Add neutron agents (#17)

* Added install hooks for keystone.

* Fixed merge conflicts related to mysql reorg.

* Resolved more mysql merge conflicts.

* Resolved merge conflicts related to rabbitmq refactor.

* Added configure-the-things script to tests

* Turned off horizon for now.

* Disabled a bunch of daemons -- can reenable one by one as we verify them to be working.

* Added configure script, but exit 0 before configuring mysql -- there's something broken about the pathing.

* Fixed stray 'sudo' in configure hook, which was causing problems.

* Split uwsgi daemons into service specific directories

Enable all daemons again.

* Add .d configuration for nova, keystone and glance

* Misc updates

* Drop nova-consoleauth as its deprecated at rocky

* Rename neutron-manage -> neutron-db-manage

* Add neutron and nova hypervisor agents and configuration

* Add configuration files for new agents

* Update worker configuration

* Add libvirt support to nova parts

* Add fake sudo command to unconfuse things

scripts/mysql/mysql-startup

@@ -0,0 +1,75 @@
+#!/bin/bash
+# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+
+set -e
+init_config() {
+  mkdir "${CONFDIR}"
+  echo "Generating config file in ${CONFFILE}..."
+  touch "${CONFFILE}"
+  echo "[mysqld]"			>> ${CONFFILE}
+  echo "pid-file=${RUNDIR}/mysqld.pid"	>> ${CONFFILE}
+  echo "socket=${RUNDIR}/mysqld.sock"	>> ${CONFFILE}
+  echo "datadir=${DATADIR}"		>> ${CONFFILE}
+  echo "log-error=${LOGDIR}/error.log"	>> ${CONFFILE}
+  echo "secure-file-priv=${FILESDIR}"	>> ${CONFFILE}
+  echo "basedir=${BASEDIR}"		>> ${CONFFILE}
+  echo "[mysql]"			>> ${CONFFILE}
+  echo "socket=${RUNDIR}/mysqld.sock"	>> ${CONFFILE}
+  echo "Done"
+}
+
+init_database() {
+  echo "Initializing new database in ${DATADIR}..."
+  mkdir "${DATADIR}"
+  mysqld --defaults-file="${CONFFILE}" --initialize
+  echo "Done"
+  cat ${LOGDIR}/error.log | grep "temporary password"
+}
+
+USERID=$(id -u)
+if [ "${USERID}" = "0" ];then
+  MYSQL_SNAPDIR="${SNAP_COMMON}"
+else
+  MYSQL_SNAPDIR="${SNAP_USER_COMMON}"
+fi
+DATADIR="${MYSQL_SNAPDIR}/data"
+RUNDIR="${MYSQL_SNAPDIR}/run"
+LOGDIR="${MYSQL_SNAPDIR}/log"
+CONFDIR="${MYSQL_SNAPDIR}/conf"
+CONFFILE="${CONFDIR}/my.cnf"
+FILESDIR="${MYSQL_SNAPDIR}/files"
+BASEDIR="${SNAP}/usr"
+
+[ -d "${LOGDIR}" ]      || mkdir "${LOGDIR}"
+[ -f "${LOGDIR}/error.log" ]    || touch "${LOGDIR}/error.log"
+[ -d "${FILESDIR}" ]        || mkdir "${FILESDIR}"
+[ -d "${RUNDIR}" ]      || mkdir "${RUNDIR}"
+[ -d "${CONFDIR}" ]         || init_config
+[ -d "${DATADIR}" ]         || init_database
+
+if [ "${USERID}" = "0" ];
+then
+  # Ensure mysql user exists and that the correct permissions are set on various directories
+  getent group mysql || addgroup mysql
+  adduser --system --disabled-login --ingroup mysql --home /nonexistent --gecos "MySQL Server" --shell /bin/false mysql >/dev/null
+  chown -R mysql:mysql "${LOGDIR}" "${FILESDIR}" "${DATADIR}" "${RUNDIR}"
+  chmod 750 "${LOGDIR}" "${DATADIR}"
+  chmod 770 "${FILESDIR}"
+  chmod 755 "${RUNDIR}"
+  VARS="--user=mysql"
+fi
+echo "user=root" >> ${CONFFILE}
+echo "password=`sudo cat /var/snap/microstack/common/log/error.log | grep "temporary password" | cut -d " " -f11`" >> ${CONFFILE}

snap/bin/sudo

@@ -0,0 +1,5 @@
+#!/bin/bash
+# fake sudo script - as daemons run as root use of real sudo is not required
+# strip sudo off args and re-exec command
+
+${@}

