutron -iniset_sudo $conf DEFAULT linuxnet_interface_driver neutron.agent.linux.interface.OVSInterfaceDriver +iniset_sudo $conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver iniset_sudo $conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver iniset_sudo $conf neutron url http://controller-mgmt:9696 iniset_sudo $conf neutron auth_strategy keystone iniset_sudo $conf neutron admin_auth_url http://controller-mgmt:35357/v2.0 -iniset_sudo $conf neutron admin_tenant_name "$SERVICE_TENANT_NAME" +iniset_sudo $conf neutron admin_tenant_name "$SERVICE_PROJECT_NAME" iniset_sudo $conf neutron admin_username "$neutron_admin_user" iniset_sudo $conf neutron admin_password "$neutron_admin_password" # service_neutron_metadata_proxy, neutron_metadata_proxy_shared_secret from: -# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-network-node.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-network-node.html iniset_sudo $conf neutron service_metadata_proxy True iniset_sudo $conf neutron metadata_proxy_shared_secret "$METADATA_SECRET" sudo neutron-db-manage \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ - upgrade juno + upgrade head -echo "Restart nova services" +echo "Restarting nova services." sudo service nova-api restart -sudo service nova-scheduler restart -sudo service nova-conductor restart echo "Restarting neutron service." sudo service neutron-server restart diff --git a/labs/osbash/scripts/ubuntu/setup_neutron_network.sh b/labs/osbash/scripts/ubuntu/setup_neutron_network.sh index ccb4c810..cef9e5ab 100755 --- a/labs/osbash/scripts/ubuntu/setup_neutron_network.sh +++ b/labs/osbash/scripts/ubuntu/setup_neutron_network.sh @@ -11,12 +11,11 @@ indicate_current_auto #------------------------------------------------------------------------------ # Set up OpenStack Networking (neutron) for network node. -# http://docs.openstack.org/juno/install-guide/install/apt/content/neutron-network-node.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/neutron-network-node.html #------------------------------------------------------------------------------ echo "Editing /etc/sysctl.conf: enable IP forwarding, disable RPF filter." cat << SYSCTL | sudo tee -a /etc/sysctl.conf -# Enable IP forwarding net.ipv4.ip_forward=1 # Disable Reverse Path Forwarding filter (RFC 3704) net.ipv4.conf.all.rp_filter=0 @@ -27,8 +26,9 @@ SYSCTL sudo sysctl -p echo "Installing networking components for network node." -sudo apt-get install -y neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ - neutron-l3-agent neutron-dhcp-agent +sudo apt-get install -y \ + neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ + neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent # neutron-l3-agent has just been installed and is about to start. We are also # about to change its configuration file which tends to result in the agent @@ -50,18 +50,23 @@ echo "Configuring $conf." # Configure AMQP parameters iniset_sudo $conf DEFAULT rpc_backend rabbit -iniset_sudo $conf DEFAULT rabbit_host controller-mgmt -iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" + +iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt +iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack +iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD" # Configuring [DEFAULT] section iniset_sudo $conf DEFAULT auth_strategy keystone # Configuring [keystone_authtoken] section -iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0 -iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357 -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" -iniset_sudo $conf keystone_authtoken admin_user "$neutron_admin_user" -iniset_sudo $conf keystone_authtoken admin_password "$neutron_admin_password" +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000 +iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken auth_plugin password +iniset_sudo $conf keystone_authtoken project_domain_id default +iniset_sudo $conf keystone_authtoken user_domain_id default +iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf keystone_authtoken username "$neutron_admin_user" +iniset_sudo $conf keystone_authtoken password "$neutron_admin_password" # Configure network plugin parameters iniset_sudo $conf DEFAULT