trove/devstack/plugin.sh
wu.chunyang 65bcf6d6e2 Set swift_api_insecure to false in trove-guest
As the devstack uses the self-signed certificate , we should
set swift_api_insecure to false by default to access the
swift service.

Change-Id: Idc2b8127dcfd589d48eb26d7624709a9fdc64029
2024-02-23 10:37:57 +08:00

719 lines
28 KiB
Bash

#!/bin/bash
#
# lib/trove
# Functions to control the configuration and operation of the **Trove** service
# Dependencies:
# ``functions`` file
# ``DEST``, ``STACK_USER`` must be defined
# ``SERVICE_{HOST|PROTOCOL|TOKEN}`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
# install_trove
# install_python_troveclient
# configure_trove
# init_trove
# start_trove
# stop_trove
# cleanup_trove
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# Functions
# ---------
# Test if any Trove services are enabled
# is_trove_enabled
function is_trove_enabled {
[[ ,${ENABLED_SERVICES} =~ ,"tr-" ]] && return 0
return 1
}
# setup_trove_logging() - Adds logging configuration to conf files
function setup_trove_logging {
local CONF=$1
iniset $CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $CONF DEFAULT use_syslog $SYSLOG
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
# Add color to logging output
setup_colorized_logging $CONF DEFAULT tenant user
fi
}
# create_trove_accounts() - Set up common required trove accounts
# Tenant User Roles
# ------------------------------------------------------------------
# service trove admin # if enabled
function create_trove_accounts {
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
create_service_user "trove" "admin"
# Add trove user to the clouds.yaml
CLOUDS_YAML=${CLOUDS_YAML:-/etc/openstack/clouds.yaml}
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud trove \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username trove \
--os-password $SERVICE_PASSWORD \
--os-project-name $SERVICE_PROJECT_NAME
local trove_service=$(get_or_create_service "trove" \
"database" "Trove Service")
get_or_create_endpoint $trove_service \
"$REGION_NAME" \
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
fi
}
# Removes all the WSGI related files and restart apache.
function cleanup_trove_apache_wsgi {
sudo rm -rf $TROVE_WSGI_DIR
sudo rm -f $(apache_site_config_for trove-api)
restart_apache_server
}
# stack.sh entry points
# ---------------------
# cleanup_trove() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_trove {
# Clean up dirs
rm -fr $TROVE_CONF_DIR/*
if is_service_enabled horizon; then
cleanup_trove_dashboard
fi
if [[ "${TROVE_USE_MOD_WSGI}" == "TRUE" ]]; then
echo "Cleaning up Trove's WSGI setup"
cleanup_trove_apache_wsgi
fi
}
# cleanup_trove_dashboard() - Remove Trove dashboard files from Horizon
function cleanup_trove_dashboard {
rm -f $HORIZON_DIR/openstack_dashboard/local/enabled/_17*database*.py
}
# iniset_conditional() - Sets the value in the inifile, but only if it's
# actually got a value
function iniset_conditional {
local FILE=$1
local SECTION=$2
local OPTION=$3
local VALUE=$4
if [[ -n "$VALUE" ]]; then
iniset ${FILE} ${SECTION} ${OPTION} ${VALUE}
fi
}
# configure_keystone_token_life() - update the keystone token life to 3h
function configure_keystone_token_life() {
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/nova}
KEYSTONE_CONF=${KEYSTONE_CONF:-${KEYSTONE_CONF_DIR}/keystone.conf}
KEYSTONE_TOKEN_LIFE=${KEYSTONE_TOKEN_LIFE:-10800}
iniset $KEYSTONE_CONF token expiration ${KEYSTONE_TOKEN_LIFE}
echo "configure_keystone_token_life: setting keystone token life to ${KEYSTONE_TOKEN_LIFE}"
echo "configure_keystone_token_life: restarting Keystone"
stop_keystone
start_keystone
}
# configure_nova_kvm() - update the nova hypervisor configuration if possible
function configure_nova_kvm {
cpu="unknown"
if [ -e /sys/module/kvm_*/parameters/nested ]; then
reconfigure_nova="F"
if [ -e /sys/module/kvm_intel/parameters/nested ]; then
cpu="Intel"
if [[ "$(cat /sys/module/kvm_*/parameters/nested)" == "Y" ]]; then
reconfigure_nova="Y"
fi
elif [ -e /sys/module/kvm_amd/parameters/nested ]; then
cpu="AMD"
if [[ "$(cat /sys/module/kvm_*/parameters/nested)" == "1" ]]; then
reconfigure_nova="Y"
fi
fi
if [ "${reconfigure_nova}" == "Y" ]; then
NOVA_CONF_DIR=${NOVA_CONF_DIR:-/etc/nova}
NOVA_CONF=${NOVA_CONF:-${NOVA_CONF_DIR}/nova.conf}
iniset $NOVA_CONF libvirt cpu_mode "none"
iniset $NOVA_CONF libvirt virt_type "kvm"
fi
fi
virt_type=$(iniget $NOVA_CONF libvirt virt_type)
echo "configure_nova_kvm: using virt_type: ${virt_type} for cpu: ${cpu}."
