Nova implementation with app_def framework

Change-Id: Ia656014b7dcbcb77f26860630e643e4a2d465f8e

docker/nova-api/Dockerfile.j2

@@ -0,0 +1,8 @@
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+RUN apt-get install -y --no-install-recommends \
+        mysql-client \
+    && apt-get clean
+
+USER nova

docker/nova-base/Dockerfile.j2

@@ -5,36 +5,27 @@ RUN curl -o nova-{{ branch }}.tar.gz http://tarballs.openstack.org/nova/nova-{{
     && tar -zxvf nova-{{ branch }}.tar.gz
 
 RUN apt-get install -y --no-install-recommends \
-  #      nova-common \
         python-nova \
         bridge-utils \
         openvswitch-switch \
         iptables \
         ebtables \
         dnsmasq \
-        python-libvirt \
         openssh-client \
     && apt-get clean
 
-#ADD nova-base-archive /nova-base-source
 RUN mv nova*/ nova-{{ branch }}/ \
     &&  ln -s nova-{{ branch }}/ /nova \
     && useradd --user-group --create-home --home-dir /var/lib/nova nova \
     && chmod 755 /var/lib/nova \
     && /var/lib/microservices/venv/bin/pip --no-cache-dir install --upgrade -c nova-{{ branch }}/requirements.txt /nova \
-    && mkdir -p /etc/nova /var/lib/nova \
+    && mkdir -p /etc/nova /var/lib/nova /var/log/nova \
     && cp -r /nova/etc/nova/* /etc/nova/ \
-    && chown -R nova: /etc/nova /var/lib/nova \
+    && chown -R nova: /etc/nova /var/lib/nova /var/log/nova \
     && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/microservices/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/nova/rootwrap.conf
 
 COPY nova_sudoers /etc/sudoers.d/nova_sudoers
 RUN chmod 750 /etc/sudoers.d \
     && chmod 440 /etc/sudoers.d/nova_sudoers
 
-
-COPY extend_start.sh /usr/local/bin/microservices_extend_start
-
-RUN touch /usr/local/bin/microservices_extend_start \
-    && chmod 755 /usr/local/bin/microservices_extend_start /usr/local/bin/microservices_extend_start
-
 RUN usermod -a -G microservices nova

docker/nova-base/nova_sudoers

@@ -1 +1 @@
-nova ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/nova-rootwrap /etc/nova/rootwrap.conf *
+nova ALL=(root) NOPASSWD: /var/lib/microservices/venv/bin/nova-rootwrap /etc/nova/rootwrap.conf *, /bin/chown -R nova\: /var/lib/nova

docker/nova-compute/Dockerfile.j2

@@ -0,0 +1,20 @@
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+RUN apt-get -y install --no-install-recommends \
+        libvirt-dev \
+        qemu-utils \
+        ceph-common \
+        genisoimage \
+        open-iscsi \
+    && apt-get clean \
+    && mkdir -p /etc/ceph
+
+RUN git clone https://github.com/openstack/requirements.git && \
+    /var/lib/microservices/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt libvirt-python rtslib-fb && \
+    rm -rf requirements && \
+    rm -f /etc/machine-id
+
+ENV PATH $PATH:/lib/udev
+
+USER nova

docker/nova-conductor/Dockerfile.j2

@@ -0,0 +1,4 @@
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+USER nova

docker/nova-consoleauth/Dockerfile.j2

@@ -0,0 +1,4 @@
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+USER nova

docker/nova-libvirt/Dockerfile.j2

@@ -0,0 +1,17 @@
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+RUN apt-get -y install --no-install-recommends \
+        ceph-common \
+        libvirt-bin \
+        dmidecode \
+        pm-utils \
+        qemu \
+        qemu-block-extra \
+        ebtables \
+        xen-utils-4.4 \
+        usermode \
+    && apt-get clean \
+    && mkdir -p /etc/ceph \
+    && rm -f /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/autostart/default.xml \
+    && usermod -a -G libvirt nova

