x/microstack
Code Issues Proposed changes

First run on snapcraft (#1)

Browse Source 
Initial smooshing of existing snaps together. Contains all the basic openstack components that are snapped, plus libvirt/qemu parts borrowed from multipass.
This commit is contained in:
Pete Vander Giessen 2018-09-21 12:24:47 +02:00 committed by GitHub
parent 87dc69a292
commit b6db5853a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 1656 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@ -3,6 +3,13 @@ __pycache__/
*.py[cod]
*$py.class
# Snap
microstack*.snap
microstack_source.tar.bz2
prime/
snap/.snapcraft
stage/
# Emacs
*~

57
patches/drop-nginx-setgroups.patch Normal file
View File

@ -0,0 +1,57 @@
Description: Drop code where nginx drops privileges for worker
processes. While setuid is covered by the browser-support plug,
setgroups isn't covered by any plugs. This code isn't required
because in strict mode we run worker processes as root:root.
The seccomp violation follows:
= Seccomp =
Time: Jun 16 01:13:15
Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=6087 comm="nginx"
exe="/snap/keystone/x1/usr/sbin/nginx" sig=31 arch=c000003e
116(setgroups) compat=0 ip=0x7f40e288af09 code=0x0
Syscall: setgroups
Suggestion:
* adjust program to not use 'setgroups' until per-snap user/groups
are supported (https://launchpad.net/bugs/1446748)
Author: Corey Bryant <corey.bryant@canonical.com>
Forwarded: no
---
src/os/unix/ngx_process_cycle.c | 22 ----------------------
1 file changed, 22 deletions(-)
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c
index 1710ea8..c428673 100644
--- a/src/os/unix/ngx_process_cycle.c
+++ b/src/os/unix/ngx_process_cycle.c
@@ -824,28 +824,6 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker)
}
}
- if (geteuid() == 0) {
- if (setgid(ccf->group) == -1) {
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
- "setgid(%d) failed", ccf->group);
- /* fatal */
- exit(2);
- }
-
- if (initgroups(ccf->username, ccf->group) == -1) {
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
- "initgroups(%s, %d) failed",
- ccf->username, ccf->group);
- }
-
- if (setuid(ccf->user) == -1) {
- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
- "setuid(%d) failed", ccf->user);
- /* fatal */
- exit(2);
- }
- }
-
if (worker >= 0) {
cpu_affinity = ngx_get_cpu_affinity(worker);
--
2.7.4

123
patches/oslo-config-dirs.patch Normal file
View File

@ -0,0 +1,123 @@
From 5256bef2fdacdb79eba386c8cad775ed996d1685 Mon Sep 17 00:00:00 2001
From: Corey Bryant <corey.bryant@canonical.com>
Date: Wed, 14 Jun 2017 09:57:23 -0400
Subject: [PATCH] Add snap package paths to default config dirs
With snap packaging (see snapcraft.io) the package is installed into a
read-only squashfs filesystem, which includes the default config. For
example, $SNAP/etc/nova/nova.conf. To override the defaults, a separate
writable directory is used, and this directory is also unique to the snap.
For example, either $SNAP_COMMON/etc/nova/nova.conf, or
$SNAP_COMMON/etc/nova/nova.conf.d/ can be used to override config.
This patch adds these snap directories to the default config paths where
oslo looks for config.
For more details on $SNAP and $SNAP_COMMON please refer to
https://snapcraft.io/docs/reference/env.
Change-Id: I83627e0f215382aedc7b32163e0303b39e8bccf8
Closes-Bug: 1696830
(cherry picked from commit 21e70e28b3015c1619dacfad8a2218b09e8109ec)
---
oslo_config/cfg.py | 19 +++++++++++++++++--
oslo_config/tests/test_cfg.py | 24 ++++++++++++++++++++++++
2 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/oslo_config/cfg.py b/oslo_config/cfg.py
index 1047bf6..a2b5b2a 100644
--- a/oslo_config/cfg.py
+++ b/oslo_config/cfg.py
@@ -614,16 +614,27 @@ def _get_config_dirs(project=None):
/etc/${project}/
/etc/
- Otherwise, these directories::
+ If a project is specified and installed from a snap package, following
+ directories are also returned:
+
+ ${SNAP}/etc/${project}
+ ${SNAP_COMMON}/etc/${project}
+
+ Otherwise, if project is not specified, these directories are returned:
~/
/etc/
"""
+ snap = os.environ.get('SNAP')
+ snap_c = os.environ.get('SNAP_COMMON')
+
cfg_dirs = [
_fixpath(os.path.join('~', '.' + project)) if project else None,
_fixpath('~'),
os.path.join('/etc', project) if project else None,
- '/etc'
+ '/etc',
+ os.path.join(snap, "etc", project) if snap and project else None,
+ os.path.join(snap_c, "etc", project) if snap_c and project else None,
]
return [x for x in cfg_dirs if x]
@@ -674,6 +685,8 @@ def find_config_files(project=None, prog=None, extension='.conf'):
~/
/etc/${project}/
/etc/
+ ${SNAP}/etc/${project}
+ ${SNAP_COMMON}/etc/${project}
We return an absolute path for (at most) one of each the default config
files, for the topmost directory it exists in.
@@ -704,6 +717,8 @@ def find_config_dirs(project=None, prog=None, extension='.conf.d'):
~/
/etc/${project}/
/etc/
+ ${SNAP}/etc/${project}
+ ${SNAP_COMMON}/etc/${project}
We return an absolute path for each of the two config dirs,
in the first place we find it (iff we find it).
diff --git a/oslo_config/tests/test_cfg.py b/oslo_config/tests/test_cfg.py
index 6a46884..0f7db8c 100644
--- a/oslo_config/tests/test_cfg.py
+++ b/oslo_config/tests/test_cfg.py
@@ -208,6 +208,18 @@ class FindConfigFilesTestCase(BaseTestCase):
self.assertEqual(cfg.find_config_files(project='blaa'), config_files)
+ def test_find_config_files_snap(self):
+ config_files = ['/snap/nova/current/etc/blaa/blaa.conf']
+ fake_env = {'SNAP': '/snap/nova/current/',
+ 'SNAP_COMMON': '/var/snap/nova/common/'}
+
+ self.useFixture(fixtures.MonkeyPatch('sys.argv', ['foo']))
+ self.useFixture(fixtures.MonkeyPatch('os.path.exists',
+ lambda p: p in config_files))
+ self.useFixture(fixtures.MonkeyPatch('os.environ', fake_env))
+
+ self.assertEqual(cfg.find_config_files(project='blaa'), config_files)
+
def test_find_config_files_with_extension(self):
config_files = ['/etc/foo.json']
@@ -233,6 +245,18 @@ class FindConfigDirsTestCase(BaseTestCase):
self.assertEqual(cfg.find_config_dirs(project='blaa'), config_dirs)
+ def test_find_config_dirs_snap(self):
+ config_dirs = ['/var/snap/nova/common/etc/blaa/blaa.conf.d']
+ fake_env = {'SNAP': '/snap/nova/current/',
+ 'SNAP_COMMON': '/var/snap/nova/common/'}
+
+ self.useFixture(fixtures.MonkeyPatch('sys.argv', ['foo']))
+ self.useFixture(fixtures.MonkeyPatch('os.path.exists',
+ lambda p: p in config_dirs))
+ self.useFixture(fixtures.MonkeyPatch('os.environ', fake_env))
+
+ self.assertEqual(cfg.find_config_dirs(project='blaa'), config_dirs)
+
def test_find_config_dirs_non_exists(self):
self.useFixture(fixtures.MonkeyPatch('sys.argv', ['foo']))
self.assertEqual(cfg.find_config_dirs(project='blaa'), [])
--
2.7.4

