Use focal/core20/Ussuri/OVN & enable confinement
Major changes: * Plumbing necessary for strict confinement with the microstack-support interface https://github.com/snapcore/snapd/pull/8926 * Until the interface is merged, devmode will be used and kernel modules will be loaded via an auxiliary service. * upgraded OpenStack components to Focal (20.04) and OpenStack Ussuri; * reworked the old patches; * added the Placement service since it is now separate; * addressed various build issues due to changes in snapcraft and built dependencies: * e.g. libvirt requires the build directory to be separate from the source directory) and LP: #1882255; * LP: #1882535 and https://github.com/pypa/pip/issues/8414 * LP: #1882839 * LP: #1885294 * https://storyboard.openstack.org/#!/story/2007806 * LP: #1864589 * LP: #1777121 * LP: #1881590 * ML2/OVS replated with ML2/OVN; * dnsmasq is not used anymore; * neutron l3 and DHCP agents are not used anymore; * Linux network namespaces are only used for neutron-ovn-metadata-agent. * ML2 DNS support is done via native OVN mechanisms; * OVN-related database services (southbound and northbound dbs); * OVN-related control plane services (ovn-controller, ovn-northd); * core20 base support (bionic hosts are supported); * the removal procedure now relies on the "remove" hook since `snap remove` cannot be used from the confined environment anymore; * prerequisites to enabling AppArmor confinement for QEMU processes created by the confined libvirtd. * Added the Spice html5 console proxy service to enable clients to retrieve and use it via `microstack.openstack console url show --spice <servername>`. * Added missing Cinder templates and DB migrations for the Cinder DB. * Added experimental support for a loop device-based LVM backend for Cinder. Due to LP: #1892895 this is not recommended to be used in production except for tempest testing with an applied workaround; * includes iscsid and iscsi-tcp kernel module loading; * includes LIO and loading of relevant kernel modules; * An LVM PV is created on top of a loop device with a backing file present in $SNAP_COMMON/cinder-lvm.img; * A VG is created on top of the PV; * LVs are created by Cinder and exported via LIO over iscsi to iscsid which hot-plugs new SCSI devices. Those SCSI devices are then propagated by Nova to libvirt and QEMU during volume attachment; * Added post-deployment testing via rally and tempest (via the microstack-test snap). A set of tests included into Refstack 2018.02 is executed (except for object storage tests due to the lack of object storage support). Change-Id: Ic70770095860a57d5e0a55a8a9451f9db6be7448
This commit is contained in:
parent
e59d15eb58
commit
780a4c4ead
@ -1,18 +1,18 @@
|
||||
From 4d90b94a0a4ce3e7e69507c2c25a6981336c66a1 Mon Sep 17 00:00:00 2001
|
||||
From: Pete Vander Giessen <pete.vandergiessen@canonical.com>
|
||||
Date: Thu, 19 Sep 2019 13:18:50 +0000
|
||||
Subject: [PATCH] Added SNAP_COMMON pathing
|
||||
From 36c45710c8cc3bbdf86fe2513a07a0d5f0a5c3f9 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitrii Shcherbakov <dmitrii.shcherbakov@canonical.com>
|
||||
Date: Mon, 8 Jun 2020 13:56:20 +0000
|
||||
Subject: [PATCH] Use SNAP_COMMON paths
|
||||
|
||||
---
|
||||
lib/python3.6/site-packages/openstack_dashboard/local/local_settings.py | 4 +++-
|
||||
openstack_dashboard/local/local_settings.py | 4 +++-
|
||||
openstack_dashboard/settings.py | 6 ++++--
|
||||
2 files changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/python3.6/site-packages/openstack_dashboard/local/local_settings.py b/lib/python3.6/site-packages/openstack_dashboard/local/local_settings.py
|
||||
index 5f1ab10cc..cef4e9485 100644
|
||||
--- a/lib/python3.6/site-packages/openstack_dashboard/local/local_settings.py
|
||||
+++ b/lib/python3.6/site-packages/openstack_dashboard/local/local_settings.py
|
||||
@@ -10,6 +10,8 @@ from openstack_dashboard.settings import HORIZON_CONFIG
|
||||
diff --git a/lib/python3.8/site-packages/openstack_dashboard/local/local_settings.py b/lib/python3.8/site-packages/openstack_dashboard/local/local_settings.py
|
||||
index 2b084bf24..aad403c04 100644
|
||||
--- a/lib/python3.8/site-packages/openstack_dashboard/local/local_settings.py
|
||||
+++ b/lib/python3.8/site-packages/openstack_dashboard/local/local_settings.py
|
||||
@@ -22,6 +22,8 @@ from openstack_dashboard.settings import HORIZON_CONFIG
|
||||
|
||||
DEBUG = True
|
||||
|
||||
@ -21,7 +21,7 @@ index 5f1ab10cc..cef4e9485 100644
|
||||
# This setting controls whether or not compression is enabled. Disabling
|
||||
# compression makes Horizon considerably slower, but makes it much easier
|
||||
# to debug JS and CSS changes
|
||||
@@ -62,7 +64,7 @@ DEBUG = True
|
||||
@@ -74,7 +76,7 @@ DEBUG = True
|
||||
# including on the login form.
|
||||
#HORIZON_CONFIG["disable_password_reveal"] = False
|
||||
|
||||
@ -30,11 +30,11 @@ index 5f1ab10cc..cef4e9485 100644
|
||||
|
||||
# Set custom secret key:
|
||||
# You can either set it to a specific value or you can let horizon generate a
|
||||
diff --git a/openstack_dashboard/settings.py b/openstack_dashboard/settings.py
|
||||
index 02cd17ef3..69380f460 100644
|
||||
--- a/lib/python3.6/site-packages/openstack_dashboard/settings.py
|
||||
+++ b/lib/python3.6/site-packages/openstack_dashboard/settings.py
|
||||
@@ -55,6 +55,8 @@ if ROOT_PATH not in sys.path:
|
||||
diff --git a/lib/python3.8/site-packages/openstack_dashboard/settings.py b/lib/python3.8/site-packages/openstack_dashboard/settings.py
|
||||
index 81b8e45e1..5909bc8a8 100644
|
||||
--- a/lib/python3.8/site-packages/openstack_dashboard/settings.py
|
||||
+++ b/lib/python3.8/site-packages/openstack_dashboard/settings.py
|
||||
@@ -50,6 +50,8 @@ if ROOT_PATH not in sys.path:
|
||||
|
||||
DEBUG = False
|
||||
|
||||
@ -43,7 +43,7 @@ index 02cd17ef3..69380f460 100644
|
||||
ROOT_URLCONF = 'openstack_dashboard.urls'
|
||||
|
||||
HORIZON_CONFIG = {
|
||||
@@ -216,7 +218,7 @@ USE_TZ = True
|
||||
@@ -211,7 +213,7 @@ USE_TZ = True
|
||||
DEFAULT_EXCEPTION_REPORTER_FILTER = 'horizon.exceptions.HorizonReporterFilter'
|
||||
|
||||
SECRET_KEY = None
|
||||
@ -52,7 +52,7 @@ index 02cd17ef3..69380f460 100644
|
||||
|
||||
ADD_INSTALLED_APPS = []
|
||||
|
||||
@@ -265,7 +267,7 @@ else:
|
||||
@@ -260,7 +262,7 @@ else:
|
||||
)
|
||||
|
||||
# allow to drop settings snippets into a local_settings_dir
|
@ -1,4 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Wrapper for dnsmasq
|
||||
|
||||
exec $SNAP/usr/sbin/dnsmasq-orig -u snap_daemon -g snap_daemon $@
|
77
patches/nginx/0001-drop-setuid-setgid-initgroups.patch
Normal file
77
patches/nginx/0001-drop-setuid-setgid-initgroups.patch
Normal file
@ -0,0 +1,77 @@
|
||||
From a8df30a8a837c223945a13fe4cd9418084d8ed21 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitrii Shcherbakov <dmitrii.shcherbakov@canonical.com>
|
||||
Date: Wed, 10 Jun 2020 20:14:32 +0000
|
||||
Subject: [PATCH] drop setuid/setgid/initgroups
|
||||
|
||||
---
|
||||
src/os/unix/ngx_process_cycle.c | 54 ---------------------------------
|
||||
1 file changed, 54 deletions(-)
|
||||
|
||||
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
|
||||
index 5817a2c2..305c6823 100644
|
||||
--- a/src/os/unix/ngx_process_cycle.c
|
||||
+++ b/src/os/unix/ngx_process_cycle.c
|
||||
@@ -825,60 +825,6 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker)
|
||||
}
|
||||
}
|
||||
|
||||
- if (geteuid() == 0) {
|
||||
- if (setgid(ccf->group) == -1) {
|
||||
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
- "setgid(%d) failed", ccf->group);
|
||||
- /* fatal */
|
||||
- exit(2);
|
||||
- }
|
||||
-
|
||||
- if (initgroups(ccf->username, ccf->group) == -1) {
|
||||
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
- "initgroups(%s, %d) failed",
|
||||
- ccf->username, ccf->group);
|
||||
- }
|
||||
-
|
||||
-#if (NGX_HAVE_PR_SET_KEEPCAPS && NGX_HAVE_CAPABILITIES)
|
||||
- if (ccf->transparent && ccf->user) {
|
||||
- if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) {
|
||||
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
- "prctl(PR_SET_KEEPCAPS, 1) failed");
|
||||
- /* fatal */
|
||||
- exit(2);
|
||||
- }
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
- if (setuid(ccf->user) == -1) {
|
||||
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
- "setuid(%d) failed", ccf->user);
|
||||
- /* fatal */
|
||||
- exit(2);
|
||||
- }
|
||||
-
|
||||
-#if (NGX_HAVE_CAPABILITIES)
|
||||
- if (ccf->transparent && ccf->user) {
|
||||
- struct __user_cap_data_struct data;
|
||||
- struct __user_cap_header_struct header;
|
||||
-
|
||||
- ngx_memzero(&header, sizeof(struct __user_cap_header_struct));
|
||||
- ngx_memzero(&data, sizeof(struct __user_cap_data_struct));
|
||||
-
|
||||
- header.version = _LINUX_CAPABILITY_VERSION_1;
|
||||
- data.effective = CAP_TO_MASK(CAP_NET_RAW);
|
||||
- data.permitted = data.effective;
|
||||
-
|
||||
- if (syscall(SYS_capset, &header, &data) == -1) {
|
||||
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
- "capset() failed");
|
||||
- /* fatal */
|
||||
- exit(2);
|
||||
- }
|
||||
- }
|
||||
-#endif
|
||||
- }
|
||||
-
|
||||
if (worker >= 0) {
|
||||
cpu_affinity = ngx_get_cpu_affinity(worker);
|
||||
|
||||
--
|
||||
2.17.1
|
||||
|
@ -1,57 +0,0 @@
|
||||
Description: Drop code where nginx drops privileges for worker
|
||||
processes. While setuid is covered by the browser-support plug,
|
||||
setgroups isn't covered by any plugs. This code isn't required
|
||||
because in strict mode we run worker processes as root:root.
|
||||
The seccomp violation follows:
|
||||
= Seccomp =
|
||||
Time: Jun 16 01:13:15
|
||||
Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=6087 comm="nginx"
|
||||
exe="/snap/keystone/x1/usr/sbin/nginx" sig=31 arch=c000003e
|
||||
116(setgroups) compat=0 ip=0x7f40e288af09 code=0x0
|
||||
Syscall: setgroups
|
||||
Suggestion:
|
||||
* adjust program to not use 'setgroups' until per-snap user/groups
|
||||
are supported (https://launchpad.net/bugs/1446748)
|
||||
Author: Corey Bryant <corey.bryant@canonical.com>
|
||||
Forwarded: no
|
||||
|
||||
---
|
||||
src/os/unix/ngx_process_cycle.c | 22 ----------------------
|
||||
1 file changed, 22 deletions(-)
|
||||
|
||||
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
|
||||
index 1710ea8..c428673 100644
|
||||
--- a/src/os/unix/ngx_process_cycle.c
|
||||
+++ b/src/os/unix/ngx_process_cycle.c
|
||||
@@ -824,28 +824,6 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker)
|
||||
}
|
||||
}
|
||||
|
||||
- if (geteuid() == 0) {
|
||||
- if (setgid(ccf->group) == -1) {
|
||||
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
- "setgid(%d) failed", ccf->group);
|
||||
- /* fatal */
|
||||
- exit(2);
|
||||
- }
|
||||
-
|
||||
- if (initgroups(ccf->username, ccf->group) == -1) {
|
||||
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
- "initgroups(%s, %d) failed",
|
||||
- ccf->username, ccf->group);
|
||||
- }
|
||||
-
|
||||
- if (setuid(ccf->user) == -1) {
|
||||
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
- "setuid(%d) failed", ccf->user);
|
||||
- /* fatal */
|
||||
- exit(2);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
if (worker >= 0) {
|
||||
cpu_affinity = ngx_get_cpu_affinity(worker);
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
@ -0,0 +1,56 @@
|
||||
From 84e8c808d146ef7d4a716bf951875f85fd7020c9 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitrii Shcherbakov <dmitrii.shcherbakov@canonical.com>
|
||||
Date: Tue, 18 Aug 2020 19:07:37 +0000
|
||||
Subject: [PATCH] Use a snap-specific abstract socket address
|
||||
|
||||
* open-iscsi is included into Ubuntu cloud images and, as a result,
|
||||
sockets with names hard-coded in the source get created and owned by
|
||||
systemd at the host level;
|
||||
* iscsid checks for the LISTEN_FDS environment variable to determine
|
||||
whether systemd passes the necessary socket file descriptors to it -
|
||||
this does not happen since iscsid.socket service name differs from the
|
||||
actual service name: snap.microstack.iscsid.service;
|
||||
* snapd's support for the systemd socket activation feature is present
|
||||
but abstract socket names are restricted to be prefixed with
|
||||
snap.<snap-name>.<your-socket-name> - this means that open-scsi needs to
|
||||
be patched since the abstract domain socket name isn't configurable and
|
||||
is hard-coded at the compile time.