snap/etc/glance/glance.conf.d/database.conf

@@ -0,0 +1,2 @@
+[database]
+connection = mysql+pymysql://glance:glance@localhost/glance

snap/etc/glance/glance.conf.d/keystone.conf

@@ -0,0 +1,13 @@
+[keystone_authtoken]
+auth_uri = http://localhost:5000
+auth_url = http://localhost:5000
+memcached_servers = localhost:11211
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = service
+username = glance
+password = glance
+
+[paste_deploy]
+flavor = keystone

snap/etc/keystone/keystone.conf.d/database.conf

@@ -0,0 +1,2 @@
+[database]
+connection = mysql+pymysql://keystone:keystone@localhost/keystone

snap/etc/neutron/dhcp_agent.ini

@@ -0,0 +1,4 @@
+[DEFAULT]
+interface_driver = openvswitch
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+enable_isolated_metadata = True

snap/etc/neutron/l3_agent.ini

@@ -0,0 +1,2 @@
+[DEFAULT]
+interface_driver = openvswitch

snap/etc/neutron/metadata_agent.ini

@@ -0,0 +1,3 @@
+[DEFAULT]
+nova_metadata_ip = localhost
+metadata_proxy_shared_secret = supersecret

snap/etc/neutron/neutron.conf.d/database.conf

@@ -0,0 +1,2 @@
+[database]
+connection = mysql+pymysql://neutron:neutron@localhost/neutron

snap/etc/neutron/neutron.conf.d/keystone.conf

@@ -0,0 +1,13 @@
+[DEFAULT]
+auth_strategy = keystone
+
+[keystone_authtoken]
+auth_uri = http://localhost:5000
+auth_url = http://localhost:5000
+memcached_servers = localhost:11211
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = service
+username = neutron
+password = neutron

snap/etc/neutron/neutron.conf.d/nova.conf

@@ -0,0 +1,13 @@
+[DEFAULT]
+notify_nova_on_port_status_changes = True
+notify_nova_on_port_data_changes = True
+
+[nova]
+auth_url = http://localhost:5000
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+region_name = RegionOne
+project_name = service
+username = nova
+password = nova

snap/etc/neutron/neutron.conf.d/workers.conf

@@ -0,0 +1,3 @@
+[DEFAULT]
+api_workers = 4
+rpc_workers = 4

snap/etc/neutron/plugins/ml2/ml2_conf.ini

@@ -1,6 +1,6 @@
 [ml2]
-mechanism_drivers = openvswitch,l2population
+mechanism_drivers = openvswitch
-extension_drivers = port_security
+extension_drivers = port_security,trunk,qos
 tenant_network_types = geneve,gre,vxlan
 
 [ml2_type_geneve]

snap/etc/neutron/plugins/ml2/openvswitch_agent.ini

@@ -0,0 +1,7 @@
+# Snap provided defaults for neutron-openvswitch-agent
+[securitygroup]
+enable_security_group = True
+firewall_driver = iptables_hybrid
+
+[AGENT]
+tunnel_types = geneve,vxlan,gre

snap/etc/nova/nova.conf

@@ -1,7 +1,4 @@
 # Snap distribution defaults - do not change, override in $SNAP_COMMON/etc/nova.conf.d
-[DEFAULT]
-logdir=/var/snap/nova/common/log/
-
 [wsgi]
 secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
 

snap/etc/nova/nova.conf.d/database.conf

@@ -0,0 +1,5 @@
+[database]
+connection = mysql+pymysql://nova:nova@localhost/nova
+
+[api_database]
+connection = mysql+pymysql://nova_api:nova_api@localhost/nova_api

snap/etc/nova/nova.conf.d/glance.conf

@@ -0,0 +1,2 @@
+[glance]
+api_servers = http://localhost:9292

snap/etc/nova/nova.conf.d/hypervisor.conf

@@ -0,0 +1,8 @@
+[DEFAULT]
+compute_driver = libvirt.LibvirtDriver
+
+[workarounds]
+disable_rootwrap = True
+
+[libvirt]
+virt_type = kvm

snap/etc/nova/nova.conf.d/keystone.conf

@@ -0,0 +1,13 @@
+[keystone_authtoken]
+auth_uri = http://localhost:5000
+auth_url = http://localhost:5000
+memcached_servers = localhost:11211
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = service
+username = nova
+password = nova
+
+[paste_deploy]
+flavor = keystone