18
snap/bin/launch-libvirtd Executable file
View File

@ -0,0 +1,18 @@
#!/bin/sh -e
if [ "$SNAP_ARCH" = "amd64" ]; then
ARCH="x86_64-linux-gnu"
elif [ "$SNAP_ARCH" = "armhf" ]; then
ARCH="arm-linux-gnueabihf"
elif [ "$SNAP_ARCH" = "arm64" ]; then
ARCH="aarch64-linux-gnu"
else
ARCH="$SNAP_ARCH-linux-gnu"
fi
driver="$(snapctl get driver)"
if [ "$driver" = "LIBVIRT" ]; then
export LD_LIBRARY_PATH=$SNAP/lib/$ARCH:$SNAP/usr/lib/$ARCH:$LD_LIBRARY_PATH
exec $SNAP/sbin/libvirtd
fi

16
snap/bin/ovs-wrapper Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
set -e
export OVS_LOGDIR=${SNAP_COMMON}/log/openvswitch
export OVS_RUNDIR=${SNAP_COMMON}/run/openvswitch
export OVS_SYSCONFDIR=${SNAP_COMMON}/etc
export OVS_PKGDATADIR=${SNAP}/share/openvswitch
export OVS_BINDIR=${SNAP}/bin
export OVS_SBINDIR=${SNAP}/sbin
mkdir -p ${OVS_LOGDIR}
mkdir -p ${OVS_RUNDIR}
mkdir -p ${OVS_SYSCONFDIR}/openvswitch
exec $@

3
snap/etc/keystone/keystone.conf Normal file
View File

@ -0,0 +1,3 @@
# Snap distribution defaults - do not change
[database]
max_retries = -1

4
snap/etc/neutron/neutron.conf Normal file
View File

@ -0,0 +1,4 @@
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

13
snap/etc/neutron/plugins/ml2/ml2_conf.ini Normal file
View File

@ -0,0 +1,13 @@
[ml2]
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
tenant_network_types = geneve,gre,vxlan
[ml2_type_geneve]
vni_ranges = 1:65535
[ml2_type_gre]
tunnel_id_ranges = 1:65535
[ml2_type_vxlan]
vni_ranges = 1:65535

9
snap/etc/nova/nova.conf Normal file
View File

@ -0,0 +1,9 @@
# Snap distribution defaults - do not change, override in $SNAP_COMMON/etc/nova.conf.d
[DEFAULT]
logdir=/var/snap/nova/common/log/
[wsgi]
secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
[database]
max_retries = -1