}
# Setup WSGI config files for Trove and enable the site
function config_trove_apache_wsgi {
local trove_apache_conf
sudo mkdir -p ${TROVE_WSGI_DIR}
sudo cp $TROVE_DIR/trove/cmd/app_wsgi.py $TROVE_WSGI_DIR/app_wsgi.py
trove_apache_conf=$(apache_site_config_for trove-api)
sudo cp $TROVE_DEVSTACK_FILES/apache-trove-api.template ${trove_apache_conf}
local wsgi_venv_config=""
if [[ "$GLOBAL_VENV" == "True" ]] ; then
wsgi_venv_config="WSGIPythonHome $DEVSTACK_VENV"
fi
sudo sed -e "
s|%TROVE_SERVICE_PORT%|${TROVE_SERVICE_PORT}|g;
s|%TROVE_WSGI_DIR%|${TROVE_WSGI_DIR}|g;
s|%USER%|${STACK_USER}|g;
s|%APACHE_NAME%|${APACHE_NAME}|g;
s|%APIWORKERS%|${API_WORKERS}|g;
s|%WSGIPYTHONHOME%|${wsgi_venv_config}|g;
" -i ${trove_apache_conf}
enable_apache_site trove-api
}
# configure_trove() - Set config files, create data dirs, etc
function configure_trove {
setup_develop $TROVE_DIR
# Temporarily disable re-configuring nova_kvm until
# more nodes in the pool can support it without crashing.
# configure_nova_kvm
configure_keystone_token_life
# Create the trove conf dir and cache dirs if they don't exist
sudo install -d -o $STACK_USER ${TROVE_CONF_DIR}
# Copy api-paste file over to the trove conf dir
cp $TROVE_LOCAL_API_PASTE_INI $TROVE_API_PASTE_INI
# configure apache related files
if [[ "${TROVE_USE_MOD_WSGI}" == "TRUE" ]]; then
echo "Configuring Trove to use mod-wsgi and Apache"
config_trove_apache_wsgi
fi
# (Re)create trove conf files
rm -f $TROVE_CONF $TROVE_GUESTAGENT_CONF
TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
################################################################ trove conf
setup_trove_logging $TROVE_CONF
iniset_conditional $TROVE_CONF DEFAULT max_accepted_volume_size $TROVE_MAX_ACCEPTED_VOLUME_SIZE
iniset_conditional $TROVE_CONF DEFAULT max_instances_per_tenant $TROVE_MAX_INSTANCES_PER_TENANT
iniset_conditional $TROVE_CONF DEFAULT max_volumes_per_tenant $TROVE_MAX_VOLUMES_PER_TENANT
iniset_conditional $TROVE_CONF DEFAULT agent_call_low_timeout $TROVE_AGENT_CALL_LOW_TIMEOUT
iniset_conditional $TROVE_CONF DEFAULT agent_call_high_timeout $TROVE_AGENT_CALL_HIGH_TIMEOUT
iniset_conditional $TROVE_CONF DEFAULT resize_time_out $TROVE_RESIZE_TIME_OUT
iniset_conditional $TROVE_CONF DEFAULT usage_timeout $TROVE_USAGE_TIMEOUT
iniset_conditional $TROVE_CONF DEFAULT state_change_wait_time $TROVE_STATE_CHANGE_WAIT_TIME
iniset_conditional $TROVE_CONF DEFAULT reboot_time_out 300
iniset $TROVE_CONF DEFAULT controller_address ${SERVICE_HOST}
configure_keystone_authtoken_middleware $TROVE_CONF trove
iniset $TROVE_CONF service_credentials username trove
iniset $TROVE_CONF service_credentials user_domain_name Default
iniset $TROVE_CONF service_credentials project_domain_name Default
iniset $TROVE_CONF service_credentials password $SERVICE_PASSWORD
iniset $TROVE_CONF service_credentials project_name $SERVICE_PROJECT_NAME
iniset $TROVE_CONF service_credentials region_name $REGION_NAME
iniset $TROVE_CONF service_credentials auth_url $TROVE_AUTH_ENDPOINT
iniset $TROVE_CONF database connection `database_connection_url trove`
iniset $TROVE_CONF DEFAULT control_exchange trove