snap/etc/nova/nova.conf.d/neutron.conf

@@ -0,0 +1,15 @@
+[DEFAULT]
+use_neutron = True
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
+[neutron]
+url = http://localhost:9696
+auth_url = http://localhost:5000
+memcached_servers = localhost:11211
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+region_name = RegionOne
+project_name = service
+username = neutron
+password = neutron

snap/etc/nova/nova.conf.d/nova-placement.conf

@@ -0,0 +1,9 @@
+[placement]
+os_region_name = RegionOne
+project_domain_name = default
+project_name = service
+auth_type = password
+user_domain_name = default
+auth_url = http://localhost:5000
+username = placement
+password = placement

snap/etc/nova/nova.conf.d/rabbitmq.conf

@@ -0,0 +1,2 @@
+[DEFAULT]
+transport_url = rabbit://openstack:rabbitmq@localhost

snap/etc/nova/nova.conf.d/scheduler.conf

@@ -0,0 +1,3 @@
+[scheduler]
+discover_hosts_in_cells_interval = 30
+scheduler_driver = filter_scheduler

snap/etc/nova/nova.conf.d/workers.conf

@@ -0,0 +1,9 @@
+[DEFAULT]
+osapi_compute_workers = 4
+metadata_workers = 4
+
+[conductor]
+workers = 4
+
+[scheduler]
+workers = 4

snap/hooks/configure

@@ -1,5 +1,10 @@
 #!/bin/bash -e
 
+# Openstack Prep
+# which openstack || echo "This snap currently requires the python openstack client to be installed and in your path. The intent is to add the client in before development is complete."; exit 1
+
+# QEMU Setup
+echo "qemu setup"
 driver="$(snapctl get driver)"
 
 if [[ -n $driver && ! $driver =~ (LIBVIRT|QEMU) ]]; then
@@ -15,3 +20,30 @@ if [[ $driver != $driver_saved ]]; then
     echo "$driver" > $SNAP_COMMON/driver
     snapctl restart $SNAP_NAME
 fi
+
+# MySQL Setup
+MYSQL_PASSWORD=fnord  # TODO use snapctl
+
+echo "ALTER USER 'root'@'localhost' IDENTIFIED BY 'fnord';" | mysql-start-client -u root
+
+# Keystone Setup
+echo "CREATE DATABASE IF NOT EXISTS keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';" | mysql-start-client -u root -p"$MYSQL_PASSWORD"
+
+snap-openstack keystone-manage fernet_setup --keystone-user root --keystone-group root
+snap-openstack keystone-manage db_sync
+
+sudo systemctl restart snap.microstack.*
+
+openstack user show admin || {
+    snap-openstack keystone-manage bootstrap \
+        --bootstrap-password $OS_PASSWORD \
+        --bootstrap-admin-url http://localhost:35357/v3/ \
+        --bootstrap-internal-url http://localhost:35357/v3/ \
+        --bootstrap-public-url http://localhost:5000/v3/ \
+        --bootstrap-region-id RegionOne
+}
+
+openstack project show service || {
+    openstack project create --domain default --description "Service Project" service
+}
+

