diff --git a/.gitignore b/.gitignore deleted file mode 100755 index dd9ba76..0000000 --- a/.gitignore +++ /dev/null @@ -1,11 +0,0 @@ -/onvm/conf/nodes.conf.yml -/onvm/conf/ids.conf.yml -/onvm/conf/hosts -/onvm/lampstack/openrc -*.out -*/**/*.log -*/**/.DS_Store -*/**/._ -*/**/*.tfstate* -.tox -site.retry \ No newline at end of file diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 5c304d1..0000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ -Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/README.rst b/README.rst index ee6d9c2..7cd561c 100644 --- a/README.rst +++ b/README.rst @@ -1,35 +1,12 @@ -================================== -osops-tools-contrib -================================== +This project is no longer maintained. Its content has now moved to the +https://opendev.org/openstack/osops repo, and further development will +continue there. -This is not being tested on any deployment. +The contents of this repository are still available in the Git +source code management system. To see the contents of this +repository before it reached its end of life, please check out the +previous commit with "git checkout HEAD^1". -This repository is a location for Operators to upload useful scripts and tooling -for the general Operating Community to use with their OpenStack Clouds. - -This place is also untested and unverified. - -For more details on how to contribute, please follow the Gerrit git-review process -described at http://docs.openstack.org/infra/manual/developers.html . - -If you would like some curated, tested, and verified code please look to the -`osops-tools-generic `_ repository. - -Please see the wiki page at https://wiki.openstack.org/wiki/Osops#Overview_moving_code -for more details about how code is promoted up to the generic repo. - -Please remember USE AT YOUR OWN RISK. - -The `nova/` directory has useful tools and scripts for nova. - -The `glance/` directory has useful tools and scripts for glance. - -The `neutron/` directory has useful tools and scripts for neutron. - -The `multi/` directory is a tool that crosses multiple projects. - -Licensing ---------- -All contributions will be licensed under the Apache 2.0 License unless you -state otherwise. Please see the LICENSE file for details about the Apache 2.0 -License. +For any further questions, please email +openstack-discuss@lists.openstack.org or join #openstack-dev on +Freenode. diff --git a/ansible/dockerswarm/.gitignore b/ansible/dockerswarm/.gitignore deleted file mode 100755 index 550a804..0000000 --- a/ansible/dockerswarm/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.out -*/**/*.log -*/**/.DS_Store -*/**/._ diff --git a/ansible/dockerswarm/README.md b/ansible/dockerswarm/README.md deleted file mode 100755 index 8d85abb..0000000 --- a/ansible/dockerswarm/README.md +++ /dev/null @@ -1,131 +0,0 @@ -# Docker Swarm Ansible deployments on OpenStack Cloud - -## Status - -This will install a 3 node lampstack. Once the script finishes, a set of -environment varialbes will be displayed, export these environment variable -then you can run docker commands against the swarm - -## Requirements - -- [Install Ansible](http://docs.ansible.com/ansible/intro_installation.html) -- [Install openstack shade] (http://docs.openstack.org/infra/shade/installation.html) -- Make sure there is an openstack coreos image available on your cloud. -- Clone this project into a directory. -- To run docker commands, you will need to install docker client. Following - the following steps if you are using ubuntu to run the script, if you are - using some other environment run the script, then the steps setting up - docker client may be different:: - - apt-get update - apt-get -y install docker.io - ln -sf /usr/bin/docker.io /usr/local/bin/docker - -## Ansible - -Ansible and OpenStack Shade are used to provision all of the OpenStack -resources. - -### Prep - -#### Deal with ssh keys for Openstack Authentication - -If you do not have a ssh key, then you should create one by using a tool. -An example command to do that is provided below. Once you have a key pair, -ensure your local ssh-agent is running and your ssh key has been added. -This step is required. Not doing this, you will have to manually give -passphrase when script runs, and script can fail. If you really do not want -to deal with passphrase, you can create a key pair without passphrase:: - - ssh-keygen -t rsa - eval $(ssh-agent -s) - ssh-add ~/.ssh/id_rsa - -#### General Openstack Settings - -Ansible's OpenStack cloud module is used to provision compute resources -against an OpenStack cloud. Before you run the script, the cloud environment -will have to be specified. Sample files have been provided in vars directory. -You may create one such file per cloud for your tests. The following is an -example:: - - auth: { - auth_url: "http://x.x.x.x:5000/v3", - username: "demo", - password: "{{ password }}", - domain_name: "default", - project_name: "demo" - } - - app_env: { - image_name: "coreos", - private_net_name: "", - net_device: "eth0", - flavor_name: "m1.small", - swarm_version: "latest", - swarm_size: 3, - region_name: "RegionOne", - availability_zone: "nova", - validate_certs: True, - fqdn: "swarm.example.com", - public_key_file: "/home/tong/.ssh/id_rsa.pub" - } - - -The values of these variables should be provided by your cloud provider. When -use keystone 2.0 API, you will not need to setup domain name. If your account -only has more than one regions available, specify the region_name to be used. -If there is only one, you can leave it blank or use the correct name. If your -cloud does not expose tenant network, leave private_net_name blank as well. -However, if your cloud supports tenant network and you have more than one -tenant networks in your account, you will need to specify which tenant network -to be used, otherwise, the script will error out. To create a large docker -swarm, change the swarm_size to a large value like 20, the script will create -a docker swarm with 20 coreos nodes. You can also specify if you do not want -to verify server certificate if your server uses self signed certificate. - - -## Run the script - -With your cloud environment set, you should be able to run the script:: - - ansible-playbook -e "action=apply env=leap password=XXXXX" site.yml - -The command will stand up the nodes using a cloud named leap (vars/leap.yml). -If you run the test against other cloud, you can create a new file use same -structure and specify that cloud attributes such as auth_url, etc. Then you -can simply replace work leap with that file name. Replace xxxxx with your -own cloud account password, you can also simply put your password in the -configuration file (vars/leap.yml in this case) and avoid to specify it from -the command line. - -If everything goes well, it will accomplish the following:: - - 1. Provision 3 coreos nodes on your cloud - 2. Create security group - 3. Add security rules to allow ping, ssh, docker access - 4. Setup ssl keys, certificates - 5. Display a set of environment variables that you can use to run docker - commands - - -## Next Steps - -### Check its up - -If there are no errors, you can export the environment variables shown by -the script at the end. Then you can start running docker commands, here are -few examples:: - - docker info - docker images - docker pull ubuntu:vivid - - -## Cleanup - -Once you're done with the swarm, don't forget to nuke the whole thing:: - - ansible-playbook -e "action=destroy env=leap password=XXXXX" site.yml - -The above command will destroy all the resources created by the script. diff --git a/ansible/dockerswarm/ansible.cfg b/ansible/dockerswarm/ansible.cfg deleted file mode 100644 index 57d05d1..0000000 --- a/ansible/dockerswarm/ansible.cfg +++ /dev/null @@ -1,3 +0,0 @@ -[defaults] -inventory = ./hosts -host_key_checking=False diff --git a/ansible/dockerswarm/hosts b/ansible/dockerswarm/hosts deleted file mode 100644 index c023aec..0000000 --- a/ansible/dockerswarm/hosts +++ /dev/null @@ -1 +0,0 @@ -cloud ansible_host=127.0.0.1 ansible_python_interpreter=python diff --git a/ansible/dockerswarm/roles/post_apply/tasks/main.yml b/ansible/dockerswarm/roles/post_apply/tasks/main.yml deleted file mode 100755 index 27bd3ec..0000000 --- a/ansible/dockerswarm/roles/post_apply/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- debug: - msg: >- - export DOCKER_HOST=tcp://{{ hostvars.swarmnode1.swarmnode.openstack.public_v4 }}:2375; - export DOCKER_TLS_VERIFY=1; - export DOCKER_CERT_PATH=/tmp/{{ env }}/keys - when: hostvars.swarmnode1.swarmnode.openstack.public_v4 != "" - -- debug: - msg: >- - export DOCKER_HOST=tcp://{{ hostvars.swarmnode1.swarmnode.openstack.private_v4 }}:2375; - export DOCKER_TLS_VERIFY=1; - export DOCKER_CERT_PATH=/tmp/{{ env }}/keys - when: hostvars.swarmnode1.swarmnode.openstack.public_v4 == "" - -- debug: - msg: >- - The work load test started at {{ starttime.time }}, - ended at {{ ansible_date_time.time }} diff --git a/ansible/dockerswarm/roles/post_destroy/tasks/main.yml b/ansible/dockerswarm/roles/post_destroy/tasks/main.yml deleted file mode 100755 index abfbc59..0000000 --- a/ansible/dockerswarm/roles/post_destroy/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Remove security group - os_security_group: - state: absent - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: dockerswarm_sg - description: secuirty group for dockerswarm - -- name: Delete discovery url directory - file: path="/tmp/{{ env }}" state=absent - -- name: Delete a key-pair - os_keypair: - state: absent - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: "dockerswarm" - -- debug: - msg: >- - The work load test started at {{ starttime.time }}, - ended at {{ ansible_date_time.time }} \ No newline at end of file diff --git a/ansible/dockerswarm/roles/prep_apply/tasks/main.yml b/ansible/dockerswarm/roles/prep_apply/tasks/main.yml deleted file mode 100755 index 84a8eae..0000000 --- a/ansible/dockerswarm/roles/prep_apply/tasks/main.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -- name: Get start timestamp - set_fact: starttime="{{ ansible_date_time }}" - -- name: Create certificate directory - file: path="/tmp/{{ env }}/keys" state=directory - -- stat: path="/tmp/{{ env }}/discovery_url" - register: discovery_url_flag - -- name: Get docker discovery url - get_url: - url: "https://discovery.etcd.io/new?size={{ app_env.swarm_size }}" - dest: "/tmp/{{ env }}/discovery_url" - when: discovery_url_flag.stat.exists == false - -- shell: openssl genrsa -out "/tmp/{{ env }}/keys/ca-key.pem" 2048 -- shell: openssl genrsa -out "/tmp/{{ env }}/keys/key.pem" 2048 - -- shell: >- - openssl req -x509 -new -nodes -key /tmp/{{ env }}/keys/ca-key.pem - -days 10000 -out /tmp/{{ env }}/keys/ca.pem -subj '/CN=docker-CA' - -- shell: >- - openssl req -new -key /tmp/{{ env }}/keys/key.pem - -out /tmp/{{ env }}/keys/cert.csr - -subj '/CN=docker-client' -config ./roles/prov_apply/templates/openssl.cnf - -- shell: >- - openssl x509 -req -in /tmp/{{ env }}/keys/cert.csr - -CA /tmp/{{ env }}/keys/ca.pem -CAkey /tmp/{{ env }}/keys/ca-key.pem - -CAcreateserial -out /tmp/{{ env }}/keys/cert.pem -days 365 - -extensions v3_req -extfile ./roles/prov_apply/templates/openssl.cnf - -- name: Retrieve specified flavor - os_flavor_facts: - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: "{{ app_env.flavor_name }}" - -- name: Create a key-pair - os_keypair: - state: "present" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: "dockerswarm" - public_key_file: "{{ app_env.public_key_file }}" - -- name: Create security group - os_security_group: - state: present - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: dockerswarm_sg - description: secuirty group for dockerswarm - -- name: Add security rules - os_security_group_rule: - state: present - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - security_group: dockerswarm_sg - protocol: "{{ item.protocol }}" - direction: "{{ item.dir }}" - port_range_min: "{{ item.p_min }}" - port_range_max: "{{ item.p_max }}" - remote_ip_prefix: 0.0.0.0/0 - with_items: - - { p_min: 22, p_max: 22, dir: ingress, protocol: tcp } - - { p_min: 2375, p_max: 2376, dir: ingress, protocol: tcp } - - { p_min: 2379, p_max: 2380, dir: ingress, protocol: tcp } - - { p_min: 2379, p_max: 2380, dir: egress, protocol: tcp } - - { p_min: -1, p_max: -1, dir: ingress, protocol: icmp } - - { p_min: -1, p_max: -1, dir: egress, protocol: icmp } - -- name: Create cloudinit file for all nodes - template: - src: templates/cloudinit.j2 - dest: "/tmp/{{ env }}/cloudinit" - -- name: Add nodes to host group - add_host: - name: "swarmnode{{ item }}" - hostname: "127.0.0.1" - groups: dockerswarm - host_no: "{{ item }}" - with_sequence: count={{ app_env.swarm_size }} - no_log: True diff --git a/ansible/dockerswarm/roles/prep_apply/templates/cloudinit.j2 b/ansible/dockerswarm/roles/prep_apply/templates/cloudinit.j2 deleted file mode 100755 index bb42133..0000000 --- a/ansible/dockerswarm/roles/prep_apply/templates/cloudinit.j2 +++ /dev/null @@ -1,47 +0,0 @@ -#cloud-config -coreos: - units: - - name: etcd.service - mask: true - - name: etcd2.service - command: start - - name: docker.service - command: start - - name: swarm-agent.service - content: | - [Unit] - Description=swarm agent - Requires=docker.service - After=docker.service - - [Service] - EnvironmentFile=/etc/environment - TimeoutStartSec=20m - ExecStartPre=/usr/bin/docker pull swarm:latest - ExecStartPre=-/usr/bin/docker rm -f swarm-agent - ExecStart=/bin/sh -c "/usr/bin/docker run --rm --name swarm-agent swarm:latest join --addr=$COREOS_PRIVATE_IPV4:2376 etcd://$COREOS_PRIVATE_IPV4:2379/docker" - ExecStop=/usr/bin/docker stop swarm-agent - - name: swarm-manager.service - content: | - [Unit] - Description=swarm manager - Requires=docker.service - After=docker.service - - [Service] - EnvironmentFile=/etc/environment - TimeoutStartSec=20m - ExecStartPre=/usr/bin/docker pull swarm:latest - ExecStartPre=-/usr/bin/docker rm -f swarm-manager - ExecStart=/bin/sh -c "/usr/bin/docker run --rm --name swarm-manager -v /etc/docker/ssl:/etc/docker/ssl --net=host swarm:latest manage --tlsverify --tlscacert=/etc/docker/ssl/ca.pem --tlscert=/etc/docker/ssl/cert.pem --tlskey=/etc/docker/ssl/key.pem etcd://$COREOS_PRIVATE_IPV4:2379/docker" - ExecStop=/usr/bin/docker stop swarm-manager - etcd2: - discovery: {{ lookup('file', '/tmp/'+env+'/discovery_url') }} - advertise-client-urls: http://$private_ipv4:2379 - initial-advertise-peer-urls: http://$private_ipv4:2380 - listen-client-urls: http://0.0.0.0:2379 - listen-peer-urls: http://$private_ipv4:2380 - data-dir: /var/lib/etcd2 - initial-cluster-token: openstackinterop - update: - reboot-strategy: "off" diff --git a/ansible/dockerswarm/roles/prep_destroy/tasks/main.yml b/ansible/dockerswarm/roles/prep_destroy/tasks/main.yml deleted file mode 100755 index 931b80f..0000000 --- a/ansible/dockerswarm/roles/prep_destroy/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Get start timestamp - set_fact: starttime="{{ ansible_date_time }}" - -- name: Add web servers to webservers host group - add_host: - name: "swarmnode{{ item }}" - hostname: "127.0.0.1" - groups: dockerswarm - host_no: "{{ item }}" - with_sequence: count={{ app_env.swarm_size }} - no_log: True - \ No newline at end of file diff --git a/ansible/dockerswarm/roles/prov_apply/tasks/main.yml b/ansible/dockerswarm/roles/prov_apply/tasks/main.yml deleted file mode 100755 index f5df32e..0000000 --- a/ansible/dockerswarm/roles/prov_apply/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- name: Get public IP - set_fact: node_ip="{{ swarmnode.openstack.public_v4 }}" - when: swarmnode.openstack.public_v4 != "" - -- name: Get public IP - set_fact: node_ip="{{ swarmnode.openstack.private_v4 }}" - when: swarmnode.openstack.public_v4 == "" - -- name: Make certificate configuration file - copy: - src: templates/openssl.cnf - dest: "/tmp/{{ env }}/{{ node_ip }}/keys/" - -- name: Make service file - template: - src: templates/dockerservice.j2 - dest: "/tmp/{{ env }}/{{ node_ip }}/keys/dockerservice.cnf" - -- name: Create bootstrap file - template: - src: templates/bootstrap1.j2 - dest: "/tmp/{{ env }}/{{ node_ip }}/keys/bootstrap.sh" - when: swarmnode.openstack.private_v4 == "" - -- name: Create bootstrap file - template: - src: templates/bootstrap2.j2 - dest: "/tmp/{{ env }}/{{ node_ip }}/keys/bootstrap.sh" - when: swarmnode.openstack.private_v4 != "" - -- name: Transfer configureation - shell: scp -r "/tmp/{{ env }}/{{ node_ip }}/keys" "core@{{ node_ip }}:/home/core" - -- name: Transfer certificate file over to the nodes - shell: scp -r "/tmp/{{ env }}/keys" "core@{{ node_ip }}:/home/core" - -- name: Start services - shell: ssh "core@{{ node_ip }}" "sh keys/bootstrap.sh" diff --git a/ansible/dockerswarm/roles/prov_apply/templates/bootstrap1.j2 b/ansible/dockerswarm/roles/prov_apply/templates/bootstrap1.j2 deleted file mode 100755 index 5c7d26d..0000000 --- a/ansible/dockerswarm/roles/prov_apply/templates/bootstrap1.j2 +++ /dev/null @@ -1,31 +0,0 @@ -mkdir -p /home/core/.docker -cp /home/core/keys/ca.pem /home/core/.docker/ -cp /home/core/keys/cert.pem /home/core/.docker/ -cp /home/core/keys/key.pem /home/core/.docker/ - -echo 'subjectAltName = @alt_names' >> /home/core/keys/openssl.cnf -echo '[alt_names]' >> /home/core/keys/openssl.cnf - -cd /home/core/keys - -echo 'IP.1 = {{ swarmnode.openstack.public_v4 }}' >> openssl.cnf -echo 'DNS.1 = {{ app_env.fqdn }}' >> openssl.cnf -echo 'DNS.2 = {{ swarmnode.openstack.public_v4 }}.xip.io' >> openssl.cnf - -openssl req -new -key key.pem -out cert.csr -subj '/CN=docker-client' -config openssl.cnf -openssl x509 -req -in cert.csr -CA ca.pem -CAkey ca-key.pem \ - -CAcreateserial -out cert.pem -days 365 -extensions v3_req -extfile openssl.cnf - -sudo mkdir -p /etc/docker/ssl -sudo cp ca.pem /etc/docker/ssl/ -sudo cp cert.pem /etc/docker/ssl/ -sudo cp key.pem /etc/docker/ssl/ - -# Apply localized settings to services -sudo mkdir -p /etc/systemd/system/{docker,swarm-agent,swarm-manager}.service.d - -sudo mv /home/core/keys/dockerservice.cnf /etc/systemd/system/docker.service.d/10-docker-service.conf -sudo systemctl daemon-reload -sudo systemctl restart docker.service -sudo systemctl start swarm-agent.service -sudo systemctl start swarm-manager.service diff --git a/ansible/dockerswarm/roles/prov_apply/templates/bootstrap2.j2 b/ansible/dockerswarm/roles/prov_apply/templates/bootstrap2.j2 deleted file mode 100755 index c0be6cc..0000000 --- a/ansible/dockerswarm/roles/prov_apply/templates/bootstrap2.j2 +++ /dev/null @@ -1,32 +0,0 @@ -mkdir -p /home/core/.docker -cp /home/core/keys/ca.pem /home/core/.docker/ -cp /home/core/keys/cert.pem /home/core/.docker/ -cp /home/core/keys/key.pem /home/core/.docker/ - -echo 'subjectAltName = @alt_names' >> /home/core/keys/openssl.cnf -echo '[alt_names]' >> /home/core/keys/openssl.cnf - -cd /home/core/keys - -echo 'IP.1 = {{ swarmnode.openstack.private_v4 }}' >> openssl.cnf -echo 'IP.2 = {{ swarmnode.openstack.public_v4 }}' >> openssl.cnf -echo 'DNS.1 = {{ app_env.fqdn }}' >> openssl.cnf -echo 'DNS.2 = {{ swarmnode.openstack.public_v4 }}.xip.io' >> openssl.cnf - -openssl req -new -key key.pem -out cert.csr -subj '/CN=docker-client' -config openssl.cnf -openssl x509 -req -in cert.csr -CA ca.pem -CAkey ca-key.pem \ - -CAcreateserial -out cert.pem -days 365 -extensions v3_req -extfile openssl.cnf - -sudo mkdir -p /etc/docker/ssl -sudo cp ca.pem /etc/docker/ssl/ -sudo cp cert.pem /etc/docker/ssl/ -sudo cp key.pem /etc/docker/ssl/ - -# Apply localized settings to services -sudo mkdir -p /etc/systemd/system/{docker,swarm-agent,swarm-manager}.service.d - -sudo mv /home/core/keys/dockerservice.cnf /etc/systemd/system/docker.service.d/10-docker-service.conf -sudo systemctl daemon-reload -sudo systemctl restart docker.service -sudo systemctl start swarm-agent.service -sudo systemctl start swarm-manager.service diff --git a/ansible/dockerswarm/roles/prov_apply/templates/dockerservice.j2 b/ansible/dockerswarm/roles/prov_apply/templates/dockerservice.j2 deleted file mode 100755 index 01f5086..0000000 --- a/ansible/dockerswarm/roles/prov_apply/templates/dockerservice.j2 +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -Environment="DOCKER_OPTS=-H=0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert=/etc/docker/ssl/ca.pem --tlscert=/etc/docker/ssl/cert.pem --tlskey=/etc/docker/ssl/key.pem --cluster-advertise {{app_env.net_device}}:2376 --cluster-store etcd://127.0.0.1:2379/docker" diff --git a/ansible/dockerswarm/roles/prov_apply/templates/openssl.cnf b/ansible/dockerswarm/roles/prov_apply/templates/openssl.cnf deleted file mode 100755 index 67b3864..0000000 --- a/ansible/dockerswarm/roles/prov_apply/templates/openssl.cnf +++ /dev/null @@ -1,8 +0,0 @@ -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth diff --git a/ansible/dockerswarm/roles/prov_destroy/tasks/main.yml b/ansible/dockerswarm/roles/prov_destroy/tasks/main.yml deleted file mode 100755 index 13b9b64..0000000 --- a/ansible/dockerswarm/roles/prov_destroy/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Remove docker swarm nodes - os_server: - state: "absent" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: docker-swarm-{{ host_no }} - key_name: "dockerswarm" - timeout: 200 - security_groups: dockerswarm_sg - meta: - hostname: docker-swarm-{{ host_no }} \ No newline at end of file diff --git a/ansible/dockerswarm/roles/vm_apply/tasks/main.yml b/ansible/dockerswarm/roles/vm_apply/tasks/main.yml deleted file mode 100755 index 1119cc0..0000000 --- a/ansible/dockerswarm/roles/vm_apply/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Create docker swarm nodes - os_server: - state: "present" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: docker-swarm-{{ host_no }} - image: "{{ app_env.image_name }}" - key_name: "dockerswarm" - timeout: 200 - flavor: "{{ hostvars.cloud.openstack_flavors[0].id }}" - network: "{{ app_env.private_net_name }}" - auto_ip: yes - userdata: "{{ lookup('file', '/tmp/' +env+ '/cloudinit') }}" - security_groups: dockerswarm_sg - meta: - hostname: docker-swarm-{{ host_no }} - register: swarmnode - diff --git a/ansible/dockerswarm/roles/vm_destroy/tasks/main.yml b/ansible/dockerswarm/roles/vm_destroy/tasks/main.yml deleted file mode 100755 index 73b314f..0000000 --- a/ansible/dockerswarm/roles/vm_destroy/tasks/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- \ No newline at end of file diff --git a/ansible/dockerswarm/site.yml b/ansible/dockerswarm/site.yml deleted file mode 100755 index 54247d6..0000000 --- a/ansible/dockerswarm/site.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: prepare for provision - hosts: cloud - connection: local - vars_files: - - "vars/{{ env }}.yml" - roles: - - "prep_{{ action }}" - -- name: provision swarm nodes - hosts: dockerswarm - serial: 1 - connection: local - vars_files: - - "vars/{{ env }}.yml" - roles: - - "vm_{{ action }}" - -- name: setup swarm nodes - hosts: dockerswarm - connection: local - vars_files: - - "vars/{{ env }}.yml" - roles: - - "prov_{{ action }}" - -- name: post provisioning - hosts: cloud - connection: local - vars_files: - - "vars/{{ env }}.yml" - roles: - - "post_{{ action }}" diff --git a/ansible/dockerswarm/vars/bluebox.yml b/ansible/dockerswarm/vars/bluebox.yml deleted file mode 100755 index fc6862e..0000000 --- a/ansible/dockerswarm/vars/bluebox.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -horizon_url: "https://salesdemo-sjc.openstack.blueboxgrid.com" - -auth: { - auth_url: "https://salesdemo-sjc.openstack.blueboxgrid.com:5000/v2.0", - username: "litong01", - password: "{{ password }}", - project_name: "Interop" -} - -app_env: { - image_name: "coreos", - private_net_name: "interopnet", - net_device: "eth0", - flavor_name: "m1.small", - swarm_version: "latest", - swarm_size: 3, - region_name: "", - availability_zone: "", - validate_certs: True, - fqdn: "swarm.example.com", - public_key_file: "/home/tong/.ssh/id_rsa.pub" -} diff --git a/ansible/dockerswarm/vars/dreamhost.yml b/ansible/dockerswarm/vars/dreamhost.yml deleted file mode 100755 index c8f2008..0000000 --- a/ansible/dockerswarm/vars/dreamhost.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -horizon_url: "https://iad2.dreamcompute.com" - -auth: { - auth_url: "https://iad2.dream.io:5000/v2.0", - username: "stemaf4", - password: "{{ password }}", - project_name: "dhc2131831" -} - -app_env: { - region_name: "RegionOne", - image_name: "CoreOS Sept16", - private_net_name: "", - flavor_name: "gp1.subsonic", - public_key_file: "/home/reed/.ssh/id_rsa.pub", - swarm_version: "latest", - swarm_size: 3, - fqdn: "swarm.example.com", - net_device: "eth0", -} diff --git a/ansible/dockerswarm/vars/leap.yml b/ansible/dockerswarm/vars/leap.yml deleted file mode 100755 index 97e0ec7..0000000 --- a/ansible/dockerswarm/vars/leap.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -horizon_url: "http://9.30.217.9" - -auth: { - auth_url: "http://9.30.217.9:5000/v3", - username: "demo", - password: "{{ password }}", - domain_name: "default", - project_name: "demo" -} - -app_env: { - image_name: "coreos", - private_net_name: "Bluebox", - net_device: "eth0", - flavor_name: "m1.small", - swarm_version: "latest", - swarm_size: 3, - region_name: "RegionOne", - availability_zone: "nova", - validate_certs: False, - fqdn: "swarm.example.com", - public_key_file: "/home/tong/.ssh/id_rsa.pub" -} diff --git a/ansible/dockerswarm/vars/osic.yml b/ansible/dockerswarm/vars/osic.yml deleted file mode 100755 index e745e43..0000000 --- a/ansible/dockerswarm/vars/osic.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -horizon_url: "https://cloud1.osic.org" - -auth: { - auth_url: "https://cloud1.osic.org:5000/v3", - username: "litong01", - password: "{{ password }}", - domain_name: "default", - project_name: "interop_challenge" -} - -app_env: { - image_name: "coreos", - private_net_name: "interopnet", - net_device: "eth0", - flavor_name: "m1.small", - swarm_version: "latest", - swarm_size: 3, - region_name: "", - availability_zone: "", - validate_certs: True, - fqdn: "swarm.example.com", - public_key_file: "/home/tong/.ssh/id_rsa.pub" -} diff --git a/ansible/dockerswarm/vars/ovh.yml b/ansible/dockerswarm/vars/ovh.yml deleted file mode 100755 index a1c0744..0000000 --- a/ansible/dockerswarm/vars/ovh.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -horizon_url: "https://horizon.cloud.ovh.net" - -auth: { - auth_url: "https://auth.cloud.ovh.net/v2.0", - username: "SXYbmFhC4aqQ", - password: "{{ password }}", - project_name: "2487610196015734" -} - -app_env: { - image_name: "coreos", - private_net_name: "", - net_device: "eth0", - flavor_name: "eg-15-ssd", - swarm_version: "latest", - swarm_size: 3, - region_name: "BHS1", - availability_zone: "", - validate_certs: True, - fqdn: "swarm.example.com", - public_key_file: "/home/tong/.ssh/id_rsa.pub" -} diff --git a/ansible/lampstack/.gitignore b/ansible/lampstack/.gitignore deleted file mode 100755 index 5ab4be3..0000000 --- a/ansible/lampstack/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -*.out -vars/* -*/**/*.log -*/**/.DS_Store -*/**/._ -*/**/*.tfstate* diff --git a/ansible/lampstack/README.md b/ansible/lampstack/README.md deleted file mode 100755 index dacecd9..0000000 --- a/ansible/lampstack/README.md +++ /dev/null @@ -1,141 +0,0 @@ -# LAMPstack Ansible deployments on OpenStack Cloud - -## Status - -This will install a 4 node lampstack. The first node will be used as a load -balancer by using Haproxy. The second node will be a database node and two -nodes will be used as web servers. If it is desirable for more node, you -can simply increase the number of nodes in the configuration, all added nodes -will be used as web servers. - -Once the script finishes, a URL will be displayed at the end for verification. - -## Requirements - -- [Install Ansible](http://docs.ansible.com/ansible/intro_installation.html) -- [Install openstack shade] (http://docs.openstack.org/infra/shade/installation.html) -- Make sure there is an Ubuntu cloud image available on your cloud. -- Clone this project into a directory. - -## Ansible - -Ansible and OpenStack Shade will be used to provision all of the OpenStack -resources required by LAMP stack. - -### Prep - -#### Deal with ssh keys for Openstack Authentication - -If you do not have a ssh key, then you should create one by using a tool. -An example command to do that is provided below. Once you have a key pair, -ensure your local ssh-agent is running and your ssh key has been added. -This step is required. Not doing this, you will have to manually give -passphrase when script runs, and script can fail. If you really do not want -to deal with passphrase, you can create a key pair without passphrase:: - - ssh-keygen -t rsa - eval $(ssh-agent -s) - ssh-add ~/.ssh/id_rsa - -#### General Openstack Settings - -Ansible's OpenStack cloud module is used to provision compute resources -against an OpenStack cloud. Before you run the script, the cloud environment -will have to be specified. Sample files have been provided in vars directory. -You may create one such file per cloud for your tests. - - auth: { - auth_url: "http://x.x.x.x:5000/v3", - username: "demo", - password: "{{ password }}", - domain_name: "default", - project_name: "demo" - } - - app_env: { - image_name: "ubuntu-15.04", - region_name: "RegionOne", - availability_zone: "nova", - validate_certs: True, - private_net_name: "my_tenant_net", - flavor_name: "m1.small", - public_key_file: "/home/tong/.ssh/id_rsa.pub", - stack_size: 4, - volume_size: 2, - block_device_name: "/dev/vdb", - config_drive: no, - wp_theme: "https://downloads.wordpress.org/theme/iribbon.2.0.65.zip", - wp_posts: "http://wpcandy.s3.amazonaws.com/resources/postsxml.zip" - } - -It's also possible to provide download URL's for wordpress and associated -other utilities, supporting use of this module in environments with limited -outbound network access to the Internet (defaults show below): - - app_env: { - ... - wp_latest: 'https://wordpress.org/latest.tar.gz', - wp_cli: 'https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar', - wp_importer: 'http://downloads.wordpress.org/plugin/wordpress-importer.0.6.3.zip' - } - -The values of these variables should be provided by your cloud provider. When -use keystone 2.0 API, you will not need to setup domain name. You can leave -region_name empty if you have just one region. You can also leave -private_net_name empty if your cloud does not support tenant network or you -only have one tenant network. The private_net_name is only needed when you -have multiple tenant networks. validate_certs should be normally set to True -when your cloud uses tls(ssl) and your cloud is not using self signed -certificate. If your cloud is using self signed certificate, then the -certificate can not be easily validated by ansible. You can skip it by setting -the parameter to False. - - -## Provision the LAMP stack - -With your cloud environment set, you should be able to run the script:: - - ansible-playbook -e "action=apply env=leap password=XXXXX" site.yml - -The command will stand up the nodes using a cloud named leap (vars/leap.yml). -If you run the test against other cloud, you can create a new file use same -structure and specify that cloud attributes such as auth_url, etc. Then you -can simply replace work leap with that file name. Replace xxxxx with your -own password. - -If everything goes well, it will accomplish the following:: - - 1. Provision 4 nodes - 2. Create security group - 3. Add security rules to allow ping, ssh, mysql and nfs access - 4. Create a cinder volume - 5. Attach the cinder volume to database node for wordpress database and - content - 6. Setup NFS on database node, so that web servers can share the cinder - volume space, all wordpress content will be saved on cinder volume. - This is to ensure that the multiple web servres will represent same - content. - 7. Setup mysql to use the space provided by cinder volume - 8. Configure and initialize wordpress - 9. Install and activte a wordpress theme specified by configuration file - 10.Install wordpress importer plugin - 11.Import sample word press content - 12.Remove not needed floating IPs from servers which do not need them. - - -## Next Steps - -### Check its up - -If there are no errors, you can use the IP addresses of the webservers to -access wordpress. If this is the very first time, you will be asked to do -answer few questions. Once that is done, you will have a fully functional -wordpress running. - -## Cleanup - -Once you're done with it, don't forget to nuke the whole thing:: - - ansible-playbook -e "action=destroy env=leap password=XXXXX" site.yml - -The above command will destroy all the resources created. diff --git a/ansible/lampstack/ansible.cfg b/ansible/lampstack/ansible.cfg deleted file mode 100644 index a5fa946..0000000 --- a/ansible/lampstack/ansible.cfg +++ /dev/null @@ -1,3 +0,0 @@ -[defaults] -inventory = ./hosts -host_key_checking = False diff --git a/ansible/lampstack/group_vars/all.yml b/ansible/lampstack/group_vars/all.yml deleted file mode 100755 index fcf8048..0000000 --- a/ansible/lampstack/group_vars/all.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -db_user: "wpdbuser" -db_pass: "{{ lookup('password', - '/tmp/sqlpassword chars=ascii_letters,digits length=8') }}" - -proxy_env: { -} \ No newline at end of file diff --git a/ansible/lampstack/hosts b/ansible/lampstack/hosts deleted file mode 100644 index c023aec..0000000 --- a/ansible/lampstack/hosts +++ /dev/null @@ -1 +0,0 @@ -cloud ansible_host=127.0.0.1 ansible_python_interpreter=python diff --git a/ansible/lampstack/roles/apply/tasks/main.yml b/ansible/lampstack/roles/apply/tasks/main.yml deleted file mode 100755 index 088cb5d..0000000 --- a/ansible/lampstack/roles/apply/tasks/main.yml +++ /dev/null @@ -1,194 +0,0 @@ ---- -- name: Get start timestamp - set_fact: - starttime: "{{ ansible_date_time }}" - -- name: Retrieve specified flavor - os_flavor_facts: - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: "{{ app_env.flavor_name }}" - -- name: Create a key-pair - os_keypair: - state: "present" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: "lampstack" - public_key_file: "{{ app_env.public_key_file }}" - -- name: Create volume - os_volume: - state: present - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - size: "{{ app_env.volume_size }}" - wait: yes - display_name: db_volume - -- name: Create security group - os_security_group: - state: present - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: lampstack_sg - description: security group for lampstack - -- name: Add security rules - os_security_group_rule: - state: present - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - security_group: lampstack_sg - protocol: "{{ item.protocol }}" - direction: "{{ item.dir }}" - port_range_min: "{{ item.p_min }}" - port_range_max: "{{ item.p_max }}" - remote_ip_prefix: 0.0.0.0/0 - with_items: - - { p_min: 22, p_max: 22, dir: ingress, protocol: tcp } - - { p_min: 80, p_max: 80, dir: ingress, protocol: tcp } - - { p_min: 2049, p_max: 2049, dir: ingress, protocol: tcp } - - { p_min: 2049, p_max: 2049, dir: egress, protocol: tcp } - - { p_min: 3306, p_max: 3306, dir: ingress, protocol: tcp } - - { p_min: -1, p_max: -1, dir: ingress, protocol: icmp } - - { p_min: -1, p_max: -1, dir: egress, protocol: icmp } - -- name: Create database node - os_server: - state: "present" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: database - image: "{{ app_env.image_name }}" - key_name: "lampstack" - timeout: 200 - flavor: "{{ app_env.flavor_name }}" - network: "{{ app_env.private_net_name }}" - userdata: "{{ lookup('file', 'templates/userdata.j2') }}" - config_drive: "{{ app_env.config_drive | default('no') }}" - security_groups: lampstack_sg - floating_ip_pools: "{{ app_env.public_net_name | default(omit) }}" - meta: - hostname: database - register: database - -- name: Add database node to the dbservers host group - add_host: - name: "{{ database.openstack.public_v4 }}" - groups: dbservers - when: database.openstack.public_v4 != "" - -- name: Add database node to the dbservers host group - add_host: - name: "{{ database.openstack.private_v4 }}" - groups: dbservers - when: database.openstack.public_v4 == "" - -- name: Create balancer node - os_server: - state: "present" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: balancer - image: "{{ app_env.image_name }}" - key_name: "lampstack" - timeout: 200 - flavor: "{{ app_env.flavor_name }}" - network: "{{ app_env.private_net_name }}" - userdata: "{{ lookup('file', 'templates/userdata.j2') }}" - config_drive: "{{ app_env.config_drive | default('no') }}" - security_groups: lampstack_sg - floating_ip_pools: "{{ app_env.public_net_name | default(omit) }}" - meta: - hostname: balancer - register: balancer - -- name: Add balancer node to the balancers host group - add_host: - name: "{{ balancer.openstack.public_v4 }}" - groups: balancers - when: balancer.openstack.public_v4 != "" - -- name: Add balancer node to the balancers host group - add_host: - name: "{{ balancer.openstack.private_v4 }}" - groups: balancers - when: balancer.openstack.public_v4 == "" - -- name: Create a volume for database to save data - os_server_volume: - state: present - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - server: database - volume: db_volume - device: "{{ app_env.block_device_name }}" - -- name: Create web server nodes to host application - os_server: - state: "present" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: apache-{{ item }} - image: "{{ app_env.image_name }}" - key_name: "lampstack" - timeout: 200 - flavor: "{{ app_env.flavor_name }}" - network: "{{ app_env.private_net_name }}" - floating_ip_pools: "{{ app_env.public_net_name | default(omit) }}" - userdata: "{{ lookup('file', 'templates/userdata.j2') }}" - config_drive: "{{ app_env.config_drive | default('no') }}" - security_groups: lampstack_sg - meta: - hostname: apache-{{ item }} - with_sequence: count={{ app_env.stack_size - 2 }} - register: webserver - -- name: Add web servers to webservers host group - add_host: - name: "{{ item.openstack.public_v4 }}" - groups: webservers - when: item.openstack.public_v4 != "" - with_items: "{{ webserver.results }}" - no_log: True - -- name: Add web servers to webservers host group - add_host: - name: "{{ item.openstack.private_v4 }}" - groups: webservers - when: item.openstack.public_v4 == "" - with_items: "{{ webserver.results }}" - no_log: True - -- name: Add one web servers to wps host group - add_host: - name: "{{ webserver.results[0].openstack.public_v4 }}" - groups: wps - when: webserver.results[0].openstack.public_v4 != "" - no_log: True - -- name: Add one web servers to wps host group - add_host: - name: "{{ webserver.results[0].openstack.private_v4 }}" - groups: wps - when: webserver.results[0].openstack.public_v4 == "" - no_log: True diff --git a/ansible/lampstack/roles/apply/templates/userdata.j2 b/ansible/lampstack/roles/apply/templates/userdata.j2 deleted file mode 100755 index a4079c9..0000000 --- a/ansible/lampstack/roles/apply/templates/userdata.j2 +++ /dev/null @@ -1,4 +0,0 @@ -#cloud-config -runcmd: - - addr=$(ip -4 -o addr | grep -v '127.0.0.1' | awk 'NR==1{print $4}' | cut -d '/' -f 1) - - echo $addr `hostname` >> /etc/hosts \ No newline at end of file diff --git a/ansible/lampstack/roles/balancer/tasks/main.yml b/ansible/lampstack/roles/balancer/tasks/main.yml deleted file mode 100755 index eedb4a0..0000000 --- a/ansible/lampstack/roles/balancer/tasks/main.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Haproxy install - package: - name="{{ item }}" - state=latest - update_cache=yes - with_items: - - haproxy - when: ansible_distribution == 'Ubuntu' - -- name: Haproxy install - package: - name="{{ item }}" - state=latest - with_items: - - haproxy - when: ansible_distribution == 'Fedora' - -- name: Enable haproxy service - replace: - dest: /etc/default/haproxy - regexp: "ENABLED=0" - replace: "ENABLED=1" - backup: no - when: ansible_distribution == 'Ubuntu' - -- name: Place the haproxy configuration file - copy: - src: templates/haproxy.cfg.j2 - dest: /etc/haproxy/haproxy.cfg - owner: root - group: root - when: ansible_distribution == 'Ubuntu' - -- name: Place the haproxy configuration file - copy: - src: templates/haproxy_fedora.cfg.j2 - dest: /etc/haproxy/haproxy.cfg - owner: root - group: root - when: ansible_distribution == 'Fedora' - -- name: Add web servers to the haproxy - lineinfile: - dest: /etc/haproxy/haproxy.cfg - line: " server ws{{ item[0].openstack[item[1]] }} {{ item[0].openstack[item[1]] }}:80 check" - with_nested: - - "{{ hostvars.cloud.webserver.results }}" - - ["private_v4", "public_v4"] - when: item[0].openstack[item[1]] != '' - no_log: True - -- service: name=haproxy state=restarted enabled=yes diff --git a/ansible/lampstack/roles/balancer/templates/haproxy.cfg.j2 b/ansible/lampstack/roles/balancer/templates/haproxy.cfg.j2 deleted file mode 100755 index 17267ed..0000000 --- a/ansible/lampstack/roles/balancer/templates/haproxy.cfg.j2 +++ /dev/null @@ -1,33 +0,0 @@ -global - log /dev/log local0 - log /dev/log local1 notice - chroot /var/lib/haproxy - user haproxy - group haproxy - daemon - -defaults - log global - mode http - option httplog - option dontlognull - option redispatch - retries 3 - contimeout 5000 - clitimeout 50000 - srvtimeout 50000 - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http - -listen webfarm 0.0.0.0:80 - mode http - stats enable - stats uri /haproxy?stats - balance roundrobin - option httpclose - option forwardfor diff --git a/ansible/lampstack/roles/balancer/templates/haproxy_fedora.cfg.j2 b/ansible/lampstack/roles/balancer/templates/haproxy_fedora.cfg.j2 deleted file mode 100755 index 015cf4c..0000000 --- a/ansible/lampstack/roles/balancer/templates/haproxy_fedora.cfg.j2 +++ /dev/null @@ -1,34 +0,0 @@ -global - log /dev/log local0 - log /dev/log local1 notice - chroot /var/lib/haproxy - user haproxy - group haproxy - daemon - -defaults - log global - mode http - option httplog - option dontlognull - option redispatch - retries 3 - contimeout 5000 - clitimeout 50000 - srvtimeout 50000 - errorfile 400 /usr/share/haproxy/400.http - errorfile 403 /usr/share/haproxy/403.http - errorfile 408 /usr/share/haproxy/408.http - errorfile 500 /usr/share/haproxy/500.http - errorfile 502 /usr/share/haproxy/502.http - errorfile 503 /usr/share/haproxy/503.http - errorfile 504 /usr/share/haproxy/504.http - -listen webfarm - bind 0.0.0.0:80 - mode http - stats enable - stats uri /haproxy?stats - balance roundrobin - option httpclose - option forwardfor diff --git a/ansible/lampstack/roles/cleaner/tasks/apply.yml b/ansible/lampstack/roles/cleaner/tasks/apply.yml deleted file mode 100755 index 5245e08..0000000 --- a/ansible/lampstack/roles/cleaner/tasks/apply.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- os_floating_ip: - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - state: absent - floating_ip_address: "{{ database.openstack.public_v4 }}" - server: "{{ database.openstack.name }}" - when: database.openstack.private_v4 != "" - no_log: True - -- os_floating_ip: - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - state: absent - floating_ip_address: "{{ item.openstack.public_v4 }}" - server: "{{ item.openstack.name }}" - with_items: "{{ webserver.results }}" - when: item.openstack.private_v4 != "" - no_log: True \ No newline at end of file diff --git a/ansible/lampstack/roles/cleaner/tasks/destroy.yml b/ansible/lampstack/roles/cleaner/tasks/destroy.yml deleted file mode 100755 index ed97d53..0000000 --- a/ansible/lampstack/roles/cleaner/tasks/destroy.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/ansible/lampstack/roles/common/tasks/main.yml b/ansible/lampstack/roles/common/tasks/main.yml deleted file mode 100644 index e76aed2..0000000 --- a/ansible/lampstack/roles/common/tasks/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Wait until server is up and runnning - local_action: wait_for port=22 host="{{ ansible_ssh_host | default(inventory_hostname) }}" search_regex=OpenSSH delay=10 - become: no - -- name: Check if running on Fedora - raw: "[ -f /etc/fedora-release ]" - register: fedora_release - ignore_errors: yes - -- name: Install python2 for Ansible - raw: dnf install -y python2 python2-dnf libselinux-python - register: result - until: result|success - when: fedora_release.rc == 0 - -- name: Set SELinux to permisive - selinux: policy=targeted state=permissive - when: fedora_release.rc == 0 diff --git a/ansible/lampstack/roles/database/tasks/main.yml b/ansible/lampstack/roles/database/tasks/main.yml deleted file mode 100755 index 238d486..0000000 --- a/ansible/lampstack/roles/database/tasks/main.yml +++ /dev/null @@ -1,164 +0,0 @@ ---- -- stat: path=/tmp/diskflag - register: diskflag - -- name: update apt cache - apt: update_cache=yes - when: ansible_os_family == "Debian" - -- name: install scsitools - package: name=scsitools state=latest - when: ansible_distribution == 'Ubuntu' - -- name: install sg3_utils - package: name=sg3_utils state=latest - when: ansible_distribution == 'Fedora' - -- shell: /sbin/rescan-scsi-bus - when: diskflag.stat.exists == false and ansible_distribution == 'Ubuntu' - -- shell: /bin/rescan-scsi-bus.sh - when: diskflag.stat.exists == false and ansible_distribution == 'Fedora' - -- shell: parted -s "{{ app_env.block_device_name }}" mklabel msdos - when: diskflag.stat.exists == false - -- shell: parted -s "{{ app_env.block_device_name }}" mkpart primary ext4 1049kb 100% - when: diskflag.stat.exists == false - -- lineinfile: dest=/tmp/diskflag line="disk is now partitioned!" create=yes - -- filesystem: fstype=ext4 dev="{{ app_env.block_device_name }}1" -- mount: name=/storage src="{{ app_env.block_device_name }}1" fstype=ext4 state=mounted - -- shell: ip -4 -o addr | grep -v '127.0.0.1' | awk 'NR==1{print $4}' | cut -d '/' -f 1 - register: local_ip - -- name: Creates share directory for database - file: path=/storage/sqldatabase state=directory - -- name: Creates share directory for wpcontent - file: path=/storage/wpcontent state=directory - -- name: Creates directory for database mounting point - file: path=/var/lib/mysql state=directory - -- name: Install NFS server - package: - name=nfs-kernel-server - state=latest - update_cache=yes - when: ansible_distribution == 'Ubuntu' - -- name: Install NFS server - package: name=nfs-utils state=latest - when: ansible_distribution == 'Fedora' - -- name: Setup NFS database access - lineinfile: - dest: /etc/exports - line: "/storage/sqldatabase {{ local_ip.stdout }}/32(rw,sync,no_root_squash,no_subtree_check)" - -- name: Setup NFS webserver access - lineinfile: - dest: /etc/exports - line: "/storage/wpcontent {{ item[0].openstack[item[1]] }}/32(rw,sync,no_root_squash,no_subtree_check)" - with_nested: - - "{{ hostvars.cloud.webserver.results }}" - - ["private_v4", "public_v4"] - when: item[0].openstack[item[1]] != '' - no_log: True - -- name: nfs export - shell: exportfs -a - -- service: name=nfs-kernel-server state=restarted enabled=yes - when: ansible_distribution == 'Ubuntu' - -- service: name=nfs-server state=restarted enabled=yes - when: ansible_distribution == 'Fedora' - -- name: Mount the database data directory - mount: - name: /var/lib/mysql - src: "{{ local_ip.stdout }}:/storage/sqldatabase" - state: mounted - fstype: nfs - -- name: Install mysql and libraries - package: - name="{{ item }}" - state=latest - update_cache=yes - with_items: - - mysql-server - - python-mysqldb - when: ansible_distribution == 'Ubuntu' - -- name: Install mysql and libraries - package: - name="{{ item }}" - state=latest - with_items: - - mariadb-server - - python2-mysql - when: ansible_distribution == 'Fedora' - -- service: name=mysql state=stopped enabled=yes - when: ansible_distribution == 'Ubuntu' - -- service: name=mariadb state=stopped enabled=yes - when: ansible_distribution == 'Fedora' - -- stat: path=/etc/mysql/my.cnf - register: mysqlflag - -- name: Configure mysql 5.5 - replace: - dest: "/etc/mysql/my.cnf" - regexp: '^bind-address[ \t]*=[ ]*127\.0\.0\.1' - replace: "bind-address = {{ local_ip.stdout }}" - backup: no - when: mysqlflag.stat.exists == true - -- stat: path=/etc/mysql/mysql.conf.d/mysqld.cnf - register: mysqlflag - -- name: Configure mysql 5.6+ - replace: - dest: "/etc/mysql/mysql.conf.d/mysqld.cnf" - replace: "bind-address = {{ local_ip.stdout }}" - backup: no - when: mysqlflag.stat.exists == true - -- stat: path=/etc/my.cnf - register: mariadbflag - -- name: Configure MariaDB 10.1 - ini_file: - dest=/etc/my.cnf - section=mysqld - option=bind-address - value={{ local_ip.stdout }} - when: mariadbflag.stat.exists == true - -- service: name=mysql state=started enabled=yes - when: ansible_distribution == 'Ubuntu' - -- service: name=mariadb state=started enabled=yes - when: ansible_distribution == 'Fedora' - -- name: create wordpress database - mysql_db: - name: "decision2016" - state: "{{ item }}" - with_items: - - ['present', 'absent', 'present'] - -- name: Add a user - mysql_user: - name: "{{ db_user }}" - password: "{{ db_pass }}" - host: "%" - priv: 'decision2016.*:ALL' - state: present diff --git a/ansible/lampstack/roles/destroy/tasks/main.yml b/ansible/lampstack/roles/destroy/tasks/main.yml deleted file mode 100755 index fc82301..0000000 --- a/ansible/lampstack/roles/destroy/tasks/main.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -- name: Get start timestamp - set_fact: starttime="{{ ansible_date_time }}" - -- name: Delete key pairs - os_keypair: - state: "absent" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: "lampstack" - public_key_file: "{{ app_env.public_key_file }}" - -- name: Delete database node - os_server: - state: "absent" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: database - image: "{{ app_env.image_name }}" - key_name: "lampstack" - timeout: 200 - network: "{{ app_env.private_net_name }}" - meta: - hostname: database - -- name: Delete balancer node - os_server: - state: "absent" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: balancer - image: "{{ app_env.image_name }}" - key_name: "lampstack" - timeout: 200 - network: "{{ app_env.private_net_name }}" - meta: - hostname: balancer - -- name: Delete web server nodes - os_server: - state: "absent" - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: apache-{{ item }} - image: "{{ app_env.image_name }}" - key_name: "lampstack" - timeout: 200 - network: "{{ app_env.private_net_name }}" - meta: - hostname: apache-{{ item }} - with_sequence: count={{ app_env.stack_size - 2 }} - -- name: Delete security group - os_security_group: - state: absent - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - name: lampstack_sg - description: secuirty group for lampstack - -- name: Delete cinder volume - os_volume: - state: absent - auth: "{{ auth }}" - region_name: "{{ app_env.region_name }}" - availability_zone: "{{ app_env.availability_zone }}" - validate_certs: "{{ app_env.validate_certs }}" - wait: yes - display_name: db_volume diff --git a/ansible/lampstack/roles/webserver/tasks/main.yml b/ansible/lampstack/roles/webserver/tasks/main.yml deleted file mode 100755 index 6224e00..0000000 --- a/ansible/lampstack/roles/webserver/tasks/main.yml +++ /dev/null @@ -1,147 +0,0 @@ ---- -- name: Apache and php 5 - package: - name="{{ item }}" - state=latest - update_cache=yes - with_items: - - apache2 - - php5 - - php5-mysql - - nfs-common - - unzip - - ssmtp - when: ansible_distribution == 'Ubuntu' - -- name: Apache and php 5 - package: - name="{{ item }}" - state=latest - with_items: - - httpd - - php - - php-mysqlnd - - nfs-utils - - unzip - - ssmtp - when: ansible_distribution == 'Fedora' - -- shell: rm -rf /var/www/html/index.html - args: - warn: no - -- name: Creates share directory for wpcontent - file: - path: /var/www/html/wp-content/uploads - state: directory - owner: www-data - group: www-data - when: ansible_distribution == 'Ubuntu' - -- name: Creates share directory for wpcontent - file: - path: /var/www/html/wp-content/uploads - state: directory - owner: apache - group: apache - when: ansible_distribution == 'Fedora' - -- name: Mount the directory using private IP - mount: - name: /var/www/html/wp-content/uploads - src: "{{ hostvars.cloud.database.openstack.private_v4 }}:/storage/wpcontent" - state: mounted - fstype: nfs - when: hostvars.cloud.database.openstack.private_v4 != "" - -- name: Mount the directory using public IP - mount: - name: /var/www/html/wp-content/uploads - src: "{{ hostvars.cloud.database.openstack.public_v4 }}:/storage/wpcontent" - state: mounted - fstype: nfs - when: hostvars.cloud.database.openstack.private_v4 == "" - -- lineinfile: dest=/etc/apache2/apache2.conf line="ServerName localhost" - when: ansible_distribution == 'Ubuntu' - -- lineinfile: dest=/etc/httpd/conf/httpd.conf line="ServerName localhost" - when: ansible_distribution == 'Fedora' - -- name: Download wordpress - get_url: - url: "{{ app_env.wp_latest | default('https://wordpress.org/latest.tar.gz') }}" - dest: /var/www/latest.tar.gz - -- name: Unpack latest wordpress - shell: tar -xf /var/www/latest.tar.gz -C /var/www/html --strip-components=1 - args: - warn: no - -- name: Create wordpress configuration - shell: cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php - args: - warn: no - -- name: Configure wordpress database, username and password - replace: - dest: /var/www/html/wp-config.php - regexp: "'{{ item.then }}'" - replace: "'{{ item.now }}'" - backup: no - with_items: - - { then: 'database_name_here', now: 'decision2016' } - - { then: 'username_here', now: "{{ db_user }}" } - - { then: 'password_here', now: "{{ db_pass }}" } - -- name: Configure wordpress network access using private IP - replace: - dest: /var/www/html/wp-config.php - regexp: "'localhost'" - replace: "'{{ hostvars.cloud.database.openstack.private_v4 }}'" - backup: no - when: hostvars.cloud.database.openstack.private_v4 != "" - -- name: Configure wordpress network access using public IP - replace: - dest: /var/www/html/wp-config.php - regexp: "'localhost'" - replace: "'{{ hostvars.cloud.database.openstack.public_v4 }}'" - backup: no - when: hostvars.cloud.database.openstack.private_v4 == "" - -- name: Change ownership of wordpress - shell: chown -R www-data:www-data /var/www/html - args: - warn: no - when: ansible_distribution == 'Ubuntu' - -- name: Change ownership of wordpress - shell: chown -R apache:apache /var/www/html - args: - warn: no - when: ansible_distribution == 'Fedora' - -- service: name=apache2 state=restarted enabled=yes - when: ansible_distribution == 'Ubuntu' - -- service: name=httpd state=restarted enabled=yes - when: ansible_distribution == 'Fedora' - -- name: Install wordpress command line tool - get_url: - url: "{{ app_env.wp_cli | default('https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar') }}" - dest: /usr/local/bin/wp - mode: "a+x" - force: no - -- name: Download a wordpress theme - get_url: - url: "{{ app_env.wp_theme }}" - dest: /tmp/wptheme.zip - force: yes - -- name: Install the theme - shell: unzip -o -q /tmp/wptheme.zip -d /var/www/html/wp-content/themes - args: - warn: no diff --git a/ansible/lampstack/roles/wordpress/tasks/main.yml b/ansible/lampstack/roles/wordpress/tasks/main.yml deleted file mode 100755 index b41f327..0000000 --- a/ansible/lampstack/roles/wordpress/tasks/main.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -- name: Install wordpress - command: > - wp core install --path=/var/www/html - --url="http://{{ hostvars.cloud.balancer.openstack.public_v4 }}" - --title='OpenStack Interop Challenge' - --admin_user=wpuser - --admin_password="{{ db_pass }}" - --admin_email='interop@openstack.org' - when: hostvars.cloud.balancer.openstack.public_v4 != "" - -- name: Install wordpress - command: > - wp core install --path=/var/www/html - --url="http://{{ hostvars.cloud.balancer.openstack.private_v4 }}" - --title='OpenStack Interop Challenge' - --admin_user=wpuser - --admin_password="{{ db_pass }}" - --admin_email='interop@openstack.org' - when: hostvars.cloud.balancer.openstack.public_v4 == "" - -- name: Activate wordpress theme - command: > - wp --path=/var/www/html theme activate - "{{ app_env.wp_theme.split('/').pop().split('.')[0] }}" - -- name: Download wordpress importer plugin - get_url: - url: "{{ app_env.wp_importer | default('http://downloads.wordpress.org/plugin/wordpress-importer.0.6.3.zip') }}" - dest: "/tmp/wordpress-importer.zip" - force: "yes" - -- name: Install wordpress importer plugin - command: > - sudo -u www-data wp --path=/var/www/html plugin install /tmp/wordpress-importer.zip --activate - args: - warn: "no" - when: ansible_distribution == 'Ubuntu' - -- name: Install wordpress importer plugin - command: > - sudo -u apache /usr/local/bin/wp --path=/var/www/html plugin install /tmp/wordpress-importer.zip - args: - warn: "no" - when: ansible_distribution == 'Fedora' - -- name: Enable wordpress importer plugin - command: > - sudo -u apache /usr/local/bin/wp --path=/var/www/html plugin activate wordpress-importer - args: - warn: "no" - when: ansible_distribution == 'Fedora' - -- name: Download wordpress sample posts - get_url: - url: "{{ app_env.wp_posts }}" - dest: "/tmp/wpposts.zip" - force: "yes" - -- name: Unpack the posts - command: unzip -o -q /tmp/wpposts.zip -d /tmp/posts - args: - warn: "no" - -- name: Import wordpress posts - command: > - sudo -u www-data wp --path=/var/www/html import /tmp/posts/*.xml --authors=create --quiet - when: ansible_distribution == 'Ubuntu' - -- name: Import wordpress posts - shell: > - sudo -u apache /usr/local/bin/wp --path=/var/www/html import /tmp/posts/*.xml --authors=create --quiet - when: ansible_distribution == 'Fedora' diff --git a/ansible/lampstack/site.yml b/ansible/lampstack/site.yml deleted file mode 100755 index 25a284f..0000000 --- a/ansible/lampstack/site.yml +++ /dev/null @@ -1,96 +0,0 @@ ---- -- name: provision servers - hosts: cloud - connection: local - vars_files: - - "vars/{{ env }}.yml" - roles: - - "{{ action }}" - -- name: Install python2 for ansible to work - hosts: dbservers, webservers, balancers, wps - gather_facts: false - user: "{{ app_env.ssh_user }}" - become: true - become_user: root - vars_files: - - "vars/{{ env }}.yml" - roles: - - common - environment: "{{ proxy_env }}" - -- name: setup database - hosts: dbservers - user: "{{ app_env.ssh_user }}" - become: true - become_user: root - vars_files: - - "vars/{{ env }}.yml" - roles: - - database - environment: "{{proxy_env}}" - -- name: setup web servers - hosts: webservers - user: "{{ app_env.ssh_user }}" - become: true - become_user: root - vars_files: - - "vars/{{ env }}.yml" - roles: - - webserver - environment: "{{proxy_env}}" - -- name: setup load balancer servers - hosts: balancers - user: "{{ app_env.ssh_user }}" - become: true - become_user: root - vars_files: - - "vars/{{ env }}.yml" - roles: - - balancer - environment: "{{proxy_env}}" - -- name: install wordpress - hosts: wps - user: "{{ app_env.ssh_user }}" - vars_files: - - "vars/{{ env }}.yml" - roles: - - wordpress - environment: "{{proxy_env}}" - -- name: clean up resources - hosts: cloud - connection: local - vars_files: - - "vars/{{ env }}.yml" - tasks: - - include: "roles/cleaner/tasks/{{action}}.yml" - roles: - - cleaner - environment: "{{proxy_env}}" - -- name: Inform the installer - hosts: cloud - connection: local - tasks: - - debug: - msg: >- - Access wordpress at - http://{{ hostvars.cloud.balancer.openstack.public_v4 }}. - wordpress userid is wpuser, password is {{ db_pass }} - when: hostvars.cloud.balancer is defined and - hostvars.cloud.balancer.openstack.public_v4 != "" - - debug: - msg: >- - Access wordpress at - http://{{ hostvars.cloud.balancer.openstack.private_v4 }}. - wordpress userid is wpuser, password is {{ db_pass }} - when: hostvars.cloud.balancer is defined and - hostvars.cloud.balancer.openstack.public_v4 == "" - - debug: - msg: >- - The work load test started at {{ hostvars.cloud.starttime.time }}, - ended at {{ ansible_date_time.time }} diff --git a/ansible/lampstack/vars/bluebox.yml b/ansible/lampstack/vars/bluebox.yml deleted file mode 100755 index 9d18ca2..0000000 --- a/ansible/lampstack/vars/bluebox.