514
snap/etc/nova/policy.yaml Normal file
View File

@ -0,0 +1,514 @@
#
"os_compute_api:os-admin-actions:discoverable": "@"
#
"os_compute_api:os-admin-actions:reset_state": "rule:admin_api"
#
"os_compute_api:os-admin-actions:inject_network_info": "rule:admin_api"
#
"os_compute_api:os-admin-actions": "rule:admin_api"
#
"os_compute_api:os-admin-actions:reset_network": "rule:admin_api"
#
"os_compute_api:os-admin-password:discoverable": "@"
#
"os_compute_api:os-admin-password": "rule:admin_or_owner"
#
"os_compute_api:os-agents": "rule:admin_api"
#
"os_compute_api:os-agents:discoverable": "@"
#
"os_compute_api:os-aggregates:set_metadata": "rule:admin_api"
#
"os_compute_api:os-aggregates:add_host": "rule:admin_api"
#
"os_compute_api:os-aggregates:discoverable": "@"
#
"os_compute_api:os-aggregates:create": "rule:admin_api"
#
"os_compute_api:os-aggregates:remove_host": "rule:admin_api"
#
"os_compute_api:os-aggregates:update": "rule:admin_api"
#
"os_compute_api:os-aggregates:index": "rule:admin_api"
#
"os_compute_api:os-aggregates:delete": "rule:admin_api"
#
"os_compute_api:os-aggregates:show": "rule:admin_api"
#
"os_compute_api:os-assisted-volume-snapshots:create": "rule:admin_api"
#
"os_compute_api:os-assisted-volume-snapshots:delete": "rule:admin_api"
#
"os_compute_api:os-assisted-volume-snapshots:discoverable": "@"
#
"os_compute_api:os-attach-interfaces": "rule:admin_or_owner"
#
"os_compute_api:os-attach-interfaces:discoverable": "@"
# Controls who can attach an interface to an instance
"os_compute_api:os-attach-interfaces:create": "rule:admin_or_owner"
# Controls who can detach an interface from an instance
"os_compute_api:os-attach-interfaces:delete": "rule:admin_or_owner"
#
"os_compute_api:os-availability-zone:list": "rule:admin_or_owner"
#
"os_compute_api:os-availability-zone:discoverable": "@"
#
"os_compute_api:os-availability-zone:detail": "rule:admin_api"
#
"os_compute_api:os-baremetal-nodes:discoverable": "@"
#
"os_compute_api:os-baremetal-nodes": "rule:admin_api"
#
"context_is_admin": "role:admin"
#
"admin_or_owner": "is_admin:True or project_id:%(project_id)s"
#
"admin_api": "is_admin:True"
#
"network:attach_external_network": "is_admin:True"
#
"os_compute_api:os-block-device-mapping:discoverable": "@"
#
"os_compute_api:os-block-device-mapping-v1:discoverable": "@"
#
"os_compute_api:os-cells:discoverable": "@"
#
"os_compute_api:os-cells:update": "rule:admin_api"
#
"os_compute_api:os-cells:create": "rule:admin_api"
#
"os_compute_api:os-cells": "rule:admin_api"
#
"os_compute_api:os-cells:sync_instances": "rule:admin_api"
#
"os_compute_api:os-cells:delete": "rule:admin_api"
#
"cells_scheduler_filter:DifferentCellFilter": "is_admin:True"
#
"cells_scheduler_filter:TargetCellFilter": "is_admin:True"
#
"os_compute_api:os-certificates:discoverable": "@"
#
"os_compute_api:os-certificates:create": "rule:admin_or_owner"
#
"os_compute_api:os-certificates:show": "rule:admin_or_owner"
#
"os_compute_api:os-cloudpipe": "rule:admin_api"
#
"os_compute_api:os-cloudpipe:discoverable": "@"
#
"os_compute_api:os-config-drive:discoverable": "@"
#
"os_compute_api:os-config-drive": "rule:admin_or_owner"
#
"os_compute_api:os-console-auth-tokens:discoverable": "@"
#
"os_compute_api:os-console-auth-tokens": "rule:admin_api"
#
"os_compute_api:os-console-output:discoverable": "@"
#
"os_compute_api:os-console-output": "rule:admin_or_owner"
#
"os_compute_api:os-consoles:create": "rule:admin_or_owner"
#
"os_compute_api:os-consoles:show": "rule:admin_or_owner"
#
"os_compute_api:os-consoles:delete": "rule:admin_or_owner"
#
"os_compute_api:os-consoles:discoverable": "@"
#
"os_compute_api:os-consoles:index": "rule:admin_or_owner"
#
"os_compute_api:os-create-backup:discoverable": "@"
#
"os_compute_api:os-create-backup": "rule:admin_or_owner"
#
"os_compute_api:os-deferred-delete:discoverable": "@"
#
"os_compute_api:os-deferred-delete": "rule:admin_or_owner"
#
"os_compute_api:os-evacuate:discoverable": "@"
#
"os_compute_api:os-evacuate": "rule:admin_api"
#
"os_compute_api:os-extended-availability-zone": "rule:admin_or_owner"
#
"os_compute_api:os-extended-availability-zone:discoverable": "@"
#
"os_compute_api:os-extended-server-attributes": "rule:admin_api"
#
"os_compute_api:os-extended-server-attributes:discoverable": "@"
#
"os_compute_api:os-extended-status:discoverable": "@"
#
"os_compute_api:os-extended-status": "rule:admin_or_owner"
#
"os_compute_api:os-extended-volumes": "rule:admin_or_owner"
#
"os_compute_api:os-extended-volumes:discoverable": "@"
#
"os_compute_api:extension_info:discoverable": "@"
#
"os_compute_api:extensions": "rule:admin_or_owner"
#
"os_compute_api:extensions:discoverable": "@"
#
"os_compute_api:os-fixed-ips:discoverable": "@"
#
"os_compute_api:os-fixed-ips": "rule:admin_api"
#
"os_compute_api:os-flavor-access:add_tenant_access": "rule:admin_api"
#
"os_compute_api:os-flavor-access:discoverable": "@"
#
"os_compute_api:os-flavor-access:remove_tenant_access": "rule:admin_api"
#
"os_compute_api:os-flavor-access": "rule:admin_or_owner"
#
"os_compute_api:os-flavor-extra-specs:show": "rule:admin_or_owner"
#
"os_compute_api:os-flavor-extra-specs:create": "rule:admin_api"
#
"os_compute_api:os-flavor-extra-specs:discoverable": "@"
#
"os_compute_api:os-flavor-extra-specs:update": "rule:admin_api"
#
"os_compute_api:os-flavor-extra-specs:delete": "rule:admin_api"
#
"os_compute_api:os-flavor-extra-specs:index": "rule:admin_or_owner"
#
"os_compute_api:os-flavor-manage": "rule:admin_api"
#
"os_compute_api:os-flavor-manage:discoverable": "@"
#
"os_compute_api:os-flavor-rxtx": "rule:admin_or_owner"
#
"os_compute_api:os-flavor-rxtx:discoverable": "@"
#
"os_compute_api:flavors:discoverable": "@"
#
"os_compute_api:flavors": "rule:admin_or_owner"
#
"os_compute_api:os-floating-ip-dns": "rule:admin_or_owner"
#
"os_compute_api:os-floating-ip-dns:domain:update": "rule:admin_api"
#
"os_compute_api:os-floating-ip-dns:discoverable": "@"
#
"os_compute_api:os-floating-ip-dns:domain:delete": "rule:admin_api"
#
"os_compute_api:os-floating-ip-pools:discoverable": "@"
#
"os_compute_api:os-floating-ip-pools": "rule:admin_or_owner"
#
"os_compute_api:os-floating-ips": "rule:admin_or_owner"
#
"os_compute_api:os-floating-ips:discoverable": "@"
#
"os_compute_api:os-floating-ips-bulk:discoverable": "@"
#
"os_compute_api:os-floating-ips-bulk": "rule:admin_api"
#
"os_compute_api:os-fping:all_tenants": "rule:admin_api"
#
"os_compute_api:os-fping:discoverable": "@"
#
"os_compute_api:os-fping": "rule:admin_or_owner"
#
"os_compute_api:os-hide-server-addresses:discoverable": "@"
#
"os_compute_api:os-hide-server-addresses": "is_admin:False"
#
"os_compute_api:os-hosts:discoverable": "@"
#
"os_compute_api:os-hosts": "rule:admin_api"
#
"os_compute_api:os-hypervisors:discoverable": "@"
#
"os_compute_api:os-hypervisors": "rule:admin_api"
#
"os_compute_api:image-metadata:discoverable": "@"
#
"os_compute_api:image-size:discoverable": "@"
#
"os_compute_api:image-size": "rule:admin_or_owner"
#
"os_compute_api:images:discoverable": "@"
#
"os_compute_api:os-instance-actions:events": "rule:admin_api"
#
"os_compute_api:os-instance-actions": "rule:admin_or_owner"
#
"os_compute_api:os-instance-actions:discoverable": "@"
#
"os_compute_api:os-instance-usage-audit-log": "rule:admin_api"
#
"os_compute_api:os-instance-usage-audit-log:discoverable": "@"
#
"os_compute_api:ips:discoverable": "@"
#
"os_compute_api:ips:show": "rule:admin_or_owner"
#
"os_compute_api:ips:index": "rule:admin_or_owner"
#
"os_compute_api:os-keypairs:discoverable": "@"
#
"os_compute_api:os-keypairs:index": "rule:admin_api or user_id:%(user_id)s"