iniset $TROVE_CONF DEFAULT transport_url rabbit://$RABBIT_USERID:$RABBIT_PASSWORD@$RABBIT_HOST:5672/
iniset $TROVE_CONF DEFAULT trove_api_workers "$API_WORKERS"
iniset $TROVE_CONF DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
iniset $TROVE_CONF DEFAULT default_datastore $TROVE_DATASTORE_TYPE
iniset $TROVE_CONF cache enabled true
iniset $TROVE_CONF cache backend dogpile.cache.memory
iniset $TROVE_CONF cassandra tcp_ports 7000,7001,7199,9042,9160
iniset $TROVE_CONF couchbase tcp_ports 8091,8092,4369,11209-11211,21100-21199
iniset $TROVE_CONF couchdb tcp_ports 5984
iniset $TROVE_CONF db2 tcp_ports 50000
iniset $TROVE_CONF mariadb tcp_ports 3306,4444,4567,4568
iniset $TROVE_CONF mongodb tcp_ports 2500,27017,27019
iniset $TROVE_CONF mysql tcp_ports 3306
iniset $TROVE_CONF percona tcp_ports 3306
iniset $TROVE_CONF postgresql tcp_ports 5432
iniset $TROVE_CONF pxc tcp_ports 3306,4444,4567,4568
iniset $TROVE_CONF redis tcp_ports 6379,16379
iniset $TROVE_CONF vertica tcp_ports 5433,5434,5444,5450,4803
################################################################ trove guest agent conf
setup_trove_logging $TROVE_GUESTAGENT_CONF
iniset_conditional $TROVE_GUESTAGENT_CONF DEFAULT state_change_wait_time $TROVE_STATE_CHANGE_WAIT_TIME
iniset_conditional $TROVE_GUESTAGENT_CONF DEFAULT command_process_timeout $TROVE_COMMAND_PROCESS_TIMEOUT
iniset $TROVE_GUESTAGENT_CONF DEFAULT transport_url rabbit://$RABBIT_USERID:$RABBIT_PASSWORD@$TROVE_HOST_GATEWAY:5672/
iniset $TROVE_GUESTAGENT_CONF DEFAULT control_exchange trove
iniset $TROVE_GUESTAGENT_CONF DEFAULT ignore_users os_admin
iniset $TROVE_GUESTAGENT_CONF DEFAULT log_dir /var/log/trove/
iniset $TROVE_GUESTAGENT_CONF DEFAULT log_file trove-guestagent.log
iniset $TROVE_GUESTAGENT_CONF DEFAULT swift_api_insecure false
iniset $TROVE_GUESTAGENT_CONF service_credentials username trove
iniset $TROVE_GUESTAGENT_CONF service_credentials user_domain_name Default
iniset $TROVE_GUESTAGENT_CONF service_credentials project_domain_name Default
iniset $TROVE_GUESTAGENT_CONF service_credentials password $SERVICE_PASSWORD
iniset $TROVE_GUESTAGENT_CONF service_credentials project_name $SERVICE_PROJECT_NAME
iniset $TROVE_GUESTAGENT_CONF service_credentials region_name $REGION_NAME
iniset $TROVE_GUESTAGENT_CONF service_credentials auth_url $TROVE_AUTH_ENDPOINT
iniset $TROVE_GUESTAGENT_CONF mysql docker_image ${TROVE_DATABASE_IMAGE_MYSQL}
iniset $TROVE_GUESTAGENT_CONF mysql backup_docker_image ${TROVE_DATABASE_BACKUP_IMAGE_MYSQL}
iniset $TROVE_GUESTAGENT_CONF mariadb docker_image ${TROVE_DATABASE_IMAGE_MARIADB}
iniset $TROVE_GUESTAGENT_CONF mariadb backup_docker_image ${TROVE_DATABASE_BACKUP_IMAGE_MARIADB}
iniset $TROVE_GUESTAGENT_CONF postgresql docker_image ${TROVE_DATABASE_IMAGE_POSTGRES}
iniset $TROVE_GUESTAGENT_CONF postgresql backup_docker_image ${TROVE_DATABASE_BACKUP_IMAGE_POSTGRES}
# 1. To avoid 'Connection timed out' error of sudo command inside the guest agent
# 2. Config the controller IP address used by guest-agent to download Trove code during initialization (only valid for dev_mode=true).