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -horizon_url: "https://salesdemo-sjc.openstack.blueboxgrid.com" - -auth: { - auth_url: "https://salesdemo-sjc.openstack.blueboxgrid.com:5000/v2.0", - username: "litong01", - password: "{{ password }}", - project_name: "Interop" -} - -app_env: { - ssh_user: "ubuntu", - image_name: "ubuntu-15.04", - region_name: "", - availability_zone: "", - validate_certs: True, - private_net_name: "interopnet", - flavor_name: "m1.small", - public_key_file: "/home/tong/.ssh/id_rsa.pub", - stack_size: 4, - volume_size: 10, - block_device_name: "/dev/vdb", - wp_theme: "https://downloads.wordpress.org/theme/iribbon.2.0.65.zip", - wp_posts: "http://wpcandy.s3.amazonaws.com/resources/postsxml.zip" -} diff --git a/ansible/lampstack/vars/dreamhost.yml b/ansible/lampstack/vars/dreamhost.yml deleted file mode 100755 index 4112268..0000000 --- a/ansible/lampstack/vars/dreamhost.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -horizon_url: "https://iad2.dreamcompute.com" - -auth: { - auth_url: "https://iad2.dream.io:5000/v2.0", - username: "stemaf4", - password: "{{ password }}", - project_name: "dhc2131831" -} - -app_env: { - ssh_user: "ubuntu", - region_name: "RegionOne", - image_name: "Ubuntu-14.04", - private_net_name: "", - validate_certs: False, - availability_zone: "iad-2", - flavor_name: "gp1.supersonic", - public_key_file: "/home/reed/.ssh/id_rsa.pub", - stack_size: 4, - volume_size: 10, - block_device_name: "/dev/vdb", - wp_theme: "https://downloads.wordpress.org/theme/iribbon.2.0.65.zip", - wp_posts: "http://wpcandy.s3.amazonaws.com/resources/postsxml.zip" -} diff --git a/ansible/lampstack/vars/hos4.yml b/ansible/lampstack/vars/hos4.yml deleted file mode 100755 index e2e7938..0000000 --- a/ansible/lampstack/vars/hos4.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -horizon_url: "https://10.241.20.5:443" - -auth: { - auth_url: "http://10.241.144.2:5000/v3", - username: "interop_admin", - password: "{{ password }}", - project_name: "interop", - domain_name: "Default" -} - -app_env: { - image_name: "ubuntu-trusty", - region_name: "region1", - private_net_name: "private-net", - flavor_name: "m1.small", - public_key_file: "/home/ghe.rivero/.ssh/id_rsa.pub", - stack_size: 4, - volume_size: 2, - block_device_name: "/dev/vdb", - wp_theme: "https://downloads.wordpress.org/theme/iribbon.2.0.65.zip", - wp_posts: "http://wpcandy.s3.amazonaws.com/resources/postsxml.zip", - validate_certs: False, - availability_zone: "nova" -} - diff --git a/ansible/lampstack/vars/leap.yml b/ansible/lampstack/vars/leap.yml deleted file mode 100755 index b2b0dec..0000000 --- a/ansible/lampstack/vars/leap.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -horizon_url: "http://9.30.217.9" - -auth: { - auth_url: "http://9.30.217.9:5000/v3", - username: "demo", - password: "{{ password }}", - domain_name: "default", - project_name: "demo" -} - -app_env: { - image_name: "ubuntu-15.04", - region_name: "RegionOne", - availability_zone: "nova", - validate_certs: False, - ssh_user: "ubuntu", - private_net_name: "Bluebox", - flavor_name: "m1.small", - public_key_file: "/home/tong/.ssh/id_rsa.pub", - stack_size: 4, - volume_size: 2, - block_device_name: "/dev/vdb", - wp_theme: "https://downloads.wordpress.org/theme/iribbon.2.0.65.zip", - wp_posts: "http://wpcandy.s3.amazonaws.com/resources/postsxml.zip" -} diff --git a/ansible/lampstack/vars/osic.yml b/ansible/lampstack/vars/osic.yml deleted file mode 100755 index 1a0e0f3..0000000 --- a/ansible/lampstack/vars/osic.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -horizon_url: "https://cloud1.osic.org" - -auth: { - auth_url: "https://cloud1.osic.org:5000/v3", - username: "litong01", - password: "{{ password }}", - domain_name: "default", - project_name: "interop_challenge" -} - -app_env: { - image_name: "ubuntu-server-14.04", - region_name: "", - availability_zone: "nova", - validate_certs: True, - private_net_name: "interopnet", - flavor_name: "m1.small", - public_key_file: "/home/tong/.ssh/id_rsa.pub", - stack_size: 4, - volume_size: 2, - block_device_name: "/dev/vdb", - wp_theme: "https://downloads.wordpress.org/theme/iribbon.2.0.65.zip", - wp_posts: "http://wpcandy.s3.amazonaws.com/resources/postsxml.zip" -} diff --git a/ansible/lampstack/vars/otc.yml b/ansible/lampstack/vars/otc.yml deleted file mode 100644 index b863e4c..0000000 --- a/ansible/lampstack/vars/otc.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -auth: { - auth_url: "https://iam.eu-de.otc.t-systems.com/v3", - username: "14610052 OTC00000000001000000447", - password: "{{ password }}", - domain_name: "eu-de", - project_name: "eu-de" -} - -app_env: { - image_name: "Community_Ubuntu_14.04_TSI_20161004_0", - region_name: "", - availability_zone: "eu-de-01", - validate_certs: False, - private_net_name: "a45173e7-3c00-485f-b297-3bd73bd6d80b", - flavor_name: "computev1-1", - public_key_file: "/home/ubuntu/.ssh/id_rsa.pub", - ssh_user: "ubuntu", - stack_size: 4, - volume_size: 2, - block_device_name: "/dev/xvdb", - wp_theme: "https://downloads.wordpress.org/theme/iribbon.2.0.65.zip", - wp_posts: "http://wpcandy.s3.amazonaws.com/resources/postsxml.zip" -} diff --git a/ansible/lampstack/vars/ovh.yml b/ansible/lampstack/vars/ovh.yml deleted file mode 100755 index 6c3ea18..0000000 --- a/ansible/lampstack/vars/ovh.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -horizon_url: "https://horizon.cloud.ovh.net/" - -auth: { - auth_url: "https://auth.cloud.ovh.net/v2.0", - username: "5sAcQ8EqamKq", - password: "{{ password }}", - project_name: "6987064600428478" -} - -app_env: { - ssh_user: "ubuntu", - region_name: "SBG1", - image_name: "Ubuntu 14.04", - private_net_name: "Ext-Net", - validate_certs: True, - availability_zone: "nova", - flavor_name: "eg-15-app", - public_key_file: "/home/ubuntu/.ssh/id_rsa.pub", - stack_size: 4, - volume_size: 4, - block_device_name: "/dev/vdb", - wp_theme: "https://downloads.wordpress.org/theme/iribbon.2.0.65.zip", - wp_posts: "http://wpcandy.s3.amazonaws.com/resources/postsxml.zip" -} diff --git a/ansible/lampstack/vars/trystack.yml b/ansible/lampstack/vars/trystack.yml deleted file mode 100644 index 4186837..0000000 --- a/ansible/lampstack/vars/trystack.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# Copyright Red Hat, Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -horizon_url: "https://x86.trystack.org/dashboard/" - -auth: { - auth_url: "http://8.43.86.11:5000/v3", - username: "{{ lookup('env', 'OS_USERNAME') }}", - password: "{{ lookup('env', 'OS_PASSWORD') }}", - project_name: "{{ lookup('env', 'OS_PROJECT_NAME') }}", - domain_name: "default", -} - -app_env: { - ssh_user: "ubuntu", - image_name: "ubuntu1404", - region_name: "regionOne", - availability_zone: "nova", - validate_certs: False, - private_net_name: "private", - flavor_name: "m1.small", - public_key_file: "/root/.ssh/id_rsa.pub", - stack_size: 4, - volume_size: 2, - block_device_name: "/dev/vdb", - wp_theme: "https://downloads.wordpress.org/theme/iribbon.2.0.65.zip", - wp_posts: "http://wpcandy.s3.amazonaws.com/resources/postsxml.zip" -} \ No newline at end of file diff --git a/ansible_requirements.txt b/ansible_requirements.txt deleted file mode 100644 index 4476a73..0000000 --- a/ansible_requirements.txt +++ /dev/null @@ -1,68 +0,0 @@ -ansible==2.1.2.0 -appdirs==1.4.0 -Babel==2.3.4 -cffi==1.8.3 -cliff==2.2.0 -cmd2==0.6.9 -cryptography==1.5.2 -debtcollector==1.8.0 -decorator==4.0.10 -dogpile.cache==0.6.2 -enum34==1.1.6 -funcsigs==1.0.2 -functools32==3.2.3.post2 -futures==3.0.5 -idna==2.1 -ipaddress==1.0.17 -iso8601==0.1.11 -Jinja2==2.8 -jsonpatch==1.14 -jsonpointer==1.10 -jsonschema==2.5.1 -keystoneauth1==2.12.1 -MarkupSafe==0.23 -monotonic==1.2 -msgpack-python==0.4.8 -munch==2.0.4 -netaddr==0.7.18 -netifaces==0.10.5 -openstacksdk==0.9.8 -os-client-config==1.21.1 -osc-lib==1.1.0 -oslo.config==3.17.0 -oslo.i18n==3.9.0 -oslo.serialization==2.13.0 -oslo.utils==3.16.0 -paramiko==2.0.2 -pbr==1.10.0 -positional==1.1.1 -prettytable==0.7.2 -pyasn1==0.1.9 -pycparser==2.14 -pycrypto==2.6.1 -pyparsing==2.1.9 -python-cinderclient==1.9.0 -python-designateclient==2.3.0 -python-glanceclient==2.5.0 -python-heatclient==1.5.0 -python-ironicclient==1.7.0 -python-keystoneclient==3.5.0 -python-magnumclient==2.3.0 -python-mistralclient==2.1.1 -python-neutronclient==6.0.0 -python-novaclient==6.0.0 -python-openstackclient==3.2.0 -python-swiftclient==3.1.0 -python-troveclient==2.5.0 -pytz==2016.7 -PyYAML==3.12 -requests==2.11.1 -requestsexceptions==1.1.3 -rfc3986==0.4.1 -shade>=1.9.0,<=1.12.1 -simplejson==3.8.2 -six==1.10.0 -stevedore==1.17.1 -unicodecsv==0.14.1 -warlock==1.2.0 -wrapt==1.10.8 diff --git a/heat/cleanup_stacks.py b/heat/cleanup_stacks.py deleted file mode 100644 index 56abef1..0000000 --- a/heat/cleanup_stacks.py +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright (c) 2019 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -""" -Clean up Heat stacks - -This script grabs a list of all stacks in DELETE_FAILED state and tries to -delete them again. For usage, please run the script with `--help`. -""" - -import argparse - -import openstack - -options = argparse.ArgumentParser(description='OpenStack Heat Clean-up') -cloud = openstack.connect(options=options) - -def cleanup_stack(stack): - # Skip anything that isn't DELETE_FAILED - if stack.status != 'DELETE_FAILED': - return - - # Get a list of all the resources of the stack - resources = list(cloud.orchestration.resources(stack)) - - # If we don't have any resources, we can consider this stack gone. - if len(resources) == 0: - print('[{}] no resources, deleting stack'.format(stack.id)) - cloud.orchestration.delete_stack(stack) - return - - # Find resources that are DELETE_FAILED - for resource in resources: - # Skip resources that are not DELETE_FAILED - if resource.status != 'DELETE_FAILED': - continue - - # Clean up and nested stacks - if resource.resource_type in ('OS::Heat::ResourceGroup'): - stack_id = resource.physical_resource_id - nested_stack = cloud.orchestration.find_stack(stack_id) - cleanup_stack(nested_stack) - continue - - # This is protection to make sure that we only delete once we're sure - # that all resources are gone. - print(stack, resource) - raise - - # At this point, the stack should be ready to be deleted - print("[{}] deleting..".format(stack.id)) - cloud.orchestration.delete_stack(stack) - - -for stack in cloud.orchestration.stacks(): - cleanup_stack(stack) \ No newline at end of file diff --git a/heat/lamp/AppWG_3Tier.yaml b/heat/lamp/AppWG_3Tier.yaml deleted file mode 100644 index 855c7a7..0000000 --- a/heat/lamp/AppWG_3Tier.yaml +++ /dev/null @@ -1,214 +0,0 @@ -heat_template_version: 2016-04-08 -#The value of heat_template_version tells Heat not only the format of the template but also features that will be validated and supported -#2016-04-08 represents the Mitaka release - -description: > - This is the main Heat template for the 3-tier LAMP Workload created by the Enterprise WG. - This version of the tempalte does not include autoscaling, and does not require ceilometer. - This template calls multiple nested templates which actually do the - majority of the work. This file calls the following yaml files in a ./lib subdirectory - setup_net_sg.yaml sets up the security groups and networks for Web, App, and Database - heat_app_tier.yaml starts up application servers and does on-the-fly builds - heat_web_tier.yaml starts up web servers and does on-the-fly builds - heat_sql_tier.yaml starts up mysql server and does on-the-fly builds. - - NOTE: This serves as a guide to new users and is not meant for production deployment. - - REQUIRED YAML FILES: - setup_net_sg.yaml, heat_app_tier.yaml, heat_sql_tier.yaml, heat_web_tier.yaml - - REQUIRED PARAMETERS: - ssh_key_name, image_id, public_network_id - - OPTIONAL PARAMETERS: - db_instance_flavor, app_instance_flavor, web_instance_flavor, db_server_name, app_server_name, web_server_name, dns_nameserver - - #Created by: Craig Sterrett 3/23/2016 - - -###################################### -#The parameters section allows for specifying input parameters that have to be provided when instantiating the template -parameters: - ssh_key_name: - type: string - label: SSH Key Name - description: REQUIRED PARAMETER -Name of an existing SSH KeyPair to enable SSH access to instances. - hidden: false - constraints: - - custom_constraint: nova.keypair - description: Must already exist on your cloud - - image_id: - type: string - label: Image ID - description: > - REQUIRED PARAMETER - The image id to be used for the compute instance. Please specify - your own Image ID in your project/tenant. This could be modified to use different - images for each tier. - hidden: false - constraints: - - custom_constraint: glance.image - description: Must be a valid image on your cloud - - public_network_id: - type: string - label: Public Network - description: > - REQUIRED PARAMETER - The public network name or id used to access the internet. - This will fail if this is not a true public network - hidden: false - constraints: - - custom_constraint: neutron.network - description: Must be a valid network on your cloud - - db_instance_flavor: - type: string - label: Database server instance flavor - description: The flavor type to use for db server. - default: m1.small - hidden: false - constraints: - - custom_constraint: nova.flavor - description: Must be a valid flavor provided by your cloud provider. - - app_instance_flavor: - type: string - label: Application server instance flavor - description: The flavor type to use for app servers. - default: m1.small - hidden: false - constraints: - - custom_constraint: nova.flavor - description: Must be a valid flavor provided by your cloud provider. - - web_instance_flavor: - type: string - label: Web server instance flavor - description: The flavor type to use for web servers. - default: m1.small - hidden: false - constraints: - - custom_constraint: nova.flavor - description: Must be a valid flavor provided by your cloud provider. - - db_server_name: - type: string - label: Server Name - description: Name of the database servers - hidden: false - default: db_server - - app_server_name: - type: string - label: Server Name - description: Name of the application servers - hidden: false - default: app_server - - web_server_name: - type: string - label: Server Name - description: Name of the web servers - hidden: false - default: web_server - - dns_nameserver: - type: comma_delimited_list - label: DNS Name Server - description: The IP address of a DNS nameserver in list format - default: 8.8.8.8,8.8.4.4 - -###################################### -#The resources section defines actual resources that make up a stack deployed from the HOT template (for instance compute instances, networks, storage volumes). -resources: - -#################### -#Setup Networking and Security Group -#Call the setup_net_sg.yaml file - - network_setup: - type: lib/setup_net_sg.yaml - properties: - public_network_id: { get_param: public_network_id } - dns_nameserver: { get_param: dns_nameserver } - -#################### -##Kick off a Database server - - launch_db_server: - type: lib/heat_sql_tier.yaml - properties: - ssh_key_name: { get_param: ssh_key_name } - server_name: { get_param: db_server_name } - instance_flavor: { get_param: db_instance_flavor } - image_id: { get_param: image_id } - private_network_id: {get_attr: [network_setup, db_private_network_id]} - security_group: {get_attr: [network_setup, db_security_group_id]} - -#################### -##Kick off two application servers -#Utilizing Heat resourcegroup to kick off multiple copies - - app_server_resource_group: - type: OS::Heat::ResourceGroup - properties: - count: 2 - resource_def: - type: lib/heat_app_tier.yaml - properties: - ssh_key_name: - get_param: ssh_key_name - server_name: - get_param: app_server_name - instance_flavor: - get_param: app_instance_flavor - image_id: - get_param: image_id - private_network_id: {get_attr: [network_setup, app_private_network_id]} - security_group: {get_attr: [network_setup, app_security_group_id]} - pool_name: {get_attr: [network_setup, app_lbaas_pool_name]} - db_server_ip: {get_attr: [launch_db_server, instance_ip]} - #Just passing something for metadata, it's not used in this script but is used in - #the autoscaling script - metadata: {"metering.stack": {get_param: "OS::stack_id"}} - -#################### -##Kick off two web servers -#Utilizing Heat resourcegroup to kick off multiple copies - - web_server_resource_group: - type: OS::Heat::ResourceGroup - properties: - count: 2 - resource_def: - type: lib/heat_web_tier.yaml - properties: - ssh_key_name: - get_param: ssh_key_name - server_name: - get_param: web_server_name - instance_flavor: - get_param: web_instance_flavor - image_id: - get_param: image_id - private_network_id: {get_attr: [network_setup, web_private_network_id]} - app_lbaas_vip: {get_attr: [network_setup, app_lbaas_IP]} - security_group: {get_attr: [network_setup, web_security_group_id]} - pool_name: {get_attr: [network_setup, web_lbaas_pool_name]} - #Just passing something for metadata, it's not used in this script but is used in - #the autoscaling script - metadata: {"metering.stack": {get_param: "OS::stack_id"}} - -###################################### -#The outputs section defines output parameters that should be available to the user after a stack has been created. -outputs: - - web_lbaas_ip: - description: > - This is the floating IP assigned to the WEB LoadBalancer. - value: {get_attr: [network_setup, web_lbaas_IP]} - - app_lbaas_ip: - description: > - This is the floating IP assigned to the Application LoadBalancer. - value: {get_attr: [network_setup, app_lbaas_IP]} diff --git a/heat/lamp/AppWG_3Tier_AutoScale.yaml b/heat/lamp/AppWG_3Tier_AutoScale.yaml deleted file mode 100644 index 33cfdef..0000000 --- a/heat/lamp/AppWG_3Tier_AutoScale.yaml +++ /dev/null @@ -1,343 +0,0 @@ -heat_template_version: 2016-04-08 -#The value of heat_template_version tells Heat not only the format of the template but also features that will be validated and supported -#2016-04-08 represents the Mitaka release - -description: > - This is the main Heat template for the 3-tier LAMP Workload created by the Enterprise WG. - This version of the tempalte does not include autoscaling, and does not require ceilometer. - This template calls multiple nested templates which actually do the - majority of the work. This file calls the following yaml files in a ./lib subdirectory - setup_net_sg.yaml sets up the security groups and networks for Web, App, and Database - heat_app_tier.yaml starts up application servers and does on-the-fly builds - heat_web_tier.yaml starts up web servers and does on-the-fly builds - heat_sql_tier.yaml starts up mysql server and does on-the-fly builds. - - NOTE: This serves as a guide to new users and is not meant for production deployment. - - REQUIRED YAML FILES: - setup_net_sg.yaml, heat_app_tier.yaml, heat_sql_tier.yaml, heat_web_tier.yaml - - REQUIRED PARAMETERS: - ssh_key_name, image_id, public_network_id - - OPTIONAL PARAMETERS: - db_instance_flavor, app_instance_flavor, web_instance_flavor, db_server_name, app_server_name, web_server_name, dns_nameserver - - #Created by: Craig Sterrett 3/23/2016 - - -###################################### -#The parameters section allows for specifying input parameters that have to be provided when instantiating the template -parameters: - ssh_key_name: - type: string - label: SSH Key Name - description: REQUIRED PARAMETER -Name of an existing SSH KeyPair to enable SSH access to instances. - hidden: false - constraints: - - custom_constraint: nova.keypair - description: Must already exist on your cloud - - image_id: - type: string - label: Image ID - description: > - REQUIRED PARAMETER - The image id to be used for the compute instance. Please specify - your own Image ID in your project/tenant. This could be modified to use different - images for each tier. - hidden: false - constraints: - - custom_constraint: glance.image - description: Must be a valid image on your cloud - - public_network_id: - type: string - label: Public Network - description: > - REQUIRED PARAMETER - The public network name or id used to access the internet. - This will fail if this is not a true public network - hidden: false - constraints: - - custom_constraint: neutron.network - description: Must be a valid network on your cloud - - db_instance_flavor: - type: string - label: Database server instance flavor - description: The flavor type to use for db server. - default: m1.small - hidden: false - constraints: - - custom_constraint: nova.flavor - description: Must be a valid flavor provided by your cloud provider. - - app_instance_flavor: - type: string - label: Application server instance flavor - description: The flavor type to use for app servers. - default: m1.small - hidden: false - constraints: - - custom_constraint: nova.flavor - description: Must be a valid flavor provided by your cloud provider. - - web_instance_flavor: - type: string - label: Web server instance flavor - description: The flavor type to use for web servers. - default: m1.small - hidden: false - constraints: - - custom_constraint: nova.flavor - description: Must be a valid flavor provided by your cloud provider. - - db_server_name: - type: string - label: Server Name - description: Name of the database servers - hidden: false - default: db_server - - app_server_name: - type: string - label: Server Name - description: Name of the application servers - hidden: false - default: app_server - - web_server_name: - type: string - label: Server Name - description: Name of the web servers - hidden: false - default: web_server - - dns_nameserver: - type: comma_delimited_list - label: DNS Name Server - description: The IP address of a DNS nameserver in list format - default: 8.8.8.8,8.8.4.4 - -###################################### -#The resources section defines actual resources that make up a stack deployed from the HOT template (for instance compute instances, networks, storage volumes). -resources: - -#################### -#Setup Networking and Security Group -#Call the setup_net_sg.yaml file - - network_setup: - type: lib/setup_net_sg.yaml - properties: - public_network_id: { get_param: public_network_id } - dns_nameserver: { get_param: dns_nameserver } - -#################### -##Kick off a Database server - - launch_db_server: - type: lib/heat_sql_tier.yaml - properties: - ssh_key_name: { get_param: ssh_key_name } - server_name: { get_param: db_server_name } - instance_flavor: { get_param: db_instance_flavor } - image_id: { get_param: image_id } - private_network_id: {get_attr: [network_setup, db_private_network_id]} - security_group: {get_attr: [network_setup, db_security_group_id]} - -#################### -#Autoscaling for the app servers - - app_autoscale_group: - type: OS::Heat::AutoScalingGroup - properties: - desired_capacity: 2 - min_size: 2 - max_size: 5 - resource: - type: lib/heat_app_tier.yaml - properties: - ssh_key_name: - get_param: ssh_key_name - server_name: - get_param: app_server_name - instance_flavor: - get_param: app_instance_flavor - image_id: - get_param: image_id - private_network_id: {get_attr: [network_setup, app_private_network_id]} - security_group: {get_attr: [network_setup, app_security_group_id]} - pool_name: {get_attr: [network_setup, app_lbaas_pool_name]} - db_server_ip: {get_attr: [launch_db_server, instance_ip]} - #created unique tag to be used by ceilometer to identify meters specific to the app nodes - #without some unique metadata tag, ceilometer will group together all resources in the tenant - metadata: {"metering.autoscale_group_name": "app_autoscale_group"} - -#################### - app_scaleup_policy: - type: OS::Heat::ScalingPolicy - properties: - adjustment_type: change_in_capacity - auto_scaling_group_id: { get_resource: app_autoscale_group } - #cooldown prevents duplicate alarms while instances spin up. Set the value large - #enough to allow for instance to startup and begin taking requests. - cooldown: 900 - scaling_adjustment: 1 - - app_cpu_alarm_high: - type: OS::Ceilometer::Alarm - properties: - meter_name: cpu_util - statistic: avg - #period needs to be greater than the sampling rate in the pipleine.config file in /etc/ceilometer - period: 600 - evaluation_periods: 1 - #Alarms if CPU utilization for ALL app nodes averaged together exceeds 50% - threshold: 50 - repeat_actions: true - alarm_actions: - - {get_attr: [app_scaleup_policy, alarm_url]} - #Collect data only on servers with the autoscale_group_name metadata set to app_autoscale_group - #Otherwise ceilometer would look at all servers in the project - matching_metadata: {'metadata.user_metadata.autoscale_group_name': "app_autoscale_group"} - comparison_operator: gt - - app_scaledown_policy: - type: OS::Heat::ScalingPolicy - properties: - adjustment_type: change_in_capacity - auto_scaling_group_id: { get_resource: app_autoscale_group } - #cooldown prevents duplicate alarms while instances shut down. Set the value large - #enough to allow for instance to shutdown and things stabilize. - cooldown: 900 - scaling_adjustment: -1 - - app_cpu_alarm_low: - type: OS::Ceilometer::Alarm - properties: - meter_name: cpu_util - statistic: avg - #period needs to be greater than the sampling rate in the pipleine.config file in /etc/ceilometer - period: 600 - evaluation_periods: 1 - #Alarms if CPU utilization for ALL app nodes averaged together drops below 20% - threshold: 20 - repeat_actions: true - alarm_actions: - - {get_attr: [app_scaledown_policy, alarm_url]} - #Collect data only on servers with the autoscale_group_name metadata set to app_autoscale_group - #Otherwise ceilometer would look at all servers in the project - matching_metadata: {'metadata.user_metadata.autoscale_group_name': "app_autoscale_group"} - comparison_operator: lt - -#################### -#Autoscaling for the web servers - - web_autoscale_group: - type: OS::Heat::AutoScalingGroup - properties: - desired_capacity: 2 - min_size: 2 - max_size: 5 - resource: - type: lib/heat_web_tier.yaml - properties: - ssh_key_name: - get_param: ssh_key_name - server_name: - get_param: web_server_name - instance_flavor: - get_param: web_instance_flavor - image_id: - get_param: image_id - private_network_id: {get_attr: [network_setup, web_private_network_id]} - app_lbaas_vip: {get_attr: [network_setup, app_lbaas_IP]} - security_group: {get_attr: [network_setup, web_security_group_id]} - pool_name: {get_attr: [network_setup, web_lbaas_pool_name]} - metadata: {"metering.autoscale_group_name": "web_autoscale_group"} - -#################### - - web_scaleup_policy: - type: OS::Heat::ScalingPolicy - properties: - adjustment_type: change_in_capacity - auto_scaling_group_id: { get_resource: web_autoscale_group } - cooldown: 900 - scaling_adjustment: 1 - - web_cpu_alarm_high: - type: OS::Ceilometer::Alarm - properties: - meter_name: cpu_util - statistic: avg - period: 600 - evaluation_periods: 1 - threshold: 50 - repeat_actions: true - alarm_actions: - - {get_attr: [web_scaleup_policy, alarm_url]} - matching_metadata: {'metadata.user_metadata.autoscale_group_name': "web_autoscale_group"} - comparison_operator: gt - - web_scaledown_policy: - type: OS::Heat::ScalingPolicy - properties: - adjustment_type: change_in_capacity - auto_scaling_group_id: { get_resource: web_autoscale_group } - cooldown: 900 - scaling_adjustment: -1 - - web_cpu_alarm_low: - type: OS::Ceilometer::Alarm - properties: - meter_name: cpu_util - statistic: avg - period: 600 - evaluation_periods: 1 - threshold: 20 - repeat_actions: true - alarm_actions: - - {get_attr: [web_scaledown_policy, alarm_url]} - matching_metadata: {'metadata.user_metadata.autoscale_group_name': "web_autoscale_group"} - comparison_operator: lt - -###################################### -#The outputs section defines output parameters that should be available to the user after a stack has been created. -outputs: - - web_lbaas_ip: - description: > - This is the floating IP assigned to the WEB LoadBalancer. - value: {get_attr: [network_setup, web_lbaas_IP]} - - app_lbaas_ip: - description: > - This is the floating IP assigned to the Application LoadBalancer. - value: {get_attr: [network_setup, app_lbaas_IP]} - - web_scale_up_url: - description: > - This URL is the webhook to scale up the WEB autoscaling group. You - can invoke the scale-up operation by doing an HTTP POST to this - URL; no body nor extra headers are needed. You do need to be authenticated - Example: source openrc; curl -X POST "" - value: {get_attr: [web_scaleup_policy, alarm_url]} - - web_scale_down_url: - description: > - This URL is the webhook to scale down the WEB autoscaling group. - value: {get_attr: [web_scaledown_policy, alarm_url]} - - app_scale_up_url: - description: > - This URL is the webhook to scale up the application autoscaling group. You - can invoke the scale-up operation by doing an HTTP POST to this - URL; no body nor extra headers are needed. - value: {get_attr: [app_scaleup_policy, alarm_url]} - - app_scale_down_url: - description: > - This URL is the webhook to scale down the application autoscaling group. - value: {get_attr: [app_scaledown_policy, alarm_url]} - diff --git a/heat/lamp/README.rst b/heat/lamp/README.rst deleted file mode 100644 index ca0194d..0000000 --- a/heat/lamp/README.rst +++ /dev/null @@ -1,67 +0,0 @@ -3-Tier LAMP Sample Heat Template -================================ - -These heat templates deploy WordPress on a 3-Tier LAMP architecture. There are two versions of the primary template, one which creates a static environment which does not require ceilometer, and one which provides autoscaling of the web and application tiers based on CPU load, which does require ceilometer. - - -**The WordPress 3-Tier LAMP Architecture Sample** - -====== ====================== ===================================== -Tier Function Details -====== ====================== ===================================== -Web Reverse Proxy Server Apache + mod_proxy -App WordPress Server Apache, PHP, MySQL Client, WordPress -Data Database Server MySQL -====== ====================== ===================================== - -**NOTE:** The sample WordPress application was tested with CentOS7 and Ubuntu Trusty. The sample application installation does not currently work with Ubuntu Xenial - ------------------ -Heat File Details ------------------ - -The template uses a nested structure, with two different primary yaml files, both of which utilize the same 4 nested files. The templates were tested using Mitaka release of OpenStack, and Ubuntu server 14.04 and Centos7. - -**AppWG_3Tier.yaml:** If you want a static environment, run this yaml file. This will create a static environment, with two load balanced web servers, and two load balanced application servers, and a single database server using cinder block storage for the database files. - -REQUIRED PARAMETERS: - - * ssh_key_name, image_id, public_network_id - -OPTIONAL PARAMETERS: - - * db_instance_flavor, app_instance_flavor, web_instance_flavor, db_server_name, app_server_name, web_server_name, dns_nameserver - -**AppWG_3Tier_AutoScale.yaml:** If you want a dynamic autoscaling environment, run this yaml file. This yaml files sets up heat autoscaling groups. - - REQUIRED PARAMETERS: - - * ssh_key_name, image_id, public_network_id - - OPTIONAL PARAMETERS: - - * db_instance_flavor, app_instance_flavor, web_instance_flavor, db_server_name, app_server_name, web_server_name, dns_nameserver - -The following 4 yaml files are called by the primary files above, and are by default expected to be in a lib subdirectory: - -**setup_net_sg.yaml:** This file creates 3 separate private networks, one for each tier. In addition it creates two load balancers (using neutron LBaaS V1), one which has a public IP that connects the web private network to the public network, and one with a private IP that connects the web network to the application network. The template also creates a router connecting the application network to the database network. In addition to the networks and routers, the template creates 3 security groups, one for each of the tiers. - -**heat_web_tier.yaml:** This template file launches the web tier nodes. In addition to launching instances, it installs and configures Apache and Apache modproxy which is used to redirect traffic to the application nodes. - -**heat_app_tier.yaml:** This template file launches the application tier nodes. In addition to launching the instances, it installs Apache, PHP, MySQL client, and finally WordPress. - -**heat_sql_tier.yaml:** This template file launches the database tier node and installs MySQL. In addition it creates a cinder block device to store the database files. The template also creates the required users and databases for the WordPress application. - -------------------------------- -Running the heat template files -------------------------------- - -First you need to source your credential file. You may download a copy of the credential file from Horizon under Project>Compute>Access & Security>API Access - -**Example to setup the static environment** - - openstack stack create --template AppWG_3Tier.yaml --parameter ssh_key_name=mykey --parameter image_id=ubuntu --parameter dns_nameserver="8.8.8.8,8.8.4.4" --parameter public_network_id=external_network ThreeTierLAMP - -**Example to setup the autoscaling environment** - openstack stack create --template AppWG_3Tier_AutoScale.yaml --parameter ssh_key_name=mykey --parameter image_id=centos --parameter dns_nameserver="8.8.8.8,8.8.4.4" --parameter public_network_id=external_network ThreeTierLAMP - diff --git a/heat/lamp/lib/heat_app_tier.yaml b/heat/lamp/lib/heat_app_tier.yaml deleted file mode 100644 index 34e1a04..0000000 --- a/heat/lamp/lib/heat_app_tier.yaml +++ /dev/null @@ -1,138 +0,0 @@ -heat_template_version: 2013-05-23 - -description: > - This is a nested Heat used by the 3-Tier Architecture Workload reference document - created by the Enterprise Working Group. These templates demonstrate a sample - LAMP architecture supporting Wordpress. This template file launches the application - tier nodes, and installs Apache, PHP, MySQL client, and finally WordPress. - This serves as a guide to new users and is not meant for production deployment. - - #Created by: Craig Sterrett 3/23/2016 - -parameters: - ssh_key_name: - type: string - label: SSH Key Name - description: REQUIRED PARAMETER -Name of an existing SSH KeyPair to enable SSH access to instances. - hidden: false - default: cloudkey - - server_name: - type: string - label: Server Name - description: REQUIRED PARAMETER - Name of the instance to spin up. - hidden: false - default: App_Server - - instance_flavor: - type: string - label: Instance Flavor - description: The flavor type to use for each server. - default: m1.small - hidden: false - - image_id: - type: string - label: Image ID - description: > - REQUIRED PARAMETER - The image id to be used for the compute instance. Please specify - your own Image ID in your project/tenant. - hidden: false - - private_network_id: - type: string - default: App_Tier_private_network - description: The private Application network that will be utilized for all App servers - - security_group: - type: string - default: Workload_App_SG - description: The Application security group that will be utilized for all App servers - - pool_name: - type: string - description: LBaaS Pool to join - - db_server_ip: - type: string - description: Database Server IP - - metadata: - type: json - -resources: - app_server: - type: OS::Nova::Server - properties: - name: { get_param: server_name } - image: { get_param: image_id } - flavor: { get_param: instance_flavor } - key_name: { get_param: ssh_key_name } - metadata: { get_param: metadata } - networks: - - network: { get_param: private_network_id } - security_groups: - - { get_param: security_group } - user_data_format: RAW - user_data: - str_replace: - params: - $db_server_ip: { get_param: db_server_ip } - template: | - #!/bin/bash -v - #use apt-get for Debian/ubuntu, and yum for centos/fedora - if apt-get -v &> /dev/null - then - apt-get update -y - apt-get upgrade -y - #Install PHP5, and mysql - apt-get -y install apache2 php5 libapache2-mod-php5 php5-mysql php5-gd mysql-client - elif which yum &> /dev/null - then - yum update -y - #Install PHP5, and mysql - setenforce 0 - yum install -y php php-mysql - yum install -y wget - yum install php-gd - fi - - # install wordpress - # download wordpress - wget http://wordpress.org/latest.tar.gz - tar -xzf latest.tar.gz - - # configure wordpress - cp wordpress/wp-config-sample.php wordpress/wp-config.php - sed -i 's/database_name_here/wordpress/' wordpress/wp-config.php - sed -i 's/username_here/wordpress_user/' wordpress/wp-config.php - sed -i 's/password_here/wordpress/' wordpress/wp-config.php - sed -i 's/localhost/$db_server_ip/' wordpress/wp-config.php - - # install a copy of the configured wordpress into apache's www directory - rm /var/www/html/index.html - cp -R wordpress/* /var/www/html/ - - # give apache ownership of the application files - chown -R www-data:www-data /var/www/html/ - chown -R apache:apache /var/www/html/ - chmod -R g+w /var/www/html/ - #Allow remote database connection - setsebool -P httpd_can_network_connect=1 - systemctl restart httpd.service - - Pool_Member: - type: OS::Neutron::PoolMember - properties: - pool_id: {get_param: pool_name} - address: {get_attr: [app_server, first_address]} - protocol_port: 80 - -outputs: - app_private_ip: - description: Private IP address of the Web node - value: { get_attr: [app_server, first_address] } - lb_member: - description: LoadBalancer member details. - value: { get_attr: [Pool_Member, show] } - diff --git a/heat/lamp/lib/heat_sql_tier.yaml b/heat/lamp/lib/heat_sql_tier.yaml deleted file mode 100644 index c1b3b2d..0000000 --- a/heat/lamp/lib/heat_sql_tier.yaml +++ /dev/null @@ -1,210 +0,0 @@ -heat_template_version: 2013-05-23 - -description: > - This is a nested Heat used by the 3-Tier Architecture Workload reference document - created by the Enterprise Working Group. These templates demonstrate a sample - LAMP architecture supporting Wordpress. This template file launches the database - tier node, creates a cinder block device to store the database files and creates - the required users and databases for the WordPress application. - This serves as a guide to new users and is not meant for production deployment. - - #Created by: Craig Sterrett 3/23/2016 - -parameters: - ssh_key_name: - type: string - label: SSH Key Name - description: REQUIRED PARAMETER -Name of an existing SSH KeyPair to enable SSH access to instances. - hidden: false - default: cloudkey - - server_name: - type: string - label: Server Name - description: REQUIRED PARAMETER - Name of the instance to spin up. - hidden: false - default: DB_Server - - instance_flavor: - type: string - label: Instance Flavor - description: The flavor type to use for each server. - default: m1.small - hidden: false - - image_id: - type: string - label: Image ID - description: > - REQUIRED PARAMETER - The image id to be used for the compute instance. Please specify - your own Image ID in your project/tenant. - hidden: false - - private_network_id: - type: string - default: DB_Tier_private_network - description: The private database network that will be utilized for all DB servers - - security_group: - type: string - default: Workload_DB_SG - description: The database security group that will be utilized for all DB servers - - db_name: - type: string - description: MYSQL database name - default: wordpress - constraints: - - length: { min: 1, max: 64 } - description: db_name must be between 1 and 64 characters - - allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*' - description: > - db_name must begin with a letter and contain only alphanumeric - characters - - db_username: - type: string - description: MYSQL database admin account username - default: wordpress_user - hidden: true - - db_password: - type: string - description: MYSQL database admin account password - default: wordpress - hidden: true - constraints: - - length: { min: 1, max: 41 } - description: db_password must be between 1 and 41 characters - - allowed_pattern: '[a-zA-Z0-9]*' - description: db_password must contain only alphanumeric characters - - db_root_password: - type: string - description: Root password for MySQL - default: admin - hidden: true - constraints: - - length: { min: 1, max: 41 } - description: db_root_password must be between 1 and 41 characters - - allowed_pattern: '[a-zA-Z0-9]*' - description: db_root_password must contain only alphanumeric characters - - db_volume_size: - type: string - description: Database cinder volume size (in GB) for database files - default: 2 - hidden: true - -resources: - #Setup a cinder volume for storage of the datbase files - db_files_volume: - type: OS::Cinder::Volume - properties: - size: { get_param: db_volume_size } - name: DB_Files - - db_volume_attachment: - type: OS::Cinder::VolumeAttachment - properties: - volume_id: { get_resource: db_files_volume } - instance_uuid: { get_resource: MYSQL_instance } - - #Install MySQL and setup wordpress DB and set usernames and passwords - MYSQL_instance: - type: OS::Nova::Server - properties: - name: { get_param: server_name } - image: { get_param: image_id } - flavor: { get_param: instance_flavor } - key_name: { get_param: ssh_key_name } - networks: - - network: { get_param: private_network_id } - security_groups: - - { get_param: security_group } - user_data_format: RAW - user_data: - str_replace: - template: | - #!/bin/bash -v - #make mount point for cinder volume and prepare volume - mkdir /mnt/db_files - chown mysql:mysql /mnt/db_files - volume_path="/dev/disk/by-id/virtio-$(echo volume_id | cut -c -20)" - echo ${volume_path} - mkfs.ext4 ${volume_path} - echo "${volume_path} /mnt/db_files ext4 defaults 1 2" >> /etc/fstab - mount /mnt/db_files - #use apt-get for Debian/ubuntu, and yum for centos/fedora - if apt-get -v &> /dev/null - then - apt-get update -y - apt-get upgrade -y - #Next line stops mysql install from popping up request for root password - export DEBIAN_FRONTEND=noninteractive - apt-get install -q -y --force-yes mariadb-server - touch /var/log/mariadb/mariadb.log - chown mysql:mysql /var/log/mariadb/mariadb.log - #Ubuntu mysql install blocks remote access by default - sed -i 's/bind-address/#bind-address/' /etc/mysql/my.cnf - service mysql stop - #Move the database to the cinder device - mv -f /var/lib/mysql /mnt/db_files/ - #edit data file location in the mysql config file - sed -i 's/\/var\/lib\/mysql/\/mnt\/db_files\/mysql/' /etc/mysql/my.cnf - service mysql start - elif which yum &> /dev/null - then - yum update -y - setenforce 0 - yum -y install mariadb-server mariadb - systemctl start mariadb - systemctl stop mariadb - chown mysql:mysql /mnt/db_files - touch /var/log/mariadb/mariadb.log - chown mysql:mysql /var/log/mariadb/mariadb.log - #Move the database to the cinder device - mv -f /var/lib/mysql /mnt/db_files/ - #edit data file location in the mysql config file - sed -i 's/\/var\/lib\/mysql/\/mnt\/db_files\/mysql/' /etc/my.cnf - #need to modify the socket info for the clients - echo "[client]" >> /etc/my.cnf - echo "socket=/mnt/db_files/mysql/mysql.sock" >> /etc/my.cnf - systemctl start mariadb - systemctl enable mariadb - fi - - # Setup MySQL root password and create a user and add remote privs to app subnet - mysqladmin -u root password db_rootpassword - # create wordpress database - cat << EOF | mysql -u root --password=db_rootpassword - CREATE DATABASE db_name; - CREATE USER 'db_user'@'localhost'; - SET PASSWORD FOR 'db_user'@'localhost'=PASSWORD("db_password"); - GRANT ALL PRIVILEGES ON db_name.* TO 'db_user'@'localhost' IDENTIFIED BY 'db_password'; - CREATE USER 'db_user'@'%'; - SET PASSWORD FOR 'db_user'@'%'=PASSWORD("db_password"); - GRANT ALL PRIVILEGES ON db_name.* TO 'db_user'@'%' IDENTIFIED BY 'db_password'; - FLUSH PRIVILEGES; - EOF - - params: - db_rootpassword: { get_param: db_root_password } - db_name: { get_param: db_name } - db_user: { get_param: db_username } - db_password: { get_param: db_password } - volume_id: {get_resource: db_files_volume } -outputs: - completion: - description: > - MYSQL Setup is complete, login username and password are - value: - str_replace: - template: > - Database Name=$dbName, Database Admin Acct=$dbAdmin - params: - $dbName: { get_param: db_name } - $dbAdmin: { get_param: db_username } - instance_ip: - description: IP address of the deployed compute instance - value: { get_attr: [MYSQL_instance, first_address] } diff --git a/heat/lamp/lib/heat_web_tier.yaml b/heat/lamp/lib/heat_web_tier.yaml deleted file mode 100644 index d71d9b8..0000000 --- a/heat/lamp/lib/heat_web_tier.yaml +++ /dev/null @@ -1,139 +0,0 @@ -heat_template_version: 2013-05-23 - -description: > - This is a nested Heat used by the 3-Tier Architecture Workload reference document - created by the Enterprise Working Group. These templates demonstrate a sample - LAMP architecture supporting Wordpress. This template installs and configures - Apache and Apache modproxy which is used to redirect traffic to the application nodes. - This serves as a guide to new users and is not meant for production deployment. - - #Created by: Craig Sterrett 3/23/2016 - -parameters: - ssh_key_name: - type: string - label: SSH Key Name - description: REQUIRED PARAMETER -Name of an existing SSH KeyPair to enable SSH access to instances. - hidden: false - default: cloudkey - - server_name: - type: string - label: Server Name - description: REQUIRED PARAMETER - Name of the instance to spin up. - hidden: false - default: Web_Server - - instance_flavor: - type: string - label: Instance Flavor - description: The flavor type to use for each server. - default: m1.small - hidden: false - - image_id: - type: string - label: Image ID - description: > - REQUIRED PARAMETER - The image id to be used for the compute instance. Please specify - your own Image ID in your project/tenant. - hidden: false - - private_network_id: - type: string - default: Web_Tier_private_network - description: The private Web network that will be utilized for all web servers - - security_group: - type: string - default: Workload_Web_SG - description: The Web security group that will be utilized for all web servers - - pool_name: - type: string - description: LBaaS Pool to join - - app_lbaas_vip: - type: string - description: Application LBaaS virtual IP - - metadata: - type: json - -resources: - web_server: - type: OS::Nova::Server - properties: - name: { get_param: server_name } - image: { get_param: image_id } - flavor: { get_param: instance_flavor } - key_name: { get_param: ssh_key_name } - metadata: { get_param: metadata } - networks: - - network: { get_param: private_network_id } - security_groups: - - { get_param: security_group } - user_data_format: RAW - user_data: - str_replace: - params: - $app_lbaas_vip: { get_param: app_lbaas_vip } - template: | - #!/bin/bash -v - #centos has this "security" feature in sudoers to keep scripts from sudo, comment it out - sed -i '/Defaults \+requiretty/s/^/#/' /etc/sudoers - #use apt-get for Debian/ubuntu, and yum for centos/fedora - if apt-get -v &> /dev/null - then - apt-get update -y - apt-get upgrade -y - #Install Apache - apt-get -y --force-yes install apache2 - apt-get install –y libapache2-mod-proxy-html libxml2-dev - a2enmod proxy - a2enmod proxy_http - a2enmod deflate - a2enmod headers - a2enmod proxy_connect - a2enmod proxy_html - cat > /etc/apache2/sites-enabled/000-default.conf << EOL - - ProxyPreserveHost On - ProxyPass / http://$app_lbaas_vip/ - ProxyPassReverse / http://$app_lbaas_vip/ - ServerName localhost - - EOL - /etc/init.d/apache2 restart - elif which yum &> /dev/null - then - #yum update -y - #Install Apache - yum install -y httpd - yum install -y wget - cat >> /etc/httpd/conf/httpd.conf << EOL - - ProxyPreserveHost On - ProxyPass / http://$app_lbaas_vip/ - ProxyPassReverse / http://$app_lbaas_vip/ - ServerName localhost - - EOL - service httpd restart - fi - - Pool_Member: - type: OS::Neutron::PoolMember - properties: - pool_id: {get_param: pool_name} - address: {get_attr: [web_server, first_address]} - protocol_port: 80 - -outputs: - web_private_ip: - description: Private IP address of the Web node - value: { get_attr: [web_server, first_address] } - lb_member: - description: LoadBalancer member details. - value: { get_attr: [Pool_Member, show] } - diff --git a/heat/lamp/lib/setup_net_sg.yaml b/heat/lamp/lib/setup_net_sg.yaml deleted file mode 100644 index 254d58c..0000000 --- a/heat/lamp/lib/setup_net_sg.yaml +++ /dev/null @@ -1,348 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - This is a nested Heat used by the 3-Tier Architecture Workload reference document - created by the Enterprise Working Group. These templates demonstrate a sample - LAMP architecture supporting Wordpress. This template file creates 3 separate - private networks, two load balancers(LBaaS V1), and creates 3 security groups. - This serves as a guide to new users and is not meant for production deployment. - - REQUIRED PARAMETERS: - public_network_id - - #Created by: Craig Sterrett 3/23/2016 - -parameters: - public_network_id: - type: string - label: Public Network - description: > - REQUIRED PARAMETER - The public network name or id used to access the internet. - This will fail if this is not a true public network - - dns_nameserver: - type: comma_delimited_list - label: DNS Name Server - description: The IP address of a DNS nameserver - default: 8.8.8.8,8.8.4.4 - -resources: -#Create 3 private Networks, one for each Tier - -# create a private network/subnet for the web servers - web_private_network: - type: OS::Neutron::Net - properties: - name: Web_Tier_private_network - - web_private_network_subnet: - type: OS::Neutron::Subnet - properties: - cidr: 192.168.100.0/24 - #Need to define default gateway in order for LBaaS namespace to pick it up - #If you let neutron grant a default gateway IP, then the LBaaS namespace may - #not pick it up and you will have routing issues - gateway_ip: 192.168.100.4 - allocation_pools: [{ "start": 192.168.100.10, "end": 192.168.100.200 }] - #This routing information will get passed to the instances as they startup - #Provide the routes to the App network otherwise everything will try to go out the - #default gateway - host_routes: [{"destination": 192.168.101.0/24, "nexthop": 192.168.100.5}] - network: { get_resource: web_private_network } - name: Web_Tier_private_subnet - dns_nameservers: { get_param: dns_nameserver } - enable_dhcp: true - -# create a router between the public/external network and the web network - public_router: - type: OS::Neutron::Router - properties: - name: PublicWebRouter - external_gateway_info: - network: { get_param: public_network_id } - -# attach the web private network to the public router - public_router_interface: - type: OS::Neutron::RouterInterface - properties: - router: { get_resource: public_router } - subnet: { get_resource: web_private_network_subnet } - -############################# -# create a private network/subnet for the Application servers - App_private_network: - type: OS::Neutron::Net - properties: - name: App_Tier_private_network - - App_private_network_subnet: - type: OS::Neutron::Subnet - properties: - cidr: 192.168.101.0/24 - #Need to define default gateway in order for LBaaS namespace to pick it up - #If you let neutron grant a default gateway IP, then the LBaaS namespace may - #not pick it up and you will have routing issues - gateway_ip: 192.168.101.5 - #setting aside lower IP's to leave room for routers - allocation_pools: [{ "start": 192.168.101.10, "end": 192.168.101.200 }] - #This routing information will get passed to the instances as they startup - #Provide both the routes to the DB network and to the web network - host_routes: [{"destination": 192.168.100.0/24, "nexthop": 192.168.101.5}, {"destination": 192.168.102.0/24, "nexthop": 192.168.101.6}, {"destination": 0.0.0.0/24, "nexthop": 192.168.100.4}] - network: { get_resource: App_private_network } - name: App_Tier_private_subnet - dns_nameservers: { get_param: dns_nameserver } - enable_dhcp: true - -# create a router linking App and Web network - App_router: - type: OS::Neutron::Router - properties: - name: "AppWebRouter" - external_gateway_info: {"network": { get_param: public_network_id }, "enable_snat": True} - -# Create a port connecting the App_router to the App network - web_router_app_port: - type: OS::Neutron::Port - properties: - name: "App_Net_Port" - network: { get_resource: App_private_network } - #Assign the default gateway address - #The default gateway will get set as the default route in the LBaaS namespace - fixed_ips: [{"ip_address": 192.168.101.5}] - -# Create a port connecting the App_router to the Web network - web_router_web_port: - type: OS::Neutron::Port - properties: - name: "Web_Net_Port" - network: { get_resource: web_private_network } - fixed_ips: [{"ip_address": 192.168.100.5}] - - App_router_interface1: - type: OS::Neutron::RouterInterface - properties: - router: { get_resource: App_router } - port: { get_resource: web_router_app_port } - - App_router_interface2: - type: OS::Neutron::RouterInterface - properties: - router: { get_resource: App_router } - port: { get_resource: web_router_web_port } - -############################## -#Create two Load Balancers one for the Web tier with a public IP and one for the App Tier -#with only private network access - -#LBaaS V1 Load Balancer for Web Tier - Web_Tier_LoadBalancer: - type: OS::Neutron::LoadBalancer - properties: - protocol_port: 80 - pool_id: {get_resource: Web_Server_Pool} - -#LBaaS V1 Monitor for Web Tier - Web_Tier_Monitor: - type: OS::Neutron::HealthMonitor - properties: - type: TCP - delay: 5 - max_retries: 5 - timeout: 5 - -#LBaaS V1 Pool for Web Tier - Web_Server_Pool: - type: OS::Neutron::Pool - properties: - protocol: HTTP - monitors: [{get_resource: Web_Tier_Monitor}] - subnet: {get_resource: web_private_network_subnet} - lb_method: ROUND_ROBIN - vip: - protocol_port: 80 - -# Create a VIP port - web_vip_port: - type: OS::Neutron::Port - properties: - network: { get_resource: web_private_network } - security_groups: [{ get_resource: web_security_group }] - fixed_ips: - - subnet_id: { get_resource: web_private_network_subnet } - -# Floating_IP: - Web_Network_Floating_IP: - type: OS::Neutron::FloatingIP - properties: - floating_network: {get_param: public_network_id} - port_id: { get_resource: web_vip_port } - -# Associate the Floating IP: - association: - type: OS::Neutron::FloatingIPAssociation - properties: - floatingip_id: { get_resource: Web_Network_Floating_IP } - port_id: { get_attr: [ Web_Server_Pool, vip, port_id ] } - -#**************************************** -#App Load Balancer - App_Tier_LoadBalancer: - type: OS::Neutron::LoadBalancer - properties: - protocol_port: 80 - pool_id: {get_resource: App_Server_Pool} - -#LBaaS V1 Monitor for App Tier - App_Tier_Monitor: - type: OS::Neutron::HealthMonitor - properties: - type: TCP - delay: 5 - max_retries: 5 - timeout: 5 - -#LBaaS V1 Pool for App Tier - App_Server_Pool: - type: OS::Neutron::Pool - properties: - protocol: HTTP - monitors: [{get_resource: App_Tier_Monitor}] - subnet_id: {get_resource: App_private_network_subnet} - lb_method: ROUND_ROBIN - vip: - protocol_port: 80 - -############################# -# create a private network/subnet for the Database servers - DB_private_network: - type: OS::Neutron::Net - properties: - name: DB_Tier_private_network - - DB_private_network_subnet: - type: OS::Neutron::Subnet - properties: - cidr: 192.168.102.0/24 - gateway_ip: 192.168.102.6 - allocation_pools: [{ "start": 192.168.102.10, "end": 192.168.102.200 }] - host_routes: [{"destination": 192.168.101.0/24, "nexthop": 192.168.102.6}] - network: { get_resource: DB_private_network } - dns_nameservers: { get_param: dns_nameserver } - enable_dhcp: true - -# create a router linking Database and App network - DB_router: - type: OS::Neutron::Router - properties: - name: "AppDBRouter" - external_gateway_info: {"network": { get_param: public_network_id }, "enable_snat": True} - -# Create a port connecting the db_router to the db network - db_router_db_port: - type: OS::Neutron::Port - properties: - network: { get_resource: DB_private_network } - name: "DB_Net_Port" - fixed_ips: [{"ip_address": 192.168.102.6}] - -# Create a port connecting the db_router to the app network - db_router_app_port: - type: OS::Neutron::Port - properties: - network: { get_resource: App_private_network } - name: "DB_Router_App_Port" - fixed_ips: [{"ip_address": 192.168.101.6}] - -# Now lets add our ports to our router - db_router_interface1: - type: OS::Neutron::RouterInterface - properties: - router: { get_resource: DB_router } - port: { get_resource: db_router_db_port } - - db_router_interface2: - type: OS::Neutron::RouterInterface - properties: - router: { get_resource: DB_router } - port: { get_resource: db_router_app_port } - -################# -#Create separate security groups for each Tier - -# create a specific web security group that routes just web and ssh traffic - web_security_group: - type: OS::Neutron::SecurityGroup - properties: - description: A application specific security group that passes ports 22 and 80 - name: Workload_Web_SG - rules: - - protocol: tcp - port_range_min: 22 - port_range_max: 22 - - protocol: tcp - port_range_min: 80 - port_range_max: 80 - -# create a specific application layer security group that routes database port 3306 traffic, web and ssh - app_security_group: - type: OS::Neutron::SecurityGroup - properties: - description: A application specific security group that passes ports 22, 80 and 3306 - name: Workload_App_SG - rules: - - protocol: tcp - port_range_min: 22 - port_range_max: 22 - - protocol: tcp - port_range_min: 80 - port_range_max: 80 - - protocol: tcp - port_range_min: 3306 - port_range_max: 3306 - -# create a specific database security group that routes just database port 3306 traffic and ssh - db_security_group: - type: OS::Neutron::SecurityGroup - properties: - description: A database specific security group that just passes port 3306 and 22 for ssh - name: Workload_DB_SG - rules: - - protocol: tcp - port_range_min: 22 - port_range_max: 22 - - protocol: tcp - port_range_min: 3306 - port_range_max: 3306 - -outputs: -#Return a bunch of values so we can use them later in the Parent Heat template when we spin up servers - db_private_network_id: - description: Database private network ID - value: {get_resource: DB_private_network} - web_private_network_id: - description: Web private network ID - value: {get_resource: web_private_network} - app_private_network_id: - description: App private network ID - value: {get_resource: App_private_network} - db_security_group_id: - description: Database security group ID - value: {get_resource: db_security_group} - app_security_group_id: - description: App security group ID - value: {get_resource: app_security_group} - web_security_group_id: - description: Web security group ID - value: {get_resource: web_security_group} - web_lbaas_pool_name: - description: Name of Web LBaaS Pool - value: {get_resource: Web_Server_Pool} - app_lbaas_pool_name: - description: Name of App LBaaS Pool - value: {get_resource: App_Server_Pool} - web_lbaas_IP: - description: Public floating IP assigned to web LBaaS - value: { get_attr: [ Web_Network_Floating_IP, floating_ip_address ] } - app_lbaas_IP: - description: Internal floating IP assigned to app LBaaS - value: {get_attr: [ App_Server_Pool, vip, address]} diff --git a/lib/openstackapi.py b/lib/openstackapi.py deleted file mode 100644 index 23e5d82..0000000 --- a/lib/openstackapi.py +++ /dev/null @@ -1,147 +0,0 @@ -# Copyright (c) 2016 SWITCH http://www.switch.ch -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Author: Valery Tschopp -# Date: 2016-07-05 - -import keystoneclient - -from cinderclient.v2 import client as cinder_client -from glanceclient.v2 import client as glance_client -from keystoneauth1.identity import v3 as identity_v3 -from keystoneauth1 import session -from keystoneclient.v3 import client as keystone_v3 -from neutronclient.v2_0 import client as neutron_client -from novaclient import client as nova_client - -class OpenstackAPI(): - """Openstack API clients - - Initialize all the necessary Openstack clients for all available regions. - """ - - def __init__(self, os_auth_url, os_username, os_password, os_project_name, - user_domain_name='default', - project_domain_name='default'): - # keystone_V3 client requires a /v3 auth url - if '/v2.0' in os_auth_url: - self.auth_url = os_auth_url.replace('/v2.0', '/v3') - else: - self.auth_url = os_auth_url - - _auth = identity_v3.Password(auth_url=self.auth_url, - username=os_username, - password=os_password, - project_name=os_project_name, - user_domain_name=user_domain_name, - project_domain_name=project_domain_name) - self._auth_session = session.Session(auth=_auth) - self._keystone = keystone_v3.Client(session=self._auth_session) - - # all regions available - self.all_region_names = [] - for region in self.keystone.regions.list(): - self.all_region_names.append(region.id) - - self._nova = {} - self._cinder = {} - self._neutron = {} - self._glance = {} - - @property - def keystone(self): - """Get Keystone client""" - return self._keystone - - def nova(self, region): - """Get Nova client for the region.""" - if region not in self._nova: - # Nova client lazy initialisation - _nova = nova_client.Client('2', - session=self._auth_session, - region_name=region) - self._nova[region] = _nova - return self._nova[region] - - - def cinder(self, region): - """Get Cinder client for the region.""" - if region not in self._cinder: - # Cinder client lazy initialisation - _cinder = cinder_client.Client(session=self._auth_session, - region_name=region) - self._cinder[region] = _cinder - return self._cinder[region] - - def neutron(self, region): - """Get Neutron client for the region.""" - if region not in self._neutron: - # Neutron client lazy initialisation - _neutron = neutron_client.Client(session=self._auth_session, - region_name=region) - self._neutron[region] = _neutron - return self._neutron[region] - - def glance(self, region): - """Get Glance client for the region.""" - if region not in self._glance: - # Glance client lazy initialisation - _glance = glance_client.Client(session=self._auth_session, - region_name=region) - self._glance[region] = _glance - return self._glance[region] - - def get_all_regions(self): - """Get list of all region names""" - return self.all_region_names - - def get_user(self, user_name_or_id): - """Get a user by name or id""" - user = None - try: - # try by name - user = self._keystone.users.find(name=user_name_or_id) - except keystoneclient.exceptions.NotFound as e: - # try by ID - user = self._keystone.users.get(user_name_or_id) - return user - - def get_user_projects(self, user): - """Get all user projects""" - projects = self._keystone.projects.list(user=user) - return projects - - def get_project(self, project_name_or_id): - """Get a project by name or id""" - project = None - try: - # try by name - project = self._keystone.projects.find(name=project_name_or_id) - except keystoneclient.exceptions.NotFound as e: - # try by ID - project = self._keystone.projects.get(project_name_or_id) - return project - - def get_project_users(self, project): - """Get all users in project""" - assignments = self._keystone.role_assignments.list(project=project) - user_ids = set() - for assignment in assignments: - if hasattr(assignment, 'user'): - user_ids.add(assignment.user['id']) - users = [] - for user_id in user_ids: - users.append(self._keystone.users.get(user_id)) - return users - diff --git a/multi/Readme.md b/multi/Readme.md deleted file mode 100644 index 696802b..0000000 --- a/multi/Readme.md +++ /dev/null @@ -1,23 +0,0 @@ - -# Multi folder - -this folder contains scripts that are not related to a specific Openstack project. - -## User info - -Show the resources belonging to a user: - -``` -usage: user-info.py [-h] [-a] [-v] USERNAME - -Show information (servers, volumes, networks, ...) for a user. Search in all -projects the user is member of, and optionally in all regions (-a). - -positional arguments: - USERNAME username to search - -optional arguments: - -h, --help show this help message and exit - -a, --all-regions query all regions - -v, --verbose verbose -``` diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/0-liberty-aio-ipadd.