Make nova-novncproxy usable in a public cloud.

This refactors the nova-novncproxy configuration in TripleO so that it can be used in a cloud where the compute hosts don't each have to be assigned a public IP. With the new configuration the nova-novncproxy is configured to run on the nova-api (controller) node which typically will have a public IP assigned to it. Specific changes include: -move novnc element to nova-novncproxy -move all the nova-novncproxy stuff out of nova-kvm into the new nova-novncproxy element -configures Fedora iptables rules to support noVNC connections on 6080 -Adds a new nova.public_ip parameter which is used to construct the novncproxy_base_url. This may be returned directly to cloud users via 'nova get-vnc-console' or consumed by Horizon. -Set vncserver_proxyclient_address to the real local(internal) IP address for the compute host. Previously we used 127.0.0.1 which won't work unless nova-novncproxy runs on the Nova compute host. To do this we use {{local-ipv4}} which should always be the Heat provided local management IP address for the compute host. Change-Id: I18cdc36248749390f0ab1e2c454741dbf2736e7f Closes-bug: #1309510
2014-04-18 10:02:31 -04:00 · 2014-04-18 10:02:31 -04:00 · 1f9c1f7385
commit 1f9c1f7385
parent 063074e0e1
15 changed files with 32 additions and 11 deletions
--- a/elements/nova-api/element-deps
+++ b/elements/nova-api/element-deps
@ -1,2 +1,3 @@
 iptables
 nova
+nova-novncproxy
--- a/elements/nova-compute/element-deps
+++ b/elements/nova-compute/element-deps
@ -1,2 +1 @@
 nova
-novnc
--- a/elements/nova-kvm/install.d/nova-package-install/80-nova-kvm
+++ b/elements/nova-kvm/install.d/nova-package-install/80-nova-kvm
@ -2,8 +2,6 @@

 set -eux

-install-packages openstack-nova-novncproxy
-
 if ! getent group libvirtd; then
    groupadd libvirtd
 fi
--- a/elements/nova-kvm/install.d/nova-source-install/80-nova-kvm
+++ b/elements/nova-kvm/install.d/nova-source-install/80-nova-kvm
@ -11,9 +11,6 @@ fi

 usermod -a -G libvirtd nova

-os-svc-daemon -i "$NOVA_VENV_DIR" nova-novncproxy  nova nova-novncproxy          "--config-dir /etc/nova"
-os-svc-enable -n nova-novncproxy
-
 # On Fedora configure polkit to allow nova to use libvirt
 if [ -e /etc/polkit-1/rules.d ] ; then
    cat - <<-EOF > /etc/polkit-1/rules.d/50-nova.rules
--- a/elements/nova-novncproxy/README.md
+++ b/elements/nova-novncproxy/README.md
@ -0,0 +1,8 @@
+Install nova-novncproxy along with the necessary components from noVNC.
+
+Configuration (via the nova element)
+-------------
+
+When using VNC be sure to set nova.public_ip (providated via the nova element).
+This is used to specify the novncproxy_base_url for external proxy connections
+and is typically configured on controller nodes.
--- a/elements/nova-novncproxy/element-deps
+++ b/elements/nova-novncproxy/element-deps
@ -0,0 +1 @@
+nova
--- a/elements/nova-novncproxy/install.d/novnc-package-install/50-install-novnc
+++ b/elements/nova-novncproxy/install.d/novnc-package-install/50-install-novnc
@ -2,4 +2,6 @@

 set -eux

+install-packages openstack-nova-novncproxy
+
 install-packages novnc
--- a/elements/nova-novncproxy/install.d/novnc-source-install/50-install-novnc
+++ b/elements/nova-novncproxy/install.d/novnc-source-install/50-install-novnc
@ -1,6 +1,8 @@
 #!/bin/bash
 set -ex

+os-svc-daemon -i "$NOVA_VENV_DIR" nova-novncproxy       nova nova-novncproxy       "--config-dir /etc/nova"
+
 # nova-novncproxy looks in /usr/share/novnc by default
 install -d -m 0755 -o root -g root /usr/share/novnc
 install -m 0644 -o root -g root /opt/stack/novnc/favicon.ico /usr/share/novnc
--- a/elements/nova-novncproxy/os-refresh-config/post-configure.d/81-nova-novncproxy
+++ b/elements/nova-novncproxy/os-refresh-config/post-configure.d/81-nova-novncproxy
@ -0,0 +1,5 @@
+#!/bin/bash
+set -eux
+
+os-svc-enable -n nova-novncproxy
+os-svc-restart -n nova-novncproxy
--- a/elements/nova-novncproxy/os-refresh-config/pre-configure.d/98-nova-novncproxy-fedora-iptables
+++ b/elements/nova-novncproxy/os-refresh-config/pre-configure.d/98-nova-novncproxy-fedora-iptables
@ -0,0 +1,5 @@
+#!/bin/bash
+set -eu
+
+# open default port for nova-novncproxy connections
+add-rule INPUT -p tcp -m multiport --dports 6080 -j ACCEPT
--- a/elements/nova-novncproxy/source-repository-novnc
+++ b/elements/nova-novncproxy/source-repository-novnc
--- a/elements/nova/README.md
+++ b/elements/nova/README.md
@ -32,3 +32,6 @@ nova:
      e.g. 'linux-ext4=mkfs -t ext4 -F -L %(fs_label)s %(target)s'
  compute_manager: "ironic.nova.compute.manager.ClusterComputeManager"
    - set to override the compute manager class used by Nova-Compute.
+  public_ip:
+    - public IP address (if any) assigned to this node. Used for VNC proxy
+      connections so this is typically only required on controller nodes.
--- a/elements/nova/os-apply-config/etc/nova/nova.conf
+++ b/elements/nova/os-apply-config/etc/nova/nova.conf
@ -47,10 +47,12 @@ keystone_ec2_url=http://{{keystone.host}}:5000/v2.0/ec2tokens
 # Imaging service
 glance_api_servers={{glance.host}}:9292

-# Vnc configuration
-novncproxy_base_url=http://{{nova.host}}:6080/vnc_auto.html
+# VNC configuration
+{{#nova.public_ip}}
+novncproxy_base_url=http://{{nova.public_ip}}:6080/vnc_auto.html
+{{/nova.public_ip}}
 novncproxy_port=6080
-vncserver_proxyclient_address=127.0.0.1
+vncserver_proxyclient_address={{local-ipv4}}
 vncserver_listen=0.0.0.0

 # Networking #
--- a/elements/novnc/README.md
+++ b/elements/novnc/README.md
@ -1 +0,0 @@
-Installs the necessary components from noVNC to satisfy nova-novncproxy.
--- a/elements/novnc/element-deps
+++ b/elements/novnc/element-deps
@ -1 +0,0 @@
-source-repositories
				`@ -1 +0,0 @@`
				`Installs the necessary components from noVNC to satisfy nova-novncproxy.`