snap/hooks/install

@@ -3,3 +3,62 @@ set -e
 
 install -D $SNAP/var/snap/microstack/common/libvirt/libvirtd.conf $SNAP_COMMON/libvirt/libvirtd.conf
 sed -i 's/unix_sock_group = "libvirtd"/unix_sock_group = "sudo"/' $SNAP_COMMON/libvirt/libvirtd.conf
+
+# Mysql setup script
+set -e
+init_config() {
+  mkdir "${CONFDIR}"
+  echo "Generating config file in ${CONFFILE}..."
+  touch "${CONFFILE}"
+  echo "[mysqld]"			>> ${CONFFILE}
+  echo "pid-file=${RUNDIR}/mysqld.pid"	>> ${CONFFILE}
+  echo "socket=${RUNDIR}/mysqld.sock"	>> ${CONFFILE}
+  echo "datadir=${DATADIR}"		>> ${CONFFILE}
+  echo "log-error=${LOGDIR}/error.log"	>> ${CONFFILE}
+  echo "secure-file-priv=${FILESDIR}"	>> ${CONFFILE}
+  echo "basedir=${BASEDIR}"		>> ${CONFFILE}
+  echo "[mysql]"			>> ${CONFFILE}
+  echo "socket=${RUNDIR}/mysqld.sock"	>> ${CONFFILE}
+  echo "Done"
+}
+
+init_database() {
+  echo "Initializing new database in ${DATADIR}..."
+  mkdir "${DATADIR}"
+  mysqld --defaults-file="${CONFFILE}" --initialize
+  echo "Done"
+  cat ${LOGDIR}/error.log | grep "temporary password"
+}
+
+USERID=$(id -u)
+if [ "${USERID}" = "0" ];then
+  MYSQL_SNAPDIR="${SNAP_COMMON}"
+else
+  MYSQL_SNAPDIR="${SNAP_USER_COMMON}"
+fi
+DATADIR="${MYSQL_SNAPDIR}/data"
+RUNDIR="${MYSQL_SNAPDIR}/run"
+LOGDIR="${MYSQL_SNAPDIR}/log"
+CONFDIR="${MYSQL_SNAPDIR}/conf"
+CONFFILE="${CONFDIR}/my.cnf"
+FILESDIR="${MYSQL_SNAPDIR}/files"
+BASEDIR="${SNAP}/usr"
+
+[ -d "${LOGDIR}" ]      || mkdir "${LOGDIR}"
+[ -f "${LOGDIR}/error.log" ]    || touch "${LOGDIR}/error.log"
+[ -d "${FILESDIR}" ]        || mkdir "${FILESDIR}"
+[ -d "${RUNDIR}" ]      || mkdir "${RUNDIR}"
+[ -d "${CONFDIR}" ]         || init_config
+[ -d "${DATADIR}" ]         || init_database
+
+if [ "${USERID}" = "0" ];
+then
+  # Ensure mysql user exists and that the correct permissions are set on various directories
+  getent group mysql || addgroup mysql
+  adduser --system --disabled-login --ingroup mysql --home /nonexistent --gecos "MySQL Server" --shell /bin/false mysql >/dev/null
+  chown -R mysql:mysql "${LOGDIR}" "${FILESDIR}" "${DATADIR}" "${RUNDIR}"
+  chmod 750 "${LOGDIR}" "${DATADIR}"
+  chmod 770 "${FILESDIR}"
+  chmod 755 "${RUNDIR}"
+  VARS="--user=mysql"
+fi