#
"os_compute_api:os-keypairs:create": "rule:admin_api or user_id:%(user_id)s"
#
"os_compute_api:os-keypairs:delete": "rule:admin_api or user_id:%(user_id)s"
#
"os_compute_api:os-keypairs:show": "rule:admin_api or user_id:%(user_id)s"
#
"os_compute_api:os-keypairs": "rule:admin_or_owner"
#
"os_compute_api:limits:discoverable": "@"
#
"os_compute_api:limits": "rule:admin_or_owner"
#
"os_compute_api:os-lock-server:discoverable": "@"
#
"os_compute_api:os-lock-server:lock": "rule:admin_or_owner"
#
"os_compute_api:os-lock-server:unlock:unlock_override": "rule:admin_api"
#
"os_compute_api:os-lock-server:unlock": "rule:admin_or_owner"
#
"os_compute_api:os-migrate-server:migrate": "rule:admin_api"
#
"os_compute_api:os-migrate-server:discoverable": "@"
#
"os_compute_api:os-migrate-server:migrate_live": "rule:admin_api"
#
"os_compute_api:os-migrations:index": "rule:admin_api"
#
"os_compute_api:os-migrations:discoverable": "@"
#
"os_compute_api:os-multinic": "rule:admin_or_owner"
#
"os_compute_api:os-multinic:discoverable": "@"
#
"os_compute_api:os-multiple-create:discoverable": "@"
#
"os_compute_api:os-networks:discoverable": "@"
#
"os_compute_api:os-networks": "rule:admin_api"
#
"os_compute_api:os-networks:view": "rule:admin_or_owner"
#
"os_compute_api:os-networks-associate": "rule:admin_api"
#
"os_compute_api:os-networks-associate:discoverable": "@"
#
"os_compute_api:os-pause-server:unpause": "rule:admin_or_owner"
#
"os_compute_api:os-pause-server:discoverable": "@"
#
"os_compute_api:os-pause-server:pause": "rule:admin_or_owner"
#
"os_compute_api:os-pci:index": "rule:admin_api"
#
"os_compute_api:os-pci:detail": "rule:admin_api"
#
"os_compute_api:os-pci:pci_servers": "rule:admin_or_owner"
#
"os_compute_api:os-pci:show": "rule:admin_api"
#
"os_compute_api:os-pci:discoverable": "@"
#
"os_compute_api:os-quota-class-sets:show": "is_admin:True or quota_class:%(quota_class)s"
#
"os_compute_api:os-quota-class-sets:discoverable": "@"
#
"os_compute_api:os-quota-class-sets:update": "rule:admin_api"
#
"os_compute_api:os-quota-sets:update": "rule:admin_api"
#
"os_compute_api:os-quota-sets:defaults": "@"
#
"os_compute_api:os-quota-sets:show": "rule:admin_or_owner"
#
"os_compute_api:os-quota-sets:delete": "rule:admin_api"
#
"os_compute_api:os-quota-sets:discoverable": "@"
#
"os_compute_api:os-quota-sets:detail": "rule:admin_api"
#
"os_compute_api:os-remote-consoles": "rule:admin_or_owner"
#
"os_compute_api:os-remote-consoles:discoverable": "@"
#
"os_compute_api:os-rescue:discoverable": "@"
#
"os_compute_api:os-rescue": "rule:admin_or_owner"
#
"os_compute_api:os-scheduler-hints:discoverable": "@"
#
"os_compute_api:os-security-group-default-rules:discoverable": "@"
#
"os_compute_api:os-security-group-default-rules": "rule:admin_api"
#
"os_compute_api:os-security-groups": "rule:admin_or_owner"
#
"os_compute_api:os-security-groups:discoverable": "@"
#
"os_compute_api:os-server-diagnostics": "rule:admin_api"
#
"os_compute_api:os-server-diagnostics:discoverable": "@"
#
"os_compute_api:os-server-external-events:create": "rule:admin_api"
#
"os_compute_api:os-server-external-events:discoverable": "@"
#
"os_compute_api:os-server-groups:discoverable": "@"
#
"os_compute_api:os-server-groups": "rule:admin_or_owner"
#
"os_compute_api:server-metadata:index": "rule:admin_or_owner"
#
"os_compute_api:server-metadata:show": "rule:admin_or_owner"
#
"os_compute_api:server-metadata:create": "rule:admin_or_owner"
#
"os_compute_api:server-metadata:discoverable": "@"
#
"os_compute_api:server-metadata:update_all": "rule:admin_or_owner"
#
"os_compute_api:server-metadata:delete": "rule:admin_or_owner"
#
"os_compute_api:server-metadata:update": "rule:admin_or_owner"
#
"os_compute_api:os-server-password": "rule:admin_or_owner"
#
"os_compute_api:os-server-password:discoverable": "@"
#
"os_compute_api:os-server-tags:delete_all": "@"
#
"os_compute_api:os-server-tags:index": "@"
#
"os_compute_api:os-server-tags:update_all": "@"
#
"os_compute_api:os-server-tags:delete": "@"
#
"os_compute_api:os-server-tags:update": "@"
#
"os_compute_api:os-server-tags:show": "@"
#
"os_compute_api:os-server-tags:discoverable": "@"
#
"os_compute_api:os-server-usage": "rule:admin_or_owner"
#
"os_compute_api:os-server-usage:discoverable": "@"
#
"os_compute_api:servers:index": "rule:admin_or_owner"
#
"os_compute_api:servers:detail": "rule:admin_or_owner"
#
"os_compute_api:servers:detail:get_all_tenants": "rule:admin_api"
#
"os_compute_api:servers:index:get_all_tenants": "rule:admin_api"
#
"os_compute_api:servers:show": "rule:admin_or_owner"
#
"os_compute_api:servers:show:host_status": "rule:admin_api"
#
"os_compute_api:servers:create": "rule:admin_or_owner"
#
"os_compute_api:servers:create:forced_host": "rule:admin_api"
#
"os_compute_api:servers:create:attach_volume": "rule:admin_or_owner"
#
"os_compute_api:servers:create:attach_network": "rule:admin_or_owner"
#
"os_compute_api:servers:delete": "rule:admin_or_owner"
#
"os_compute_api:servers:update": "rule:admin_or_owner"
#
"os_compute_api:servers:confirm_resize": "rule:admin_or_owner"
#
"os_compute_api:servers:revert_resize": "rule:admin_or_owner"
#
"os_compute_api:servers:reboot": "rule:admin_or_owner"
#
"os_compute_api:servers:resize": "rule:admin_or_owner"
#
"os_compute_api:servers:rebuild": "rule:admin_or_owner"
#
"os_compute_api:servers:create_image": "rule:admin_or_owner"
#
"os_compute_api:servers:create_image:allow_volume_backed": "rule:admin_or_owner"
#
"os_compute_api:servers:start": "rule:admin_or_owner"
#
"os_compute_api:servers:stop": "rule:admin_or_owner"
#
"os_compute_api:servers:trigger_crash_dump": "rule:admin_or_owner"
#
"os_compute_api:servers:discoverable": "@"
#
"os_compute_api:servers:migrations:show": "rule:admin_api"
#
"os_compute_api:servers:migrations:force_complete": "rule:admin_api"
#
"os_compute_api:servers:migrations:delete": "rule:admin_api"
#
"os_compute_api:servers:migrations:index": "rule:admin_api"
#
"os_compute_api:server-migrations:discoverable": "@"
#
"os_compute_api:os-services": "rule:admin_api"
#
"os_compute_api:os-services:discoverable": "@"
#
"os_compute_api:os-shelve:shelve": "rule:admin_or_owner"
#
"os_compute_api:os-shelve:unshelve": "rule:admin_or_owner"
#
"os_compute_api:os-shelve:shelve_offload": "rule:admin_api"
#
"os_compute_api:os-shelve:discoverable": "@"
#
"os_compute_api:os-simple-tenant-usage:show": "rule:admin_or_owner"
#
"os_compute_api:os-simple-tenant-usage:list": "rule:admin_api"
#
"os_compute_api:os-simple-tenant-usage:discoverable": "@"
#
"os_compute_api:os-suspend-server:resume": "rule:admin_or_owner"
#
"os_compute_api:os-suspend-server:suspend": "rule:admin_or_owner"
#
"os_compute_api:os-suspend-server:discoverable": "@"
#
"os_compute_api:os-tenant-networks": "rule:admin_or_owner"
#
"os_compute_api:os-tenant-networks:discoverable": "@"
#
"os_compute_api:os-used-limits:discoverable": "@"
#
"os_compute_api:os-used-limits": "rule:admin_api"
#
"os_compute_api:os-user-data:discoverable": "@"
#
"os_compute_api:versions:discoverable": "@"
#
"os_compute_api:os-virtual-interfaces:discoverable": "@"
#
"os_compute_api:os-virtual-interfaces": "rule:admin_or_owner"
#
"os_compute_api:os-volumes:discoverable": "@"
#
"os_compute_api:os-volumes": "rule:admin_or_owner"
#
"os_compute_api:os-volumes-attachments:index": "rule:admin_or_owner"
#
"os_compute_api:os-volumes-attachments:create": "rule:admin_or_owner"
#
"os_compute_api:os-volumes-attachments:show": "rule:admin_or_owner"
#
"os_compute_api:os-volumes-attachments:discoverable": "@"
#
"os_compute_api:os-volumes-attachments:update": "rule:admin_api"
#
"os_compute_api:os-volumes-attachments:delete": "rule:admin_or_owner"