core_plugin ml2 @@ -74,7 +79,7 @@ echo "Configuring the OVS plug-in to use GRE tunneling." conf=/etc/neutron/plugins/ml2/ml2_conf.ini # Under the ml2 section -iniset_sudo $conf ml2 type_drivers flat,gre +iniset_sudo $conf ml2 type_drivers flat,vlan,gre,vxlan iniset_sudo $conf ml2 tenant_network_types gre iniset_sudo $conf ml2 mechanism_drivers openvswitch @@ -90,7 +95,6 @@ iniset_sudo $conf securitygroup firewall_driver neutron.agent.linux.iptables_fir # Under the ovs section iniset_sudo $conf ovs local_ip "$(hostname_to_ip network-data)" -iniset_sudo $conf ovs enable_tunneling True iniset_sudo $conf ovs bridge_mappings external:br-ex iniset_sudo $conf agent tunnel_types gre @@ -98,8 +102,9 @@ iniset_sudo $conf agent tunnel_types gre echo "Configuring Layer-3 agent." conf=/etc/neutron/l3_agent.ini iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver -iniset_sudo $conf DEFAULT use_namespaces True -iniset_sudo $conf DEFAULT external_network_bridge br-ex +# The external_network_bridge option intentionally lacks a value to enable +# multiple external networks on a single agent. +iniset_sudo $conf DEFAULT external_network_bridge "" iniset_sudo $conf DEFAULT router_delete_namespaces True iniset_sudo $conf DEFAULT verbose True @@ -107,7 +112,6 @@ echo "Configuring the DHCP agent" conf=/etc/neutron/dhcp_agent.ini iniset_sudo $conf DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver iniset_sudo $conf DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq -iniset_sudo $conf DEFAULT use_namespaces True iniset_sudo $conf DEFAULT dhcp_delete_namespaces True iniset_sudo $conf DEFAULT verbose True iniset_sudo $conf DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf @@ -137,11 +141,15 @@ sudo killall dnsmasq||rc=$? echo "Configuring the metadata agent" conf=/etc/neutron/metadata_agent.ini -iniset_sudo $conf DEFAULT auth_url http://controller-mgmt:5000/v2.0 +iniset_sudo $conf DEFAULT auth_uri http://controller-mgmt:5000 +iniset_sudo $conf DEFAULT auth_url http://controller-mgmt:35357 iniset_sudo $conf DEFAULT auth_region "$REGION" -iniset_sudo $conf DEFAULT admin_tenant_name "$SERVICE_TENANT_NAME" -iniset_sudo $conf DEFAULT admin_user "$neutron_admin_user" -iniset_sudo $conf DEFAULT admin_password "$neutron_admin_password" +iniset_sudo $conf DEFAULT auth_plugin password +iniset_sudo $conf DEFAULT project_domain_id default +iniset_sudo $conf DEFAULT user_domain_id default +iniset_sudo $conf DEFAULT project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf DEFAULT username "$neutron_admin_user" +iniset_sudo $conf DEFAULT password "$neutron_admin_password" iniset_sudo $conf DEFAULT nova_metadata_ip "$(hostname_to_ip controller-mgmt)" iniset_sudo $conf DEFAULT metadata_proxy_shared_secret "$METADATA_SECRET" iniset_sudo $conf DEFAULT verbose True @@ -184,6 +192,8 @@ ping -c 1 controller-api echo "Restarting the network service." sudo service neutron-plugin-openvswitch-agent restart +# Without sleep, we get port in limbo; FIXME needs a proper test condition +sleep 1 sudo service neutron-l3-agent restart echo -n "Checking VLAN tags." diff --git a/labs/osbash/scripts/ubuntu/setup_nova_compute.sh b/labs/osbash/scripts/ubuntu/setup_nova_compute.sh index 99c60197..2fdeb8bf 100755 --- a/labs/osbash/scripts/ubuntu/setup_nova_compute.sh +++ b/labs/osbash/scripts/ubuntu/setup_nova_compute.sh @@ -11,7 +11,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Set up OpenStack Compute (nova) for compute node. -# http://docs.openstack.org/juno/install-guide/install/apt/content/ch_nova.html#nova-compute-install +# http://docs.openstack.org/kilo/install-guide/install/apt/content/ch_nova.html#nova-compute-install #------------------------------------------------------------------------------ echo "Installing nova for compute node." @@ -23,10 +23,13 @@ echo "Configuring nova for compute node." conf=/etc/nova/nova.conf echo "Configuring $conf." -# Configure RabbitMQ variables +# Configure Default section iniset_sudo $conf DEFAULT rpc_backend rabbit -iniset_sudo $conf DEFAULT rabbit_host controller-mgmt -iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" + +# Configure oslo_messaging_rabbit +iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt +iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack +iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD" # Configuring [DEFAULT] section iniset_sudo $conf DEFAULT auth_strategy keystone @@ -35,11 +38,14 @@ nova_admin_user=$(service_to_user_name nova) nova_admin_password=$(service_to_user_password nova) # Configure [keystone_authtoken] section -iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0 -iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357 -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" -iniset_sudo $conf keystone_authtoken admin_user "$nova_admin_user" -iniset_sudo $conf keystone_authtoken admin_password "$nova_admin_password" +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000 +iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken auth_plugin password +iniset_sudo $conf keystone_authtoken project_domain_id default +iniset_sudo $conf keystone_authtoken user_domain_id default +iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf keystone_authtoken username "$nova_admin_user" +iniset_sudo $conf keystone_authtoken password "$nova_admin_password" iniset_sudo $conf DEFAULT my_ip "$(hostname_to_ip compute-mgmt)" @@ -50,6 +56,8 @@ iniset_sudo $conf DEFAULT novncproxy_base_url http://"$(hostname_to_ip controlle iniset_sudo $conf glance host controller-mgmt +iniset_sudo $conf glance oslo_concurrency /var/lib/nova/tmp + iniset_sudo $conf DEFAULT verbose True # Configure nova-compute.conf @@ -57,6 +65,7 @@ conf=/etc/nova/nova-compute.conf echo -n "Hardware acceleration for virtualization: " if sudo egrep -q '(vmx|svm)' /proc/cpuinfo; then echo "available." + iniset_sudo $conf libvirt virt_type kvm else echo "not available." iniset_sudo $conf libvirt virt_type qemu diff --git a/labs/osbash/scripts/ubuntu/setup_nova_controller.sh b/labs/osbash/scripts/ubuntu/setup_nova_controller.sh index 8d09b88a..99bd6d2c 100755 --- a/labs/osbash/scripts/ubuntu/setup_nova_controller.sh +++ b/labs/osbash/scripts/ubuntu/setup_nova_controller.sh @@ -10,7 +10,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Install Compute controller services -# http://docs.openstack.org/juno/install-guide/install/apt/content/ch_nova.html#nova-controller-install +# http://docs.openstack.org/kilo/install-guide/install/apt/content/ch_nova.html#nova-controller-install #------------------------------------------------------------------------------ echo "Setting up database for nova." @@ -25,33 +25,33 @@ nova_admin_password=$(service_to_user_password nova) # Wait for keystone to come up wait_for_keystone -echo "Creating nova user and giving it admin role under service tenant." -keystone user-create \ - --name "$nova_admin_user" \ - --pass "$nova_admin_password" +echo "Creating nova user and giving it the admin role." +openstack user create \ + --password "$nova_admin_password" \ + "$nova_admin_user" -keystone user-role-add \ +openstack role add \ + --project "$SERVICE_PROJECT_NAME" \ --user "$nova_admin_user" \ - --tenant "$SERVICE_TENANT_NAME" \ - --role "$ADMIN_ROLE_NAME" + "$ADMIN_ROLE_NAME" -echo "Registering nova with keystone so that other services can locate it." -keystone service-create \ +echo "Creating the nova service entity." +openstack service create \ --name nova \ - --type compute \ - --description "OpenStack Compute" + --description "OpenStack Compute" \ + compute -nova_service_id=$(keystone service-list | awk '/ compute / {print $2}') -keystone endpoint-create \ - --service-id "$nova_service_id" \ +openstack endpoint create \ --publicurl 'http://controller-api:8774/v2/%(tenant_id)s' \ --internalurl 'http://controller-mgmt:8774/v2/%(tenant_id)s' \ --adminurl 'http://controller-mgmt:8774/v2/%(tenant_id)s' \ - --region "$REGION" + --region "$REGION" \ + compute echo "Installing nova for controller node." -sudo apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth \ - nova-novncproxy nova-scheduler python-novaclient +sudo apt-get install -y \ + nova-api nova-cert nova-conductor nova-consoleauth \ + nova-novncproxy nova-scheduler python-novaclient function get_database_url { local db_user=$(service_to_db_user nova) @@ -68,36 +68,53 @@ conf=/etc/nova/nova.conf echo "Setting database connection: $database_url." iniset_sudo $conf