snap/snap-openstack.yaml

@@ -10,11 +10,14 @@ setup:
     - "{snap_common}/etc/nginx/sites-enabled"
     - "{snap_common}/etc/nginx/snap/sites-enabled"
     - "{snap_common}/etc/glance/glance.conf.d"
-    - "{snap_common}/etc/horizon/horizon.conf.d"    
+    - "{snap_common}/etc/horizon/horizon.conf.d"
-    - "{snap_common}/etc/uwsgi/snap"
+    - "{snap_common}/etc/keystone/uwsgi/snap"
+    - "{snap_common}/etc/cinder/uwsgi/snap"
+    - "{snap_common}/etc/nova/uwsgi/snap"
+    - "{snap_common}/etc/horizon/uwsgi/snap"
     - "{snap_common}/fernet-keys"
     - "{snap_common}/lib"
-    - "{snap_common}/lib/images"    
+    - "{snap_common}/lib/images"
     - "{snap_common}/lock"
     - "{snap_common}/log"
     - "{snap_common}/run"
@@ -31,6 +34,8 @@ setup:
 # TODO add local_settings.py
     horizon-snap.conf.j2: "{snap_common}/etc/horizon/horizon.conf.d/horizon-snap.conf"
     horizon-nginx.conf.j2: "{snap_common}/etc/nginx/snap/sites-enabled/horizon.conf"
+  chmod:
+    "{snap_common}/instances": 0755
 entry_points:
   keystone-manage:
     binary: "{snap}/bin/keystone-manage"
@@ -42,9 +47,9 @@ entry_points:
       - "{snap_common}/etc/keystone/keystone.conf.d"
   keystone-uwsgi:
     type: uwsgi
-    uwsgi-dir: "{snap_common}/etc/uwsgi/snap"
+    uwsgi-dir: "{snap_common}/etc/keystone/uwsgi/snap"
-    uwsgi-dir-override: "{snap_common}/etc/uwsgi"
+    uwsgi-dir-override: "{snap_common}/etc/keystone/uwsgi"
-    uwsgi-log: "{snap_common}/log/uwsgi.log"
+    uwsgi-log: "{snap_common}/log/keystone-uwsgi.log"
     config-files:
       - "{snap}/etc/keystone/keystone.conf"
     config-files-override:
@@ -53,8 +58,7 @@ entry_points:
       - "{snap_common}/etc/keystone/keystone.conf.d"
     log-file: "{snap_common}/log/keystone.log"
     templates:
-      admin.ini.j2: "{snap_common}/etc/uwsgi/snap/admin.ini"
+      keystone-api.ini.j2: "{snap_common}/etc/keystone/uwsgi/snap/keystone-api.ini"
-      public.ini.j2: "{snap_common}/etc/uwsgi/snap/public.ini"
   nginx:
     type: nginx
     config-file: "{snap_common}/etc/nginx/snap/nginx.conf"
@@ -70,9 +74,9 @@ entry_points:
     log-file: "{snap_common}/log/nova-api-os-compute.log"
   nova-uwsgi:
     type: uwsgi
-    uwsgi-dir: "{snap_common}/etc/uwsgi/snap"
+    uwsgi-dir: "{snap_common}/etc/nova/uwsgi/snap"
-    uwsgi-dir-override: "{snap_common}/etc/uwsgi"
+    uwsgi-dir-override: "{snap_common}/etc/nova/uwsgi"
-    uwsgi-log: "{snap_common}/log/uwsgi.log"
+    uwsgi-log: "{snap_common}/log/nova-uwsgi.log"
     config-files:
       - "{snap}/etc/nova/nova.conf"
     config-files-override:
@@ -82,7 +86,7 @@ entry_points:
     log-file: "{snap_common}/log/nova-placement-api.log"
     templates:
       nova-placement-api.ini.j2:
-        "{snap_common}/etc/uwsgi/snap/nova-placement-api.ini"
+        "{snap_common}/etc/nova/uwsgi/snap/nova-placement-api.ini"
   nova-conductor:
     binary: "{snap}/bin/nova-conductor"
     config-files:
@@ -101,15 +105,24 @@ entry_points:
     config-dirs:
       - "{snap_common}/etc/nova/nova.conf.d"
     log-file: "{snap_common}/log/nova-scheduler.log"
-  nova-consoleauth:
+  nova-compute:
-    binary: "{snap}/bin/nova-consoleauth"
+    binary: "{snap}/bin/nova-compute"
     config-files:
       - "{snap}/etc/nova/nova.conf"
     config-files-override:
       - "{snap_common}/etc/nova/nova.conf"
     config-dirs:
       - "{snap_common}/etc/nova/nova.conf.d"
-    log-file: "{snap_common}/log/nova-consoleauth.log"
+    log-file: "{snap_common}/log/nova-compute.log"
+  nova-api-metadata:
+    binary: "{snap}/bin/nova-api-metadata"
+    config-files:
+      - "{snap}/etc/nova/nova.conf"
+    config-files-override:
+      - "{snap_common}/etc/nova/nova.conf"
+    config-dirs:
+      - "{snap_common}/etc/nova/nova.conf.d"
+    log-file: "{snap_common}/log/nova-api-metadata.log"
   nova-manage:
     binary: "{snap}/bin/nova-manage"
     config-files:
@@ -139,6 +152,66 @@ entry_points:
     config-dirs:
       - "{snap_common}/etc/neutron/neutron.conf.d"
     log-file: "{snap_common}/log/neutron-server.log"
+  neutron-openvswitch-agent:
+    binary: "{snap}/bin/neutron-openvswitch-agent"
+    config-files:
+      - "{snap}/etc/neutron/neutron.conf"
+      - "{snap}/etc/neutron/plugins/ml2/openvswitch_agent.ini"
+    config-files-override:
+      - "{snap_common}/etc/neutron/neutron.conf"
+      - "{snap_common}/etc/neutron/plugins/ml2/openvswitch_agent.ini"
+    config-dirs:
+      - "{snap_common}/etc/neutron/neutron.conf.d"
+    log-file: "{snap_common}/log/neutron-openvswitch-agent.log"
+  neutron-ovs-cleanup:
+    binary: "{snap}/bin/neutron-ovs-cleanup"
+    config-files:
+      - "{snap}/etc/neutron/neutron.conf"
+    config-files-override:
+      - "{snap_common}/etc/neutron/neutron.conf"
+    config-dirs:
+      - "{snap_common}/etc/neutron/neutron.conf.d"
+  neutron-netns-cleanup:
+    binary: "{snap}/bin/neutron-netns-cleanup"
+    config-files:
+      - "{snap}/etc/neutron/neutron.conf"
+    config-files-override:
+      - "{snap_common}/etc/neutron/neutron.conf"
+    config-dirs:
+      - "{snap_common}/etc/neutron/neutron.conf.d"
+  neutron-l3-agent:
+    binary: "{snap}/bin/neutron-l3-agent"
+    config-files:
+      - "{snap}/etc/neutron/neutron.conf"
+      - "{snap}/etc/neutron/l3_agent.ini"
+    config-files-override:
+      - "{snap_common}/etc/neutron/neutron.conf"
+      - "{snap_common}/etc/neutron/l3_agent.ini"
+    config-dirs:
+      - "{snap_common}/etc/neutron/neutron.conf.d"
+    log-file: "{snap_common}/log/neutron-l3-agent.log"
+  neutron-dhcp-agent:
+    binary: "{snap}/bin/neutron-dhcp-agent"
+    config-files:
+      - "{snap}/etc/neutron/neutron.conf"
+      - "{snap}/etc/neutron/dhcp_agent.ini"
+    config-files-override:
+      - "{snap_common}/etc/neutron/neutron.conf"
+      - "{snap_common}/etc/neutron/dhcp_agent.ini"
+    config-dirs:
+      - "{snap_common}/etc/neutron/neutron.conf.d"
+    log-file: "{snap_common}/log/neutron-dhcp-agent.log"
+  neutron-metadata-agent:
+    binary: "{snap}/bin/neutron-metadata-agent"
+    config-files:
+      - "{snap}/etc/neutron/neutron.conf"
+      - "{snap}/etc/neutron/metadata_agent.ini"
+    config-files-override:
+      - "{snap_common}/etc/neutron/neutron.conf"
+      - "{snap_common}/etc/neutron/metadata_agent.ini"
+    config-dirs:
+      - "{snap_common}/etc/neutron/neutron.conf.d"
+    log-file: "{snap_common}/log/neutron-metadata-agent.log"
   glance-manage:
     binary: "{snap}/bin/glance-manage"
     config-files:
@@ -202,9 +275,9 @@ entry_points:
     log-file: "{snap_common}/log/cinder-volume.log"
   cinder-uwsgi:
     type: uwsgi
-    uwsgi-dir: "{snap_common}/etc/uwsgi/snap"
+    uwsgi-dir: "{snap_common}/etc/cinder/uwsgi/snap"
-    uwsgi-dir-override: "{snap_common}/etc/uwsgi"
+    uwsgi-dir-override: "{snap_common}/etc/cinder/uwsgi"
-    uwsgi-log: "{snap_common}/log/uwsgi.log"
+    uwsgi-log: "{snap_common}/log/cinder-uwsgi.log"
     config-files:
       - "{snap}/etc/cinder/cinder.conf"
     config-files-override:
@@ -213,18 +286,18 @@ entry_points:
       - "{snap_common}/etc/cinder/cinder.conf.d"
     log-file: "{snap_common}/log/cinder-api.log"
     templates:
-      cinder-api.ini.j2: "{snap_common}/etc/uwsgi/snap/cinder-api.ini"
+      cinder-api.ini.j2: "{snap_common}/etc/cinder/uwsgi/snap/cinder-api.ini"
   horizon-uwsgi:
     type: uwsgi
-    uwsgi-dir: "{snap_common}/etc/uwsgi/snap"
+    uwsgi-dir: "{snap_common}/etc/horizon/uwsgi/snap"
-    uwsgi-dir-override: "{snap_common}/etc/uwsgi"
+    uwsgi-dir-override: "{snap_common}/etc/horizon/uwsgi"
-    uwsgi-log: "{snap_common}/log/uwsgi.log"
+    uwsgi-log: "{snap_common}/log/horizon-uwsgi.log"
     config-files:
       - "{snap}/etc/horizon/horizon.conf"
     config-files-override:
       - "{snap_common}/etc/horizon/horizon.conf"
     config-dirs:
       - "{snap_common}/etc/horizon/horizon.conf.d"
-    log-file: "{snap_common}/log/horizon-api.log"
+    log-file: "{snap_common}/log/horizon.log"
     templates:
-      horizon-api.ini.j2: "{snap_common}/etc/uwsgi/snap/horizon-api.ini"
+      horizon.ini.j2: "{snap_common}/etc/horizon/uwsgi/snap/horizon.ini"