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/0-liberty-aio-ipadd.sh deleted file mode 100644 index 73fbdbb..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/0-liberty-aio-ipadd.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -ex - -source config.cfg - -echo "########## CONFIGURING STATIC IP FOR NICs ##########" - -ifaces=/etc/network/interfaces -test -f $ifaces.orig || cp $ifaces $ifaces.orig -rm $ifaces -cat << EOF > $ifaces -#Configuring IP for Controller node - -# LOOPBACK NET -auto lo -iface lo inet loopback - -# LOCAL NETWORK -auto eth0 -iface eth0 inet static -address $LOCAL_IP -netmask $NETMASK_LOCAL - -# EXT NETWORK -auto eth1 -iface eth1 inet static -address $MASTER -netmask $NETMASK_MASTER -gateway $GATEWAY_IP -dns-nameservers 8.8.8.8 -EOF - -echo "Configuring hostname in CONTROLLER node" -sleep 3 -echo "controller" > /etc/hostname -hostname -F /etc/hostname - -echo "Configuring for file /etc/hosts" -sleep 3 -iphost=/etc/hosts -test -f $iphost.orig || cp $iphost $iphost.orig -rm $iphost -touch $iphost -cat << EOF >> $iphost -127.0.0.1 localhost controller -$LOCAL_IP controller - -EOF - - -# Enable IP forwarding -echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf -echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf -echo "net.ipv4.conf.default.rp_filter=0" >> /etc/sysctl.conf -sysctl -p - -echo "##### Cai dat repos cho Liberty ##### " -apt-get install software-properties-common -y -add-apt-repository cloud-archive:liberty -y - -sleep 5 -echo "UPDATE PACKAGE FOR LIBERTY" -apt-get -y update && apt-get -y upgrade && apt-get -y dist-upgrade - -sleep 5 - -echo "Reboot Server" - -#sleep 5 -init 6 -# - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/1-liberty-aio-prepare.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/1-liberty-aio-prepare.sh deleted file mode 100644 index 28b8be6..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/1-liberty-aio-prepare.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Install python client" -apt-get -y install python-openstackclient -sleep 5 - -echo "Install and config NTP" -sleep 3 -apt-get install ntp -y -cp /etc/ntp.conf /etc/ntp.conf.bka -rm /etc/ntp.conf -cat /etc/ntp.conf.bka | grep -v ^# | grep -v ^$ >> /etc/ntp.conf - - -## Config NTP in LIBERTY -sed -i 's/server ntp.ubuntu.com/ \ -server 0.vn.pool.ntp.org iburst \ -server 1.asia.pool.ntp.org iburst \ -server 2.asia.pool.ntp.org iburst/g' /etc/ntp.conf - -sed -i 's/restrict -4 default kod notrap nomodify nopeer noquery/ \ -#restrict -4 default kod notrap nomodify nopeer noquery/g' /etc/ntp.conf - -sed -i 's/restrict -6 default kod notrap nomodify nopeer noquery/ \ -restrict -4 default kod notrap nomodify \ -restrict -6 default kod notrap nomodify/g' /etc/ntp.conf - -# sed -i 's/server/#server/' /etc/ntp.conf -# echo "server $LOCAL_IP" >> /etc/ntp.conf - -############################################## -echo "Install and Config RabbitMQ" -sleep 3 - -apt-get install rabbitmq-server -y -rabbitmqctl add_user openstack $RABBIT_PASS -rabbitmqctl set_permissions openstack ".*" ".*" ".*" -# rabbitmqctl change_password guest $RABBIT_PASS -sleep 3 - -service rabbitmq-server restart -echo "Finish setup pre-install package !!!" - -echo "##### Install MYSQL #####" -sleep 3 - -echo mysql-server mysql-server/root_password password $MYSQL_PASS \ - | debconf-set-selections -echo mysql-server mysql-server/root_password_again password $MYSQL_PASS \ - | debconf-set-selections -apt-get -y install mariadb-server python-mysqldb curl - -echo "##### Configuring MYSQL #####" -sleep 3 - - -echo "########## CONFIGURING FOR MYSQL ##########" -sleep 5 -touch /etc/mysql/conf.d/mysqld_openstack.cnf -cat << EOF > /etc/mysql/conf.d/mysqld_openstack.cnf - -[mysqld] -bind-address = 0.0.0.0 - -[mysqld] -default-storage-engine = innodb -innodb_file_per_table -collation-server = utf8_general_ci -init-connect = 'SET NAMES utf8' -character-set-server = utf8 - -EOF - -sleep 5 -echo "Restart MYSQL" -service mysql restart - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/2-liberty-aio-keystone.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/2-liberty-aio-keystone.sh deleted file mode 100644 index 5b41ead..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/2-liberty-aio-keystone.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Create Database for Keystone" - -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE keystone; -GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DBPASS'; -GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DBPASS'; -FLUSH PRIVILEGES; -EOF - -echo "##### Install keystone #####" - -echo "manual" > /etc/init/keystone.override - -apt-get -y install keystone python-openstackclient apache2 \ - libapache2-mod-wsgi memcached python-memcache -#/* Back-up file nova.conf -filekeystone=/etc/keystone/keystone.conf -test -f $filekeystone.orig || cp $filekeystone $filekeystone.orig - -#Config file /etc/keystone/keystone.conf -cat << EOF > $filekeystone - -[DEFAULT] -log_dir = /var/log/keystone - -admin_token = $TOKEN_PASS -public_bind_host = $LOCAL_IP -admin_bind_host = $LOCAL_IP - -[assignment] -[auth] -[cache] -[catalog] -[cors] -[cors.subdomain] -[credential] -[database] -connection = mysql+pymysql://keystone:$KEYSTONE_DBPASS@$LOCAL_IP/keystone - - -[domain_config] -[endpoint_filter] -[endpoint_policy] -[eventlet_server] -[eventlet_server_ssl] -[federation] -[fernet_tokens] -[identity] -[identity_mapping] -[kvs] -[ldap] -[matchmaker_redis] -[matchmaker_ring] -[memcache] -servers = localhost:11211 - - -[oauth1] -[os_inherit] -[oslo_messaging_amqp] -[oslo_messaging_qpid] -[oslo_messaging_rabbit] -[oslo_middleware] -[oslo_policy] -[paste_deploy] -[policy] -[resource] -[revoke] -driver = sql - -[role] -[saml] -[signing] -[ssl] -[token] -provider = uuid -driver = memcache - -[tokenless_auth] -[trust] -[extra_headers] -Distribution = Ubuntu - -EOF - -# -su -s /bin/sh -c "keystone-manage db_sync" keystone - -echo "#### ServerName $LOCAL_IP#### " >> /etc/apache2/apache2.conf - -cat << EOF > /etc/apache2/sites-available/wsgi-keystone.conf -Listen 5000 -Listen 35357 - - - WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-public - WSGIScriptAlias / /usr/bin/keystone-wsgi-public - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog /var/log/apache2/keystone.log - CustomLog /var/log/apache2/keystone_access.log combined - - - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - - - - - - WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-admin - WSGIScriptAlias / /usr/bin/keystone-wsgi-admin - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog /var/log/apache2/keystone.log - CustomLog /var/log/apache2/keystone_access.log combined - - - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - - - - -EOF - -ln -s /etc/apache2/sites-available/wsgi-keystone.conf \ - /etc/apache2/sites-enabled - -service apache2 restart - -rm -f /var/lib/keystone/keystone.db - - -export OS_TOKEN="$TOKEN_PASS" -export OS_URL=http://$LOCAL_IP:35357/v2.0 - -# export OS_SERVICE_TOKEN="$TOKEN_PASS" -# export OS_SERVICE_ENDPOINT="http://$LOCAL_IP:35357/v2.0" -# export SERVICE_ENDPOINT="http://$LOCAL_IP:35357/v2.0" - -###Identity service -openstack service create --name keystone \ - --description "OpenStack Identity" identity -### Create the Identity service API endpoint -openstack endpoint create \ ---publicurl http://$LOCAL_IP:5000/v2.0 \ ---internalurl http://$LOCAL_IP:5000/v2.0 \ ---adminurl http://$LOCAL_IP:35357/v2.0 \ ---region RegionOne \ -identity - -#### To create tenants, users, and roles ADMIN -openstack project create --description "Admin Project" admin -openstack user create --password $ADMIN_PASS admin -openstack role create admin -openstack role add --project admin --user admin admin - -#### To create tenants, users, and roles SERVICE -openstack project create --description "Service Project" service - -#### To create tenants, users, and roles DEMO -openstack project create --description "Demo Project" demo -openstack user create --password $ADMIN_PASS demo - -### Create the user role -openstack role create user -openstack role add --project demo --user demo user - -################# - -unset OS_TOKEN OS_URL - -# Tao bien moi truong -echo "export OS_PROJECT_DOMAIN_ID=default" > admin-openrc.sh -echo "export OS_USER_DOMAIN_ID=default" >> admin-openrc.sh -echo "export OS_PROJECT_NAME=admin" >> admin-openrc.sh -echo "export OS_TENANT_NAME=admin" >> admin-openrc.sh -echo "export OS_USERNAME=admin" >> admin-openrc.sh -echo "export OS_PASSWORD=$ADMIN_PASS" >> admin-openrc.sh -echo "export OS_AUTH_URL=http://$LOCAL_IP:35357/v3" >> admin-openrc.sh -echo "export OS_VOLUME_API_VERSION=2" >> admin-openrc.sh - -sleep 5 -echo "########## Execute environment script ##########" -chmod +x admin-openrc.sh -cat admin-openrc.sh >> /etc/profile -cp admin-openrc.sh /root/admin-openrc.sh -source admin-openrc.sh - - -echo "export OS_PROJECT_DOMAIN_ID=default" > demo-openrc.sh -echo "export OS_USER_DOMAIN_ID=default" >> demo-openrc.sh -echo "export OS_PROJECT_NAME=demo" >> demo-openrc.sh -echo "export OS_TENANT_NAME=demo" >> demo-openrc.sh -echo "export OS_USERNAME=demo" >> demo-openrc.sh -echo "export OS_PASSWORD=$ADMIN_PASS" >> demo-openrc.sh -echo "export OS_AUTH_URL=http://$LOCAL_IP:35357/v3" >> demo-openrc.sh -echo "export OS_VOLUME_API_VERSION=2" >> demo-openrc.sh - -chmod +x demo-openrc.sh -cp demo-openrc.sh /root/demo-openrc.sh diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/3-liberty-aio-glance.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/3-liberty-aio-glance.sh deleted file mode 100644 index b4f01d4..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/3-liberty-aio-glance.sh +++ /dev/null @@ -1,167 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Create the database for GLANCE" -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE glance; -GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$GLANCE_DBPASS'; -GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$GLANCE_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -sleep 5 -echo " Create user, endpoint for GLANCE" - -openstack user create --password $ADMIN_PASS glance -openstack role add --project service --user glance admin -openstack service create --name glance --description \ - "OpenStack Image service" image - -openstack endpoint create \ ---publicurl http://$LOCAL_IP:9292 \ ---internalurl http://$LOCAL_IP:9292 \ ---adminurl http://$LOCAL_IP:9292 \ ---region RegionOne \ -image - -echo "########## Install GLANCE ##########" -apt-get -y install glance python-glanceclient -sleep 10 -echo "########## Configuring GLANCE API ##########" -sleep 5 -#/* Back-up file nova.conf -fileglanceapicontrol=/etc/glance/glance-api.conf -test -f $fileglanceapicontrol.orig \ - || cp $fileglanceapicontrol $fileglanceapicontrol.orig -rm $fileglanceapicontrol -touch $fileglanceapicontrol - -#Configuring glance config file /etc/glance/glance-api.conf - -cat << EOF > $fileglanceapicontrol -[DEFAULT] -notification_driver = noop -verbose = True - -[database] -connection = mysql+pymysql://glance:$GLANCE_DBPASS@$LOCAL_IP/glance -backend = sqlalchemy - -[glance_store] -default_store = file -filesystem_store_datadir = /var/lib/glance/images/ - -[image_format] -[keystone_authtoken] -auth_uri = http://$LOCAL_IP:5000 -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = glance -password = $GLANCE_PASS - -[matchmaker_redis] -[matchmaker_ring] -[oslo_concurrency] -[oslo_messaging_amqp] -[oslo_messaging_qpid] -[oslo_messaging_rabbit] -[oslo_policy] -[paste_deploy] -flavor = keystone - -[store_type_location_strategy] -[task] -[taskflow_executor] - -EOF - -# -sleep 10 -echo "########## Configuring GLANCE REGISTER ##########" -#/* Backup file file glance-registry.conf -fileglanceregcontrol=/etc/glance/glance-registry.conf -test -f $fileglanceregcontrol.orig \ - || cp $fileglanceregcontrol $fileglanceregcontrol.orig -rm $fileglanceregcontrol -touch $fileglanceregcontrol -#Config file /etc/glance/glance-registry.conf - -cat << EOF > $fileglanceregcontrol - -[DEFAULT] -notification_driver = noop -verbose = True - -[database] -connection = mysql+pymysql://glance:$GLANCE_DBPASS@$LOCAL_IP/glance -backend = sqlalchemy - -[glance_store] - -[keystone_authtoken] -auth_uri = http://$LOCAL_IP:5000 -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = glance -password = $GLANCE_PASS - -[matchmaker_redis] -[matchmaker_ring] -[oslo_messaging_amqp] -[oslo_messaging_qpid] -[oslo_messaging_rabbit] -[oslo_policy] - -[paste_deploy] -flavor = keystone - -EOF - -sleep 7 -echo "########## Remove Glance default DB ##########" -rm /var/lib/glance/glance.sqlite - -chown glance:glance $fileglanceapicontrol -chown glance:glance $fileglanceregcontrol - -sleep 7 -echo "########## Syncing DB for Glance ##########" -glance-manage db_sync - -sleep 5 -echo "########## Restarting GLANCE service ... ##########" -service glance-registry restart -service glance-api restart -sleep 3 -service glance-registry restart -service glance-api restart - -# -echo "Remove glance.sqlite " -rm -f /var/lib/glance/glance.sqlite - -sleep 3 -echo "########## Registering Cirros IMAGE for GLANCE ... ##########" -mkdir images -cd images/ -wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img - -glance image-create --name "cirros" \ ---file cirros-0.3.4-x86_64-disk.img \ ---disk-format qcow2 --container-format bare \ ---visibility public --progress - -cd /root/ -# rm -r /tmp/images - -sleep 5 -echo "########## Testing Glance ##########" -glance image-list diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/4-liberty-aio-nova.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/4-liberty-aio-nova.sh deleted file mode 100644 index c123ad2..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/4-liberty-aio-nova.sh +++ /dev/null @@ -1,167 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Create DB for NOVA " -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE nova; -GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS'; -GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -echo "Creat user, endpoint for NOVA" - -openstack user create --password $ADMIN_PASS nova -openstack role add --project service --user nova admin -openstack service create --name nova --description "OpenStack Compute" compute - -openstack endpoint create \ ---publicurl http://$LOCAL_IP:8774/v2/%\(tenant_id\)s \ ---internalurl http://$LOCAL_IP:8774/v2/%\(tenant_id\)s \ ---adminurl http://$LOCAL_IP:8774/v2/%\(tenant_id\)s \ ---region RegionOne \ -compute - - -echo "########## Install NOVA in $LOCAL_IP ##########" -sleep 5 -apt-get -y install nova-compute nova-api nova-cert nova-conductor \ - nova-consoleauth nova-novncproxy nova-scheduler python-novaclient -echo "libguestfs-tools libguestfs/update-appliance boolean true" \ - | debconf-set-selections -apt-get -y install libguestfs-tools sysfsutils guestfsd python-guestfs - -#fix loi chen pass tren hypervisor la KVM -update-guestfs-appliance -chmod 0644 /boot/vmlinuz* -usermod -a -G kvm root - -######## Backup configurations for NOVA ##########" -sleep 7 - -# -controlnova=/etc/nova/nova.conf -test -f $controlnova.orig || cp $controlnova $controlnova.orig -rm $controlnova -touch $controlnova -cat << EOF >> $controlnova -[DEFAULT] - -rpc_backend = rabbit -auth_strategy = keystone - -dhcpbridge_flagfile=/etc/nova/nova.conf -dhcpbridge=/usr/bin/nova-dhcpbridge -logdir=/var/log/nova -state_path=/var/lib/nova -lock_path=/var/lock/nova -force_dhcp_release=True -libvirt_use_virtio_for_bridges=True -ec2_private_dns_show_ip=True -api_paste_config=/etc/nova/api-paste.ini -enabled_apis=ec2,osapi_compute,metadata - -my_ip = $LOCAL_IP - -network_api_class = nova.network.neutronv2.api.API -security_group_api = neutron -linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver -firewall_driver = nova.virt.firewall.NoopFirewallDriver - -enabled_apis=osapi_compute,metadata -verbose = True - -enable_instance_password = True - -[database] -connection = mysql+pymysql://nova:$NOVA_DBPASS@$LOCAL_IP/nova - -[oslo_messaging_rabbit] -rabbit_host = $LOCAL_IP -rabbit_userid = openstack -rabbit_password = Welcome123 - -[keystone_authtoken] -auth_uri = http://$LOCAL_IP:5000 -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = nova -password = $NOVA_PASS - -[vnc] -vncserver_listen = \$my_ip -vncserver_proxyclient_address = \$my_ip -novncproxy_base_url = http://$MASTER:6080/vnc_auto.html - -[glance] -host = $LOCAL_IP - -[oslo_concurrency] -lock_path = /var/lib/nova/tmp - -[neutron] -url = http://$LOCAL_IP:9696 -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -region_name = RegionOne -project_name = service -username = neutron -password = $NEUTRON_PASS - -service_metadata_proxy = True -metadata_proxy_shared_secret = $DEFAULT_PASS - -[cinder] -os_region_name = RegionOne - -[libvirt] -inject_key = True -inject_partition = -1 -inject_password = True - -EOF - -echo "########## Remove Nova default db ##########" -sleep 7 -rm /var/lib/nova/nova.sqlite - -echo "########## Syncing Nova DB ##########" -sleep 7 -su -s /bin/sh -c "nova-manage db sync" nova - - -# fix libvirtError:internal error: no supported architecture for os type 'hvm' -# echo 'kvm_intel' >> /etc/modules - -echo "########## Restarting NOVA ... ##########" -sleep 7 -service nova-api restart; -service nova-cert restart; -service nova-consoleauth restart; -service nova-scheduler restart; -service nova-conductor restart; -service nova-novncproxy restart; -service nova-compute restart; -service nova-console restart - -sleep 7 -echo "########## Restarting NOVA ... ##########" -service nova-api restart; -service nova-cert restart; -service nova-consoleauth restart; -service nova-scheduler restart; -service nova-conductor restart; -service nova-novncproxy restart; -service nova-compute restart; -service nova-console restart - -echo "########## Testing NOVA service ##########" -nova-manage service list - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/5-liberty-aio-config-ip-neutron.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/5-liberty-aio-config-ip-neutron.sh deleted file mode 100644 index b0d475a..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/5-liberty-aio-config-ip-neutron.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -ex - -source config.cfg - -apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y - -echo "########## Install and Config OpenvSwitch ##########" -apt-get install -y openvswitch-switch - -apt-get install -y neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ - neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent \ - neutron-plugin-openvswitch neutron-common - -echo "########## Configuring br-int and br-ex for OpenvSwitch ##########" -sleep 5 -ovs-vsctl add-br br-ex -ovs-vsctl add-port br-ex eth1 - -echo "########## Configuring IP for br-ex ##########" - -ifaces=/etc/network/interfaces -test -f $ifaces.orig1 || cp $ifaces $ifaces.orig1 -rm $ifaces -cat << EOF > $ifaces -# The loopback network interface -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet static -address $LOCAL_IP -netmask $NETMASK_LOCAL - -# The primary network interface -auto br-ex -iface br-ex inet static -address $MASTER -netmask $NETMASK_MASTER -gateway $GATEWAY_IP -dns-nameservers 8.8.8.8 - -auto eth1 -iface eth1 inet manual - up ifconfig \$IFACE 0.0.0.0 up - up ip link set \$IFACE promisc on - down ip link set \$IFACE promisc off - down ifconfig \$IFACE down -EOF - -echo "########## Reboot machine after finishing configure IP ##########" -init 6 diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/6-liberty-aio-install-neutron.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/6-liberty-aio-install-neutron.sh deleted file mode 100644 index 33b364c..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/6-liberty-aio-install-neutron.sh +++ /dev/null @@ -1,247 +0,0 @@ -#!/bin/bash -ex -source config.cfg - - -echo "Create DB for NEUTRON " -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE neutron; -GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$NEUTRON_DBPASS'; -GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$NEUTRON_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -echo "Create user, endpoint for NEUTRON" -openstack user create --password $ADMIN_PASS neutron -openstack role add --project service --user neutron admin -openstack service create --name neutron --description \ - "OpenStack Networking" network - -openstack endpoint create \ - --publicurl http://$LOCAL_IP:9696 \ - --adminurl http://$LOCAL_IP:9696 \ - --internalurl http://$LOCAL_IP:9696 \ - --region RegionOne \ - network - -echo "########## Install NEUTRON on CONTROLLER ##########" -apt-get install -y openvswitch-switch - -apt-get -y install neutron-server python-neutronclient neutron-plugin-ml2 \ - neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent \ - neutron-metadata-agent neutron-plugin-openvswitch neutron-common - -######## SAO LUU CAU HINH NEUTRON.CONF CHO CONTROLLER##################" -echo "########## Editing neutron.conf ##########" - -controlneutron=/etc/neutron/neutron.conf -test -f $controlneutron.orig || cp $controlneutron $controlneutron.orig -rm $controlneutron -cat << EOF > $controlneutron -[DEFAULT] -verbose = True - -rpc_backend = rabbit -auth_strategy = keystone - -core_plugin = ml2 -service_plugins = router -allow_overlapping_ips = True - -notify_nova_on_port_status_changes = True -notify_nova_on_port_data_changes = True -nova_url = http://$LOCAL_IP:8774/v2 - -[matchmaker_redis] -[matchmaker_ring] -[quotas] -[agent] -root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - -[keystone_authtoken] -auth_uri = http://$LOCAL_IP:5000 -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = neutron -password = $NEUTRON_PASS - -[database] -connection = mysql+pymysql://neutron:$NEUTRON_DBPASS@$LOCAL_IP/neutron - -[nova] -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -region_name = RegionOne -project_name = service -username = nova -password = $NOVA_PASS - -[oslo_concurrency] -lock_path = \$state_path/lock -[oslo_policy] -[oslo_messaging_amqp] -[oslo_messaging_qpid] - -[oslo_messaging_rabbit] -rabbit_host = $LOCAL_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -EOF - - -######## SAO LUU CAU HINH ML2 CHO CONTROLLER##################" -echo "########## Config ml2_conf.ini ##########" -sleep 7 - -controlML2=/etc/neutron/plugins/ml2/ml2_conf.ini -test -f $controlML2.orig || cp $controlML2 $controlML2.orig -rm $controlML2 - -cat << EOF > $controlML2 -[ml2] -type_drivers = flat,vlan,gre,vxlan -tenant_network_types = gre -mechanism_drivers = openvswitch - -[ml2_type_flat] -flat_networks = external - -[ml2_type_vlan] - -[ml2_type_gre] -tunnel_id_ranges = 1:1000 - -[ml2_type_vxlan] -[securitygroup] -enable_security_group = True -enable_ipset = True -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -[ovs] -local_ip = $LOCAL_IP -enable_tunneling = True -bridge_mappings = external:br-ex - -[agent] - -tunnel_types = gre -EOF - -echo "Fix loi MTU" -sleep 3 -echo "dhcp-option-force=26,1454" > /etc/neutron/dnsmasq-neutron.conf -killall dnsmasq - - -######## SAO LUU CAU HINH METADATA CHO CONTROLLER##################" -echo "########## Sua file cau hinh metadata_agent.ini ##########" -sleep 7 - -metadatafile=/etc/neutron/metadata_agent.ini -test -f $metadatafile.orig || cp $metadatafile $metadatafile.orig -rm $metadatafile -cat << EOF > $metadatafile -[DEFAULT] -verbose = True - -auth_uri = http://$LOCAL_IP:5000 -auth_url = http://$LOCAL_IP:35357 -auth_region = RegionOne -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = neutron -password = $NEUTRON_PASS - -nova_metadata_ip = $LOCAL_IP - -metadata_proxy_shared_secret = $METADATA_SECRET - -EOF - -######## SUA FILE CAU HINH DHCP ##################" -echo "########## Sua file cau hinh DHCP ##########" -sleep 7 - -dhcpfile=/etc/neutron/dhcp_agent.ini -test -f $dhcpfile.orig || cp $dhcpfile $dhcpfile.orig -rm $dhcpfile -cat << EOF > $dhcpfile -[DEFAULT] -use_namespaces = True -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq -enable_isolated_metadata = True -verbose = True -dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf - -[AGENT] - -EOF - -###################### SAO LUU CAU HINH L3 ###########################" -echo "########## Sua file cau hinh l3_agent.ini ##########" -sleep 7 - - -l3file=/etc/neutron/l3_agent.ini -test -f $l3file.orig || cp $l3file $l3file.orig -rm $l3file -touch $l3file -cat << EOF >> $l3file -[DEFAULT] -verbose = True -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -external_network_bridge = -router_delete_namespaces = True -EOF - -chown root:neutron /etc/neutron/* -chown root:neutron $controlML2 - -su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron - -echo "########## Restarting NEUTRON ##########" -sleep 5 -#for i in $( ls /etc/init.d/neutron-* );do service `basename $i` restart;done -service neutron-server restart -service neutron-l3-agent restart -service neutron-dhcp-agent restart -service neutron-metadata-agent restart -service openvswitch-switch restart -service neutron-plugin-openvswitch-agent restart - - -echo "########## Restarting NEUTRON ##########" -sleep 5 -#for i in $( ls /etc/init.d/neutron-* );do service `basename $i` restart;done -service neutron-server restart -service neutron-l3-agent restart -service neutron-dhcp-agent restart -service neutron-metadata-agent restart -service openvswitch-switch restart -service neutron-plugin-openvswitch-agent restart - -# Them lenh khoi dong dich vu cua NEUTRON moi khi reboot OpenStack de fix loi. -sed -i "s/exit 0/# exit 0/g" /etc/rc.local -echo "service neutron-server restart" >> /etc/rc.local -echo "service neutron-l3-agent restart" >> /etc/rc.local -echo "service neutron-dhcp-agent restart" >> /etc/rc.local -echo "service neutron-metadata-agent restart" >> /etc/rc.local -echo "service openvswitch-switch restart" >> /etc/rc.local -echo "service neutron-plugin-openvswitch-agent restart" >> /etc/rc.local -echo "exit 0" >> /etc/rc.local - - -echo "########## Testing NEUTRON (wait 60s) ##########" -# Can doi neutron khoi dong xong de kiem tra -sleep 30 -neutron agent-list diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/7-liberty-aio-install-horizon.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/7-liberty-aio-install-horizon.sh deleted file mode 100644 index bb08433..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/7-liberty-aio-install-horizon.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -ex - -source config.cfg - -################### -echo "########## START INSTALLING OPS DASHBOARD ##########" -################### -sleep 5 - -echo "########## Installing Dashboard package ##########" -apt-get -y install openstack-dashboard -apt-get -y remove --auto-remove openstack-dashboard-ubuntu-theme - -echo "########## Creating redirect page ##########" - -filehtml=/var/www/html/index.html -test -f $filehtml.orig || cp $filehtml $filehtml.orig -rm $filehtml -touch $filehtml -cat << EOF >> $filehtml - - - - - -

Redirecting to OpenStack Dashboard

- - -EOF -# Allowing insert password in dashboard ( only apply in image ) -sed -i "s/'can_set_password': False/'can_set_password': True/g" \ - /etc/openstack-dashboard/local_settings.py - -## /* Restarting apache2 and memcached -service apache2 restart -service memcached restart -echo "########## Finish setting up Horizon ##########" - -echo "########## LOGIN INFORMATION IN HORIZON ##########" -echo "URL: http://$BR_EX_IP/horizon" -echo "User: admin or demo" -echo "Password:" $ADMIN_PASS \ No newline at end of file diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/AIO-LIBERTY-1.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/AIO-LIBERTY-1.sh deleted file mode 100644 index ba174ca..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/AIO-LIBERTY-1.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash -ex - -source config.cfg - -echo "Configuring hostname in CONTROLLER node" -sleep 3 -echo "controller" > /etc/hostname -hostname -F /etc/hostname - -echo "Configuring for file /etc/hosts" -sleep 3 -iphost=/etc/hosts -test -f $iphost.orig || cp $iphost $iphost.orig -rm $iphost -touch $iphost -cat << EOF >> $iphost -127.0.0.1 localhost controller -$LOCAL_IP controller - -EOF - - -# Enable IP forwarding -echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf -echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf -echo "net.ipv4.conf.default.rp_filter=0" >> /etc/sysctl.conf -sysctl -p - -echo "##### Cai dat repos cho Liberty ##### " -apt-get install software-properties-common -y -add-apt-repository cloud-archive:liberty -y - -sleep 5 -echo "UPDATE PACKAGE FOR LIBERTY" -apt-get -y update && apt-get -y upgrade && apt-get -y dist-upgrade - - -echo "########## Install and Config OpenvSwitch ##########" -apt-get install -y openvswitch-switch - -echo "########## Cau hinh br-int va br-ex cho OpenvSwitch ##########" -sleep 5 -ovs-vsctl add-br br-ex -ovs-vsctl add-port br-ex eth1 - - -echo "########## Cau hinh dia chi IP cho br-ex ##########" -ifaces=/etc/network/interfaces -test -f $ifaces.orig1 || cp $ifaces $ifaces.orig1 -rm $ifaces -cat << EOF > $ifaces -# The loopback network interface -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet static -address $LOCAL_IP -netmask $NETMASK_LOCAL - -# The primary network interface -auto br-ex -iface br-ex inet static -address $MASTER -netmask $NETMASK_MASTER -gateway $GATEWAY_IP -dns-nameservers 8.8.8.8 - -auto eth1 -iface eth1 inet manual - up ifconfig \$IFACE 0.0.0.0 up - up ip link set \$IFACE promisc on - down ip link set \$IFACE promisc off - down ifconfig \$IFACE down -EOF - -sleep 5 -echo "Reboot Server" - -#sleep 5 -init 6 diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/AIO-LIBERTY-2.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/AIO-LIBERTY-2.sh deleted file mode 100644 index 32556c6..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/AIO-LIBERTY-2.sh +++ /dev/null @@ -1,915 +0,0 @@ -#!/bin/bash -ex - -source config.cfg - -#************************************************************************# -########## Python clientNTP, MARIADB, RabbitMQ ########################### -#************************************************************************# -echo "Install python client" -apt-get -y install python-openstackclient -sleep 5 - -echo "Install and config NTP" -sleep 3 -apt-get install ntp -y -cp /etc/ntp.conf /etc/ntp.conf.bka -rm /etc/ntp.conf -cat /etc/ntp.conf.bka | grep -v ^# | grep -v ^$ >> /etc/ntp.conf - - -## Config NTP in LIBERTY -sed -i 's/server ntp.ubuntu.com/ \ -server 0.vn.pool.ntp.org iburst \ -server 1.asia.pool.ntp.org iburst \ -server 2.asia.pool.ntp.org iburst/g' /etc/ntp.conf - -sed -i 's/restrict -4 default kod notrap nomodify nopeer noquery/ \ -#restrict -4 default kod notrap nomodify nopeer noquery/g' /etc/ntp.conf - -sed -i 's/restrict -6 default kod notrap nomodify nopeer noquery/ \ -restrict -4 default kod notrap nomodify \ -restrict -6 default kod notrap nomodify/g' /etc/ntp.conf - -# sed -i 's/server/#server/' /etc/ntp.conf -# echo "server $LOCAL_IP" >> /etc/ntp.conf - -############################################## -echo "Install and Config RabbitMQ" -sleep 3 - -apt-get install rabbitmq-server -y -rabbitmqctl add_user openstack $RABBIT_PASS -rabbitmqctl set_permissions openstack ".*" ".*" ".*" -# rabbitmqctl change_password guest $RABBIT_PASS -sleep 3 - -service rabbitmq-server restart -echo "Finish setup pre-install package !!!" - -echo "##### Install MYSQL #####" -sleep 3 - -echo mysql-server mysql-server/root_password password $MYSQL_PASS \ - | debconf-set-selections -echo mysql-server mysql-server/root_password_again password $MYSQL_PASS \ - | debconf-set-selections -apt-get -y install mariadb-server python-mysqldb curl - -echo "##### Configuring MYSQL #####" -sleep 3 - - -echo "########## CONFIGURING FOR MYSQL ##########" -sleep 5 -touch /etc/mysql/conf.d/mysqld_openstack.cnf -cat << EOF > /etc/mysql/conf.d/mysqld_openstack.cnf - -[mysqld] -bind-address = 0.0.0.0 - -[mysqld] -default-storage-engine = innodb -innodb_file_per_table -collation-server = utf8_general_ci -init-connect = 'SET NAMES utf8' -character-set-server = utf8 - -EOF - -sleep 5 -echo "Restart MYSQL" -service mysql restart - -#********************************************************# -#################### KEYSTONE ############################ -#********************************************************# - -echo "Create Database for Keystone" - -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE keystone; -GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DBPASS'; -GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DBPASS'; -FLUSH PRIVILEGES; -EOF - -echo "##### Install keystone #####" -sleep 3 -echo "manual" > /etc/init/keystone.override - -apt-get -y install keystone python-openstackclient apache2 \ - libapache2-mod-wsgi memcached python-memcache - -#/* Back-up file nova.conf -filekeystone=/etc/keystone/keystone.conf -test -f $filekeystone.orig || cp $filekeystone $filekeystone.orig - -#Config file /etc/keystone/keystone.conf -cat << EOF > $filekeystone - -[DEFAULT] -log_dir = /var/log/keystone - -admin_token = $TOKEN_PASS -public_bind_host = $LOCAL_IP -admin_bind_host = $LOCAL_IP - -[assignment] -[auth] -[cache] -[catalog] -[cors] -[cors.subdomain] -[credential] -[database] -connection = mysql+pymysql://keystone:$KEYSTONE_DBPASS@$LOCAL_IP/keystone - -[domain_config] -[endpoint_filter] -[endpoint_policy] -[eventlet_server] -[eventlet_server_ssl] -[federation] -[fernet_tokens] -[identity] -[identity_mapping] -[kvs] -[ldap] -[matchmaker_redis] -[matchmaker_ring] -[memcache] -servers = localhost:11211 - -[oauth1] -[os_inherit] -[oslo_messaging_amqp] -[oslo_messaging_qpid] -[oslo_messaging_rabbit] -[oslo_middleware] -[oslo_policy] -[paste_deploy] -[policy] -[resource] -[revoke] -driver = sql - -[role] -[saml] -[signing] -[ssl] -[token] -provider = uuid -driver = memcache - -[tokenless_auth] -[trust] -[extra_headers] -Distribution = Ubuntu - -EOF - -# -su -s /bin/sh -c "keystone-manage db_sync" keystone - -echo "#### ServerName $LOCAL_IP#### " >> /etc/apache2/apache2.conf - -cat << EOF > /etc/apache2/sites-available/wsgi-keystone.conf -Listen 5000 -Listen 35357 - - - WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-public - WSGIScriptAlias / /usr/bin/keystone-wsgi-public - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog /var/log/apache2/keystone.log - CustomLog /var/log/apache2/keystone_access.log combined - - - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - - - - - - WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-admin - WSGIScriptAlias / /usr/bin/keystone-wsgi-admin - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog /var/log/apache2/keystone.log - CustomLog /var/log/apache2/keystone_access.log combined - - - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - - - - - -EOF - -ln -s /etc/apache2/sites-available/wsgi-keystone.conf \ - /etc/apache2/sites-enabled - -service apache2 restart - -rm -f /var/lib/keystone/keystone.db - - -export OS_TOKEN="$TOKEN_PASS" -export OS_URL=http://$LOCAL_IP:35357/v2.0 - -# export OS_SERVICE_TOKEN="$TOKEN_PASS" -# export OS_SERVICE_ENDPOINT="http://$LOCAL_IP:35357/v2.0" -# export SERVICE_ENDPOINT="http://$LOCAL_IP:35357/v2.0" - -### Identity service -openstack service create --name keystone --description \ - "OpenStack Identity" identity -### Create the Identity service API endpoint -openstack endpoint create \ ---publicurl http://$LOCAL_IP:5000/v2.0 \ ---internalurl http://$LOCAL_IP:5000/v2.0 \ ---adminurl http://$LOCAL_IP:35357/v2.0 \ ---region RegionOne \ -identity - -#### To create tenants, users, and roles ADMIN -openstack project create --description "Admin Project" admin -openstack user create --password $ADMIN_PASS admin -openstack role create admin -openstack role add --project admin --user admin admin - -#### To create tenants, users, and roles SERVICE -openstack project create --description "Service Project" service - -#### To create tenants, users, and roles DEMO -openstack project create --description "Demo Project" demo -openstack user create --password $ADMIN_PASS demo - -### Create the user role -openstack role create user -openstack role add --project demo --user demo user - -################# - -unset OS_TOKEN OS_URL - -# Tao bien moi truong - -echo "export OS_PROJECT_DOMAIN_ID=default" > admin-openrc.sh -echo "export OS_USER_DOMAIN_ID=default" >> admin-openrc.sh -echo "export OS_PROJECT_NAME=admin" >> admin-openrc.sh -echo "export OS_TENANT_NAME=admin" >> admin-openrc.sh -echo "export OS_USERNAME=admin" >> admin-openrc.sh -echo "export OS_PASSWORD=$ADMIN_PASS" >> admin-openrc.sh -echo "export OS_AUTH_URL=http://$LOCAL_IP:35357/v3" >> admin-openrc.sh -echo "export OS_VOLUME_API_VERSION=2" >> admin-openrc.sh - -sleep 5 -echo "########## Execute environment script ##########" -chmod +x admin-openrc.sh -cat admin-openrc.sh >> /etc/profile -cp admin-openrc.sh /root/admin-openrc.sh -source admin-openrc.sh - -echo "export OS_PROJECT_DOMAIN_ID=default" > demo-openrc.sh -echo "export OS_USER_DOMAIN_ID=default" >> demo-openrc.sh -echo "export OS_PROJECT_NAME=demo" >> demo-openrc.sh -echo "export OS_TENANT_NAME=demo" >> demo-openrc.sh -echo "export OS_USERNAME=demo" >> demo-openrc.sh -echo "export OS_PASSWORD=$ADMIN_PASS" >> demo-openrc.sh -echo "export OS_AUTH_URL=http://$LOCAL_IP:35357/v3" >> demo-openrc.sh -echo "export OS_VOLUME_API_VERSION=2" >> demo-openrc.sh -chmod +x demo-openrc.sh -cp demo-openrc.sh /root/demo-openrc.sh - - -#*****************************************************# -#################### GLANCE ########################### -#*****************************************************# - -echo "Create the database for GLANCE" -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE glance; -GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$GLANCE_DBPASS'; -GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$GLANCE_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -sleep 5 -echo " Create user, endpoint for GLANCE" - -openstack user create --password $ADMIN_PASS glance -openstack role add --project service --user glance admin -openstack service create --name glance --description \ - "OpenStack Image service" image - -openstack endpoint create \ ---publicurl http://$LOCAL_IP:9292 \ ---internalurl http://$LOCAL_IP:9292 \ ---adminurl http://$LOCAL_IP:9292 \ ---region RegionOne \ -image - -echo "########## Install GLANCE ##########" -apt-get -y install glance python-glanceclient -sleep 10 -echo "########## Configuring GLANCE API ##########" -sleep 5 -#/* Back-up file nova.conf -fileglanceapicontrol=/etc/glance/glance-api.conf -test -f $fileglanceapicontrol.orig \ - || cp $fileglanceapicontrol $fileglanceapicontrol.orig -rm $fileglanceapicontrol -touch $fileglanceapicontrol - -#Configuring glance config file /etc/glance/glance-api.conf - -cat << EOF > $fileglanceapicontrol -[DEFAULT] -notification_driver = noop -verbose = True - -[database] -connection = mysql+pymysql://glance:$GLANCE_DBPASS@$LOCAL_IP/glance -backend = sqlalchemy - -[glance_store] -default_store = file -filesystem_store_datadir = /var/lib/glance/images/ - -[image_format] -[keystone_authtoken] -auth_uri = http://$LOCAL_IP:5000 -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = glance -password = $GLANCE_PASS - -[matchmaker_redis] -[matchmaker_ring] -[oslo_concurrency] -[oslo_messaging_amqp] -[oslo_messaging_qpid] -[oslo_messaging_rabbit] -[oslo_policy] -[paste_deploy] -flavor = keystone - -[store_type_location_strategy] -[task] -[taskflow_executor] - -EOF - -# -sleep 10 -echo "########## Configuring GLANCE REGISTER ##########" -#/* Backup file file glance-registry.conf -fileglanceregcontrol=/etc/glance/glance-registry.conf -test -f $fileglanceregcontrol.orig \ - || cp $fileglanceregcontrol $fileglanceregcontrol.orig -rm $fileglanceregcontrol -touch $fileglanceregcontrol -#Config file /etc/glance/glance-registry.conf - -cat << EOF > $fileglanceregcontrol - -[DEFAULT] -notification_driver = noop -verbose = True - -[database] -connection = mysql+pymysql://glance:$GLANCE_DBPASS@$LOCAL_IP/glance -backend = sqlalchemy - -[glance_store] - -[keystone_authtoken] -auth_uri = http://$LOCAL_IP:5000 -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = glance -password = $GLANCE_PASS - -[matchmaker_redis] -[matchmaker_ring] -[oslo_messaging_amqp] -[oslo_messaging_qpid] -[oslo_messaging_rabbit] -[oslo_policy] - -[paste_deploy] -flavor = keystone - -EOF - -sleep 7 -echo "########## Remove Glance default DB ##########" -rm /var/lib/glance/glance.sqlite - -chown glance:glance $fileglanceapicontrol -chown glance:glance $fileglanceregcontrol - -sleep 7 -echo "########## Syncing DB for Glance ##########" -glance-manage db_sync - -sleep 5 -echo "########## Restarting GLANCE service ... ##########" -service glance-registry restart -service glance-api restart -sleep 3 -service glance-registry restart -service glance-api restart - -echo "Remove glance.sqlite " -rm -f /var/lib/glance/glance.sqlite - -sleep 3 -echo "########## Registering Cirros IMAGE for GLANCE ... ##########" -mkdir images -cd images/ -wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img - -glance image-create --name "cirros" \ ---file cirros-0.3.4-x86_64-disk.img \ ---disk-format qcow2 --container-format bare \ ---visibility public --progress - -cd /root/ -# rm -r /tmp/images - -sleep 5 -echo "########## Testing Glance ##########" -glance image-list - -#*****************************************************# -##################### NOVA ############################ -#*****************************************************# - -echo "Create DB for NOVA " -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE nova; -GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS'; -GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS'; -FLUSH PRIVILEGES; -EOF - -echo "Creat user, endpoint for NOVA" - -openstack user create --password $ADMIN_PASS nova -openstack role add --project service --user nova admin -openstack service create --name nova --description "OpenStack Compute" compute - -openstack endpoint create \ ---publicurl http://$LOCAL_IP:8774/v2/%\(tenant_id\)s \ ---internalurl http://$LOCAL_IP:8774/v2/%\(tenant_id\)s \ ---adminurl http://$LOCAL_IP:8774/v2/%\(tenant_id\)s \ ---region RegionOne \ -compute - -echo "########## Install NOVA in $LOCAL_IP ##########" -sleep 5 -apt-get -y install nova-compute nova-api nova-cert nova-conductor \ - nova-consoleauth nova-novncproxy nova-scheduler python-novaclient -echo "libguestfs-tools libguestfs/update-appliance boolean true" \ - | debconf-set-selections -apt-get -y install libguestfs-tools sysfsutils - - -######## Backup configurations for NOVA ##########" -sleep 7 - -# -controlnova=/etc/nova/nova.conf -test -f $controlnova.orig || cp $controlnova $controlnova.orig -rm $controlnova -touch $controlnova -cat << EOF >> $controlnova -[DEFAULT] - -rpc_backend = rabbit -auth_strategy = keystone - -dhcpbridge_flagfile=/etc/nova/nova.conf -dhcpbridge=/usr/bin/nova-dhcpbridge -logdir=/var/log/nova -state_path=/var/lib/nova -lock_path=/var/lock/nova -force_dhcp_release=True -libvirt_use_virtio_for_bridges=True -ec2_private_dns_show_ip=True -api_paste_config=/etc/nova/api-paste.ini -enabled_apis=ec2,osapi_compute,metadata - -my_ip = $LOCAL_IP - -network_api_class = nova.network.neutronv2.api.API -security_group_api = neutron -linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver -firewall_driver = nova.virt.firewall.NoopFirewallDriver - -enabled_apis=osapi_compute,metadata -verbose = True - -[database] -connection = mysql+pymysql://nova:$NOVA_DBPASS@$LOCAL_IP/nova - -[oslo_messaging_rabbit] -rabbit_host = $LOCAL_IP -rabbit_userid = openstack -rabbit_password = Welcome123 - -[keystone_authtoken] -auth_uri = http://$LOCAL_IP:5000 -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = nova -password = $NOVA_PASS - -[vnc] -vncserver_listen = \$my_ip -vncserver_proxyclient_address = \$my_ip -novncproxy_base_url = http://$BR_EX_IP:6080/vnc_auto.html - - -[glance] -host = $LOCAL_IP - -[oslo_concurrency] -lock_path = /var/lib/nova/tmp - -[neutron] -url = http://$LOCAL_IP:9696 -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -region_name = RegionOne -project_name = service -username = neutron -password = $NEUTRON_PASS - -service_metadata_proxy = True -metadata_proxy_shared_secret = $DEFAULT_PASS - -[cinder] -os_region_name = RegionOne - -EOF - -echo "########## Remove Nova default db ##########" -sleep 7 -rm /var/lib/nova/nova.sqlite - -echo "########## Syncing Nova DB ##########" -sleep 7 -su -s /bin/sh -c "nova-manage db sync" nova - - -# fix bug libvirtError: internal error: no supported architecture for os type 'hvm' -# echo 'kvm_intel' >> /etc/modules - -echo "########## Restarting NOVA ... ##########" -sleep 7 -service nova-api restart; -service nova-cert restart; -service nova-consoleauth restart; -service nova-scheduler restart; -service nova-conductor restart; -service nova-novncproxy restart; -service nova-compute restart; -service nova-console restart - -sleep 7 -echo "########## Restarting NOVA ... ##########" -service nova-api restart; -service nova-cert restart; -service nova-consoleauth restart; -service nova-scheduler restart; -service nova-conductor restart; -service nova-novncproxy restart; -service nova-compute restart; -service nova-console restart - -echo "########## Testing NOVA service ##########" -nova-manage service list - - -#**********************************************************# -####################### NEUTRON ############################ -#**********************************************************# - -echo "Create DB for NEUTRON " -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE neutron; -GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$NEUTRON_DBPASS'; -GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$NEUTRON_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -echo "Create user, endpoint for NEUTRON" -openstack user create --password $ADMIN_PASS neutron -openstack role add --project service --user neutron admin -openstack service create --name neutron --description \ - "OpenStack Networking" network - -openstack endpoint create \ - --publicurl http://$LOCAL_IP:9696 \ - --adminurl http://$LOCAL_IP:9696 \ - --internalurl http://$LOCAL_IP:9696 \ - --region RegionOne \ - network - -echo "########## CAI DAT NEUTRON ##########" - -apt-get -y install neutron-server python-neutronclient \ - neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ - neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent \ - neutron-plugin-openvswitch neutron-common - -######## SAO LUU CAU HINH NEUTRON.CONF CHO CONTROLLER##################" -echo "########## Editing file neutron.conf ##########" - -controlneutron=/etc/neutron/neutron.conf -test -f $controlneutron.orig || cp $controlneutron $controlneutron.orig -rm $controlneutron -cat << EOF > $controlneutron -[DEFAULT] -verbose = True - -rpc_backend = rabbit -auth_strategy = keystone - -core_plugin = ml2 -service_plugins = router -allow_overlapping_ips = True - -notify_nova_on_port_status_changes = True -notify_nova_on_port_data_changes = True -nova_url = http://$LOCAL_IP:8774/v2 - -[matchmaker_redis] -[matchmaker_ring] -[quotas] -[agent] -root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - -[keystone_authtoken] -auth_uri = http://$LOCAL_IP:5000 -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = neutron -password = $NEUTRON_PASS - -[database] -connection = mysql+pymysql://neutron:$NEUTRON_DBPASS@$LOCAL_IP/neutron - -[nova] -auth_url = http://$LOCAL_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -region_name = RegionOne -project_name = service -username = nova -password = $NOVA_PASS - -[oslo_concurrency] -lock_path = \$state_path/lock -[oslo_policy] -[oslo_messaging_amqp] -[oslo_messaging_qpid] - -[oslo_messaging_rabbit] -rabbit_host = $LOCAL_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -EOF - -######## SAO LUU CAU HINH ML2 CHO CONTROLLER##################" -echo "########## Sau file cau hinh cho ml2_conf.ini ##########" -sleep 7 - -controlML2=/etc/neutron/plugins/ml2/ml2_conf.ini -test -f $controlML2.orig || cp $controlML2 $controlML2.orig -rm $controlML2 - -cat << EOF > $controlML2 -[ml2] -type_drivers = flat,vlan,gre,vxlan -tenant_network_types = gre -mechanism_drivers = openvswitch - -[ml2_type_flat] -flat_networks = external - -[ml2_type_vlan] - -[ml2_type_gre] -tunnel_id_ranges = 1:1000 - -[ml2_type_vxlan] -[securitygroup] -enable_security_group = True -enable_ipset = True -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -[ovs] -local_ip = $LOCAL_IP -enable_tunneling = True -bridge_mappings = external:br-ex - -[agent] -tunnel_types = gre -EOF - -echo "Fix loi MTU" -sleep 3 -echo "dhcp-option-force=26,1454" > /etc/neutron/dnsmasq-neutron.conf -killall dnsmasq - -######## SAO LUU CAU HINH METADATA CHO CONTROLLER##################" -echo "########## Sua file cau hinh metadata_agent.ini ##########" -sleep 7 - -metadatafile=/etc/neutron/metadata_agent.ini -test -f $metadatafile.orig || cp $metadatafile $metadatafile.orig -rm $metadatafile -cat << EOF > $metadatafile -[DEFAULT] -verbose = True - -auth_uri = http://$LOCAL_IP:5000 -auth_url = http://$LOCAL_IP:35357 -auth_region = RegionOne -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = neutron -password = $NEUTRON_PASS - -nova_metadata_ip = $LOCAL_IP -metadata_proxy_shared_secret = $METADATA_SECRET - -EOF - -######## SUA FILE CAU HINH DHCP ##################" -echo "########## Sua file cau hinh DHCP ##########" -sleep 7 - -dhcpfile=/etc/neutron/dhcp_agent.ini -test -f $dhcpfile.orig || cp $dhcpfile $dhcpfile.orig -rm $dhcpfile -cat << EOF > $dhcpfile -[DEFAULT] -use_namespaces = True -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq -enable_isolated_metadata = True -verbose = True -dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf - -[AGENT] - -EOF - -###################### SAO LUU CAU HINH L3 ###########################" -echo "########## Sua file cau hinh l3_agent.ini ##########" -sleep 7 - -l3file=/etc/neutron/l3_agent.ini -test -f $l3file.orig || cp $l3file $l3file.orig -rm $l3file -touch $l3file -cat << EOF >> $l3file -[DEFAULT] -verbose = True -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -external_network_bridge = -router_delete_namespaces = True -EOF - -chown root:neutron /etc/neutron/* -chown root:neutron $controlML2 - -su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron - -echo "########## KHOI DONG LAI NEUTRON ##########" -sleep 5 -#for i in $( ls /etc/init.d/neutron-* ); do service `basename $i` restart;done -service neutron-server restart -service neutron-l3-agent restart -service neutron-dhcp-agent restart -service neutron-metadata-agent restart -service openvswitch-switch restart -service neutron-plugin-openvswitch-agent restart - - -echo "########## KHOI DONG LAI NEUTRON (lan2) ##########" -sleep 5 -#for i in $( ls /etc/init.d/neutron-* ); do service `basename $i` restart;done -service neutron-server restart -service neutron-l3-agent restart -service neutron-dhcp-agent restart -service neutron-metadata-agent restart -service openvswitch-switch restart -service neutron-plugin-openvswitch-agent restart - -#Them lenh khoi dong dich vu cua NEUTRON moi khi reboot OpenStack de fix loi. -sed -i "s/exit 0/# exit 0/g" /etc/rc.local -echo "service neutron-server restart" >> /etc/rc.local -echo "service neutron-l3-agent restart" >> /etc/rc.local -echo "service neutron-dhcp-agent restart" >> /etc/rc.local -echo "service neutron-metadata-agent restart" >> /etc/rc.local -echo "service openvswitch-switch restart" >> /etc/rc.local -echo "service neutron-plugin-openvswitch-agent restart" >> /etc/rc.local -echo "exit 0" >> /etc/rc.local - - -echo "########## KIEM TRA NEUTRON (cho 30s) ##########" -# Can doi neutron khoi dong xong de kiem tra -sleep 30 -neutron agent-list - -#**********************************************************# -####################### HORIZON ############################ -#**********************************************************# -echo "########## Installing Dashboard package ##########" -sleep 5 -apt-get -y install openstack-dashboard - -# echo "########## Fix bug in apache2 ##########" -# sleep 5 -# Fix bug apache in ubuntu 14.04 -# echo "ServerName localhost" > /etc/apache2/conf-available/servername.conf -# sudo a2enconf servername - -echo "########## Creating redirect page ##########" - -filehtml=/var/www/html/index.html -test -f $filehtml.orig || cp $filehtml $filehtml.orig -rm $filehtml -touch $filehtml -cat << EOF >> $filehtml - - - - - -

Dang chuyen den Dashboard cua OpenStack