docker/nova-novncproxy/Dockerfile.j2

@@ -0,0 +1,11 @@
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+RUN curl -o nova-novncproxy.tar.gz https://codeload.github.com/kanaka/noVNC/legacy.tar.gz/v0.5.1 && \
+   tar -zxvf nova-novncproxy.tar.gz && \
+   mkdir -p /usr/share/novnc && \
+   cp -rp kanaka*/* /usr/share/novnc/ && \
+   chown -R nova: /usr/share/novnc && \
+   rm -rf nova-novncproxy.tar.gz kanaka*
+
+USER nova

docker/nova-scheduler/Dockerfile.j2

@@ -0,0 +1,4 @@
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+USER nova

docker/nova-spicehtml5proxy/Dockerfile.j2

@@ -0,0 +1,11 @@
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+RUN curl -o spice.tar.gz https://codeload.github.com/SPICE/spice-html5/tar.gz/spice-html5-0.1.6 && \
+    tar -xzvf spice.tar.gz && \
+    mkdir -p /usr/share/spice-html5 && \
+    cp -rp spice-html5*/* /usr/share/spice-html5/ && \
+    chown -R nova: /usr/share/spice-html5 && \
+    rm -rf spice.tar.gz spice-html5*
+
+USER nova

service/files/defaults.yaml

@@ -0,0 +1,12 @@
+configs:
+    nova_db_password: password
+    nova_db_name: nova
+    nova_api_db_name: nova-api
+    nova_db_username: nova
+    nova_api_port: 8774
+    nova_metadata_port: "8775"
+    nova_novncproxy_port: "6080"
+    nova_logging_debug: "false"
+    enable_ceph: "false"
+    metadata_secret: "password"
+    nova_console: "novnc"

service/files/libvirtd.conf.j2

@@ -0,0 +1,11 @@
+listen_tcp = 1
+auth_tcp = "none"
+ca_file = ""
+log_level = 2
+log_outputs = "2:file:/var/log/mcp/libvirt/libvirtd.log"
+listen_addr = "{{ network_topology["private"]["address"] }}"
+unix_sock_group = "nova"
+unix_sock_ro_perms = "0777"
+unix_sock_rw_perms = "0770"
+auth_unix_ro = "none"
+auth_unix_rw = "none"

service/files/nova-api-db-create.sh.j2

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_USERNAME={{ openstack_user_name }}
+export OS_PASSWORD={{ openstack_user_password }}
+export OS_AUTH_URL=http://keystone:{{ keystone_public_port }}/v3
+export OS_IDENTITY_API_VERSION=3
+
+echo "Creating database"
+mysql -v -u root -p{{ db_root_password }} -h mariadb -e 'create database {{ nova_db_name }}; create database `{{ nova_api_db_name }}`'
+mysql -v -u root -p{{ db_root_password }} -h mariadb -e 'grant all privileges on {{ nova_db_name }}.* to "{{ nova_db_username }}"@"%" identified by "{{ nova_db_password }}";grant all privileges on `{{ nova_api_db_name }}`.* to "{{ nova_db_username }}"@"%" identified by "{{ nova_db_password }}"'
+
+echo "Creating a user"
+openstack user create --project service --password {{ nova_db_password }} {{ nova_db_username }}
+echo "Adding role to user"
+openstack role add admin --project service --user {{ nova_db_username }}
+echo "Creating a role - done"
+echo "Creating a service"
+openstack service create --name nova --description "OpenStack Compute" compute
+
+echo "Creating internal endpoint"
+openstack endpoint create --region RegionOne \
+      compute internal http://nova-api:{{ nova_api_port }}/v2/%\(tenant_id\)s
+
+echo "Creating admin endpoint"
+openstack endpoint create --region RegionOne \
+      compute admin  http://nova-api:{{ nova_api_port }}/v2/%\(tenant_id\)s
+
+echo "Creating public endpoint"
+openstack endpoint create --region RegionOne \
+      compute public http://nova-api:{{ nova_api_port }}/v2/%\(tenant_id\)s