17
snap/hooks/configure vendored Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash -e
driver="$(snapctl get driver)"
if [[ -n $driver && ! $driver =~ (LIBVIRT|QEMU) ]]; then
echo "\"$driver\" is not a supported virtualization driver"
exit 1
fi
driver_saved="$(cat $SNAP_COMMON/driver)" || true
driver=${driver:-QEMU}
driver_saved=${driver_saved:-QEMU}
if [[ $driver != $driver_saved ]]; then
echo "$driver" > $SNAP_COMMON/driver
snapctl restart $SNAP_NAME
fi

5
snap/hooks/install Executable file
View File

@ -0,0 +1,5 @@
#!/bin/sh
set -e
install -D $SNAP/var/snap/microstack/common/libvirt/libvirtd.conf $SNAP_COMMON/libvirt/libvirtd.conf
sed -i 's/unix_sock_group = "libvirtd"/unix_sock_group = "sudo"/' $SNAP_COMMON/libvirt/libvirtd.conf

7
snap/hooks/post-refresh Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
set -e
if [ ! -f $SNAP_COMMON/libvirt/libvirtd.conf ]; then
install -D $SNAP/var/snap/microstack/common/libvirt/libvirtd.conf $SNAP_COMMON/libvirt/libvirtd.conf
sed -i 's/unix_sock_group = "libvirtd"/unix_sock_group = "sudo"/' $SNAP_COMMON/libvirt/libvirtd.conf
fi

31
snap/patches/openvswitch/0001-ovs-kmod-ctl-source-ovs-lib-dynamically.patch Normal file
View File

@ -0,0 +1,31 @@
From fdf38dcad424c00d39b5c128ddb06b93606a639b Mon Sep 17 00:00:00 2001
From: James Page <james.page@ubuntu.com>
Date: Wed, 19 Sep 2018 09:13:48 +0200
Subject: [PATCH] ovs-kmod-ctl: source ovs-lib dynamically
Determine installation location of ovs-lib using runtime location
of script, rather than build-time parameters.
---
utilities/ovs-kmod-ctl.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/utilities/ovs-kmod-ctl.in b/utilities/ovs-kmod-ctl.in
index 13ccfcf73..19f100964 100644
--- a/utilities/ovs-kmod-ctl.in
+++ b/utilities/ovs-kmod-ctl.in
@@ -14,7 +14,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-. "@pkgdatadir@/scripts/ovs-lib" || exit 1
+case $0 in
+ */*) dir0=`echo "$0" | sed 's,/[^/]*$,,'` ;;
+ *) dir0=./ ;;
+esac
+. "$dir0/ovs-lib" || exit 1
for dir in "$sbindir" "$bindir" /sbin /bin /usr/sbin /usr/bin; do
case :$PATH: in
--
2.17.1

160
snap/snap-openstack.yaml Normal file
View File

@ -0,0 +1,160 @@
setup:
dirs:
- "{snap_common}/etc/keystone/keystone.conf.d"
- "{snap_common}/etc/nova/nova.conf.d"
- "{snap_common}/etc/neutron/neutron.conf.d"
- "{snap_common}/etc/neutron/plugins/ml2"
- "{snap_common}/etc/neutron/policy.d"
- "{snap_common}/etc/neutron/rootwrap.d"
- "{snap_common}/etc/nginx/sites-enabled"
- "{snap_common}/etc/nginx/snap/sites-enabled"
- "{snap_common}/etc/glance/glance.conf.d"
- "{snap_common}/etc/uwsgi/snap"
- "{snap_common}/fernet-keys"
- "{snap_common}/lib"
- "{snap_common}/lib/images"
- "{snap_common}/lock"
- "{snap_common}/log"
- "{snap_common}/run"
templates:
keystone-nginx.conf.j2: "{snap_common}/etc/nginx/snap/sites-enabled/keystone.conf"
keystone-snap.conf.j2: "{snap_common}/etc/keystone/keystone.conf.d/keystone-snap.conf"
neutron-snap.conf.j2: "{snap_common}/etc/neutron/neutron.conf.d/neutron-snap.conf"
nginx.conf.j2: "{snap_common}/etc/nginx/snap/nginx.conf"
nova-snap.conf.j2: "{snap_common}/etc/nova/nova.conf.d/nova-snap.conf"
nova-nginx.conf.j2: "{snap_common}/etc/nginx/snap/sites-enabled/nova.conf"
glance-snap.conf.j2: "{snap_common}/etc/glance/glance.conf.d/glance-snap.conf"
entry_points:
keystone-manage:
binary: "{snap}/bin/keystone-manage"
config-files:
- "{snap}/etc/keystone/keystone.conf"
config-files-override:
- "{snap_common}/etc/keystone/keystone.conf"
config-dirs:
- "{snap_common}/etc/keystone/keystone.conf.d"
keystone-uwsgi:
type: uwsgi
uwsgi-dir: "{snap_common}/etc/uwsgi/snap"
uwsgi-dir-override: "{snap_common}/etc/uwsgi"
uwsgi-log: "{snap_common}/log/uwsgi.log"
config-files:
- "{snap}/etc/keystone/keystone.conf"
config-files-override:
- "{snap_common}/etc/keystone/keystone.conf"
config-dirs:
- "{snap_common}/etc/keystone/keystone.conf.d"
log-file: "{snap_common}/log/keystone.log"
templates:
admin.ini.j2: "{snap_common}/etc/uwsgi/snap/admin.ini"
public.ini.j2: "{snap_common}/etc/uwsgi/snap/public.ini"
nginx:
type: nginx
config-file: "{snap_common}/etc/nginx/snap/nginx.conf"
config-file-override: "{snap_common}/etc/nginx/nginx.conf"
nova-api-os-compute:
binary: "{snap}/bin/nova-api-os-compute"
config-files:
- "{snap}/etc/nova/nova.conf"
config-files-override:
- "{snap_common}/etc/nova/nova.conf"
config-dirs:
- "{snap_common}/etc/nova/nova.conf.d"
log-file: "{snap_common}/log/nova-api-os-compute.log"
nova-uwsgi:
type: uwsgi
uwsgi-dir: "{snap_common}/etc/uwsgi/snap"
uwsgi-dir-override: "{snap_common}/etc/uwsgi"
uwsgi-log: "{snap_common}/log/uwsgi.log"
config-files:
- "{snap}/etc/nova/nova.conf"
config-files-override:
- "{snap_common}/etc/nova/nova.conf"
config-dirs:
- "{snap_common}/etc/nova/nova.conf.d"
log-file: "{snap_common}/log/nova-placement-api.log"
templates:
nova-placement-api.ini.j2:
"{snap_common}/etc/uwsgi/snap/nova-placement-api.ini"
nova-conductor:
binary: "{snap}/bin/nova-conductor"
config-files:
- "{snap}/etc/nova/nova.conf"
config-files-override:
- "{snap_common}/etc/nova/nova.conf"
config-dirs:
- "{snap_common}/etc/nova/nova.conf.d"
log-file: "{snap_common}/log/nova-conductor.log"
nova-scheduler:
binary: "{snap}/bin/nova-scheduler"
config-files:
- "{snap}/etc/nova/nova.conf"
config-files-override:
- "{snap_common}/etc/nova/nova.conf"
config-dirs:
- "{snap_common}/etc/nova/nova.conf.d"
log-file: "{snap_common}/log/nova-scheduler.log"
nova-consoleauth:
binary: "{snap}/bin/nova-consoleauth"
config-files:
- "{snap}/etc/nova/nova.conf"
config-files-override:
- "{snap_common}/etc/nova/nova.conf"
config-dirs:
- "{snap_common}/etc/nova/nova.conf.d"
log-file: "{snap_common}/log/nova-consoleauth.log"
nova-manage:
binary: "{snap}/bin/nova-manage"
config-files:
- "{snap}/etc/nova/nova.conf"
config-files-override:
- "{snap_common}/etc/nova/nova.conf"
config-dirs:
- "{snap_common}/etc/nova/nova.conf.d"
neutron-db-manage:
binary: "{snap}/bin/neutron-db-manage"
config-files:
- "{snap}/etc/neutron/neutron.conf"
- "{snap}/etc/neutron/plugins/ml2/ml2_conf.ini"
config-files-override:
- "{snap_common}/etc/neutron/neutron.conf"
- "{snap_common}/etc/neutron/plugins/ml2/ml2_conf.ini"
config-dirs:
- "{snap_common}/etc/neutron/neutron.conf.d"
neutron-server:
binary: "{snap}/bin/neutron-server"
config-files:
- "{snap}/etc/neutron/neutron.conf"
- "{snap}/etc/neutron/plugins/ml2/ml2_conf.ini"
config-files-override:
- "{snap_common}/etc/neutron/neutron.conf"
- "{snap_common}/etc/neutron/plugins/ml2/ml2_conf.ini"
config-dirs:
- "{snap_common}/etc/neutron/neutron.conf.d"
log-file: "{snap_common}/log/neutron-server.log"
glance-manage:
binary: "{snap}/bin/glance-manage"
config-files:
- "{snap}/etc/glance/glance-manage.conf"
config-files-override:
- "{snap_common}/etc/glance/glance-manage.conf"
config-dirs:
- "{snap_common}/etc/glance/glance.conf.d"
glance-registry:
binary: "{snap}/bin/glance-registry"
config-files:
- "{snap}/etc/glance/glance-registry.conf"
config-files-override:
- "{snap_common}/etc/glance/glance-registry.conf"
config-dirs:
- "{snap_common}/etc/glance/glance.conf.d"
log-file: "{snap_common}/log/glance-registry.log"
glance-api:
binary: "{snap}/bin/glance-api"
config-files:
- "{snap}/etc/glance/glance-api.conf"
config-files-override:
- "{snap_common}/etc/glance/glance-api.conf"
config-dirs:
- "{snap_common}/etc/glance/glance.conf.d"
log-file: "{snap_common}/log/glance-api.log"