snap/templates/admin.ini.j2

@@ -1,11 +0,0 @@
-[uwsgi]
-wsgi-file = {{ snap }}/bin/keystone-wsgi-admin
-uwsgi-socket = {{ snap_common }}/run/admin.sock
-buffer-size = 65535
-master = true
-enable-threads = true
-processes = 4
-thunder-lock = true
-lazy-apps = true
-home = {{ snap }}/usr
-pyargv = {{ pyargv }}

snap/templates/horizon.ini.j2

@@ -4,8 +4,8 @@
 # the service it provides, and you may even need to provide multiple uwsgi files
 # if there is more than one wsgi application.
 [uwsgi]
-wsgi-file = {{ snap }}/bin/horizon-wsgi-file-name
+wsgi-file = {{ snap }}/bin/horizon-wsgi
-uwsgi-socket = {{ snap_common }}/run/api-name.sock
+uwsgi-socket = {{ snap_common }}/run/horizon.sock
 buffer-size = 65535
 master = true
 enable-threads = true

snap/templates/keystone-api.ini.j2

@@ -1,6 +1,6 @@
 [uwsgi]
 wsgi-file = {{ snap }}/bin/keystone-wsgi-public
-uwsgi-socket = {{ snap_common }}/run/public.sock
+uwsgi-socket = {{ snap_common }}/run/keystone-api.sock
 buffer-size = 65535
 master = true
 enable-threads = true

snap/templates/keystone-nginx.conf.j2

@@ -5,16 +5,6 @@ server {
     location / {
         include {{ snap }}/usr/conf/uwsgi_params;
         uwsgi_param SCRIPT_NAME '';
-        uwsgi_pass unix://{{ snap_common }}/run/public.sock;
+        uwsgi_pass unix://{{ snap_common }}/run/keystone-api.sock;
-    }
-}
-server {
-    listen 35357;
-    access_log {{ snap_common }}/log/nginx-access.log;
-    error_log {{ snap_common }}/log/nginx-error.log;
-    location / {
-        include {{ snap }}/usr/conf/uwsgi_params;
-        uwsgi_param SCRIPT_NAME '';
-        uwsgi_pass unix://{{ snap_common }}/run/admin.sock;
     }
 }

snap/templates/nova-snap.conf.j2

@@ -2,6 +2,9 @@
 # Set state path to writable directory
 state_path = {{ snap_common }}/lib
 
+# Set logging directory
+log-dir = {{ snap_common }}/log
+
 [oslo_concurrency]
 # Oslo Concurrency lock path
 lock_path = {{ snap_common }}/lock

snapcraft.yaml

@@ -12,8 +12,28 @@ environment:
   PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
   LC_ALL: C
   OS_PLACEMENT_CONFIG_DIR: $SNAP/etc/nova/
+  # admin rc (TODO: put this someplace more sensible)
+  OS_PROJECT_DOMAIN_NAME: default
+  OS_USER_DOMAIN_NAME: default
+  OS_PROJECT_NAME: admin
+  OS_USERNAME: admin
+  OS_PASSWORD: keystone
+  OS_AUTH_URL: http://localhost:5000
+  OS_IDENTITY_API_VERSION: 3
+  OS_IMAGE_API_VERSION: 2
 
 apps:
+  # Openstack
+  openstack:
+    command: openstack
+    plugs:
+      - network
+  configure-the-things:
+    command: bin/configure-the-things.sh
+    plugs:
+      - network
+      - process-control
+
   # Keystone
   keystone-uwsgi:
     command: snap-openstack keystone-uwsgi
@@ -46,11 +66,22 @@ apps:
     daemon: simple
     plugs:
       - network
-  nova-consoleauth:
+  nova-compute:
-    command: snap-openstack nova-consoleauth
+    command: snap-openstack nova-compute
     daemon: simple
     plugs:
-      - network
+      - network-bind
+      - network-control
+      - firewall-control
+      - hardware-observe
+      - libvirt
+      - openvswitch
+  nova-api-metadata:
+    command: snap-openstack nova-api-metadata
+    daemon: simple
+    plugs:
+      - network-bind
+      - firewall-control
   nova-manage:
     command: snap-openstack nova-manage
     plugs:
@@ -62,7 +93,58 @@ apps:
     daemon: simple
     plugs:
       - network-bind
-  neutron-manage:
+  neutron-openvswitch-agent:
+    command: snap-openstack neutron-openvswitch-agent
+    daemon: simple
+    plugs:
+      - network-bind
+      - network-control
+      - network-observe
+      - firewall-control
+      - process-control
+      - system-observe
+      - openvswitch
+  neutron-l3-agent:
+    command: snap-openstack neutron-l3-agent
+    daemon: simple
+    plugs:
+      - network-bind
+      - network-control
+      - network-observe
+      - firewall-control
+      - process-control
+      - system-observe
+      - openvswitch
+  neutron-dhcp-agent:
+    command: snap-openstack neutron-dhcp-agent
+    daemon: simple
+    plugs:
+      - network
+      - network-bind
+      - network-control
+      - network-observe
+      - process-control
+      - system-observe
+      - openvswitch
+  neutron-metadata-agent:
+    command: snap-openstack neutron-metadata-agent
+    daemon: simple
+    plugs:
+      - network
+      - network-bind
+      - network-control
+  neutron-ovs-cleanup:
+    command: snap-openstack neutron-ovs-cleanup
+    plugs:
+      - network
+      - network-control
+      - openvswitch
+  neutron-netns-cleanup:
+    command: snap-openstack neutron-netns-cleanup
+    plugs:
+      - network
+      - network-control
+  neutron-db-manage:
     command: snap-openstack neutron-db-manage
     plugs:
       - network
@@ -209,7 +291,7 @@ apps:
       - network
 