common_cloudinit=/etc/trove/cloudinit/common.cloudinit
sudo mkdir -p $(dirname ${common_cloudinit})
sudo touch ${common_cloudinit}
sudo tee ${common_cloudinit} >/dev/null <<EOF
#cloud-config
manage_etc_hosts: "localhost"
write_files:
- path: /etc/trove/controller.conf
content: |
CONTROLLER=${SERVICE_HOST}
EOF
# NOTE(lxkong): Remove this when we support common cloud-init file for all datastores.
for datastore in "mysql" "mariadb" "postgresql"
do
sudo cp ${common_cloudinit} /etc/trove/cloudinit/${datastore}.cloudinit
done
}
# install_trove() - Collect source and prepare
function install_trove {
install_package jq
echo "Changing stack user sudoers"
echo "stack ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/60_stack_sh_allow_all
setup_develop $TROVE_DIR
if [[ "${TROVE_USE_MOD_WSGI}" == "TRUE" ]]; then
echo "Installing apache wsgi"
install_apache_wsgi
fi
if is_service_enabled horizon; then
install_trove_dashboard
fi
# Fix iptables rules that prevent amqp connections from the devstack box to the guests
sudo iptables -D openstack-INPUT -j REJECT --reject-with icmp-host-prohibited || true
}
# install_trove_dashboard() - Collect source and prepare
function install_trove_dashboard {
git_clone $TROVE_DASHBOARD_REPO $TROVE_DASHBOARD_DIR $TROVE_DASHBOARD_BRANCH
setup_develop $TROVE_DASHBOARD_DIR
cp $TROVE_DASHBOARD_DIR/trove_dashboard/enabled/_17*database*.py $HORIZON_DIR/openstack_dashboard/local/enabled
}
# install_python_troveclient() - Collect source and prepare
function install_python_troveclient {
if use_library_from_git "python-troveclient"; then
git_clone $TROVE_CLIENT_REPO $TROVE_CLIENT_DIR $TROVE_CLIENT_BRANCH
setup_develop $TROVE_CLIENT_DIR
fi
}
function init_trove_db {
# (Re)Create trove db
recreate_database trove
# Initialize the trove database
$TROVE_MANAGE db_sync
}
function create_mgmt_subnet_v4 {
local project_id=$1
local net_id=$2
local name=$3
local ip_range=$4
local gateway=$5
subnet_id=$(openstack subnet create --project ${project_id} --ip-version 4 --subnet-range ${ip_range} --gateway ${gateway} --dns-nameserver 8.8.8.8 --network ${net_id} $name -c id -f value)
die_if_not_set $LINENO subnet_id "Failed to create private IPv4 subnet for network: ${net_id}, project: ${project_id}"