11
snap/templates/admin.ini.j2 Normal file
View File

@ -0,0 +1,11 @@
[uwsgi]
wsgi-file = {{ snap }}/bin/keystone-wsgi-admin
uwsgi-socket = {{ snap_common }}/run/admin.sock
buffer-size = 65535
master = true
enable-threads = true
processes = 4
thunder-lock = true
lazy-apps = true
home = {{ snap }}/usr
pyargv = {{ pyargv }}

11
snap/templates/glance-snap.conf.j2 Normal file
View File

@ -0,0 +1,11 @@
[DEFAULT]
# Set state path to writable directory
state_path = {{ snap_common }}/lib
[oslo_concurrency]
# Oslo Concurrency lock path
lock_path = {{ snap_common }}/lock
[glance_store]
# Set default glance_store path to writable directory
filesystem_store_datadir = {{ snap_common }}/lib/images

20
snap/templates/keystone-nginx.conf.j2 Normal file
View File

@ -0,0 +1,20 @@
server {
listen 5000;
access_log {{ snap_common }}/log/nginx-access.log;
error_log {{ snap_common }}/log/nginx-error.log;
location / {
include {{ snap }}/usr/conf/uwsgi_params;
uwsgi_param SCRIPT_NAME '';
uwsgi_pass unix://{{ snap_common }}/run/public.sock;
}
}
server {
listen 35357;
access_log {{ snap_common }}/log/nginx-access.log;
error_log {{ snap_common }}/log/nginx-error.log;
location / {
include {{ snap }}/usr/conf/uwsgi_params;
uwsgi_param SCRIPT_NAME '';
uwsgi_pass unix://{{ snap_common }}/run/admin.sock;
}
}

11
snap/templates/keystone-snap.conf.j2 Normal file
View File

@ -0,0 +1,11 @@
[DEFAULT]
# Set state path to writable directory
state_path = {{ snap_common }}/lib
[oslo_concurrency]
# Oslo Concurrency lock path
lock_path = {{ snap_common }}/lock
[fernet_tokens]
# Fernet key repository
key_repository = {{ snap_common }}/fernet-keys

7
snap/templates/neutron-snap.conf.j2 Normal file
View File

@ -0,0 +1,7 @@
[DEFAULT]
# Set state path to writable directory
state_path = {{ snap_common }}/lib
[oslo_concurrency]
# Oslo Concurrency lock path
lock_path = {{ snap_common }}/lock

39
snap/templates/nginx.conf.j2 Normal file
View File

@ -0,0 +1,39 @@
user root root;
worker_processes auto;
pid {{ snap_common }}/run/nginx.pid;
events {
worker_connections 768;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include {{ snap }}/usr/conf/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log {{ snap_common }}/log/nginx-access.log;
error_log {{ snap_common }}/log/nginx-error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
include {{ snap_common }}/etc/nginx/conf.d/*.conf;
include {{ snap_common }}/etc/nginx/snap/sites-enabled/*;
}

10
snap/templates/nova-nginx.conf.j2 Normal file
View File

@ -0,0 +1,10 @@
server {
listen 8778;
access_log {{ snap_common }}/log/nginx-access.log;
error_log {{ snap_common }}/log/nginx-error.log;
location / {
include {{ snap }}/usr/conf/uwsgi_params;
uwsgi_param SCRIPT_NAME '';
uwsgi_pass unix://{{ snap_common }}/run/placement-api.sock;
}
}

10
snap/templates/nova-placement-api.ini.j2 Normal file
View File

@ -0,0 +1,10 @@
[uwsgi]
wsgi-file = {{ snap }}/bin/nova-placement-api
uwsgi-socket = {{ snap_common }}/run/placement-api.sock
buffer-size = 65535
master = true
enable-threads = true
processes = 4
thunder-lock = true
lazy-apps = true
home = {{ snap }}/usr