database connection "$database_url" -echo "Configuring [DEFAULT] section in /etc/nova/nova.conf for controller node." +echo "Configuring nova services." +# Default Section. iniset_sudo $conf DEFAULT rpc_backend rabbit -iniset_sudo $conf DEFAULT rabbit_host controller-mgmt -iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" + +# oslo_messaging_rabbit section. +iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt +iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack +iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD" + iniset_sudo $conf DEFAULT auth_strategy keystone +# Configure keystone_authtoken section. iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000 -iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357 -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" -iniset_sudo $conf keystone_authtoken admin_user "$nova_admin_user" -iniset_sudo $conf keystone_authtoken admin_password "$nova_admin_password" +iniset_sudo $conf keystone_authtoken auth_url http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken auth_plugin password +iniset_sudo $conf keystone_authtoken project_domain_id default +iniset_sudo $conf keystone_authtoken user_domain_id default +iniset_sudo $conf keystone_authtoken project_name "$SERVICE_PROJECT_NAME" +iniset_sudo $conf keystone_authtoken username "$nova_admin_user" +iniset_sudo $conf keystone_authtoken password "$nova_admin_password" +# Default section iniset_sudo $conf DEFAULT my_ip "$(hostname_to_ip controller-mgmt)" iniset_sudo $conf DEFAULT vncserver_listen controller-mgmt iniset_sudo $conf DEFAULT vncserver_proxyclient_address controller-mgmt +# Glance section iniset_sudo $conf glance host controller-mgmt + +# oslo_concurrency section +iniset_sudo $conf oslo_concurrency lock_path /var/lib/nova/tmp + +# default section iniset_sudo $conf DEFAULT verbose True echo "Creating the database tables for nova." sudo nova-manage db sync echo "Restarting nova services." -declare -a components=(nova-api nova-cert nova-consoleauth nova-scheduler - nova-conductor nova-novncproxy) -for component in "${components[@]}"; do - echo "Restarting $component" - sudo service "$component" restart +declare -a nova_services=(nova-api nova-cert nova-consoleauth \ + nova-scheduler nova-conductor nova-novncproxy) + +for nova_service in "${nova_services[@]}"; do + echo "Restarting $nova_service" + sudo service "$nova_service" restart done # Remove SQLite database created by Ubuntu package for nova. @@ -112,6 +129,12 @@ echo "Verify nova service status." echo "sudo nova-manage service list" sudo nova-manage service list +echo "nova service-list" +nova service-list + +echo "nova endpoints" +nova endpoints + echo "nova image-list" nova image-list diff --git a/labs/osbash/scripts/ubuntu/setup_telemetry_compute.sh b/labs/osbash/scripts/ubuntu/setup_telemetry_compute.sh index ad5009da..667076b6 100755 --- a/labs/osbash/scripts/ubuntu/setup_telemetry_compute.sh +++ b/labs/osbash/scripts/ubuntu/setup_telemetry_compute.sh @@ -11,7 +11,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Install the Telemetry service -# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-nova.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-nova.html #------------------------------------------------------------------------------ echo "Installing ceilometer." @@ -23,27 +23,28 @@ ceilometer_admin_password=$(service_to_user_password ceilometer) echo "Configuring ceilometer.conf." conf=/etc/ceilometer/ceilometer.conf -iniset_sudo $conf publisher metering_secret "$METERING_SECRET" - +iniset_sudo $conf publisher telemetry_secret "$TELEMETRY_SECRET" # Configure RabbitMQ variables -iniset_sudo $conf DEFAULT rabbit_host controller-mgmt -iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" +iniset_sudo $conf DEFAULT rpc_backend rabbit -iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0" -iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357" -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" +iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt +iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack +iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD" + +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0 +iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME" iniset_sudo $conf keystone_authtoken admin_user "$ceilometer_admin_user" iniset_sudo $conf keystone_authtoken admin_password "$ceilometer_admin_password" -iniset_sudo $conf service_credentials os_auth_url "http://controller-mgmt:5000/v2.0" +iniset_sudo $conf service_credentials os_auth_url http://controller-mgmt:5000/v2.0 iniset_sudo $conf service_credentials os_username "$ceilometer_admin_user" -iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_TENANT_NAME" +iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_PROJECT_NAME" iniset_sudo $conf service_credentials os_password "$ceilometer_admin_password" iniset_sudo $conf service_credentials os_endpoint_type internalURL iniset_sudo $conf service_credentials os_region_name "$REGION" - iniset_sudo $conf DEFAULT verbose True echo "Configuring nova.conf." @@ -62,7 +63,7 @@ sudo service nova-compute restart #------------------------------------------------------------------------------ # Configure the Block Storage service(cinder-volume) -# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-cinder.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-cinder.html #------------------------------------------------------------------------------ # Configure the Block Storage Service to send notifications to the message bus @@ -78,7 +79,7 @@ sudo service cinder-volume restart #------------------------------------------------------------------------------ # Verify the Telemetry installation -# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-verify.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-verify.html #------------------------------------------------------------------------------ echo "Verifying the telemetry installation." diff --git a/labs/osbash/scripts/ubuntu/setup_telemetry_controller.sh b/labs/osbash/scripts/ubuntu/setup_telemetry_controller.sh index 8751e004..2db891d4 100755 --- a/labs/osbash/scripts/ubuntu/setup_telemetry_controller.sh +++ b/labs/osbash/scripts/ubuntu/setup_telemetry_controller.sh @@ -12,7 +12,7 @@ indicate_current_auto #------------------------------------------------------------------------------ # Install the Telemetry service -# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-controller-install.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-controller-install.html #------------------------------------------------------------------------------ echo "Setting up database for telemetry." @@ -28,7 +28,7 @@ iniset_sudo_no_section $conf smallfiles true echo "Restarting mongodb." sudo service mongodb restart -echo "Waiting for mongodb to start." +echo -n "Waiting for mongodb to start." while sudo service mongodb status 2>/dev/null | grep "stop"; do sleep 5 echo -n . @@ -51,28 +51,27 @@ echo "Sourcing the admin credentials." source "$CONFIG_DIR/admin-openstackrc.sh" echo "Creating ceilometer user and giving it admin role under service tenant." -keystone user-create \ - --name "$ceilometer_admin_user" \ - --pass "$ceilometer_admin_password" \ +openstack user create \ + --password "$ceilometer_admin_password" \ + "$ceilometer_admin_user" -keystone user-role-add \ +openstack role add \ + --project "$SERVICE_PROJECT_NAME" \ --user "$ceilometer_admin_user" \ - --tenant "$SERVICE_TENANT_NAME" \ - --role "$ADMIN_ROLE_NAME" + "$ADMIN_ROLE_NAME" echo "Registering ceilometer with keystone so that other services can locate it." -keystone service-create \ +openstack service create \ --name ceilometer \ - --type metering \ - --description "Telemetry" + --description "Telemetry" \ + metering -ceilometer_service_id=$(keystone service-list | awk '/ metering / {print $2}') -keystone endpoint-create \ - --service-id "$ceilometer_service_id" \ - --publicurl "http://controller-api:8777" \ - --internalurl "http://controller-mgmt:8777" \ - --adminurl "http://controller-mgmt:8777" \ - --region "$REGION" +openstack endpoint create \ + --publicurl http://controller-api:8777 \ + --internalurl http://controller-mgmt:8777 \ + --adminurl http://controller-mgmt:8777 \ + --region "$REGION" \ + metering echo "Installing ceilometer." sudo apt-get install -y ceilometer-api ceilometer-collector \ @@ -83,11 +82,9 @@ sudo apt-get