echo $subnet_id
}
# Create private IPv6 subnet
# Note: Trove is not fully tested in IPv6.
function create_subnet_v6 {
local project_id=$1
local net_id=$2
local name=$3
local subnet_params="--ip-version 6 "
die_if_not_set $LINENO IPV6_RA_MODE "IPV6 RA Mode not set"
die_if_not_set $LINENO IPV6_ADDRESS_MODE "IPV6 Address Mode not set"
local ipv6_modes="--ipv6-ra-mode $IPV6_RA_MODE --ipv6-address-mode $IPV6_ADDRESS_MODE"
if [[ -n "$IPV6_PRIVATE_NETWORK_GATEWAY" ]]; then
subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
fi
if [[ -n $SUBNETPOOL_V6_ID ]]; then
subnet_params+="--subnet-pool $SUBNETPOOL_V6_ID "
else
subnet_params+="--subnet-range $FIXED_RANGE_V6 $ipv6_modes} "
fi
subnet_params+="--network $net_id $name "
ipv6_subnet_id=$(openstack --project ${project_id} subnet create $subnet_params | grep ' id ' | get_field 2)
die_if_not_set $LINENO ipv6_subnet_id "Failed to create private IPv6 subnet for network: ${net_id}, project: ${project_id}"
echo $ipv6_subnet_id
}
function setup_mgmt_network() {
local PROJECT_ID=$1
local NET_NAME=$2
local SUBNET_NAME=$3
local SUBNET_RANGE=$4
local SUBNET_GATEWAY=$5
local SHARED=$6
local share_flag=""
if [[ "${SHARED}" == "TRUE" ]]; then
share_flag="--share"
fi
network_id=$(openstack network create --project ${PROJECT_ID} ${share_flag} $NET_NAME -c id -f value)
die_if_not_set $LINENO network_id "Failed to create network: $NET_NAME, project: ${PROJECT_ID}"
if [[ "$IP_VERSION" =~ 4.* ]]; then
net_subnet_id=$(create_mgmt_subnet_v4 ${PROJECT_ID} ${network_id} ${SUBNET_NAME} ${SUBNET_RANGE} ${SUBNET_GATEWAY})
if [[ ${SUBNET_GATEWAY} != "none" ]]; then
openstack router add subnet ${ROUTER_ID} ${net_subnet_id}
fi
fi
# Trove doesn't support IPv6 for now.
# if [[ "$IP_VERSION" =~ .*6 ]]; then
# NEW_IPV6_SUBNET_ID=$(create_subnet_v6 ${PROJECT_ID} ${network_id} ${IPV6_SUBNET_NAME})
# openstack router add subnet $ROUTER_ID $NEW_IPV6_SUBNET_ID
# fi
}
# start_trove() - Start running processes, including screen
function start_trove {
if [[ ${TROVE_USE_MOD_WSGI}" == TRUE" ]]; then
echo "Restarting Apache server ..."
enable_apache_site trove-api
restart_apache_server
else
run_process tr-api "$TROVE_BIN_DIR/trove-api --config-file=$TROVE_CONF"
fi
run_process tr-tmgr "$TROVE_BIN_DIR/trove-taskmanager --config-file=$TROVE_CONF"
run_process tr-cond "$TROVE_BIN_DIR/trove-conductor --config-file=$TROVE_CONF"
}
# stop_trove() - Stop running processes
function stop_trove {
# Kill the trove screen windows
local serv
if [[ ${TROVE_USE_MOD_WSGI} == "TRUE" ]]; then
echo "Disabling Trove API in Apache"
disable_apache_site trove-api
else
stop_process tr-api
fi
for serv in tr-tmgr tr-cond; do
stop_process $serv
done
}
# configure_tempest_for_trove() - Set Trove related setting on Tempest
# NOTE (gmann): Configure all the Tempest setting for Trove service in
# this function.
function configure_tempest_for_trove {
if is_service_enabled tempest; then
iniset $TEMPEST_CONFIG service_available trove True
fi
}
# Use trovestack to create guest image and register the image in the datastore.
function create_guest_image {
TROVE_ENABLE_IMAGE_BUILD=`echo ${TROVE_ENABLE_IMAGE_BUILD,,}`
if [[ ${TROVE_ENABLE_IMAGE_BUILD} == "false" ]]; then
echo "Skip creating guest image."