service/files/nova-libvirt-bootstrap.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [[ -c /dev/kvm ]]; then
+    chmod 660 /dev/kvm
+    chown root:kvm /dev/kvm
+fi
+
+# Mount xenfs for libxl to work
+if [[ $(lsmod | grep xenfs) ]]; then
+    mount -t xenfs xenfs /proc/xen
+fi
+
+if [[ ! -d "/var/log/mcp/libvirt" ]]; then
+    mkdir -p /var/log/mcp/libvirt
+    touch /var/log/mcp/libvirt/libvirtd.log
+    chmod 644 /var/log/mcp/libvirt/libvirtd.log
+fi
+if [[ $(stat -c %a /var/log/mcp/libvirt) != "755" ]]; then
+    chmod 755 /var/log/mcp/libvirt
+    chmod 644 /var/log/mcp/libvirt/libvirtd.log
+fi

service/files/nova.conf.j2

@@ -0,0 +1,169 @@
+# nova.conf
+[DEFAULT]
+debug = {{ nova_logging_debug }}
+
+api_paste_config = /etc/nova/api-paste.ini
+state_path = /var/lib/nova
+
+#FIXME
+osapi_compute_listen = {{ network_topology["private"]["address"] }}
+osapi_compute_listen_port = {{ nova_api_port }}
+
+#FIXME
+metadata_listen = {{ network_topology["private"]["address"] }}
+metadata_listen_port = {{ nova_metadata_port }}
+
+#FIXME
+ec2_listen = {{ network_topology["private"]["address"] }}
+ec2_listen_port = {{ nova_api_ec2_port }}
+
+notification_driver = noop
+
+use_neutron = True
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+scheduler_max_attempts = 10
+
+{% if neutron_plugin_agent == "openvswitch" %}
+linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
+{% elif neutron_plugin_agent == "linuxbridge" %}
+linuxnet_interface_driver = nova.network.linux_net.BridgeInterfaceDriver
+{% endif %}
+
+allow_resize_to_same_host = true
+
+{% if enable_ironic | bool %}
+scheduler_host_manager = nova.scheduler.ironic_host_manager.IronicHostManager
+{% endif %}
+
+{% if enable_nova_fake | bool %}
+scheduler_default_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter
+host = {{ get_hostname() }}_{{ item }}
+compute_driver = fake.FakeDriver
+{% else %}
+compute_driver = libvirt.LibvirtDriver
+{% endif %}
+
+# Here we need to pass an array of memcached daemons, for now we just use DNS
+# FIXME
+memcached_servers = memcached
+
+
+# Though my_ip is not used directly, lots of other variables use $my_ip
+my_ip = {{ network_topology["private"]["address"] }}
+
+{% if nova_console == 'novnc' %}
+novncproxy_host = {{ network_topology["private"]["address"] }}
+novncproxy_port = {{ nova_novncproxy_port }}
+[vnc]
+vncserver_listen = {{ network_topology["private"]["address"] }}
+#FIXME
+vncserver_proxyclient_address = {{ network_topology["private"]["address"] }}
+# We need to create a cont name jinja vars
+# FIXME
+{# if service_name == "nova-compute" #}
+#FIXME
+novncproxy_base_url = http://nova-novncproxy:{{ nova_novncproxy_port }}/vnc_auto.html
+{# endif #}
+{% elif nova_console == 'spice' %}
+[vnc]
+# We have to turn off vnc to use spice
+enabled = false
+[spice]
+server_listen = {{ network_topology["private"]["address"] }}
+server_proxyclient_address = {{ nova_spicehtml5proxy_host }}
+{% if service_name == "nova-compute" %}
+html5proxy_base_url = http://{{ nova_spicehtml5proxy_host }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html
+{% endif %}
+html5proxy_host = {{ nova_spicehtml5proxy_host }}
+html5proxy_port = {{ nova_spicehtml5proxy_port }}
+{% endif %}
+
+# FIXME
+{% if service_name == "nova-compute-ironic" %}
+[ironic]
+#(TODO) remember to update this once discoverd is replaced by inspector
+admin_username = {{ ironic_keystone_user }}
+admin_password = {{ ironic_keystone_password }}
+admin_url = {{ openstack_auth_url }}
+admin_tenant_name = service
+api_endpoint = http://ironic-api:{{ ironic_api_port }}/v1
+{% endif %}
+
+[oslo_messaging_rabbit]
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_ha_queues = true
+# We need to pass an array of RBMQ server here
+# FIXME
+rabbit_hosts = rabbitmq
+
+[oslo_concurrency]
+lock_path = /var/lib/nova/tmp
+
+[glance]
+# FIXME
+api_servers = glance-api:{{ glance_api_port }}
+# We need to do N number of retries here, N = number of glance-api daemons running
+# FIXME
+num_retries = 1
+
+[cinder]
+catalog_info = volume:cinder:internalURL
+
+[neutron]
+url = http://neutron-server:{{ neutron_server_port }}
+auth_strategy = keystone
+metadata_proxy_shared_secret = {{ metadata_secret }}
+service_metadata_proxy = true
+
+auth_url = http://keystone:{{ keystone_admin_port }}
+auth_plugin = password
+project_domain_name = default
+user_domain_id = default
+project_name = service
+username = {{ neutron_db_username }}
+password = {{ neutron_db_password }}
+
+[database]
+connection = mysql+pymysql://{{ nova_db_username }}:{{ nova_db_password }}@mariadb/{{ nova_db_name }}
+max_pool_size = 50
+max_overflow = 1000
+max_retries = -1
+
+[api_database]
+connection = mysql+pymysql://{{ nova_db_username }}:{{ nova_db_password }}@mariadb/{{ nova_api_db_name }}
+max_retries = -1
+
+[cache]
+backend = oslo_cache.memcache_pool
+enabled = True
+# FIXME
+memcache_servers = memcached
+
+[keystone_authtoken]
+auth_version = v3
+auth_uri = http://keystone:{{ keystone_public_port }}/v3
+auth_url = http://keystone:{{ keystone_admin_port }}/v3
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ nova_db_username }}
+password = {{ nova_db_password }}
+
+[libvirt]
+#Need to split file in sections to avoid confussion with wrong IP here for non compute services
+connection_uri = "qemu+tcp://{{ network_topology["private"]["address"] }}/system"
+{% if enable_ceph | bool %}
+images_type = rbd
+images_rbd_pool = {{ ceph_nova_pool_name }}
+images_rbd_ceph_conf = /etc/ceph/ceph.conf
+rbd_user = nova
+rbd_secret_uuid = {{ rbd_secret_uuid }}
+disk_cachemodes="network=writeback"
+live_migration_flag="VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST,VIR_MIGRATE_TUNNELLED"
+hw_disk_discard = unmap
+{% endif %}
+
+[upgrade_levels]
+compute = auto