|
||||
|
||||
This patch alters the hard-coded abstract socket names in order to use
|
||||
systemd socket activation via the means supported by snapd and to avoid
|
||||
conflicts with an iscsid instance that might be used at the host where
|
||||
this snap is installed.
|
||||
---
|
||||
usr/mgmt_ipc.h | 2 +-
|
||||
usr/uip_mgmt_ipc.h | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/usr/mgmt_ipc.h b/usr/mgmt_ipc.h
|
||||
index 55972ed..aa66419 100644
|
||||
--- a/usr/mgmt_ipc.h
|
||||
+++ b/usr/mgmt_ipc.h
|
||||
@@ -23,7 +23,7 @@
|
||||
#include "iscsi_if.h"
|
||||
#include "config.h"
|
||||
|
||||
-#define ISCSIADM_NAMESPACE "ISCSIADM_ABSTRACT_NAMESPACE"
|
||||
+#define ISCSIADM_NAMESPACE "snap.microstack.ISCSIADM_ABSTRACT_NAMESPACE"
|
||||
#define PEERUSER_MAX 64
|
||||
|
||||
typedef enum iscsiadm_cmd {
|
||||
diff --git a/usr/uip_mgmt_ipc.h b/usr/uip_mgmt_ipc.h
|
||||
index 916113d..484e9f5 100644
|
||||
--- a/usr/uip_mgmt_ipc.h
|
||||
+++ b/usr/uip_mgmt_ipc.h
|
||||
@@ -24,7 +24,7 @@
|
||||
#include "initiator.h"
|
||||
#include "transport.h"
|
||||
|
||||
-#define ISCSID_UIP_NAMESPACE "ISCSID_UIP_ABSTRACT_NAMESPACE"
|
||||
+#define ISCSID_UIP_NAMESPACE "snap.microstack.ISCSID_UIP_ABSTRACT_NAMESPACE"
|
||||
|
||||
typedef enum iscsid_uip_cmd {
|
||||
ISCSID_UIP_IPC_UNKNOWN = 0,
|
||||
--
|
||||
2.17.1
|
||||
|
19
snap-overlay/bin/iscsid-start
Executable file
19
snap-overlay/bin/iscsid-start
Executable file
@ -0,0 +1,19 @@
|
||||
#!/bin/sh
|
||||
|
||||
mkdir -p $SNAP_COMMON/etc/iscsi/
|
||||
|
||||
INAME_FILE=$SNAP_COMMON/etc/iscsi/initiatorname.iscsi
|
||||
|
||||
if ! [ -f $INAME_FILE ]; then
|
||||
# Generate a unique InitiatorName and save it
|
||||
INAME=`iscsi-iname -p iqn.1993-08.org.debian:01`
|
||||
echo "## DO NOT EDIT OR REMOVE THIS FILE!" > $INAME_FILE
|
||||
echo "## If you remove this file, the iSCSI daemon will not start." >> $INAME_FILE
|
||||
echo "## If you change the InitiatorName, existing access control lists" >> $INAME_FILE
|
||||
echo "## may reject this initiator. The InitiatorName must be unique">> $INAME_FILE
|
||||
echo "## for each iSCSI initiator. Do NOT duplicate iSCSI InitiatorNames." >> $INAME_FILE
|
||||
printf "InitiatorName=$INAME\n" >> $INAME_FILE
|
||||
chmod 600 $INAME_FILE
|
||||
fi
|
||||
|
||||
exec $SNAP/sbin/iscsid -p $SNAP_COMMON/var/run/iscsid.pid --initiatorname=$INAME_FILE --config=$SNAP_COMMON/etc/iscsi/iscsid.conf
|
5
snap-overlay/bin/load-modules
Executable file
5
snap-overlay/bin/load-modules
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -ex
|
||||
|
||||
modprobe -a vhost vhost-net vhost-scsi vhost-vsock pci-stub vfio nbd dm-mod dm-thin-pool dm-snapshot iscsi-tcp target-core-mod
|
@ -13,9 +13,11 @@ snapctl set \
|
||||
|
||||
# Networking related settings.
|
||||
snapctl set \
|
||||
config.network.dns=1.1.1.1 \
|
||||
config.network.dns-servers=1.1.1.1 \
|
||||
config.network.dns-domain=microstack.example. \
|
||||
config.network.ext-gateway=10.20.20.1 \
|
||||
config.network.control-ip=10.20.20.1 \
|
||||
config.network.node-fqdn=`hostname -f` \
|
||||
config.network.compute-ip=10.20.20.1 \
|
||||
config.network.ext-cidr=10.20.20.1/24 \
|
||||
config.network.security-rules=true \
|
||||
@ -30,11 +32,19 @@ snapctl set \
|
||||
config.credentials.os-password=keystone \
|
||||
config.credentials.key-pair="/home/{USER}/snap/{SNAP_NAME}/common/.ssh/id_microstack" \
|
||||
config.credentials.nova-password=nova \
|
||||
config.credentials.cinder-password=cinder \
|
||||
config.credentials.neutron-password=neutron \
|
||||
config.credentials.placement-password=placement \
|
||||
config.credentials.glance-password=glance \
|
||||
;
|
||||
|
||||
# Cinder volume backend config.
|
||||
snapctl set \
|
||||
config.cinder.setup-loop-based-cinder-lvm-backend=false \
|
||||
config.cinder.loop-device-file-size=32G \
|
||||
config.cinder.lvm-backend-volume-group=cinder-volumes \
|
||||
;
|
||||
|
||||
# Host optimizations and fixes.
|
||||
snapctl set \
|
||||
config.host.ip-forwarding=false \
|
||||
@ -45,12 +55,13 @@ snapctl set \
|
||||
snapctl set \
|
||||
config.services.control-plane=true \
|
||||
config.services.hypervisor=true \
|
||||
config.services.spice-console=true \
|
||||
;
|
||||
|
||||
# Clustering roles
|
||||
snapctl set \
|
||||
cluster.role=control \
|
||||
cluster.password=null \
|
||||
config.cluster.role=control \
|
||||
config.cluster.password=null \
|
||||
;
|
||||
|
||||
# Uninstall stuff
|
||||
|
@ -10,15 +10,30 @@
|
||||
set -ex
|
||||
|
||||
extcidr=$(snapctl get config.network.ext-cidr)
|
||||
controlip=$(snapctl get config.network.control-ip)
|
||||
|
||||
# Create external integration bridge
|
||||
ovs-vsctl --retry --may-exist add-br br-ex
|
||||
# NOTE(dmitriis): this needs to be reworked to allow for OVN + direct exit of traffic to
|
||||
# the provider network from a compute node.
|
||||
|
||||
# Create an external bridge in the system datapath.
|
||||
ovs-vsctl --retry --may-exist add-br br-ex -- set bridge br-ex datapath_type=system protocols=OpenFlow13,OpenFlow15
|
||||
ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet1:br-ex
|
||||
ovs-vsctl set open . external-ids:ovn-cms-options="enable-chassis-as-gw"
|
||||
|
||||
# Configure the settings used by self-configuration of ovn-controller.
|
||||
ovs-vsctl set open . external-ids:ovn-encap-type=geneve -- set open . external-ids:ovn-encap-ip=$controlip
|
||||
# Leave SB database connection details for ovn-controller to pick up.
|
||||
ovs-vsctl set open . external-ids:ovn-remote='unix:/var/snap/microstack/common/run/ovn/ovnsb_db.sock'
|
||||
|
||||
# NOTE: system-id is a randomly-generated UUID (see the --system-id=random option for ovs-ctl)
|
||||
# As it is generated automatically, we do not set it here.
|
||||
# It can be retrieved by looking at `ovs-vsctl get open_vswitch . external-ids`.
|
||||
|
||||
# Configure br-ex
|
||||
ip address add $extcidr dev br-ex || :
|
||||
ip link set br-ex up || :
|
||||
|
||||
sudo iptables -w -t nat -A POSTROUTING -s $extcidr ! \
|
||||
iptables-legacy -w -t nat -A POSTROUTING -s $extcidr ! \
|
||||
-d $extcidr -j MASQUERADE || :
|
||||
|
||||
exit 0
|
||||
|
4
snap-overlay/bin/target-start
Executable file
4
snap-overlay/bin/target-start
Executable file
@ -0,0 +1,4 @@
|
||||
#!/bin/sh
|
||||
|
||||
# This wrapper is needed due to https://bugs.launchpad.net/snapd/+bug/1882839
|
||||
$SNAP/usr/bin/targetcli restoreconfig clear_existing=True
|
5
snap-overlay/bin/target-stop
Executable file
5
snap-overlay/bin/target-stop
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/sh
|
||||
|
||||
$SNAP/usr/bin/targetcli saveconfig
|
||||
# This wrapper is needed due to https://bugs.launchpad.net/snapd/+bug/1882839
|
||||
$SNAP/usr/bin/targetcli clearconfig confirm=True
|
@ -1,5 +0,0 @@
|
||||
[DEFAULT]
|
||||
interface_driver = openvswitch
|
||||
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
|
||||
enable_isolated_metadata = True
|
||||
dnsmasq_dns_servers = 1.1.1.1
|
@ -1,2 +0,0 @@
|
||||
[DEFAULT]
|
||||
interface_driver = openvswitch
|
@ -1,3 +0,0 @@
|
||||
[DEFAULT]
|
||||
nova_metadata_ip = 10.20.20.1
|
||||
metadata_proxy_shared_secret = supersecret
|
@ -1,4 +1,10 @@
|
||||
[DEFAULT]
|
||||
core_plugin = ml2
|
||||
service_plugins = router
|
||||
service_plugins = ovn-router
|
||||
allow_overlapping_ips = True
|
||||
|
||||
# Disable auto-scheduling of networks to DHCP agents since they are not used with OVN.
|
||||
network_auto_schedule = False
|
||||
|
||||
[ovn]
|
||||
ovn_metadata_enabled = True
|
||||
|
@ -1,13 +1,18 @@
|
||||
[ml2]
|
||||
mechanism_drivers = openvswitch
|
||||
extension_drivers = port_security,trunk,qos
|
||||
tenant_network_types = geneve,gre,vxlan
|
||||
mechanism_drivers = ovn
|
||||
extension_drivers = port_security,qos
|
||||
tenant_network_types = geneve
|
||||
overlay_ip_version = 4
|
||||
external_network_type = flat
|
||||
|
||||
[ml2_type_geneve]
|
||||
vni_ranges = 1:65535
|
||||
max_header_size = 40
|
||||
|
||||
[ml2_type_gre]
|
||||
tunnel_id_ranges = 1:65535
|
||||
[ml2_type_flat]
|
||||
flat_networks = *
|
||||
|
||||
[ml2_type_vxlan]
|
||||
vni_ranges = 1:65535
|
||||
[ovn]
|
||||
# TODO(dmitriis): replace the common path with a template.
|
||||
ovn_nb_connection = unix:/var/snap/microstack/common/run/ovn/ovnnb_db.sock
|
||||
ovn_sb_connection = unix:/var/snap/microstack/common/run/ovn/ovnsb_db.sock
|
||||
|
@ -1,11 +0,0 @@
|
||||
# Snap provided defaults for neutron-openvswitch-agent
|
||||
[securitygroup]
|
||||
enable_security_group = True
|
||||
firewall_driver = openvswitch
|
||||
|
||||
[AGENT]
|
||||
tunnel_types = geneve,vxlan,gre
|
||||
|
||||
[ovs]
|
||||
local_ip = 127.0.0.1
|
||||
bridge_mappings = physnet1:br-ex
|
3
snap-overlay/etc/placement/placement.conf
Normal file
3
snap-overlay/etc/placement/placement.conf
Normal file
@ -0,0 +1,3 @@
|
||||
# Snap distribution defaults - do not change, override in $SNAP_COMMON/etc/cinder.conf.d
|
||||
[database]
|
||||
max_retries = -1
|
@ -116,7 +116,8 @@ table {
|
||||
/* Login splash screen */
|
||||
#splash {
|
||||
background: url("/static/themes/ubuntu/img/image-background-pattern.png");
|
||||
background: linear-gradient(to right, rgba(100, 100, 100, 0.2), transparent), url("/static/themes/ubuntu/img/image-background-pattern.png");
|
||||
position: absolute;
|
||||
width: 100vw;
|
||||
|
||||
.login {
|
||||
background-color: $white;
|
Binary file not shown.