return 0
fi
image_name="trove-guest-${TROVE_IMAGE_OS}-${TROVE_IMAGE_OS_RELEASE}"
mkdir -p $HOME/images
image_file=$HOME/images/${image_name}.qcow2
if [[ -n ${TROVE_NON_DEV_IMAGE_URL} ]]; then
echo "Downloading guest image from ${TROVE_NON_DEV_IMAGE_URL}"
curl -sSL ${TROVE_NON_DEV_IMAGE_URL} -o ${image_file}
else
echo "Starting to create guest image"
export SYNC_LOG_TO_CONTROLLER=${SYNC_LOG_TO_CONTROLLER:-"False"}
$DEST/trove/integration/scripts/trovestack \
build-image \
${TROVE_IMAGE_OS} \
${TROVE_IMAGE_OS_RELEASE} \
true \
${TROVE_IMAGE_OS} \
${image_file}
fi
if [[ ! -f ${image_file} ]]; then
echo "Image file was not found at ${image_file}"
exit 1
fi
echo "Add the image to glance"
glance_image_id=$(openstack --os-cloud trove \
image create ${image_name} \
--disk-format qcow2 --container-format bare \
--tag trove \
--property hw_rng_model='virtio' \
--file ${image_file} \
--debug \
-c id -f value)
echo "Glance image ${glance_image_id} uploaded"
echo "Register the image in datastore"
$TROVE_MANAGE datastore_update $TROVE_DATASTORE_TYPE ""
$TROVE_MANAGE datastore_version_update $TROVE_DATASTORE_TYPE $TROVE_DATASTORE_VERSION $TROVE_DATASTORE_TYPE "" "" 1 --image-tags trove
$TROVE_MANAGE datastore_update $TROVE_DATASTORE_TYPE $TROVE_DATASTORE_VERSION
echo "Add parameter validation rules if available"
if [[ -f $DEST/trove/trove/templates/$TROVE_DATASTORE_TYPE/validation-rules.json ]]; then
$TROVE_MANAGE db_load_datastore_config_parameters "$TROVE_DATASTORE_TYPE" "$TROVE_DATASTORE_VERSION" \
$DEST/trove/trove/templates/$TROVE_DATASTORE_TYPE/validation-rules.json
fi
# NOTE(wuchunyang): Create log directory so that guest agent can rsync logs to this directory
if [[ ${SYNC_LOG_TO_CONTROLLER} == "True" ]]; then
test -e /var/log/guest-agent-logs || sudo mkdir -p /var/log/guest-agent-logs/ && sudo chmod 777 /var/log/guest-agent-logs
fi
}
function create_registry_container {
# install docker on the host.
local ret='0'
which docker >/dev/null 2>&1 || { local ret='1'; }
if [[ "$ret" -ne 0 ]]; then
echo "Installing docker on the host"
$DEST/trove/integration/scripts/trovestack install-docker
fi
# running a docker registry container
echo "Running a docker registry container..."
container=$(sudo docker ps -a --format "{{.Names}}" --filter name=registry)
if [ -z $container ]; then
sudo docker run -d --net=host -e REGISTRY_HTTP_ADDR=0.0.0.0:4000 --restart=always -v /opt/trove_registry/:/var/lib/registry --name registry registry:2
for img in {"mysql:5.7","mysql:8.0","mariadb:10.4","postgres:12"};
do
sudo docker pull ${img} && sudo docker tag ${img} 127.0.0.1:4000/trove-datastores/${img} && sudo docker push 127.0.0.1:4000/trove-datastores/${img}
done
pushd $DEST/trove/backup
# build backup images
sudo docker build --network host -t 127.0.0.1:4000/trove-datastores/db-backup-mysql:5.7 --build-arg DATASTORE=mysql --build-arg DATASTORE_VERSION=5.7 .
sudo docker build --network host -t 127.0.0.1:4000/trove-datastores/db-backup-mysql:8.0 --build-arg DATASTORE=mysql --build-arg DATASTORE_VERSION=8.0 .
sudo docker build --network host -t 127.0.0.1:4000/trove-datastores/db-backup-mariadb:10.4 --build-arg DATASTORE=mariadb --build-arg DATASTORE_VERSION=10.4 .
sudo docker build --network host -t 127.0.0.1:4000/trove-datastores/db-backup-postgresql:12 --build-arg DATASTORE=postgresql --build-arg DATASTORE_VERSION=12 .