service/nova-api.yaml

@@ -0,0 +1,60 @@
+service:
+    name: nova-api
+    ports:
+        - nova_api_port
+        - nova_metadata_port
+    container:
+        privileged: "true"
+        node-selector:
+          openstack-controller: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    pre:
+        - name: nova-db-creation
+          type: single
+          command: /tmp/nova-api-db-create.sh
+          dependencies:
+              - mariadb
+              - keystone-create-project
+          files:
+              - nova-api-db-create.sh
+              - nova.conf
+
+        - name: nova-db-sync
+          type: single
+          command: nova-manage db sync
+          dependencies:
+              - nova-db-creation
+          files:
+              - nova.conf
+
+        - name: nova-api-db-sync
+          type: single
+          command: nova-manage api_db sync
+          dependencies:
+              - nova-db-sync
+          files:
+              - nova.conf
+
+        - name: nova-db-migrations
+          type: single
+          command: nova-manage db online_data_migrations
+          dependencies:
+              - nova-api-db-sync
+          files:
+              - nova.conf
+
+    daemon:
+        command: nova-api --config-file /etc/nova/nova.conf
+        files:
+            - nova.conf
+files:
+    nova.conf:
+        path: /etc/nova/nova.conf
+        content: nova.conf.j2
+        perm: "0600"
+    nova-api-db-create.sh:
+        path: /tmp/nova-api-db-create.sh
+        content: nova-api-db-create.sh.j2
+        perm: "0755"