Before Width: | Height: | Size: 90 KiB After Width: | Height: | Size: 90 KiB |
Before Width: | Height: | Size: 5.1 KiB After Width: | Height: | Size: 5.1 KiB |
Before Width: | Height: | Size: 5.1 KiB After Width: | Height: | Size: 5.1 KiB |
@ -10,6 +10,7 @@ setup:
|
||||
- "{snap_common}/etc/nginx/sites-enabled"
|
||||
- "{snap_common}/etc/nginx/snap/sites-enabled"
|
||||
- "{snap_common}/etc/glance/glance.conf.d"
|
||||
- "{snap_common}/etc/placement/placement.conf.d"
|
||||
- "{snap_common}/etc/horizon/horizon.conf.d"
|
||||
- "{snap_common}/etc/horizon/local_settings.d"
|
||||
- "{snap_common}/var/horizon/static"
|
||||
@ -17,6 +18,7 @@ setup:
|
||||
- "{snap_common}/etc/cinder/uwsgi/snap"
|
||||
- "{snap_common}/etc/nova/uwsgi/snap"
|
||||
- "{snap_common}/etc/horizon/uwsgi/snap"
|
||||
- "{snap_common}/etc/placement/uwsgi/snap"
|
||||
- "{snap_common}/etc/rabbitmq"
|
||||
- "{snap_common}/fernet-keys"
|
||||
- "{snap_common}/lib"
|
||||
@ -25,6 +27,9 @@ setup:
|
||||
- "{snap_common}/log"
|
||||
- "{snap_common}/run"
|
||||
- "{snap_common}/lib/instances"
|
||||
- "{snap_common}/etc/apparmor.d/libvirt"
|
||||
- "{snap_common}/etc/iscsi"
|
||||
- "{snap_common}/etc/target"
|
||||
templates:
|
||||
keystone-nginx.conf.j2: "{snap_common}/etc/nginx/snap/sites-enabled/keystone.conf"
|
||||
keystone-snap.conf.j2: "{snap_common}/etc/keystone/keystone.conf.d/keystone-snap.conf"
|
||||
@ -33,28 +38,40 @@ setup:
|
||||
nova-snap.conf.j2: "{snap_common}/etc/nova/nova.conf.d/nova-snap.conf"
|
||||
nova-nginx.conf.j2: "{snap_common}/etc/nginx/snap/sites-enabled/nova.conf"
|
||||
glance-snap.conf.j2: "{snap_common}/etc/glance/glance.conf.d/glance-snap.conf"
|
||||
placement-nginx.conf.j2: "{snap_common}/etc/nginx/snap/sites-enabled/placement.conf"
|
||||
placement-snap.conf.j2: "{snap_common}/etc/placement/placement.conf.d/placement-snap.conf"
|
||||
cinder-nginx.conf.j2: "{snap_common}/etc/nginx/snap/sites-enabled/cinder.conf"
|
||||
cinder-snap.conf.j2: "{snap_common}/etc/cinder/cinder.conf.d/cinder-snap.conf"
|
||||
cinder.database.conf.j2: "{snap_common}/etc/cinder/cinder.conf.d/database.conf"
|
||||
cinder.rabbitmq.conf.j2: "{snap_common}/etc/cinder/cinder.conf.d/rabbitmq.conf"
|
||||
cinder.keystone.conf.j2: "{snap_common}/etc/cinder/cinder.conf.d/keystone.conf"
|
||||
cinder-rootwrap.conf.j2: "{snap_common}/etc/cinder/rootwrap.conf"
|
||||
horizon-snap.conf.j2: "{snap_common}/etc/horizon/horizon.conf.d/horizon-snap.conf"
|
||||
horizon-nginx.conf.j2: "{snap_common}/etc/nginx/snap/sites-enabled/horizon.conf"
|
||||
05_snap_tweaks.j2: "{snap_common}/etc/horizon/local_settings.d/_05_snap_tweaks.py"
|
||||
libvirtd.conf.j2: "{snap_common}/libvirt/libvirtd.conf"
|
||||
virtlogd.conf.j2: "{snap_common}/libvirt/virtlogd.conf"
|
||||
microstack.rc.j2: "{snap_common}/etc/microstack.rc"
|
||||
microstack.json.j2: "{snap_common}/etc/microstack.json"
|
||||
glance.conf.d.keystone.conf.j2: "{snap_common}/etc/glance/glance.conf.d/keystone.conf"
|
||||
placement.conf.d.keystone.conf.j2: "{snap_common}/etc/placement/placement.conf.d/keystone.conf"
|
||||
nova.conf.d.keystone.conf.j2: "{snap_common}/etc/nova/nova.conf.d/keystone.conf"
|
||||
nova.conf.d.database.conf.j2: "{snap_common}/etc/nova/nova.conf.d/database.conf"
|
||||
nova.conf.d.rabbitmq.conf.j2: "{snap_common}/etc/nova/nova.conf.d/rabbitmq.conf"
|
||||
nova.conf.d.nova-placement.conf.j2: "{snap_common}/etc/nova/nova.conf.d/nova-placement.conf"
|
||||
nova.conf.d.glance.conf.j2: "{snap_common}/etc/nova/nova.conf.d/glance.conf"
|
||||
nova.conf.d.neutron.conf.j2: "{snap_common}/etc/nova/nova.conf.d/neutron.conf"
|
||||
nova.conf.d.placement.conf.j2: "{snap_common}/etc/nova/nova.conf.d/placement.conf"
|
||||
nova.conf.d.console.conf.j2: "{snap_common}/etc/nova/nova.conf.d/console.conf"
|
||||
keystone.database.conf.j2: "{snap_common}/etc/keystone/keystone.conf.d/database.conf"
|
||||
glance.database.conf.j2: "{snap_common}/etc/glance/glance.conf.d/database.conf"
|
||||
placement.conf.d.database.conf.j2: "{snap_common}/etc/placement/placement.conf.d/database.conf"
|
||||
neutron.keystone.conf.j2: "{snap_common}/etc/neutron/neutron.conf.d/keystone.conf"
|
||||
neutron.nova.conf.j2: "{snap_common}/etc/neutron/neutron.conf.d/nova.conf"
|
||||
neutron.database.conf.j2: "{snap_common}/etc/neutron/neutron.conf.d/database.conf"
|
||||
neutron.conf.d.rabbitmq.conf.j2: "{snap_common}/etc/neutron/neutron.conf.d/rabbitmq.conf"
|
||||
neutron_ovn_metadata_agent.ini.j2: "{snap_common}/etc/neutron/neutron_ovn_metadata_agent.ini"
|
||||
rabbitmq.conf.j2: "{snap_common}/etc/rabbitmq/rabbitmq.config"
|
||||
iscsid.conf.j2: "{snap_common}/etc/iscsi/iscsid.conf"
|
||||
|
||||
# LMA stack templates
|
||||
telegraf.conf.j2: "{snap_common}/etc/telegraf/telegraf-microstack.conf"
|
||||
@ -63,17 +80,22 @@ setup:
|
||||
chmod:
|
||||
"{snap_common}/instances": 0755
|
||||
"{snap_common}/etc/microstack.rc": 0644
|
||||
"{snap_common}/etc/microstack.json": 0644
|
||||
snap-config-keys:
|
||||
ospassword: 'config.credentials.os-password'
|
||||
nova_password: 'config.credentials.nova-password'
|
||||
cinder_password: 'config.credentials.cinder-password'
|
||||
neutron_password: 'config.credentials.neutron-password'
|
||||
placement_password: 'config.credentials.placement-password'
|
||||
glance_password: 'config.credentials.glance-password'
|
||||
placement_password: 'config.credentials.placement-password'
|
||||
control_ip: 'config.network.control-ip'
|
||||
node_fqdn: 'config.network.node-fqdn'
|
||||
compute_ip: 'config.network.compute-ip'
|
||||
extgateway: 'config.network.ext-gateway'
|
||||
extcidr: 'config.network.ext-cidr'
|
||||
dns: 'config.network.dns'
|
||||
dns_servers: 'config.network.dns-servers'
|
||||
dns_domain: 'config.network.dns-domain'
|
||||
dashboard_allowed_hosts: 'config.network.dashboard-allowed-hosts'
|
||||
dashboard_port: 'config.network.ports.dashboard'
|
||||
mysql_port: 'config.network.ports.mysql'
|
||||
@ -83,6 +105,10 @@ setup:
|
||||
monitoring_tag: 'config.monitoring.tag'
|
||||
monitoring_ipmi: 'config.monitoring.ipmi'
|
||||
alerting_tag: 'config.alerting.tag'
|
||||
ovn_nb_connection: 'config.network.ovn-nb-connection'
|
||||
ovn_sb_connection: 'config.network.ovn-sb-connection'
|
||||
setup_loop_based_cinder_lvm_backend: 'config.cinder.setup-loop-based-cinder-lvm-backend'
|
||||
lvm_backend_volume_group: 'config.cinder.lvm-backend-volume-group'
|
||||
entry_points:
|
||||
keystone-manage:
|
||||
binary: "{snap}/bin/keystone-manage"
|
||||
@ -116,19 +142,6 @@ entry_points:
|
||||
- "{snap_common}/etc/nova/nova.conf"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/nova/nova.conf.d"
|
||||
nova-uwsgi:
|
||||
type: uwsgi
|
||||
uwsgi-dir: "{snap_common}/etc/nova/uwsgi/snap"
|
||||
uwsgi-dir-override: "{snap_common}/etc/nova/uwsgi"
|
||||
config-files:
|
||||
- "{snap}/etc/nova/nova.conf"
|
||||
config-files-override:
|
||||
- "{snap_common}/etc/nova/nova.conf"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/nova/nova.conf.d"
|
||||
templates:
|
||||
nova-placement-api.ini.j2:
|
||||
"{snap_common}/etc/nova/uwsgi/snap/nova-placement-api.ini"
|
||||
nova-conductor:
|
||||
binary: "{snap}/bin/nova-conductor"
|
||||
config-files:
|
||||
@ -169,6 +182,17 @@ entry_points:
|
||||
- "{snap_common}/etc/nova/nova.conf"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/nova/nova.conf.d"
|
||||
nova-spicehtml5proxy:
|
||||
binary: "{snap}/bin/nova-spicehtml5proxy"
|
||||
config-files:
|
||||
- "{snap}/etc/nova/nova.conf"
|
||||
config-files-override:
|
||||
- "{snap_common}/etc/nova/nova.conf"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/nova/nova.conf.d"
|
||||
templates:
|
||||
nova.conf.d.console.conf.j2:
|
||||
"{snap_common}/etc/nova/nova.conf.d/console.conf"
|
||||
neutron-db-manage:
|
||||
binary: "{snap}/bin/neutron-db-manage"
|
||||
config-files:
|
||||
@ -215,36 +239,19 @@ entry_points:
|
||||
- "{snap_common}/etc/neutron/neutron.conf"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/neutron/neutron.conf.d"
|
||||
neutron-l3-agent:
|
||||
binary: "{snap}/bin/neutron-l3-agent"
|
||||
neutron-ovn-metadata-agent:
|
||||
binary: "{snap}/bin/neutron-ovn-metadata-agent"
|
||||
config-files:
|
||||
- "{snap}/etc/neutron/neutron.conf"
|
||||
- "{snap}/etc/neutron/l3_agent.ini"
|
||||
- "{snap}/etc/neutron/neutron_ovn_metadata_agent.ini"
|
||||
config-files-override:
|
||||
- "{snap_common}/etc/neutron/neutron.conf"
|
||||
- "{snap_common}/etc/neutron/l3_agent.ini"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/neutron/neutron.conf.d"
|
||||
neutron-dhcp-agent:
|
||||
binary: "{snap}/bin/neutron-dhcp-agent"
|
||||
config-files:
|
||||
- "{snap}/etc/neutron/neutron.conf"
|
||||
- "{snap}/etc/neutron/dhcp_agent.ini"
|
||||
config-files-override:
|
||||
- "{snap_common}/etc/neutron/neutron.conf"
|
||||
- "{snap_common}/etc/neutron/dhcp_agent.ini"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/neutron/neutron.conf.d"
|
||||
neutron-metadata-agent:
|
||||
binary: "{snap}/bin/neutron-metadata-agent"
|
||||
config-files:
|
||||
- "{snap}/etc/neutron/neutron.conf"
|
||||
- "{snap}/etc/neutron/metadata_agent.ini"
|
||||
config-files-override:
|
||||
- "{snap_common}/etc/neutron/neutron.conf"
|
||||
- "{snap_common}/etc/neutron/metadata_agent.ini"
|
||||
- "{snap_common}/etc/neutron/neutron_ovn_metadata_agent.ini"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/neutron/neutron.conf.d"
|
||||
templates:
|
||||
neutron_ovn_metadata_agent.ini.j2:
|
||||
"{snap_common}/etc/neutron/neutron_ovn_metadata_agent.ini"
|
||||
glance-manage:
|
||||
binary: "{snap}/bin/glance-manage"
|
||||
config-files:
|
||||
@ -269,6 +276,27 @@ entry_points:
|
||||
- "{snap_common}/etc/glance/glance-api.conf"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/glance/glance.conf.d"
|
||||
placement-uwsgi:
|
||||
type: uwsgi
|
||||
uwsgi-dir: "{snap_common}/etc/placement/uwsgi/snap"
|
||||
uwsgi-dir-override: "{snap_common}/etc/placement/uwsgi"
|
||||
config-files:
|
||||
- "{snap}/etc/placement/placement.conf"
|
||||
config-files-override:
|
||||
- "{snap_common}/etc/placement/placement.conf"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/placement/placement.conf.d"
|
||||
templates:
|
||||
placement-api.ini.j2:
|
||||
"{snap_common}/etc/placement/uwsgi/snap/placement-api.ini"
|
||||
placement-manage:
|
||||
binary: "{snap}/bin/placement-manage"
|
||||
config-files:
|
||||
- "{snap}/etc/placement/placement.conf"
|
||||
config-files-override:
|
||||
- "{snap_common}/etc/placement/placement.conf"
|
||||
config-dirs:
|
||||
- "{snap_common}/etc/placement/placement.conf.d"
|
||||
cinder-backup:
|
||||
binary: "{snap}/bin/cinder-backup"
|
||||
config-files:
|
||||
|
6
snap-overlay/templates/cinder-rootwrap.conf.j2
Normal file
6
snap-overlay/templates/cinder-rootwrap.conf.j2
Normal file
@ -0,0 +1,6 @@
|
||||
[DEFAULT]
|
||||
filters_path={{ snap }}/etc/cinder/rootwrap.d
|
||||
|
||||
use_syslog=False
|
||||
syslog_log_facility=syslog
|
||||
syslog_log_level=ERROR
|
@ -2,9 +2,26 @@
|
||||
# Set state path to writable directory
|
||||
state_path = {{ snap_common }}/lib
|
||||
|
||||
resource_query_filters_file = {{ snap }}/etc/cinder/resource_filters.json
|
||||
|
||||
# Set volume configuration file storage directory
|
||||
volumes_dir = {{ snap_common }}/lib/volumes
|
||||
|
||||
my_ip = {{ compute_ip }}
|
||||
|
||||
rootwrap_config = {{ snap_common }}/etc/cinder/rootwrap.conf
|
||||
|
||||
enabled_backends = {% if setup_loop_based_cinder_lvm_backend %}lvm-loop-based-backend{% endif %}