popd
# push backup images
for backupimg in {"db-backup-mysql:5.7","db-backup-mysql:8.0","db-backup-mariadb:10.4","db-backup-postgresql:12"};
do
sudo docker push 127.0.0.1:4000/trove-datastores/${backupimg}
done
# clean up backup images.
sudo docker image prune -a -f
fi
iniset $TROVE_CONF DEFAULT docker_insecure_registries "$TROVE_HOST_GATEWAY:4000"
}
# Set up Trove management network and make configuration change.
function config_trove_network {
echo "Finalizing Neutron networking for Trove"
echo "Dumping current network parameters:"
echo " SERVICE_HOST: $SERVICE_HOST"
echo " BRIDGE_IP: $BRIDGE_IP"
echo " PUBLIC_NETWORK_GATEWAY: $PUBLIC_NETWORK_GATEWAY"
echo " NETWORK_GATEWAY: $NETWORK_GATEWAY"
echo " IPV4_ADDRS_SAFE_TO_USE: $IPV4_ADDRS_SAFE_TO_USE"
echo " IPV6_ADDRS_SAFE_TO_USE: $IPV6_ADDRS_SAFE_TO_USE"
echo " FIXED_RANGE: $FIXED_RANGE"
echo " FLOATING_RANGE: $FLOATING_RANGE"
echo " SUBNETPOOL_PREFIX_V4: $SUBNETPOOL_PREFIX_V4"
echo " SUBNETPOOL_SIZE_V4: $SUBNETPOOL_SIZE_V4"
echo " SUBNETPOOL_V4_ID: $SUBNETPOOL_V4_ID"
echo " ROUTER_GW_IP: $ROUTER_GW_IP"
echo " TROVE_MGMT_SUBNET_RANGE: ${TROVE_MGMT_SUBNET_RANGE}"
echo " TROVE_MGMT_GATEWAY: ${TROVE_MGMT_GATEWAY}"
# Save xtrace setting
local orig_xtrace
orig_xtrace=$(set +o | grep xtrace)
set -x
echo "Creating Trove management network/subnet for Trove service project."
trove_service_project_id=$(openstack project show $SERVICE_PROJECT_NAME -c id -f value)
setup_mgmt_network ${trove_service_project_id} ${TROVE_MGMT_NETWORK_NAME} ${TROVE_MGMT_SUBNET_NAME} ${TROVE_MGMT_SUBNET_RANGE} ${TROVE_MGMT_GATEWAY}
mgmt_net_id=$(openstack network show ${TROVE_MGMT_NETWORK_NAME} -c id -f value)
echo "Created Trove management network ${TROVE_MGMT_NETWORK_NAME}(${mgmt_net_id})"
# Share the private network to other projects for testing purpose. We make
# the private network accessible to control plane below so that we could
# reach the private network for integration tests without floating ips
# associated, no matter which user the tests are using.
shared=$(openstack network show ${PRIVATE_NETWORK_NAME} -c shared -f value)