- - -EOF -# Allowing insert password in dashboard ( only apply in image ) -sed -i "s/'can_set_password': False/'can_set_password': True/g" \ - /etc/openstack-dashboard/local_settings.py - -## /* Restarting apache2 and memcached -service apache2 restart -service memcached restart -echo "########## Finish setting up Horizon ##########" - -echo "########## LOGIN INFORMATION IN HORIZON ##########" -echo "URL: http://$BR_EX_IP/horizon" -echo "User: admin or demo" -echo "Password:" $ADMIN_PASS - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/README.md b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/README.md deleted file mode 100644 index 2dafc6d..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/README.md +++ /dev/null @@ -1,263 +0,0 @@ -# Installation and User Guide for OpenStack LIBERTY AIO - -### Introduction -- The script is used to install OpenStack LIBERTY on ONLY one server -- Required components: - - MariaDB, NTP - - Keystone Version 3 - - Glance - - Neutron (ML2, OpenvSwitch) - -### Before you begin -- Install on VMware workstation or physical servers as the following requirements: -```sh - - RAM: 4GB - - HDD - - HDD1: 60GB (used for installing OS and OpenStack components) - - HDD2: 40GB (used for installing CINDER which provides VOLUME for OpenStack) - NOTE: IF YOU DO NOT INSTALL THIS SERVICE, THIS STEP IS OPTIONAL. - - 02 NIC with the following order: - - NIC 1: - eth0 - Management Network - - NIC 2: - eth1 - External Network - - CPU supports virtulization -``` - -### Installation steps - -#### VMware Environment Preparation -Set up configuration like the following, NOTE THAT: -- NIC1: using Vmnet 1 or hostonly -- NIC2: using bridge -- CPU: 2x2, remebering to select VT - -![Topo-liberty](/images/VMware1.png) - -#### Option 1: Only use this option during the installation if you choose this one -- After finish the installation steps, if you choose this option remembering to move to the step of using DASHBOARD immediately. Please do not try the second option. - -#### Download GIT and configure DHCP for all NICs. -- Using these following commands for network configuration to make sure your server will have enough 02 NICs. -```sh - -cat << EOF > /etc/network/interfaces -auto lo -iface lo inet loopback - -# NIC MGNT -auto eth0 -iface eth0 inet dhcp - -# NIC EXT -auto eth1 -iface eth1 inet dhcp -EOF - -``` - -- Network restarting -```sh -ifdown -a && ifup -a -``` - -- Using the `landscape-sysinfo` command to ensure your server had enough 02 NICs. Then check the ip address again on the installed Openstack server. - -```sh -root@controller:~# landscape-sysinfo - - System load: 0.93 Users logged in: 1 - Usage of /: 4.0% of 94.11GB IP address for eth0: 10.10.10.159 - Memory usage: 53% IP address for eth0 172.16.69.228 - Swap usage: 0% -``` - -- Check the Internet connection with the `ping google.com` command. -```sh -root@controller:~# ping google.com - -PING google.com (203.162.236.211) 56(84) bytes of data. -64 bytes from 203.162.236.211: icmp_seq=1 ttl=57 time=0.877 ms -64 bytes from 203.162.236.211: icmp_seq=2 ttl=57 time=0.786 ms -64 bytes from 203.162.236.211: icmp_seq=3 ttl=57 time=0.781 ms - -``` -- Install GIT with root permission -```sh -su - -apt-get update -apt-get -y install git -``` - -- Execute the script to set up static IP address for the installed OpenStack server. -```sh -git clone https://github.com/vietstacker/openstack-liberty-multinode.git - -mv /root/openstack-liberty-multinode/LIBERTY-U14.04-AIO /root -rm -rf openstack-liberty-multinode - -cd LIBERTY-U14.04-AIO -chmod +x *.sh -bash AIO-LIBERTY-1.sh -``` -- The server will be restarted. You need to login again, then execute the next script. -- Execute the script for installing all remaining components. -```sh -bash AIO-LIBERTY-2.sh -``` -- Wait for 30-60 minutes for dowloading, configuring the services. Then move to the step of creating network and VMs. -- Openstack Installation finished here! - - -#### Option 2: Execute each script -#### Download and execute the script -- Download script -- Login with root permission, in Ubuntu version of 14.04 you must login with normal user first, then move to the root user using `su - ` command - -```sh -git clone https://github.com/vietstacker/openstack-liberty-multinode.git - -mv /root/openstack-liberty-multinode/LIBERTY-U14.04-AIO /root -rm -rf openstack-liberty-multinode - -cd LIBERTY-U14.04-AIO -chmod +x *.sh -``` - -##### Execute the script to set up IP address for all NICs. -- The script will be executed automatically to set up static IP address for all NICs. -```sh -bash 0-liberty-aio-ipadd.sh -``` - -##### Install NTP, MARIADB, RABBITMQ packages -- Login to the server again with root account. Then do the following scripts. -```sh -su - -cd LIBERTY-U14.04-AIO -bash 1-liberty-aio-prepare.sh -``` -- When the script is executed. The server will be restarted right after that. - -##### Install Keystone -- Use the following script to install Keystone -```sh -bash 2-liberty-aio-keystone.sh -``` - -- Execute the below command to populate environment variables for OpenStack -```sh -source admin-openrc.sh -``` - -- Use the below script to check whether the installed Keystone is OK or not. -```sh -openstack token issue -``` - -- If the result is shown like this. Your installation is succeeded. -```sh -+------------+----------------------------------+ -| Field | Value | -+------------+----------------------------------+ -| expires | 2015-11-20T04:36:40.458714Z | -| id | afa93ac41b9f432d989cc6f5c235c44f | -| project_id | a863f6011c9f4d748a9af23983284a90 | -| user_id | 07817eb3060941598fe406312b8aa448 | -+------------+----------------------------------+ -``` - -##### Install GLANCE -```sh -bash 3-liberty-aio-glance.sh -``` - -##### Install NOVA -``` -bash 4-liberty-aio-nova.sh -``` - -##### Install NEUTRON -- Install OpenvSwitch and re-configure NIC -```sh -bash 5-liberty-aio-config-ip-neutron.sh -``` -- After running the script successfully, your server will be restarted. You need to login with root account in order to finish the bellow script for installing NEUTRON. - -```sh -bash 6-liberty-aio-install-neutron.sh -``` - -##### Install Horizon -``` -bash 7-liberty-aio-install-horizon.sh -``` - -## User Guide for using dashboard to create network, VM, rules. -### Create rule for admin project -- Login to the dashboard -![liberty-horizon1.png](/images/liberty-horizon1.png) - -- Select `admin => Access & Security => Manage Rules` tab -![liberty-horizon2.png](/images/liberty-horizon2.png) - -- Select `Add Rule` tab -![liberty-horizon3.png](/images/liberty-horizon3.png) - -- Open rule which allows user to access to the VMs via SSH -![liberty-horizon4.png](/images/liberty-horizon4.png) -- Do the same with ICMP rule so that ping to virtual machines is allowed and other rules - -### Create network -#### Create external network -- Select `Admin => Networks => Create Network`tab -![liberty-net-ext1.png](/images/liberty-net-ext1.png) - -- Enter the informatioin and choose like the following image -![liberty-net-ext2.png](/images/liberty-net-ext2.png) - -- Click to `ext-net` to declare subnet mask for the external network -![liberty-net-ext3.png](/images/liberty-net-ext3.png) - -- Select `Creat Subnet` tab -![liberty-net-ext4.png](/images/liberty-net-ext4.png) - -- Initialize IP range for subnet of the external network -![liberty-net-ext5.png](/images/liberty-net-ext5.png) - -- Declare pools and DNS -![liberty-net-ext6.png](/images/liberty-net-ext6.png) - -#### Create the internal network -- Select the tabs with the order of `Project admin => Network => Networks => Create Network" -![liberty-net-int1.png](/images/liberty-net-int1.png) - -- Initialize for the internal network -![liberty-net-int2.png](/images/liberty-net-int2.png) - -- Declare subnet for the internal network -![liberty-net-int3.png](/images/liberty-net-int3.png) - -- Declare IP range for the internal network -![liberty-net-int4.png](/images/liberty-net-int4.png) - -#### Create a Router for admin project -- Select the tabs with the order of "Project admin => Routers => Create Router -![liberty-r1.png](/images/liberty-r1.png) - -- Input router name and do like in the below image -![liberty-r2.png](/images/liberty-r2.png) - -- Assign interface for the router -![liberty-r3.png](/images/liberty-r3.png) - -![liberty-r4.png](/images/liberty-r4.png) - -![liberty-r5.png](/images/liberty-r5.png) -- END the steps of creating exteral network, internal network and router - - -## Create Instance -- Select the tabs with order of `Project admin => Instances => Launch Instance` -![liberty-instance1.png](/images/liberty-instance1.png) - -![liberty-instance2.png](/images/liberty-instance2.png) - -![liberty-instance3.png](/images/liberty-instance3.png) diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/config.cfg b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/config.cfg deleted file mode 100644 index 9879dc3..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-AIO/config.cfg +++ /dev/null @@ -1,57 +0,0 @@ -#### Env variable configs -# Khai bao ve network -eth0_address=`/sbin/ifconfig eth0|awk '/inet addr/ {print $2}'|cut -f2 -d ":" ` -eth1_address=`/sbin/ifconfig eth1|awk '/inet addr/ {print $2}'|cut -f2 -d ":" ` -eth0_netmask=`/sbin/ifconfig eth0|awk '/inet addr/ {print $4}'|cut -f2 -d ":" ` -eth1_netmask=`/sbin/ifconfig eth1|awk '/inet addr/ {print $4}'|cut -f2 -d ":" ` - -LOCAL_IP=$eth0_address -MASTER=$eth1_address -NETMASK_LOCAL=$eth0_netmask -NETMASK_MASTER=$eth1_netmask -GATEWAY_IP=`route -n | grep 'UG[ \t]' | awk '{print $2}'` - -br_ex_address=`/sbin/ifconfig br-ex|awk '/inet addr/ {print $2}'|cut -f2 -d ":" ` -BR_EX_IP=$br_ex_address - -# Set password -DEFAULT_PASS='Welcome123' - -RABBIT_PASS="$DEFAULT_PASS" -MYSQL_PASS="$DEFAULT_PASS" -TOKEN_PASS="$DEFAULT_PASS" -ADMIN_PASS="$DEFAULT_PASS" -SERVICE_PASSWORD="$DEFAULT_PASS" -METADATA_SECRET="$DEFAULT_PASS" - -SERVICE_TENANT_NAME="service" -ADMIN_TENANT_NAME="admin" -DEMO_TENANT_NAME="demo" -INVIS_TENANT_NAME="invisible_to_admin" -ADMIN_USER_NAME="admin" -DEMO_USER_NAME="demo" - -# Environment variable for OPS service -KEYSTONE_PASS="$DEFAULT_PASS" -GLANCE_PASS="$DEFAULT_PASS" -NOVA_PASS="$DEFAULT_PASS" -NEUTRON_PASS="$DEFAULT_PASS" -CINDER_PASS="$DEFAULT_PASS" -SWIFT_PASS="$DEFAULT_PASS" -HEAT_PASS="$DEFAULT_PASS" - -# Environment variable for DB -KEYSTONE_DBPASS="$DEFAULT_PASS" -GLANCE_DBPASS="$DEFAULT_PASS" -NOVA_DBPASS="$DEFAULT_PASS" -NEUTRON_DBPASS="$DEFAULT_PASS" -CINDER_DBPASS="$DEFAULT_PASS" -HEAT_DBPASS="$DEFAULT_PASS" - -# User declaration in Keystone -ADMIN_ROLE_NAME="admin" -MEMBER_ROLE_NAME="Member" -KEYSTONEADMIN_ROLE_NAME="KeystoneAdmin" -KEYSTONESERVICE_ROLE_NAME="KeystoneServiceAdmin" - -# OS PASS ROOT diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/README.md b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/README.md deleted file mode 100644 index 0da2fbf..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/README.md +++ /dev/null @@ -1,201 +0,0 @@ -# Installation Steps - -### Prepare LAB enviroment -- Using in VMware Workstation enviroment - -#### Configure CONTROLLER NODE -```sh -RAM: 4GB -CPU: 2x2, VT supported -NIC1: eth0: 10.10.10.0/24 ( interntel range, using vmnet or hostonly in VMware Workstation ) -NIC2: eth1: 172.16.69.0/24, gateway 172.16.69.1 ( external range - using NAT or Bridge VMware Workstation) -HDD: 60GB -``` - - -#### Configure NODE CONTROLLER -```sh -RAM: 4GB -CPU: 2x2, VT supported -NIC1: eth0: 10.10.10.0/24 (interntel range, using vmnet or hostonly in VMware Workstation) -NIC2: eth1: 172.16.69.0/24, gateway 172.16.69.1 ( external range - using NAT or Bridge VMware Workstation ) -HDD: 1000GB -``` - -### Execute script -- Install git package and dowload script -```sh -su - -apt-get update -apt-get -y install git - -git clone https://github.com/vietstacker/openstack-liberty-multinode.git -mv /root/openstack-liberty-multinode/LIBERTY-U14.04-LB/ /root/ -rm -rf openstack-liberty-multinode/ -cd LIBERTY-U14.04-LB/ -chmod +x *.sh - -``` - -## Install on CONTROLLER NODE -### install IP establishment script and repos for Liberty -- Edit file config in dicrectory with IP that you want to use - -```sh -bash ctl-1-ipadd.sh -``` - -### Install NTP, MariaDB packages -```sh -bash ctl-2-prepare.sh -``` - -### Install KEYSTONE -- Install Keystone -```sh -bash ctl-3.keystone.sh -``` - -- Declare enviroment parameter -```sh -source admin-openrc.sh -``` - -### Install GLANCE -```sh -bash ctl-4-glance.sh -``` - -### Install NOVA -```sh -bash ctl-5-nova.sh -``` - -### Install NEUTRON -```sh -bash ctl-6-neutron.sh -``` -- After NEUTRON installation done, controller node will restart. -- Login with `root` end execute Horizon installation script. - -### Install HORIZON -- Login with `root` privilege and execute script below -```sh -bash ctl-horizon.sh -``` - -## Install on COMPUTE NODE -### Dowload GIT and script -- install git package and dowload script -```sh -su - -apt-get update -apt-get -y install git - -git clone https://github.com/vietstacker/openstack-liberty-multinode.git -mv /root/openstack-liberty-multinode/LIBERTY-U14.04-LB/ /root/ -rm -rf openstack-liberty-multinode/ -cd LIBERTY-U14.04-LB/ -chmod +x *.sh - -### Establish IP and hostname -- Edit file config to make it suitable with your IP -- Execute script to establish IP, hostname -```sh -bash com1-ipdd.sh -``` -- The server will restart after script `com1-ipdd.sh` is executed. -- Login to server with root privilege and execute conponents installation script on Nova - -```sh -su - -cd LIBERTY-U14.04-LB/ -bash com1-prepare.sh -``` - -After install COMPUTE NODE, move to step that guide to use dashboard - - -## Using dashboard to initialize network, VM, rules. -### Initialize rule for project admin -- Login to dasboard -![liberty-horizon1.png](/images/liberty-horizon1.png) - -- Select tab `admin => Access & Security => Manage Rules` -![liberty-horizon2.png](/images/liberty-horizon2.png) - -- Select tab `Add Rule` -![liberty-horizon3.png](/images/liberty-horizon3.png) - -- Open rule to allow SSH from outside to virtual machine -![liberty-horizon4.png](/images/liberty-horizon4.png) -- Do the same with ICMP rule to allow ping to virtual machine and the other rules. - -### Initialize network -#### Initialize external network range -- Select tab `Admin => Networks => Create Network` -![liberty-net-ext1.png](/images/liberty-net-ext1.png) - -- Enter and select tabs like picture below -![liberty-net-ext2.png](/images/liberty-net-ext2.png) - -- Click to newly created `ext-net` to declare subnet for external range. -![liberty-net-ext3.png](/images/liberty-net-ext3.png) - -- Select tab `Creat Subnet` -![liberty-net-ext4.png](/images/liberty-net-ext4.png) - -- Declare IP range of subnet for external range -![liberty-net-ext5.png](/images/liberty-net-ext5.png) - -- Declare pools and DNS -![liberty-net-ext6.png](/images/liberty-net-ext6.png) - -#### Initialize internal network range -- Select tabs in turn of rank : `Project admin => Network => Networks => Create Network" -![liberty-net-int1.png](/images/liberty-net-int1.png) - -- Declare name for internal network -![liberty-net-int2.png](/images/liberty-net-int2.png) - -- Declare subnet for internal network -![liberty-net-int3.png](/images/liberty-net-int3.png) - -- Declare IP range for Internal network -![liberty-net-int4.png](/images/liberty-net-int4.png) - -#### Initialize Router for project admin -- Select by tabs "Project admin => Routers => Create Router -![liberty-r1.png](/images/liberty-r1.png) - -- Initialize router name and select like picture below -![liberty-r2.png](/images/liberty-r2.png) - -- Apply interface for router -![liberty-r3.png](/images/liberty-r3.png) - -![liberty-r4.png](/images/liberty-r4.png) - -![liberty-r5.png](/images/liberty-r5.png) -- ending of initializing steps: exteral network, internal network, router - - -## Initialize virtual machine (Instance) -- Select tabs below `Project admin => Instances => Launch Instance` -![liberty-instance1.png](/images/liberty-instance1.png) - -![liberty-instance2.png](/images/liberty-instance2.png) - -![liberty-instance3.png](/images/liberty-instance3.png) - - - - - - - - - - - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/com1-ipdd.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/com1-ipdd.sh deleted file mode 100644 index cb2e1e8..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/com1-ipdd.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -ex - -source config.cfg - -sleep 3 -echo "#### Update for Ubuntu #####" - -apt-get install software-properties-common -y -add-apt-repository cloud-archive:liberty -y - -sleep 3 -echo "##### update for Ubuntu #####" -apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y - -echo "##### Configuring hostname for COMPUTE1 node... #####" -sleep 3 -echo "compute1" > /etc/hostname -hostname -F /etc/hostname - -iphost=/etc/hosts -test -f $iphost.orig || cp $iphost $iphost.orig -rm $iphost -touch $iphost -cat << EOF >> $iphost -127.0.0.1 localhost -127.0.0.1 compute1 -$CON_MGNT_IP controller -$COM1_MGNT_IP compute1 -EOF - -sleep 3 -echo "##### Config network for COMPUTE NODE ####" -ifaces=/etc/network/interfaces -test -f $ifaces.orig || cp $ifaces $ifaces.orig -rm $ifaces -touch $ifaces -cat << EOF >> $ifaces -#Dat IP cho $CON_MGNT_IP node - -# LOOPBACK NET -auto lo -iface lo inet loopback - -# MGNT NETWORK -auto eth0 -iface eth0 inet static -address $COM1_MGNT_IP -netmask $NETMASK_ADD_MGNT - - -# EXT NETWORK -auto eth1 -iface eth1 inet static -address $COM1_EXT_IP -netmask $NETMASK_ADD_EXT -gateway $GATEWAY_IP_EXT -dns-nameservers 8.8.8.8 - -EOF - -sleep 5 -echo "##### Rebooting machine ... #####" -init 6 -# - - - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/com1-prepare.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/com1-prepare.sh deleted file mode 100644 index ef81feb..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/com1-prepare.sh +++ /dev/null @@ -1,217 +0,0 @@ -#!/bin/bash -ex -# - -source config.cfg - -# -echo "##### Install python openstack client ##### " -apt-get -y install python-openstackclient - -echo "##### Install NTP ##### " - -apt-get install ntp -y -apt-get install python-mysqldb -y -# -echo "##### Backup NTP configuration... ##### " -sleep 7 -cp /etc/ntp.conf /etc/ntp.conf.bka -rm /etc/ntp.conf -cat /etc/ntp.conf.bka | grep -v ^# | grep -v ^$ >> /etc/ntp.conf -# -sed -i 's/server 0.ubuntu.pool.ntp.org/ \ -#server 0.ubuntu.pool.ntp.org/g' /etc/ntp.conf - -sed -i 's/server 1.ubuntu.pool.ntp.org/ \ -#server 1.ubuntu.pool.ntp.org/g' /etc/ntp.conf - -sed -i 's/server 2.ubuntu.pool.ntp.org/ \ -#server 2.ubuntu.pool.ntp.org/g' /etc/ntp.conf - -sed -i 's/server 3.ubuntu.pool.ntp.org/ \ -#server 3.ubuntu.pool.ntp.org/g' /etc/ntp.conf - -sed -i "s/server ntp.ubuntu.com/server $CON_MGNT_IP iburst/g" /etc/ntp.conf - -sleep 5 -echo "##### Installl package for NOVA" -apt-get -y install nova-compute -echo "libguestfs-tools libguestfs/update-appliance boolean true" \ - | debconf-set-selections - -apt-get -y install libguestfs-tools sysfsutils guestfsd python-guestfs - -#fix loi chen pass tren hypervisor la KVM -update-guestfs-appliance -chmod 0644 /boot/vmlinuz* -usermod -a -G kvm root - -echo "############ Configuring in nova.conf ...############" -sleep 5 -######## -#/* Sao luu truoc khi sua file nova.conf -filenova=/etc/nova/nova.conf -test -f $filenova.orig || cp $filenova $filenova.orig - -#Chen noi dung file /etc/nova/nova.conf vao -cat << EOF > $filenova -[DEFAULT] -dhcpbridge_flagfile=/etc/nova/nova.conf -dhcpbridge=/usr/bin/nova-dhcpbridge -logdir=/var/log/nova -state_path=/var/lib/nova -lock_path=/var/lock/nova -force_dhcp_release=True -libvirt_use_virtio_for_bridges=True -verbose=True -ec2_private_dns_show_ip=True -api_paste_config=/etc/nova/api-paste.ini -enabled_apis=ec2,osapi_compute,metadata - -rpc_backend = rabbit -auth_strategy = keystone -my_ip = $COM1_MGNT_IP - -network_api_class = nova.network.neutronv2.api.API -security_group_api = neutron -linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver -firewall_driver = nova.virt.firewall.NoopFirewallDriver - -verbose = True - -enable_instance_password = True - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = nova -password = $KEYSTONE_PASS - -[vnc] -enabled = True -vncserver_listen = 0.0.0.0 -vncserver_proxyclient_address = \$my_ip -novncproxy_base_url = http://$CON_EXT_IP:6080/vnc_auto.html - -[glance] -host = $CON_MGNT_IP - -[oslo_concurrency] -lock_path = /var/lib/nova/tmp - -[neutron] -url = http://$CON_MGNT_IP:9696 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -region_name = RegionOne -project_name = service -username = neutron -password = $NEUTRON_PASS - -[libvirt] -inject_key = True -inject_partition = -1 -inject_password = True - -EOF - -echo "##### Restart nova-compute #####" -sleep 5 -service nova-compute restart - -# Remove default nova db -rm /var/lib/nova/nova.sqlite - -echo "##### Install linuxbridge-agent (neutron) on COMPUTE NODE #####" -sleep 10 - -apt-get -y install neutron-plugin-linuxbridge-agent - -echo "Config file neutron.conf" -controlneutron=/etc/neutron/neutron.conf -test -f $controlneutron.orig || cp $controlneutron $controlneutron.orig -rm $controlneutron -touch $controlneutron -cat << EOF >> $controlneutron -[DEFAULT] -core_plugin = ml2 - -rpc_backend = rabbit -auth_strategy = keystone -verbose = True - -[matchmaker_redis] -[matchmaker_ring] -[quotas] -[agent] -root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = neutron -password = $KEYSTONE_PASS - -[database] -# connection = sqlite:////var/lib/neutron/neutron.sqlite - -[nova] -[oslo_concurrency] -lock_path = \$state_path/lock -[oslo_policy] -[oslo_messaging_amqp] -[oslo_messaging_qpid] - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -[qos] -EOF - -echo "############ Configuring Linux Bbridge AGENT ############" -sleep 7 - -linuxbridgefile=/etc/neutron/plugins/ml2/linuxbridge_agent.ini - -test -f $linuxbridgefile.orig || cp $linuxbridgefile $linuxbridgefile.orig - -cat << EOF >> $linuxbridgefile -[linux_bridge] -physical_interface_mappings = public:eth1 - -[vxlan] -enable_vxlan = True -local_ip = $COM1_MGNT_IP -l2_population = True - -[agent] -prevent_arp_spoofing = True - -[securitygroup] -enable_security_group = True -firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver - -EOF - -echo "Reset service nova-compute,linuxbridge-agent" -sleep 5 -service nova-compute restart -service neutron-plugin-linuxbridge-agent restart - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/config.cfg b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/config.cfg deleted file mode 100644 index 4a78b44..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/config.cfg +++ /dev/null @@ -1,64 +0,0 @@ - -## Network Info - -# MASTER=$eth0_address -# LOCAL_IP=$eth1_address -##################### KHAI BAO CAC BIEN CHO SCRIPT ######################## - -## Assigning IP for CONTROLLER NODE -CON_MGNT_IP=10.10.10.140 -CON_EXT_IP=172.16.69.140 - -# Assigning IP for COMPUTE1 NODE -COM1_MGNT_IP=10.10.10.141 -COM1_EXT_IP=172.16.69.141 - -#Gateway for EXT network -GATEWAY_IP_EXT=172.16.69.1 -NETMASK_ADD_EXT=255.255.255.0 - -#Gateway for MGNT network -GATEWAY_IP_MGNT=10.10.10.1 -NETMASK_ADD_MGNT=255.255.255.0 - -# Set password -DEFAULT_PASS='Welcome123' - -RABBIT_PASS="$DEFAULT_PASS" -MYSQL_PASS="$DEFAULT_PASS" -TOKEN_PASS="$DEFAULT_PASS" -ADMIN_PASS="$DEFAULT_PASS" -SERVICE_PASSWORD="$DEFAULT_PASS" -METADATA_SECRET="$DEFAULT_PASS" - -SERVICE_TENANT_NAME="service" -ADMIN_TENANT_NAME="admin" -DEMO_TENANT_NAME="demo" -INVIS_TENANT_NAME="invisible_to_admin" -ADMIN_USER_NAME="admin" -DEMO_USER_NAME="demo" - -# Environment variable for OPS service -KEYSTONE_PASS="$DEFAULT_PASS" -GLANCE_PASS="$DEFAULT_PASS" -NOVA_PASS="$DEFAULT_PASS" -NEUTRON_PASS="$DEFAULT_PASS" -CINDER_PASS="$DEFAULT_PASS" -SWIFT_PASS="$DEFAULT_PASS" -HEAT_PASS="$DEFAULT_PASS" - -# Environment variable for DB -KEYSTONE_DBPASS="$DEFAULT_PASS" -GLANCE_DBPASS="$DEFAULT_PASS" -NOVA_DBPASS="$DEFAULT_PASS" -NEUTRON_DBPASS="$DEFAULT_PASS" -CINDER_DBPASS="$DEFAULT_PASS" -HEAT_DBPASS="$DEFAULT_PASS" - -# User declaration in Keystone -ADMIN_ROLE_NAME="admin" -MEMBER_ROLE_NAME="Member" -KEYSTONEADMIN_ROLE_NAME="KeystoneAdmin" -KEYSTONESERVICE_ROLE_NAME="KeystoneServiceAdmin" - -# OS PASS ROOT diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-1-ipadd.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-1-ipadd.sh deleted file mode 100644 index 330e4ea..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-1-ipadd.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash -ex -source config.cfg - - -ifaces=/etc/network/interfaces -test -f $ifaces.orig || cp $ifaces $ifaces.orig -rm $ifaces -touch $ifaces -cat << EOF >> $ifaces -#Assign IP for Controller node - -# LOOPBACK NET -auto lo -iface lo inet loopback - -# MGNT NETWORK -auto eth0 -iface eth0 inet static -address $CON_MGNT_IP -netmask $NETMASK_ADD_MGNT - - -# EXT NETWORK -auto eth1 -iface eth1 inet static -address $CON_EXT_IP -netmask $NETMASK_ADD_EXT -gateway $GATEWAY_IP_EXT -dns-nameservers 8.8.8.8 -EOF - - -echo "Configuring hostname in CONTROLLER node" -sleep 3 -echo "controller" > /etc/hostname -hostname -F /etc/hostname - - -echo "Configuring for file /etc/hosts" -sleep 3 -iphost=/etc/hosts -test -f $iphost.orig || cp $iphost $iphost.orig -rm $iphost -touch $iphost -cat << EOF >> $iphost -127.0.0.1 localhost -127.0.1.1 controller -$CON_MGNT_IP controller -$COM1_MGNT_IP compute1 - - -EOF - - -echo "##### Cai dat repos cho Liberty ##### " -apt-get install software-properties-common -y -add-apt-repository cloud-archive:liberty -y - -sleep 5 -echo "UPDATE PACKAGE FOR LIBERTY" -apt-get -y update && apt-get -y upgrade && apt-get -y dist-upgrade - -sleep 5 - -echo "Reboot Server" - -#sleep 5 -init 6 -# - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-2-prepare.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-2-prepare.sh deleted file mode 100644 index 28b8be6..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-2-prepare.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Install python client" -apt-get -y install python-openstackclient -sleep 5 - -echo "Install and config NTP" -sleep 3 -apt-get install ntp -y -cp /etc/ntp.conf /etc/ntp.conf.bka -rm /etc/ntp.conf -cat /etc/ntp.conf.bka | grep -v ^# | grep -v ^$ >> /etc/ntp.conf - - -## Config NTP in LIBERTY -sed -i 's/server ntp.ubuntu.com/ \ -server 0.vn.pool.ntp.org iburst \ -server 1.asia.pool.ntp.org iburst \ -server 2.asia.pool.ntp.org iburst/g' /etc/ntp.conf - -sed -i 's/restrict -4 default kod notrap nomodify nopeer noquery/ \ -#restrict -4 default kod notrap nomodify nopeer noquery/g' /etc/ntp.conf - -sed -i 's/restrict -6 default kod notrap nomodify nopeer noquery/ \ -restrict -4 default kod notrap nomodify \ -restrict -6 default kod notrap nomodify/g' /etc/ntp.conf - -# sed -i 's/server/#server/' /etc/ntp.conf -# echo "server $LOCAL_IP" >> /etc/ntp.conf - -############################################## -echo "Install and Config RabbitMQ" -sleep 3 - -apt-get install rabbitmq-server -y -rabbitmqctl add_user openstack $RABBIT_PASS -rabbitmqctl set_permissions openstack ".*" ".*" ".*" -# rabbitmqctl change_password guest $RABBIT_PASS -sleep 3 - -service rabbitmq-server restart -echo "Finish setup pre-install package !!!" - -echo "##### Install MYSQL #####" -sleep 3 - -echo mysql-server mysql-server/root_password password $MYSQL_PASS \ - | debconf-set-selections -echo mysql-server mysql-server/root_password_again password $MYSQL_PASS \ - | debconf-set-selections -apt-get -y install mariadb-server python-mysqldb curl - -echo "##### Configuring MYSQL #####" -sleep 3 - - -echo "########## CONFIGURING FOR MYSQL ##########" -sleep 5 -touch /etc/mysql/conf.d/mysqld_openstack.cnf -cat << EOF > /etc/mysql/conf.d/mysqld_openstack.cnf - -[mysqld] -bind-address = 0.0.0.0 - -[mysqld] -default-storage-engine = innodb -innodb_file_per_table -collation-server = utf8_general_ci -init-connect = 'SET NAMES utf8' -character-set-server = utf8 - -EOF - -sleep 5 -echo "Restart MYSQL" -service mysql restart - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-3.keystone.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-3.keystone.sh deleted file mode 100644 index 58895d6..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-3.keystone.sh +++ /dev/null @@ -1,225 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Create Database for Keystone" - -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE keystone; -GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DBPASS'; -GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DBPASS'; -FLUSH PRIVILEGES; -EOF - -echo "##### Install keystone #####" - -echo "manual" > /etc/init/keystone.override - - -apt-get -y install keystone python-openstackclient apache2 \ - libapache2-mod-wsgi memcached python-memcache - -#/* Back-up file nova.conf -filekeystone=/etc/keystone/keystone.conf -test -f $filekeystone.orig || cp $filekeystone $filekeystone.orig - -#Config file /etc/keystone/keystone.conf -cat << EOF > $filekeystone - -[DEFAULT] -log_dir = /var/log/keystone - -admin_token = $TOKEN_PASS -public_bind_host = $CON_MGNT_IP -admin_bind_host = $CON_MGNT_IP - -[assignment] -[auth] -[cache] -[catalog] -[cors] -[cors.subdomain] -[credential] -[database] -connection = mysql+pymysql://keystone:$KEYSTONE_DBPASS@$CON_MGNT_IP/keystone - - -[domain_config] -[endpoint_filter] -[endpoint_policy] -[eventlet_server] -[eventlet_server_ssl] -[federation] -[fernet_tokens] -[identity] -[identity_mapping] -[kvs] -[ldap] -[matchmaker_redis] -[matchmaker_ring] -[memcache] -servers = localhost:11211 - - -[oauth1] -[os_inherit] -[oslo_messaging_amqp] -[oslo_messaging_qpid] -[oslo_messaging_rabbit] -[oslo_middleware] -[oslo_policy] -[paste_deploy] -[policy] -[resource] -[revoke] -driver = sql - -[role] -[saml] -[signing] -[ssl] -[token] -provider = uuid -driver = memcache - -[tokenless_auth] -[trust] -[extra_headers] -Distribution = Ubuntu - -EOF - -# -su -s /bin/sh -c "keystone-manage db_sync" keystone - -echo "ServerName $CON_MGNT_IP" >> /etc/apache2/apache2.conf - -cat << EOF > /etc/apache2/sites-available/wsgi-keystone.conf -Listen 5000 -Listen 35357 - - - WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-public - WSGIScriptAlias / /usr/bin/keystone-wsgi-public - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog /var/log/apache2/keystone.log - CustomLog /var/log/apache2/keystone_access.log combined - - - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - - - - - - WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-admin - WSGIScriptAlias / /usr/bin/keystone-wsgi-admin - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog /var/log/apache2/keystone.log - CustomLog /var/log/apache2/keystone_access.log combined - - - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - - - - - -EOF - -ln -s /etc/apache2/sites-available/wsgi-keystone.conf \ - /etc/apache2/sites-enabled - -service apache2 restart - -rm -f /var/lib/keystone/keystone.db - - -export OS_TOKEN="$TOKEN_PASS" -export OS_URL=http://$CON_MGNT_IP:35357/v2.0 - -# export OS_SERVICE_TOKEN="$TOKEN_PASS" -# export OS_SERVICE_ENDPOINT="http://$CON_MGNT_IP:35357/v2.0" -# export SERVICE_ENDPOINT="http://$CON_MGNT_IP:35357/v2.0" -### Identity service -openstack service create --name keystone --description \ - "OpenStack Identity" identity -### Create the Identity service API endpoint -openstack endpoint create \ ---publicurl http://$CON_MGNT_IP:5000/v2.0 \ ---internalurl http://$CON_MGNT_IP:5000/v2.0 \ ---adminurl http://$CON_MGNT_IP:35357/v2.0 \ ---region RegionOne \ -identity - -#### To create tenants, users, and roles ADMIN -openstack project create --description "Admin Project" admin -openstack user create --password $ADMIN_PASS admin -openstack role create admin -openstack role add --project admin --user admin admin - -#### To create tenants, users, and roles SERVICE -openstack project create --description "Service Project" service - -#### To create tenants, users, and roles DEMO -openstack project create --description "Demo Project" demo -openstack user create --password $ADMIN_PASS demo - -### Create the user role -openstack role create user -openstack role add --project demo --user demo user - -################# - -unset OS_TOKEN OS_URL - -# Tao bien moi truong - -echo "export OS_PROJECT_DOMAIN_ID=default" > admin-openrc.sh -echo "export OS_USER_DOMAIN_ID=default" >> admin-openrc.sh -echo "export OS_PROJECT_NAME=admin" >> admin-openrc.sh -echo "export OS_TENANT_NAME=admin" >> admin-openrc.sh -echo "export OS_USERNAME=admin" >> admin-openrc.sh -echo "export OS_PASSWORD=$ADMIN_PASS" >> admin-openrc.sh -echo "export OS_AUTH_URL=http://$CON_MGNT_IP:35357/v3" >> admin-openrc.sh -echo "export OS_VOLUME_API_VERSION=2" >> admin-openrc.sh - -sleep 5 -echo "########## Execute environment script ##########" -chmod +x admin-openrc.sh -cat admin-openrc.sh >> /etc/profile -cp admin-openrc.sh /root/admin-openrc.sh -source admin-openrc.sh - - -echo "export OS_PROJECT_DOMAIN_ID=default" > demo-openrc.sh -echo "export OS_USER_DOMAIN_ID=default" >> demo-openrc.sh -echo "export OS_PROJECT_NAME=demo" >> demo-openrc.sh -echo "export OS_TENANT_NAME=demo" >> demo-openrc.sh -echo "export OS_USERNAME=demo" >> demo-openrc.sh -echo "export OS_PASSWORD=$ADMIN_PASS" >> demo-openrc.sh -echo "export OS_AUTH_URL=http://$CON_MGNT_IP:35357/v3" >> demo-openrc.sh -echo "export OS_VOLUME_API_VERSION=2" >> demo-openrc.sh - -chmod +x demo-openrc.sh -cp demo-openrc.sh /root/demo-openrc.sh diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-4-glance.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-4-glance.sh deleted file mode 100644 index 5124ea0..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-4-glance.sh +++ /dev/null @@ -1,171 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Create the database for GLANCE" -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE glance; -GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$GLANCE_DBPASS'; -GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$GLANCE_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -sleep 5 -echo " Create user, endpoint for GLANCE" - -openstack user create --password $GLANCE_PASS glance -openstack role add --project service --user glance admin -openstack service create --name glance --description \ - "OpenStack Image service" image - -openstack endpoint create \ ---publicurl http://$CON_MGNT_IP:9292 \ ---internalurl http://$CON_MGNT_IP:9292 \ ---adminurl http://$CON_MGNT_IP:9292 \ ---region RegionOne \ -image - -echo "########## Install GLANCE ##########" -apt-get -y install glance python-glanceclient -sleep 10 -echo "########## Configuring GLANCE API ##########" -sleep 5 -#/* Back-up file nova.conf -fileglanceapicontrol=/etc/glance/glance-api.conf -test -f $fileglanceapicontrol.orig \ - || cp $fileglanceapicontrol $fileglanceapicontrol.orig -rm $fileglanceapicontrol -touch $fileglanceapicontrol - -#Configuring glance config file /etc/glance/glance-api.conf - -cat << EOF > $fileglanceapicontrol -[DEFAULT] -notification_driver = noop -verbose = True - -[database] -connection = mysql+pymysql://glance:$GLANCE_DBPASS@$CON_MGNT_IP/glance -backend = sqlalchemy - -[glance_store] -default_store = file -filesystem_store_datadir = /var/lib/glance/images/ - -[image_format] -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = glance -password = $GLANCE_PASS - - -[matchmaker_redis] -[matchmaker_ring] -[oslo_concurrency] -[oslo_messaging_amqp] -[oslo_messaging_qpid] -[oslo_messaging_rabbit] -[oslo_policy] -[paste_deploy] -flavor = keystone - -[store_type_location_strategy] -[task] -[taskflow_executor] - -EOF - -# -sleep 10 -echo "########## Configuring GLANCE REGISTER ##########" -#/* Backup file file glance-registry.conf -fileglanceregcontrol=/etc/glance/glance-registry.conf -test -f $fileglanceregcontrol.orig \ - || cp $fileglanceregcontrol $fileglanceregcontrol.orig -rm $fileglanceregcontrol -touch $fileglanceregcontrol -#Config file /etc/glance/glance-registry.conf - -cat << EOF > $fileglanceregcontrol - -[DEFAULT] -notification_driver = noop -verbose = True - - -[database] -connection = mysql+pymysql://glance:$GLANCE_DBPASS@$CON_MGNT_IP/glance -backend = sqlalchemy - -[glance_store] - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = glance -password = $GLANCE_PASS - - -[matchmaker_redis] -[matchmaker_ring] -[oslo_messaging_amqp] -[oslo_messaging_qpid] -[oslo_messaging_rabbit] -[oslo_policy] - -[paste_deploy] -flavor = keystone - -EOF - -sleep 7 -echo "########## Remove Glance default DB ##########" -rm /var/lib/glance/glance.sqlite - -chown glance:glance $fileglanceapicontrol -chown glance:glance $fileglanceregcontrol - -sleep 7 -echo "########## Syncing DB for Glance ##########" -glance-manage db_sync - -sleep 5 -echo "########## Restarting GLANCE service ... ##########" -service glance-registry restart -service glance-api restart -sleep 3 -service glance-registry restart -service glance-api restart - -# - -echo "Remove glance.sqlite " -rm -f /var/lib/glance/glance.sqlite - - -sleep 3 -echo "########## Registering Cirros IMAGE for GLANCE ... ##########" -mkdir images -cd images/ -wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img - -glance image-create --name "cirros" \ ---file cirros-0.3.4-x86_64-disk.img \ ---disk-format qcow2 --container-format bare \ ---visibility public --progress -cd /root/ -# rm -r /tmp/images - -sleep 5 -echo "########## Testing Glance ##########" -glance image-list diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-5-nova.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-5-nova.sh deleted file mode 100644 index 4d4d5b5..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-5-nova.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Create DB for NOVA " -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE nova; -GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS'; -GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -echo "Create user, endpoint for NOVA" - -openstack user create --password $NOVA_PASS nova -openstack role add --project service --user nova admin -openstack service create --name nova --description "OpenStack Compute" compute - -openstack endpoint create \ ---publicurl http://$CON_MGNT_IP:8774/v2/%\(tenant_id\)s \ ---internalurl http://$CON_MGNT_IP:8774/v2/%\(tenant_id\)s \ ---adminurl http://$CON_MGNT_IP:8774/v2/%\(tenant_id\)s \ ---region RegionOne \ -compute - - -echo "########## Install NOVA in $CON_MGNT_IP ##########" -sleep 5 -apt-get -y install nova-api nova-cert nova-conductor nova-consoleauth \ - nova-novncproxy nova-scheduler python-novaclient - -# Cai tu dong libguestfs-tools -apt-get -y install libguestfs-tools sysfsutils guestfsd python-guestfs - -######## Backup configurations for NOVA ##########" -sleep 7 - -# -controlnova=/etc/nova/nova.conf -test -f $controlnova.orig || cp $controlnova $controlnova.orig -rm $controlnova -touch $controlnova -cat << EOF >> $controlnova -[DEFAULT] - -rpc_backend = rabbit -auth_strategy = keystone - -dhcpbridge_flagfile=/etc/nova/nova.conf -dhcpbridge=/usr/bin/nova-dhcpbridge -logdir=/var/log/nova -state_path=/var/lib/nova -lock_path=/var/lock/nova -force_dhcp_release=True -libvirt_use_virtio_for_bridges=True -ec2_private_dns_show_ip=True -api_paste_config=/etc/nova/api-paste.ini -enabled_apis=ec2,osapi_compute,metadata - -my_ip = $CON_MGNT_IP - -network_api_class = nova.network.neutronv2.api.API -security_group_api = neutron -linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver -firewall_driver = nova.virt.firewall.NoopFirewallDriver - -enabled_apis=osapi_compute,metadata -verbose = True - -enable_instance_password = True - -[database] -connection = mysql+pymysql://nova:$NOVA_DBPASS@$CON_MGNT_IP/nova - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = Welcome123 - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = nova -password = $NOVA_PASS - -[vnc] -vncserver_listen = \$my_ip -vncserver_proxyclient_address = \$my_ip - -[glance] -host = $CON_MGNT_IP - -[oslo_concurrency] -lock_path = /var/lib/nova/tmp - -[neutron] -url = http://$CON_MGNT_IP:9696 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -region_name = RegionOne -project_name = service -username = neutron -password = $NEUTRON_PASS - -service_metadata_proxy = True -metadata_proxy_shared_secret = $METADATA_SECRET - - -EOF - -echo "########## Remove Nova default db ##########" -sleep 7 -rm /var/lib/nova/nova.sqlite - -echo "########## Syncing Nova DB ##########" -sleep 7 -su -s /bin/sh -c "nova-manage db sync" nova - -# echo 'kvm_intel' >> /etc/modules - -echo "########## Restarting NOVA ... ##########" -sleep 7 -service nova-api restart -service nova-cert restart -service nova-consoleauth restart -service nova-scheduler restart -service nova-conductor restart -service nova-novncproxy restart - -sleep 7 -echo "########## Restarting NOVA ... ##########" -service nova-api restart -service nova-cert restart -service nova-consoleauth restart -service nova-scheduler restart -service nova-conductor restart -service nova-novncproxy restart - -echo "########## Testing NOVA service ##########" -nova-manage service list - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-6-neutron.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-6-neutron.sh deleted file mode 100644 index 4b64270..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-6-neutron.sh +++ /dev/null @@ -1,306 +0,0 @@ -#!/bin/bash -ex -# -# RABBIT_PASS=a -# ADMIN_PASS=a - -source config.cfg - -echo "Create DB for NEUTRON " -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE neutron; -GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$NEUTRON_DBPASS'; -GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$NEUTRON_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -echo "Create user, endpoint for NEUTRON" -openstack user create --password $NEUTRON_PASS neutron -openstack role add --project service --user neutron admin -openstack service create --name neutron --description \ - "OpenStack Networking" network - -openstack endpoint create \ - --publicurl http://$CON_MGNT_IP:9696 \ - --adminurl http://$CON_MGNT_IP:9696 \ - --internalurl http://$CON_MGNT_IP:9696 \ - --region RegionOne \ - network - -# SERVICE_TENANT_ID=`keystone tenant-get service | awk '$2~/^id/{print $4}'` - - -echo "########## Install NEUTRON in $CON_MGNT_IP or NETWORK node ############" -sleep 5 -apt-get -y install neutron-server neutron-plugin-ml2 \ -neutron-plugin-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \ -neutron-metadata-agent python-neutronclient - - -######## Backup configuration NEUTRON.CONF in $CON_MGNT_IP################" -echo "########## Config NEUTRON in $CON_MGNT_IP/NETWORK node ##########" -sleep 7 - -# -controlneutron=/etc/neutron/neutron.conf -test -f $controlneutron.orig || cp $controlneutron $controlneutron.orig -rm $controlneutron -touch $controlneutron -cat << EOF >> $controlneutron -[DEFAULT] -core_plugin = ml2 -service_plugins = router -allow_overlapping_ips = True -rpc_backend = rabbit - -auth_strategy = keystone - -notify_nova_on_port_status_changes = True -notify_nova_on_port_data_changes = True -nova_url = http://$CON_MGNT_IP:8774/v2 - -verbose = True - - -[matchmaker_redis] -[matchmaker_ring] -[quotas] -[agent] -root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = neutron -password = $NEUTRON_PASS - - -[database] -connection = mysql+pymysql://neutron:$NEUTRON_DBPASS@$CON_MGNT_IP/neutron - - -[nova] -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -region_name = RegionOne -project_name = service -username = nova -password = $NOVA_PASS - -[oslo_concurrency] -lock_path = \$state_path/lock -[oslo_policy] -[oslo_messaging_amqp] -[oslo_messaging_qpid] - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -[qos] - -EOF - - -######## Backup configuration of ML2 in $CON_MGNT_IP##################" -echo "########## Configuring ML2 in $CON_MGNT_IP/NETWORK node ##########" -sleep 7 - -controlML2=/etc/neutron/plugins/ml2/ml2_conf.ini -test -f $controlML2.orig || cp $controlML2 $controlML2.orig -rm $controlML2 -touch $controlML2 - -cat << EOF >> $controlML2 -[ml2] -tenant_network_types = vxlan -type_drivers = flat,vlan,vxlan -mechanism_drivers = linuxbridge,l2population -extension_drivers = port_security - - -[ml2_type_flat] -flat_networks = external - -[ml2_type_vlan] - -[ml2_type_gre] -[ml2_type_vxlan] -vni_ranges = 1:1000 - -[ml2_type_geneve] -[securitygroup] -enable_ipset = True - -EOF - -echo "############ Configuring Linux Bbridge AGENT ############" -sleep 7 - -linuxbridgefile=/etc/neutron/plugins/ml2/linuxbridge_agent.ini - -test -f $linuxbridgefile.orig || cp $linuxbridgefile $linuxbridgefile.orig - -cat << EOF >> $linuxbridgefile -[linux_bridge] -physical_interface_mappings = external:eth1 - -[vxlan] -enable_vxlan = True -local_ip = $CON_MGNT_IP -l2_population = True - - -[agent] -prevent_arp_spoofing = True - - -[securitygroup] -enable_security_group = True -firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver - -EOF - - -echo "############ Configuring L3 AGENT ############" -sleep 7 -netl3agent=/etc/neutron/l3_agent.ini - -test -f $netl3agent.orig || cp $netl3agent $netl3agent.orig -rm $netl3agent -touch $netl3agent - -cat << EOF >> $netl3agent -[DEFAULT] -interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver -external_network_bridge = -verbose = True - - -[AGENT] - -EOF - - -echo "############ Configuring DHCP AGENT ############ " -sleep 7 -# -netdhcp=/etc/neutron/dhcp_agent.ini - -test -f $netdhcp.orig || cp $netdhcp $netdhcp.orig -rm $netdhcp -touch $netdhcp - -cat << EOF >> $netdhcp -[DEFAULT] -interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq -enable_isolated_metadata = True - -verbose = True -dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf - -[AGENT] - -EOF - -echo "Fix loi MTU" -sleep 3 -echo "dhcp-option-force=26,1450" > /etc/neutron/dnsmasq-neutron.conf -killall dnsmasq - - -echo "############ Configuring METADATA AGENT ############" -sleep 7 -netmetadata=/etc/neutron/metadata_agent.ini - -test -f $netmetadata.orig || cp $netmetadata $netmetadata.orig -rm $netmetadata -touch $netmetadata - -cat << EOF >> $netmetadata -[DEFAULT] -verbose = True - -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_region = regionOne -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = neutron -password = $NEUTRON_PASS - -nova_metadata_ip = $CON_MGNT_IP - -metadata_proxy_shared_secret = $METADATA_SECRET - -EOF -# - - -su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron - -echo "########## Restarting NOVA service ##########" -sleep 7 -service nova-api restart -service nova-scheduler restart -service nova-conductor restart - -echo "########## Restarting NEUTRON service ##########" -sleep 7 -service neutron-server restart -service neutron-plugin-linuxbridge-agent restart -service neutron-dhcp-agent restart -service neutron-metadata-agent restart -service neutron-l3-agent restart - -rm -f /var/lib/neutron/neutron.sqlite - -echo "Setup IP for PUBLIC interface" -sleep 5 - - -cat << EOF > /etc/network/interfaces -#Assign IP for Controller node - -# LOOPBACK NET -auto lo -iface lo inet loopback - -# MGNT NETWORK -auto eth0 -iface eth0 inet static -address $CON_MGNT_IP -netmask $NETMASK_ADD_MGNT - - -# EXT NETWORK -auto eth1:0 -iface eth1:0 inet static -address $CON_EXT_IP -netmask $NETMASK_ADD_EXT -gateway $GATEWAY_IP_EXT -dns-nameservers 8.8.8.8 - - -auto eth1 -iface eth1 inet manual -up ip link set dev \$IFACE up -down ip link set dev \$IFACE down - -EOF - -ifdown -a && ifup -a - -echo "#### Reboot ####": -reboot diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-horizon.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-horizon.sh deleted file mode 100644 index e166c8d..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-LB/ctl-horizon.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -ex - -source config.cfg - -################### -echo "########## START INSTALLING OPS DASHBOARD ##########" -################### -sleep 5 - -echo "########## Installing Dashboard package ##########" -apt-get -y install openstack-dashboard -apt-get -y remove --auto-remove openstack-dashboard-ubuntu-theme - - -# echo "########## Fix bug in apache2 ##########" -# sleep 5 -# Fix bug apache in ubuntu 14.04 -# echo "ServerName localhost" > /etc/apache2/conf-available/servername.conf -# sudo a2enconf servername - -echo "########## Creating redirect page ##########" - -filehtml=/var/www/html/index.html -test -f $filehtml.orig || cp $filehtml $filehtml.orig -rm $filehtml -touch $filehtml -cat << EOF >> $filehtml - - - - - -

Dang chuyen den Dashboard cua OpenStack

- - -EOF -# Allowing insert password in dashboard ( only apply in image ) -sed -i "s/'can_set_password': False/'can_set_password': True/g" \ - /etc/openstack-dashboard/local_settings.py - -## /* Restarting apache2 and memcached -service apache2 restart -service memcached restart -echo "########## Finish setting up Horizon ##########" - -echo "########## LOGIN INFORMATION IN HORIZON ##########" -echo "URL: http://$CON_EXT_IP/horizon" -echo "User: admin or demo" -echo "Password:" $ADMIN_PASS \ No newline at end of file diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/README.md b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/README.md deleted file mode 100644 index 46e786b..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/README.md +++ /dev/null @@ -1,202 +0,0 @@ -# Installation Steps - -### Prepare LAB enviroment -- Using in VMware Workstation enviroment - -#### Configure CONTROLLER NODE -```sh -RAM: 4GB -CPU: 2x2, VT supported -NIC1: eth0: 10.10.10.0/24 (interntel range, using vmnet or hostonly in VMware Workstation) -NIC2: eth1: 172.16.69.0/24, gateway 172.16.69.1 (external range - using NAT or Bridge VMware Workstation) -HDD: 60GB -``` - - -#### Configure CONTROLLER NODE -```sh -RAM: 4GB -CPU: 2x2, VT supported -NIC1: eth0: 10.10.10.0/24 (interntel range, using vmnet or hostonly in VMware Workstation) -NIC2: eth1: 172.16.69.0/24, gateway 172.16.69.1 (external range - using NAT or Bridge VMware Workstation) -HDD: 1000GB -``` - -### Execute script -- Install git package and dowload script -```sh -su - -apt-get update -apt-get -y install git - -git clone https://github.com/vietstacker/openstack-liberty-multinode.git -mv /root/openstack-liberty-multinode/LIBERTY-U14.04-OVS/ /root/ -rm -rf openstack-liberty-multinode/ -cd LIBERTY-U14.04-OVS/ -chmod +x *.sh - -``` - -## Install on CONTROLLER NODE -### install IP establishment script and repos for Liberty -- Edit file config in dicrectory with IP that you want to use. - -```sh -bash ctl-1-ipadd.sh -``` - -### Install NTP, MariaDB packages -```sh -bash ctl-2-prepare.sh -``` - -### Install KEYSTONE -- Install Keystone -```sh -bash ctl-3.keystone.sh -``` - -- Declare enviroment parameter -```sh -source admin-openrc.sh -``` - -### Install GLANCE -```sh -bash ctl-4-glance.sh -``` - -### Install NOVA -```sh -bash ctl-5-nova.sh -``` - -### Install NEUTRON -```sh -bash ctl-6-neutron.sh -``` -- After NEUTRON installation done, controller node will restart. -- Login with `root` end execute Horizon installation script. - -### Install HORIZON -- Login with `root` privilege and execute script below -```sh -bash ctl-horizon.sh -``` - -## Install on COMPUTE NODE -### Dowload GIT and script -- install git package and dowload script -```sh -su - -apt-get update -apt-get -y install git - -git clone https://github.com/vietstacker/openstack-liberty-multinode.git -mv /root/openstack-liberty-multinode/LIBERTY-U14.04-OVS/ /root/ -rm -rf openstack-liberty-multinode/ -cd LIBERTY-U14.04-OVS/ -chmod +x *.sh - -### Establish IP and hostname -- Edit file config to make it suitable with your IP. -- Execute script to establish IP, hostname -```sh -bash com1-ipdd.sh -``` -- The server will restart after script `com1-ipdd.sh` is executed. -- Login to server with root privilege and execute conponents installation script on Nova - -```sh -su - -cd LIBERTY-U14.04-OVS/ -bash com1-prepare.sh -``` - -After install COMPUTE NODE, move to step that guide to use dashboard - - -## Using dashboard to initialize network, VM, rules. -### Initialize rule for project admin -- Login to dasboard -![liberty-horizon1.png](/images/liberty-horizon1.png) - -- Select tab `admin => Access & Security => Manage Rules` -![liberty-horizon2.png](/images/liberty-horizon2.png) - -- Select tab `Add Rule` -![liberty-horizon3.png](/images/liberty-horizon3.png) - -- Open rule to allow SSH from outside to virtual machine -![liberty-horizon4.png](/images/liberty-horizon4.png) -- Do the same with ICMP rule to allow ping to virtual machine and the other rules. - -### Initialize network -#### Initialize external network range -- Select tab `Admin => Networks => Create Network` -![liberty-net-ext1.png](/images/liberty-net-ext1.png) - -- Enter and select tabs like picture below. -![liberty-net-ext2.png](/images/liberty-net-ext2.png) - -- Click to newly created `ext-net` to declare subnet for external range. -![liberty-net-ext3.png](/images/liberty-net-ext3.png) - -- Select tab `Creat Subnet` -![liberty-net-ext4.png](/images/liberty-net-ext4.png) - -- Declare IP range of subnet for external range -![liberty-net-ext5.png](/images/liberty-net-ext5.png) - -- Declare pools and DNS -![liberty-net-ext6.png](/images/liberty-net-ext6.png) - -#### Initialize internal network range -- Select tabs in turn of rank : `Project admin => Network => Networks => Create Network" -![liberty-net-int1.png](/images/liberty-net-int1.png) - -- Declare name for internal network -![liberty-net-int2.png](/images/liberty-net-int2.png) - -- Declare subnet for internal network -![liberty-net-int3.png](/images/liberty-net-int3.png) - -- Declare IP range for Internal network -![liberty-net-int4.png](/images/liberty-net-int4.png) - -#### Initialize Router for project admin -- Select by tabs "Project admin => Routers => Create Router -![liberty-r1.png](/images/liberty-r1.png) - -- Initialize router name and select like picture below -![liberty-r2.png](/images/liberty-r2.png) - -- Apply interface for router -![liberty-r3.png](/images/liberty-r3.png) - -![liberty-r4.png](/images/liberty-r4.png) - -![liberty-r5.png](/images/liberty-r5.png) -- ending of initializing steps: exteral network, internal network, router - - - -## Initialize virtual machine (Instance) -- L?a ch?n các tab d??i `Project admin => Instances => Launch Instance` -![liberty-instance1.png](/images/liberty-instance1.png) - -![liberty-instance2.png](/images/liberty-instance2.png) - -![liberty-instance3.png](/images/liberty-instance3.png) - - - - - - - - - - - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/com1-ipdd.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/com1-ipdd.sh deleted file mode 100644 index cb2e1e8..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/com1-ipdd.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -ex - -source config.cfg - -sleep 3 -echo "#### Update for Ubuntu #####" - -apt-get install software-properties-common -y -add-apt-repository cloud-archive:liberty -y - -sleep 3 -echo "##### update for Ubuntu #####" -apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y - -echo "##### Configuring hostname for COMPUTE1 node... #####" -sleep 3 -echo "compute1" > /etc/hostname -hostname -F /etc/hostname - -iphost=/etc/hosts -test -f $iphost.orig || cp $iphost $iphost.orig -rm $iphost -touch $iphost -cat << EOF >> $iphost -127.0.0.1 localhost -127.0.0.1 compute1 -$CON_MGNT_IP controller -$COM1_MGNT_IP compute1 -EOF - -sleep 3 -echo "##### Config network for COMPUTE NODE ####" -ifaces=/etc/network/interfaces -test -f $ifaces.orig || cp $ifaces $ifaces.orig -rm $ifaces -touch $ifaces -cat << EOF >> $ifaces -#Dat IP cho $CON_MGNT_IP node - -# LOOPBACK NET -auto lo -iface lo inet loopback - -# MGNT NETWORK -auto eth0 -iface eth0 inet static -address $COM1_MGNT_IP -netmask $NETMASK_ADD_MGNT - - -# EXT NETWORK -auto eth1 -iface eth1 inet static -address $COM1_EXT_IP -netmask $NETMASK_ADD_EXT -gateway $GATEWAY_IP_EXT -dns-nameservers 8.8.8.8 - -EOF - -sleep 5 -echo "##### Rebooting machine ... #####" -init 6 -# - - - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/com1-prepare.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/com1-prepare.sh deleted file mode 100644 index 421439a..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/com1-prepare.sh +++ /dev/null @@ -1,237 +0,0 @@ -#!/bin/bash -ex -# - -source config.cfg - -# - -echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf -echo "net.ipv4.conf.default.rp_filter=0" >> /etc/sysctl.conf -echo "net.bridge.bridge-nf-call-iptables=1" >> /etc/sysctl.conf -echo "net.bridge.bridge-nf-call-ip6tables=1" >> /etc/sysctl.conf - - -echo "##### Install python openstack client ##### " -apt-get -y install python-openstackclient - -echo "##### Install NTP ##### " - -apt-get install ntp -y -apt-get install python-mysqldb -y -# -echo "##### Backup NTP configuration... ##### " -sleep 7 -cp /etc/ntp.conf /etc/ntp.conf.bka -rm /etc/ntp.conf -cat /etc/ntp.conf.bka | grep -v ^# | grep -v ^$ >> /etc/ntp.conf -# -sed -i 's/server 0.ubuntu.pool.ntp.org/ \ -#server 0.ubuntu.pool.ntp.org/g' /etc/ntp.conf - -sed -i 's/server 1.ubuntu.pool.ntp.org/ \ -#server 1.ubuntu.pool.ntp.org/g' /etc/ntp.conf - -sed -i 's/server 2.ubuntu.pool.ntp.org/ \ -#server 2.ubuntu.pool.ntp.org/g' /etc/ntp.conf - -sed -i 's/server 3.ubuntu.pool.ntp.org/ \ -#server 3.ubuntu.pool.ntp.org/g' /etc/ntp.conf - -sed -i "s/server ntp.ubuntu.com/server $CON_MGNT_IP iburst/g" /etc/ntp.conf - -sleep 5 -echo "##### Installl package for NOVA" -apt-get -y install nova-compute -echo "libguestfs-tools libguestfs/update-appliance boolean true" \ - | debconf-set-selections -apt-get -y install libguestfs-tools sysfsutils guestfsd python-guestfs - -#fix loi chen pass tren hypervisor la KVM -update-guestfs-appliance -chmod 0644 /boot/vmlinuz* -usermod -a -G kvm root - -echo "############ Configuring in nova.conf ...############" -sleep 5 -######## -#/* Sao luu truoc khi sua file nova.conf -filenova=/etc/nova/nova.conf -test -f $filenova.orig || cp $filenova $filenova.orig - -#Chen noi dung file /etc/nova/nova.conf vao -cat << EOF > $filenova -[DEFAULT] -dhcpbridge_flagfile=/etc/nova/nova.conf -dhcpbridge=/usr/bin/nova-dhcpbridge -logdir=/var/log/nova -state_path=/var/lib/nova -lock_path=/var/lock/nova -force_dhcp_release=True -libvirt_use_virtio_for_bridges=True -verbose=True -ec2_private_dns_show_ip=True -api_paste_config=/etc/nova/api-paste.ini -enabled_apis=ec2,osapi_compute,metadata - -rpc_backend = rabbit -auth_strategy = keystone -my_ip = $COM1_MGNT_IP - -network_api_class = nova.network.neutronv2.api.API -security_group_api = neutron -linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver -firewall_driver = nova.virt.firewall.NoopFirewallDriver - -verbose = True - -enable_instance_password = True - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = nova -password = $KEYSTONE_PASS - -[vnc] -enabled = True -vncserver_listen = 0.0.0.0 -vncserver_proxyclient_address = \$my_ip -novncproxy_base_url = http://$CON_EXT_IP:6080/vnc_auto.html - -[glance] -host = $CON_MGNT_IP - -[oslo_concurrency] -lock_path = /var/lib/nova/tmp - -[neutron] -url = http://$CON_MGNT_IP:9696 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -region_name = RegionOne -project_name = service -username = neutron -password = $NEUTRON_PASS - -[libvirt] -inject_key = True -inject_partition = -1 -inject_password = True - -EOF - -echo "##### Restart nova-compute #####" -sleep 5 -service nova-compute restart - -# Remove default nova db -rm /var/lib/nova/nova.sqlite - -echo "##### Install openvswitch-agent (neutron) on COMPUTE NODE #####" -sleep 10 - -apt-get -y install neutron-plugin-ml2 neutron-plugin-openvswitch-agent - -echo "Config file neutron.conf" -controlneutron=/etc/neutron/neutron.conf -test -f $controlneutron.orig || cp $controlneutron $controlneutron.orig -rm $controlneutron -touch $controlneutron -cat << EOF >> $controlneutron -[DEFAULT] -core_plugin = ml2 - -rpc_backend = rabbit -auth_strategy = keystone -verbose = True - -allow_overlapping_ips = True - -service_plugins = router - -[matchmaker_redis] -[matchmaker_ring] -[quotas] -[agent] -root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = neutron -password = $KEYSTONE_PASS - -[database] -# connection = sqlite:////var/lib/neutron/neutron.sqlite - -[nova] -[oslo_concurrency] -lock_path = \$state_path/lock -[oslo_policy] -[oslo_messaging_amqp] -[oslo_messaging_qpid] - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -[qos] -EOF - -echo "############ Configuring ml2_conf.ini ############" -sleep 5 -######## -comfileml2=/etc/neutron/plugins/ml2/ml2_conf.ini -test -f $comfileml2.orig || cp $comfileml2 $comfileml2.orig -rm $comfileml2 -touch $comfileml2 -#Update ML2 config file /etc/neutron/plugins/ml2/ml2_conf.ini -cat << EOF > $comfileml2 -[ml2] -type_drivers = flat,vlan,gre,vxlan -tenant_network_types = gre -mechanism_drivers = openvswitch - -[ml2_type_flat] -[ml2_type_vlan] -[ml2_type_gre] -tunnel_id_ranges = 1:1000 - -[ml2_type_vxlan] -[securitygroup] -enable_security_group = True -enable_ipset = True -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -[ovs] -local_ip = $COM1_MGNT_IP -enable_tunneling = True - -[agent] -tunnel_types = gre - -EOF - - -echo "Reset service nova-compute,openvswitch-agent" -sleep 5 -service nova-compute restart -service neutron-plugin-openvswitch-agent restart - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/config.cfg b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/config.cfg deleted file mode 100644 index 4cbae4a..