|
||||
|
||||
{% if setup_loop_based_cinder_lvm_backend %}
|
||||
[lvm-loop-based-backend]
|
||||
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
|
||||
iscsi_protocol = iscsi
|
||||
target_helper = lioadm
|
||||
volume_group = {{ lvm_backend_volume_group }}
|
||||
volume_backend_name=lvm-loop-based
|
||||
{% endif %}
|
||||
|
||||
[oslo_concurrency]
|
||||
# Oslo Concurrency lock path
|
||||
lock_path = {{ snap_common }}/lock
|
||||
|
2
snap-overlay/templates/cinder.database.conf.j2
Normal file
2
snap-overlay/templates/cinder.database.conf.j2
Normal file
@ -0,0 +1,2 @@
|
||||
[database]
|
||||
connection = mysql+pymysql://cinder:cinder@{{ control_ip }}:{{ mysql_port }}/cinder
|
13
snap-overlay/templates/cinder.keystone.conf.j2
Normal file
13
snap-overlay/templates/cinder.keystone.conf.j2
Normal file
@ -0,0 +1,13 @@
|
||||
[DEFAULT]
|
||||
auth_strategy = keystone
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://{{ control_ip }}:5000
|
||||
auth_url = http://{{ control_ip }}:5000
|
||||
memcached_servers = {{ control_ip }}:11211
|
||||
auth_type = password
|
||||
project_domain_name = default
|
||||
user_domain_name = default
|
||||
project_name = service
|
||||
username = cinder
|
||||
password = {{ cinder_password }}
|
2
snap-overlay/templates/cinder.rabbitmq.conf.j2
Normal file
2
snap-overlay/templates/cinder.rabbitmq.conf.j2
Normal file
@ -0,0 +1,2 @@
|
||||
[DEFAULT]
|
||||
transport_url = rabbit://openstack:rabbitmq@{{ control_ip }}:{{ rabbit_port }}
|
22
snap-overlay/templates/iscsid.conf.j2
Normal file
22
snap-overlay/templates/iscsid.conf.j2
Normal file
@ -0,0 +1,22 @@
|
||||
iscsid.startup = {{ snap }}/sbin/iscsid
|
||||
node.startup = manual
|
||||
node.leading_login = No
|
||||
node.session.timeo.replacement_timeout = 120
|
||||
node.conn[0].timeo.login_timeout = 15
|
||||
node.conn[0].timeo.logout_timeout = 15
|
||||
node.conn[0].timeo.noop_out_interval = 5
|
||||
node.conn[0].timeo.noop_out_timeout = 5
|
||||
node.session.err_timeo.abort_timeout = 15
|
||||
node.session.err_timeo.lu_reset_timeout = 30
|
||||
node.session.err_timeo.tgt_reset_timeout = 30
|
||||
node.session.cmds_max = 128
|
||||
node.session.queue_depth = 32
|
||||
node.session.xmit_thread_priority = -20
|
||||
node.session.iscsi.InitialR2T = No
|
||||
node.session.iscsi.ImmediateData = Yes
|
||||
node.session.iscsi.FirstBurstLength = 262144
|
||||
node.session.iscsi.MaxBurstLength = 16776192
|
||||
node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
|
||||
node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
|
||||
discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768
|
||||
node.session.nr_sessions = 1
|
26
snap-overlay/templates/microstack.json.j2
Normal file
26
snap-overlay/templates/microstack.json.j2
Normal file
@ -0,0 +1,26 @@
|
||||
{
|
||||
"openstack": {
|
||||
"admin": {
|
||||
"password": "{{ ospassword }}",
|
||||
"project_domain_name": "default",
|
||||
"project_name": "admin",
|
||||
"user_domain_name": "default",
|
||||
"username": "admin"
|
||||
},
|
||||
"api_info": {
|
||||
"keystone": {
|
||||
"service_type": "identityv3",
|
||||
"version": 3
|
||||
}
|
||||
},
|
||||
"auth_url": "http://{{ control_ip }}:5000",
|
||||
"endpoint_type": null,
|
||||
"https_cacert": "",
|
||||
"https_cert": "",
|
||||
"https_insecure": false,
|
||||
"https_key": "",
|
||||
"profiler_conn_str": null,
|
||||
"profiler_hmac_key": null,
|
||||
"region_name": ""
|
||||
}
|
||||
}
|
@ -4,6 +4,18 @@ state_path = {{ snap_common }}/lib
|
||||
# Log to systemd journal
|
||||
use_journal = True
|
||||
|
||||
{% if dns_domain %}
|
||||
dns_domain = {{ dns_domain }}
|
||||
{% endif %}
|
||||
|
||||
[oslo_concurrency]
|
||||
# Oslo Concurrency lock path
|
||||
lock_path = {{ snap_common }}/lock
|
||||
|
||||
[ovn]
|
||||
{% if dns_servers %}
|
||||
dns_servers= {{ dns_servers }}
|
||||
{% endif %}
|
||||
|
||||
# TODO(dmitriis): enable once external bridge IP addressing for compute nodes is figured out.
|
||||
# enable_distributed_floating_ip = True
|
||||
|
13
snap-overlay/templates/neutron_ovn_metadata_agent.ini.j2
Normal file
13
snap-overlay/templates/neutron_ovn_metadata_agent.ini.j2
Normal file
@ -0,0 +1,13 @@
|
||||
[DEFAULT]
|
||||
metadata_proxy_shared_secret = supersecret
|
||||
|
||||
[ovs]
|
||||
ovsdb_connection = unix:{{ snap_common }}/run/openvswitch/db.sock
|
||||
|
||||
[ovn]
|
||||
{% if ovn_nb_connection %}
|
||||
ovn_nb_connection = {{ ovn_nb_connection }}
|
||||
{% endif %}
|
||||
{% if ovn_sb_connection %}
|
||||
ovn_sb_connection = {{ ovn_sb_connection }}
|
||||
{% endif %}
|
@ -1,4 +1,4 @@
|
||||
user root root;
|
||||
user snap_daemon snap_daemon;
|
||||
worker_processes auto;
|
||||
pid {{ snap_common }}/run/nginx.pid;
|
||||
|
||||
|
@ -4,6 +4,20 @@ state_path = {{ snap_common }}/lib
|
||||
# Log to systemd journal
|
||||
use_journal = True
|
||||
|
||||
# Set a hostname to be an FQDN to avoid issues with port binding for
|
||||
# which a hostname of a Nova node must match a hostname of an OVN chassis.
|
||||
host = {{ node_fqdn }}
|
||||
|
||||
[oslo_concurrency]
|
||||
# Oslo Concurrency lock path
|
||||
lock_path = {{ snap_common }}/lock
|
||||
|
||||
[os_vif_ovs]
|
||||
# Nova relies on os-vif for openvswitch interface plugging and needs a connection to
|
||||
# OVSDB. This is done via a TCP connection to localhost by default so we override this to
|
||||
# use a unix socket instead.
|
||||
# See os-vif/releasenotes/notes/add-ovsdb-native-322fffb49c91503d.yaml
|
||||
ovsdb_connection = unix:{{ snap_common }}/run/openvswitch/db.sock
|
||||
|
||||
[cinder]
|
||||
os_region_name = microstack
|
||||
|
18
snap-overlay/templates/nova.conf.d.console.conf.j2
Normal file
18
snap-overlay/templates/nova.conf.d.console.conf.j2
Normal file
@ -0,0 +1,18 @@
|
||||
[DEFAULT]
|
||||
web = {{ snap }}/usr/share/spice-html5
|
||||
|
||||
[vnc]
|
||||
enabled = False
|
||||
|
||||
[spice]
|
||||
# Proxy configuration (controller only).
|
||||
html5proxy_host = 0.0.0.0
|
||||
html5proxy_port = 6082
|
||||
|
||||
enabled = True
|
||||
agent_enabled = True
|
||||
html5proxy_base_url = http://{{ control_ip }}:6082/spice_auto.html
|
||||
server_listen = {{ compute_ip }}
|
||||
server_proxyclient_address = {{ compute_ip }}
|
||||
keymap = en-us
|
||||
|
11
snap-overlay/templates/nova.conf.d.placement.conf.j2
Normal file
11
snap-overlay/templates/nova.conf.d.placement.conf.j2
Normal file
@ -0,0 +1,11 @@
|
||||
[placement]
|
||||
auth_uri = http://{{ control_ip }}:5000
|
||||
auth_url = http://{{ control_ip }}:5000
|
||||
memcached_servers = {{ control_ip }}:11211
|
||||
auth_type = password
|
||||
project_domain_name = default
|
||||
user_domain_name = default
|
||||
project_name = service
|
||||
username = nova
|
||||
password = {{ nova_password }}
|
||||
os_region_name = RegionOne
|
@ -7,8 +7,8 @@ server_port=5666
|
||||
#allowed_hosts=0.0.0.0/0
|
||||
#allowed_hosts=10.0.0.0/8,127.0.0.1
|
||||
|
||||
nrpe_user=root
|
||||
nrpe_group=root
|
||||
nrpe_user=snap_daemon
|
||||
nrpe_group=snap_daemon
|
||||
dont_blame_nrpe=0
|
||||
debug=0
|
||||
pid_file={{ snap_common }}/run/nrpe.pid
|
||||
@ -32,10 +32,6 @@ command[check_libvirtd]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.
|
||||
command[check_memcached]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.py snap.microstack.memcached
|
||||
command[check_mysqld]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.py snap.microstack.mysqld
|
||||
command[check_neutron_api]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.py snap.microstack.neutron-api
|
||||
command[check_neutron_dhcp_agent]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.py snap.microstack.neutron-dhcp-agent
|
||||
command[check_neutron_l3_agent]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.py snap.microstack.neutron-l3-agent
|
||||
command[check_neutron_metadata_agent]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.py snap.microstack.neutron-metadata-agent
|
||||
command[check_neutron_openvswitch_agent]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.py snap.microstack.neutron-openvswitch-agent
|
||||
command[check_nginx]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.py snap.microstack.nginx
|
||||
command[check_nova_api]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.py snap.microstack.nova-api
|
||||
command[check_nova_api_metadata]=python3 {{ snap }}/usr/lib/nagios/plugins/check_systemd.py snap.microstack.nova-api-metadata
|
||||
|
@ -1,5 +1,5 @@
|
||||
[uwsgi]
|
||||
wsgi-file = {{ snap }}/bin/nova-placement-api
|
||||
wsgi-file = {{ snap }}/bin/placement-api
|
||||
uwsgi-socket = {{ snap_common }}/run/placement-api.sock
|
||||
buffer-size = 65535
|
||||
master = true
|
||||
@ -8,3 +8,4 @@ processes = 4
|
||||
thunder-lock = true
|
||||
lazy-apps = true
|
||||
home = {{ snap }}/usr
|
||||
pyargv = {{ pyargv }}
|
10
snap-overlay/templates/placement-nginx.conf.j2
Normal file
10
snap-overlay/templates/placement-nginx.conf.j2
Normal file
@ -0,0 +1,10 @@
|
||||
server {
|
||||
listen 8778;
|
||||
error_log syslog:server=unix:/dev/log;
|
||||
access_log syslog:server=unix:/dev/log;
|
||||
location / {
|
||||
include {{ snap }}/usr/conf/uwsgi_params;
|
||||
uwsgi_param SCRIPT_NAME '';
|
||||
uwsgi_pass unix://{{ snap_common }}/run/placement-api.sock;
|
||||
}
|
||||
}
|
9
snap-overlay/templates/placement-snap.conf.j2
Normal file
9
snap-overlay/templates/placement-snap.conf.j2
Normal file
@ -0,0 +1,9 @@
|
||||
[DEFAULT]
|
||||
# Set state path to writable directory
|
||||
state_path = {{ snap_common }}/lib
|
||||
# Log to systemd journal
|
||||
use_journal = True
|
||||
|
||||
[oslo_concurrency]
|
||||
# Oslo Concurrency lock path
|
||||
lock_path = {{ snap_common }}/lock
|
2
snap-overlay/templates/placement.conf.d.database.conf.j2
Normal file
2
snap-overlay/templates/placement.conf.d.database.conf.j2
Normal file
@ -0,0 +1,2 @@
|
||||
[placement_database]
|
||||
connection = mysql+pymysql://placement:placement@{{ control_ip }}:{{ mysql_port }}/placement
|
@ -1,9 +1,13 @@
|
||||
[placement]
|
||||
os_region_name = microstack
|
||||
project_domain_name = default
|
||||
project_name = service
|
||||
auth_type = password
|
||||
user_domain_name = default
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://{{ control_ip }}:5000
|
||||
auth_url = http://{{ control_ip }}:5000
|
||||
memcached_servers = {{ control_ip }}:11211
|
||||
auth_type = password
|
||||
project_domain_name = default
|
||||
user_domain_name = default
|
||||
project_name = service
|
||||
username = placement
|
||||
password = {{ placement_password }}
|
||||
|
||||
[paste_deploy]
|
||||
flavor = keystone
|
@ -0,0 +1,2 @@
|
||||
[placement]
|
||||
randomize_allocation_candidates = true
|
2
snap-overlay/templates/targets.conf.j2
Normal file
2
snap-overlay/templates/targets.conf.j2
Normal file
@ -0,0 +1,2 @@
|
||||
include {{ snap_common }}/lib/volumes/*
|
||||
default-driver iscsi
|
25
snap-wrappers/ovn/ovn-wrapper
Executable file
25
snap-wrappers/ovn/ovn-wrapper
Executable file
@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
export OVN_LOGDIR=${SNAP_COMMON}/log/ovn
|
||||
export OVN_RUNDIR=${SNAP_COMMON}/run/ovn
|
||||
export OVN_SYSCONFDIR=${SNAP_COMMON}/etc
|
||||
export OVN_PKGDATADIR=${SNAP}/usr/local/share/ovn
|
||||
export OVN_BINDIR=${SNAP}/bin
|
||||
export OVN_SBINDIR=${SNAP}/sbin
|
||||
|
||||
|
||||
mkdir -p ${OVN_LOGDIR}
|
||||
mkdir -p ${OVN_RUNDIR}
|
||||
mkdir -p ${OVN_SYSCONFDIR}/ovn
|
||||
|
||||
if [ `basename $1` = 'ovn-ctl' -a `snapctl get config.clustered` == 'true' ]
|
||||
then
|
||||
# TODO: replace this with a secure alternative once TLS is supported.
|
||||
# Create an SB TCP socket to be used by remote ovn-controller and neutron-ovn-metadata
|
||||
# agents.
|
||||
exec $@ --db-sb-create-insecure-remote=yes
|
||||
else
|
||||
exec $@
|
||||
fi
|
@ -5,12 +5,16 @@ set -e
|
||||
export OVS_LOGDIR=${SNAP_COMMON}/log/openvswitch
|
||||
export OVS_RUNDIR=${SNAP_COMMON}/run/openvswitch
|
||||
export OVS_SYSCONFDIR=${SNAP_COMMON}/etc
|
||||
export OVS_PKGDATADIR=${SNAP}/share/openvswitch
|
||||
export OVS_PKGDATADIR=${SNAP}/usr/local/share/openvswitch
|
||||
export OVS_BINDIR=${SNAP}/bin
|
||||
export OVS_SBINDIR=${SNAP}/sbin
|
||||
|
||||
mkdir -p ${OVS_LOGDIR}
|
||||
mkdir -p ${OVS_RUNDIR}
|
||||
mkdir -p ${OVS_SYSCONFDIR}/openvswitch
|
||||
|
||||
exec $@
|
||||
if [ `basename $1` = 'ovs-ctl' ]
|
||||
then
|
||||
mkdir -p ${OVS_LOGDIR}
|
||||
mkdir -p ${OVS_RUNDIR}
|
||||
mkdir -p ${OVS_SYSCONFDIR}/openvswitch
|
||||
exec $@ --system-id=random
|
||||
else
|
||||
exec $@
|
||||
fi
|
||||
|
@ -19,7 +19,7 @@
|
||||
# %CopyrightEnd%
|
||||
#
|
||||
ROOTDIR=$SNAP/usr/lib/erlang
|
||||
BINDIR=$ROOTDIR/erts-9.2/bin
|
||||
BINDIR=$ROOTDIR/erts-10.6.4/bin
|
||||
EMU=beam
|
||||
PROGNAME=`echo $0 | sed 's/.*\///'`
|
||||
export EMU
|
||||
|
@ -15,6 +15,10 @@
|
||||
## Copyright (c) 2007-2014 GoPivotal, Inc. All rights reserved.
|
||||
##
|
||||
|
||||
# Make sure files created by rabbitmq (including the .erlang.cookie file which
|
||||
# needs to be restricted to the user only) are created with strict permissions.
|
||||
umask 077
|
||||
|
||||
mkdir -p $SNAP_COMMON/lib/rabbitmq
|
||||
cd $SNAP_COMMON/lib/rabbitmq
|
||||
|
||||
|
@ -1,10 +1,47 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
|
||||
# Initialize config
|
||||
set-default-config
|
||||
|
||||
# TODO(dmitriis): disable other services and only enable them once the
|
||||
# prerequisites are met instead of allowing snapd to start them and make them fail.
|
||||
# snapd starts all non-disabled services by default which may lead to errors such as
|
||||
# a module loading error in case of ovs-vswitchd. The sequence is as follows:
|
||||
# 1. The snap is installed;
|
||||
# 2. Non-disabled services are started;
|
||||
# 3. Interfaces that do not have auto-connection enabled are manually connected by
|
||||
# an operator (connecting openvswitch-support loads the openvswitch kernel module
|
||||
# but auto-connection is not enabled for openvswitch-support).
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.ovsdb-server
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.ovn-ovsdb-server-sb
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.ovn-ovsdb-server-nb
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.ovs-vswitchd
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.ovn-northd
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.ovn-controller
|
||||
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.iscsid
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.target
|
||||
|
||||
# No meaningful default backend is available yet.
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.cinder-backup
|
||||
# Will only be enabled based on the answers during initialization.
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.setup-lvm-loopdev
|
||||
# Will only be enabled if a backend is chosen to be configured by the user.
|
||||
snapctl stop --disable $SNAP_INSTANCE_NAME.cinder-volume
|
||||
|
||||
|
||||
mkdir -p $SNAP_DATA/lib/libvirt/images
|
||||
mkdir -p ${SNAP_COMMON}/log/libvirt/qemu
|
||||
# NOTE(dmitriis): there is currently no way to make sure this directory gets
|
||||
# recreated on reboot which would normally be done via systemd-tmpfiles.
|
||||
mkdir -p /run/lock/snap.$SNAP_INSTANCE_NAME
|
||||
|
||||
# Copy TEMPLATE.qemu into the common directory. Libvirt generates additional
|
||||
# policy dynamically which is why its apparmor directory is writeable under $SNAP_COMMON.
|
||||
# Also copy other abstractions that are used by this template.
|
||||
rsync -rh $SNAP/etc/apparmor.d $SNAP_COMMON/etc
|
||||
|
||||
# MySQL snapshot for speedy install
|
||||
# snapshot is a mysql data dir with
|
||||
@ -24,4 +61,32 @@ done
|
||||
# Make a place for our horizon config overrides to live
|
||||
mkdir -p ${SNAP_COMMON}/etc/horizon/local_settings.d
|
||||
|
||||
# ----- OVN -----
|
||||
# Lay out directories used for OVN configuration and persistent data
|
||||
for dir in etc/ovn var/lib/ovn var/log/ovn var/run/ovn; do
|
||||
if [ ! -d $SNAP_COMMON/$dir ]; then
|
||||
mkdir -p $SNAP_COMMON/$dir
|
||||
fi
|
||||
done
|
||||
|
||||
# Prepare access to the hosting systems Open vSwitch instance
|
||||
# NOTE end user must execute `snap connect ovn:openvswitch` for this to work
|
||||
ln -s /var/run/openvswitch $SNAP_COMMON/var/run/openvswitch
|
||||
|
||||
# The `ovn-ctl` script does not have enough knobs for useful tailoring of
|
||||
# execution of the `ovn-northd` daemon. Instead it provides a file to pass
|
||||
# arguments directly to the `ovn-northd` process.
|
||||
#
|
||||
# We fill the `args_northd` with necessary defaults and link to the file
|
||||
# `ovn-ctl` looks for.
|
||||
#
|
||||
# For other daemons the corrensponding args_* file is used to pass arguments to
|
||||
# `ovn-ctl`.
|
||||
cat << EOF > $SNAP_COMMON/args_northd
|
||||
--ovnnb-db=unix:$SNAP_COMMON/run/ovn/ovnnb_db.sock
|
||||
--ovnsb-db=unix:$SNAP_COMMON/run/ovn/ovnsb_db.sock
|
||||
EOF
|
||||
ln -s $SNAP_COMMON/args_northd $SNAP_COMMON/etc/ovn/ovn-northd-db-params.conf
|
||||
# ----- END OVN -----
|
||||
|
||||
snap-openstack setup # Sets up templates for the first time.
|
||||
|
@ -1,6 +1,9 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
# Refresh the TEMPLATE.qemu apparmor profile and abstractions.
|
||||
rsync -rh $SNAP/etc/apparmor.d $SNAP_COMMON/etc
|
||||
|
||||
if [ -z "$(snapctl get config)" ]; then
|
||||
# [2019-11-15] Handle build 171 (beta) -> 182
|
||||
|
||||
@ -30,4 +33,7 @@ if [ -z "$(snapctl get config.network.ports.rabbit)" ]; then
|
||||
snapctl set config.network.ports.rabbit=5672
|
||||
fi
|
||||
|
||||
mkdir -p ${SNAP_COMMON}/log/libvirt/qemu
|
||||
mkdir -p /run/lock/snap.$SNAP_INSTANCE_NAME
|
||||
|
||||
snap-openstack setup # Write any template changes.
|
||||
|
79
snap/hooks/remove
Executable file
79
snap/hooks/remove
Executable file
@ -0,0 +1,79 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import os
|
||||
import sys
|
||||
import logging
|
||||
from subprocess import check_call, check_output, call, run
|
||||
from pyroute2 import netns
|
||||
|
||||
logging.basicConfig(stream=sys.stdout, level=logging.DEBUG)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
# Work around the lack of modified LD_LIBRARY_PATH and PATH variables with
|
||||
# snap-specific content.
|
||||
snap_dir = os.environ['SNAP']
|
||||
snap_libs = (f'{snap_dir}/lib:{snap_dir}/usr/lib:'
|
||||
f'{snap_dir}/lib/x86_64-linux-gnu:'
|
||||
f'{snap_dir}/usr/lib/x86_64-linux-gnu')
|
||||
os.environ['LD_LIBRARY_PATH'] = snap_libs
|
||||
|
||||
check_call(['snapctl', 'start', 'microstack.ovsdb-server'])
|
||||
check_call(['snapctl', 'start', 'microstack.ovs-vswitchd'])
|
||||
|
||||
logging.info('Attempting to remove br-ex.')
|
||||
check_call(['ovs-vsctl', '--if-exists', 'del-br', 'br-ex'])
|
||||
|
||||
check_call(['snapctl', 'stop', 'microstack.ovsdb-server'])
|
||||
check_call(['snapctl', 'stop', 'microstack.ovs-vswitchd'])
|
||||
|
||||
for ns in netns.listnetns():
|
||||
if ns.startswith('ovnmeta-'):
|
||||
logging.info(f'Removing the {ns} network namespace.')
|
||||
netns.remove(ns)
|
||||
|
||||
# Need to expose targets prior to starting iscsid in order to properly log out
|
||||
# of iSCSI sessions.
|
||||
check_call(['snapctl', 'start', 'microstack.target'])
|
||||
check_call(['snapctl', 'start', 'microstack.iscsid'])
|
||||
check_call(['sync'])
|
||||
|
||||
# Assuming the QEMU processes have already been killed by snapd,
|
||||
# log out of all targets prior to removing the snap to clean up
|
||||
# the kernel state.
|
||||
# TODO: be more selective about logging out since there may be sessions
|
||||
# unrelated to MicroStack in the kernel.
|
||||
# TODO: also clean up block devices by writing to
|
||||
# /sys/class/block/<dev>/device/delete since those do not get deleted on
|
||||
# session logout.
|
||||
logging.info('Attempting to remove iscsi sessions from the kernel.')
|
||||
res = run(['iscsiadm', '-m', 'node', '-u'])
|
||||
# ISCSI_ERR_NO_OBJS_FOUND
|
||||
if res.returncode == 21:
|
||||
logging.debug('No iscsi sessions were found.')
|
||||
elif res.returncode == 0:
|
||||
logging.debug('Successfully logged the existing iscsi sessions out.')
|
||||
else:
|
||||
# Albeit this is an error condition we cannot do much in the remove
|
||||
# hook to fix this besides logging since snapd does not stop the
|
||||
# snap removal on error in the remove hook.
|
||||
logging.error('Unexpected error code received from iscsiadm: '
|
||||
f'{res.returncode}')
|
||||
check_call(['snapctl', 'stop', 'microstack.iscsid'])
|
||||
check_call(['snapctl', 'stop', 'microstack.target'])
|
||||
|
||||
# File-backed LVM resource cleanup (if present).
|
||||
loop_file = f'{os.environ["SNAP_COMMON"]}/cinder-lvm.img'
|
||||
allocated_loop_dev = check_output(
|
||||
f'losetup -j {loop_file} | cut -d ":" -f 1', shell=True
|
||||
).decode('utf-8').strip()
|
||||
|
||||
if allocated_loop_dev:
|
||||
cinder_lvm_vg = check_output([
|
||||
'snapctl', 'get', 'config.cinder.lvm-backend-volume-group']
|
||||
).strip()
|
||||
if not call(['vgdisplay', cinder_lvm_vg]):
|
||||
check_call(['vgremove', '-f', cinder_lvm_vg])
|
||||
if not call(['pvdisplay', allocated_loop_dev]):
|
||||
check_call(['pvremove', '-f', allocated_loop_dev])
|
||||
check_call(['losetup', '-d', allocated_loop_dev])
|
1012
snapcraft.yaml
1012
snapcraft.yaml
File diff suppressed because it is too large
Load Diff
@ -36,8 +36,8 @@ do
|
||||
esac
|
||||
done
|
||||
|
||||
if [ ! -f microstack_stein_amd64.snap ]; then
|
||||
echo "microstack_stein_amd64.snap not found."
|
||||
if [ ! -f microstack_ussuri_amd64.snap ]; then
|
||||
echo "microstack_ussuri_amd64.snap not found."
|
||||
echo "Please run snapcraft before executing the tests."
|
||||
exit 1
|
||||
fi
|
||||
@ -72,7 +72,7 @@ if [ "$PREFIX" == "multipass" ]; then
|
||||
PREFIX="multipass exec $MACHINE --"
|
||||
|
||||
multipass launch --cpus 2 --mem 16G $DISTRO --name $MACHINE
|
||||
multipass copy-files microstack_stein_amd64.snap $MACHINE:
|
||||
multipass copy-files microstack_ussuri_amd64.snap $MACHINE:
|
||||
|
||||
HORIZON_IP=`multipass info $MACHINE | grep IPv4 | cut -d":" -f2 \
|
||||
| tr -d '[:space:]'`
|
||||
@ -80,11 +80,32 @@ fi
|
||||
|
||||
# Possibly install a release of the snap before running a test.
|
||||
if [ "${UPGRADE_FROM}" != "none" ]; then
|
||||
$PREFIX sudo snap install --classic --${UPGRADE_FROM} microstack
|
||||
$PREFIX sudo snap install --${UPGRADE_FROM} microstack
|
||||
fi
|
||||
|
||||
# Install the snap under test -- try again if the machine is not yet ready.
|
||||
$PREFIX sudo snap install --classic --dangerous microstack*.snap
|
||||
$PREFIX sudo snap install --dangerous microstack*.snap
|
||||
$PREFIX sudo snap connect microstack:libvirt
|
||||
$PREFIX sudo snap connect microstack:netlink-audit
|
||||
$PREFIX sudo snap connect microstack:firewall-control
|
||||
$PREFIX sudo snap connect microstack:hardware-observe
|
||||
$PREFIX sudo snap connect microstack:kernel-module-observe
|
||||
$PREFIX sudo snap connect microstack:kvm
|
||||
$PREFIX sudo snap connect microstack:log-observe
|
||||
$PREFIX sudo snap connect microstack:mount-observe
|
||||
$PREFIX sudo snap connect microstack:netlink-connector
|
||||
$PREFIX sudo snap connect microstack:network-observe
|
||||
$PREFIX sudo snap connect microstack:openvswitch-support
|
||||
$PREFIX sudo snap connect microstack:process-control
|
||||
$PREFIX sudo snap connect microstack:system-observe
|
||||
$PREFIX sudo snap connect microstack:network-control
|
||||
$PREFIX sudo snap connect microstack:system-trace
|
||||
$PREFIX sudo snap connect microstack:block-devices
|
||||
$PREFIX sudo snap connect microstack:raw-usb
|
||||
$PREFIX sudo snap connect microstack:hugepages-control
|
||||
# $PREFIX sudo snap connect microstack:microstack-support
|
||||
|
||||
|
||||
$PREFIX sudo /snap/bin/microstack.init --auto
|
||||
|
||||
# Comment out the above and uncomment below to install the version of
|
||||
|
@ -82,7 +82,7 @@ class Host():
|
||||
self.machine = ''
|
||||
self.distro = os.environ.get('DISTRO') or 'bionic'
|
||||
self.snap = os.environ.get('SNAP_FILE') or \
|
||||
'microstack_stein_amd64.snap'
|
||||
'microstack_ussuri_amd64.snap'
|
||||
self.horizon_ip = '10.20.20.1'
|
||||
self.host_type = 'localhost'
|
||||
|
||||
@ -91,17 +91,34 @@ class Host():
|
||||
print("Booting a Multipass VM ...")
|
||||
self.multipass()
|
||||
|
||||
self.microstack_test()
|
||||
|
||||
def install(self, snap=None, channel='dangerous'):
|
||||
if snap is None:
|
||||
snap = self.snap
|
||||
print("Installing {}".format(snap))
|
||||
|
||||
check(*self.prefix, 'sudo', 'snap', 'install', '--devmode',
|
||||
'--{}'.format(channel), snap)
|
||||
check(*self.prefix, 'sudo', 'snap', 'install',
|
||||
'--{}'.format(channel), '--devmode', snap)
|
||||
|
||||
def init(self, flag='auto'):
|
||||
print("Initializing the snap with --{}".format(flag))
|
||||
check(*self.prefix, 'sudo', 'microstack.init', '--{}'.format(flag))
|
||||
# TODO: add microstack-support once it is merged into snapd.
|
||||
connections = [
|
||||
'microstack:libvirt', 'microstack:netlink-audit',
|
||||
'microstack:firewall-control', 'microstack:hardware-observe',
|
||||
'microstack:kernel-module-observe', 'microstack:kvm',
|
||||
'microstack:log-observe', 'microstack:mount-observe',
|
||||
'microstack:netlink-connector', 'microstack:network-observe',
|
||||
'microstack:openvswitch-support', 'microstack:process-control',
|
||||
'microstack:system-observe', 'microstack:network-control',
|
||||
'microstack:system-trace', 'microstack:block-devices',
|
||||
'microstack:raw-usb'
|
||||
]
|
||||
for connection in connections:
|
||||
check('sudo', 'snap', 'connect', connection)
|
||||
|
||||
def init(self, args=['--auto']):
|
||||
print(f"Initializing the snap with {args}")
|
||||
check(*self.prefix, 'sudo', 'microstack.init', *args)
|
||||
|
||||
def multipass(self):
|
||||
self.machine = petname.generate()
|
||||
@ -119,6 +136,9 @@ class Host():
|
||||
info = json.loads(info)
|
||||
self.horizon_ip = info['info'][self.machine]['ipv4'][0]
|
||||
|
||||
def microstack_test(self):
|
||||
check('sudo', 'snap', 'install', 'microstack-test')
|
||||
|
||||
def dump_logs(self):
|
||||
# TODO: make unique log name
|
||||
if check_output('whoami') == 'zuul':
|
||||
|
@ -17,6 +17,7 @@ Web IDE.
|
||||
import os
|
||||
import sys
|
||||
import time
|
||||
import json
|
||||
import unittest
|
||||
|
||||
sys.path.append(os.getcwd())
|
||||
@ -35,7 +36,11 @@ class TestBasics(Framework):
|
||||
"""
|
||||
host = self.get_host()
|
||||
host.install()
|
||||
host.init()
|
||||
host.init([
|
||||
'--auto',
|
||||
'--setup-loop-based-cinder-lvm-backend',
|
||||
'--loop-device-file-size=32'
|
||||
])
|
||||
prefix = host.prefix
|
||||
|
||||
endpoints = check_output(
|
||||
@ -71,13 +76,35 @@ class TestBasics(Framework):
|
||||
# Check to verify that our bridge is there.
|
||||
self.assertTrue('br-ex' in check_output(*prefix, 'ip', 'a'))
|
||||
|
||||
# Try to uninstall snap without sudo.
|
||||
self.assertFalse(call(*prefix, '/snap/bin/microstack.remove',
|
||||
'--purge', '--auto'))
|
||||
check(*prefix, 'sudo', 'mkdir', '-p', '/tmp/snap.microstack-test/tmp')
|
||||
check(*prefix, 'sudo', 'cp',
|
||||
'/var/snap/microstack/common/etc/microstack.json',
|
||||
'/tmp/snap.microstack-test/tmp/microstack.json')
|
||||
check(*prefix, 'microstack-test.rally', 'db', 'recreate')
|
||||
check(*prefix, 'microstack-test.rally', 'deployment', 'create',
|
||||
'--filename', '/tmp/microstack.json',
|
||||
'--name', 'snap_generated')
|
||||
check(*prefix, 'microstack-test.tempest-init')
|
||||
check(*prefix, 'microstack-test.rally', 'verify', 'start',
|
||||
'--load-list',
|
||||
'/snap/microstack-test/current/2020.06-test-list.txt',
|
||||
'--detailed', '--concurrency', '2')
|
||||
check(*prefix, 'microstack-test.rally', 'verify', 'report',
|
||||
'--type', 'json', '--to',
|
||||
'/tmp/verification-report.json')
|
||||
report = json.loads(check_output(
|
||||
*prefix, 'sudo', 'cat',
|
||||
'/tmp/snap.microstack-test/tmp/verification-report.json'))
|
||||
# Make sure there are no verification failures in the report.
|
||||
failures = list(report['verifications'].values())[0]['failures']
|
||||
self.assertEqual(failures, 0, 'Verification tests had failure.')
|
||||
|
||||
# Try to remove the snap without sudo.
|
||||
self.assertFalse(
|
||||
call(*prefix, 'snap', 'remove', '--purge', 'microstack'))
|
||||
|
||||
# Retry with sudo (should succeed).
|
||||
check(*prefix, 'sudo', '/snap/bin/microstack.remove',
|
||||
'--purge', '--auto')
|
||||
check(*prefix, 'sudo', 'snap', 'remove', '--purge', 'microstack')
|
||||
|
||||
# Verify that MicroStack is gone.
|
||||
self.assertFalse(call(*prefix, 'snap', 'list', 'microstack'))
|
||||
|
@ -34,7 +34,7 @@ class TestCluster(Framework):
|
||||
openstack = '/snap/bin/microstack.openstack'
|
||||
control_host = self.get_host()
|
||||
control_host.install()
|
||||
control_host.init(flag='control')
|
||||
control_host.init(['--control'])
|
||||
|
||||
control_prefix = control_host.prefix
|
||||
cluster_password = check_output(*control_prefix, 'sudo', 'snap',
|
||||
|
@ -26,7 +26,7 @@ class TestControlNode(Framework):
|
||||
|
||||
host = self.get_host()
|
||||
host.install()
|
||||
host.init(flag='control')
|
||||
host.init(['--control'])
|
||||
|
||||
print("Checking output of services ...")
|
||||
services = check_output(
|
||||
|
2
tools/cluster/cluster/client.py
Normal file → Executable file
2
tools/cluster/cluster/client.py
Normal file → Executable file
@ -1,3 +1,5 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import json
|
||||
|
||||
import requests
|
||||
|
@ -34,6 +34,7 @@ import logging
|
||||
import secrets
|
||||
import string
|
||||
import sys
|
||||
import socket
|
||||
|
||||
from functools import wraps
|
||||
|
||||
@ -55,6 +56,15 @@ def requires_sudo(func):
|
||||
return wrapper
|
||||
|
||||
|
||||
def check_file_size_positive(value):
|
||||
ival = int(value)
|
||||
if ival < 1:
|
||||
raise argparse.ArgumentTypeError(
|
||||
f'The file size for a loop device'
|
||||
f' must be larger than 1GB, current: {value}')
|
||||
return ival
|
||||
|
||||
|
||||
def parse_init_args():
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('--auto', '-a', action='store_true',
|
||||
@ -63,6 +73,18 @@ def parse_init_args():
|
||||
parser.add_argument('--compute', action='store_true')
|
||||
parser.add_argument('--control', action='store_true')
|
||||
parser.add_argument('--debug', action='store_true')
|
||||
parser.add_argument(
|
||||
'--setup-loop-based-cinder-lvm-backend',
|
||||
action='store_true',
|
||||
help='(experimental) set up a loop device-backed'
|
||||
' LVM backend for Cinder.'
|
||||
)
|
||||
parser.add_argument(
|
||||
'--loop-device-file-size',
|
||||
type=check_file_size_positive, default=32,
|
||||
help=('File size in GB (10^9) of a file to be exposed as a loop'
|
||||
' device for the Cinder LVM backend.')
|
||||
)
|
||||
args = parser.parse_args()
|
||||
return args
|
||||
|
||||
@ -100,6 +122,12 @@ def process_init_args(args):
|
||||
if args.debug:
|
||||
log.setLevel(logging.DEBUG)
|
||||
|
||||
check('snapctl', 'set',
|
||||
f'config.cinder.setup-loop-based-cinder-lvm-backend='
|
||||
f'{str(args.setup_loop_based_cinder_lvm_backend).lower()}')
|
||||
check('snapctl', 'set',
|
||||
f'config.cinder.loop-device-file-size={args.loop_device_file_size}G')
|
||||
|
||||
return auto
|
||||
|
||||
|
||||
@ -110,7 +138,8 @@ def init() -> None:
|
||||
|
||||
question_list = [
|
||||
questions.Clustering(),
|
||||
questions.Dns(),
|
||||
questions.DnsServers(),
|
||||
questions.DnsDomain(),
|
||||
questions.NetworkSettings(),
|
||||
questions.OsPassword(), # TODO: turn this off if COMPUTE.
|
||||
questions.ForceQemu(),
|
||||
@ -120,11 +149,15 @@ def init() -> None:
|
||||
questions.DashboardAccess(),
|
||||
questions.RabbitMq(),
|
||||
questions.DatabaseSetup(),
|
||||
questions.PlacementSetup(),
|
||||
questions.NovaHypervisor(),
|
||||
questions.NovaControlPlane(),
|
||||
questions.NovaSpiceConsoleSetup(),
|
||||
questions.NeutronControlPlane(),
|
||||
questions.GlanceSetup(),
|
||||
questions.SecurityRules(),
|
||||
questions.CinderSetup(),
|
||||
questions.CinderVolumeLVMSetup(),
|
||||
questions.PostSetup(),
|
||||
questions.ExtraServicesQuestion(),
|
||||
]
|
||||
@ -160,7 +193,8 @@ def set_network_info() -> None:
|
||||
check('snapctl', 'set', 'config.network.ext-gateway={}'.format(gate))
|
||||
check('snapctl', 'set', 'config.network.ext-cidr={}'.format(cidr))
|
||||
check('snapctl', 'set', 'config.network.control-ip={}'.format(ip))
|
||||
check('snapctl', 'set', 'config.network.control-ip={}'.format(ip))
|
||||
check('snapctl', 'set',
|
||||
'config.network.node-fqdn={}'.format(socket.getfqdn()))
|
||||
|
||||
|
||||
@requires_sudo
|
||||
|
@ -28,7 +28,7 @@ from time import sleep
|
||||
from os import path
|
||||
|
||||
from init.shell import (check, call, check_output, sql, nc_wait, log_wait,
|
||||
restart, download)
|
||||
start, restart, download, disable, enable)
|
||||
from init.config import Env, log
|
||||
from init.questions.question import Question
|
||||
from init.questions import clustering, network, uninstall # noqa F401
|
||||
@ -104,7 +104,7 @@ class Clustering(Question):
|
||||
# Turn off cluster server
|
||||
# TODO: it would be more secure to reverse this -- only enable
|
||||
# to service if we are doing clustering.
|
||||
check('snapctl', 'stop', '--disable', 'microstack.cluster-server')
|
||||
disable('cluster-server')
|
||||
|
||||
|
||||
class ConfigQuestion(Question):
|
||||
@ -138,32 +138,36 @@ class ConfigQuestion(Question):
|
||||
_env[key.strip()] = val.strip()
|
||||
|
||||
|
||||
class Dns(Question):
|
||||
"""Possibly override default dns."""
|
||||
class DnsServers(ConfigQuestion):
|
||||
"""Provide default DNS forwarders for MicroStack to use."""
|
||||
|
||||
_type = 'string'
|
||||
_question = 'DNS to use'
|
||||
config_key = 'config.network.dns'
|
||||
_question = 'Upstream DNS servers to be used by instances (VMs)'
|
||||
config_key = 'config.network.dns-servers'
|
||||
|
||||
def yes(self, answer: str):
|
||||
"""Override the default dhcp_agent.ini file."""
|
||||
|
||||
file_path = '{SNAP_COMMON}/etc/neutron/dhcp_agent.ini'.format(**_env)
|
||||
|
||||
with open(file_path, 'w') as f:
|
||||
f.write("""\
|
||||
[DEFAULT]
|
||||
interface_driver = openvswitch
|
||||
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
|
||||
enable_isolated_metadata = True
|
||||
dnsmasq_dns_servers = {answer}
|
||||
""".format(answer=answer))
|
||||
|
||||
# Neutron is not actually started at this point, so we don't
|
||||
# need to restart.
|
||||
# TODO: This isn't idempotent, because it will behave
|
||||
# differently if we re-run this script when neutron *is*
|
||||
# started. Need to figure that out.
|
||||
pass
|
||||
|
||||
|
||||
class DnsDomain(ConfigQuestion):
|
||||
"""An internal DNS domain to be used for ML2 DNS."""
|
||||
|
||||
_type = 'string'
|
||||
_question = 'An internal DNS domain to be used for ML2 DNS'
|
||||
config_key = 'config.network.dns-domain'
|
||||
|
||||
def yes(self, answer: str):
|
||||
# Neutron is not actually started at this point, so we don't
|
||||
# need to restart.
|
||||
# TODO: This isn't idempotent, because it will behave
|
||||
# differently if we re-run this script when neutron *is*
|
||||
# started. Need to figure that out.
|
||||
pass
|
||||
|
||||
|
||||
class NetworkSettings(Question):
|
||||
@ -174,19 +178,46 @@ class NetworkSettings(Question):
|
||||
def yes(self, answer):
|
||||
log.info('Configuring networking ...')
|
||||
|
||||
# OpenvSwitch services may not have started up properly
|
||||
restart('ovsdb-server')
|
||||
restart('ovs-vswitchd')
|
||||
role = check_output('snapctl', 'get', 'config.cluster.role')
|
||||
|
||||
# Enable and start the services.
|
||||
enable('ovsdb-server')
|
||||
enable('ovs-vswitchd')
|
||||
enable('ovn-ovsdb-server-sb')
|
||||
enable('ovn-ovsdb-server-nb')
|
||||
|
||||
network.ExtGateway().ask()
|
||||
network.ExtCidr().ask()
|
||||
|
||||
if role == 'control':
|
||||
nb_conn = 'unix:{SNAP_COMMON}/run/ovn/ovnnb_db.sock'.format(**_env)
|
||||
sb_conn = 'unix:{SNAP_COMMON}/run/ovn/ovnsb_db.sock'.format(**_env)
|
||||
elif role == 'compute':
|
||||
control_ip = check_output('snapctl', 'get',
|
||||
'config.network.control-ip')
|
||||
sb_conn = f'tcp:{control_ip}:6642'
|
||||
# Not used by any compute node services.
|
||||
nb_conn = ''
|
||||
else:
|
||||
raise Exception(f'Unexpected node role: {role}')
|
||||
|
||||
# Configure OVN SB and NB sockets based on the role node. For
|
||||
# single-node deployments there is no need to use a TCP socket.
|
||||
check_output('snapctl', 'set',
|
||||
f'config.network.ovn-nb-connection={nb_conn}')
|
||||
check_output('snapctl', 'set',
|
||||
f'config.network.ovn-sb-connection={sb_conn}')
|
||||
|
||||
# Now that we have default or overriden values, setup the
|
||||
# bridge and write all the proper values into our config
|
||||
# files.
|
||||
check('setup-br-ex')
|
||||
check('snap-openstack', 'setup')
|
||||
|
||||
if role == 'control':
|
||||
enable('ovn-northd')
|
||||
enable('ovn-controller')
|
||||
|
||||
network.IpForwarding().ask()
|
||||
|
||||
|
||||
@ -296,7 +327,7 @@ class RabbitMq(Question):
|
||||
|
||||
def no(self, answer: str):
|
||||
log.info('Disabling local rabbit ...')
|
||||
check('snapctl', 'stop', '--disable', 'microstack.rabbitmq-server')
|
||||
disable('rabbitmq-server')
|
||||
|
||||
|
||||
class DatabaseSetup(Question):
|
||||
@ -315,16 +346,17 @@ class DatabaseSetup(Question):
|
||||
def _create_dbs(self) -> None:
|
||||
# TODO: actually use passwords here.
|
||||
for db in ('neutron', 'nova', 'nova_api', 'nova_cell0', 'cinder',
|
||||
'glance', 'keystone'):
|
||||
sql("CREATE DATABASE IF NOT EXISTS {db};".format(db=db))
|
||||
sql(
|
||||
"GRANT ALL PRIVILEGES ON {db}.* TO {db}@{control_ip} \
|
||||
IDENTIFIED BY '{db}';".format(db=db, **_env))
|
||||
'glance', 'keystone', 'placement'):
|
||||
sql("CREATE USER IF NOT EXISTS '{db}'@'{control_ip}'"
|
||||
" IDENTIFIED BY '{db}';".format(db=db, **_env))
|
||||
sql("CREATE DATABASE IF NOT EXISTS `{db}`;".format(db=db))
|
||||
sql("GRANT ALL PRIVILEGES ON {db}.* TO '{db}'@'{control_ip}';"
|
||||
"".format(db=db, **_env))
|
||||
|
||||
# Grant nova user access to cell0
|
||||
sql(
|
||||
"GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'{control_ip}' \
|
||||
IDENTIFIED BY \'nova';".format(**_env))
|
||||
"GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'{control_ip}';"
|
||||
"".format(**_env))
|
||||
|
||||
def _bootstrap(self) -> None:
|
||||
|
||||
@ -337,7 +369,8 @@ class DatabaseSetup(Question):
|
||||
'--bootstrap-password', _env['ospassword'],
|
||||
'--bootstrap-admin-url', bootstrap_url,
|
||||
'--bootstrap-internal-url', bootstrap_url,
|
||||
'--bootstrap-public-url', bootstrap_url)
|
||||
'--bootstrap-public-url', bootstrap_url,
|
||||
'--bootstrap-region-id', 'microstack')
|
||||
|
||||
def yes(self, answer: str) -> None:
|
||||
"""Setup Databases.
|
||||
@ -355,8 +388,8 @@ class DatabaseSetup(Question):
|
||||
|
||||
# Start keystone-uwsgi. We use snapctl, because systemd
|
||||
# doesn't yet know about the service.
|
||||
check('snapctl', 'start', 'microstack.nginx')
|
||||
check('snapctl', 'start', 'microstack.keystone-uwsgi')
|
||||
start('nginx')
|
||||
start('keystone-uwsgi')
|
||||
|
||||
log.info('Configuring Keystone Fernet Keys ...')
|
||||
check('snap-openstack', 'launch', 'keystone-manage',
|
||||
@ -382,7 +415,7 @@ class DatabaseSetup(Question):
|
||||
check('snapctl', 'set', 'database.ready=true')
|
||||
|
||||
log.info('Disabling local MySQL ...')
|
||||
check('snapctl', 'stop', '--disable', 'microstack.mysqld')
|
||||
disable('mysqld')
|
||||
|
||||
|
||||
class NovaHypervisor(Question):
|
||||
@ -404,11 +437,63 @@ class NovaHypervisor(Question):
|
||||
'microstack', 'compute', endpoint,
|
||||
'http://{compute_ip}:8774/v2.1'.format(**_env))
|
||||
|
||||
check('snapctl', 'start', 'microstack.nova-compute')
|
||||
start('nova-compute')
|
||||
|
||||
def no(self, answer):
|
||||
log.info('Disabling nova compute service ...')
|
||||
check('snapctl', 'stop', '--disable', 'microstack.nova-compute')
|
||||
disable('nova-compute')
|
||||
|
||||
|
||||
class NovaSpiceConsoleSetup(Question):
|
||||
"""Run the Spice HTML5 console proxy service"""
|
||||
|
||||
_type = 'boolean'
|
||||
config_key = 'config.services.spice-console'
|
||||
|
||||
def yes(self, answer):
|
||||
log.info('Configuring the Spice HTML5 console service...')
|
||||
start('nova-spicehtml5proxy')
|
||||
|
||||
def no(self, answer):
|
||||
log.info('Disabling nova compute service ...')
|
||||
disable('nova-spicehtml5proxy')
|
||||
|
||||
|
||||
class PlacementSetup(Question):
|
||||
"""Setup Placement services."""
|
||||
|
||||
_type = 'boolean'
|
||||
config_key = 'config.services.control-plane'
|
||||
|
||||
def yes(self, answer: str) -> None:
|
||||
log.info('Configuring the Placement service...')
|
||||
|
||||
if not call('openstack', 'user', 'show', 'placement'):
|
||||
check('openstack', 'user', 'create', '--domain', 'default',
|
||||
'--password', 'placement', 'placement')
|
||||
check('openstack', 'role', 'add', '--project', 'service',
|
||||
'--user', 'placement', 'admin')
|
||||
|
||||
if not call('openstack', 'service', 'show', 'placement'):
|
||||
check('openstack', 'service', 'create', '--name',
|
||||
'placement', '--description', '"Placement API"',
|
||||
'placement')
|
||||
|
||||
for endpoint in ['public', 'internal', 'admin']:
|
||||
call('openstack', 'endpoint', 'create', '--region',
|
||||
'microstack', 'placement', endpoint,
|
||||
'http://{control_ip}:8778'.format(**_env))
|
||||
|
||||
start('placement-uwsgi')
|
||||
|
||||
log.info('Running Placement DB migrations...')
|
||||
check('snap-openstack', 'launch', 'placement-manage', 'db', 'sync')
|
||||
|
||||
restart('placement-uwsgi')
|
||||
|
||||
def no(self, answer):
|
||||
log.info('Disabling the Placement service...')
|
||||
disable('placement-uwsgi')
|
||||
|
||||
|
||||
class NovaControlPlane(Question):
|
||||
@ -446,31 +531,14 @@ class NovaControlPlane(Question):
|
||||
check('openstack', 'role', 'add', '--project',
|
||||
'service', '--user', 'nova', 'admin')
|
||||
|
||||
if not call('openstack', 'user', 'show', 'placement'):
|
||||
check('openstack', 'user', 'create', '--domain', 'default',
|
||||
'--password', 'placement', 'placement')
|
||||
check('openstack', 'role', 'add', '--project', 'service',
|
||||
'--user', 'placement', 'admin')
|
||||
|
||||
if not call('openstack', 'service', 'show', 'placement'):
|
||||
check('openstack', 'service', 'create', '--name',
|
||||
'placement', '--description', '"Placement API"',
|
||||
'placement')
|
||||
|
||||
for endpoint in ['public', 'internal', 'admin']:
|
||||
call('openstack', 'endpoint', 'create', '--region',
|
||||
'microstack', 'placement', endpoint,
|
||||
'http://{control_ip}:8778'.format(**_env))
|
||||
|
||||
# Use snapctl to start nova services. We need to call them
|
||||
# out manually, because systemd doesn't know about them yet.
|
||||
# TODO: parse the output of `snapctl services` to get this
|
||||
# list automagically.
|
||||
for service in [
|
||||
'microstack.nova-api',
|
||||
]:
|
||||
check('snapctl', 'start', service)
|
||||
start('nova-api')
|
||||
|
||||
log.info('Running Nova API DB migrations'
|
||||
' (this will take a lot of time)...')
|
||||
check('snap-openstack', 'launch', 'nova-manage', 'api_db', 'sync')
|
||||
|
||||
if 'cell0' not in check_output('snap-openstack', 'launch',
|
||||
@ -485,18 +553,19 @@ class NovaControlPlane(Question):
|
||||
check('snap-openstack', 'launch', 'nova-manage', 'cell_v2',
|
||||
'create_cell', '--name=cell1', '--verbose')
|
||||
|
||||
log.info('Running Nova DB migrations'
|
||||
' (this will take a lot of time)...')
|
||||
check('snap-openstack', 'launch', 'nova-manage', 'db', 'sync')
|
||||
|
||||
restart('nova-api')
|
||||
restart('nova-compute')
|
||||
|
||||
for service in [
|
||||
'microstack.nova-api-metadata',
|
||||
'microstack.nova-conductor',
|
||||
'microstack.nova-scheduler',
|
||||
'microstack.nova-uwsgi',
|
||||
'nova-api-metadata',
|
||||
'nova-conductor',
|
||||
'nova-scheduler',
|
||||
]:
|
||||
check('snapctl', 'start', service)
|
||||
start(service)
|
||||
|
||||
nc_wait(_env['compute_ip'], '8774')
|
||||
|
||||
@ -509,13 +578,92 @@ class NovaControlPlane(Question):
|
||||
log.info('Disabling nova control plane services ...')
|
||||
|
||||
for service in [
|
||||
'microstack.nova-uwsgi',
|
||||
'microstack.nova-api',
|
||||
'microstack.nova-conductor',
|
||||
'microstack.nova-scheduler',
|
||||
'microstack.nova-api-metadata']:
|
||||
'nova-api',
|
||||
'nova-conductor',
|
||||
'nova-scheduler',
|
||||
'nova-api-metadata']:
|
||||
disable(service)
|
||||
|
||||
check('snapctl', 'stop', '--disable', service)
|
||||
|
||||
class CinderSetup(Question):
|
||||
"""Setup Placement services."""
|
||||
|
||||
_type = 'boolean'
|
||||
config_key = 'config.services.control-plane'
|
||||
|
||||
def yes(self, answer: str) -> None:
|
||||
log.info('Configuring the Cinder services...')
|
||||
|
||||
if not call('openstack', 'user', 'show', 'cinder'):
|
||||
check('openstack', 'user', 'create', '--domain', 'default',
|
||||
'--password', 'cinder', 'cinder')
|
||||
check('openstack', 'role', 'add', '--project', 'service',
|
||||
'--user', 'cinder', 'admin')
|
||||
|
||||
control_ip = _env['control_ip']
|
||||
for endpoint in ['public', 'internal', 'admin']:
|
||||
for api_version in ['v2', 'v3']:
|
||||
if not call('openstack', 'service', 'show',
|
||||
f'cinder{api_version}'):
|
||||
check('openstack', 'service', 'create', '--name',
|
||||
f'cinder{api_version}', '--description',
|
||||
f'"Cinder {api_version} API"',
|
||||
f'volume{api_version}')
|
||||
if not check_output(
|
||||
'openstack', 'endpoint', 'list',
|
||||
'--service', f'volume{api_version}', '--interface',
|
||||
endpoint):
|
||||
check(
|
||||
'openstack', 'endpoint', 'create', '--region',
|
||||
'microstack', f'volume{api_version}', endpoint,
|
||||
f'http://{control_ip}:8776/{api_version}/'
|
||||
'$(project_id)s'
|
||||
)
|
||||
restart('cinder-uwsgi')
|
||||
|
||||
log.info('Running Cinder DB migrations...')
|
||||
check('snap-openstack', 'launch', 'cinder-manage', 'db', 'sync')
|
||||
|
||||
restart('cinder-uwsgi')
|
||||
restart('cinder-scheduler')
|
||||
|
||||
def no(self, answer):
|
||||
log.info('Disabling Cinder services...')
|
||||
|
||||
for service in [
|
||||
'cinder-uwsgi',
|
||||
'cinder-scheduler',
|
||||
'cinder-volume',
|
||||
'cinder-backup']:
|
||||
disable(service)
|
||||
|
||||
|
||||
class CinderVolumeLVMSetup(Question):
|
||||
"""Setup cinder-volume with LVM."""
|
||||
|
||||
_type = 'boolean'
|
||||
config_key = 'config.cinder.setup-loop-based-cinder-lvm-backend'
|
||||
_question = ('(experimental) Do you want to setup a loop device-backed LVM'
|
||||
' volume backend for Cinder?')
|
||||
interactive = True
|
||||
|
||||
def yes(self, answer: bool) -> None:
|
||||
check('snapctl', 'set',
|
||||
f'config.cinder.setup-loop-based-cinder-lvm-backend'
|
||||
f'={str(answer).lower()}')
|
||||
log.info('Setting up cinder-volume service with the LVM backend...')
|
||||
enable('setup-lvm-loopdev')
|
||||
enable('cinder-volume')
|
||||
enable('target')
|
||||
enable('iscsid')
|
||||
|
||||
def no(self, answer: bool) -> None:
|
||||
check('snapctl', 'set', f'config.cinder.lvm.setup-file-backed-lvm='
|
||||
f'{str(answer).lower()}')
|
||||
disable('setup-lvm-loopdev')
|
||||
disable('cinder-volume')
|
||||
disable('iscsid')
|
||||
disable('target')
|
||||
|
||||
|
||||
class NeutronControlPlane(Question):
|
||||
@ -541,26 +689,16 @@ class NeutronControlPlane(Question):
|
||||
'microstack', 'network', endpoint,
|
||||
'http://{control_ip}:9696'.format(**_env))
|
||||
|
||||
for service in [
|
||||
'microstack.neutron-api',
|
||||
'microstack.neutron-dhcp-agent',
|
||||
'microstack.neutron-l3-agent',
|
||||
'microstack.neutron-metadata-agent',
|
||||
'microstack.neutron-openvswitch-agent',
|
||||
]:
|
||||
check('snapctl', 'start', service)
|
||||
start('neutron-api')
|
||||
|
||||
check('snap-openstack', 'launch', 'neutron-db-manage', 'upgrade',
|
||||
'head')
|
||||
|
||||
for service in [
|
||||
'microstack.neutron-api',
|
||||
'microstack.neutron-dhcp-agent',
|
||||
'microstack.neutron-l3-agent',
|
||||
'microstack.neutron-metadata-agent',
|
||||
'microstack.neutron-openvswitch-agent',
|
||||
'neutron-api',
|
||||
'neutron-ovn-metadata-agent',
|
||||
]:
|
||||
check('snapctl', 'restart', service)
|
||||
restart(service)
|
||||
|
||||
nc_wait(_env['control_ip'], '9696')
|
||||
|
||||
@ -594,20 +732,23 @@ class NeutronControlPlane(Question):
|
||||
neutron on this machine.
|
||||
|
||||
"""
|
||||
# Make sure that the agent is running.
|
||||
# Make sure the necessary services are enabled and started.
|
||||
for service in [
|
||||
'microstack.neutron-openvswitch-agent',
|
||||
'ovs-vswitchd',
|
||||
'ovsdb-server',
|
||||
'ovn-controller',
|
||||
'neutron-ovn-metadata-agent'
|
||||
]:
|
||||
check('snapctl', 'start', service)
|
||||
enable(service)
|
||||
|
||||
# Disable the other services.
|
||||
for service in [
|
||||
'microstack.neutron-api',
|
||||
'microstack.neutron-dhcp-agent',
|
||||
'microstack.neutron-metadata-agent',
|
||||
'microstack.neutron-l3-agent',
|
||||
'neutron-api',
|
||||
'ovn-northd',
|
||||
'ovn-ovsdb-server-sb',
|
||||
'ovn-ovsdb-server-nb',
|
||||
]:
|
||||
check('snapctl', 'stop', '--disable', service)
|
||||
disable(service)
|
||||
|
||||
|
||||
class GlanceSetup(Question):
|
||||
@ -660,10 +801,10 @@ class GlanceSetup(Question):
|
||||
'http://{compute_ip}:9292'.format(**_env))
|
||||
|
||||
for service in [
|
||||
'microstack.glance-api',
|
||||
'microstack.registry', # TODO rename to glance-registery
|
||||
'glance-api',
|
||||
'registry', # TODO rename to glance-registery
|
||||
]:
|
||||
check('snapctl', 'start', service)
|
||||
start(service)
|
||||
|
||||
check('snap-openstack', 'launch', 'glance-manage', 'db_sync')
|
||||
|
||||
@ -677,8 +818,8 @@ class GlanceSetup(Question):
|
||||
self._fetch_cirros()
|
||||
|
||||
def no(self, answer):
|
||||
check('snapctl', 'stop', '--disable', 'microstack.glance-api')
|
||||
check('snapctl', 'stop', '--disable', 'microstack.registry')
|
||||
disable('glance-api')
|
||||
disable('registry')
|
||||
|
||||
|
||||
class SecurityRules(Question):
|
||||
@ -725,9 +866,9 @@ class PostSetup(Question):
|
||||
# TODO: fix issue.
|
||||
restart('libvirtd')
|
||||
restart('virtlogd')
|
||||
restart('nova-compute')
|
||||
|
||||
# Start horizon
|
||||
check('snapctl', 'start', 'microstack.horizon-uwsgi')
|
||||
restart('horizon-uwsgi')
|
||||
|
||||
check('snapctl', 'set', 'initialized=true')
|
||||
log.info('Complete. Marked microstack as initialized!')
|
||||
@ -739,13 +880,13 @@ class SimpleServiceQuestion(Question):
|
||||
log.info('enabling and starting ' + self.__class__.__name__)
|
||||
|
||||
for service in self.services:
|
||||
check('snapctl', 'start', '--enable', service)
|
||||
enable(service)
|
||||
|
||||
log.info(self.__class__.__name__ + ' enabled')
|
||||
|
||||
def no(self, answer):
|
||||
for service in self.services:
|
||||
check('snapctl', 'stop', '--disable', service)
|
||||
disable(service)
|
||||
|
||||
|
||||
class ExtraServicesQuestion(Question):
|
||||
|
@ -2,7 +2,7 @@ import sys
|
||||
|
||||
from init.config import Env, log
|
||||
from init.questions.question import Question
|
||||
from init.shell import check, call
|
||||
from init.shell import call
|
||||
|
||||
_env = Env().get_env()
|
||||
|
||||
@ -29,7 +29,6 @@ class DeleteBridge(Question):
|
||||
|
||||
# TODO: cleanup system optimizations
|
||||
# TODO: cleanup kernel modules?
|
||||
# TODO: cleanup iptables rules
|
||||
|
||||
|
||||
class RemoveMicrostack(Question):
|
||||
@ -40,8 +39,4 @@ class RemoveMicrostack(Question):
|
||||
|
||||
def yes(self, answer):
|
||||
"""Uninstall MicroStack, passing any command line options to snapd."""
|
||||
|
||||
log.info('Uninstalling MicroStack (this may take a while) ...')
|
||||
check('snap', 'remove', '{SNAP_INSTANCE_NAME}'.format(**_env),
|
||||
*ARGS)
|
||||
log.info('MicroStack has been removed from your system!')
|
||||
|
@ -129,6 +129,16 @@ def log_wait(log: str, message: str) -> None:
|
||||
sleep(1)
|
||||
|
||||
|
||||
def start(service: str) -> None:
|
||||
"""Start a microstack service.
|
||||
|
||||
:param service: the service(s) to be started. Can contain wild cards.
|
||||
e.g. *rabbit*
|
||||
|
||||
"""
|
||||
check('snapctl', 'start', 'microstack.{}'.format(service))
|
||||
|
||||
|
||||
def restart(service: str) -> None:
|
||||
"""Restart a microstack service.
|
||||
|
||||
@ -139,6 +149,16 @@ def restart(service: str) -> None:
|
||||
check('snapctl', 'restart', 'microstack.{}'.format(service))
|
||||
|
||||
|
||||
def enable(service: str) -> None:
|
||||
"""Disable and mask a service.
|
||||
|
||||
:param service: the service(s) to be enabled. Can contain wild cards.
|
||||
e.g. *rabbit*
|
||||
|
||||
"""
|
||||
check('snapctl', 'start', '--enable', 'microstack.{}'.format(service))
|
||||
|
||||
|
||||
def disable(service: str) -> None:
|
||||
"""Disable and mask a service.
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
netaddr
|
||||
# netaddr is pinned to match the upper-constraints.txt file of Ussuri
|
||||
netaddr===0.7.19
|
||||
netifaces
|
||||
pymysql
|
||||
pymysql==0.9.3
|
||||
wget
|
||||
|
@ -9,7 +9,6 @@ setup(
|
||||
'console_scripts': [
|
||||
'microstack_init = init.main:init',
|
||||
'set_network_info = init.main:set_network_info',
|
||||
'microstack_remove = init.main:remove',
|
||||
],
|
||||
},
|
||||
)
|
||||
|
@ -7,7 +7,7 @@ import mock
|
||||
# TODO: drop in test runner and get rid of this line.
|
||||
sys.path.append(os.getcwd()) # noqa
|
||||
|
||||
from init.questions.question import (Question, InvalidQuestion, InvalidAnswer)
|
||||
from init.questions.question import (Question, InvalidQuestion, InvalidAnswer) # noqa
|
||||
|
||||
|
||||
##############################################################################
|
||||
|
@ -9,9 +9,11 @@ sudo apt update
|
||||
sudo apt install -y firefox-geckodriver python3-petname python3-selenium
|
||||
|
||||
# Setup snapd and snapcraft
|
||||
# Install snapd if it isn't installed yet (needed to install the snapd snap itself).
|
||||
sudo apt install -y snapd
|
||||
|
||||
# Build our snap!
|
||||
sudo snap install snapd
|
||||
|
||||
sudo snap install --classic snapcraft
|
||||
sudo snap install lxd
|
||||
|
||||
@ -22,4 +24,6 @@ newgrp lxd << END
|
||||
set -ex
|
||||
lxd init --auto
|
||||
snapcraft --use-lxd
|
||||
END
|
||||
# Delete the build container to free the storage space on a test node.
|
||||
lxc delete snapcraft-microstack
|
||||
END
|
||||
|
@ -20,9 +20,49 @@ MACHINE=$(petname)
|
||||
multipass launch --cpus 2 --mem 16G $DISTRO --name $MACHINE
|
||||
|
||||
# Install the snap
|
||||
multipass copy-files microstack_stein_amd64.snap $MACHINE:
|
||||
multipass copy-files microstack_ussuri_amd64.snap $MACHINE:
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap install --classic --dangerous microstack*.snap
|
||||
sudo snap install --dangerous microstack*.snap
|
||||
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:libvirt
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:netlink-audit
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:firewall-control
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:hardware-observe
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:kernel-module-observe
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:kvm
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:log-observe
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:mount-observe
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:netlink-connector
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:network-observe
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:openvswitch-support
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:process-control
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:system-observe
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:network-control
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:system-trace
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:block-devices
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:raw-usb
|
||||
multipass exec $MACHINE -- \
|
||||
sudo snap connect microstack:hugepages-control
|
||||
# TODO: add the below once the interface is merge into snapd.
|
||||
# multipass exec $MACHINE -- \
|
||||
# sudo snap connect microstack:microstack-support
|
||||
|
||||
# Drop the user into a snap shell, as root.
|
||||
multipass exec $MACHINE -- \
|
||||
|
28
tools/setup-lvm-loopdev/setup-lvm-loopdev
Executable file
28
tools/setup-lvm-loopdev/setup-lvm-loopdev
Executable file
@ -0,0 +1,28 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -ex
|
||||
|
||||
cinder_volumes_vg=`snapctl get config.cinder.lvm-backend-volume-group`
|
||||
if [ `snapctl get config.cinder.setup-loop-based-cinder-lvm-backend` = 'true' ]
|
||||
then
|
||||
loop_file=$SNAP_COMMON/cinder-lvm.img
|
||||
loop_file_size=`snapctl get config.cinder.loop-device-file-size`
|
||||
# Create a file to hold an LVM PV+VG + LVs if it does not exist.
|
||||
test -f $loop_file || fallocate -l $loop_file_size $loop_file
|
||||
# Unless this file already has an associated loop device, associate a free loop device with it.
|
||||
if [ -z `losetup -j $loop_file` ]
|
||||
then
|
||||
until losetup -f $loop_file
|
||||
do
|
||||
echo 'Waiting until the device cgroup entry is updated, see LP# 1892895'
|
||||
sleep 1
|
||||
done
|
||||
fi
|
||||
|
||||
allocated_loop_dev=`losetup -j $loop_file | cut -d':' -f 1`
|
||||
# Create a PV on the allocated loop device unless there is already one on it.
|
||||
lvmdiskscan -l --config 'devices { filter = [ "a|'$allocated_loop_dev'|", "r|.*|" ] }' | grep -q '1 LVM' || (pvcreate $allocated_loop_dev && vgcreate $cinder_volumes_vg $allocated_loop_dev && exit 0)
|
||||
fi
|
||||
|
||||
# Activate the logical volumes (relevant on node reboot).
|
||||
lvchange -a y $cinder_volumes_vg
|
Loading…
Reference in New Issue
Block a user