if [[ "$shared" == "False" ]]; then
openstack network set ${PRIVATE_NETWORK_NAME} --share
fi
if [[ -n ${ROUTER_GW_IP} && -n ${IPV4_ADDRS_SAFE_TO_USE} ]]; then
sudo ip route replace ${IPV4_ADDRS_SAFE_TO_USE} via $ROUTER_GW_IP
fi
# Make sure we can reach the management port of the service VM, this
# configuration is only for testing purpose. In production, it's
# recommended to config the router in the cloud infrastructure for the
# communication between Trove control plane and service VMs.
INTERFACE=trove-mgmt
MGMT_PORT_ID=$(openstack port create --project ${trove_service_project_id} --security-group ${TROVE_MGMT_SECURITY_GROUP} --device-owner trove --network ${TROVE_MGMT_NETWORK_NAME} --host=$(hostname) -c id -f value ${INTERFACE}-port)
MGMT_PORT_MAC=$(openstack port show -c mac_address -f value $MGMT_PORT_ID)
MGMT_PORT_IP=$(openstack port show -f value -c fixed_ips $MGMT_PORT_ID)
MGMT_PORT_IP=${MGMT_PORT_IP//u\'/\'}
MGMT_PORT_IP=$(echo ${MGMT_PORT_IP//\'/\"} | jq -r '.[0].ip_address')
sudo ovs-vsctl -- --may-exist add-port ${OVS_BRIDGE:-br-int} $INTERFACE -- set Interface $INTERFACE type=internal -- set Interface $INTERFACE external-ids:iface-status=active -- set Interface $INTERFACE external-ids:attached-mac=$MGMT_PORT_MAC -- set Interface $INTERFACE external-ids:iface-id=$MGMT_PORT_ID -- set Interface $INTERFACE external-ids:skip_cleanup=true
sudo ip link set dev $INTERFACE address $MGMT_PORT_MAC
mask=$(echo ${TROVE_MGMT_SUBNET_RANGE} | awk -F'/' '{print $2}')
sudo ip addr add ${MGMT_PORT_IP}/${mask} dev $INTERFACE
sudo ip link set $INTERFACE up
echo "Neutron network list:"
openstack network list
echo "Neutron subnet list:"
openstack subnet list
echo "Neutron router:"
openstack router show ${ROUTER_ID} -f yaml
echo "ip route:"
sudo ip route
# Now make sure the conf settings are right
iniset $TROVE_CONF DEFAULT ip_regex ""
iniset $TROVE_CONF DEFAULT black_list_regex ""
iniset $TROVE_CONF DEFAULT management_networks ${mgmt_net_id}
iniset $TROVE_CONF DEFAULT network_driver trove.network.neutron.NeutronDriver
# Restore xtrace setting
$orig_xtrace
}
function config_nova_keypair {
export SSH_DIR=${SSH_DIR:-"$HOME/.ssh"}
if [[ ! -f ${SSH_DIR}/id_rsa.pub ]]; then
mkdir -p ${SSH_DIR}
/usr/bin/ssh-keygen -f ${SSH_DIR}/id_rsa -q -N ""
# This is to allow guest agent ssh into the controller in dev mode.
cat ${SSH_DIR}/id_rsa.pub >> ${SSH_DIR}/authorized_keys
else
# This is to allow guest agent ssh into the controller in dev mode.
cat ${SSH_DIR}/id_rsa.pub >> ${SSH_DIR}/authorized_keys
sort ${SSH_DIR}/authorized_keys | uniq > ${SSH_DIR}/authorized_keys.uniq
mv ${SSH_DIR}/authorized_keys.uniq ${SSH_DIR}/authorized_keys
chmod 600 ${SSH_DIR}/authorized_keys
fi
echo "Creating Trove management keypair ${TROVE_MGMT_KEYPAIR_NAME}"
openstack --os-cloud trove keypair create --public-key ${SSH_DIR}/id_rsa.pub ${TROVE_MGMT_KEYPAIR_NAME}
iniset $TROVE_CONF DEFAULT nova_keypair ${TROVE_MGMT_KEYPAIR_NAME}
}
function config_cinder_volume_type {
volume_type=$(openstack --os-cloud trove volume type list -c Name -f value | awk 'NR==1 {print}')
iniset $TROVE_CONF DEFAULT cinder_volume_type ${volume_type}
}
function config_mgmt_security_group {
local sgid
echo "Creating Trove management security group."
sgid=$(openstack --os-cloud trove security group create ${TROVE_MGMT_SECURITY_GROUP} -f value -c id)
# Allow ICMP
openstack --os-cloud trove security group rule create --proto icmp $sgid
# Allow SSH
openstack --os-cloud trove security group rule create --protocol tcp --dst-port 22 $sgid
iniset $TROVE_CONF DEFAULT management_security_groups $sgid
}
# Dispatcher for trove plugin
if is_service_enabled trove; then
if [[ "$1" == "stack" && "$2" == "install" ]]; then
echo_summary "Installing Trove"
install_trove
install_python_troveclient
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
if is_service_enabled key; then
create_trove_accounts
fi
echo_summary "Configuring Trove"
configure_trove
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
init_trove_db
config_nova_keypair
config_cinder_volume_type
config_mgmt_security_group
config_trove_network
create_guest_image
if [ "$TROVE_ENABLE_LOCAL_REGISTRY" == "True" ] ; then
create_registry_container
fi
echo_summary "Starting Trove"
start_trove
# Guarantee the file permission in the trove code repo in order to
# download trove code from trove-guestagent.
sudo chown -R $STACK_USER:$STACK_USER "$DEST/trove"
elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
echo_summary "Configuring Tempest for Trove"
configure_tempest_for_trove
fi
if [[ "$1" == "unstack" ]]; then
stop_trove
cleanup_trove
fi
fi
# Restore xtrace
$XTRACE
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End: