119 lines
4.4 KiB
Python
Executable File
119 lines
4.4 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
import os
|
|
import socket
|
|
|
|
from init import shell
|
|
from init import credentials
|
|
|
|
|
|
def _get_default_config():
|
|
snap_common = os.getenv('SNAP_COMMON')
|
|
return {
|
|
'config.is-clustered': False,
|
|
|
|
'config.cluster.tls-cert-path':
|
|
f'{snap_common}/etc/cluster/tls/cert.pem',
|
|
'config.cluster.tls-key-path':
|
|
f'{snap_common}/etc/cluster/tls/key.pem',
|
|
|
|
'config.cluster.fingerprint': 'null',
|
|
'config.cluster.hostname': 'null',
|
|
'config.cluster.credential-id': 'null',
|
|
'config.cluster.credential-secret': 'null',
|
|
|
|
'config.post-setup': True,
|
|
'config.keystone.region-name': 'microstack',
|
|
'config.credentials.key-pair': '/home/{USER}/snap/{SNAP_NAME}'
|
|
'/common/.ssh/id_microstack',
|
|
'config.network.node-fqdn': socket.getfqdn(),
|
|
'config.network.dns-servers': '1.1.1.1',
|
|
'config.network.dns-domain': 'microstack.example.',
|
|
'config.network.ext-gateway': '10.20.20.1',
|
|
'config.network.control-ip': '10.20.20.1',
|
|
'config.network.compute-ip': '10.20.20.1',
|
|
'config.network.ext-cidr': '10.20.20.1/24',
|
|
'config.network.security-rules': True,
|
|
'config.network.dashboard-allowed-hosts': '*',
|
|
'config.network.ports.dashboard': 443,
|
|
'config.network.ports.mysql': 3306,
|
|
'config.network.ports.rabbit': 5672,
|
|
'config.network.external-bridge-name': 'br-ex',
|
|
'config.network.physnet-name': 'physnet1',
|
|
'config.cinder.setup-loop-based-cinder-lvm-backend': False,
|
|
'config.cinder.loop-device-file-size': '32G',
|
|
'config.cinder.lvm-backend-volume-group': 'cinder-volumes',
|
|
'config.host.ip-forwarding': False,
|
|
'config.host.check-qemu': True,
|
|
'config.services.control-plane': True,
|
|
'config.services.hypervisor': True,
|
|
'config.services.spice-console': True,
|
|
'config.cluster.role': 'control',
|
|
'config.cluster.password': 'null',
|
|
'config.cleanup.delete-bridge': True,
|
|
'config.cleanup.remove': True,
|
|
'config.logging.custom-config': f'{snap_common}/etc/filebeat'
|
|
'/filebeat-microstack.yaml',
|
|
'config.logging.datatag': '',
|
|
'config.logging.debug': False,
|
|
'config.logging.host': 'localhost:5044',
|
|
'config.services.extra.enabled': False,
|
|
'config.services.extra.filebeat': False,
|
|
'config.alerting.custom-config': f'{snap_common}/etc/nrpe'
|
|
'/nrpe-microstack.cfg',
|
|
'config.services.extra.nrpe': False,
|
|
'config.monitoring.ipmi': '',
|
|
'config.services.extra.telegraf': False,
|
|
'config.monitoring.custom-config': f'{snap_common}/etc/telegraf'
|
|
'/telegraf-microstack.conf',
|
|
|
|
# Use emulation by default (with an option to override if KVM is
|
|
# supported).
|
|
'config.nova.virt-type': 'qemu',
|
|
# Use a host CPU model so that any CPU features enabled for
|
|
# vulnerability mitigation are enabled.
|
|
'config.nova.cpu-mode': 'host-model',
|
|
# Do not override cpu-models by default.
|
|
'config.nova.cpu-models': '',
|
|
|
|
'config.tls.generate-self-signed': True,
|
|
'config.tls.cacert-path':
|
|
f'{snap_common}/etc/ssl/certs/cacert.pem',
|
|
'config.tls.cert-path':
|
|
f'{snap_common}/etc/ssl/certs/cert.pem',
|
|
'config.tls.key-path':
|
|
f'{snap_common}/etc/ssl/private/key.pem',
|
|
}
|
|
|
|
|
|
def _set_default_config():
|
|
shell.config_set(**_get_default_config())
|
|
|
|
|
|
def _setup_secrets():
|
|
# If a user runs init multiple times we do not want to generate
|
|
# new credentials to keep the init operation idempotent.
|
|
existing_creds = shell.config_get('config.credentials')
|
|
if isinstance(existing_creds, dict):
|
|
existing_cred_keys = existing_creds.keys()
|
|
else:
|
|
existing_cred_keys = []
|
|
shell.config_set(**{
|
|
f'config.credentials.{k}': credentials.generate_password() for k in [
|
|
'mysql-root-password',
|
|
'rabbitmq-password',
|
|
'keystone-password',
|
|
'nova-password',
|
|
'cinder-password',
|
|
'neutron-password',
|
|
'placement-password',
|
|
'glance-password',
|
|
'ovn-metadata-proxy-shared-secret',
|
|
] if k not in existing_cred_keys
|
|
})
|
|
|
|
|
|
if __name__ == '__main__':
|
|
_set_default_config()
|
|
_setup_secrets()
|