install -y ceilometer-api ceilometer-collector \ python-ceilometerclient function get_database_url { - local db_user=$(service_to_db_user ceilometer) - local db_password=$(service_to_db_password ceilometer) local database_host=controller-mgmt - echo "mongodb://$db_user:$db_password@$database_host:27017/ceilometer" + echo "mongodb://$mongodb_user:$mongodb_password@$database_host:27017/ceilometer" } database_url=$(get_database_url) @@ -99,28 +96,31 @@ iniset_sudo $conf database connection "$database_url" # Configure RabbitMQ variables iniset_sudo $conf DEFAULT rpc_backend rabbit -iniset_sudo $conf DEFAULT rabbit_host controller-mgmt -iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" + +iniset_sudo $conf oslo_messaging_rabbit rabbit_host controller-mgmt +iniset_sudo $conf oslo_messaging_rabbit rabbit_userid openstack +iniset_sudo $conf oslo_messaging_rabbit rabbit_password "$RABBIT_PASSWORD" # Configure the [DEFAULT] section iniset_sudo $conf DEFAULT auth_strategy keystone -iniset_sudo $conf keystone_authtoken auth_uri "http://controller-mgmt:5000/v2.0" -iniset_sudo $conf keystone_authtoken identity_uri "http://controller-mgmt:35357" -iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_TENANT_NAME" +iniset_sudo $conf keystone_authtoken auth_uri http://controller-mgmt:5000/v2.0 +iniset_sudo $conf keystone_authtoken identity_uri http://controller-mgmt:35357 +iniset_sudo $conf keystone_authtoken admin_tenant_name "$SERVICE_PROJECT_NAME" iniset_sudo $conf keystone_authtoken admin_user "$ceilometer_admin_user" iniset_sudo $conf keystone_authtoken admin_password "$ceilometer_admin_password" -iniset_sudo $conf service_credentials os_auth_url "http://controller-mgmt:5000/v2.0" +iniset_sudo $conf service_credentials os_auth_url http://controller-mgmt:5000/v2.0 iniset_sudo $conf service_credentials os_username "$ceilometer_admin_user" -iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_TENANT_NAME" +iniset_sudo $conf service_credentials os_tenant_name "$SERVICE_PROJECT_NAME" iniset_sudo $conf service_credentials os_password "$ceilometer_admin_password" +iniset_sudo $conf service_credentials os_endpoint_type internalURL +iniset_sudo $conf service_credentials os_region_name "$REGION" -iniset_sudo $conf publisher metering_secret "$METERING_SECRET" +iniset_sudo $conf publisher telemetry_secret "$TELEMETRY_SECRET" iniset_sudo $conf DEFAULT verbose True - echo "Restarting telemetry service." sudo service ceilometer-agent-central restart sudo service ceilometer-agent-notification restart @@ -131,7 +131,7 @@ sudo service ceilometer-alarm-notifier restart #------------------------------------------------------------------------------ # Configure the Image service -# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-glance.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-glance.html #------------------------------------------------------------------------------ # Configure the Image Service to send notifications to the message bus @@ -142,6 +142,7 @@ conf=/etc/glance/glance-api.conf iniset_sudo $conf DEFAULT notification_driver messagingv2 iniset_sudo $conf DEFAULT rpc_backend rabbit iniset_sudo $conf DEFAULT rabbit_host controller-mgmt +iniset_sudo $conf DEFAULT rabbit_userid openstack iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" echo "Configuring glance-registry.conf." @@ -150,6 +151,7 @@ conf=/etc/glance/glance-registry.conf iniset_sudo $conf DEFAULT notification_driver messagingv2 iniset_sudo $conf DEFAULT rpc_backend rabbit iniset_sudo $conf DEFAULT rabbit_host controller-mgmt +iniset_sudo $conf DEFAULT rabbit_userid openstack iniset_sudo $conf DEFAULT rabbit_password "$RABBIT_PASSWORD" sudo service glance-registry restart @@ -157,7 +159,7 @@ sudo service glance-api restart #------------------------------------------------------------------------------ # Configure the Block Storage service -# http://docs.openstack.org/juno/install-guide/install/apt/content/ceilometer-cinder.html +# http://docs.openstack.org/kilo/install-guide/install/apt/content/ceilometer-cinder.html #------------------------------------------------------------------------------ # Configure the Block Storage Service to send notifications to the message bus