7
snap/templates/nova-snap.conf.j2 Normal file
View File

@ -0,0 +1,7 @@
[DEFAULT]
# Set state path to writable directory
state_path = {{ snap_common }}/lib
[oslo_concurrency]
# Oslo Concurrency lock path
lock_path = {{ snap_common }}/lock

11
snap/templates/public.ini.j2 Normal file
View File

@ -0,0 +1,11 @@
[uwsgi]
wsgi-file = {{ snap }}/bin/keystone-wsgi-public
uwsgi-socket = {{ snap_common }}/run/public.sock
buffer-size = 65535
master = true
enable-threads = true
processes = 4
thunder-lock = true
lazy-apps = true
home = {{ snap }}/usr
pyargv = {{ pyargv }}

535
snapcraft.yaml Normal file
View File

@ -0,0 +1,535 @@
name: microstack
version: alpha
summary: Openstack on your laptop.
description: |
Microstack gives you an easy way to develop and test Openstack
workloads on your laptop. TODO drop in basic usage instructions
here.
grade: devel
confinement: classic
apps:
# Keystone
keystone-uwsgi:
command: snap-openstack keystone-uwsgi
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
daemon: simple
plugs:
- network-bind
keystone-manage:
command: snap-openstack keystone-manage
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
plugs:
- network
# Nova
nova-uwsgi:
command: snap-openstack nova-uwsgi
daemon: simple
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
OS_PLACEMENT_CONFIG_DIR: $SNAP/etc/nova/
plugs:
- network-bind
nova-api:
command: snap-openstack nova-api-os-compute
daemon: simple
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
plugs:
- network-bind
conductor:
command: snap-openstack nova-conductor
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
daemon: simple
plugs:
- network
scheduler:
command: snap-openstack nova-scheduler
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
daemon: simple
plugs:
- network
consoleauth:
command: snap-openstack nova-consoleauth
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
daemon: simple
plugs:
- network
nova-manage:
command: snap-openstack nova-manage
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
plugs:
- network
# Neutron
neutron-api:
command: snap-openstack neutron-server
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
daemon: simple
plugs:
- network-bind
neutron-manage:
command: snap-openstack neutron-db-manage
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
plugs:
- network
# Glance
glance-api:
command: snap-openstack glance-api
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
daemon: simple
plugs:
- network-bind
registry:
command: snap-openstack glance-registry
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
daemon: simple
plugs:
- network
- network-bind
glance-manage:
command: snap-openstack glance-manage
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
plugs:
- network
# Openstack Shared Services
nginx:
command: snap-openstack nginx
environment:
LD_LIBRARY_PATH: $SNAP/usr/lib/x86_64-linux-gnu:$LD_LIBRARY_PATH
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
daemon: forking
plugs:
- network-bind
# Openvswitch
ovs-vswitchd:
command: ovs-wrapper $SNAP/share/openvswitch/scripts/ovs-ctl --no-ovsdb-server --no-monitor --system-id=random start
stop-command: ovs-wrapper $SNAP/share/openvswitch/scripts/ovs-ctl --no-ovsdb-server stop
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
daemon: forking
plugs:
- network
- network-bind
- network-control
- openvswitch-support
- process-control
- system-trace
ovsdb-server:
command: ovs-wrapper $SNAP/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd --no-monitor --system-id=random start
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
stop-command: ovs-wrapper $SNAP/share/openvswitch/scripts/ovs-ctl --no-ovs-vswitchd stop
daemon: forking
plugs:
- network
- network-bind
- network-control
- openvswitch-support
- process-control
- system-trace
ovs-vsctl:
command: ovs-wrapper $SNAP/bin/ovs-vsctl
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
plugs:
- network
ovs-appctl:
command: ovs-wrapper $SNAP/bin/ovs-appctl
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
plugs:
- network
ovs-ofctl:
command: ovs-wrapper $SNAP/bin/ovs-ofctl
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
plugs:
- network
ovs-dpctl:
command: ovs-wrapper $SNAP/bin/ovs-dpctl
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
plugs:
- network
# Libvirt/Qemu
libvirt-bin:
command: bin/launch-libvirtd
environment:
LD_LIBRARY_PATH: $SNAP/lib:$SNAP/usr/lib
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
daemon: simple
virsh:
command: bin/virsh
environment:
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
LC_ALL: C
parts:
# Keystone
keystone:
plugin: python
python-version: python2
constraints: https://raw.githubusercontent.com/openstack/requirements/stable/ocata/upper-constraints.txt
source: http://tarballs.openstack.org/keystone/keystone-stable-ocata.tar.gz
python-packages:
- mysql-python
- oslo.cache[dogpile]
- pymysql
- pysqlite
- uwsgi
- git+https://github.com/openstack/snap.openstack#egg=snap.openstack
install: |
touch $SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages/paste/__init__.py
touch $SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages/repoze/__init__.py
export SNAP_ROOT="../../.."
export SNAP_SITE_PACKAGES="$SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages"
patch -d $SNAP_SITE_PACKAGES -p1 < $SNAP_ROOT/patches/oslo-config-dirs.patch
build-packages:
- gcc
- libffi-dev
- libmysqlclient-dev
- libssl-dev
- libsqlite3-dev
keystone-config:
after: [keystone]
plugin: dump
source: http://tarballs.openstack.org/keystone/keystone-stable-ocata.tar.gz
organize:
etc/*.conf: etc/keystone/
etc/*.ini: etc/keystone/
etc/*.json: etc/keystone/
etc/*.templates: etc/keystone/
filesets:
etc:
- etc/keystone/*.conf
- etc/keystone/*.ini
- etc/keystone/*.json
- etc/keystone/*.templates
stage: [$etc]
prime: [$etc]
# Nova
nova:
after: [keystone] # We abitrarily rely on keystone to be the one to patch things
plugin: python
python-version: python2
source: http://tarballs.openstack.org/nova/nova-stable-ocata.tar.gz
python-packages:
- pymysql
- uwsgi
- python-memcached
- git+https://github.com/openstack/snap.openstack#egg=snap.openstack
constraints: https://raw.githubusercontent.com/openstack/requirements/stable/ocata/upper-constraints.txt