service/nova-compute.yaml

@@ -0,0 +1,43 @@
+service:
+    name: nova-compute
+    container:
+        host-net: "true"
+        privileged: "true"
+        daemonset: "true"
+        node-selector:
+          openstack-compute: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    volumes:
+      - name: run
+        type: host
+        path: /run
+      - name: modules
+        type: host
+        path: /lib/modules
+      - name: nova
+        type: host
+        path: /var/lib/nova
+      - name: libvirt
+        type: host
+        path: /var/lib/libvirt
+    pre:
+        - name: disable-netfilter-4
+          command: "echo sudo sysctl net.bridge.bridge-nf-call-iptables=1"
+        - name: disable-netfilter-6
+          command: "echo sudo sysctl net.bridge.bridge-nf-call-ip6tables=1"
+        - name: create-dir
+          command: "sudo /bin/chown -R nova: /var/lib/nova ; mkdir -p /var/lib/nova/instances"
+    daemon:
+        command: nova-compute --config-file /etc/nova/nova.conf
+        dependencies:
+          - nova-db-migrations
+          - nova-libvirt
+        files:
+          - nova.conf
+files:
+    nova.conf:
+        path: /etc/nova/nova.conf
+        content: nova.conf.j2
+        perm: "0600"

service/nova-conductor.yaml

@@ -0,0 +1,20 @@
+service:
+    name: nova-conductor
+    container:
+        host-net: "true"
+        node-selector:
+          openstack-controller: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    daemon:
+        command: nova-conductor --config-file /etc/nova/nova.conf
+        files:
+            - nova.conf
+        dependencies:
+            - nova-db-migrations
+files:
+    nova.conf:
+        path: /etc/nova/nova.conf
+        content: nova.conf.j2
+        perm: "0600"

service/nova-consoleauth.yaml

@@ -0,0 +1,20 @@
+service:
+    name: nova-consoleauth
+    container:
+        host-net: "true"
+        node-selector:
+          openstack-controller: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    daemon:
+        command: nova-consoleauth --config-file /etc/nova/nova.conf
+        files:
+            - nova.conf
+        dependencies:
+            - nova-db-migrations
+files:
+    nova.conf:
+        path: /etc/nova/nova.conf
+        content: nova.conf.j2
+        perm: "0600"

service/nova-libvirt.yaml

@@ -0,0 +1,43 @@
+service:
+    name: nova-libvirt
+    container:
+        host-net: "true"
+        privileged: "true"
+        daemonset: "true"
+        node-selector:
+          openstack-compute: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    volumes:
+      - name: run
+        type: host
+        path: /run
+      - name: modules
+        type: host
+        path: /lib/modules
+      - name: nova
+        type: host
+        path: /var/lib/nova
+      - name: libvirt
+        type: host
+        path: /var/lib/libvirt
+    pre:
+        - name: nova-libvirt-bootstrap
+          command: /tmp/nova-libvirt-bootstrap.sh
+    daemon:
+        command: libvirtd --listen
+        dependencies:
+          - nova-db-migrations
+        files:
+          - libvirtd.conf
+          - nova-libvirt-bootstrap.sh
+files:
+    libvirtd.conf:
+        path: /etc/libvirt/libvirtd.conf
+        content: libvirtd.conf.j2
+        perm: "0600"
+    nova-libvirt-bootstrap.sh:
+        path: /tmp/nova-libvirt-bootstrap.sh
+        content: nova-libvirt-bootstrap.sh
+        perm: "0755"

service/nova-novncproxy.yaml

@@ -0,0 +1,21 @@
+service:
+    name: nova-novncproxy
+    ports:
+        - nova_novncproxy_port
+    container:
+        node-selector:
+          openstack-controller: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    daemon:
+        command: nova-novncproxy --config-file /etc/nova/nova.conf
+        files:
+            - nova.conf
+        dependencies:
+            - nova-db-migrations
+files:
+    nova.conf:
+        path: /etc/nova/nova.conf
+        content: nova.conf.j2
+        perm: "0600"

service/nova-scheduler.yaml

@@ -0,0 +1,20 @@
+service:
+    name: nova-scheduler
+    container:
+        host-net: "true"
+        node-selector:
+          openstack-controller: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    daemon:
+        command: nova-scheduler --config-file /etc/nova/nova.conf
+        files:
+            - nova.conf
+        dependencies:
+            - nova-db-migrations
+files:
+    nova.conf:
+        path: /etc/nova/nova.conf
+        content: nova.conf.j2
+        perm: "0600"