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/config.cfg +++ /dev/null @@ -1,66 +0,0 @@ - -## Network Info -# MASTER=$eth0_address -# LOCAL_IP=$eth1_address -################## KHAI BAO CAC BIEN CHO SCRIPT ########################### - -## Assigning IP for CONTROLLER NODE -CON_MGNT_IP=10.10.10.140 -CON_EXT_IP=172.16.69.140 - -# Assigning IP for COMPUTE1 NODE -COM1_MGNT_IP=10.10.10.141 -COM1_EXT_IP=172.16.69.141 - -#Gateway for EXT network -GATEWAY_IP_EXT=172.16.69.1 -NETMASK_ADD_EXT=255.255.255.0 - -#Gateway for MGNT network -GATEWAY_IP_MGNT=10.10.10.1 -NETMASK_ADD_MGNT=255.255.255.0 - -# Set password -DEFAULT_PASS='Welcome123' - -RABBIT_PASS="$DEFAULT_PASS" -MYSQL_PASS="$DEFAULT_PASS" -TOKEN_PASS="$DEFAULT_PASS" -ADMIN_PASS="$DEFAULT_PASS" -SERVICE_PASSWORD="$DEFAULT_PASS" -METADATA_SECRET="$DEFAULT_PASS" - -SERVICE_TENANT_NAME="service" -ADMIN_TENANT_NAME="admin" -DEMO_TENANT_NAME="demo" -INVIS_TENANT_NAME="invisible_to_admin" -ADMIN_USER_NAME="admin" -DEMO_USER_NAME="demo" - -# Environment variable for OPS service -KEYSTONE_PASS="$DEFAULT_PASS" -GLANCE_PASS="$DEFAULT_PASS" -NOVA_PASS="$DEFAULT_PASS" -NEUTRON_PASS="$DEFAULT_PASS" -CINDER_PASS="$DEFAULT_PASS" -SWIFT_PASS="$DEFAULT_PASS" -HEAT_PASS="$DEFAULT_PASS" -CEILOMETER_PASS="$DEFAULT_PASS" - -# Environment variable for DB -KEYSTONE_DBPASS="$DEFAULT_PASS" -GLANCE_DBPASS="$DEFAULT_PASS" -NOVA_DBPASS="$DEFAULT_PASS" -NEUTRON_DBPASS="$DEFAULT_PASS" -CINDER_DBPASS="$DEFAULT_PASS" -HEAT_DBPASS="$DEFAULT_PASS" -CEILOMETER_DBPASS="$DEFAULT_PASS" - - -# User declaration in Keystone -ADMIN_ROLE_NAME="admin" -MEMBER_ROLE_NAME="Member" -KEYSTONEADMIN_ROLE_NAME="KeystoneAdmin" -KEYSTONESERVICE_ROLE_NAME="KeystoneServiceAdmin" - -# OS PASS ROOT diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-1-ipadd.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-1-ipadd.sh deleted file mode 100644 index 330e4ea..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-1-ipadd.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash -ex -source config.cfg - - -ifaces=/etc/network/interfaces -test -f $ifaces.orig || cp $ifaces $ifaces.orig -rm $ifaces -touch $ifaces -cat << EOF >> $ifaces -#Assign IP for Controller node - -# LOOPBACK NET -auto lo -iface lo inet loopback - -# MGNT NETWORK -auto eth0 -iface eth0 inet static -address $CON_MGNT_IP -netmask $NETMASK_ADD_MGNT - - -# EXT NETWORK -auto eth1 -iface eth1 inet static -address $CON_EXT_IP -netmask $NETMASK_ADD_EXT -gateway $GATEWAY_IP_EXT -dns-nameservers 8.8.8.8 -EOF - - -echo "Configuring hostname in CONTROLLER node" -sleep 3 -echo "controller" > /etc/hostname -hostname -F /etc/hostname - - -echo "Configuring for file /etc/hosts" -sleep 3 -iphost=/etc/hosts -test -f $iphost.orig || cp $iphost $iphost.orig -rm $iphost -touch $iphost -cat << EOF >> $iphost -127.0.0.1 localhost -127.0.1.1 controller -$CON_MGNT_IP controller -$COM1_MGNT_IP compute1 - - -EOF - - -echo "##### Cai dat repos cho Liberty ##### " -apt-get install software-properties-common -y -add-apt-repository cloud-archive:liberty -y - -sleep 5 -echo "UPDATE PACKAGE FOR LIBERTY" -apt-get -y update && apt-get -y upgrade && apt-get -y dist-upgrade - -sleep 5 - -echo "Reboot Server" - -#sleep 5 -init 6 -# - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-10-ceilometer.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-10-ceilometer.sh deleted file mode 100644 index 2b3c684..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-10-ceilometer.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash -ex -source config.cfg - -apt-get install -y mongodb-server mongodb-clients python-pymongo - -sed -i "s/bind_ip = 127.0.0.1/bind_ip = $CON_MGNT_IP/g" /etc/mongodb.conf -service mongodb restart -sleep 40 -cat << EOF > mongo.js - db = db.getSiblingDB("ceilometer"); - db.addUser({user: "ceilometer", - pwd: "$CEILOMETER_DBPASS", - roles: [ "readWrite", "dbAdmin" ]}) -EOF -sleep 20 -mongo --host $CON_MGNT_IP ./mongo.js - -## Tao user, endpoint va gan role cho CEILOMETER - -openstack user create --password $CEILOMETER_PASS ceilometer -openstack role add --project service --user ceilometer admin -openstack service create --name ceilometer --description "Telemetry" metering - -openstack endpoint create \ ---publicurl http://$CON_MGNT_IP:8777 \ ---internalurl http://$CON_MGNT_IP:8777 \ ---adminurl http://$CON_MGNT_IP:8777 \ ---region RegionOne \ -metering - -# Cai dat cac goi trong CEILOMETER - -apt-get -y install ceilometer-api ceilometer-collector \ -ceilometer-agent-central ceilometer-agent-notification \ -ceilometer-alarm-evaluator ceilometer-alarm-notifier \ -python-ceilometerclient - - -mv /etc/ceilometer/ceilometer.conf /etc/ceilometer/ceilometer.conf.bka -cat << EOF > /etc/ceilometer/ceilometer.conf -[DEFAULT] -verbose = True -rpc_backend = rabbit -auth_strategy = keystone - -[database] -connection = mongodb://ceilometer:$CEILOMETER_DBPASS@$CON_MGNT_IP:27017/ceilometer - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = ceilometer -password = $CEILOMETER_PASS - -[service_credentials] -os_auth_url = http://$CON_MGNT_IP:5000/v2.0 -os_username = ceilometer -os_tenant_name = service -os_password = $CEILOMETER_PASS -os_endpoint_type = internalURL -os_region_name = RegionOne - -# [publisher] -# telemetry_secret = $METERING_SECRET - -[matchmaker_redis] - -[matchmaker_ring] - -[oslo_messaging_amqp] - -[oslo_messaging_qpid] - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -[oslo_policy] - -EOF - -echo "Restart service" -sleep 3 -service ceilometer-agent-central restart -service ceilometer-agent-notification restart -service ceilometer-api restart -service ceilometer-collector restart -service ceilometer-alarm-evaluator restart -service ceilometer-alarm-notifier restart - -echo "Restart service" -sleep 10 -service ceilometer-agent-central restart -service ceilometer-agent-notification restart -service ceilometer-api restart -service ceilometer-collector restart -service ceilometer-alarm-evaluator restart -service ceilometer-alarm-notifier restart - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-2-prepare.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-2-prepare.sh deleted file mode 100644 index 28b8be6..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-2-prepare.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Install python client" -apt-get -y install python-openstackclient -sleep 5 - -echo "Install and config NTP" -sleep 3 -apt-get install ntp -y -cp /etc/ntp.conf /etc/ntp.conf.bka -rm /etc/ntp.conf -cat /etc/ntp.conf.bka | grep -v ^# | grep -v ^$ >> /etc/ntp.conf - - -## Config NTP in LIBERTY -sed -i 's/server ntp.ubuntu.com/ \ -server 0.vn.pool.ntp.org iburst \ -server 1.asia.pool.ntp.org iburst \ -server 2.asia.pool.ntp.org iburst/g' /etc/ntp.conf - -sed -i 's/restrict -4 default kod notrap nomodify nopeer noquery/ \ -#restrict -4 default kod notrap nomodify nopeer noquery/g' /etc/ntp.conf - -sed -i 's/restrict -6 default kod notrap nomodify nopeer noquery/ \ -restrict -4 default kod notrap nomodify \ -restrict -6 default kod notrap nomodify/g' /etc/ntp.conf - -# sed -i 's/server/#server/' /etc/ntp.conf -# echo "server $LOCAL_IP" >> /etc/ntp.conf - -############################################## -echo "Install and Config RabbitMQ" -sleep 3 - -apt-get install rabbitmq-server -y -rabbitmqctl add_user openstack $RABBIT_PASS -rabbitmqctl set_permissions openstack ".*" ".*" ".*" -# rabbitmqctl change_password guest $RABBIT_PASS -sleep 3 - -service rabbitmq-server restart -echo "Finish setup pre-install package !!!" - -echo "##### Install MYSQL #####" -sleep 3 - -echo mysql-server mysql-server/root_password password $MYSQL_PASS \ - | debconf-set-selections -echo mysql-server mysql-server/root_password_again password $MYSQL_PASS \ - | debconf-set-selections -apt-get -y install mariadb-server python-mysqldb curl - -echo "##### Configuring MYSQL #####" -sleep 3 - - -echo "########## CONFIGURING FOR MYSQL ##########" -sleep 5 -touch /etc/mysql/conf.d/mysqld_openstack.cnf -cat << EOF > /etc/mysql/conf.d/mysqld_openstack.cnf - -[mysqld] -bind-address = 0.0.0.0 - -[mysqld] -default-storage-engine = innodb -innodb_file_per_table -collation-server = utf8_general_ci -init-connect = 'SET NAMES utf8' -character-set-server = utf8 - -EOF - -sleep 5 -echo "Restart MYSQL" -service mysql restart - - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-3.keystone.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-3.keystone.sh deleted file mode 100644 index f338e18..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-3.keystone.sh +++ /dev/null @@ -1,225 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Create Database for Keystone" - -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE keystone; -GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DBPASS'; -GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DBPASS'; -FLUSH PRIVILEGES; -EOF - -echo "##### Install keystone #####" - -echo "manual" > /etc/init/keystone.override - -apt-get -y install keystone python-openstackclient apache2 \ - libapache2-mod-wsgi memcached python-memcache - -#/* Back-up file nova.conf -filekeystone=/etc/keystone/keystone.conf -test -f $filekeystone.orig || cp $filekeystone $filekeystone.orig - -#Config file /etc/keystone/keystone.conf -cat << EOF > $filekeystone - -[DEFAULT] -log_dir = /var/log/keystone - -admin_token = $TOKEN_PASS -public_bind_host = $CON_MGNT_IP -admin_bind_host = $CON_MGNT_IP - -[assignment] -[auth] -[cache] -[catalog] -[cors] -[cors.subdomain] -[credential] -[database] -connection = mysql+pymysql://keystone:$KEYSTONE_DBPASS@$CON_MGNT_IP/keystone - - -[domain_config] -[endpoint_filter] -[endpoint_policy] -[eventlet_server] -[eventlet_server_ssl] -[federation] -[fernet_tokens] -[identity] -[identity_mapping] -[kvs] -[ldap] -[matchmaker_redis] -[matchmaker_ring] -[memcache] -servers = localhost:11211 - - -[oauth1] -[os_inherit] -[oslo_messaging_amqp] -[oslo_messaging_qpid] -[oslo_messaging_rabbit] -[oslo_middleware] -[oslo_policy] -[paste_deploy] -[policy] -[resource] -[revoke] -driver = sql - -[role] -[saml] -[signing] -[ssl] -[token] -provider = uuid -driver = memcache - -[tokenless_auth] -[trust] -[extra_headers] -Distribution = Ubuntu - -EOF - -# -su -s /bin/sh -c "keystone-manage db_sync" keystone - -echo "ServerName $CON_MGNT_IP" >> /etc/apache2/apache2.conf - -cat << EOF > /etc/apache2/sites-available/wsgi-keystone.conf -Listen 5000 -Listen 35357 - - - WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-public - WSGIScriptAlias / /usr/bin/keystone-wsgi-public - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog /var/log/apache2/keystone.log - CustomLog /var/log/apache2/keystone_access.log combined - - - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - - - - - - WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} - WSGIProcessGroup keystone-admin - WSGIScriptAlias / /usr/bin/keystone-wsgi-admin - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - ErrorLog /var/log/apache2/keystone.log - CustomLog /var/log/apache2/keystone_access.log combined - - - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - - - - -EOF - -ln -s /etc/apache2/sites-available/wsgi-keystone.conf \ - /etc/apache2/sites-enabled - -service apache2 restart - -rm -f /var/lib/keystone/keystone.db - - -export OS_TOKEN="$TOKEN_PASS" -export OS_URL=http://$CON_MGNT_IP:35357/v2.0 - -# export OS_SERVICE_TOKEN="$TOKEN_PASS" -# export OS_SERVICE_ENDPOINT="http://$CON_MGNT_IP:35357/v2.0" -# export SERVICE_ENDPOINT="http://$CON_MGNT_IP:35357/v2.0" - -### Identity service -openstack service create --name keystone --description \ - "OpenStack Identity" identity -### Create the Identity service API endpoint -openstack endpoint create \ ---publicurl http://$CON_MGNT_IP:5000/v2.0 \ ---internalurl http://$CON_MGNT_IP:5000/v2.0 \ ---adminurl http://$CON_MGNT_IP:35357/v2.0 \ ---region RegionOne \ -identity - -#### To create tenants, users, and roles ADMIN -openstack project create --description "Admin Project" admin -openstack user create --password $ADMIN_PASS admin -openstack role create admin -openstack role add --project admin --user admin admin - -#### To create tenants, users, and roles SERVICE -openstack project create --description "Service Project" service - - -#### To create tenants, users, and roles DEMO -openstack project create --description "Demo Project" demo -openstack user create --password $ADMIN_PASS demo - -### Create the user role -openstack role create user -openstack role add --project demo --user demo user - -################# - -unset OS_TOKEN OS_URL - -# Tao bien moi truong - -echo "export OS_PROJECT_DOMAIN_ID=default" > admin-openrc.sh -echo "export OS_USER_DOMAIN_ID=default" >> admin-openrc.sh -echo "export OS_PROJECT_NAME=admin" >> admin-openrc.sh -echo "export OS_TENANT_NAME=admin" >> admin-openrc.sh -echo "export OS_USERNAME=admin" >> admin-openrc.sh -echo "export OS_PASSWORD=$ADMIN_PASS" >> admin-openrc.sh -echo "export OS_AUTH_URL=http://$CON_MGNT_IP:35357/v3" >> admin-openrc.sh -echo "export OS_VOLUME_API_VERSION=2" >> admin-openrc.sh - -sleep 5 -echo "########## Execute environment script ##########" -chmod +x admin-openrc.sh -cat admin-openrc.sh >> /etc/profile -cp admin-openrc.sh /root/admin-openrc.sh -source admin-openrc.sh - - -echo "export OS_PROJECT_DOMAIN_ID=default" > demo-openrc.sh -echo "export OS_USER_DOMAIN_ID=default" >> demo-openrc.sh -echo "export OS_PROJECT_NAME=demo" >> demo-openrc.sh -echo "export OS_TENANT_NAME=demo" >> demo-openrc.sh -echo "export OS_USERNAME=demo" >> demo-openrc.sh -echo "export OS_PASSWORD=$ADMIN_PASS" >> demo-openrc.sh -echo "export OS_AUTH_URL=http://$CON_MGNT_IP:35357/v3" >> demo-openrc.sh -echo "export OS_VOLUME_API_VERSION=2" >> demo-openrc.sh - -chmod +x demo-openrc.sh -cp demo-openrc.sh /root/demo-openrc.sh diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-4-glance.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-4-glance.sh deleted file mode 100644 index c32230b..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-4-glance.sh +++ /dev/null @@ -1,183 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Create the database for GLANCE" -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE glance; -GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$GLANCE_DBPASS'; -GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$GLANCE_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -sleep 5 -echo " Create user, endpoint for GLANCE" - -openstack user create --password $GLANCE_PASS glance -openstack role add --project service --user glance admin -openstack service create --name glance --description \ - "OpenStack Image service" image - -openstack endpoint create \ ---publicurl http://$CON_MGNT_IP:9292 \ ---internalurl http://$CON_MGNT_IP:9292 \ ---adminurl http://$CON_MGNT_IP:9292 \ ---region RegionOne \ -image - -echo "########## Install GLANCE ##########" -apt-get -y install glance python-glanceclient -sleep 10 -echo "########## Configuring GLANCE API ##########" -sleep 5 -#/* Back-up file nova.conf -fileglanceapicontrol=/etc/glance/glance-api.conf -test -f $fileglanceapicontrol.orig \ - || cp $fileglanceapicontrol $fileglanceapicontrol.orig -rm $fileglanceapicontrol -touch $fileglanceapicontrol - -#Configuring glance config file /etc/glance/glance-api.conf - -cat << EOF > $fileglanceapicontrol -[DEFAULT] -notification_driver = noop -verbose = True -notification_driver = messagingv2 -rpc_backend = rabbit - -[database] -connection = mysql+pymysql://glance:$GLANCE_DBPASS@$CON_MGNT_IP/glance -backend = sqlalchemy - -[glance_store] -default_store = file -filesystem_store_datadir = /var/lib/glance/images/ - -[image_format] -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = glance -password = $GLANCE_PASS - - -[matchmaker_redis] -[matchmaker_ring] -[oslo_concurrency] -[oslo_messaging_amqp] -[oslo_messaging_qpid] - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -[oslo_policy] -[paste_deploy] -flavor = keystone - -[store_type_location_strategy] -[task] -[taskflow_executor] - -EOF - -# -sleep 10 -echo "########## Configuring GLANCE REGISTER ##########" -#/* Backup file file glance-registry.conf -fileglanceregcontrol=/etc/glance/glance-registry.conf -test -f $fileglanceregcontrol.orig \ - || cp $fileglanceregcontrol $fileglanceregcontrol.orig -rm $fileglanceregcontrol -touch $fileglanceregcontrol -#Config file /etc/glance/glance-registry.conf - -cat << EOF > $fileglanceregcontrol - -[DEFAULT] -notification_driver = noop -verbose = True -notification_driver = messagingv2 -rpc_backend = rabbit - -[database] -connection = mysql+pymysql://glance:$GLANCE_DBPASS@$CON_MGNT_IP/glance -backend = sqlalchemy - -[glance_store] - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = glance -password = $GLANCE_PASS - - -[matchmaker_redis] -[matchmaker_ring] -[oslo_messaging_amqp] -[oslo_messaging_qpid] - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS -[oslo_policy] - -[paste_deploy] -flavor = keystone - -EOF - -sleep 7 -echo "########## Remove Glance default DB ##########" -rm /var/lib/glance/glance.sqlite - -chown glance:glance $fileglanceapicontrol -chown glance:glance $fileglanceregcontrol - -sleep 7 -echo "########## Syncing DB for Glance ##########" -glance-manage db_sync - -sleep 5 -echo "########## Restarting GLANCE service ... ##########" -service glance-registry restart -service glance-api restart -sleep 3 -service glance-registry restart -service glance-api restart - -# - -echo "Remove glance.sqlite " -rm -f /var/lib/glance/glance.sqlite - - -sleep 3 -echo "########## Registering Cirros IMAGE for GLANCE ... ##########" -mkdir images -cd images/ -wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img - -glance image-create --name "cirros" \ ---file cirros-0.3.4-x86_64-disk.img \ ---disk-format qcow2 --container-format bare \ ---visibility public --progress -cd /root/ -# rm -r /tmp/images - -sleep 5 -echo "########## Testing Glance ##########" -glance image-list diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-5-nova.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-5-nova.sh deleted file mode 100644 index a0c214a..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-5-nova.sh +++ /dev/null @@ -1,150 +0,0 @@ -#!/bin/bash -ex -# -source config.cfg - -echo "Create DB for NOVA " -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE nova; -GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS'; -GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -echo "Creat user, endpoint for NOVA" - -openstack user create --password $NOVA_PASS nova -openstack role add --project service --user nova admin -openstack service create --name nova --description "OpenStack Compute" compute - -openstack endpoint create \ ---publicurl http://$CON_MGNT_IP:8774/v2/%\(tenant_id\)s \ ---internalurl http://$CON_MGNT_IP:8774/v2/%\(tenant_id\)s \ ---adminurl http://$CON_MGNT_IP:8774/v2/%\(tenant_id\)s \ ---region RegionOne \ -compute - - -echo "########## Install NOVA in $CON_MGNT_IP ##########" -sleep 5 -apt-get -y install nova-api nova-cert nova-conductor \ - nova-consoleauth nova-novncproxy nova-scheduler python-novaclient - -# Cai tu dong libguestfs-tools -echo "libguestfs-tools libguestfs/update-appliance boolean true" \ - | debconf-set-selections -apt-get -y install libguestfs-tools sysfsutils guestfsd python-guestfs - -######## Backup configurations for NOVA ##########" -sleep 7 - -# -controlnova=/etc/nova/nova.conf -test -f $controlnova.orig || cp $controlnova $controlnova.orig -rm $controlnova -touch $controlnova -cat << EOF >> $controlnova -[DEFAULT] - -rpc_backend = rabbit -auth_strategy = keystone - -dhcpbridge_flagfile=/etc/nova/nova.conf -dhcpbridge=/usr/bin/nova-dhcpbridge -logdir=/var/log/nova -state_path=/var/lib/nova -lock_path=/var/lock/nova -force_dhcp_release=True -libvirt_use_virtio_for_bridges=True -ec2_private_dns_show_ip=True -api_paste_config=/etc/nova/api-paste.ini -enabled_apis=ec2,osapi_compute,metadata - -my_ip = $CON_MGNT_IP - -network_api_class = nova.network.neutronv2.api.API -security_group_api = neutron -linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver -firewall_driver = nova.virt.firewall.NoopFirewallDriver - - -enabled_apis=osapi_compute,metadata -verbose = True - -enable_instance_password = True - -[database] -connection = mysql+pymysql://nova:$NOVA_DBPASS@$CON_MGNT_IP/nova - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = nova -password = $NOVA_PASS - -[vnc] -vncserver_listen = \$my_ip -vncserver_proxyclient_address = \$my_ip - -[glance] -host = $CON_MGNT_IP - -[oslo_concurrency] -lock_path = /var/lib/nova/tmp - -[neutron] -url = http://$CON_MGNT_IP:9696 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -region_name = RegionOne -project_name = service -username = neutron -password = $NEUTRON_PASS - -service_metadata_proxy = True -metadata_proxy_shared_secret = $METADATA_SECRET - -EOF - -echo "########## Remove Nova default db ##########" -sleep 7 -rm /var/lib/nova/nova.sqlite - -echo "########## Syncing Nova DB ##########" -sleep 7 -su -s /bin/sh -c "nova-manage db sync" nova - -# echo 'kvm_intel' >> /etc/modules - -echo "########## Restarting NOVA ... ##########" -sleep 7 -service nova-api restart -service nova-cert restart -service nova-consoleauth restart -service nova-scheduler restart -service nova-conductor restart -service nova-novncproxy restart - -sleep 7 -echo "########## Restarting NOVA ... ##########" -service nova-api restart -service nova-cert restart -service nova-consoleauth restart -service nova-scheduler restart -service nova-conductor restart -service nova-novncproxy restart - -echo "########## Testing NOVA service ##########" -nova-manage service list - diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-6-neutron.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-6-neutron.sh deleted file mode 100644 index 721fd13..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-6-neutron.sh +++ /dev/null @@ -1,292 +0,0 @@ -#!/bin/bash -ex -# -# RABBIT_PASS=a -# ADMIN_PASS=a - -source config.cfg - -echo "############ Configuring net forward for all VMs ############" -sleep 5 -echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf -echo "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.conf -echo "net.ipv4.conf.default.rp_filter=0" >> /etc/sysctl.conf -sysctl -p - -echo "Create DB for NEUTRON " -sleep 5 -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE neutron; -GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$NEUTRON_DBPASS'; -GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$NEUTRON_DBPASS'; -FLUSH PRIVILEGES; -EOF - - -echo "Create user, endpoint for NEUTRON" -sleep 5 -openstack user create --password $NEUTRON_PASS neutron -openstack role add --project service --user neutron admin -openstack service create --name neutron --description \ - "OpenStack Networking" network - -openstack endpoint create \ - --publicurl http://$CON_MGNT_IP:9696 \ - --adminurl http://$CON_MGNT_IP:9696 \ - --internalurl http://$CON_MGNT_IP:9696 \ - --region RegionOne \ - network - -# SERVICE_TENANT_ID=`keystone tenant-get service | awk '$2~/^id/{print $4}'` - - -echo "########## Install NEUTRON in 172.16.69.40 or NETWORK node ###########" -sleep 5 -apt-get -y install neutron-server python-neutronclient \ - neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ - neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent \ - neutron-plugin-openvswitch neutron-common - -######## Backup configuration NEUTRON.CONF ##################" -echo "########## Config NEUTRON ##########" -sleep 5 - -# -controlneutron=/etc/neutron/neutron.conf -test -f $controlneutron.orig || cp $controlneutron $controlneutron.orig -rm $controlneutron -touch $controlneutron -cat << EOF >> $controlneutron -[DEFAULT] -core_plugin = ml2 -rpc_backend = rabbit - -service_plugins = router -allow_overlapping_ips = True - -notify_nova_on_port_status_changes = True -notify_nova_on_port_data_changes = True -nova_url = http://$CON_MGNT_IP:8774/v2 -verbose = True - - -[matchmaker_redis] -[matchmaker_ring] -[quotas] -[agent] -root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = neutron -password = $NEUTRON_PASS - - -[database] -connection = mysql+pymysql://neutron:$NEUTRON_DBPASS@$CON_MGNT_IP/neutron - -[nova] -[oslo_concurrency] -lock_path = \$state_path/lock -[oslo_policy] -[oslo_messaging_amqp] -[oslo_messaging_qpid] - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -[nova] -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -region_name = RegionOne -project_name = service -username = nova -password = $NOVA_PASS - -[qos] - -EOF - - -######## Backup configuration of ML2 ##################" -echo "########## Configuring ML2 ##########" -sleep 7 - -controlML2=/etc/neutron/plugins/ml2/ml2_conf.ini -test -f $controlML2.orig || cp $controlML2 $controlML2.orig -rm $controlML2 -touch $controlML2 - -cat << EOF >> $controlML2 -[ml2] -type_drivers = flat,vlan,gre,vxlan -tenant_network_types = gre -mechanism_drivers = openvswitch - -[ml2_type_flat] -flat_networks = external - -[ml2_type_vlan] - -[ml2_type_gre] -tunnel_id_ranges = 1:1000 - -[ml2_type_vxlan] - -[ml2_type_geneve] - -[securitygroup] -enable_security_group = True -enable_ipset = True -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - -[ovs] -local_ip = $CON_MGNT_IP -bridge_mappings = external:br-ex - -[agent] -tunnel_types = gre - -EOF - -echo "############ Configuring L3 AGENT ############" -sleep 7 -netl3agent=/etc/neutron/l3_agent.ini - -test -f $netl3agent.orig || cp $netl3agent $netl3agent.orig -rm $netl3agent -touch $netl3agent - -cat << EOF >> $netl3agent -[DEFAULT] -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -external_network_bridge = -router_delete_namespaces = True -verbose = True - -[AGENT] -EOF - -echo "############ Configuring DHCP AGENT ############ " -sleep 7 -# -netdhcp=/etc/neutron/dhcp_agent.ini - -test -f $netdhcp.orig || cp $netdhcp $netdhcp.orig -rm $netdhcp -touch $netdhcp - -cat << EOF >> $netdhcp -[DEFAULT] -interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq -dhcp_delete_namespaces = True -verbose = True -dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf - -[AGENT] -EOF - -echo "############ Fix loi MTU ############" -sleep 3 -echo "dhcp-option-force=26,1454" > /etc/neutron/dnsmasq-neutron.conf -killall dnsmasq - - -echo "############ Configuring METADATA AGENT ############" -sleep 7 -netmetadata=/etc/neutron/metadata_agent.ini - -test -f $netmetadata.orig || cp $netmetadata $netmetadata.orig -rm $netmetadata -touch $netmetadata - -cat << EOF >> $netmetadata -[DEFAULT] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_region = RegionOne -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = neutron -password = $NEUTRON_PASS - -nova_metadata_ip = $CON_MGNT_IP -metadata_proxy_shared_secret = $METADATA_SECRET -verbose = True - -EOF -# - -su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron - -echo "########## Restarting NOVA service ##########" -sleep 7 -service nova-api restart -service nova-scheduler restart -service nova-conductor restart - -echo "########## Restarting NEUTRON service ##########" -sleep 7 -service neutron-server restart -service neutron-plugin-openvswitch-agent restart -service neutron-dhcp-agent restart -service neutron-metadata-agent restart -service neutron-l3-agent restart - -rm -f /var/lib/neutron/neutron.sqlite - -echo "########## check service Neutron ##########" -neutron agent-list -sleep 5 - -echo "########## Config IP address for br-ex ##########" - -ifaces=/etc/network/interfaces -test -f $ifaces.orig1 || cp $ifaces $ifaces.orig1 -rm $ifaces -cat << EOF > $ifaces -# The loopback network interface -auto lo -iface lo inet loopback - -# The primary network interface -auto br-ex -iface br-ex inet static -address $CON_EXT_IP -netmask $NETMASK_ADD_EXT -gateway $GATEWAY_IP_EXT -dns-nameservers 8.8.8.8 - -auto eth1 -iface eth1 inet manual - up ifconfig \$IFACE 0.0.0.0 up - up ip link set \$IFACE promisc on - down ip link set \$IFACE promisc off - down ifconfig \$IFACE down - -auto eth0 -iface eth0 inet static -address $CON_MGNT_IP -netmask $NETMASK_ADD_MGNT -EOF - -echo "########## Config br-int and br-ex for OpenvSwitch ##########" -sleep 5 -# ovs-vsctl add-br br-int -ovs-vsctl add-br br-ex -ovs-vsctl add-port br-ex eth1 - -sleep 5 -echo "##### Reboot SERVER #####" -init 6 diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-7-cinder.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-7-cinder.sh deleted file mode 100644 index 3b4a30e..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-7-cinder.sh +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/bash -ex -# -# RABBIT_PASS=a -# ADMIN_PASS=a -source config.cfg - -echo "Create DB for CINDER" -sleep 5 -cat << EOF | mysql -uroot -p$MYSQL_PASS -CREATE DATABASE cinder; -GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '$CINDER_DBPASS'; -GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '$CINDER_DBPASS'; -FLUSH PRIVILEGES; -EOF - -echo "Create user, endpoint for CINDER" -sleep 5 -openstack user create --password $CINDER_PASS cinder -openstack role add --project service --user cinder admin -openstack service create --name cinder --description \ - "OpenStack Block Storage" volume -openstack service create --name cinderv2 --description \ - "OpenStack Block Storage" volumev2 - - -openstack endpoint create \ ---publicurl http://$CON_MGNT_IP:8776/v1/%\(tenant_id\)s \ ---internalurl http://$CON_MGNT_IP:8776/v1/%\(tenant_id\)s \ ---adminurl http://$CON_MGNT_IP:8776/v1/%\(tenant_id\)s \ ---region RegionOne \ -volume - - -openstack endpoint create \ ---publicurl http://$CON_MGNT_IP:8776/v2/%\(tenant_id\)s \ ---internalurl http://$CON_MGNT_IP:8776/v2/%\(tenant_id\)s \ ---adminurl http://$CON_MGNT_IP:8776/v2/%\(tenant_id\)s \ ---region RegionOne \ -volumev2 - -# -echo "########## Install CINDER ##########" -sleep 3 -apt-get install -y cinder-api cinder-scheduler python-cinderclient \ - lvm2 cinder-volume python-mysqldb qemu - - -pvcreate /dev/vdb -vgcreate cinder-volumes /dev/vdb -sed -r -i 's#(filter = )(\[ "a/\.\*/" \])#\1["a\/vdb\/", "r/\.\*\/"]#g' \ - /etc/lvm/lvm.conf - -filecinder=/etc/cinder/cinder.conf -test -f $filecinder.orig || cp $filecinder $filecinder.orig -rm $filecinder -cat << EOF > $filecinder - -[DEFAULT] -rootwrap_config = /etc/cinder/rootwrap.conf -api_paste_confg = /etc/cinder/api-paste.ini -iscsi_helper = tgtadm -volume_name_template = volume-%s -volume_group = cinder-volumes -verbose = True -auth_strategy = keystone -state_path = /var/lib/cinder -lock_path = /var/lock/cinder -volumes_dir = /var/lib/cinder/volumes - -rpc_backend = rabbit -my_ip = $CON_MGNT_IP - -enabled_backends = lvm - -glance_host = $CON_MGNT_IP - -notification_driver = messagingv2 - -[database] -connection = mysql+pymysql://cinder:$CINDER_DBPASS@$CON_MGNT_IP/cinder - -[oslo_messaging_rabbit] -rabbit_host = $CON_MGNT_IP -rabbit_userid = openstack -rabbit_password = $RABBIT_PASS - -[keystone_authtoken] -auth_uri = http://$CON_MGNT_IP:5000 -auth_url = http://$CON_MGNT_IP:35357 -auth_plugin = password -project_domain_id = default -user_domain_id = default -project_name = service -username = cinder -password = $CINDER_PASS - -[oslo_concurrency] -lock_path = /var/lib/cinder/tmp - -[cinder] -os_region_name = RegionOne - -[lvm] -volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver -volume_group = cinder-volumes -iscsi_protocol = iscsi -iscsi_helper = tgtadm - -EOF - - - -echo "########## Syncing Cinder DB ##########" -sleep 3 -su -s /bin/sh -c "cinder-manage db sync" cinder - -echo "########## Restarting CINDER service ##########" -sleep 3 -service tgt restart -service cinder-volume restart -service cinder-api restart -service cinder-scheduler restart - -rm -f /var/lib/cinder/cinder.sqlite - -echo "########## Finish setting up CINDER !!! ##########" diff --git a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-horizon.sh b/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-horizon.sh deleted file mode 100644 index 49a3e19..0000000 --- a/multi/openstack-liberty-multinode-scripts/LIBERTY-U14.04-OVS/ctl-horizon.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -ex - -source config.cfg - -################### -echo "########## START INSTALLING OPS DASHBOARD ##########" -################### -sleep 5 - -echo "########## Installing Dashboard package ##########" -apt-get -y install openstack-dashboard -apt-get -y remove --auto-remove openstack-dashboard-ubuntu-theme - -# echo "########## Fix bug in apache2 ##########" -# sleep 5 -# Fix bug apache in ubuntu 14.04 -# echo "ServerName localhost" > /etc/apache2/conf-available/servername.conf -# sudo a2enconf servername - -echo "########## Creating redirect page ##########" - -filehtml=/var/www/html/index.html -test -f $filehtml.orig || cp $filehtml $filehtml.orig -rm $filehtml -touch $filehtml -cat << EOF >> $filehtml - - - - - -

Dang chuyen den Dashboard cua OpenStack

- - -EOF -# Allowing insert password in dashboard ( only apply in image ) -sed -i "s/'can_set_password': False/'can_set_password': True/g" \ - /etc/openstack-dashboard/local_settings.py - -## /* Restarting apache2 and memcached -service apache2 restart -service memcached restart -echo "########## Finish setting up Horizon ##########" - -echo "########## LOGIN INFORMATION IN HORIZON ##########" -echo "URL: http://$CON_EXT_IP/horizon" -echo "User: admin or demo" -echo "Password:" $ADMIN_PASS \ No newline at end of file diff --git a/multi/superhaproxy b/multi/superhaproxy deleted file mode 100755 index 68a681a..0000000 --- a/multi/superhaproxy +++ /dev/null @@ -1,346 +0,0 @@ -#!/bin/bash - -#Document the bridge setup.... -#ovs-vsctl set bridge shabr stp_enable=false - -#FIXME not all of them work... hardcoding for now. -#mirror=$(curl -s http://nl.alpinelinux.org/alpine/MIRRORS.txt | shuf | head -n 1) -mirror="http://dl-6.alpinelinux.org/alpine/" -#FIXME write some logic to detect this. -version=2.6.5-r1 -statedir=/var/lib/superhaproxy -wrapperurl='http://git.haproxy.org/?p=haproxy-1.6.git;a=blob_plain;f=src/haproxy-systemd-wrapper.c;hb=HEAD' -#FIXME make this configurable -bridge=shabr - -function init_config { - name="$1" - ip=$(crudini --get "$statedir/containers/$name/container.ini" superhaproxy ip) - subnet=$(crudini --get "$statedir/containers/$name/container.ini" superhaproxy subnet) - gateway=$(crudini --get "$statedir/containers/$name/container.ini" superhaproxy gateway) - mtu=$(crudini --get "$statedir/containers/$name/container.ini" superhaproxy mtu) -} - -function get_pid_file { - echo "$statedir/containers/$1/container.pid" -} - -function get_pid { - echo "$(< "$statedir/containers/$1/container.pid")" -} - -function get_dump_dir { - echo "$statedir/dumps/$1" -} - -function get_container_dir { - echo "$statedir/containers/$1" -} - -if [ "x$1" == "x" ] -then - echo "Usage:" - echo " init" - echo " list" - echo " create" - echo " show" - echo " start" - echo " stop" - echo " reload" - echo " pid" - echo " pstree" - echo " shell" - echo " hatop" - echo " dump local" - echo " restore local" - exit -1 -fi - -if [ "x$1" == "xinit" ] -then - mkdir -p $statedir - if [ ! -d $statedir/alpine-tools ] - then - mkdir -p $statedir/alpine-tools - pushd $statedir/alpine-tools - curl ${mirror}/latest-stable/main/x86_64/apk-tools-static-${version}.apk | tar -zxf - - popd - fi - if [ ! -d $statedir/rootimg ] - then - mkdir -p $statedir/rootimg - $statedir/alpine-tools/sbin/apk.static -X ${mirror}/latest-stable/main -U --allow-untrusted --root $statedir/rootimg --initdb add alpine-base haproxy - #FIXME this makes way too big a binary. Remove once alpine provides the wrapper - curl -s "$wrapperurl" -o $statedir/wrapper.c - gcc --static -o $statedir/rootimg/usr/sbin/haproxy-systemd-wrapper $statedir/wrapper.c - #FIXME criu doesn't support checkpinting the chroot yet. - sed -i '/chroot/d' $statedir/rootimg/etc/haproxy/haproxy.cfg - fi - mkdir -p $statedir/containers - mkdir -p $statedir/dumps - mkdir -p $statedir/action-scripts - exit 0 -fi - -if [ "x$1" == "xlist" ] -then - ls $statedir/containers/ | cat - exit 0 -fi - -if [ "x$1" == "xcreate" ] -then - shift - ip="" - name="" - subnet="255.255.255.0" - gateway="" - mtu=9000 - while getopts ":i:m:n:s:g:" opt; do - case ${opt} in - i ) - ip="$OPTARG" - ;; - m ) - mtu="$OPTARG" - ;; - s ) - subnet="$OPTARG" - ;; - n ) - name="$OPTARG" - ;; - \? ) echo "Usage: superhaproxy create [-m mtu] [-s subnetmask] [-g gatewayip] -i ip_address -n name" - exit -1 - ;; - esac - done - if [ "x$name" == "x" ] - then - echo "You must specify a name with -n" - exit -1 - fi - if [ "x$ip" == "x" ] - then - echo "You must specify an ip with -i" - exit -1 - fi - cp -a $statedir/rootimg "$statedir/containers/$name" - touch "$statedir/containers/$name/container.ini" - crudini --set "$statedir/containers/$name/container.ini" superhaproxy ip "$ip" - crudini --set "$statedir/containers/$name/container.ini" superhaproxy mtu "$mtu" - crudini --set "$statedir/containers/$name/container.ini" superhaproxy subnet "$subnet" - crudini --set "$statedir/containers/$name/container.ini" superhaproxy gateway "$gateway" - exit 0 -fi - -if [ "x$1" == "xshow" ] -then - name="$2" - if [ "x$name" == "x" ] - then - echo "You must specify a name" - exit -1 - fi - init_config "$name" - echo "IP: $ip" - echo "Subnet Mask: $subnet" - if [ "x$gateay" != "x" ] - then - echo "Gateway: $gateway" - fi - echo "MTU: $mtu" - exit 0 -fi - -if [ "x$1" == "xstart" ] -then - name="$2" - if [ "x$name" == "x" ] - then - echo "You must specify a name" - exit -1 - fi - init_config "$name" - container="$(get_container_dir "$name")" - #FIXME ensure escaping is correct. - unshare --net --mount --pid --fork -- bash -c "/usr/bin/setsid -- /bin/bash -c 'mount --make-rprivate /; mount --bind $container /tmp; cd /tmp; mkdir -p old; pivot_root . old; mount --bind /old/dev /dev; mount /proc /proc -t proc; umount -l old; exec /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid /dev/null 2>&1'" & - sleep 1 - awk '{print $1}' /proc/$!/task/$!/children > "$container/container.pid" - P="$(get_pid "$name")" - ovs-vsctl del-port $bridge "sha$(get_pid "$name")" > /dev/null 2>&1 - ip link add sha$P type veth peer name shai$P - ip link set dev sha$P mtu "$mtu" up - ip link set shai$P netns $P name eth0 - nsenter -t $P -n ip addr add "$ip/$subnet" dev eth0 - nsenter -t $P -n ip link set dev eth0 mtu "$mtu" up - ovs-vsctl add-port $bridge sha$P - exit $? -fi - -if [ "x$1" == "xpid" ] -then - name="$2" - if [ "x$name" == "x" ] - then - echo "You must specify a name" - exit -1 - fi - get_pid $name - exit 0 -fi - -if [ "x$1" == "xpstree" ] -then - name="$2" - if [ "x$name" == "x" ] - then - echo "You must specify a name" - exit -1 - fi - pstree -p $(get_pid "$name") - exit 0 -fi - -if [ "x$1" == "xstop" ] -then - name="$2" - if [ "x$name" == "x" ] - then - echo "You must specify a name" - exit -1 - fi - kill $(get_pid "$name") - ovs-vsctl del-port $bridge "sha$(get_pid "$name")" - exit 0 -fi - -if [ "x$1" == "xshell" ] -then - name="$2" - if [ "x$name" == "x" ] - then - echo "You must specify a name" - exit -1 - fi - nsenter -n -m -p -t $(get_pid "$name") /bin/busybox sh - exit 0 -fi - -if [ "x$1" == "xhatop" ] -then - name="$2" - if [ "x$name" == "x" ] - then - echo "You must specify a name" - exit -1 - fi - hatop -s "$(get_container_dir "$name")/var/lib/haproxy/stats" - exit 0 -fi - -if [ "x$1" == "xreload" ] -then - name="$2" - if [ "x$name" == "x" ] - then - echo "You must specify a name" - exit -1 - fi - kill -USR2 $(get_pid "$name") - exit 0 -fi - -if [ "x$1" == "xdump" ] -then - subcmd="$2" - if [ "x$subcmd" != "xlocal" ] - then - echo "only local is supported at the moment" - exit -1 - fi - name="$3" - if [ "x$name" == "x" ] - then - echo "You must specify a name" - exit -1 - fi - if [ "x$subcmd" == "xlocal" ] - then - dumpdir=$(get_dump_dir "$name") - rm -rf "$dumpdir" - mkdir -p "$dumpdir" - criu dump -D "$dumpdir" -t "$(get_pid "$name")" --tcp-established --shell-job --ext-mount-map /dev:dev - exit $? - fi - exit 0 -fi - -if [ "x$1" == "xrestore" ] -then - subcmd="$2" - if [ "x$subcmd" != "xlocal" ] - then - echo "only local is supported at the moment" - exit -1 - fi - name="$3" - if [ "x$name" == "x" ] - then - echo "You must specify a name" - exit -1 - fi - if [ "x$subcmd" == "xlocal" ] - then - tmpid=$$ - pidfile=$(get_pid_file "$name") - as="$statedir/action-scripts/$name.sh" - cat > "$as" < /dev/null 2>&1 - mount --bind "$container" "$container" - criu restore -d -D "$dumpdir" --shell-job --tcp-established --ext-mount-map dev:/dev --root "$container" --veth-pair eth0="sha$tmpid" --action-script "$as" --pidfile "$(get_pid_file "$name")" - res=$? - umount "$container" - exit $res - fi - exit 0 -fi - -#migrate -#rsync -avz --delete -e ssh /var/lib/superhaproxy/containers/foo 192.168.0.20:/var/lib/superhaproxy/containers/ -# procedure: -# * initial rsync of container -# * dump on local host -# * second rsync of container -# * rsync of images -# * restore on remote host -# * On success -# * rm container and dump on localhost -# * On failure -# * If autofailback -# * Restore container local -# * on restore failure -# * Try starting remote, if works, remove local container/images all done. -# * If failed to start remote, try and start local -# * If state all still local, remove remote data. - -echo "Unknown command: $1" -exit -1 diff --git a/multi/tenant.py b/multi/tenant.py deleted file mode 100755 index 17d7e8e..0000000 --- a/multi/tenant.py +++ /dev/null @@ -1,1043 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2014 Catalyst IT Ltd -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import argparse -import os -import sys -import six -import traceback -import prettytable - -from cinderclient.v1 import client as cinder_client -from glanceclient import client as glance_client -from oslo_utils import importutils -from oslo_utils import encodeutils -from heatclient import client as heat_client -from keystoneclient.v2_0 import client as keystone_client -from neutronclient.v2_0 import client as neutron_client -try: - from novaclient.v2 import client as nova_client -except: - from novaclient.v3 import client as nova_client -from swiftclient import client as swift_client -from swiftclient import exceptions as swift_exceptions - -DNS_NAMESERVERS = ['202.78.240.213', '202.78.240.214', '202.78.240.215'] - - -def arg(*args, **kwargs): - def _decorator(func): - func.__dict__.setdefault('arguments', []).insert(0, (args, kwargs)) - return func - return _decorator - - -class TenantShell(object): - - def get_base_parser(self): - parser = argparse.ArgumentParser( - prog='tenant', - description='Tenant management script for Catalyst Cloud.', - add_help=False, - ) - - # Global arguments - parser.add_argument('-h', '--help', - action='store_true', - help=argparse.SUPPRESS, - ) - - parser.add_argument('-a', '--os-auth-url', metavar='OS_AUTH_URL', - type=str, required=False, dest='OS_AUTH_URL', - default=os.environ.get('OS_AUTH_URL', None), - help='Keystone Authentication URL') - - parser.add_argument('-u', '--os-username', metavar='OS_USERNAME', - type=str, required=False, dest='OS_USERNAME', - default=os.environ.get('OS_USERNAME', None), - help='Username for authentication') - - parser.add_argument('-p', '--os-password', metavar='OS_PASSWORD', - type=str, required=False, dest='OS_PASSWORD', - default=os.environ.get('OS_PASSWORD', None), - help='Password for authentication') - - parser.add_argument('-t', '--os-tenant-name', - metavar='OS_TENANT_NAME', - type=str, required=False, - dest='OS_TENANT_NAME', - default=os.environ.get('OS_TENANT_NAME', None), - help='Tenant name for authentication') - - parser.add_argument('-r', '--os-region-name', - metavar='OS_REGION_NAME', - type=str, required=False, - dest='OS_REGION_NAME', - default=os.environ.get('OS_REGION_NAME', None), - help='Region for authentication') - - parser.add_argument('-c', '--os-cacert', metavar='OS_CACERT', - dest='OS_CACERT', - default=os.environ.get('OS_CACERT'), - help='Path of CA TLS certificate(s) used to ' - 'verify the remote server\'s certificate. ' - 'Without this option glance looks for the ' - 'default system CA certificates.') - - parser.add_argument('-k', '--insecure', - default=False, - action='store_true', dest='OS_INSECURE', - help='Explicitly allow script to perform ' - '\"insecure SSL\" (https) requests. ' - 'The server\'s certificate will not be ' - 'verified against any certificate authorities.' - ' This option should be used with caution.') - return parser - - def get_subcommand_parser(self): - parser = self.get_base_parser() - self.subcommands = {} - subparsers = parser.add_subparsers(metavar='') - submodule = importutils.import_module('tenant') - self._find_actions(subparsers, submodule) - self._find_actions(subparsers, self) - return parser - - def _find_actions(self, subparsers, actions_module): - for attr in (a for a in dir(actions_module) if a.startswith('do_')): - command = attr[3:].replace('_', '-') - callback = getattr(actions_module, attr) - desc = callback.__doc__ or '' - help = desc.strip().split('\n')[0] - arguments = getattr(callback, 'arguments', []) - - subparser = subparsers.add_parser(command, - help=help, - description=desc, - add_help=False, - formatter_class=HelpFormatter - ) - subparser.add_argument('-h', '--help', - action='help', - help=argparse.SUPPRESS, - ) - self.subcommands[command] = subparser - for (args, kwargs) in arguments: - subparser.add_argument(*args, **kwargs) - subparser.set_defaults(func=callback) - - @arg('command', metavar='', nargs='?', - help='Display help for .') - def do_help(self, args): - """Display help about this program or one of its subcommands. - - """ - if getattr(args, 'command', None): - if args.command in self.subcommands: - self.subcommands[args.command].print_help() - else: - raise Exception("'%s' is not a valid subcommand" % - args.command) - else: - self.parser.print_help() - - def init_client(self, args): - try: - keystone = keystone_client.Client(username=args.OS_USERNAME, - password=args.OS_PASSWORD, - tenant_name=args.OS_TENANT_NAME, - auth_url=args.OS_AUTH_URL, - region_name=args.OS_REGION_NAME, - cacert=args.OS_CACERT, - insecure=args.OS_INSECURE) - self.keystone = keystone - except Exception as e: - # FIXME(flwang): Improve the exception catching - raise e - - try: - neutron = neutron_client.Client(username=args.OS_USERNAME, - password=args.OS_PASSWORD, - tenant_name=args.OS_TENANT_NAME, - auth_url=args.OS_AUTH_URL, - region_name=args.OS_REGION_NAME, - insecure=args.OS_INSECURE) - self.neutron = neutron - except Exception as e: - raise e - - try: - nova = nova_client.Client(username=args.OS_USERNAME, - password=args.OS_PASSWORD, - project_id=args.OS_TENANT_NAME, - auth_url=args.OS_AUTH_URL, - region_name=args.OS_REGION_NAME, - insecure=args.OS_INSECURE) - self.nova = nova - except Exception as e: - raise e - - try: - client_kwargs = { - 'token': self.keystone.auth_token, - 'insecure': args.OS_INSECURE - } - - endpoint_kwargs = { - 'service_type': 'image', - 'endpoint_type': 'publicURL', - } - - if args.OS_REGION_NAME: - endpoint_kwargs['attr'] = 'region' - endpoint_kwargs['filter_value'] = args.OS_REGION_NAME - - endpoint = keystone.service_catalog.url_for(**endpoint_kwargs) - glance = glance_client.Client('1', endpoint, **client_kwargs) - self.glance = glance - except Exception as e: - raise e - - try: - cinder = cinder_client.Client(args.OS_USERNAME, - args.OS_PASSWORD, - tenant_id=keystone.auth_tenant_id, - auth_url=args.OS_AUTH_URL, - region_name=args.OS_REGION_NAME, - insecure=args.OS_INSECURE) - self.cinder = cinder - except Exception as e: - raise e - - def main(self, argv): - parser = self.get_base_parser() - (options, args) = parser.parse_known_args(argv) - - subcommand_parser = self.get_subcommand_parser() - self.parser = subcommand_parser - - if options.help or not argv: - self.do_help(options) - return 0 - - args = subcommand_parser.parse_args(argv) - if args.func == self.do_help: - self.do_help(args) - return 0 - - try: - self.init_client(args) - args.func(self, args) - except Exception as e: - raise e - - -class HelpFormatter(argparse.HelpFormatter): - def start_section(self, heading): - # Title-case the headings - heading = '%s%s' % (heading[0].upper(), heading[1:]) - super(HelpFormatter, self).start_section(heading) - - -@arg('--tenant-name', type=str, metavar='TENANT_NAME', dest='TENANT_NAME', - help='New tenant name (must be unique).') -@arg('--tenant-description', type=str, default=None, metavar='TENANT_DESC', - dest='TENANT_DESC', help='Description of new tenant. Default is none.') -@arg('--meter-label-name', type=str, metavar='METER_LABEL_NAME', - dest='METER_LABEL_NAME', help='Neutron meter label name which will be ' - 'associated with the tenant') -@arg('--meter-label-description', type=str, default=None, - metavar='METER_LABEL_DESC', dest='METER_LABEL_DESC', - help='Description of new meter label. Default is none.') -@arg('--network-name', type=str, required=False, metavar='NETWORK_NAME', - dest='NETWORK_NAME', help='New network name for the tenant.') -@arg('--subnet-name', type=str, required=False, metavar='SUBNET_NAME', - dest='SUBNET_NAME', help='New subnet name for the new network.') -@arg('--subnet-cidr', type=str, required=False, metavar='SUBNET_CIDR', - dest='SUBNET_CIDR', help='Subnet IP range with CIDR format.') -@arg('--dns-server', type=str, required=False, metavar='DNS_SERVER', - action='append', dest='DNS_SERVER', - help='DNS server, following the format like: ' - '--dns-server 10.0.0.1 --dns-server 10.0.0.2') -@arg('--router-name', type=str, required=False, metavar='ROUTER_NAME', - dest='ROUTER_NAME', help='Router name associated with the new network.') -@arg('--public-network', type=str, required=False, - metavar='PUBLIC_NETWORK', dest='PUBLIC_NETWORK', - help='Public network id which the new router will use.') -@arg('--meter-rule-direction', type=str, required=False, default='both', - choices=('ingress', 'egress', 'both'), - metavar='METER_RULE_DIRECTION', dest='METER_RULE_DIRECTION', - help='Direction of meter label rule.') -def do_init(shell, args): - """Add a new tenant and initialize related resources.""" - print('>>> CHECK CAPACITY') - raw_input('CAUTION: Sort out capacity planning first.') - - print('>>> CREATE TENANT') - tenant_id = create_tenant(shell.keystone, args) - - print('>>> ADD ADMIN TO THE NEW TENANT') - add_admin_to_tenant(shell.keystone, tenant_id) - - print('>>> CREATE NETWORK') - network_id = create_network(shell.neutron, tenant_id, args.NETWORK_NAME) - - print('>>> CREATE SUBNET') - subnet = create_subnet(shell.neutron, tenant_id, network_id, - args.SUBNET_NAME, args.SUBNET_CIDR, - args.DNS_SERVER) - - print('>>> CREATE ROUTER') - router = create_router(shell.neutron, tenant_id, args.PUBLIC_NETWORK, - args.ROUTER_NAME) - - print('>>> CREATE INTERFACE') - create_interface(shell.neutron, router, subnet['subnet']['id']) - - # Comment out metering label before we fixed the issue when it works with - # VPNaaS. - # print('>>> CREATE METER LABEL') - # meter_label_id = create_meter_label(shell.neutron, args, tenant_id) - - # print('>>> CREATE METER LABEL RULE') - # direction = args.METER_RULE_DIRECTION - # if direction in ('ingress', 'egress'): - # create_meter_label_rule(shell.neutron, meter_label_id, direction) - # elif direction == 'both': - # create_meter_label_rule(shell.neutron, meter_label_id, 'ingress') - # create_meter_label_rule(shell.neutron, meter_label_id, 'egress') - - print('>>> COMPLETE SUCCESSFULLY') - - -@arg('--label-name-template', type=str, metavar='LABEL_NAME_TEMPLATE', - dest='LABEL_NAME_TEMPLATE', default='meter-label-{0}', - help='Define a name template to add meter label for existed tenants. ' - 'Such as: meter-label-{0}, {0} will be replaced by the tenant name' - ' automatically.') -@arg('--meter-rule-direction', type=str, required=False, default='both', - choices=('ingress', 'egress', 'both'), - metavar='METER_RULE_DIRECTION', dest='METER_RULE_DIRECTION', - help='Direction of meter label rule.') -def do_meter(shell, args): - """Add meter label for all existed tenants for network traffic billing. - - """ - print('>>> TENANT LIST MISSING METER LABEL') - tenants = shell.keystone.tenants.list() - meter_labels = shell.neutron.list_metering_labels() - - dict_tenants = {} - for tenant in tenants: - dict_tenants[tenant.id] = tenant - for label in meter_labels['metering_labels']: - if label['tenant_id'] in dict_tenants.keys(): - del dict_tenants[label['tenant_id']] - print_list(dict_tenants.values(), ['id', 'name', 'enabled']) - if len(dict_tenants.values()) <= 0: - print('>>> ALL TENANTS HAVE METER LABEL') - return 0 - answer = raw_input('Create meter label/rules for above tenants(Y/n)?') - if answer.lower() == 'y': - for tenant in dict_tenants.values(): - label_name = args.LABEL_NAME_TEMPLATE.format(tenant.name) - args.METER_LABEL_NAME = label_name - args.METER_LABEL_DESC = 'Meter label of {0}'.format(tenant.name) - meter_label_id = create_meter_label(shell.neutron, args, tenant.id) - if meter_label_id: - direction = args.METER_RULE_DIRECTION - if direction in ('ingress', 'egress'): - create_meter_label_rule(shell.neutron, meter_label_id, - direction) - elif direction == 'both': - create_meter_label_rule(shell.neutron, meter_label_id, - 'ingress') - create_meter_label_rule(shell.neutron, meter_label_id, - 'egress') - print('>>> COMPLETE SUCCESSFULLY') - - -@arg('--tenant-id', type=str, metavar='TENANT_ID', - dest='TENANT_ID', required=True, - help='ID of the tenant to be deleted.') -@arg('--auto-clean', type=bool, metavar='AUTO_CLEAN', - dest='AUTO_CLEAN', default=False, - help='Auto clean all resources.') -def do_delete(shell, args): - """Delete tenant and all resources associated with it to avoid leaving - any legacy stuff - """ - - tenant = shell.keystone.tenants.get(args.TENANT_ID) - shell.tenant = tenant - - if not prompt_yes_no('Tenant [%s] will be deleted. ' - 'Please confirm to continue.' % tenant.name, - default='yes'): - return - - component_list = ['nova', 'neutron', 'cinder', 'glance', 'swift', 'heat', - 'keystone'] - - myself = __import__('tenant') - for component in component_list: - callback = getattr(myself, component.lower() + '_delete') - print('>>> TO DELETE ' + component.upper()) - try: - callback(shell, args) - except Exception as e: - print(e) - print('\n\nTenant %s has been cleaned up based on above selections.' % - args.TENANT_ID) - - -def keystone_delete(shell, args): - try: - if(args.AUTO_CLEAN or prompt_yes_no('Please confirm to delete the' - ' tenant from Keystone:')): - shell.keystone.tenants.delete(args.TENANT_ID) - except Exception as e: - raise e - - -def nova_delete(shell, args): - # NOTE(flwang): Seems there is a bug for nova, it doesn't honour the - # project id though based on the code it does. Will dig it later. - print('>>>>>> SERVERS(VM) LIST') - servers = shell.nova.servers.list(search_opts={'all_tenants': True}) - servers = [s for s in servers if s.tenant_id == args.TENANT_ID] - print_list(servers, ['id', 'name', 'status', 'tenant_id']) - - if (len(servers) and (args.AUTO_CLEAN or - prompt_yes_no('Please confirm:'))): - for server in servers: - shell.nova.servers.delete(server.id) - - -def glance_delete(shell, args): - images = shell.glance.images.list(owner=args.TENANT_ID) - # NOTE(flwang): Make sure the images are what we want to delete - images = [img for img in images if img.owner == args.TENANT_ID] - print_list(images, ['id', 'name', 'owner']) - - if (len(images) and (args.AUTO_CLEAN or - prompt_yes_no('Please confirm:'))): - for image in images: - shell.glance.images.delete(image.id) - - -def cinder_delete(shell, args): - print('>>>>>> VOLUME SNAPSHOTS') - # Delete snapshots - snapshots = shell.cinder.volume_snapshots.list(search_opts={'all_tenants': - True}) - tenant_attr = 'os-extended-snapshot-attributes:project_id' - # NOTE(flwang): If the script user is admin then it will get all the - # snapshot and each snapshot will have the attribute - # 'os-extended-snapshot-attributes:project_id' to indicate the tenant. - # For non-admin, there is no that attribute. - user_roles = shell.keystone.session.auth.auth_ref['user']['roles'] - if {u'name': u'admin'} in user_roles: - snapshots = [v for v in snapshots - if getattr(v, tenant_attr) == args.TENANT_ID] - print_list(snapshots, ['id', 'display_name', 'status', tenant_attr]) - else: - print_list(snapshots, ['id', 'display_name', 'status']) - - if (len(snapshots) and (args.AUTO_CLEAN or - prompt_yes_no('Please confirm:'))): - for snapshot in snapshots: - shell.cinder.volume_snapshots.delete(snapshot.id) - - print('>>>>>> VOLUMES') - # Delete volumes - volumes = shell.cinder.volumes.list(search_opts={'all_tenants': True}) - tenant_attr = 'os-vol-tenant-attr:tenant_id' - if {u'name': u'admin'} in user_roles: - volumes = [v for v in volumes - if getattr(v, tenant_attr) == args.TENANT_ID] - print_list(volumes, ['id', 'display_name', 'status', tenant_attr]) - else: - print_list(volumes, ['id', 'display_name', 'status']) - - if (len(volumes) and (args.AUTO_CLEAN or - prompt_yes_no('Please confirm:'))): - for volume in volumes: - shell.cinder.volumes.delete(volume.id) - - -def swift_delete(shell, args): - endpoint = shell.keystone.service_catalog.url_for(service_type='object-store') # noqa - url = endpoint.split('_')[0] + '_' + args.TENANT_ID - - try: - # Get a specific token for swift - ks = keystone_client.Client(username=args.OS_USERNAME, - password=args.OS_PASSWORD, - tenant_name=shell.tenant.name, - auth_url=args.OS_AUTH_URL, - region_name=args.OS_REGION_NAME, - cacert=args.OS_CACERT, - insecure=args.OS_INSECURE) - account = getattr(swift_client, 'get_account')(url, ks.auth_token) - print_list(account[1], ['name', 'count', 'bytes']) - if (len(account[1]) and (args.AUTO_CLEAN or - prompt_yes_no('Please confirm:'))): - for co in account[1]: - co_obj = getattr(swift_client, 'get_container')(url, - ks.auth_token, - co['name']) - # Delete objects firstly - for obj in co_obj[1]: - getattr(swift_client, - 'delete_object')(url, ks.auth_token, - container=co['name'], - name=obj['name']) - # Delete container - getattr(swift_client, 'delete_container')(url, - ks.auth_token, - co['name']) - except swift_exceptions.ClientException as e: - print('%s %s' % (e.http_status, e.http_reason)) - - -def neutron_delete(shell, args): - # vpn service - _delete_targeted_tenant_resource(shell, args, 'ipsec_site_connection') - _delete_targeted_tenant_resource(shell, args, 'ipsecpolicy') - _delete_targeted_tenant_resource(shell, args, 'ikepolicy') - _delete_targeted_tenant_resource(shell, args, 'vpnservice') - - # meter label and rules - print('>>>>>> METER LABEL RULE LIST') - if not hasattr(shell.neutron, 'list_metering_labels'): - return - metering_labels = shell.neutron.list_metering_labels()['metering_labels'] - metering_label_rules = shell.neutron.list_metering_label_rules() - metering_label_rules = metering_label_rules['metering_label_rules'] - - targeted_rules = [] - for rule in metering_label_rules: - if rule['metering_label_id'] in [m['id'] for m in metering_labels - if m['tenant_id'] == args.TENANT_ID]: - targeted_rules.append(rule) - print_list(targeted_rules, ['id', 'name', 'tenant_id']) - - if (len(targeted_rules) and (args.AUTO_CLEAN or - prompt_yes_no('Please confirm:'))): - for rule in targeted_rules: - shell.neutron.delete_metering_label_rule(rule['id']) - - print('>>>>>> METER LABEL LIST') - metering_labels = [m for m in metering_labels - if m['tenant_id'] == args.TENANT_ID] - print_list(metering_labels, ['id', 'name', 'tenant_id']) - if (len(metering_labels) and (args.AUTO_CLEAN or - prompt_yes_no('Please confirm:'))): - for label in metering_labels: - shell.neutron.delete_metering_label(label['id']) - - # port - print('>>>>>> PORT LIST') - ports = shell.neutron.list_ports() - targeted_ports = [] - for port in ports['ports']: - if port['tenant_id'] == args.TENANT_ID: - targeted_ports.append(port) - print_list(targeted_ports, ['id', 'name', 'tenant_id']) - - if (len(targeted_ports) and (args.AUTO_CLEAN or - prompt_yes_no('Please confirm:'))): - for port in targeted_ports: - try: - if port['device_owner'] == 'network:router_gateway': - shell.neutron.remove_gateway_router(port['device_id']) - elif port['device_owner'] == 'network:router_interface': - for subnet in port['fixed_ips']: - body = {'subnet_id': subnet['subnet_id']} - shell.neutron.remove_interface_router( - port['device_id'], body) - else: - shell.neutron.delete_port(port['id']) - except Exception as e: - print('Failed to delete port:{0}, see: {1}'. - format(port['id'], str(e))) - continue - - # security group - _delete_targeted_tenant_resource(shell, args, 'security_group') - - # floating IP - _delete_targeted_tenant_resource(shell, args, 'floatingip') - - # sub net - _delete_targeted_tenant_resource(shell, args, 'subnet') - - # router - _delete_targeted_tenant_resource(shell, args, 'router') - - # network - _delete_targeted_tenant_resource(shell, args, 'network') - - -def heat_delete(shell, args): - print('>>>>>> STACKS LIST') - try: - heat_srv = shell.keystone.services.find(type='orchestration') - heat_endpoint = shell.keystone.endpoints.find(service_id=heat_srv.id) - heat_url = heat_endpoint.publicurl.replace('$(tenant_id)s', - args.TENANT_ID) - heat = heat_client.Client('1', endpoint=heat_url, - token=shell.keystone.auth_token) - except Exception as e: - raise e - - stacks = heat.stacks.list() - stacks = [s for s in stacks] - print_list(stacks, ['id', 'stack_name', 'stack_status']) - - if (len(stacks) and (args.AUTO_CLEAN or - prompt_yes_no('Please confirm:'))): - for stack in stacks: - heat.stacks.delete(stack.id) - - -def _delete_targeted_tenant_resource(shell, args, resource): - print('>>>>>> %s LIST' % resource.upper()) - list_command = 'list_{0}s'.format(resource) - if resource in ('ipsecpolicy', 'ikepolicy'): - list_command = list_command.replace('policy', 'policie') - resources = getattr(shell.neutron, list_command)() - - resp_key = resource + 's' - if resource in ('ipsecpolicy', 'ikepolicy'): - resp_key = resp_key.replace('policy', 'policie') - delete_resources = [] - for res in resources[resp_key]: - if res['tenant_id'] == args.TENANT_ID: - delete_resources.append(res) - print_list(delete_resources, ['id', 'name', 'tenant_id']) - - if (len(delete_resources) and (args.AUTO_CLEAN or - prompt_yes_no('Please confirm:'))): - delete_function = getattr(shell.neutron, - 'delete_{0}'.format(resource)) - for res in delete_resources: - delete_function(res['id']) - - -@arg('--auto-clean', type=bool, metavar='AUTO_CLEAN', - dest='AUTO_CLEAN', default=False, - help='Auto clean legacy resources.') -@arg('--component', type=str, metavar='COMPONENT', - dest='COMPONENT', - help='Specific component to audit.') -def do_audit(shell, args): - """Audit all existed tenants to make sure everything is OK. - - Tenant deletion related blueprints: - [1] https://blueprints.launchpad.net/keystone/+spec/notifications - [2] https://blueprints.launchpad.net/neutron/+spec/tenant-delete - """ - user_roles = shell.keystone.session.auth.auth_ref['user']['roles'] - if {u'name': u'admin'} not in user_roles: - print('Admin permission is required.') - return - - component_list = ['nova', 'neutron', 'cinder', 'glance'] - - tenants = shell.keystone.tenants.list() - tenant_ids = [t.id for t in tenants] - - myself = __import__('tenant') - if args.COMPONENT: - callback = getattr(myself, args.COMPONENT.lower() + '_audit') - print('>>> AUDITING ' + args.COMPONENT.upper()) - callback(shell, args, tenant_ids) - else: - for component in component_list: - callback = getattr(myself, component.lower() + '_audit') - print('>>> AUDITING ' + component.upper()) - callback(shell, args, tenant_ids) - - -def nova_audit(shell, args, tenant_ids): - # instance - print('>>>>>> ZOMBIE INSTANCE LIST') - servers = shell.nova.servers.list(search_opts={'all_tenants': True}) - zombie_servers = [s for s in servers if s.tenant_id not in tenant_ids] - print_list(zombie_servers, ['id', 'name', 'tenant_id']) - - if ((len(zombie_servers) and - (args.AUTO_CLEAN or prompt_yes_no('Confirm to delete:')))): - for server in zombie_servers: - shell.nova.servers.delete(server.id) - - -def neutron_audit(shell, args, tenant_ids): - # Clean up services, FWaaS, LBaaS, etc - _clean_up_resource(shell, args, tenant_ids, 'ipsec_site_connection') - _clean_up_resource(shell, args, tenant_ids, 'ipsecpolicy') - _clean_up_resource(shell, args, tenant_ids, 'ikepolicy') - _clean_up_resource(shell, args, tenant_ids, 'vpnservice') - - # metering label - _clean_up_resource(shell, args, tenant_ids, 'metering_label') - - # meter label rule - print('>>>>>> ZOMBIE METER LABEL RULE LIST') - metering_labels = shell.neutron.list_metering_labels() - metering_label_ids = [m['id'] for m in metering_labels['metering_labels']] - metering_label_rules = shell.neutron.list_metering_label_rules() - zombie_metering_label_rules = [] - for metering_label_rule in metering_label_rules['metering_label_rules']: - if metering_label_rule['metering_label_id'] not in metering_label_ids: - zombie_metering_label_rules.append(metering_label_rule) - print_list(zombie_metering_label_rules, ['id', 'name', 'tenant_id']) - - if ((len(zombie_metering_label_rules) > 0 and - (args.AUTO_CLEAN or prompt_yes_no('Confirm to delete:')))): - for metering_label_rule in zombie_metering_label_rules: - shell.neutron.delete_metering_label_rule(metering_label_rule['id']) - - # floating ip - _clean_up_resource(shell, args, tenant_ids, 'floatingip') - - # port - print('>>>>>> ZOMBIE PORT LIST') - ports = shell.neutron.list_ports() - zombie_ports = [] - for port in ports['ports']: - if port['tenant_id'] not in tenant_ids: - zombie_ports.append(port) - print_list(zombie_ports, ['id', 'name', 'tenant_id']) - - if (len(zombie_ports) > 0 and (args.AUTO_CLEAN or - prompt_yes_no('Confirm to delete:'))): - for port in zombie_ports: - try: - if port['device_owner'] == 'network:router_gateway': - shell.neutron.remove_gateway_router(port['device_id']) - elif port['device_owner'] == 'network:router_interface': - for subnet in port['fixed_ips']: - body = {'subnet_id': subnet['subnet_id']} - shell.neutron.remove_interface_router( - port['device_id'], body) - else: - shell.neutron.delete_port(port['id']) - except Exception as e: - print('Failed to delete port:{0}, see: {1}'.format(port['id'], - str(e))) - continue - - # security group - _clean_up_resource(shell, args, tenant_ids, 'security_group') - - # subnet - _clean_up_resource(shell, args, tenant_ids, 'subnet') - - # router - _clean_up_resource(shell, args, tenant_ids, 'router') - - # network - _clean_up_resource(shell, args, tenant_ids, 'network') - - -def _clean_up_resource(shell, args, tenant_ids, resource): - print('>>>>>> ZOMBIE %s LIST' % resource.upper()) - resources = getattr(shell.neutron, 'list_{0}s'.format(resource))() - zombie_resources = [r for r in resources[resource + 's'] - if r['tenant_id'] not in tenant_ids] - print_list(zombie_resources, ['id', 'name', 'tenant_id']) - - if (len(zombie_resources) > 0 and (args.AUTO_CLEAN or - prompt_yes_no('Confirm to delete:'))): - delete_function = getattr(shell.neutron, 'delete_{0}'.format(resource)) - for res in zombie_resources: - delete_function(res['id']) - - -def cinder_audit(shell, args, tenant_ids): - print('>>>>>> ZOMBIE VOLUME SNAPSHOTS LIST') - # snapshots - snapshots = shell.cinder.volume_snapshots.list(search_opts={'all_tenants': - True}) - tenant_attr = 'os-extended-snapshot-attributes:project_id' - zombie_snapshots = [s for s in snapshots - if getattr(s, tenant_attr) not in tenant_ids] - print_list(zombie_snapshots, ['id', 'display_name', 'status', tenant_attr]) - - if (len(zombie_snapshots) > 0 and (args.AUTO_CLEAN or - prompt_yes_no('Confirm to delete:'))): - for snapshot in zombie_snapshots: - shell.cinder.volume_snapshots.delete(snapshot.id) - - # volume - print('>>>>>> ZOMBIE VOLUME LIST') - volumes = shell.cinder.volumes.list(search_opts={'all_tenants': True}) - tenant_attr = 'os-vol-tenant-attr:tenant_id' - zombie_volumes = [v for v in volumes - if getattr(v, tenant_attr) not in tenant_ids] - print_list(zombie_volumes, ['id', 'display_name', - 'os-vol-tenant-attr:tenant_id']) - - if (len(zombie_volumes) > 0 and (args.AUTO_CLEAN or - prompt_yes_no('Confirm to delete:'))): - for volume in zombie_volumes: - shell.cinder.volumes.delete(volume.id) - - -def glance_audit(shell, args, tenant_ids): - # image - print('>>>>>> ZOMBIE IMAGE LIST') - images = shell.glance.images.list(filters={"is_public": None}) - zombie_images = [i for i in images if (i.owner not in - tenant_ids) and (not i.is_public)] - print_list(zombie_images, ['id', 'name', 'owner']) - - if (len(zombie_images) > 0 and (args.AUTO_CLEAN or - prompt_yes_no('Confirm to delete:'))): - for image in zombie_images: - shell.glance.images.delete(image.id) - - -def swift_audit(shell, args, tenant_ids): - # TODO(flwang): Seems Swift can't get all the resources with admin - # because all its resources will be associated with a tenant. That means - # without tenant id, you can't list them. So it's hard to detect the - # zombie resources. - pass - - -def create_tenant(keystone, args): - try: - tenant = keystone.tenants.create(tenant_name=args.TENANT_NAME, - description=args.TENANT_DESC, - enabled=True) - print_dict(tenant._info) - except Exception as e: - raise e - return tenant.id - - -def add_admin_to_tenant(keystone, tenant_id): - # Add admin user into the new tenant since it is required for monitoring - try: - admin_user_id, admin_role_id = get_admin_user_role(keystone) - keystone.roles.add_user_role(admin_user_id, admin_role_id, tenant_id) - except Exception as e: - raise e - - -def get_admin_user_role(keystone): - # NOTE(flwang): Here is assuming that both the admin name and role name - # using 'admin' as the name. - try: - admin_user_id = [r.id for r in keystone.users.list() - if r.name == 'admin'] - admin_role_id = [r.id for r in keystone.roles.list() - if r.name == 'admin'] - return (admin_user_id[0], admin_role_id[0]) - except Exception as e: - raise e - - -def create_network(neutron, tenant_id, network_name): - if not network_name: - network_name = raw_input('Please enter the network name:') - try: - network_body = { - "network": { - "name": network_name, - 'tenant_id': tenant_id, - "admin_state_up": True - } - } - network = neutron.create_network(body=network_body) - print_dict(network['network']) - return network['network']['id'] - except Exception as e: - raise e - - -def create_subnet(neutron, tenant_id, network_id, subnet_name, subnet_cidr, - dns_servers): - if not subnet_cidr: - subnet_cidr = raw_input('Please enter the IP range(CIDR format):') - try: - dns_servers = dns_servers if dns_servers else DNS_NAMESERVERS - subnet_body = { - "subnet": { - "network_id": network_id, - "ip_version": 4, - 'tenant_id': tenant_id, - 'dns_nameservers': dns_servers, - "cidr": subnet_cidr - } - } - subnet = neutron.create_subnet(body=subnet_body) - print_dict(subnet['subnet']) - return subnet - except Exception as e: - raise e - - -def create_router(neutron, tenant_id, public_network, router_name): - if not router_name: - router_name = raw_input('Please enter the router name:') - if not public_network: - public_network = raw_input('Please enter the public network id:') - try: - router_body = { - "router": { - "name": router_name, - "external_gateway_info": { - "network_id": public_network - }, - 'tenant_id': tenant_id, - "admin_state_up": True - } - } - router = neutron.create_router(body=router_body) - print_dict(router['router']) - return router - except Exception as e: - raise e - - -def create_interface(neutron, router, subnet_id): - try: - interface_body = { - "subnet_id": subnet_id - } - interface = neutron.add_interface_router(router['router']['id'], - body=interface_body) - print_dict(interface) - except Exception as e: - raise e - - -def create_meter_label(neutron, args, tenant_id): - try: - meter_label_name = args.METER_LABEL_NAME - if not meter_label_name: - meter_label_name = 'meter-label-' + args.TENANT_NAME - - meter_label_body = { - 'metering_label': { - 'name': meter_label_name, - 'tenant_id': tenant_id, - 'description': args.METER_LABEL_DESC, - } - } - meter_label = neutron.create_metering_label(body=meter_label_body) - print_dict(meter_label['metering_label']) - return meter_label['metering_label']['id'] - except Exception as e: - raise e - - -def create_meter_label_rule(neutron, meter_label_id, direction): - try: - meter_rule_body = {"metering_label_rule": - {"remote_ip_prefix": "0.0.0.0/0", - "direction": direction, - "metering_label_id": meter_label_id - } - } - meter_rule = neutron.create_metering_label_rule(body=meter_rule_body) - print_dict(meter_rule['metering_label_rule']) - except Exception as e: - raise e - - -def rollback(args, **parms): - # TODO(flwang): Remove the created resources if there is any failure. - pass - - -def print_list(objs, fields, formatters={}): - pt = prettytable.PrettyTable([f for f in fields], caching=False) - pt.align = 'l' - - for o in objs: - row = [] - for field in fields: - if field in formatters: - row.append(formatters[field](o)) - else: - field_name = field.lower().replace(' ', '_') - if type(o) == dict and field in o: - data = o[field_name] - else: - data = getattr(o, field_name, None) or '' - row.append(data) - pt.add_row(row) - - print(encodeutils.safe_encode(pt.get_string())) - - -def prompt_yes_no(question, default="no"): - """Ask a yes/no question via raw_input() and return their answer. - - "question" is a string that is presented to the user. - "default" is the presumed answer if the user just hits . - It must be "yes" (the default), "no" or None (meaning - an answer is required of the user). - - The "answer" return value is one of "yes" or "no". - """ - valid = {"yes": True, "y": True, "ye": True, - "no": False, "n": False} - if default is None: - prompt = " [y/n] " - elif default == "yes": - prompt = " [Y/n] " - elif default == "no": - prompt = " [y/N] " - else: - raise ValueError("invalid default answer: '%s'" % default) - - while True: - sys.stdout.write(question + prompt) - choice = raw_input().lower() - if default is not None and choice == '': - return valid[default] - elif choice in valid: - return valid[choice] - else: - sys.stdout.write("Please respond with 'yes' or 'no' " - "(or 'y' or 'n').\n") - - -def print_dict(d, max_column_width=80): - pt = prettytable.PrettyTable(['Property', 'Value'], caching=False) - pt.align = 'l' - pt.max_width = max_column_width - [pt.add_row(list(r)) for r in six.iteritems(d)] - print(encodeutils.safe_encode(pt.get_string(sortby='Property'))) - - -if __name__ == '__main__': - try: - TenantShell().main(sys.argv[1:]) - except KeyboardInterrupt: - print("Terminating...") - sys.exit(1) - except Exception as e: - exc_type, exc_value, exc_traceback = sys.exc_info() - traceback.print_exception(exc_type, exc_value, exc_traceback, - limit=2, file=sys.stdout) diff --git a/multi/user-info.py b/multi/user-info.py deleted file mode 100755 index 05c5f0b..0000000 --- a/multi/user-info.py +++ /dev/null @@ -1,305 +0,0 @@ -#!/usr/bin/env python -# -# Copyright (c) 2015 SWITCH http://www.switch.ch -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Author: Valery Tschopp -# Date: 2015-08-27 -# Update: 2016-04-04 - all regions from keystone v3 api - -import sys -import traceback -import os -import argparse -import keystoneclient -import novaclient -from keystoneclient.v3 import client as keystone_v3 -from novaclient import client as nova_client -from cinderclient.v2 import client as cinder_client -from neutronclient.v2_0 import client as neutron_client -from glanceclient.v2 import client as glance_client - -def get_environ(key, verbose=False): - if key not in os.environ: - print "ERROR:", key, "not define in environment" - sys.exit(1) - if verbose: - if 'password' in key.lower(): - key_value = '*' * len(os.environ[key]) - else: - key_value = os.environ[key] - print "{}: {}".format(key, key_value) - return os.environ[key] - - -def main(): - """Show information (servers, volumes, networks, ...) for a user. - - Search in all projects the user is member of, and optionally in all regions (-a|--all). - """ - parser = argparse.ArgumentParser( - description="Show information (servers, volumes, networks, ...) for a user. Search in all projects the user is member of, and optionally in all regions (-a).") - parser.add_argument('-a', '--all-regions', help='query all regions', action='store_true') - parser.add_argument('USERNAME', help="username to search") - parser.add_argument('-v', '--verbose', help='verbose', action='store_true') - if len(sys.argv) < 2: - parser.print_help() - sys.exit(1) - args = parser.parse_args() - - # get OS_* environment variables - os_auth_url = get_environ('OS_AUTH_URL', args.verbose) - os_username = get_environ('OS_USERNAME', args.verbose) - os_password = get_environ('OS_PASSWORD', args.verbose) - os_tenant_name = get_environ('OS_TENANT_NAME', args.verbose) - os_region_name = get_environ('OS_REGION_NAME', args.verbose) - - # keystone_V3 client requires a /v3 auth url - if '/v2.0' in os_auth_url: - os_auth_url_v3 = os_auth_url.replace('/v2.0', '/v3') - if args.verbose: - print "os_auth_url_v3:", os_auth_url_v3 - - keystone = keystone_v3.Client(username=os_username, - password=os_password, - project_name=os_tenant_name, - auth_url=os_auth_url_v3) - - # all regions available - all_regions = [] - for region in keystone.regions.list(): - all_regions.append(region.id) - - # regions to use - region_names = [os_region_name] - if args.all_regions: - if os_region_name in all_regions: - region_names = all_regions - - # Openstack clients per region - nova_regions = {} - cinder_regions = {} - neutron_regions = {} - glance_regions = {} - for region_name in region_names: - _nova = nova_client.Client(2, - os_username, - os_password, - os_tenant_name, - auth_url=os_auth_url, - region_name=region_name) - nova_regions[region_name] = _nova - _cinder = cinder_client.Client(os_username, - os_password, - os_tenant_name, - auth_url=os_auth_url, - region_name=region_name) - cinder_regions[region_name] = _cinder - _neutron = neutron_client.Client(username=os_username, - password=os_password, - tenant_name=os_tenant_name, - auth_url=os_auth_url, - region_name=region_name) - neutron_regions[region_name] = _neutron - _glance_endpoint = keystone.service_catalog.url_for(service_type='image', - endpoint_type='publicURL', - region_name=region_name) - _glance = glance_client.Client(endpoint=_glance_endpoint, - token=keystone.auth_token) - glance_regions[region_name] = _glance - - try: - username = args.USERNAME - user = keystone.users.find(name=username) - user_projects = keystone.projects.list(user=user) - - print u"User: {} [{}]: {} projects".format(user.name, - user.id, - len(user_projects)) - for project in user_projects: - print u" Project: {} [{}] - {}".format(project.name, - project.id, - project.description) - - servers_search_opts = {'all_tenants': True, 'tenant_id': project.id} - volumes_search_opts = {'all_tenants': True, 'project_id': project.id} - neutron_search_opts = {'all_tenants': True, 'tenant_id': project.id} - glance_search_opts = {'filters': {'owner': project.id } } - for region in region_names: - - # get clients for region - nova = nova_regions[region] - cinder = cinder_regions[region] - neutron = neutron_regions[region] - glance = glance_regions[region] - - # servers - project_servers = nova.servers.list(search_opts=servers_search_opts) - servers = {} - for server in project_servers: - servers[server.id] = server - - # volumes - project_volumes = cinder.volumes.list(search_opts=volumes_search_opts) - volumes = {} - for volume in project_volumes: - volumes[volume.id] = volume - - # volume snapshots - project_volume_snapshots = cinder.volume_snapshots.list(search_opts=volumes_search_opts) - volume_snapshots = {} - for volume_snapshot in project_volume_snapshots: - volume_snapshots[volume_snapshot.id] = volume_snapshot - - # images - project_images = glance.images.list(**glance_search_opts) - images = {} - for image in project_images: - images[image.id] = image - - # floating IPs - resp = neutron.list_floatingips(**neutron_search_opts) - floatingips = {} - for floatingip in resp['floatingips']: - floatingips[floatingip['id']] = floatingip - - resp = neutron.list_networks(**neutron_search_opts) - networks = {} - for network in resp['networks']: - networks[network['id']] = network - - resp = neutron.list_routers(**neutron_search_opts) - routers = {} - for router in resp['routers']: - routers[router['id']] = router - - # - # show information - # - if servers or volumes or volume_snapshots or floatingips or networks or routers or images: - print " Region:", region - if servers: - print " Servers:" - for id, server in servers.items(): - print u" Server: {} [{}] - {}".format(server.name, server.id, server.status) - volumes_attached = getattr(server,'os-extended-volumes:volumes_attached') - for volume_attached in volumes_attached: - volume_id = volume_attached['id'] - if volume_id in volumes: - volume = volumes[volume_id] - volume_name = volume.name.rstrip() if volume.name else 'None' - for attachment in volume.attachments: - attached_server_id = attachment['server_id'] - attached_device = attachment['device'] - if attached_server_id == server.id: - print u" Volume: {}: {} [{}] {}GB - {}".format(attached_device, volume_name, volume.id, volume.size, volume.status.upper()) - # remove volume from list - volumes.pop(volume_id) - else: - print u" ERROR: Volume {} [{}] not attached to Server {} [{}]".format(volume_name, volume.id, server.name, server.id) - - if volumes: - print " Other Volumes:" - for id, volume in volumes.items(): - volume_name = volume.name.rstrip() if volume.name else 'None' - print u" Volume: {} [{}] {}GB - {}".format(volume_name, volume.id, volume.size, volume.status.upper()) - for attachment in volume.attachments: - attached_server_id = attachment['server_id'] - if attached_server_id in servers: - server_attached = servers[attached_server_id] - print u" Attached to: {} [{}]:{}".format(server_attached.name, server_attached.id, attachment['device']) - else: - print u" ERROR: attached to unknown Server [{}]:{}".format(attached_server_id, attachment['device']) - - if volume_snapshots: - print " Volume Snapshots:" - for id, v_snapshot in volume_snapshots.items(): - v_snapshot_name = v_snapshot.name.rstrip() if v_snapshot.name else 'None' - print u" Snapshot: {} [{}] (Volume: [{}]) {}GB - {}".format(v_snapshot_name, v_snapshot.id, v_snapshot.volume_id, v_snapshot.size, v_snapshot.status.upper()) - - if images: - print " Images:" - for id, image in images.items(): - print u" Image: {} [{}] (Owner: [{}], Visibility: {})".format(image.name, image.id, image.owner, image.visibility) - - if floatingips: - print " Floating IPs:" - for id, floatingip in floatingips.items(): - print u" IP: {} [{}] - {}".format(floatingip['floating_ip_address'], floatingip['id'], floatingip['status']) - - if routers: - print " Routers:" - for id, router in routers.items(): - print u" Router: {} [{}] - {}".format(router['name'], router['id'], router['status']) - resp = neutron.list_ports(device_id=id) - ifaces = resp['ports'] - for iface in ifaces: - device_owner = iface['device_owner'] - iface_info = ["Subnet: %s IP: %s" % (i['subnet_id'],i['ip_address']) for i in iface['fixed_ips']] - if device_owner == 'network:router_gateway': - resp = neutron.show_network(iface['network_id']) - iface_net = resp['network'] - print u" Interface: {} (Gateway External Network: {} [{}])".format(iface['id'], iface_net['name'], iface_net['id']) - elif device_owner == 'network:router_interface': - print u" Interface: {} ({})".format(iface['id'], ",".join(iface_info)) - else: - print u" Interface: {} ({}) ({})".format(iface['id'], device_owner, ",".join(iface_info)) - - if networks: - print " Networks:" - for id, network in networks.items(): - print u" Network: {} [{}] - {}".format(network['name'], network['id'], network['status']) - for subnet_id in network['subnets']: - resp = neutron.show_subnet(subnet_id) - subnet = resp['subnet'] - subnet_ipranges = ["IPRange: %s-%s" % (i['start'],i['end']) for i in subnet['allocation_pools']] - print u" Subnet: {} [{}] (CIDR: {})".format(subnet['name'], subnet['id'], subnet['cidr']) - resp = neutron.list_ports(network_id=id) - ports = resp['ports'] - for port in ports: - device_id = port['device_id'] - device_owner = port['device_owner'] - if device_id in servers: - server = servers[device_id] - print u" Port: {} (Server: {} [{}])".format(port['id'], server.name, server.id, port['status']) - elif device_id in routers: - router = routers[device_id] - print u" Port: {} (Router: {} [{}])".format(port['id'], router['name'], router['id'], port['status']) - elif device_owner == 'network:dhcp': - print u" Port: {} (DHCP)".format(port['id']) - else: - print u" Port: {} ({} [])".format(port['id'], device_owner, device_id, port['status']) - - except keystoneclient.exceptions.NotFound as e: - print "ERROR: Username", username, "not found:", e.message - sys.exit(1) - - except novaclient.exceptions.NotFound as e: - print "ERROR: not found:", e.message - sys.exit(1) - - except UnicodeEncodeError as e: - print "UnicodeEncodeError" - print '-'*60 - traceback.print_exc(file=sys.stdout) - print '-'*60 - sys.exit(1) - - except Exception as e: - print "ERROR:", e.message - sys.exit(1) - - -if __name__ == '__main__': - main() diff --git a/neutron/README.md b/neutron/README.md deleted file mode 100644 index 6e1391e..0000000 --- a/neutron/README.md +++ /dev/null @@ -1,64 +0,0 @@ -# Neutron folder - -this folder contains scripts that are related to Neutron - -## L3 Agent Evacuate - -Migrate away the OpenStack routers from a L3 Agent - -``` -./l3-agent-evacuate.py --help -usage: l3-agent-evacuate.py [-h] [-f FROM_L3AGENT] [-t TO_L3AGENT] [-r ROUTER] - [-l LIMIT] [-v] - -Evacuate a neutron l3-agent - -optional arguments: - -h, --help show this help message and exit - -f FROM_L3AGENT, --from-l3agent FROM_L3AGENT - l3agent uuid - -t TO_L3AGENT, --to-l3agent TO_L3AGENT - l3agent uuid - -r ROUTER, --router ROUTER - specific router - -l LIMIT, --limit LIMIT - max number of routers to migrate - -v, --verbose verbose -``` - -First of all we should have clear in mind that when we create a router in -Openstack, that router is just a network namespace on one of the network nodes, -with name qrouter-. For each namespace there is a qr (downstream) and a -qg (upstream) interface. In some situations an operation might want to migrate -away all the routers from a network node, to be able for example to reboot the -node without impacting the user traffic. The neutron component responsible for -creating the namespaces and cabling them with openvswitch is the l3 agent. You -can check the uuid of the l3 agents currently running with: - -``` openstack network agent list ``` - -When you are running multiple l3 agents, if you create a new router Openstack -will schedule the namespace to be created on one of the available network -nodes. Given a specific router, with this command you can find out on which -network node the namespace has been created: -``` -neutron l3-agent-list-hosting-router -``` - -To list instead all the routers scheduled on a specific network node ``` -neutron router-list-on-l3-agent ``` Using the neutron commands -`l3-agent-router-add` and `l3-agent-router-remove` is then possible to move a -router from a l3 agent to another one. - -The tool `l3-agent-evacuate.py` will create a list of all the routers present -on the `from-agent` and will move 1 router every 10 seconds to the `to-agent`. -It is better to add a 10 seconds delay because Openvswitch has to make a lot of -operations when the namespace is created, and moving many routers at once will -cause openvswitch to blow up with unpredictable behavior. - -The script has also a `--router` option if you want to migrate a specific -router, or a `--limit` option if you want to migrate just a few routers. - -While migrating the routers, you can check (especially on the target l3-agent) -the openvswitch operations going on in `/var/log/syslog`. - diff --git a/neutron/count_routers_on_host.sh b/neutron/count_routers_on_host.sh deleted file mode 100755 index 8caba07..0000000 --- a/neutron/count_routers_on_host.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -#set -x - -# count the number of routers per host -# optional argument of ACTIVE_ONLY -- which will count routers on active L3 agents only - -echo "Router count per host. Gathering data. Be patient." - -if [ "$1" == "ACTIVE_ONLY" ]; then - AGENTS=$(neutron agent-list --column id --column agent_type --column host --format csv --quote minimal --column admin_state_up --column alive | grep ':-)' | grep True | grep L3 | cut -f1 -d',') -else - AGENTS=$(neutron agent-list --column id --column agent_type --column host --format csv --quote minimal | grep L3 | cut -f1 -d',') -fi - -for agent in ${AGENTS}; do - COUNT=$(neutron router-list-on-l3-agent --format csv --quote minimal ${agent} | grep -v "id,name,external_gateway_info" | grep "," | wc -l) - ROUTER_HOST=$(neutron agent-list --column id --column agent_type --column host --format csv --quote minimal | grep L3 | grep ${agent} | cut -f3 -d',' | tr -d '\r') - echo "${ROUTER_HOST} (${agent}): ${COUNT}" -done diff --git a/neutron/dhcp_agents_balancer.py b/neutron/dhcp_agents_balancer.py deleted file mode 100644 index 4965b59..0000000 --- a/neutron/dhcp_agents_balancer.py +++ /dev/null @@ -1,685 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- - -# Copyright 2016 OVH SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -""" -The script checks how many neutron dhcp agents are handling one network and -spreads load of networks to be similar on all agents in infra. - -""" - -import argparse -import multiprocessing -import logging -import os -import random -import sys -import itertools - -from neutronclient.v2_0 import client as neutronclient - - -OS_PREFIX = "OS_" -OS_REQUIRED_KEYS = [ - 'username', - 'password', - 'tenant_name', - 'auth_url', - 'region_name'] - -MAX_ATTEMPTS = 3 - -DHCP_AGENT_TYPE = "DHCP agent" -HOST_ID = "binding:host_id" -RESERVED_DHCP_PORT = "reserved_dhcp_port" - -_CLIENT = None -_CREDS = {} - - -def get_neutron_client(): - global _CLIENT - if _CLIENT: - return _CLIENT - credentials = get_credentials() - _CLIENT = neutronclient.Client(**credentials) - return _CLIENT - - -def get_credentials(): - global _CREDS - if _CREDS: - return _CREDS - for key in OS_REQUIRED_KEYS: - env_key = OS_PREFIX + key.upper() - value = os.environ.get(env_key) - if not value: - LOG.error("Missing %s in environment vars." - "Openstack environment vars should be loaded before " - "running this script", env_key) - sys.exit(1) - _CREDS[key] = value - return _CREDS - - -def get_logger(verbose=False, debug=False, logfile=None, name=None): - logger = logging.getLogger(name) - formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(message)s') - loglevel = logging.ERROR - if verbose: - loglevel = logging.INFO - if debug: - loglevel = logging.DEBUG - logger.setLevel(loglevel) - - if logfile: - fh = logging.FileHandler(logfile) - fh.setLevel(loglevel) - fh.setFormatter(formatter) - logger.addHandler(fh) - else: - ch = logging.StreamHandler() - ch.setLevel(loglevel) - ch.setFormatter(formatter) - logger.addHandler(ch) - return logger - - -def get_number_of_cores(): - try: - return multiprocessing.cpu_count() - except Exception: - LOG.warning("Failed to determine number of cores in the system") - return 1 - - -def parse_args(): - - def check_positive(value): - ivalue = int(value) - if ivalue <= 0: - raise argparse.ArgumentTypeError( - "%s is an invalid positive int value" % value) - return ivalue - - program_description=("This script is working in two stages: \n" - "1. Checking number of DHCP agents for each \n" - " network and removing some agents if there is \n" - " too many assigned for network,\n" - "2. Calculating number of networks which every \n" - " DHCP agent should handle. Balancing networks \n" - " amont agents that each of them handles \n" - " similar number of networks.\n\n" - "If --cold-restart is set, the script will do DHCP network \n" - "reassignment for all networks.") - - parser = argparse.ArgumentParser( - description=program_description, - formatter_class=argparse.RawTextHelpFormatter) - parser.add_argument("--workers", default=None, type=check_positive, - help=("Number of workers to do some operations " - "simultaneously (like removing dead agents) " - "from network. By default number of CPU " - "cores will be taken")), - parser.add_argument("--max_agents_per_network", default=1, type=int, - help=("Maximum number of agents which should host " - "DHCP service for one network")), - parser.add_argument("--remove-associations", action="store_true", - help="Remove all network to DHCP agent associations"), - parser.add_argument("--add-associations", action="store_true", - help="Delegate all networks to DHCP agents by Round-Robin"), - parser.add_argument("--cold-restart", action="store_true", - help="Remove all network to DHCP agent associations and " - "delegate all networks to DHCP agents by Round-Robin"), - parser.add_argument("--debug", action="store_true", - help="Enable debug mode") - parser.add_argument("--verbose", action="store_true", - help="Make script to be more verbose") - parser.add_argument("--log-file", dest='logfile', default=None, - help="Log file path.") - return parser.parse_args() - - -def remove_unneccessary_agents(number_of_workers): - """Remove DHCP agents from handle DHCP service if there is more - agents than set in MAX_AGENTS_PER_NETWORK. - - It performs clean for all networks with dhcp agents. - """ - - networks_agents = get_networks_agents(number_of_workers) - if not networks_agents: - return - LOG.info("Cleaning networks from unneccessary DHCP agents") - threads_pool = multiprocessing.Pool(processes=number_of_workers) - threads_pool.map(remove_unneccessary_agents_for_network, - zip(networks_agents.keys(), networks_agents.values())) - LOG.info("All networks cleaned") - - -def remove_unneccessary_agents_for_network(network_agents): - """Remove DHCP agents from hosting DHCP service if there is more - agents than set in MAX_AGENTS_PER_NETWORK. - - Example: network is assigned to 3 DHCP agents but should be only to - one, the network will be deleted from two agents. - Reserved_dhcp_ports will be deleted from this network as well. - - :param network_agents: tuple with network id as first element and - list of agents as second - """ - - network_id = network_agents[0] - agents = network_agents[1] - agents_to_stay = 0 - for agent in agents: - agent_id = agent['id'] - agent_alive = agent['alive'] - if not agent_alive: - LOG.info("Removing dead agent %(agent_id)s from network " - "%(network_id)s", - {'agent_id': agent_id, 'network_id': network_id}) - remove_network_from_agent(network_id, agent_id) - else: - if agents_to_stay < MAX_AGENTS_PER_NETWORK: - LOG.debug("Agent %(agent_id)s will still handle DHCP for " - "network %(network_id)s", - {'agent_id': agent_id, 'network_id': network_id}) - agents_to_stay += 1 - else: - LOG.info("Removing agent %(agent_id)s from network " - "%(network_id)s", - {'agent_id': agent_id, 'network_id': network_id}) - remove_network_from_agent(network_id, agent_id) - remove_reserved_dhcp_ports(network_id) - - -def remove_reserved_dhcp_ports(network_id): - """Remove reserved_dhcp_ports from network - - :param network_id: id of network to clean - """ - - client = get_neutron_client() - try: - ports = client.list_ports(network_id=network_id, - device_id=RESERVED_DHCP_PORT) - except Exception as e: - LOG.error("Failed to get list of reserved dhcp ports in " - "network %(network_id)s; Error: %(err)s", - {'network_id': network_id, 'err': e}) - return - - for port in ports['ports']: - LOG.debug("Delete port %(port_id)s from network %(net_id)s", - {'port_id': port['id'], 'net_id': network_id}) - try: - client.delete_port(port['id']) - except Exception as e: - LOG.error("Failed to remove reserved dhcp port %(port_id)s " - "from network %(network_id)s; Error: %(err)s", - {'port_id': port['id'], - 'network_id': network_id, - 'err': e}) - - -def cold_restart(number_of_workers): - """ Reassign all DHCP networks - - It performs remove all networks from all agents - and then reassignment. - """ - - LOG.info("Performing cold restart procedure") - remove_all_networks_from_all_agents(number_of_workers) - associate_networks_to_agents() - LOG.info("Cold restart done") - - -def associate_networks_to_agents(): - """Add DHCP networks associations - - It performs all networks to all agents - association. - """ - - LOG.info("Performing network to agent associations") - live_dhcp_agents, dead_dhcp_agents = get_dhcp_agents() - networks_to_assign = get_list_of_networks_with_dhcp() - - if len(live_dhcp_agents) == 0: - LOG.error("No live DHCP agents found") - return - if len(networks_to_assign) == 0: - LOG.error("No DHCP networks found") - return - - try: - networks_left_to_assign = \ - assign_dhcp_networks_to_agents_rr(networks_to_assign, - live_dhcp_agents) - if networks_left_to_assign: - LOG.info("Assignment for some networks failed. " - "Trying again." ) - result = \ - assign_dhcp_networks_to_agents_rr(networks_left_to_assign, - live_dhcp_agents) - if result: - raise Exception("Some networks needs to be " - "reassigned manually: ", str(result)) - except Exception as e: - LOG.error("Error occured during associations: " - "%(err)s", {'err': e}) - - LOG.info("Done network to agent associations") - - -def assign_dhcp_networks_to_agents_rr(networks_to_assign, dhcp_agents): - """Assing given networks to given DHCP Agents by Round Robin - - :param networks_to_assign: list of networks to assign - :dhcp_agents: list of dhcp agents - - :return networks_to_reassign: list of unassigned networks due failure - or empty list if succeeded - """ - - LOG.info("Assigning networks to DHCP Agents by RoundRobin") - number_of_networks_with_dhcp = len(networks_to_assign) - number_of_live_dhcp_agents = len(dhcp_agents) - agent_cycle = itertools.cycle(dhcp_agents) - networks_to_reassign = [] - - for network_id in networks_to_assign: - net, net_agents = get_agents_handled_network(network_id) - agents_for_network = MAX_AGENTS_PER_NETWORK - if net_agents: - agents_for_network = MAX_AGENTS_PER_NETWORK - len(net_agents) - if agents_for_network <= 0: - LOG.debug("Failed to assign network %(network_id)s to DHCP Agents " - "- network already assigned", {'network_id': network_id}) - continue - for i in range (0, agents_for_network): - agent_id = agent_cycle.next() - attempt = 1 - assigned = False - while attempt <= MAX_ATTEMPTS and assigned == False: - if add_network_to_agent(network_id,agent_id): - assigned = True - continue - else: - if attempt == MAX_ATTEMPTS: - networks_to_reassign.append(network_id) - LOG.error("Failed to assign network %(network_id)s to " - "DHCP Agent %(agent_id)s", - {'network_id': network_id, 'agent_id': agent_id}) - break - else: - attempt += 1 - return networks_to_reassign - - -def balance_load_of_agents(): - """Main function to make balance of networks across DHCP agents - - It gets number of all agents from Neutron API and list of network_ids - hanlded by each agent. Then it calculates how many networks should be - handled by agent so all networks will be handled by alive agent(s). - Finally it moves some networks from overloaded_agents to free_agents. - """ - - live_dhcp_agents, dead_dhcp_agents = get_dhcp_agents() - dhcp_agents = dict( - list(live_dhcp_agents.items()) + list(dead_dhcp_agents.items()) - ) - number_of_networks_with_dhcp = get_number_of_networks_with_dhcp( - dhcp_agents) - number_of_live_dhcp_agents = len(live_dhcp_agents) - if number_of_live_dhcp_agents == 0: - LOG.error("No live DHCP agents found") - return - # DHCP slot is network assigned to agent - necessary_dhcp_slots = ( - number_of_networks_with_dhcp * MAX_AGENTS_PER_NETWORK) - max_networks_per_agent = int(round( - float(necessary_dhcp_slots) / float(number_of_live_dhcp_agents) - )) - overloaded_agents, full_agents, free_agents = split_agents( - live_dhcp_agents, max_networks_per_agent) - - LOG.info("Overloaded agents: %s", overloaded_agents.keys()) - LOG.info("Full agents: %s", full_agents.keys()) - if len(free_agents) == 0: - LOG.info("No any free agents found") - return - LOG.info("Free agents: %s", free_agents.keys()) - - for overloaded_agent_id, networks in overloaded_agents.iteritems(): - networks_to_move = get_networks_to_move(overloaded_agent_id, - max_networks_per_agent) - LOG.info("Networks to move from agent %(agent_id)s: " - "%(networks)s", - {'agent_id': overloaded_agent_id, - 'networks': networks_to_move}) - for network_id in networks_to_move: - if len(free_agents) == 0: - LOG.info("No any free agents found to move network %s", - network_id) - return - free_agents = move_network_to_new_agent(network_id, - overloaded_agent_id, - free_agents) - - -def get_dhcp_agents(): - """Get list of alive/dead DHCP agents and networks hosted by each agent - - :return agents: dict with ids of alive agents as keys and list of ids of - networks hostsed by agent - :return agents: dict with ids of dead agents as keys and list of ids of - networks hosted by agent - """ - - client = get_neutron_client() - live_agents = {} - dead_agents = {} - try: - agents = client.list_agents(agent_type=DHCP_AGENT_TYPE) - except Exception as e: - LOG.error("Failed to get list of agents; Error: %s", e) - return - - for agent in agents.get("agents", []): - agent_networks = get_networks_on_agent(agent['id']) - if agent.get('alive') == True: - live_agents[agent['id']] = agent_networks - else: - dead_agents[agent['id']] = agent_networks - return live_agents, dead_agents - - -def get_networks_agents(number_of_workers): - """Get list of networks with ids of DHCP agents which hosts DHCP for net - - :return networks_agents: dict with network_id as key and list of ids of - DHCP agents which hosts this network as values - """ - - client = get_neutron_client() - networks_agents = [] - try: - networks = client.list_networks() - networks_ids = [network['id'] for network in networks['networks']] - except Exception as e: - LOG.error("Failed to get list of networks; Error: %s", e) - return - threads_pool = multiprocessing.Pool(processes=number_of_workers) - networks_agents = threads_pool.map(get_agents_handled_network, - networks_ids) - return dict(networks_agents) - - -def get_agents_handled_network(network_id): - """Get list agents which handle network with given id - - :param network_id: id of network for which agents should be found - - :return: tuple with network_id as first value and list of ids of - DHCP agents which hosts this network as second value - """ - client = get_neutron_client() - try: - network_agents = client.list_dhcp_agent_hosting_networks( - network_id)['agents'] - return (network_id, network_agents) - - except Exception as e: - LOG.error("Failed to get list of DHCP agents for " - "network %(network_id)s; Error: %(err)s", - {'network_id': network_id, 'err': e}) - return (network_id, None) - - -def get_networks_on_agent(agent_id): - """Get list of networks hosted on DHCP agent - - :param agent_id: id of agent to check - """ - - client = get_neutron_client() - try: - networks = client.list_networks_on_dhcp_agent(agent_id)['networks'] - return [network['id'] for network in networks] - except Exception as e: - LOG.error("Failed to get list of networks hosted by " - "agent %(agent_id)s; Error: %(err)s", - {'agent_id': agent_id, 'err': e}) - return [] - - -def add_network_to_agent(network_id, agent_id): - """Set network to be hosted by DHCP agent - - :param network_id: id of network which will be added to agent - :param agent_id: id of agent which will host DHCP for network - - :return: True if network will be added to agent or Neutron will return - error that agent is already hosting this network - False if adding network to agent fails - """ - - client = get_neutron_client() - LOG.debug("Adding network %(network_id)s to agent " - "%(agent_id)s", - {'network_id': network_id, - 'agent_id': agent_id}) - try: - client.add_network_to_dhcp_agent( - agent_id, {'network_id': network_id} - ) - except neutronclient.common.exceptions.Conflict: - LOG.warning("Network %(network_id)s is already hosted by " - "agent %(agent_id)s", - {'network_id': network_id, - 'agent_id': agent_id}) - except Exception as e: - LOG.error("Failed to add network %(network_id)s to " - "agent %(agent_id); Error: %(err)s", - {'network_id': network_id, - 'agent_id': agent_id, - 'err': e}) - return False - return True - - -def remove_all_networks_from_all_agents(number_of_workers): - """ Remove all DHCP networks from all DHCP agents - - :param agents: dict with agents and networks handled by those agents - """ - - LOG.info("Removing all networks from DHCP Agents") - - live_dhcp_agents, dead_dhcp_agents = get_dhcp_agents() - dhcp_agents = dict( - list(live_dhcp_agents.items()) + list(dead_dhcp_agents.items()) - ) - threads_pool = multiprocessing.Pool(processes=number_of_workers) - - nets = [] - for agent_id, networks in dhcp_agents.iteritems(): - if len(networks) > 0: - nets.extend(networks) - threads_pool.map(remove_network_from_agent_wrapper, - itertools.izip(networks,itertools.repeat(agent_id))) - threads_pool.map(remove_reserved_dhcp_ports, - set(nets)) - LOG.info("All DHCP Agents cleaned") - - -def remove_network_from_agent_wrapper(args): - """ Wrapper for function remove_network_from_agent - """ - - remove_network_from_agent(*args) - - -def remove_network_from_agent(network_id, agent_id): - """Remove network from DHCP agent - - :param network_id: id of network which will be removed from agent - :param agent_id: id of agent which to remove - """ - - LOG.debug("Removing network %(network_id)s from agent: %(agent_id)s", - {'network_id': network_id, 'agent_id': agent_id}) - - client = get_neutron_client() - try: - client.remove_network_from_dhcp_agent(agent_id, network_id) - except Exception as e: - LOG.error("Failed to remove network %(network_id)s from " - "agent %(agent_id)s; Error: %(err)s", - {'network_id': network_id, - 'agent_id': agent_id, - 'err': e}) - - -def get_networks_to_move(agent_id, max_networks_on_agent): - """Get list of networks which should be moved to other DHCP agents - - :param agent_id: id of agent from which networks should be moved - :param max_networks_on_agent: max number of networks which agent should - handle - """ - - networks_on_agent = get_networks_on_agent(agent_id) - number_of_networks_to_move = len(networks_on_agent) - max_networks_on_agent - return random.sample(networks_on_agent, number_of_networks_to_move) - - -def move_network_to_new_agent(network_id, old_agent_id, agents): - """Move network from one DHCP agent to another one - - If adding to new agent will success then network will be also removed from - old agent. - - :param network_id: id of network to move - :param old_agent_id: id of existing agent which handles network - :param: agents: list of agents from which new agent will be choosen - - :return agents: list of agents with updated list of networks for agents - """ - attempt = 1 - while attempt <= MAX_ATTEMPTS: - agent_id = random.choice(agents.keys()) - add_network_result = add_network_to_agent( - network_id, agent_id) - if add_network_result: - agents[agent_id] = get_networks_on_agent(agent_id) - remove_network_from_agent(network_id, old_agent_id) - return agents - else: - attempt += 1 - return agents - - -def get_number_of_networks_with_dhcp(agents): - """Get overall number of networks handled by at least one dhcp agent - - :param: dict with agents and networks handled by thoses agents - - :return: number of unique networks hosted on dhcp agents - """ - - networks = [] - for agent_networks in agents.values(): - networks += agent_networks - return len(set(networks)) - - -def get_list_of_networks_with_dhcp(): - """Get list of networks with enabled DHCP Agents - - :return: List of unique network_id - """ - - networks = [] - client = get_neutron_client() - try: - subnets = client.list_subnets(enable_dhcp=True) - networks = [subnet['network_id'] for subnet in subnets.get("subnets", [])] - except Exception as e: - LOG.error("Failed to get list of networks with enable" - "dhcp, Error: %(err)s", {'err': e}) - return list(set(networks)) - - -def split_agents(agents, max_networks_on_agent): - """Divide list of agents into groups: overloaded, full and free - - Overloaded agent means that it hosts more networks than - max_networks_on_agent, - Full agent means that it hosts exactly max_networks_on_agent of networks, - Free agent means that it hosts fewer networks than max_networks_on_agent - so there is place for other networks on such agent - - :param agents: dict with agent_ids and list of networks hosted by each - agent - :param max_networks_on_agent: max number of networks which can be hosted - on agent - - :returns overloaded, full, free: dicts with agent_ids and lists of - networks handled by each agent - """ - - overloaded = {} - full = {} - free = {} - for agent, networks in agents.iteritems(): - agent_networks = len(networks) - if agent_networks > max_networks_on_agent: - overloaded[agent] = networks - elif agent_networks == max_networks_on_agent: - full[agent] = networks - else: - free[agent] = networks - return overloaded, full, free - - -if __name__ == '__main__': - global MAX_AGENTS_PER_NETWORK - args = parse_args() - # If debug is set to True then logger name is not set so root logger will - # be used and also messages from neutronclient will be logged - logger_name = None if args.debug else "dhcp_agents_balancer" - LOG = get_logger(args.verbose, args.debug, args.logfile, logger_name) - - number_of_workers = args.workers or get_number_of_cores() - MAX_AGENTS_PER_NETWORK = args.max_agents_per_network - - if args.cold_restart: - cold_restart(number_of_workers) - elif args.add_associations and args.remove_associations: - cold_restart(number_of_workers) - elif args.add_associations: - associate_networks_to_agents() - elif args.remove_associations: - remove_all_networks_from_all_agents(number_of_workers) - else: - remove_unneccessary_agents(number_of_workers) - balance_load_of_agents() diff --git a/neutron/get_floating_pools.sh b/neutron/get_floating_pools.sh deleted file mode 100755 index ff04b9a..0000000 --- a/neutron/get_floating_pools.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2015 B1 Systems GmbH -# -# Author: Christian Berendt -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# usage: ./get_floating_pools.sh [LOGFILE] - -# Load an client environment script (openrc file) prior to running this script. - -# description: This script will generate a list with all routers and assigned -# external (gateway) and internal networks. - -# example output: - -# router_id;external_network_id;external_network_name;internal_network_id -# 16739053-2a05-46c2-b9b5-bdaf210466a7;f028f538-e95b-4b7b-86c3-b15fc0878648;EXTERNAL;d3ab88ac-5e6b-4d6b-b344-c40337cf16fe - -set -x - -output=${1:-reii.lst} - -if [[ -e $output ]]; then - echo "error: output file '$output' exists, please remove or move it first." - exit -fi - -echo "router_id;external_network_id;external_network_name;internal_network_id" | tee -a $output - -for router in $(neutron router-list | grep enable_snat | awk '{ print $2 }'); do - external=$(neutron router-show $router | grep external_gateway_info | awk -F\" '{ print $4 }') - external_name=$(neutron net-show $external | grep name | awk -F\| '{ print $3 }' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') - for subnet in $(neutron router-port-list $router | grep subnet | awk -F\" '{ print $4 }'); do - network=$(neutron subnet-show $subnet | grep network_id | awk '{ print $4 }') - if [[ $network != $external ]]; then - echo "$router;$external;$external_name;$network" | tee -a $output - fi - done -done diff --git a/neutron/l3-agent-evacuate.py b/neutron/l3-agent-evacuate.py deleted file mode 100755 index 98e886f..0000000 --- a/neutron/l3-agent-evacuate.py +++ /dev/null @@ -1,147 +0,0 @@ -#!/usr/bin/env python -# -# Copyright (c) 2016 SWITCH http://www.switch.ch -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Author: Saverio Proto - -""" -Example usage: -python l3-agent-evacuate.py --from-l3agent 19f59173-68eb-49e3-a078-10831935a8f7 --to-l3agent f00dddd0-b944-4eeb-80d1-fa0811725196 -python l3-agent-evacuate.py --from-l3agent f00dddd0-b944-4eeb-80d1-fa0811725196 --to-l3agent 19f59173-68eb-49e3-a078-10831935a8f7 -""" - -import os -import sys -sys.path.append('../lib') - -import argparse -import openstackapi -import keystoneclient -import time - -def get_environ(key, verbose=False): - if key not in os.environ: - print "ERROR:", key, "not define in environment" - sys.exit(1) - if verbose: - if 'password' in key.lower(): - key_value = '*' * len(os.environ[key]) - else: - key_value = os.environ[key] - print "{}: {}".format(key, key_value) - return os.environ[key] - - -def main(): - """ - Evacuate a neutron l3-agent - """ - parser = argparse.ArgumentParser( - description="Evacuate a neutron l3-agent") - parser.add_argument('-f', '--from-l3agent', help='l3agent uuid', required=True) - parser.add_argument('-t', '--to-l3agent', help='l3agent uuid', required=True) - parser.add_argument('-r', '--router', help='specific router') - parser.add_argument('-l', '--limit', help='max number of routers to migrate') - parser.add_argument('-v', '--verbose', help='verbose', action='store_true') - args = parser.parse_args() - - # get OS_* environment variables - os_auth_url = get_environ('OS_AUTH_URL', args.verbose) - os_username = get_environ('OS_USERNAME', args.verbose) - os_password = get_environ('OS_PASSWORD', args.verbose) - os_tenant_name = get_environ('OS_TENANT_NAME', args.verbose) - os_region_name = get_environ('OS_REGION_NAME', args.verbose) - - - api = openstackapi.OpenstackAPI(os_auth_url, os_username, os_password, os_project_name=os_tenant_name) - if args.limit: - limit=int(args.limit) - else: - limit = 0 - - #Validate agent's UUID - validateargs(api, os_region_name, args.from_l3agent, args.to_l3agent, args.router) - - if args.router: - moverouter(api, os_region_name, args.from_l3agent, args.to_l3agent, args.router) - else: - evacuate_l3_agent(api, os_region_name, args.from_l3agent, args.to_l3agent, limit) - -def validateargs(api, region, from_agent, to_agent, router): - neutron = api.neutron(region) - l3_agents_uuids=[] - routers_uuids=[] - - for agent in neutron.list_agents()['agents']: - if agent['agent_type'] == u"L3 agent": - l3_agents_uuids.append(agent['id']) - - for r in neutron.list_routers()['routers']: - routers_uuids.append(r['id']) - - if from_agent not in l3_agents_uuids: - print "%s not a valid agent" % from_agent - sys.exit(1) - - if to_agent not in l3_agents_uuids: - print "%s not a valid agent" % to_agent - sys.exit(1) - - if router: - if router not in routers_uuids: - print "%s not a valid router" % router - sys.exit(1) - if neutron.list_l3_agent_hosting_routers(router)['agents'][0]['id'] != from_agent: - print "Wrong from_agent for specified router" - sys.exit(1) - - -def moverouter(api, region, from_agent, to_agent, router): - neutron = api.neutron(region) - r_id = {'router_id': router} - print "Removing router %s" % router - neutron.remove_router_from_l3_agent(from_agent, router) - print "Adding router %s" % router - neutron.add_router_to_l3_agent(to_agent, r_id) - -def evacuate_l3_agent(api, region, from_agent, to_agent, limit): - """Evacuate""" - neutron = api.neutron(region) - routers = neutron.list_routers_on_l3_agent(from_agent)["routers"] - - #filter out from the list ha routers - ha_false_routers=[] - for r in routers: - if not r["ha"]: - ha_false_routers.append(r) - - if not len(ha_false_routers): - print "Warning: l3 agent was already evacuated" - sys.exit(1) - if limit and (len(ha_false_routers) > limit): - ha_false_routers = ha_false_routers[0:limit] - print "Starting ... Moving a router every 10 seconds\n" - for r in ha_false_routers: - r_id = {'router_id': r['id']} - print "Removing router %s" % r['id'] - neutron.remove_router_from_l3_agent(from_agent, r['id']) - print "Adding router %s" % r['id'] - neutron.add_router_to_l3_agent(to_agent, r_id) - time.sleep(10) - - - -if __name__ == '__main__': - main() diff --git a/neutron/net_blame.sh b/neutron/net_blame.sh deleted file mode 100644 index 916645b..0000000 --- a/neutron/net_blame.sh +++ /dev/null @@ -1,205 +0,0 @@ -#!/bin/bash -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Author: Jared King -# Date: 2017-01-11 -# -# -#v.2 -#changed the interface to be a variable throughout the script. -#removed eth1 as the interface to tcpdump on, it seems that there is some variation in the interfaces we use. Focus is now the physical bridge. -# -#Bugs: -#If there is not much traffic, the script does not handle it very well. -#Fix as needed - - -#Basic usage -if [ -z "$1" ]; then - echo - echo usage: $0 net-node - echo - echo e.g. $0 net-006 - echo - echo places blame for high traffic - exit -fi - -IF=$1 -# For netnodes we are mainly interested in the phy-br-ex interface at this time. -#Change this to the interface you are interested in. -#might make this an option in a later version -ETH_DEV=phy-br-ex -echo "The current packets packets-per-second:" -#while true - -#ssh to target netnde and figure out what the current network stats looks like. -#I hate these variable names, this should be changed -ssh $1 ' -for run in {1..10} -do - - TXPPSR1=`cat /sys/class/net/'$ETH_DEV'/statistics/rx_packets` - TXPPST1=`cat /sys/class/net/'$ETH_DEV'/statistics/tx_packets` - - TBPSR1=`cat /sys/class/net/'$ETH_DEV'/statistics/rx_bytes` - TBPST1=`cat /sys/class/net/'$ETH_DEV'/statistics/tx_bytes` - - DTBPSR1=`cat /sys/class/net/'$ETH_DEV'/statistics/rx_dropped` - DTBPST1=`cat /sys/class/net/'$ETH_DEV'/statistics/tx_dropped` - - sleep 1 - - TXPPSR2=`cat /sys/class/net/'$ETH_DEV'/statistics/rx_packets` - TXPPST2=`cat /sys/class/net/'$ETH_DEV'/statistics/tx_packets` - - TBPSR2=`cat /sys/class/net/'$ETH_DEV'/statistics/rx_bytes` - TBPST2=`cat /sys/class/net/'$ETH_DEV'/statistics/tx_bytes` - - DTBPSR2=`cat /sys/class/net/'$ETH_DEV'/statistics/rx_dropped` - DTBPST2=`cat /sys/class/net/'$ETH_DEV'/statistics/tx_dropped` - - - TXPPS=`expr $TXPPST2 - $TXPPST1` - RXPPS=`expr $TXPPSR2 - $TXPPSR1` - - TBPS=`expr $TBPST2 - $TBPST1` - RBPS=`expr $TBPSR2 - $TBPSR1` - - TKBPS=`expr $TBPS / 1024` - RKBPS=`expr $RBPS / 1024` - - DTBPS=`expr $DTBPST2 - $DTBPST1` - DRBPS=`expr $DTBPSR2 - $DTBPSR1` - - echo "" - - echo "tx '$ETH_DEV': $TXPPS pkts/s rx '$ETH_DEV': $RXPPS pkts/s" - echo "tx '$ETH_DEV': $TKBPS kb/s rx '$ETH_DEV': $RKBPS kb/s" - echo "tx '$ETH_DEV': $DTBPS dropped rx '$ETH_DEV': $DRBPS dropped" - -done -' -#tcpdump 20,000 packets and get the mac address of the top packet sender. -#tcpdump on eth1 because it's the physical interface, not sure if all of the traffic would show up if we captured packets on the bridge. -#Put all of this into an array so that it's easier to reference -#limiting the mac addresses to fa: because these are openstack macs -my_array=( $(ssh $1 tcpdump -tnne -c 20000 -i $ETH_DEV 2>/dev/null | awk '{print $1}' | grep fa: | sort -nr| uniq -c | awk ' $1 > 1000 ') ) - -echo -echo -echo -echo -echo -echo -#Spit out the mac addresses -echo "The offenders mac is:" -for i in "${!my_array[@]}"; do - ((i%2==1)) && printf "%s\n" "${my_array[i]}" -done -# find the ports of the offending mac addresses -port_array=( $(neutron port-list | grep "${my_array[1]}\|${my_array[3]}"|depipe| awk '{print $1}' )) - -echo -echo -echo -#echo them so that we can reference it later. -echo "The ports are:" -for element in "${port_array[@]}" -do - echo "${element}" -done -#print out some details on the packets we captured -echo -echo -echo "Out of 20,000 packets this host sent:" ${my_array[0]} -echo -neutron port-show "${port_array[0]}" -echo -echo -echo -echo "The tenant to blame is:" -keystone tenant-get $(neutron port-show "${port_array[0]}" | grep tenant | depipe | awk '{print $2}') - - -echo -echo -echo "Out of 20,000 packets this host sent:" ${my_array[2]} -echo -neutron port-show "${port_array[1]}" - - -echo -echo -echo -echo "The tenant to blame is:" -keystone tenant-get $(neutron port-show "${port_array[1]}" | grep tenant | depipe | awk '{print $2}') - - - -echo -echo -echo -echo "tcpdump to check traffic types for the top host" -# we found the vlan in the earlier packet capture, and all of the info is logged in the openvswitch-agent.log. This log contains more info if we want. -VLAN_ID=$(ssh $1 grep "${port_array[0]}" /var/log/neutron/openvswitch-agent.log |grep vlan | head -1 | awk '{print $16}' | cut -d"," -f 1) - -echo "The vlan is:" -echo $VLAN_ID - -#ssh $1 ip netns exec qrouter-$(neutron port-show ${port_array[0]} cu -# Run another tcpdump of 200 packets and take a look at the for just the vlan we want and print the source, destination and ports/services used. -# There should be a better way to do this, the grep sucks and should be moved into the tcpdump. But I couldn't make it work like I wanted. -echo -echo -echo "Hosts that sent more than 10 packets during the capture" -echo "It is possible for this to be empty on low utilized hosts." -echo -echo "Number of packets | Src Host | Dest Host" -echo -ssh $1 tcpdump -te -c 2000 -i $ETH_DEV 2>/dev/null| grep "vlan $VLAN_ID" | awk '{ print $19" "$20" "$21}' | sort | uniq -c | awk ' $1 > 10 '|sort -nr -echo -echo -echo -echo -########################################################### -# Commenting this out because it seems redundant -# -# Dump what OVS says about the physical interface. Not sure if this needs to be the bridge or the physical interface. More testing is required. -# Ths intent here is to see if OVS is dropping packets. -#echo "OVS Details on br-ex" -echo -# we haven't seen drops on eth1, we normally drop packets on the bridge instead. -#ssh $1 ovs-ofctl dump-ports br-ex | grep -A1 "port 5" -#echo -#echo "OVS Dropped Packets on br-ex over 10 seconds" -#ssh $1 ' -# OVSDROPRX1=`ovs-ofctl dump-ports br-ex | grep "port 5" | cut -d"," -f3 | sed 's/[^0-9]*//g'` -# OVSDROPTX1=`ovs-ofctl dump-ports br-ex | grep -A1 "port 5"| grep tx | cut -d"," -f3 | sed 's/[^0-9]*//g'` -# sleep 10 -# OVSDROPRX2=`ovs-ofctl dump-ports br-ex | grep "port 5" | cut -d"," -f3 | sed 's/[^0-9]*//g'` -# OVSDROPTX2=`ovs-ofctl dump-ports br-ex | grep -A1 "port 5"| grep tx | cut -d"," -f3 | sed 's/[^0-9]*//g'` -# OVSDROPDIFRX=`expr $OVSDROPRX2 - $OVSDROPRX1` -# OVSDROPDIFTX=`expr $OVSDROPTX2 - $OVSDROPTX1` -# echo "OVS Dropped rx: $OVSDROPDIFRX" -# echo "OVS Dropped tx: $OVSDROPDIFTX" -#' -#echo -echo -echo "OVS Interface Details" -echo -#Dump interesting physical characteristics of the bridge. -ssh $1 ovs-ofctl dump-ports-desc br-ex - -exit 0 diff --git a/neutron/orphaned_ports.py b/neutron/orphaned_ports.py deleted file mode 100644 index cc9c7a9..0000000 --- a/neutron/orphaned_ports.py +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/bin/env python - -import optparse -import MySQLdb -import MySQLdb.cursors -import gc - -NEUTRONDBHOST='localhost' -NEUTRONDBPORT=3306 -NEUTRONDBUSER='neutron' -NEUTRONDBPASS='password' -NEUTRONDBNAME='neutron' - -KEYSTONEDBHOST='localhost' -KEYSTONEDBPORT=3306 -KEYSTONEDBUSER='keystone' -KEYSTONEDBPASS='password' -KEYSTONEDBNAME='keystone' - - -def get_options(): - """ command-line options """ - - usage = "usage: %prog [options]" - OptionParser = optparse.OptionParser - parser = OptionParser(usage) - - required = optparse.OptionGroup(parser, "Required") - optional = optparse.OptionGroup(parser, "Optional") - - optional.add_option('--neutrondbhost', dest='NEUTRONDBHOST', - action='store', type='string', default='localhost', - help="Neutron database hostname/IP (default=localhost).") - optional.add_option('--neutrondbport', dest='NEUTRONDBPORT', - action='store', type='int', default=int(3306), - help="Neutron database port (default=3306).") - optional.add_option('--neutrondbuser', dest='NEUTRONDBUSER', - action='store', type='string', default='neutron', - help="Neutron database user (default=neutron).") - optional.add_option('--neutrondbpass', dest='NEUTRONDBPASS', - action='store', type='string', default='password', - help="Neutron database password (default=password).") - optional.add_option('--neutrondbname', dest='NEUTRONDBNAME', - action='store', type='string', default='neutron', - help="Neutron database name (default=neutron).") - optional.add_option('--keystonedbhost', dest='KEYSTONEDBHOST', - action='store', type='string', default='localhost', - help="Keystone database host (default=localhost).") - optional.add_option('--keystonedbport', dest='KEYSTONEDBPORT', - action='store', type='int', default=int(3306), - help="Keystone database port (default=3306).") - optional.add_option('--keystonedbuser', dest='KEYSTONEDBUSER', - action='store', type='string', default='keystone', - help="Keystone database user (default=keystone).") - optional.add_option('--keystonedbpass', dest='KEYSTONEDBPASS', - action='store', type='string', default='password', - help="Keystone database password (default=password).") - optional.add_option('--keystonedbname', dest='KEYSTONEDBNAME', - action='store', type='string', default='keystone', - help="Keystone database name (default=keystone).") - - parser.add_option_group(required) - parser.add_option_group(optional) - options, args = parser.parse_args() - - return options - - -def get_db_conn(host, port, user, passwd, dbname): - db = MySQLdb.connect(host=host, port=port, user=user, passwd=passwd, db=dbname, cursorclass=MySQLdb.cursors.DictCursor) - return db.cursor() - - -def get_tenants_from_keystone(kcursor): - query = "SELECT id from project" - kcursor.execute(query) - results = [] - for result in kcursor.fetchall(): - results.append(result['id']) - return results - - -def get_ports_from_neutron(ncursor): - query = """SELECT tenant_id, id - from ports - where device_owner != 'network:router_gateway' AND tenant_id != '' - """ - ncursor.execute(query) - return ncursor.fetchall() - - -def find_orphaned_ports(all_tenants, port_mappings): - """port_mappings needs to be a dict of - {'tenant_id': , - 'id': }""" - - orphaned_ports = [] - for pair in port_mappings: - if pair['tenant_id'] not in all_tenants: - orphaned_ports.append(pair) - - return orphaned_ports - - -def main(): - - options = get_options() - - # start with a clean slate - gc.collect() - neutrondb = get_db_conn(options.NEUTRONDBHOST, options.NEUTRONDBPORT, options.NEUTRONDBUSER, options.NEUTRONDBPASS, options.NEUTRONDBNAME) - - keystonedb = get_db_conn(options.KEYSTONEDBHOST, options.KEYSTONEDBPORT, options.KEYSTONEDBUSER, options.KEYSTONEDBPASS, options.KEYSTONEDBNAME) - - keystone_tenants = get_tenants_from_keystone(keystonedb) - ports = get_ports_from_neutron(neutrondb) - - return find_orphaned_ports(all_tenants=keystone_tenants, port_mappings=ports) - # cleanup any possibly hanging connections - gc.collect() - -if __name__ == "__main__": - results = main() - if results: - print "### Orphaned neutron ports ###" - for result in results: - print "port_id=%s, tenant_id=%s" % (result['id'], result['tenant_id']) diff --git a/nova/README.md b/nova/README.md deleted file mode 100644 index b0d5c6e..0000000 --- a/nova/README.md +++ /dev/null @@ -1,36 +0,0 @@ -# Nova folder - -this folder contains scripts that are related to Nova - -## Compare Nova state to hypervisor state: `nova-libvirt-compare.py` - -This retrieves all instances in a region (or all regions when called -with `-a`), then compares that with the libvirt domains running on all -hypervisor hosts in that region, and reports any differences. - -### Usage - - usage: nova-libvirt-compare.py [-h] [-a] [-l REMOTE_USER] - [--no-note-incomplete] - [--blindly-trust-host-keys] [-p PROCESSES] [-v] - - Check for inconsistent state between Nova DB and hypervisors - - optional arguments: - -h, --help show this help message and exit - -a, --all-regions query all regions - -l REMOTE_USER, --remote-user REMOTE_USER - SSH remote username for connecting to hypervisors - --no-note-incomplete Don't report incomplete instances - --blindly-trust-host-keys - Accept all SSH host keys. This enables man-in-the- - middle attacks! - -p PROCESSES, --processes PROCESSES - Number of parallel processes connecting to hypervisors - -v, --verbose verbose - -### Example - - $ ./nova-libvirt-compare.py - Hypervisor zhdk0062.zhdk.cloud.switch.ch should know about bd384f32-5e05-43a5-a66e-fc11693a733b, but doesn't - Instance ebd1c623-35c3-4385-998f-10a96ecfbcdf (state BUILD) has no hypervisor diff --git a/nova/antiaffinitycheck.py b/nova/antiaffinitycheck.py deleted file mode 100755 index f4d2727..0000000 --- a/nova/antiaffinitycheck.py +++ /dev/null @@ -1,191 +0,0 @@ -#!/usr/bin/env python -# pylint: disable=import-error -""" Utility to check validity of anti-affinity rules """ - -import os -import argparse -import json -from collections import Counter -from keystoneclient import session -from keystoneclient.auth.identity import v2 -from keystoneclient.v2_0 import client as ksclient -from novaclient import client as nclient -import prettytable - -def get_credentials(): - """ Build dictionary of Keystone credentials from environment """ - keystone_credentials = {} - keystone_credentials['auth_url'] = os.environ['OS_AUTH_URL'] - keystone_credentials['username'] = os.environ['OS_USERNAME'] - keystone_credentials['password'] = os.environ['OS_PASSWORD'] - keystone_credentials['tenant_name'] = os.environ['OS_TENANT_NAME'] - return keystone_credentials - -class NovaConnect(object): - """ - Base Nova connection class - """ - def __init__(self, args): - - credentials = get_credentials() - ksclient.Client(**credentials) - auth = v2.Password(**credentials) - sess = session.Session(auth=auth) - self.nova = nclient.Client(2, session=sess) - self.json = args.json - - def get_server(self, serverid): - """ - Return Server object - """ - return self.nova.servers.get(serverid) - - def get_all(self): - """ - Get a list of all Server Groups - """ - server_groups = self.nova.server_groups.list(all_projects=True) - return server_groups - - def get_group_members(self, server_group_id): - """ - Return list of instance UUIDs present in a Server Group - """ - server_group = self.nova.server_groups.get(server_group_id) - if 'anti-affinity' in server_group.policies: - return server_group.members - else: - return False - - def get_hypervisors(self, uid_list): - """ - Return a dict with hypervisors and names given a list of server uids - """ - ret = [] - for uid in uid_list: - instance = self.get_server(uid) - hypervisor = getattr(instance, - 'OS-EXT-SRV-ATTR:hypervisor_hostname' - .split('.')[0]) - ret.append({'id':uid, - 'name':instance.name, - 'hypervisor':hypervisor}) - return ret - - def get_group_detail(self, server_group_id): - """ - Output detail on Server Group instances and their hypervisors - """ - group_members = self.get_group_members(server_group_id) - if group_members: - output = self.get_hypervisors(group_members) - return output - else: - return False - - def test_group_duplicates(self, server_group_id): - """ - Evaluate whether any instances in a SG - have been scheduled to the same hypervisor - """ - group_members = self.get_group_members(server_group_id) - if group_members: - hypervisors = [] - instances = self.get_hypervisors(group_members) - for instance in instances: - instance['server_group_id'] = server_group_id - hypervisors.append(instance['hypervisor']) - dupes = [k for k, v in Counter(hypervisors).items() if v > 1] - if dupes: - instance_dupes = [instance for instance in instances - if instance['hypervisor'] in dupes] - return instance_dupes - else: - return False - else: - return False - - def check_all(self): - """ - Check all server groups for violations - """ - groups = self.get_all() - merged_output = [] - for group in groups: - output = self.test_group_duplicates(group.id) - if output and self.json: - merged_output += output - elif output and not self.json: - print "Anti-affinity rules violated in Server Group:",\ - group.id - print_table(output) - if self.json and merged_output: - print json.dumps(merged_output) - -def create_table(fields): - """ - Boilerplate for PrettyTable - """ - table = prettytable.PrettyTable(fields, caching=False) - table.align = 'l' - return table - -def print_table(output): - """ - Print out a table of instances - """ - table = create_table(['Instance ID', 'Instance Name', 'Hypervisor']) - for instance in output: - table.add_row([instance['id'], - instance['name'], - instance['hypervisor']]) - print table - -def get_args(): - """ - Get commandline arguments - """ - parser = argparse.ArgumentParser(description='Nova Server Group \ - anti-affinity rule checker') - group = parser.add_mutually_exclusive_group(required=True) - group.add_argument('--check', type=str, - help='Validate the specified Server Group') - group.add_argument('--list', type=str, - help='List instances and their hypervisors \ - for a given Server Group') - group.add_argument('--all', action='store_true', - help='Check all server groups') - parser.add_argument('--json', action='store_true', help='Output JSON') - return parser.parse_args() - -def main(): - """ - Main script - """ - args = get_args() - nova_connect = NovaConnect(args) - if args.check: - output = nova_connect.test_group_duplicates(args.check) - if output and args.json: - print json.dumps(output) - elif output and not args.json: - print "Anti-affinity rules violated in Server Group:",\ - args.check - print_table(output) - elif not output and not args.json: - print "No anti-affinity rules \ - violated for Server Group:", args.check - if args.list: - output = nova_connect.get_group_detail(args.list) - if output and args.json: - print json.dumps(output) - elif output and not args.json: - print_table(output) - elif not output and not args.json: - print "Server Group", args.list,\ - "empty or does not have an anti-affinity policy set." - if args.all: - nova_connect.check_all() - -if __name__ == '__main__': - main() diff --git a/nova/livemigrate_instances.py b/nova/livemigrate_instances.py deleted file mode 100755 index a246838..0000000 --- a/nova/livemigrate_instances.py +++ /dev/null @@ -1,292 +0,0 @@ -#! /usr/bin/env python -# Copyright 2013 AT&T Services, Inc. -# 2015 Catalyst IT Ltd. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import argparse -import datetime -import json -from keystoneclient.v2_0 import client as ksclient -import logging -from novaclient import client -import os -import sys -import time -LOG = logging.getLogger("livemigrate_instances") -LOG_FORMAT = '%(asctime)s %(levelname)-8s %(message)s' -DESCRIPTION = "Live migration tool to clear out a hypervisor" - - -def parse_args(): - # ensure environment has necessary items to authenticate - for key in ['OS_TENANT_NAME', 'OS_USERNAME', 'OS_PASSWORD', - 'OS_AUTH_URL', 'OS_REGION_NAME']: - if key not in os.environ.keys(): - LOG.exception("Your environment is missing '%s'") - ap = argparse.ArgumentParser(description=DESCRIPTION) - ap.add_argument('-d', '--debug', action='store_true', - default=False, help='Show debugging output') - ap.add_argument('-q', '--quiet', action='store_true', default=False, - help='Only show error and warning messages') - ap.add_argument('-n', '--noop', action='store_true', default=False, - help='Do not do any modifying operations (dry-run)') - ap.add_argument('-m', '--migrate', action='store_true', default=False, - help='Migrate from one host to another') - ap.add_argument('-r', '--recover', action='store_true', default=False, - help='Move hosts previously migrated back home') - ap.add_argument('--source', - help='the FQDN of a hypervisor to move instances \ - away from') - ap.add_argument('--dest', - default=False, - help='the FQDN of a hypervisor to move instances \ - to') - ap.add_argument('--file', default='./results.json', - help='The file in which to store/retrieve the server list') - ap.add_argument('--timeout', default=240, - help='How long to wait for migration to complete') - ap.add_argument('--insecure', action='store_true', default=False, - help='Explicitly allow tool to perform ' - '"insecure" SSL (https) requests. The server\'s ' - 'certificate will not be verified against any ' - 'certificate authorities. This option should be used ' - 'with caution.') - return ap.parse_args() - - -def setup_logging(args): - level = logging.INFO - if args.quiet: - level = logging.WARN - if args.debug: - level = logging.DEBUG - logfilename = os.environ['HOME'] + '/livemigrations.log' - logging.basicConfig(level=logging.DEBUG, - format=LOG_FORMAT, - filename=logfilename, - filemode='a') - console = logging.StreamHandler() - console.setLevel(level) - LOG.addHandler(console) - - -def get_hypervisor_instances(args, nova): - instance_list = [] - # check if the hypervisor exists and is unique - hypervisor_id = nova.hypervisors.search(args.source) - if len(hypervisor_id) != 1: - LOG.exception("The hypervisor %s was either not found, " - "or found more than once", - args.source) - raise SystemExit - hyp_obj = nova.hypervisors.get(hypervisor_id[0]) - for instance in nova.servers.list(search_opts={'all_tenants': True}): - inst_hyp = getattr(instance, 'OS-EXT-SRV-ATTR:hypervisor_hostname') - if hyp_obj.hypervisor_hostname == inst_hyp: - instance_list.append(instance) - return instance_list - - -def migrate_instance(args, nova, keystone_client, instance, dest, timeout): - result = {} - start_hypervisor = getattr(instance, 'OS-EXT-SRV-ATTR:hypervisor_hostname') - datestamp_start = datetime.datetime.now() - try: - tenant = keystone_client.tenants.find(id=instance.tenant_id).name - except: - tenant = 'unknown tenant' - message = "Migrating %s (%s) - %s, from %s" % (instance.name, - instance.id, - tenant, - start_hypervisor) - LOG.warn(message) - if args.noop: - check_result = { - 'message': 'noop', - 'new_hypervisor': start_hypervisor, - 'error': False - } - else: - if instance.status == 'ACTIVE': - if dest: - instance.live_migrate(host=dest) - else: - instance.live_migrate() - check_result = check_migration(instance, start_hypervisor, timeout) - elif instance.status == 'SHUTOFF': - instance.migrate() - check_result = check_migration(instance, start_hypervisor, timeout) - else: - check_result = { - 'message': 'not moved', - 'new_hypervisor': start_hypervisor, - 'error': False - } - - datestamp_end = datetime.datetime.now() - duration = datestamp_end - datestamp_start - result = {'instance': instance.id, - 'name': instance.name, - 'tenant': tenant, - 'state': instance.status, - 'message': check_result['message'], - 'start_hypervisor': start_hypervisor, - 'end_hypervisor': check_result['new_hypervisor'], - 'duration': "%.0f" % duration.total_seconds(), - 'error': check_result['error']} - return result - - -def check_migration(instance, start_hypervisor, timeout): - time.sleep(5) - wait_time = 5 - error = False - while wait_time < timeout: - message = '' - instance.get() - new_hypervisor = getattr(instance, - 'OS-EXT-SRV-ATTR:hypervisor_hostname') - if instance.status in ['ACTIVE', 'VERIFY_RESIZE']: - if new_hypervisor == start_hypervisor: - message = 'Instance did not move' - error = True - if new_hypervisor != start_hypervisor: - message = 'Instance moved' - break - if instance.status == 'ERROR': - message = 'Instance now in ERRROR state!' - error = True - break - #TODO more checks here for status of instance after migration - time.sleep(5) - wait_time += 5 - sys.stdout.write("#") - sys.stdout.flush() - print - check_result = {'new_hypervisor': new_hypervisor, - 'message': message, - 'error': error} - return check_result - - -def migrate_away(args, nova, keystone_client, timeout): - instances_to_migrate = get_hypervisor_instances(args, nova) - if args.dest: - dest_id = nova.hypervisors.search(args.dest) - if len(dest_id) != 1: - LOG.error("The hypervisor %s was either not found, or found " - "more than once", - args.source) - raise SystemExit - dest = nova.hypervisors.get(dest_id[0]).service['host'] - else: - dest = False - final_results = [] - for instance in instances_to_migrate: - instance.get() - result = migrate_instance(args, nova, keystone_client, - instance, dest, timeout) - LOG.warn("Instance %s moved from %s to %s, %s, " - "status is %s, took %ss", - result['name'], - result['start_hypervisor'], - result['end_hypervisor'], - result['message'], - result['state'], - result['duration']) - if result['state'] == 'VERIFY_RESIZE': - instance.confirm_resize() - time.sleep(5) - instance.get() - result['state'] = instance.status - final_results.append(result) - if result['state'] not in ['ACTIVE', 'SHUTOFF', 'SUSPENDED']: - break - if result['error']: - break - if not args.noop: - # ugh, a magic sleep to let things settle down - time.sleep(30) - # TODO(XP) this needs exception handling - with open(args.file, 'w') as fp: - json.dump(final_results, fp) - fp.close() - - -def recover(args, nova, keystone_client, timeout): - # TODO(XP) this needs exception handling - with open(args.file, 'r') as fp: - temp_locations = json.load(fp) - fp.close() - - final_results = [] - for entry in temp_locations: - if entry['end_hypervisor'] == entry['start_hypervisor']: - print("Instance %s left alone" % entry['instance']) - else: - # set up instance, dest list - instance = nova.servers.get(entry['instance']) - dest = entry['start_hypervisor'] - result = migrate_instance(args, - nova, - keystone_client, - instance, - dest, - timeout) - final_results.append(result) - # ugh, a magic sleep to let things settle down - time.sleep(5) - #pprint.pprint(final_results) - - -def main(): - args = parse_args() - setup_logging(args) - try: - nova = client.Client( - '2.0', - os.environ['OS_USERNAME'], - os.environ['OS_PASSWORD'], - os.environ['OS_TENANT_NAME'], - os.environ['OS_AUTH_URL'], - region_name=os.environ['OS_REGION_NAME']) - except Exception: - raise - try: - keystone_client = ksclient.Client( - username=os.environ['OS_USERNAME'], - password=os.environ['OS_PASSWORD'], - tenant_name=os.environ['OS_TENANT_NAME'], - auth_url=os.environ['OS_AUTH_URL'], - region_name=os.environ['OS_REGION_NAME']) - except Exception: - raise - timeout = args.timeout - if ((args.migrate and args.recover) or (args.migrate is False - and args.recover is False)): - LOG.exception("Please either migrate, or recover, but not both") - raise SystemExit - if args.migrate: - if not args.source: - LOG.exception("Must supply both source hypervisors") - raise SystemExit - migrate_away(args, nova, keystone_client, timeout) - - if args.recover: - recover(args, nova, keystone_client, timeout) - - -if __name__ == '__main__': - main() diff --git a/nova/nova-libvirt-compare.py b/nova/nova-libvirt-compare.py deleted file mode 100755 index a9c75c8..0000000 --- a/nova/nova-libvirt-compare.py +++ /dev/null @@ -1,383 +0,0 @@ -#!/usr/bin/env python -# -# Copyright (c) 2016 SWITCH http://www.switch.ch -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Author: Simon Leinen -# Date: 2016-09-04 - -from __future__ import print_function -import sys -import os -import argparse -import re -import paramiko -import multiprocessing -sys.path.append('../lib') -import openstackapi - - -def get_environ(key, verbose=False): - if key not in os.environ: - print("ERROR:", key, "not defined in environment") - sys.exit(1) - if verbose: - if 'password' in key.lower(): - key_value = '*' * len(os.environ[key]) - else: - key_value = os.environ[key] - print(u"{}: {}".format(key, key_value)) - return os.environ[key] - - -class LibvirtDomainInfo: - def __init__(self, uuid): - self.uuid = uuid - self.info = {} - -class HypervisorInfo: - def __init__(self, hostname): - self.hostname = hostname - self.domains = {} - self.errors = [] - def add_domain(self, dom): - self.domains[dom.uuid] = dom - -class ServerInfo: - def __init__(self, nova_info): - self.nova_info = nova_info - - -def collect_hypervisor_information(nova, verbose=False, - remote_user=None, - blindly_trust_host_keys=False, - processes=None): - """Collect domain information from libvirt hypervisors in a region - - Arguments: - - nova: nova_client instance for the region - verbose: Whether to print messages about harmless actions, default: False - remote_user: The user under which SSH tries to connect, default: None - blindly_trust_host_keys: Allow MITM attacks, default: False - - This function enumerates the hypervisors for the region, connects - to each over SSH, and retrieves information about the libvirt - domains running on the respective machine. - - The results are returned as a dictionary that maps domain UUIDs - - which should correspond to Nova instance UUIDs - to - LibvirtDomainInfo objects which are populated using virsh dominfo. - """ - hyp = {} - hypervisors = nova.hypervisors.list(detailed=True) - pool = multiprocessing.Pool(processes=processes) - - if hypervisors: - mapped = pool.map(_get_hypervisor_info, - map(lambda h: { - 'hostname': h.hypervisor_hostname, - 'verbose': verbose, - 'remote_user': remote_user, - 'blindly_trust_host_keys': blindly_trust_host_keys, - }, - hypervisors)) - pool.close() - pool.join() - for h in mapped: - if h.errors: - print(u"Error getting domain information from {}". - format(h.hostname)) - for err in h.errors: - print(u" {}".format(err)) - hyp[h.hostname] = h - return hyp - -def _get_hypervisor_info(closure): - return get_hypervisor_info( - closure['hostname'], - verbose =closure['verbose'], - remote_user =closure['remote_user'], - blindly_trust_host_keys=closure['blindly_trust_host_keys'], - ) - -def get_hypervisor_info(hostname, - verbose=False, - remote_user=None, - blindly_trust_host_keys=False): - """Get domain information from a single libvirt hypervisor - - The results are returned as a HypervisorInfo object. - - Arguments: - - hostname: Hypervisor hostname from Nova.hypervisors.list(detailed=True) - verbose: Whether to print messages about harmless actions, default: False - remote_user: The user under which SSH tries to connect, default: None - blindly_trust_host_keys: Allow MITM attacks, default: False - - This function connects to the given hypervisor over SSH and - retrieves information about the libvirt domains known there. - """ - - h = HypervisorInfo(hostname) - ssh = paramiko.SSHClient() - if blindly_trust_host_keys: - ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - - try: - ssh.connect(h.hostname, username=remote_user) - _, stdout, stderr = ssh.exec_command("virsh list --uuid --all") - for line in stdout: - uuid = line.rstrip() - if uuid == '': - pass - else: - if verbose: - print("Found virsh instance {} on {}".format( - uuid, h.hostname)) - dom = LibvirtDomainInfo(uuid) - h.add_domain(dom) - for uuid, dom in h.domains.iteritems(): - _, stdout, stderr = ssh.exec_command("virsh dominfo {}".format(uuid)) - dominfo = re.compile("^([^:]*):\s*(.*)$") - for line in stdout: - if line == "\n": - # Ignore stupid trailing empty line - pass - else: - m = dominfo.match(line) - if m: - dom.info[m.group(1).lower()] = m.group(2) - else: - h.errors.append(u"Cannot understand line {} in virsh dominfo output". - format(line)) - except paramiko.SSHException as e: - h.errors.append(u"Error SSHing to {}:\n {}". - format(h.hostname, e.message)) - except: - h.errors.append(u"Unexpected error SSHing to {}:\n {}". - format(h.hostname, sys.exc_info()[0])) - ssh.close() - return h - -def collect_server_information(nova, verbose=False): - """Collect instance information from Nova in a region - - Arguments: - - nova: nova_client instance for the region - verbose: Whether to print messages about harmless actions, default: False - - This function enumerates the instances from the Nova compute - service in a region. - - The results are returned as a dictionary that maps domain UUIDs - - which should correspond to Nova instance UUIDs - to ServerInfo - objects which contain server detail information. - """ - srv = {} - - servers = nova.servers.list( - detailed=True, - search_opts={'all_tenants': True}) - - while servers: - last_server = None - for server in servers: - last_server_id = server.id - s = ServerInfo(server) - srv[server.id] = s - if verbose: - print(u"Found server {} on hypervisor {} ({})".format( - server.id, - server._info['OS-EXT-SRV-ATTR:hypervisor_hostname'], - server.status, - )) - servers = nova.servers.list( - detailed=True, - marker=last_server_id, - search_opts={'all_tenants': True}) - return srv - -def instance_state_needs_hypervisor(state): - """Return true if an instance in this state should have a hypervisor. - """ - if state == 'SHELVED_OFFLOADED': - return False - else: - return True - -def report_server_hypervisor_inconsistencies(srv, hyp, verbose=False, note_incomplete=True): - """Detect and report discrepancies between Nova and hypervisor views - - Arguments: - - srv: Dictionary of Nova instances as returned by collect_server_information() - hyp: Dictionary of Hypervisor information as returned by collect_hypervisor_information() - verbose: Whether to print messages about harmless actions, default: False - note_incomplete: Whether to report instances without hypervisors, default: True - - The following types of discrepancies are detected and reported: - - * an instance exists in Nova, but is not on any hypervisor - * an instance exists on a hypervisor, but is unknown to Nova - * an instance exists on a hypervisor, but Nova thinks it should be on a different one - * an instance has incompatible states between Nova and the hypervisor - """ - state_mapping = { - 'ACTIVE': 'running', - 'VERIFY_RESIZE': 'running', - 'SUSPENDED': 'shut off', - 'SHUTOFF': 'shut off', - 'SHELVED': 'shut off', - 'PAUSED': 'paused', - } - for uuid, s in srv.iteritems(): - nova_status = s.nova_info.status - hypervisor_name = s.nova_info._info['OS-EXT-SRV-ATTR:hypervisor_hostname'] - if hypervisor_name is None: - if instance_state_needs_hypervisor(nova_status) and note_incomplete: - print(u"Instance {} (Nova status {}) has no hypervisor". - format(uuid, nova_status)) - elif hypervisor_name not in hyp: - print(u"Instance {} (Nova status {}) on unknown hypervisor {}". - format(uuid, nova_status, hypervisor_name)) - else: - h = hyp[hypervisor_name] - if uuid in h.domains: - dom = h.domains[uuid] - dom_state = dom.info['state'] - if verbose: - print(u"Instance {} (Nova state {}) hypervisor {} state {}". - format(uuid, nova_status, hypervisor_name, dom_state)) - if nova_status in state_mapping \ - and dom_state == state_mapping[nova_status]: - pass - else: - print((u"Possible inconsistency: Instance {} (Nova status {})\n" - +u" On hypervisor {}, it has state {}"). - format(uuid, nova_status, - hypervisor_name, dom_state)) - elif h.errors: - # It's not worth complaining. The problem is that - # there were errors trying to get domain information - # from the hypervisor, and that has been signaled - # already. - pass - else: - print(u"Hypervisor {} should know about {}, but doesn't". - format(hypervisor_name, uuid)) - for hypervisor_name, h in hyp.iteritems(): - for uuid, s in h.domains.iteritems(): - if not uuid in srv: - print(u"Hypervisor {} contains unknown instance {}". - format(hypervisor_name, uuid)) - else: - nova_srv = srv[uuid] - nova_status = nova_srv.nova_info.status - nova_hyp_name = nova_srv.nova_info._info['OS-EXT-SRV-ATTR:hypervisor_hostname'] - if nova_hyp_name == hypervisor_name: - pass - elif nova_hyp_name not in hyp: - print((u"Instance {} (Nova status {}):\n" - +u" Found on hypervisor {} (state: {})\n" - +u" Should be running on {}, which is not known."). - format(uuid, nova_status, - hypervisor_name, s.info['state'], - nova_hyp_name)) - else: - nova_hyp = hyp[nova_hyp_name] - if uuid not in nova_hyp.domains: - print((u"Instance {} (Nova status {}):\n" - +u" Found on hypervisor {} (state: {})\n" - +u" Should be running on {}, but unknown there."). - format(uuid, nova_status, - hypervisor_name, s.info['state'], - nova_hyp_name)) - else: - nova_s = nova_hyp.domains[uuid] - print((u"Instance {} (Nova status {}):\n" - +u" Found on hypervisor {} (state: {})\n" - +u" Should be running on {}, and it is (state: {})."). - format(uuid, nova_status, - hypervisor_name, s.info['state'], - nova_hyp_name, nova_s.info['state'])) - -def main(): - """Check for state inconsistencies between Nova DB and hypervisors - - Go through nova-compute hosts, and check if the status of - VMs running there corresponds to the state of the Nova database. - - Only supports libvirt hypervisors. - - Requires SSH access to all hypervisor hosts. The remote user on - the hypervisor must have sufficient privileges to run "virsh". - """ - parser = argparse.ArgumentParser( - description="Check for inconsistent state between Nova DB and hypervisors") - parser.add_argument( - '-a', '--all-regions', help='query all regions', action='store_true') - parser.add_argument( - '-l', '--remote-user', type=str, - help='SSH remote username for connecting to hypervisors') - parser.add_argument( - '--no-note-incomplete', help='Don\'t report incomplete instances', action='store_true') - parser.add_argument( - '-b', '--blindly-trust-host-keys', help='Accept all SSH host keys. This enables man-in-the-middle attacks!', action='store_true') - parser.add_argument( - '-p', '--processes', type=int, default=20, - help='Number of parallel processes connecting to hypervisors') - parser.add_argument('-v', '--verbose', help='verbose', action='store_true') - if len(sys.argv) < 1: - parser.print_help() - sys.exit(1) - args = parser.parse_args() - - # get OS_* environment variables - os_auth_url = get_environ('OS_AUTH_URL', args.verbose) - os_username = get_environ('OS_USERNAME', args.verbose) - os_password = get_environ('OS_PASSWORD', args.verbose) - os_tenant_name = get_environ('OS_TENANT_NAME', args.verbose) - os_region_name = get_environ('OS_REGION_NAME', args.verbose) - - # Openstack clients API - api = openstackapi.OpenstackAPI(os_auth_url, os_username, os_password, os_project_name=os_tenant_name) - - # regions to use - region_names = [os_region_name] - if args.all_regions: - # all regions available - region_names = api.get_all_regions() - - for region in region_names: - # get Nova client for the region - nova = api.nova(region) - - hyp = collect_hypervisor_information( - nova, - verbose=args.verbose, - remote_user=args.remote_user, - blindly_trust_host_keys=args.blindly_trust_host_keys, - processes=args.processes) - srv = collect_server_information(nova, verbose=args.verbose) - - report_server_hypervisor_inconsistencies( - srv, hyp, - verbose=args.verbose, - note_incomplete=not args.no_note_incomplete) - -if __name__ == '__main__': - main() diff --git a/nova/nova-vms-on-host.py b/nova/nova-vms-on-host.py deleted file mode 100755 index 145c1bd..0000000 --- a/nova/nova-vms-on-host.py +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/python - -__author__ = 'Matthew Fischer ' -__copyright__ = 'Copyright 2015, Matthew Fischer' - -# Copyright 2015 Matthew Fischer -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Given the FQDN of a hypervisor, this tool will pull a list of all -# VMs on the hypervisor along with contact info for all the customers. -# Additionally an email list, which is pasteable into a mail client -# is generated. This tool is designed to be used when a hypervisor -# dies or maintenance is pending to notify customers about an issue, -# either before or after it happens. -# -# It uses environment variables to talk to OpenStack. Source -# an openrc first. - -from keystoneclient.v2_0 import client as keystone_client -from novaclient import client as nova_client -import argparse -import os -import sys - -def build_user_dict(keystone): - _users_hash = {} - users = keystone.users.list() - for user in users: - _users_hash[user.id] = user - return _users_hash - - -def main(host): - keystone = keystone_client.Client(username=os.environ.get('OS_USERNAME'), - password=os.environ.get('OS_PASSWORD'), - tenant_name=os.environ.get('OS_TENANT_NAME'), - region_name=os.environ.get('OS_REGION_NAME'), - auth_url=os.environ.get('OS_AUTH_URL')) - users_hash = build_user_dict(keystone) - - nova = nova_client.Client('2', os.environ.get('OS_USERNAME'), - os.environ.get('OS_PASSWORD'), - os.environ.get('OS_TENANT_NAME'), - region_name=os.environ.get('OS_REGION_NAME'), - auth_url=os.environ.get('OS_AUTH_URL'), - service_type="compute") - - print "Generating Server List & Info for %s" % host - print "--------------------------------------------------------------" - vms = get_vms_for_host(host, nova) - if len(vms) == 0: - print "\nNo VMs found on %s" % host - return 1 - unique_emails = [] - for vm in vms: - print "%-45s: %-15s (%s)" % (vm.name, users_hash[vm.user_id].name, users_hash[vm.user_id].email) - user_email = users_hash[vm.user_id].email - if user_email and user_email not in unique_emails: - unique_emails.append(user_email) - - print "\n--------------------------------------------------------------" - print "Email List" - print "--------------------------------------------------------------" - print '; '.join(unique_emails) - - -def get_vms_for_host(host, nova): - vms = [] - # unfortunately I can't get a VM list from a given host - for server in nova.servers.list(search_opts={'all_tenants': 1}): - if host == getattr(server, 'OS-EXT-SRV-ATTR:hypervisor_hostname'): - vms.append(server) - return vms - -if __name__ == "__main__": - parser = argparse.ArgumentParser() - parser.add_argument("--host", required=True, help='FQDN required!') - args = parser.parse_args() - if not '.' in args.host: - print "Please call with the FQDN of the host" - sys.exit(1) - main(args.host) diff --git a/openstack-ansible/cleanup_host.sh b/openstack-ansible/cleanup_host.sh deleted file mode 100644 index e978f48..0000000 --- a/openstack-ansible/cleanup_host.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -# This script reclaims space on a host that might -# be low on disk space by getting rid of logs and -# extra data. - -find /openstack/log/ -type f | xargs -n1 truncate -s0 diff --git a/rabbitmq/check_rabbtimq_file_descriptors.sh b/rabbitmq/check_rabbtimq_file_descriptors.sh deleted file mode 100755 index ec4a52e..0000000 --- a/rabbitmq/check_rabbtimq_file_descriptors.sh +++ /dev/null @@ -1,130 +0,0 @@ -#!/bin/bash -# -# RabbitMQ server monitor for file descriptor and sockets usage and limits. -# -# Author: Mike Dorman -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -STATE_OK=0 -STATE_WARNING=1 -STATE_CRITICAL=2 -STATE_UNKNOWN=3 -STATE_DEPENDENT=4 -STATE=$STATE_OK - -usage () -{ - echo "Usage: $0 [OPTIONS]" - echo " -h Get help" - echo " --total WARN:CRIT thresholds for absolute value of total used file descriptors (maximum values)" - echo " --totalpct WARN:CRIT thresholds for percentage value of total used file descriptors (maximum values)" - echo " --sockets WARN:CRIT thresholds for absolute value of used socket descriptors (maximum values)" - echo " --socketspct WARN:CRIT thresholds for percentage value of used socket descriptors (maximum values)" - echo " --limit WARN:CRIT thresholds for absolute limit value of total file descriptors (minimum values)" -} - -TEMP=`getopt -o h --long total:,totalpct:,sockets:,socketspct:,limit: -n $0 -- "$@"` -[ $? -ne 0 ] && usage && exit $STATE_UNKNOWN -eval set -- "$TEMP" - -while true; do - case "$1" in - -h) - usage ; shift ; exit $STATE_UNKNOWN ;; - --total) - TOTAL_WARN=`echo $2: | cut -d: -f 1` - TOTAL_CRIT=`echo $2: | cut -d: -f 2` - shift 2 ;; - --totalpct) - TOTALPCT_WARN=`echo $2: | cut -d: -f 1` - TOTALPCT_CRIT=`echo $2: | cut -d: -f 2` - shift 2 ;; - --sockets) - SOCKETS_WARN=`echo $2: | cut -d: -f 1` - SOCKETS_CRIT=`echo $2: | cut -d: -f 2` - shift 2 ;; - --socketspct) - SOCKETSPCT_WARN=`echo $2: | cut -d: -f 1` - SOCKETSPCT_CRIT=`echo $2: | cut -d: -f 2` - shift 2 ;; - --limit) - LIMIT_WARN=`echo $2: | cut -d: -f 1` - LIMIT_CRIT=`echo $2: | cut -d: -f 2` - shift 2 ;; - --) - shift ; break ;; - esac -done - -limits=`sudo /sbin/rabbitmqctl status | grep file_descriptors -A 4` -[ $? -ne 0 ] && echo "rabbitmqctl status command failed" && exit $STATE_UNKNOWN - -total_limit=`echo ${limits} | grep total_limit | sed -r 's/^.+total_limit,([[:digit:]]+).*$/\1/'` -total_used=`echo ${limits} | grep total_used | sed -r 's/^.+total_used,([[:digit:]]+).*$/\1/'` - -sockets_limit=`echo ${limits} | grep sockets_limit | sed -r 's/^.+sockets_limit,([[:digit:]]+).*$/\1/'` -sockets_used=`echo ${limits} | grep sockets_used | sed -r 's/^.+sockets_used,([[:digit:]]+).*$/\1/'` - -total_pct=`echo \( $total_used/$total_limit \) \* 100 | bc -l | awk '{printf "%3.2f", $0}'` -sockets_pct=`echo \( $sockets_used/$sockets_limit \) \* 100 | bc -l | awk '{printf "%3.2f", $0}'` - -# Check all critical thresholds first -[ -n "$TOTAL_CRIT" ] && [ $total_used -gt $TOTAL_CRIT ] && \ - STATE=$STATE_CRITICAL && \ - MESSAGE="${MESSAGE}CRITICAL: total used > $TOTAL_CRIT; " - -[ -n "$TOTALPCT_CRIT" ] && [ `echo $total_pct \> $TOTALPCT_CRIT | bc -l` == 1 ] && \ - STATE=$STATE_CRITICAL && \ - MESSAGE="${MESSAGE}CRITICAL: total % used > $TOTALPCT_CRIT%; " - -[ -n "$SOCKETS_CRIT" ] && [ $sockets_used -gt $SOCKETS_CRIT ] && \ - STATE=$STATE_CRITICAL && \ - MESSAGE="${MESSAGE}CRITICAL: sockets used > $SOCKETS_CRIT; " - -[ -n "$SOCKETSPCT_CRIT" ] && [ `echo $sockets_pct \> $SOCKETSPCT_CRIT | bc -l` -eq 1 ] && \ - STATE=$STATE_CRITICAL && \ - MESSAGE="${MESSAGE}CRITICAL: sockets % used > $SOCKETSPCT_CRIT%; " - -[ -n "$LIMIT_CRIT" ] && [ $total_limit -lt $LIMIT_CRIT ] && \ - STATE=$STATE_CRITICAL && \ - MESSAGE="${MESSAGE}CRITICAL: total limit < $LIMIT_CRIT; " - -# Check warning thresholds if critical was not already tripped -if [ $STATE -eq $STATE_OK ]; then - [ -n "$TOTAL_WARN" ] && [ $total_used -gt $TOTAL_WARN ] && \ - STATE=$STATE_WARNING && \ - MESSAGE="${MESSAGE}WARNING: total used > $TOTAL_WARN; " - - [ -n "$TOTALPCT_WARN" ] && [ `echo $total_pct \> $TOTALPCT_WARN | bc -l` == 1 ] && \ - STATE=$STATE_WARNING && \ - MESSAGE="${MESSAGE}WARNING: total % used > $TOTALPCT_WARN%; " - - [ -n "$SOCKETS_WARN" ] && [ $sockets_used -gt $SOCKETS_WARN ] && \ - STATE=$STATE_WARNING && \ - MESSAGE="${MESSAGE}WARNING: sockets used > $SOCKETS_WARN; " - - [ -n "$SOCKETSPCT_WARN" ] && [ `echo $sockets_pct \> $SOCKETSPCT_WARN | bc -l` -eq 1 ] && \ - STATE=$STATE_WARNING && \ - MESSAGE="${MESSAGE}WARNING: sockets % used > $SOCKETSPCT_WARN%; " - - [ -n "$LIMIT_WARN" ] && [ $total_limit -lt $LIMIT_WARN ] && \ - STATE=$STATE_WARNING && \ - MESSAGE="${MESSAGE}WARNING: total limit < $LIMIT_WARN; " -fi - -echo -n "${MESSAGE}" -echo -n "Total file descriptors: ${total_used}/${total_limit} (${total_pct}%), " -echo "Sockets: ${sockets_used}/${sockets_limit}, (${sockets_pct}%)" - -exit $STATE diff --git a/terraform/README.md b/terraform/README.md deleted file mode 100644 index c3f818f..0000000 --- a/terraform/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Example Terraform deployments - -Contained here are example terraform deployment scripts for deploying applications and services on top of openstack. - diff --git a/terraform/cicd/.gitignore b/terraform/cicd/.gitignore deleted file mode 100644 index d67bb65..0000000 --- a/terraform/cicd/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -terraform.tfstate* -openrc -.vagrant/ diff --git a/terraform/cicd/README.md b/terraform/cicd/README.md deleted file mode 100644 index 890871b..0000000 --- a/terraform/cicd/README.md +++ /dev/null @@ -1,73 +0,0 @@ -CI/CD for everyone else -======================= - -This Terraform project pretends to provision all the OpenStack resources for a Development Infrastructure required for Applications that uses Continuous Integration and Continuos Delivery software cycle. - -# Requirements: - -- [Install Terraform] (https://www.terraform.io/intro/getting-started/install.html) -- Customize according to your OpenStack Provider - -## General OpenStack settings - -Terraform OpenStack provider needs environment variables to be set -before you can run the scripts. In general, you can simply export OS -environment variables like the following: - -``` -export OS_TENANT_NAME=osic-engineering -export OS_AUTH_URL=https://cloud1.osic.org:5000/v2.0 -export OS_DOMAIN_NAME=Default -export OS_REGION_NAME=RegionOne -export OS_PASSWORD=secret -export OS_USERNAME=demo -``` -Those values depend on the OpenStack Cloud provider. - -## Steps for execution: - -``` -$ git clone https://github.com/electrocucaracha/terraform-cicd.git -$ cd terraform-cicd -$ terraform apply -... -Apply complete! Resources: 13 added, 0 changed, 0 destroyed. -... -Outputs: - -gerrit = http://10.0.0.1 -jenkins = http://10.0.0.2 -redmine = http://10.0.0.3 -``` - -## Post-configuration - -### Redmine Security Realm (authentication): - -First you need to get consumer key/secret from Redmine OAuth Provider Plugin. - -1. Log into your Redmine account. -2. Access to [YOUR_REDMINE_HOST]/oauth_clients -3. Click the **Register your application** link. -4. The system requests the following information: - * **Name** is required. For example, input Jenkins - * **Main Application URL** is required. For example, input your jenkins url. - * **Callback URL** is required. For example, input [YOUR_JENKINS_HOST]/securityRealm/finishLogin - * **Support URL** is not required. -5. Press **Register**. - The system generates a key and a secret for you. - Toggle the consumer name to see the generated Key and Secret value for your consumer. - -Second, you need to configure your Jenkins. - -1. Open Jenkins **Configure System** page. -2. Check **Enable security**. -3. Select **Redmine OAuth Plugin** in **Security Realm**. -4. Input your Redmine Url to **Redmine Url**. -5. Input your Consumer Key to **Client ID**. -6. Input your Consumer Secret to **Client Secret**. -7. Click **Save** button. - -## Destroy: - - terraform destroy diff --git a/terraform/cicd/Vagrantfile b/terraform/cicd/Vagrantfile deleted file mode 100644 index b750f1a..0000000 --- a/terraform/cicd/Vagrantfile +++ /dev/null @@ -1,55 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# All Vagrant configuration is done below. The "2" in Vagrant.configure -# configures the configuration version (we support older styles for -# backwards compatibility). Please don't change it unless you know what -# you're doing. -Vagrant.configure("2") do |config| - config.vm.box = "sputnik13/trusty64" - - config.vm.define :redmine_db do |redmine_db| - redmine_db.vm.hostname = 'redmine-db' - redmine_db.vm.network :private_network, ip: '192.168.50.2' - redmine_db.vm.provider "virtualbox" do |v| - v.customize ["modifyvm", :id, "--memory", 1 * 1024] - end - redmine_db.vm.provision 'shell' do |s| - s.path = 'redmine/postinstall_db.sh' - s.args = ['root_password', 'redmine_password'] - end - end - config.vm.define :redmine_web do |redmine_web| - redmine_web.vm.hostname = 'redmine' - redmine_web.vm.network :private_network, ip: '192.168.50.3' - redmine_web.vm.provider "virtualbox" do |v| - v.customize ["modifyvm", :id, "--memory", 2 * 1024] - end - redmine_web.vm.provision 'shell' do |s| - s.path = 'redmine/postinstall_web.sh' - s.args = ['3.3.0', '192.168.50.2', 'redmine_password'] - end - end - config.vm.define :gerrit do |gerrit| - gerrit.vm.hostname = "gerrit" - gerrit.vm.network :private_network, ip: '192.168.50.5' - gerrit.vm.provider "virtualbox" do |v| - v.customize ["modifyvm", :id, "--memory", 1 * 1024] - end - gerrit.vm.provision 'shell' do |s| - s.path = 'gerrit/postinstall.sh' - s.args = ['127.0.0.1'] - end - end - config.vm.define :jenkins do |jenkins| - jenkins.vm.hostname = "jenkins" - jenkins.vm.network :private_network, ip: '192.168.50.6' - jenkins.vm.provider "virtualbox" do |v| - v.customize ["modifyvm", :id, "--memory", 1 * 1024] - end - jenkins.vm.provision 'shell' do |s| - s.path = 'jenkins/postinstall.sh' - s.args = ['192.168.50.3', '3.3.0', '192.168.50.5'] - end - end -end diff --git a/terraform/cicd/gerrit.tf b/terraform/cicd/gerrit.tf deleted file mode 100644 index 11dfbee..0000000 --- a/terraform/cicd/gerrit.tf +++ /dev/null @@ -1,25 +0,0 @@ -resource "openstack_compute_floatingip_v2" "gerrit_floatingip" { - depends_on = ["openstack_networking_router_interface_v2.router_interface"] - pool = "${var.floating_pool}" -} - -# Template for gerrit installation -data "template_file" "gerrit_postinstall_script" { - template = "${file("gerrit.tpl")}" - vars { - password = "secure" - } -} - -resource "openstack_compute_instance_v2" "gerrit" { - name = "gerrit" - image_name = "${var.image}" - flavor_name = "${var.flavor}" - security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ] - floating_ip = "${openstack_compute_floatingip_v2.gerrit_floatingip.address}" - user_data = "${data.template_file.gerrit_postinstall_script.rendered}" - - network { - uuid = "${openstack_networking_network_v2.private_network.id}" - } -} diff --git a/terraform/cicd/gerrit.tpl b/terraform/cicd/gerrit.tpl deleted file mode 100644 index dd8fc6d..0000000 --- a/terraform/cicd/gerrit.tpl +++ /dev/null @@ -1,15 +0,0 @@ -#cloud-config - -ssh_pwauth: true - -users: - - name: cicd - passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/ - lock_passwd: False - sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"] - shell: /bin/bash - -runcmd: - - wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/gerrit/postinstall.sh - - chmod 755 postinstall.sh - - bash postinstall.sh diff --git a/terraform/cicd/gerrit/postinstall.sh b/terraform/cicd/gerrit/postinstall.sh deleted file mode 100644 index b79a7fb..0000000 --- a/terraform/cicd/gerrit/postinstall.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/bash - -ROOT_DBPASS=secure -GERRIT_DBPASS=secure -gerrit_version=2.12.4 -deployment_folder=/opt/gerrit - -# 1. Configure Java for Strong Cryptography -apt-get update -y -apt-get install software-properties-common -y -add-apt-repository ppa:webupd8team/java -y -apt-get update -y - -echo debconf shared/accepted-oracle-license-v1-1 select true | debconf-set-selections -echo debconf shared/accepted-oracle-license-v1-1 seen true | debconf-set-selections - -apt-get install -y oracle-java8-set-default oracle-java8-unlimited-jce-policy - -# 2. Download Gerrit -wget https://www.gerritcodereview.com/download/gerrit-${gerrit_version}.war - -# 3. Database Setup -debconf-set-selections <<< "mysql-server mysql-server/root_password password ${ROOT_DBPASS}" -debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${ROOT_DBPASS}" -apt-get install -y mariadb-server - -mysql -uroot -p${ROOT_DBPASS} -e "CREATE DATABASE reviewdb;" -mysql -uroot -p${ROOT_DBPASS} -e "GRANT ALL PRIVILEGES ON reviewdb.* TO 'gerrit'@'localhost' IDENTIFIED BY '${GERRIT_DBPASS}';"; - -# 4. Initialize the Site -useradd gerrit -echo "gerrit:${GERRIT_DBPASS}"| chpasswd -mkdir -p ${deployment_folder}/etc/ -cat < ${deployment_folder}/etc/gerrit.config -[gerrit] - basePath = localhost - canonicalWebUrl = http://${HOSTNAME} -[database] - type = mysql - hostname = localhost - database = reviewdb - username = gerrit - password = ${GERRIT_DBPASS} -[index] - type = LUCENE -[auth] - type = DEVELOPMENT_BECOME_ANY_ACCOUNT -[receive] - enableSignedPush = true -[sendemail] - smtpServer = localhost -[container] - user = root - javaHome = /usr/lib/jvm/java-8-oracle/jre -[sshd] - listenAddress = *:29418 -[httpd] - listenUrl = proxy-http://*:8080/ -[cache] - directory = cache -EOL - -apt-get install -y gitweb - -java -jar gerrit-${gerrit_version}.war init -d ${deployment_folder} --batch -# The second time downloads bcpkix jar -java -jar gerrit-${gerrit_version}.war init -d ${deployment_folder} --batch -java -jar gerrit-${gerrit_version}.war reindex -d ${deployment_folder} - -ln -snf ${deployment_folder}/bin/gerrit.sh /etc/init.d/gerrit -ln -snf /etc/init.d/gerrit /etc/rc3.d/S90gerrit - -cat < /etc/default/gerritcodereview -GERRIT_SITE=${deployment_folder} -EOL - -service gerrit start - -a2enmod proxy -a2enmod proxy_http - -cat < /etc/apache2/sites-available/000-default.conf - - ProxyPreserveHost On - - - ProxyPass http://0.0.0.0:8080/ - Order allow,deny - Allow from all - - -EOL -service apache2 restart diff --git a/terraform/cicd/jenkins.tf b/terraform/cicd/jenkins.tf deleted file mode 100644 index 6156c78..0000000 --- a/terraform/cicd/jenkins.tf +++ /dev/null @@ -1,27 +0,0 @@ -resource "openstack_compute_floatingip_v2" "jenkins_floatingip" { - depends_on = ["openstack_networking_router_interface_v2.router_interface"] - pool = "${var.floating_pool}" -} - -# Template for jenkins installation -data "template_file" "jenkins_postinstall_script" { - template = "${file("jenkins.tpl")}" - vars { - redmine_ip = "${openstack_compute_floatingip_v2.redmine_floatingip.address}" - redmine_version = "${var.redmine_version}" - gerrit_ip = "${openstack_compute_floatingip_v2.gerrit_floatingip.address}" - } -} - -resource "openstack_compute_instance_v2" "jenkins" { - name = "jenkins" - image_name = "${var.image}" - flavor_name = "${var.flavor}" - security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ] - floating_ip = "${openstack_compute_floatingip_v2.jenkins_floatingip.address}" - user_data = "${data.template_file.jenkins_postinstall_script.rendered}" - - network { - uuid = "${openstack_networking_network_v2.private_network.id}" - } -} diff --git a/terraform/cicd/jenkins.tpl b/terraform/cicd/jenkins.tpl deleted file mode 100644 index bd9ae60..0000000 --- a/terraform/cicd/jenkins.tpl +++ /dev/null @@ -1,15 +0,0 @@ -#cloud-config - -ssh_pwauth: true - -users: - - name: cicd - passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/ - lock_passwd: False - sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"] - shell: /bin/bash - -runcmd: - - wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/jenkins/postinstall.sh - - chmod 755 postinstall.sh - - bash postinstall.sh ${redmine_ip} ${redmine_version} ${gerrit_ip} diff --git a/terraform/cicd/jenkins/postinstall.sh b/terraform/cicd/jenkins/postinstall.sh deleted file mode 100644 index 183bb4b..0000000 --- a/terraform/cicd/jenkins/postinstall.sh +++ /dev/null @@ -1,219 +0,0 @@ -#!/bin/bash - -version=2.25 -filename=jenkins_${version}_all.deb - -redmine_ip=$1 -redmine_version=$2 -gerrit_ip=$3 - -apt-get update -y -apt-get install -y openjdk-7-jdk daemon nginx -wget -q -O - https://pkg.jenkins.io/debian/jenkins-ci.org.key | apt-key add - -echo deb http://pkg.jenkins.io/debian binary/ > /etc/apt/sources.list.d/jenkins.list -apt-get update -y -wget http://pkg.jenkins.io/debian/binary/$filename -dpkg -i $filename -rm $filename - -rm /etc/nginx/sites-available/default -cat < /etc/nginx/sites-available/jenkins -upstream app_server { - server 127.0.0.1:8080 fail_timeout=0; -} - -server { - listen 80; - listen [::]:80 default ipv6only=on; - server_name ci.yourcompany.com; - - location / { - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header Host \$http_host; - proxy_redirect off; - - if (!-f \$request_filename) { - proxy_pass http://app_server; - break; - } - } -} -EOL - -ln -s /etc/nginx/sites-available/jenkins /etc/nginx/sites-enabled/ -service nginx restart - -echo $version > /var/lib/jenkins/jenkins.install.InstallUtil.lastExecVersion -sed -i "s|127.0.0.1 localhost|127.0.0.1 localhost $(hostname)|g" /etc/hosts - -# Install plugins - -wget http://updates.jenkins-ci.org/latest/redmine.hpi -P /var/lib/jenkins/plugins -wget http://updates.jenkins-ci.org/latest/subversion.hpi -P /var/lib/jenkins/plugins -wget http://updates.jenkins-ci.org/latest/mapdb-api.hpi -P /var/lib/jenkins/plugins -wget http://updates.jenkins-ci.org/latest/credentials.hpi -P /var/lib/jenkins/plugins -wget http://updates.jenkins-ci.org/latest/ssh-credentials.hpi -P /var/lib/jenkins/plugins -wget http://updates.jenkins-ci.org/latest/scm-api.hpi -P /var/lib/jenkins/plugins -wget http://updates.jenkins-ci.org/latest/structs.hpi -P /var/lib/jenkins/plugins -wget http://updates.jenkins-ci.org/latest/workflow-step-api.hpi -P /var/lib/jenkins/plugins -wget http://updates.jenkins-ci.org/latest/workflow-scm-step.hpi -P /var/lib/jenkins/plugins - -wget http://updates.jenkins-ci.org/latest/gerrit-trigger.hpi -P /var/lib/jenkins/plugins - -apt-get install -y git maven -redmine_oauth_folder=/tmp/redmine-oauth-plugin -git clone https://github.com/mallowlabs/redmine-oauth-plugin.git $redmine_oauth_folder -pushd $redmine_oauth_folder -mvn package -export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/ -mv target/redmine-oauth.hpi /var/lib/jenkins/plugins/ -popd - - -cd /var/lib/jenkins/ -# Configure Redmine -cat < hudson.plugins.redmine.RedmineProjectProperty.xml - - - - - redmine - http://$redmine_ip/ - $redmine_version - - - -EOL - -cat < gerrit-trigger.xml - - - - - gerrit - false - - $gerrit_ip - 29418 - - jenkins - - /var/lib/jenkins/.ssh/id_rsa - f+BwOT8JcD9bpti9rVi5OQ== - false - false - false - gerrit review <CHANGE>,<PATCHSET> --message 'Build Successful <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW> - gerrit review <CHANGE>,<PATCHSET> --message 'Build Unstable <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW> - gerrit review <CHANGE>,<PATCHSET> --message 'Build Failed <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW> - gerrit review <CHANGE>,<PATCHSET> --message 'Build Started <BUILDURL> <STARTED_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW> - gerrit review <CHANGE>,<PATCHSET> --message 'No Builds Executed <BUILDS_STATS>' --verified <VERIFIED> --code-review <CODE_REVIEW> - http://$gerrit_ip/ - 0 - 1 - -1 - 0 - 0 - 0 - 0 - 0 - -1 - 0 - true - true - 3 - 30 - true - 3600 - 0 - - - Code-Review - Code Review - - - Verified - Verified - - - - false - - false - - 0 - - - - - ALL - - false - false - false - - - - - - 3 - 1 - 360 - - -EOL - -cat < config.xml - - - - 1.0 - 2 - NORMAL - true - - - http://${redmine_ip} - - - - false - - \${ITEM_ROOTDIR}/workspace - \${ITEM_ROOTDIR}/builds - - - - - - 0 - - - - All - false - false - - - - All - 0 - - - - -EOL - -cat < jenkins.security.QueueItemAuthenticatorConfiguration.xml - - - - -EOL - -chown jenkins:jenkins -R /var/lib/jenkins/ -service jenkins restart -echo false > secrets/slave-to-master-security-kill-switch -service jenkins restart - -su jenkins -c "ssh-keygen -b 2048 -t rsa -f /var/lib/jenkins/.ssh/id_rsa -q -N \"\"" diff --git a/terraform/cicd/main.tf b/terraform/cicd/main.tf deleted file mode 100644 index c34e0d8..0000000 --- a/terraform/cicd/main.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "gerrit" { - value = "http://${openstack_compute_floatingip_v2.gerrit_floatingip.address}" -} - -output "jenkins" { - value = "http://${openstack_compute_floatingip_v2.jenkins_floatingip.address}" -} - -output "redmine" { - value = "http://${openstack_compute_floatingip_v2.redmine_floatingip.address}" -} diff --git a/terraform/cicd/network.tf b/terraform/cicd/network.tf deleted file mode 100644 index 59731df..0000000 --- a/terraform/cicd/network.tf +++ /dev/null @@ -1,46 +0,0 @@ -resource "openstack_networking_network_v2" "private_network" { - name = "cicd-private" - admin_state_up = "true" -} - -resource "openstack_networking_subnet_v2" "private_subnet01" { - name = "cicd-subnet" - network_id = "${openstack_networking_network_v2.private_network.id}" - cidr = "192.168.50.0/24" - ip_version = 4 - enable_dhcp = "true" - dns_nameservers = ["8.8.8.8"] -} - -resource "openstack_compute_secgroup_v2" "secgroup" { - name = "cicd-secgroup" - description = "Security group for accessing to CI/CD environment" - rule { - from_port = 22 - to_port = 22 - ip_protocol = "tcp" - cidr = "0.0.0.0/0" - } - rule { - from_port = 80 - to_port = 80 - ip_protocol = "tcp" - cidr = "0.0.0.0/0" - } -} - -resource "openstack_networking_router_v2" "router" { - name = "cicd-router" - admin_state_up = "true" - external_gateway = "${var.external_gateway}" -} - -resource "openstack_networking_router_interface_v2" "router_interface" { - router_id = "${openstack_networking_router_v2.router.id}" - subnet_id = "${openstack_networking_subnet_v2.private_subnet01.id}" -} - -resource "openstack_compute_floatingip_v2" "floatingip" { - depends_on = ["openstack_networking_router_interface_v2.router_interface"] - pool = "${var.floating_pool}" -} diff --git a/terraform/cicd/redmine.tf b/terraform/cicd/redmine.tf deleted file mode 100644 index 05e6750..0000000 --- a/terraform/cicd/redmine.tf +++ /dev/null @@ -1,47 +0,0 @@ -resource "openstack_compute_floatingip_v2" "redmine_floatingip" { - depends_on = ["openstack_networking_router_interface_v2.router_interface"] - pool = "${var.floating_pool}" -} - -# Template for redmine webserver installation -data "template_file" "redmine_web_postinstall_script" { - template = "${file("redmine_web.tpl")}" - vars { - version = "${var.redmine_version}" - redmine_db_ip = "${openstack_compute_instance_v2.redmine_db.network.0.fixed_ip_v4}" - redmine_db_password = "${var.redmine_db_password}" - } -} - -resource "openstack_compute_instance_v2" "redmine" { - depends_on = ["openstack_compute_instance_v2.redmine_db"] - name = "redmine" - image_name = "${var.image}" - flavor_name = "${var.flavor}" - security_groups = [ "${openstack_compute_secgroup_v2.secgroup.name}" ] - floating_ip = "${openstack_compute_floatingip_v2.redmine_floatingip.address}" - user_data = "${data.template_file.redmine_web_postinstall_script.rendered}" - network { - uuid = "${openstack_networking_network_v2.private_network.id}" - } -} - -# Template for redmine database installation -data "template_file" "redmine_db_postinstall_script" { - template = "${file("redmine_db.tpl")}" - vars { - root_db_password = "${var.root_db_password}" - redmine_db_password = "${var.redmine_db_password}" - } -} - -resource "openstack_compute_instance_v2" "redmine_db" { - name = "redmine-db" - image_name = "${var.image}" - flavor_name = "${var.flavor}" - user_data = "${data.template_file.redmine_db_postinstall_script.rendered}" - - network { - uuid = "${openstack_networking_network_v2.private_network.id}" - } -} diff --git a/terraform/cicd/redmine/postinstall_db.sh b/terraform/cicd/redmine/postinstall_db.sh deleted file mode 100644 index 71e866d..0000000 --- a/terraform/cicd/redmine/postinstall_db.