   # Horizon
-  uwsgi:
+  horizon-uwsgi:
     command: snap-openstack horizon-uwsgi
     daemon: simple
     plugs:
@@ -236,6 +318,10 @@ parts:
       - libssl-dev
       - libsqlite3-dev
 
+  configure-the-things:
+    plugin: dump
+    source: src/experiments
+
   keystone-config:
     after: [keystone]
     plugin: dump
@@ -245,6 +331,7 @@ parts:
       etc/*.ini: etc/keystone/
       etc/*.json: etc/keystone/
       etc/*.templates: etc/keystone/
+
     filesets:
       etc:
         - etc/keystone/*.conf
@@ -261,6 +348,7 @@ parts:
     python-version: python2
     source: http://tarballs.openstack.org/nova/nova-stable-rocky.tar.gz
     python-packages:
+      - libvirt-python
       - pymysql
       - uwsgi
       - python-memcached
@@ -272,6 +360,11 @@ parts:
       - libssl-dev
       - libxml2-dev
       - libxslt1-dev
+      - libvirt-dev
+    stage-packages:
+      - conntrack
+      - coreutils
+      - qemu-utils
 
   nova-config:
     after: [nova]
@@ -357,7 +450,7 @@ parts:
 
   # Openvswitch
   ovs-patches:
-    source: snap/patches/
+    source: patches/
     plugin: dump
     organize:
       '*' : patches/
@@ -554,7 +647,7 @@ parts:
       mysql-start-server: bin/mysql-start-server
       mysql-start-client: bin/mysql-start-client
 
-  # RabbitMQa
+  # RabbitMQ
   rabbitmq-server:
     source: ./scripts/rabbitmq
     plugin: dump

src/experiments/bin/configure-the-things.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -ex
+
+/var/snap/microstack/common/bin/configure-the-things.sh
+
+exit 0
+
+microstack.mysql-client -u root -p$(`sudo cat /var/snap/microstack/common/log/error.log | grep "temporary password" | cut -d " " -f11`) --connect-expired-password | echo "ALTER USER 'root'@'localhost' IDENTIFIED BY 'fnord';"

tests/configure-the-things.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+# This is a script that helps test configure and install hook commands,
+# without the need to rebuild the snap with each change. It works in
+# concert with a "configure-the-things" app in the snap, which will
+# find and run this script if you put it in the right place.
+# To use this script:
+# 1) Install microstack on a machine
+# 2) Copy (or symlink) this script into
+#    /var/snap/microstack/common/bin/configure-the-things.sh
+# 3) Run microstack.configure-the-things
+
+set -ex
+
+MYSQL_PASSWORD=fnord  # TODO use snapctl
+MYSQL_TMP_PASSWORD=`sudo cat /var/snap/microstack/common/log/error.log | grep "temporary password" | cut -d " " -f11`
+
+echo "ALTER USER 'root'@'localhost' IDENTIFIED BY 'fnord';" | microstack.mysql-client -u root -p"$MYSQL_TMP_PASSWORD" --connect-expired-password
+
+echo "CREATE DATABASE IF NOT EXISTS keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';" | sudo microstack.mysql-client -u root -p"$MYSQL_PASSWORD"
+
+sudo microstack.keystone-manage fernet_setup --keystone-user root --keystone-group root
+sudo microstack.keystone-manage db_sync
+
+sudo systemctl restart snap.microstack.*
+
+microstack.openstack user show admin || {
+    sudo microstack.keystone-manage bootstrap \
+        --bootstrap-password $OS_PASSWORD \
+        --bootstrap-admin-url http://localhost:5000/v3/ \
+        --bootstrap-internal-url http://localhost:5000/v3/ \
+        --bootstrap-public-url http://localhost:5000/v3/ \
+        --bootstrap-region-id RegionOne
+}
+
+microstack.openstack project show service || {
+    microstack.openstack project create --domain default --description "Service Project" service
+}