build-packages:
- gcc
- libffi-dev
- libssl-dev
- libxml2-dev
- libxslt1-dev
nova-config:
after: [nova]
plugin: dump
source: http://tarballs.openstack.org/nova/nova-stable-ocata.tar.gz
filesets:
etc:
- etc/nova/*.conf
- etc/nova/*.ini
- etc/nova/*.json
- etc/nova/rootwrap.d
stage: [$etc]
prime: [$etc]
neutron:
after: [keystone] # We arbitrarily rely on keystone to patch some things
plugin: python
python-version: python2
source: http://tarballs.openstack.org/neutron/neutron-stable-ocata.tar.gz
python-packages:
- pymysql
- python-memcached
- git+https://github.com/openstack/snap.openstack#egg=snap.openstack
constraints: https://raw.githubusercontent.com/openstack/requirements/stable/ocata/upper-constraints.txt
build-packages:
- gcc
- libffi-dev
- libssl-dev
neutron-config:
after: [neutron]
plugin: dump
source: http://tarballs.openstack.org/neutron/neutron-stable-ocata.tar.gz
organize:
etc/*.conf: etc/neutron/
etc/*.ini: etc/neutron/
etc/*.json: etc/neutron/
etc/rootwrap.d/*: etc/neutron/rootwrap.d/
filesets:
etc:
- etc/neutron/*
stage: [$etc]
prime: [$etc]
# Glance
glance:
after: [keystone] # We arbitrarily rely on keystone to patch some things
plugin: python
python-version: python2
source: http://tarballs.openstack.org/glance/glance-stable-ocata.tar.gz
python-packages:
- httplib2
- os-brick
- oslo.rootwrap
- oslo.vmware
- pymysql
- python-cinderclient
- python-memcached
- python-swiftclient
- git+https://github.com/openstack/snap.openstack#egg=snap.openstack
constraints: https://raw.githubusercontent.com/openstack/requirements/stable/ocata/upper-constraints.txt
build-packages:
- gcc
- libffi-dev
- libssl-dev
- libxml2-dev
- libxslt1-dev
glance-config:
after: [glance]
plugin: dump
source: http://tarballs.openstack.org/glance/glance-stable-ocata.tar.gz
organize:
etc/*.conf: etc/glance/
etc/*.ini: etc/glance/
etc/*.json: etc/glance/
filesets:
etc:
- etc/glance/*.conf
- etc/glance/*.ini
- etc/glance/*.json
stage: [$etc]
prime: [$etc]
# Openvswitch
ovs-patches:
source: snap/patches/
plugin: dump
organize:
'*' : patches/
prime:
- -*
openvswitch:
# TODO: figure out a better way to fetch the version
source: http://openvswitch.org/releases/openvswitch-2.10.0.tar.gz
plugin: autotools
build-packages:
- libssl-dev
- libnuma-dev
- libcap-ng-dev
- libpcap-dev
- libunbound-dev
- python-all
- python-six
- python-setuptools
stage-packages:
- uuid-runtime
configflags:
- "--localstatedir=/var/snap/$SNAPCRAFT_PROJECT_NAME/common"
- "--sysconfdir=/var/snap/$SNAPCRAFT_PROJECT_NAME/etc"
after:
- ovs-patches
prepare: |
# Apply patches
for patch in ${SNAPCRAFT_STAGE}/patches/openvswitch/*.patch; do
echo "Applying $(basename "$patch") ..."
patch \
--batch \
--forward \
--strip 1 \
--input "$patch"
echo
done
# Openstack Shared Parts
templates:
after: [keystone, nova, neutron, openvswitch]
plugin: dump
source: snap
nginx:
after: [keystone, nova, neutron, openvswitch]
source: http://www.nginx.org/download/nginx-1.13.0.tar.gz
plugin: autotools
configflags:
- --prefix=/usr
- --http-log-path=/var/snap/microstack/common/log/nginx-access.log
- --error-log-path=/var/snap/microstack/common/log/nginx-error.log
- --lock-path=/var/snap/microstack/common/lock/nginx.lock
- --pid-path=/var/snap/microstack/common/run/nginx.pid
- --http-client-body-temp-path=/var/snap/microstack/common/lib/nginx_client_body
- --http-proxy-temp-path=/var/snap/microstack/common/lib/nginx_proxy
- --http-fastcgi-temp-path=/var/snap/microstack/common/lib/nginx_fastcgi
- --http-uwsgi-temp-path=/var/snap/microstack/common/lib/nginx_uwsgi
- --http-scgi-temp-path=/var/snap/microstack/common/lib/nginx_scgi
- --with-http_ssl_module
build-packages:
- libpcre3-dev
- libssl-dev
- python-six
prepare: |
export SNAP_ROOT="../../.."
export SNAP_SOURCE="$SNAP_ROOT/parts/nginx/build"
patch -d $SNAP_SOURCE -p1 < $SNAP_ROOT/patches/drop-nginx-setgroups.patch
libxml2:
source: http://xmlsoft.org/sources/libxml2-2.9.4.tar.gz
plugin: autotools
# libvirt/qemu
qemu:
plugin: nil
stage-packages:
- on amd64: [qemu-system-x86]
- on i386: [qemu-system-x86]
- on armhf: [qemu-system-arm]
- on arm64: [qemu-system-arm]
- qemu-utils
- libslang2
organize:
usr/lib/*/pulseaudio/libpulsecommon-8.0.so: usr/lib/libpulsecommon-8.0.so
usr/share/seabios/bios-256k.bin: qemu/bios-256k.bin
usr/share/seabios/vgabios-stdvga.bin: qemu/vgabios-stdvga.bin
usr/share/seabios/kvmvapic.bin: qemu/kvmvapic.bin
usr/lib/ipxe/qemu/efi-virtio.rom: qemu/efi-virtio.rom
kvm-support:
plugin: nil
stage-packages:
- try: [msr-tools]
libvirt:
source: .
source-subdir: libvirt-1.3.1
plugin: autotools
build-packages:
- libxml2-dev
- libxml-libxml-perl
- libcurl4-gnutls-dev
- libncurses5-dev
- libreadline-dev
- zlib1g-dev
- libgcrypt20-dev
- libgnutls28-dev
- libyajl-dev
- libpcap0.8-dev
- libaudit-dev
- libdevmapper-dev
- libpciaccess-dev
- libnl-3-dev
- libnl-route-3-dev
- uuid-dev
- try: [libnuma-dev]
- wget
- dpkg-dev
stage-packages:
- dmidecode
- dnsmasq
- libxml2
- libyajl2
- try: [libnuma1]
- libcurl3-gnutls
- libpciaccess0
configflags:
- --with-qemu
- --without-bhyve
- --without-xen
- --without-openvz
- --without-vmware
- --without-xenapi
- --without-esx
- --without-hyperv
- --without-lxc
- --without-vz
- --without-vbox
- --without-uml
- --without-sasl
- --without-storage-iscsi
- --without-storage-sheepdog
- --without-storage-rbd
- --without-storage-lvm
- --without-selinux
- --prefix=/snap/$SNAPCRAFT_PROJECT_NAME/current
- --localstatedir=/var/snap/$SNAPCRAFT_PROJECT_NAME/common
- --sysconfdir=/var/snap/$SNAPCRAFT_PROJECT_NAME/common
- DNSMASQ=/snap/$SNAPCRAFT_PROJECT_NAME/current/usr/sbin/dnsmasq
- DMIDECODE=/snap/$SNAPCRAFT_PROJECT_NAME/current/usr/sbin/dmidecode
override-build: |
wget http://archive.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_1.3.1.orig.tar.gz
wget http://archive.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_1.3.1-1ubuntu10.24.debian.tar.xz
wget http://archive.ubuntu.com/ubuntu/pool/main/libv/libvirt/libvirt_1.3.1-1ubuntu10.24.dsc
dpkg-source -x libvirt*.dsc
snapcraftctl build
organize:
# Hack to shift installed libvirt back to root of snap
# required to ensure that pathing to files etc works at
# runtime
# * is not used to avoid directory merge conflicts
snap/microstack/current/: ./