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -ROOT_DBPASS=$1 -REDMINE_DBPASS=$2 - -# 0. Install dependencies -apt-get update -y -apt-get upgrade -y - -# 2. Create an empty database and accompanying user -debconf-set-selections <<< "mysql-server mysql-server/root_password password ${ROOT_DBPASS}" -debconf-set-selections <<< "mysql-server mysql-server/root_password_again password ${ROOT_DBPASS}" -apt-get install -y mariadb-server - -mysql -uroot -p${ROOT_DBPASS} -e "CREATE DATABASE redmine CHARACTER SET utf8;" -mysql -uroot -p${ROOT_DBPASS} -e "GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'%' IDENTIFIED BY '${REDMINE_DBPASS}';"; - -sed -i "s|127.0.0.1|0.0.0.0|g" /etc/mysql/my.cnf -service mysql restart -sleep 5 -echo -e "${ROOT_DBPASS}\nn\nY\nY\nY\n" | mysql_secure_installation diff --git a/terraform/cicd/redmine/postinstall_web.sh b/terraform/cicd/redmine/postinstall_web.sh deleted file mode 100644 index fd7ee14..0000000 --- a/terraform/cicd/redmine/postinstall_web.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/bash - -version=$1 -redmine_db_ip=$2 -REDMINE_DBPASS=$3 - -export REDMINE_LANG=en -output_folder=/opt/redmine -redmine_folder=$output_folder/redmine-$version -bootstrap_plugin_version=0.2.4 -jenkins_plugin_version=1.0.1 -oauth_provider=0.0.5 - -# 0. Install dependencies -apt-get update -y -apt-get upgrade -y -apt-get install -y rubygems-integration ruby-dev libmysqlclient-dev build-essential libcurl4-openssl-dev - -# 1. Redmine application -mkdir $output_folder -wget -O /tmp/redmine.tar.gz http://www.redmine.org/releases/redmine-$version.tar.gz -tar xzf /tmp/redmine.tar.gz -C $output_folder -cd $redmine_folder - -# 3. Database connection configuration -cat < config/database.yml -production: - adapter: mysql2 - database: redmine - host: ${redmine_db_ip} - username: redmine - password: "${REDMINE_DBPASS}" - encoding: utf8 -EOL - -# 4. Dependencies installation -gem install bundler -bundle install --without development test rmagick - -# 5. Session store secret generation -bundle exec rake generate_secret_token - -# 6. Database schema objects creation -RAILS_ENV=production bundle exec rake db:migrate - -# 7. Database default data set -RAILS_ENV=production bundle exec rake redmine:load_default_data - -# 8. File system permissions -mkdir -p tmp tmp/pdf public/plugin_assets -useradd redmine -chown -R redmine:redmine files log tmp public/plugin_assets -chmod -R 755 files log tmp public/plugin_assets - -# 9. Install Passenger packages -apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7 -apt-get install -y apt-transport-https ca-certificates -echo 'deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main' > /etc/apt/sources.list.d/passenger.list -apt-get update -apt-get install -y nginx-extras passenger -sed -i "s|# include /etc/nginx/passenger.conf;|include /etc/nginx/passenger.conf;|g" /etc/nginx/nginx.conf - -# 10. Configure Nginx -cat < /etc/nginx/sites-available/redmine -server { - listen 80; - server_name www.redmine.me; - root $redmine_folder/public; - passenger_enabled on; - client_max_body_size 10m; # Max attachemnt size -} -EOL -ln -s /etc/nginx/sites-available/redmine /etc/nginx/sites-enabled/redmine -rm /etc/nginx/sites-enabled/default - -# Configure jenkins plugin and their dependencies -apt-get install -y git - -cd ${redmine_folder}/plugins -git clone https://github.com/jbox-web/redmine_bootstrap_kit.git -pushd redmine_bootstrap_kit/ -git checkout tags/${bootstrap_plugin_version} -popd - -git clone https://github.com/jbox-web/redmine_jenkins.git -pushd redmine_jenkins/ -git checkout tags/${jenkins_plugin_version} -popd - -git clone https://github.com/suer/redmine_oauth_provider.git -pushd redmine_oauth_provider -git checkout tags/${oauth_provider} -popd - -bundle install --without development test -bundle exec rake redmine:plugins:migrate RAILS_ENV=production - -chown -R redmine:redmine ${redmine_folder} - -service nginx restart diff --git a/terraform/cicd/redmine_db.tpl b/terraform/cicd/redmine_db.tpl deleted file mode 100644 index 87de496..0000000 --- a/terraform/cicd/redmine_db.tpl +++ /dev/null @@ -1,15 +0,0 @@ -#cloud-config - -ssh_pwauth: true - -users: - - name: cicd - passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/ - lock_passwd: False - sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"] - shell: /bin/bash - -runcmd: - - wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/redmine/postinstall_db.sh - - chmod 755 postinstall_db.sh - - bash postinstall_db.sh ${root_db_password} ${redmine_db_password} diff --git a/terraform/cicd/redmine_web.tpl b/terraform/cicd/redmine_web.tpl deleted file mode 100644 index de2f70a..0000000 --- a/terraform/cicd/redmine_web.tpl +++ /dev/null @@ -1,15 +0,0 @@ -#cloud-config - -ssh_pwauth: true - -users: - - name: cicd - passwd: $6$rounds=4096$DWIvD0b83l1wOVo$3Ww47Krh0JkgohulOJbr4W7WcvQuzlapHd0/qfjEmGvrA1YHjxmhS.Up6B/WV1/b5Yc5J7kvvPFvIbcqpMHII/ - lock_passwd: False - sudo: ["ALL=(ALL) NOPASSWD:ALL\nDefaults:stack !requiretty"] - shell: /bin/bash - -runcmd: - - wget https://raw.githubusercontent.com/electrocucaracha/terraform-cicd/master/redmine/postinstall_web.sh - - chmod 755 postinstall_web.sh - - bash postinstall_web.sh ${version} ${redmine_db_ip} ${redmine_db_password} diff --git a/terraform/cicd/variables.tf b/terraform/cicd/variables.tf deleted file mode 100644 index 5439021..0000000 --- a/terraform/cicd/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -variable "image" { - default = "ubuntu-14.04-cloud" -} - -variable "flavor" { - default = "m2.large" -} - -variable "external_gateway" { - default = "7004a83a-13d3-4dcd-8cf5-52af1ace4cae" -} - -variable "floating_pool" { - default = "GATEWAY_NET" -} - -# Redmine Configuration values -variable "redmine_version" { - default = "3.3.0" -} - -variable "root_db_password"{ - default = "secure" -} - -variable "redmine_db_password"{ - default = "secure" -} diff --git a/terraform/deis-coreos/.gitignore b/terraform/deis-coreos/.gitignore deleted file mode 100644 index 8d250fd..0000000 --- a/terraform/deis-coreos/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.tfstate -*.tfstate.backup -files/discovery_url -*.override diff --git a/terraform/deis-coreos/LICENSE b/terraform/deis-coreos/LICENSE deleted file mode 100644 index 552c8d8..0000000 --- a/terraform/deis-coreos/LICENSE +++ /dev/null @@ -1,14 +0,0 @@ -Copyright 2013, 2014 Engine Yard, Inc. -Copyright 2016 Paul Czarkowski - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/terraform/deis-coreos/README.md b/terraform/deis-coreos/README.md deleted file mode 100644 index 57fa5e4..0000000 --- a/terraform/deis-coreos/README.md +++ /dev/null @@ -1,235 +0,0 @@ -# DEIS on Openstack with Terraform - -Provision a DEIS cluster with [Terraform](https://www.terraform.io) on -Openstack. - -## Status - -This will install a DEIS cluster on an Openstack Cloud. It is tested on a -OpenStack Cloud provided by [BlueBox](https://www.blueboxcloud.com/) and -should work on most modern installs of OpenStack that support the basic -services. - -## Requirements - -- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html) -- [Install DEIS CLI](http://docs.deis.io/en/latest/using_deis/install-client/) -- ]Upload a CoreOS](https://coreos.com/os/docs/latest/booting-on-openstack.html) image to glance and remember the image name. - -## Terraform - -Terraform will be used to provision all of the OpenStack resources required to -run Docker Swarm. It is also used to deploy and provision the software -requirements. - -### Prep - -#### OpenStack - -Ensure your OpenStack credentials are loaded in environment variables. This is -how I do it: - -``` -$ source ~/.stackrc -``` - -You will need two networks before installing, an internal network and -an external (floating IP Pool) network. The internet network can be shared as -we use security groups to provide network segregation. Due to the many -differences between OpenStack installs the Terraform does not attempt to create -these for you. - -By default Terraform will expect that your networks are called `internal` and -`external`. You can change this by altering the Terraform variables `network_name` and `floatingip_pool`. - -You can also change the number of instances `cluster_size` (default `3`); the -path to your public key `public_key_path` (default `~/.ssh/id_rsa.pub`); and -the flavor `flavor` to use (default `m1.medium`). - -All OpenStack resources will use the Terraform variable `cluster_name` ( -default `example`) in their name to make it easier to track. For example the -first compute resource will be named `example-deis-1`. - -#### Terraform - -Ensure your local ssh-agent is running and your ssh key has been added. This -step is required by the terraform provisioner: - -``` -$ eval $(ssh-agent -s) -$ ssh-add ~/.ssh/id_rsa -``` - - -Ensure that you have your Openstack credentials loaded into Terraform -environment variables. Likely via a command similar to: - -``` -$ export TF_VAR_username=${OS_USERNAME} -$ export TF_VAR_password=${OS_PASSWORD} -$ export TF_VAR_tenant=${OS_TENANT_NAME} -$ export TF_VAR_auth_url=${OS_AUTH_URL} -``` - -Terraform expects an SSH keypair to exist `keys/deis` and `keys/deis.pub` -which it will upload to the instances so they can communicate with eachother -over SSH, if this keypair doesn't exist it will attempt to create them. - -Terraform will attempt to fetch a _Discovery URL_ for etcd. If you want to -provide your own write it to the text file `files/discovery_url` and set the -Terraform variable `generate_discovery_url` to `0`. - -You can also change the version of DEIS to install by setting `deisctl_version` -and you can set `deis_domain` if you have a custom URL (otherwise it will use -`.xip.io`). - - -# Provision a Deis Cluster on OpenStack - -With all our variables set we can go ahead and provision our cluster adding any -extra variables you wish to pass through like this: - -_The steps that install and start deis can take quite some time, be patient._ - -``` -$ terraform apply \ - -var "image=coreos-alpha-884-0-0" -... -... -Apply complete! Resources: 12 added, 0 changed, 0 destroyed. - -The state of your infrastructure has been saved to the path -below. This state is required to modify and destroy your -infrastructure, so keep it safe. To inspect the complete state -use the `terraform show` command. - -State path: terraform.tfstate - -Outputs: - - msg = Your hosts are ready to go! Continue following the documentation to install and start Deis. Your hosts are: x.x.x.x, y.y.y.y, z.z.z.z - register = Run the following to register your first [admin] user: $ deis register http://deis.x.x.x.x.xip.io - -``` - -# Create first user and deploy a demonstration app: - -Create admin user: - -``` -$ deis register http://deis.x.x.x.x.xip.io -username: admin -password: -password (confirm): -email: admin@example.com -Registered admin -upgrading. -Logged in as admin -``` - -Upload a SSH key: - -``` -$ deis keys:add ~/.ssh/id_rsa.pub -Uploading id_rsa.pub to deis... done -``` - -Deploy an example application: - -``` -$ git clone https://github.com/deis/example-python-flask.git -$ cd example-python-flask -$ deis create -Creating Application... o..done, created hungry-knapsack - -$ git push deis master -Counting objects: 98, done. -Delta compression using up to 8 threads. -Compressing objects: 100% (88/88), done. -Writing objects: 100% (98/98), 22.55 KiB | 0 bytes/s, done. -Total 98 (delta 38), reused 0 (delta 0) ------> Python app detected ------> Installing runtime (python-2.7.10) ------> Installing dependencies with pip -... ------> Discovering process types ------> Compiled slug size is 37M ------> Building Docker image -remote: Sending build context to Docker daemon 38.33 MB -... -Step 1 : ENV GIT_SHA 774eded22b5bab907c89a29b100ccc7f2423b729 - ---> Running in 75274e449a86 - ---> 3ec06b68ed87 -Removing intermediate container 75274e449a86 -Successfully built 3ec06b68ed87 ------> Pushing image to private registry ------> Launching... - done, hungry-knapsack:v2 deployed to Deis - http://hungry-knapsack.x.x.x.x.xip.io - To learn more, use `deis help` or visit http://deis.io -To ssh://git@deis.x.x.x.x.xip.io:2222/hungry-knapsack.git - * [new branch] master -> master - -``` - -Test that it works: - -``` -$ curl http://hungry-knapsack.x.x.x.x.xip.io/ -Powered by Deis -``` - -Scale it up: - -``` -$ deis scale web=3 -Scaling processes... but first, coffee! -..o -=== hungry-knapsack Processes ---- web: -web.1 up (v2) -web.2 up (v2) -web.3 up (v2) -$ curl http://hungry-knapsack.x.x.x.x.xip.io/ -Powered by Deis -``` - -Configure it: - -``` -$ deis config:set POWERED_BY=OpenStack -Creating config... ..o -done, v3 -=== hungry-knapsack Config -POWERED_BY OpenStack - -$ curl http://hungry-knapsack.x.x.x.x.xip.io/ -Powered by OpenStack -``` - -Destroy it: - -``` -$ deis destroy - ! WARNING: Potentially Destructive Action - ! This command will destroy the application: hungry-knapsack - ! To proceed, type "hungry-knapsack" or re-run this command with --confirm=hungry-knapsack -> hungry-knapsack -Destroying hungry-knapsack... -done in 3s -Git remote deis removed -``` - -# clean up: - -``` -$ terraform destroy -Do you really want to destroy? - Terraform will delete all your managed infrastructure. - There is no undo. Only 'yes' will be accepted to confirm. - - Enter a value: yes -... -... -Apply complete! Resources: 0 added, 0 changed, 12 destroyed. -``` diff --git a/terraform/deis-coreos/deis.tf b/terraform/deis-coreos/deis.tf deleted file mode 100644 index 3a066d7..0000000 --- a/terraform/deis-coreos/deis.tf +++ /dev/null @@ -1,145 +0,0 @@ -resource "null_resource" "discovery_url" { - count = "${var.generate_discovery_url}" - provisioner "local-exec" { - command = "curl -s 'https://discovery.etcd.io/new?size=${var.cluster_size}' > files/discovery_url" - } -} - -resource "null_resource" "update_cloud_init" { - provisioner "local-exec" { - command = "sed -i \"s|^ discovery:.*$| discovery: $(cat files/discovery_url)|\" files/cloud-init" - } - depends_on = [ - "null_resource.discovery_url" - ] -} - -resource "null_resource" "generate_ssh_keys" { - provisioner "local-exec" { - command = "if [ ! -e keys/${var.deis_keyname} ]; then ssh-keygen -f keys/${var.deis_keyname} -P ''; fi" - } -} - -resource "openstack_networking_floatingip_v2" "deis" { - count = "${var.cluster_size}" - pool = "${var.floatingip_pool}" -} - -resource "openstack_compute_keypair_v2" "deis" { - name = "${var.cluster_name}-deis" - public_key = "${file(var.public_key_path)}" -} - -resource "openstack_compute_secgroup_v2" "deis" { - name = "${var.cluster_name}-deis" - description = "Deis Security Group" - rule { - ip_protocol = "tcp" - from_port = "22" - to_port = "22" - cidr = "0.0.0.0/0" - } - rule { - ip_protocol = "tcp" - from_port = "2222" - to_port = "2222" - cidr = "0.0.0.0/0" - } - rule { - ip_protocol = "tcp" - from_port = "80" - to_port = "80" - cidr = "0.0.0.0/0" - } - rule { - ip_protocol = "icmp" - from_port = "-1" - to_port = "-1" - cidr = "0.0.0.0/0" - } - rule { - ip_protocol = "icmp" - from_port = "-1" - to_port = "-1" - self = true - } - rule { - ip_protocol = "tcp" - from_port = "1" - to_port = "65535" - self = true - } - rule { - ip_protocol = "udp" - from_port = "1" - to_port = "65535" - self = true - } -} - -resource "openstack_compute_instance_v2" "deis" { - name = "${var.cluster_name}-deis-${count.index+1}" - count = "${var.cluster_size}" - image_name = "${var.image}" - flavor_id = "${var.flavor}" - key_pair = "${openstack_compute_keypair_v2.deis.name}" - user_data = "${file("files/cloud-init")}" - network { - name = "${var.network_name}" - } - security_groups = [ "${openstack_compute_secgroup_v2.deis.name}" ] - floating_ip = "${element(openstack_networking_floatingip_v2.deis.*.address, count.index)}" - provisioner "file" { - source = "keys/" - destination = "/home/core/.ssh/" - connection { - user = "core" - } - } - provisioner "remote-exec" { - inline = [ - "chown core:core /home/core/.ssh/${var.deis_keyname}*", - "chmod 0600 /home/core/.ssh/${var.deis_keyname}", - "cat /home/core/.ssh/${var.deis_keyname}.pub >> /home/core/.ssh/authorized_keys", - ] - connection { - user = "core" - } - } - depends_on = [ - "null_resource.update_cloud_init", - "null_resource.generate_ssh_keys" - ] -} - -resource "null_resource" "install_deis" { - provisioner "remote-exec" { - inline = [ - "sudo mkdir -p /opt/bin", - "if [[ ! -e /opt/bin/deictl ]]; then curl -sSL http://deis.io/deisctl/install.sh | sudo sh -s ${var.deisctl_version}; fi", - "export DOMAIN=${var.deis_domain}", - "if [[ -z $DOMAIN ]]; then export DOMAIN=${openstack_networking_floatingip_v2.deis.0.address}.xip.io; fi", - "/opt/bin/deisctl config platform set domain=$DOMAIN", - "/opt/bin/deisctl config platform set sshPrivateKey=/home/core/.ssh/${var.deis_keyname}", - "/opt/bin/deisctl install platform", - "/opt/bin/deisctl start platform", - ] - connection { - user = "core" - host = "${openstack_networking_floatingip_v2.deis.0.address}" - } - } - depends_on = [ - "openstack_compute_instance_v2.deis", - ] -} - - -output "msg" { - value = "Your hosts are ready to go! Continue following the documentation to install and start Deis. Your hosts are: ${join(", ", openstack_networking_floatingip_v2.deis.*.address )}" -} - -output "register" { - value = "Run the following to register your first [admin] user: $ deis register http://deis.${openstack_networking_floatingip_v2.deis.0.address}.xip.io" -} - diff --git a/terraform/deis-coreos/files/cloud-init b/terraform/deis-coreos/files/cloud-init deleted file mode 100644 index 5dbd114..0000000 --- a/terraform/deis-coreos/files/cloud-init +++ /dev/null @@ -1,279 +0,0 @@ -#cloud-config - -coreos: - etcd2: - # generate a new token for each unique cluster from https://discovery.etcd.io/new - discovery: https://discovery.etcd.io/f492560139d27c040399c5b1e0ef8440 - # multi-region and multi-cloud deployments need to use $public_ipv4 - advertise-client-urls: http://$private_ipv4:2379 - initial-advertise-peer-urls: http://$private_ipv4:2380 - # listen on both the official ports and the legacy ports - # legacy ports can be omitted if your application doesn't depend on them - listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 - listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 - data-dir: /var/lib/etcd2 - fleet: - public-ip: $private_ipv4 - metadata: controlPlane=true,dataPlane=true,routerMesh=true - update: - reboot-strategy: "off" - units: - - name: etcd.service - mask: true - - name: etcd2.service - command: start - - name: fleet.service - command: start - - name: docker-tcp.socket - command: start - enable: true - content: | - [Unit] - Description=Docker Socket for the API - - [Socket] - ListenStream=2375 - Service=docker.service - BindIPv6Only=both - - [Install] - WantedBy=sockets.target - - name: update-engine.service - command: stop - enable: false - - name: docker.service - drop-ins: - - name: 10-require-flannel.conf - content: | - [Unit] - Requires=flanneld.service - After=flanneld.service - - name: 50-insecure-registry.conf - content: | - [Service] - Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10" - - name: flanneld.service - command: start - drop-ins: - - name: 50-network-config.conf - content: | - [Service] - ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network": "10.244.0.0/16", "SubnetLen": 24, "SubnetMin": "10.244.0.0", "Backend": {"Type": "vxlan"}}' - - name: graceful-deis-shutdown.service - content: | - [Unit] - Description=Clean up - DefaultDependencies=no - After=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service - Requires=fleet.service etcd2.service deis-store-admin.service deis-store-daemon.service deis-store-volume.service docker.service docker.socket deis-store-monitor.service - - [Install] - WantedBy=shutdown.target halt.target reboot.target - - [Service] - ExecStop=/opt/bin/graceful-shutdown.sh --really - Type=oneshot - TimeoutSec=1200 - RemainAfterExit=yes - - name: install-deisctl.service - command: start - content: | - [Unit] - Description=Install deisctl utility - ConditionPathExists=!/opt/bin/deisctl - - [Service] - Type=oneshot - ExecStart=/usr/bin/sh -c 'curl -sSL --retry 5 --retry-delay 2 http://deis.io/deisctl/install.sh | sh -s 1.12.2' - - name: increase-nf_conntrack-connections.service - command: start - content: | - [Unit] - Description=Increase the number of connections in nf_conntrack. default is 65536 - - [Service] - Type=oneshot - ExecStartPre=/usr/sbin/modprobe nf_conntrack - ExecStart=/bin/sh -c "sysctl -w net.netfilter.nf_conntrack_max=262144" -write_files: - - path: /etc/deis-release - content: | - DEIS_RELEASE=v1.12.2 - - path: /etc/motd - content: " \e[31m* * \e[34m* \e[32m***** \e[39mddddd eeeeeee iiiiiii ssss\n\e[31m* * \e[34m* * \e[32m* * \e[39md d e e i s s\n \e[31m* * \e[34m***** \e[32m***** \e[39md d e i s\n\e[32m***** \e[31m* * \e[34m* \e[39md d e i s\n\e[32m* * \e[31m* * \e[34m* * \e[39md d eee i sss\n\e[32m***** \e[31m* * \e[34m***** \e[39md d e i s\n \e[34m* \e[32m***** \e[31m* * \e[39md d e i s\n \e[34m* * \e[32m* * \e[31m* * \e[39md d e e i s s\n\e[34m***** \e[32m***** \e[31m* * \e[39mddddd eeeeeee iiiiiii ssss\n\n\e[39mWelcome to Deis\t\t\tPowered by Core\e[38;5;45mO\e[38;5;206mS\e[39m\n" - - path: /etc/profile.d/nse-function.sh - permissions: '0755' - content: | - function nse() { - docker exec -it $1 bash - } - - path: /run/deis/bin/get_image - permissions: '0755' - content: | - #!/usr/bin/env bash - # usage: get_image - IMAGE=`etcdctl get $1/image 2>/dev/null` - - # if no image was set in etcd, we use the default plus the release string - if [ $? -ne 0 ]; then - RELEASE=`etcdctl get /deis/platform/version 2>/dev/null` - - # if no release was set in etcd, use the default provisioned with the server - if [ $? -ne 0 ]; then - source /etc/deis-release - RELEASE=$DEIS_RELEASE - fi - - IMAGE=$1:$RELEASE - fi - - # remove leading slash - echo ${IMAGE#/} - - path: /run/deis/bin/preseed - permissions: '0755' - content: | - #!/usr/bin/env bash - - COMPONENTS=(builder controller database logger logspout publisher registry router store-daemon store-gateway store-metadata store-monitor) - for c in "${COMPONENTS[@]}"; do - image=`/run/deis/bin/get_image /deis/$c` - docker history $image >/dev/null 2>&1 || docker pull $image - done - - path: /opt/bin/deis-debug-logs - permissions: '0755' - content: | - #!/usr/bin/env bash - - echo '--- VERSIONS ---' - source /etc/os-release - echo $PRETTY_NAME - source /etc/deis-release - echo "Deis $DEIS_RELEASE" - etcd2 -version | head -n1 - fleet -version - printf "\n" - - echo '--- SYSTEM STATUS ---' - journalctl -n 50 -u etcd --no-pager - journalctl -n 50 -u fleet --no-pager - printf "\n" - - echo '--- DEIS STATUS ---' - deisctl list - etcdctl ls --recursive /deis - printf "\n" - - path: /home/core/.toolboxrc - owner: core - content: | - TOOLBOX_DOCKER_IMAGE=alpine - TOOLBOX_DOCKER_TAG=3.1 - TOOLBOX_USER=root - - path: /etc/environment_proxy - owner: core - content: | - HTTP_PROXY= - HTTPS_PROXY= - ALL_PROXY= - NO_PROXY= - http_proxy= - https_proxy= - all_proxy= - no_proxy= - - path: /etc/systemd/coredump.conf - content: | - [Coredump] - Storage=none - - path: /opt/bin/graceful-shutdown.sh - permissions: '0755' - content: | - #!/usr/bin/bash - if [ "$1" != '--really' ]; then - echo "command must be run as: $0 --really" - exit 1 - fi - # procedure requires the store-admin - ADMIN_RUNNING=$(docker inspect --format="{{ .State.Running }}" deis-store-admin) - if [ $? -eq 1 ] || [ "$ADMIN_RUNNING" == "false" ]; then - echo "deis-store-admin container is required for graceful shutdown" - exit 2 - fi - set -e -x -o pipefail - # determine osd id - CURRENT_STATUS=$(docker exec deis-store-admin ceph health | awk '{print $1}') - OSD_HOSTS=($(etcdctl ls /deis/store/hosts/| awk -F'/' '{print $5}')) - for HOST in "${OSD_HOSTS[@]}" - do - PUBLIC_IP=$(fleetctl list-machines -fields="machine,ip" -full -no-legend| grep `cat /etc/machine-id` | awk '{print $2}') - if [ "$HOST" = "$PUBLIC_IP" ] ; then - OSD_ID=$(etcdctl get /deis/store/osds/$PUBLIC_IP) - break - fi - done - # if we own an osd and its healthy, try to gracefully remove it - if [ ! -z "$OSD_ID" ] && [[ "$CURRENT_STATUS" == *"HEALTH_OK"* ]] && [ ${#OSD_HOSTS[@]} -gt "3" ]; then - docker exec deis-store-admin ceph osd out $OSD_ID - sleep 30 - TIMEWAITED=0 - until [[ $(docker exec deis-store-admin ceph health) == *"HEALTH_OK"* ]] - do - if [ $TIMEWAITED -gt "1200" ] - then - echo "ceph graceful removal timeout exceeded" - break - fi - echo "waiting" && sleep 5 - TIMEWAITED=$((TIMEWAITED+5)) - done - docker stop deis-store-daemon - docker exec deis-store-admin ceph osd crush remove osd.$OSD_ID - docker exec deis-store-admin ceph auth del osd.$OSD_ID - docker exec deis-store-admin ceph osd rm $OSD_ID - etcdctl rm /deis/store/osds/$PUBLIC_IP - etcdctl rm /deis/store/hosts/$PUBLIC_IP && sleep 10 - # remove ceph mon - docker stop deis-store-monitor || true - docker exec deis-store-admin ceph mon remove `hostname -f` # fixme - docker stop deis-store-metadata || true - fi - - # removing the node from etcd - NODE=$(etcdctl member list | grep `cat /etc/machine-id` | cut -d ':' -f 1) - etcdctl member remove $NODE - - path: /opt/bin/wupiao - permissions: '0755' - content: | - #!/usr/bin/env bash - # [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen - [ -n "$1" ] && \ - until curl -o /dev/null -sIf http://${1}; do \ - sleep 1 && echo .; - done; - exit $? - - path: /opt/bin/download-k8s-binary - permissions: '0755' - content: | - #!/usr/bin/env bash - export K8S_VERSION="v1.0.1" - mkdir -p /opt/bin - FILE=$1 - if [ ! -f /opt/bin/$FILE ]; then - curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE - chmod +x /opt/bin/$FILE - else - # we check the version of the binary - INSTALLED_VERSION=$(/opt/bin/$FILE --version) - MATCH=$(echo "${INSTALLED_VERSION}" | grep -c "${K8S_VERSION}") - if [ $MATCH -eq 0 ]; then - # the version is different - curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE - chmod +x /opt/bin/$FILE - fi - fi - - path: /opt/bin/scheduler-policy.json - content: | - { - "kind": "Policy", - "apiVersion": "v1", - "predicates": [{"name": "PodFitsPorts"},{"name": "PodFitsResources"},{"name": "NoDiskConflict"},{"name": "MatchNodeSelector"},{"name": "HostName"}], - "priorities": [{"name": "LeastRequestedPriority","weight": 1},{"name": "BalancedResourceAllocation","weight": 1},{"name": "ServiceSpreadingPriority","weight": 2},{"name": "EqualPriority","weight": 1}] - } diff --git a/terraform/deis-coreos/keys/.gitignore b/terraform/deis-coreos/keys/.gitignore deleted file mode 100644 index d6b7ef3..0000000 --- a/terraform/deis-coreos/keys/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -* -!.gitignore diff --git a/terraform/deis-coreos/variables.tf b/terraform/deis-coreos/variables.tf deleted file mode 100644 index 5a56cb1..0000000 --- a/terraform/deis-coreos/variables.tf +++ /dev/null @@ -1,65 +0,0 @@ -variable "cluster_size" { - default = "3" -} - -variable "cluster_name" { - default = "example" -} - -variable "flavor" { - default = "m1.medium" -} - -variable "public_key_path" { - description = "The path of the ssh pub key" - default = "~/.ssh/id_rsa.pub" -} - -variable "image" { - description = "the image to use" - default = "coreos" -} - -variable "network_name" { - description = "name of the internal network to use" - default = "internal" -} - -variable "floatingip_pool" { - description = "name of the floating ip pool to use" - default = "external" -} - -variable "username" { - description = "Your openstack username" -} - -variable "password" { - description = "Your openstack password" -} - -variable "tenant" { - description = "Your openstack tenant/project" -} - -variable "auth_url" { - description = "Your openstack auth URL" -} - -variable "generate_discovery_url" { - default = 1 - description = "set to 0 if you do not want to autogenerate the discovery url" -} - -variable "deisctl_version" { - default = "1.12.2" -} - -variable "deis_domain" { - default = "" - description = "set if you have a custom domain" -} - -variable "deis_keyname" { - default = "deis" -} diff --git a/terraform/docker-registry/.gitignore b/terraform/docker-registry/.gitignore deleted file mode 100644 index 65215b4..0000000 --- a/terraform/docker-registry/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -*.tfstate -*.tfstate.backup -templates/discovery_url -*.override -files/ssl/client* -files/ssl/ca* -files/ssl*.pem -files/ssl/*.csr diff --git a/terraform/docker-registry/LICENSE b/terraform/docker-registry/LICENSE deleted file mode 100644 index 334c01d..0000000 --- a/terraform/docker-registry/LICENSE +++ /dev/null @@ -1,13 +0,0 @@ -Copyright 2016 Paul Czarkowski - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/terraform/docker-registry/README.md b/terraform/docker-registry/README.md deleted file mode 100644 index f671141..0000000 --- a/terraform/docker-registry/README.md +++ /dev/null @@ -1,177 +0,0 @@ -# Docker Registry on Openstack with Terraform - -Provision a Docker Registry with [Terraform](https://www.terraform.io) on Openstack. - -## Status - -This will install a Docker Registry on an Openstack Cloud. It is tested on a OpenStack Cloud provided by [BlueBox](https://www.blueboxcloud.com/) and should work on most modern installs of OpenStack. - -By default the instance(s) will be booted up with only ephemeral storage. You can enable the swift backend with the terraform variable `docker_registry_storage_backend`. You will also need to pass through swift credentials as described later. - -The Docker Registry will use self signed certificates found in `files/ssl` which are regenerated every build ( see docs below on how to disable regeneration). It will only allow connections from a client that uses this CA. See docs below ( or the terraform output ) on how to use the CA on your local docker. - -If you wish to use a different way to authenticate clients ( user, token,etc) modify the terraform variable `docker_registry_extra_args`. - -By default it will start just a single server. If you want more than one server running you will need to use the swift backend for the registry or do the following: - -* Set up some sort of data replication for the `/opt/docker-registry/files` directory otherwise each server will have different content/ -* set up load balancing, you could use round-robin-dns or a real load balancer. Make sure you update the `fqdn` variable so that the SSL cert is created against the hostname you use. - -## Requirements - -- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html) -- Upload a CoreOS image to glance and remember the image name [1]. - -[1] Any OS with docker installed should be able to be used here. Update the terraform var `ssh_user` to be the user your OS expects. If your image does not have docker installed you can update the terraform var `docker_install_command`. - -## Terraform - -Terraform will be used to provision all of the OpenStack resources required to run Docker Swarm. It is also used to deploy and provision the software requirements. - -### Prep - -#### Openstack Authentication - -Ensure your local ssh-agent is running and your ssh key has been added. This step is required by the terraform provisioner. - -``` -$ eval $(ssh-agent -s) -$ ssh-add ~/.ssh/id_rsa -``` - -Ensure that you have your Openstack credentials loaded into Terraform environment variables. Likely via a command similar to: - -``` -$ source ~/.stackrc -$ export TF_VAR_username=${OS_USERNAME} -$ export TF_VAR_password=${OS_PASSWORD} -$ export TF_VAR_tenant=${OS_TENANT_NAME} -$ export TF_VAR_auth_url=${OS_AUTH_URL} - -``` - -#### Enabling Swift - -You'll need to set the terraform variable `docker_registry_storage_backend` to `swift` and set the variables `swift_username`, `swift_password`, `swift_tenant`, `swift_auth_url`. - -#### General Openstack Settings - -By default security_groups will allow certain traffic from `0.0.0.0/0`. If you want to restrict it to a specific network you can set the terraform variable `whitelist_network`. I like to set it to only allow my current IP: - -``` -$ export TF_VAR_whitelist_network=$(curl -s icanhazip.com)/32 -``` - -You may want to specify the name of your CoreOS `glance` image as well as flavor,networks, and keys if they do not match the defaults found in `variables.tf`. Since these do not change often I like to add them to `terraform.tfvars`: - -``` -image = "coreos-alpha-884-0-0" -network_name = "internal" -floatingip_pool = "external" -flavor = "m1.medium" -public_key_path = "~/.ssh/id_rsa.pub" -``` - -_Remove the `*.tfvars` line from `.gitignore` if you wish to save this file into source control_ - -see `variables.tf` for the full list of variables you can set. - -## Provision the Docker Registry - -### Enable swift - -If you want to use the swift backend, run this first, or set the Terraform variables another way: - -_this re-uses your regular openstack credentials, you should actually use different credentials with less permissions._ -``` -$ export TF_VAR_docker_registry_storage_backend=swift -$ export TF_VAR_swift_username=${OS_USERNAME} -$ export TF_VAR_swift_password=${OS_PASSWORD} -$ export TF_VAR_swift_tenant=${OS_TENANT_NAME} -$ export TF_VAR_swift_auth_url=${OS_AUTH_URL} -``` - -### Verify the Terraform configs - -With all your TF vars set you should be able to run `terraform apply` but lets check with `terraform plan` that things look correct first: - - -``` -$ terraform plan -Refreshing Terraform state prior to plan... -... -... -+ template_file.discovery_url - rendered: "" => "" - template: "" => "templates/discovery_url" - -Plan: 14 to add, 0 to change, 0 to destroy. -``` - -### Apply the Terraform configs - -With no errors showing here we can go ahead and deploy. - -``` -$ terraform apply -... -... -Apply complete! Resources: 14 added, 0 changed, 0 destroyed. - -The state of your infrastructure has been saved to the path -below. This state is required to modify and destroy your -infrastructure, so keep it safe. To inspect the complete state -use the `terraform show` command. - -State path: terraform.tfstate - -Outputs: - - Do the following to use the registry = - -$ sudo mkdir -p /etc/docker/certs.d/X.X.X.X -$ sudo cp files/ssl/ca.pem /etc/docker/certs.d/X.X.X.X/ca.crt -``` - -## Next Steps - -### Check its up - -You can log into the host and access the registry directly: - -``` -$ ssh core@X.X.X.X -$ docker pull alpine -$ docker tag 127.0.0.1/alpine -$ docker push 127.0.0.1/alpine -74e49af2062e: Image already exists -latest: digest: sha256:a96155be113bb2b4b82ebbc11cf1b511726c5b41617a70e0772f8180afc72fa5 size: 1369 -``` - -You can configure your local docker to use the registration using the command provided in the terraform output ( you could also use the FQDN if you provided that in the terraform vars). - -``` -$ sudo cp files/ssl/ca.pem /etc/docker/certs.d/X.X.X.X/ca.crt -$ docker pull alpine -$ docker tag X.X.X.X/alpine -$ docker push X.X.X.X/alpine -74e49af2062e: Image already exists -latest: digest: sha256:a96155be113bb2b4b82ebbc11cf1b511726c5b41617a70e0772f8180afc72fa5 size: 1369 -``` - -## Cleanup - -Once you're done with it, don't forget to nuke the whole thing. - -``` -$ sudo rm -rf /etc/docker/certs.d/X.X.X.X -$ terraform destroy \ -Do you really want to destroy? - Terraform will delete all your managed infrastructure. - There is no undo. Only 'yes' will be accepted to confirm. - - Enter a value: yes -... -... -Apply complete! Resources: 0 added, 0 changed, 14 destroyed. -``` diff --git a/terraform/docker-registry/files/ssl/generate-ssl.sh b/terraform/docker-registry/files/ssl/generate-ssl.sh deleted file mode 100644 index 108b873..0000000 --- a/terraform/docker-registry/files/ssl/generate-ssl.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -openssl genrsa -out files/ssl/ca-key.pem 2048 -openssl req -x509 -new -nodes -key files/ssl/ca-key.pem -days 10000 -out files/ssl/ca.pem -subj '/CN=registry-ca' diff --git a/terraform/docker-registry/files/ssl/openssl.cnf b/terraform/docker-registry/files/ssl/openssl.cnf deleted file mode 100644 index 67b3864..0000000 --- a/terraform/docker-registry/files/ssl/openssl.cnf +++ /dev/null @@ -1,8 +0,0 @@ -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth diff --git a/terraform/docker-registry/registry.tf b/terraform/docker-registry/registry.tf deleted file mode 100644 index ab7e096..0000000 --- a/terraform/docker-registry/registry.tf +++ /dev/null @@ -1,134 +0,0 @@ -resource "null_resource" "generate_ssl" { - count = "${var.generate_ssl}" - provisioner "local-exec" { - command = "bash files/ssl/generate-ssl.sh" - } -} - -resource "template_file" "registry_vars" { - template = "templates/registry_vars.env" - vars { - extra_vars = "${var.docker_registry_extra_vars}" - secret = "${var.prefix}" - } -} - -resource "template_file" "local_vars" { - template = "templates/local_vars.env" -} - -resource "template_file" "swift_vars" { - template = "templates/swift_vars.env" - vars { - extra_vars = "${var.docker_registry_swift_extra_vars}" - username = "${var.swift_username}" - password = "${var.swift_password}" - auth_url = "${var.swift_auth_url}" - tenant = "${var.swift_tenant}" - container = "${var.swift_container}" - } -} - -resource "openstack_compute_secgroup_v2" "registry" { - name = "${var.prefix}_docker-registry" - description = "${var.prefix} Docker Registry" - rule { - ip_protocol = "tcp" - from_port = "443" - to_port = "443" - cidr = "${var.whitelist_network}" - } - rule { - ip_protocol = "tcp" - from_port = "22" - to_port = "22" - cidr = "${var.whitelist_network}" - } -} - -resource "openstack_networking_floatingip_v2" "registry" { - count = "${var.instance_count}" - pool = "${var.floatingip_pool}" -} - -resource "openstack_compute_keypair_v2" "registry" { - name = "${var.prefix}_docker-registry" - public_key = "${file(var.public_key_path)}" -} - -resource "openstack_compute_instance_v2" "registry" { - name = "${var.prefix}_docker-registry-${count.index}" - count = "${var.instance_count}" - image_name = "${var.image}" - flavor_name = "${var.flavor}" - floating_ip = "${element(openstack_networking_floatingip_v2.registry.*.address, count.index)}" - key_pair = "${openstack_compute_keypair_v2.registry.name}" - network { - name = "${var.network_name}" - } - security_groups = [ - "${openstack_compute_secgroup_v2.registry.name}", - ] - provisioner "file" { - source = "files" - destination = "/tmp/files" - connection { - user = "${var.ssh_user}" - } - } - provisioner "remote-exec" { - inline = [ - # Check that Docker is installed. If not try to install it. - "if ! which docker; then ", - " ${var.docker_install_command}", - "fi", - "sudo mkdir -p /opt/docker-registry/{files,ssl,config}", - # Create TLS certs - "echo 'subjectAltName = @alt_names' >> /tmp/files/ssl/openssl.cnf", - "echo '[alt_names]' >> /tmp/files/ssl/openssl.cnf", - "echo 'IP.1 = 127.0.0.1' >> /tmp/files/ssl/openssl.cnf", - "echo 'IP.2 = ${self.network.0.fixed_ip_v4}' >> /tmp/files/ssl/openssl.cnf", - "echo 'IP.3 = ${element(openstack_networking_floatingip_v2.registry.*.address, count.index)}' >> /tmp/files/ssl/openssl.cnf", - "echo 'DNS.1 = localhost' >> /tmp/files/ssl/openssl.cnf", - "echo 'DNS.2 = ${var.fqdn}' >> /tmp/files/ssl/openssl.cnf", - "echo 'DNS.3 = ${element(openstack_networking_floatingip_v2.registry.*.address, count.index)}.xip.io' >> /tmp/files/ssl/openssl.cnf", - "openssl genrsa -out /tmp/files/ssl/key.pem 2048", - "openssl req -new -key /tmp/files/ssl/key.pem -out /tmp/files/ssl/cert.csr -subj '/CN=docker-client' -config /tmp/files/ssl/openssl.cnf", - "openssl x509 -req -in /tmp/files/ssl/cert.csr -CA /tmp/files/ssl/ca.pem -CAkey /tmp/files/ssl/ca-key.pem \\", - "-CAcreateserial -out /tmp/files/ssl/cert.pem -days 365 -extensions v3_req -extfile /tmp/files/ssl/openssl.cnf", - "sudo mkdir -p /etc/docker/ssl", - "sudo cp /tmp/files/ssl/ca.pem /opt/docker-registry/ssl/", - "sudo cp /tmp/files/ssl/cert.pem /opt/docker-registry/ssl/", - "sudo cp /tmp/files/ssl/key.pem /opt/docker-registry/ssl/", - # Create registry env file - "sudo su -c \"cat <<'EOF' > /opt/docker-registry/config/registry.env\n${template_file.registry_vars.rendered}\nEOF\"", - "echo XXXXXXXXXXXXXXXX ${var.docker_registry_storage_backend} XXXXXXXXXXXXXXXXXXX", - "if [ \"${var.docker_registry_storage_backend}\" == \"swift\" ]; then", - "sudo su -c \"cat <<'EOF' >> /opt/docker-registry/config/registry.env\n${template_file.swift_vars.rendered}\nEOF\"", - "else", - "sudo su -c \"cat <<'EOF' >> /opt/docker-registry/config/registry.env\n${template_file.local_vars.rendered}\nEOF\"", - "fi", - "docker pull registry:${var.docker_registry_version}", - "docker run -d --name docker-registry \\", - " -v /opt/docker-registry:/opt/docker-registry \\", - " -p 443:5000 --restart always \\", - " --env-file /opt/docker-registry/config/registry.env \\", - " registry:${var.docker_registry_version}", - ] - connection { - user = "${var.ssh_user}" - } - } - depends_on = [ - "template_file.registry_vars", - "template_file.swift_vars", - ] -} - -output "docker registry host" { - value = "${openstack_networking_floatingip_v2.registry.0.address}" -} - -output "Do the following to use the registry" { - value = "\n\n$ sudo mkdir -p /etc/docker/certs.d/${openstack_networking_floatingip_v2.registry.0.address}\n$ sudo cp files/ssl/ca.pem /etc/docker/certs.d/${openstack_networking_floatingip_v2.registry.0.address}/ca.crt\n" -} diff --git a/terraform/docker-registry/templates/local_vars.env b/terraform/docker-registry/templates/local_vars.env deleted file mode 100644 index 616ea9f..0000000 --- a/terraform/docker-registry/templates/local_vars.env +++ /dev/null @@ -1 +0,0 @@ -REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/opt/docker-registry/files diff --git a/terraform/docker-registry/templates/registry_vars.env b/terraform/docker-registry/templates/registry_vars.env deleted file mode 100644 index bdba238..0000000 --- a/terraform/docker-registry/templates/registry_vars.env +++ /dev/null @@ -1,4 +0,0 @@ -REGISTRY_HTTP_TLS_KEY=/opt/docker-registry/ssl/key.pem -REGISTRY_HTTP_TLS_CERTIFICATE=/opt/docker-registry/ssl/cert.pem -REGISTRY_HTTP_SECRET=${secret} -${extra_vars} diff --git a/terraform/docker-registry/templates/swift_vars.env b/terraform/docker-registry/templates/swift_vars.env deleted file mode 100644 index 765995d..0000000 --- a/terraform/docker-registry/templates/swift_vars.env +++ /dev/null @@ -1,7 +0,0 @@ -REGISTRY_STORAGE=swift -REGISTRY_STORAGE_SWIFT_USERNAME=${username} -REGISTRY_STORAGE_SWIFT_TENANT=${tenant} -REGISTRY_STORAGE_SWIFT_PASSWORD=${password} -REGISTRY_STORAGE_SWIFT_AUTHURL=${auth_url} -REGISTRY_STORAGE_SWIFT_CONTAINER=${container} -${extra_vars} diff --git a/terraform/docker-registry/variables.tf b/terraform/docker-registry/variables.tf deleted file mode 100644 index 2d3da36..0000000 --- a/terraform/docker-registry/variables.tf +++ /dev/null @@ -1,116 +0,0 @@ -variable "image" { - description = "Name of glance image to use" - default = "coreos" -} - -variable "prefix" { - description = "prefix of openstack resources" - default = "example" -} - -variable "instance_count" { - description = "Number of servers to run. If you change this you will need to set up some sort of data replication for the registry files." - default = 1 -} - -variable "network_name" { - default = "internal" -} - -variable "floatingip_pool" { - default = "external" -} - -variable "flavor" { - default = "m1.small" -} - -variable "ssh_user" { - default = "core" -} - -variable "docker_registry_version" { - description = "version of docker registry to use. Should be 2 or higher." - default = "2" -} - -variable "docker_registry_extra_vars" { - description = "extra ENV vars to use when starting registry" - default = "REGISTRY_HTTP_TLS_CLIENTCAS_0=/opt/docker-registry/ssl/ca.pem" -} - -variable "docker_registry_swift_extra_vars" { - description = "extra ENV vars for swift to use when starting registry" - default = "" -} - -variable "docker_registry_storage_backend" { - description = "storage backend to use for docker registry [local|swift]" - default = "local" -} - -variable "docker_install_command" { - description = "If docker is not found, this command will be run" - default = "sudo apt-get update && sudo apt-get -y install curl && curl -sSL get.docker.com | sudo bash" -} - -variable "username" { - description = "Your openstack username" -} - -variable "password" { - description = "Your openstack password" -} - -variable "tenant" { - description = "Your openstack tenant/project" -} - -variable "auth_url" { - description = "Your openstack auth URL" -} - -variable "public_key_path" { - description = "The path of the ssh pub key" - default = "~/.ssh/id_rsa.pub" -} - -variable "whitelist_network" { - description = "network to allow connectivity from" - default = "0.0.0.0/0" -} - -variable "generate_ssl" { - descripion = "set to 1 to regenerate SSL certificates/keys" - default = 1 -} - -variable "fqdn" { - description = "FQDN for certificate" - default = "registry.local" -} - -variable "swift_username" { - description = "Your openstack username" - default = "" -} - -variable "swift_password" { - description = "Your openstack password" - default = "" -} - -variable "swift_tenant" { - description = "Your openstack tenant/project" - default = "" -} - -variable "swift_auth_url" { - description = "Your openstack auth URL" - default = "" -} - -variable "swift_container" { - description = "swift container for docker registry" - default = "docker_registry" -} diff --git a/terraform/dockerswarm-coreos/.gitignore b/terraform/dockerswarm-coreos/.gitignore deleted file mode 100644 index 045a5a1..0000000 --- a/terraform/dockerswarm-coreos/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -*.tfvars -*.tfstate -*.backup - -files/ssl/*.pem -files/ssl/*.csr -files/ssl/*.srl - -templates/discovery_url diff --git a/terraform/dockerswarm-coreos/LICENSE.md b/terraform/dockerswarm-coreos/LICENSE.md deleted file mode 100644 index 334c01d..0000000 --- a/terraform/dockerswarm-coreos/LICENSE.md +++ /dev/null @@ -1,13 +0,0 @@ -Copyright 2016 Paul Czarkowski - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/terraform/dockerswarm-coreos/README.md b/terraform/dockerswarm-coreos/README.md deleted file mode 100644 index aba3e2a..0000000 --- a/terraform/dockerswarm-coreos/README.md +++ /dev/null @@ -1,217 +0,0 @@ -# Docker Swarm on Openstack with Terraform - -Provision a Docker Swarm cluster with [Terraform](https://www.terraform.io) on Openstack. - -## Status - -This will install a fully HA docker swarm cluster on an Openstack Cloud. It is tested on a OpenStack Cloud provided by [BlueBox](https://www.blueboxcloud.com/) and should work on most modern installs of OpenStack that support the basic services. - -It also supports overlay networks using the `docker network` command, see documentation below. - - -## Requirements - -- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html) -- Upload a CoreOS image to glance and remember the image name. - -## Terraform - -Terraform will be used to provision all of the OpenStack resources required to run Docker Swarm. It is also used to deploy and provision the software requirements. - -### Prep - -#### Openstack Authentication - -Ensure your local ssh-agent is running and your ssh key has been added. This step is required by the terraform provisioner. - -``` -$ eval $(ssh-agent -s) -$ ssh-add ~/.ssh/id_rsa -``` - -Ensure that you have your Openstack credentials loaded into Terraform environment variables. Likely via a command similar to: - -``` -$ source ~/.stackrc -$ export TF_VAR_username=${OS_USERNAME} -$ export TF_VAR_password=${OS_PASSWORD} -$ export TF_VAR_tenant=${OS_TENANT_NAME} -$ export TF_VAR_auth_url=${OS_AUTH_URL} - -``` - -#### General Openstack Settings - -By default security_groups will allow certain traffic from `0.0.0.0/0`. If you want to restrict it to a specific network you can set the terraform variable `whitelist_network`. I like to set it to only allow my current IP: - -``` -$ export TF_VAR_whitelist_network=$(curl -s icanhazip.com)/32 -``` - -You also want to specify the name of your CoreOS `glance` image as well as flavor,networks, and keys. Since these do not change often I like to add them to `terraform.tfvars`: - -``` -image_name = "coreos-alpha-884-0-0" -network_name = "internal" -net_device = "eth0" -floatingip_pool = "external" -flavor = "m1.medium" -public_key_path = "~/.ssh/id_rsa.pub" -``` - -_Remove the `*.tfvars` line from `.gitignore` if you wish to save this file into source control_ - -see `vars-openstack.tf` for the full list of variables you can set. - -#### Docker Swarm Settings - -You can alter the number of instances to be built and added to the cluster by modifying the `cluster_size` variable (default is 3). - -If you have a FQDN you plan at pointing at one of more of the swarm-manager hosts you can set it via the `fqdn` variable. - -Terraform will attempt to run `openssl` commands to create a CA and server/client certificates used to secure the docker/swarm endpoints. If you do not have `openssl` on your local machine or want to re-use existing CA / Client certificates you can set the TF variable `generate_ssl` to `0`. The certificates are created in `files/ssl`. - -see `vars-swarm.tf` for the full list of variables you can set. - -#### CoreOS Settings - -Terraform will attempt to generate an etcd discovery token by running `curl` against the etcd discovery service. If do not have `curl` or do not wish to generate a new discovery url you can set `generate_discovery_url` to `0` and create a file `templates/discovery_url` which contains the discovery url you wish to use. - -## Provision the Docker Swarm - -With all your TF vars set you should be able to run `terraform apply` but lets check with `terraform plan` that things look correct first: - - -``` -$ terraform plan -Refreshing Terraform state prior to plan... -... -... -+ template_file.discovery_url - rendered: "" => "" - template: "" => "templates/discovery_url" - -Plan: 14 to add, 0 to change, 0 to destroy. -``` - -With no errors showing here we can go ahead and run - -``` -$ terraform apply -... -... -Apply complete! Resources: 14 added, 0 changed, 0 destroyed. - -The state of your infrastructure has been saved to the path -below. This state is required to modify and destroy your -infrastructure, so keep it safe. To inspect the complete state -use the `terraform show` command. - -State path: terraform.tfstate - -Outputs: - - swarm_cluster = -Environment Variables for accessing Docker Swarm via floating IP of first host: -export DOCKER_HOST=tcp://x.x.x.x:2375 -export DOCKER_TLS_VERIFY=1 -export DOCKER_CERT_PATH=/home/bacon/development/personal/terraform-dockerswarm-coreos/files/ssl -``` - -_the final output uses the floating IP of the first Host. You could point at any of the hosts, or use a FQDN with round robin DNS pointing at all the hosts. I avoided using neutron's load balancing service as it is not yet standard on OpenStack installs._ - -## Next Steps - -### Check its up - -copy and paste the above output into your shell and attempt to run `docker info`: - -``` -$ export DOCKER_HOST=tcp://x.x.x.x:2375 -$ export DOCKER_TLS_VERIFY=1 -$ export DOCKER_CERT_PATH=/home/bacon/development/personal/terraform-dockerswarm-coreos/files/ssl - -$ docker info -Containers: 6 -Images: 6 -Engine Version: -Role: primary -Strategy: spread -Filters: health, port, dependency, affinity, constraint -Nodes: 3 - swarm-testing-0.novalocal: 10.230.7.171:2376 - └ Status: Healthy - └ Containers: 2 - └ Reserved CPUs: 0 / 2 - └ Reserved Memory: 0 B / 4.057 GiB - └ Labels: executiondriver=native-0.2, kernelversion=4.3.0-coreos, operatingsystem=CoreOS 884.0.0, storagedriver=overlay - swarm-testing-1.novalocal: 10.230.7.172:2376 - └ Status: Healthy - └ Containers: 2 - └ Reserved CPUs: 0 / 2 - └ Reserved Memory: 0 B / 4.057 GiB - └ Labels: executiondriver=native-0.2, kernelversion=4.3.0-coreos, operatingsystem=CoreOS 884.0.0, storagedriver=overlay - swarm-testing-2.novalocal: 10.230.7.173:2376 - └ Status: Healthy - └ Containers: 2 - └ Reserved CPUs: 0 / 2 - └ Reserved Memory: 0 B / 4.057 GiB - └ Labels: executiondriver=native-0.2, kernelversion=4.3.0-coreos, operatingsystem=CoreOS 884.0.0, storagedriver=overlay -CPUs: 6 -Total Memory: 12.17 GiB -Name: swarm-testing-0.novalocal -``` - -### Create an overlay network and run a container - -Create a network overlay called `my-net` - -``` -$ docker network create --driver overlay my-net -ecfefdff938f506b09c5ea5b505ee8ace0ee7297d9d617d06b9bbaac5bf10fea -$ docker network ls -NETWORK ID NAME DRIVER -38338f0ec63a swarm-testing-1.novalocal/host host -c41436d91f29 swarm-testing-0.novalocal/none null -e29c4451483f swarm-testing-0.novalocal/bridge bridge -400130ea105b swarm-testing-2.novalocal/none null -c8f15676b2a5 swarm-testing-2.novalocal/host host -493127ad6577 swarm-testing-2.novalocal/bridge bridge -74f862f34921 swarm-testing-1.novalocal/none null -ecfefdff938f my-net overlay -b09a38662087 swarm-testing-0.novalocal/host host -cfbcfbd7de02 swarm-testing-1.novalocal/bridge bridge -``` - -Run a container on the network on a specific host, then try to access it from another: - -``` -$ docker run -itd --name=web --net=my-net --env="constraint:node==swarm-testing-1.novalocal" nginx -53166b97adf2397403f00a2ffcdba635a7f08852c5fe4f452d6ca8c6f40bb80c -$ docker run -it --rm --net=my-net --env="constraint:node==swarm-testing-2.novalocal" busybox wget -O- http://web -Connecting to web (10.0.0.2:80) - - -... -... -

Thank you for using nginx.

- - - -``` - -## Cleanup - -Once you're done with it, don't forget to nuke the whole thing. - -``` -$ terraform destroy \ -Do you really want to destroy? - Terraform will delete all your managed infrastructure. - There is no undo. Only 'yes' will be accepted to confirm. - - Enter a value: yes -... -... -Apply complete! Resources: 0 added, 0 changed, 14 destroyed. -``` diff --git a/terraform/dockerswarm-coreos/_securitygroups.tf b/terraform/dockerswarm-coreos/_securitygroups.tf deleted file mode 100644 index b86e179..0000000 --- a/terraform/dockerswarm-coreos/_securitygroups.tf +++ /dev/null @@ -1,60 +0,0 @@ -resource "openstack_compute_secgroup_v2" "swarm_base" { - name = "${var.cluster_name}_swarm_base" - description = "${var.cluster_name} - Docker Swarm Security Group" - # SSH - rule { - ip_protocol = "tcp" - from_port = "22" - to_port = "22" - cidr = "${var.whitelist_network}" - } - # DOCKER SWARM - rule { - ip_protocol = "tcp" - from_port = "2375" - to_port = "2375" - cidr = "${var.whitelist_network}" - } - # DOCKER - rule { - ip_protocol = "tcp" - from_port = "2376" - to_port = "2376" - cidr = "${var.whitelist_network}" - } - # INTERNAL Communication only - rule { - ip_protocol = "icmp" - from_port = "-1" - to_port = "-1" - self = true - } - rule { - ip_protocol = "tcp" - from_port = "1" - to_port = "65535" - self = true - } - rule { - ip_protocol = "udp" - from_port = "1" - to_port = "65535" - self = true - } - - # DANGER DANGER DANGER - # Uncomment these if you want to allow - # unrestricted inbound access - #rule { - # ip_protocol = "tcp" - # from_port = "1" - # to_port = "65535" - # cidr = "${var.whitelist_network}" - #} - #rule { - # ip_protocol = "udp" - # from_port = "1" - # to_port = "65535" - # cidr = "${var.whitelist_network}" - #} -} diff --git a/terraform/dockerswarm-coreos/files/ssl/generate-ssl.sh b/terraform/dockerswarm-coreos/files/ssl/generate-ssl.sh deleted file mode 100644 index 3674ea8..0000000 --- a/terraform/dockerswarm-coreos/files/ssl/generate-ssl.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -openssl genrsa -out files/ssl/ca-key.pem 2048 - -openssl req -x509 -new -nodes -key files/ssl/ca-key.pem -days 10000 -out files/ssl/ca.pem -subj '/CN=docker-CA' - -openssl genrsa -out files/ssl/key.pem 2048 - -openssl req -new -key files/ssl/key.pem -out files/ssl/cert.csr -subj '/CN=docker-client' -config files/ssl/openssl.cnf - -openssl x509 -req -in files/ssl/cert.csr -CA files/ssl/ca.pem -CAkey files/ssl/ca-key.pem \ - -CAcreateserial -out files/ssl/cert.pem -days 365 -extensions v3_req -extfile files/ssl/openssl.cnf diff --git a/terraform/dockerswarm-coreos/files/ssl/openssl.cnf b/terraform/dockerswarm-coreos/files/ssl/openssl.cnf deleted file mode 100644 index 67b3864..0000000 --- a/terraform/dockerswarm-coreos/files/ssl/openssl.cnf +++ /dev/null @@ -1,8 +0,0 @@ -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth diff --git a/terraform/dockerswarm-coreos/swarm.tf b/terraform/dockerswarm-coreos/swarm.tf deleted file mode 100755 index a331ef3..0000000 --- a/terraform/dockerswarm-coreos/swarm.tf +++ /dev/null @@ -1,109 +0,0 @@ -resource "null_resource" "discovery_url_template" { - count = "${var.generate_discovery_url}" - provisioner "local-exec" { - command = "curl -s 'https://discovery.etcd.io/new?size=${var.cluster_size}' > templates/discovery_url" - } -} - -resource "null_resource" "generate_ssl" { - count = "${var.generate_ssl}" - provisioner "local-exec" { - command = "bash files/ssl/generate-ssl.sh" - } -} - -resource "template_file" "discovery_url" { - template = "templates/discovery_url" - depends_on = [ - "null_resource.discovery_url_template" - ] -} - -resource "template_file" "cloud_init" { - template = "templates/cloud-init" - vars { - cluster_token = "${var.cluster_name}" - discovery_url = "${template_file.discovery_url.rendered}" - swarm_version = "${var.swarm_version}" - } -} - -resource "template_file" "10_docker_service" { - template = "templates/10-docker-service.conf" - vars { - net_device = "${ var.net_device }" - } -} - -resource "openstack_networking_floatingip_v2" "coreos" { - count = "${var.cluster_size}" - pool = "${var.floatingip_pool}" -} - -resource "openstack_compute_keypair_v2" "coreos" { - name = "swarm-${var.cluster_name}" - public_key = "${file(var.public_key_path)}" -} - -resource "openstack_compute_instance_v2" "coreos" { - name = "swarm-${var.cluster_name}-${count.index}" - count = "${var.cluster_size}" - image_name = "${var.image_name}" - flavor_name = "${var.flavor}" - key_pair = "${openstack_compute_keypair_v2.coreos.name}" - network { - name = "${var.network_name}" - } - security_groups = [ - "${openstack_compute_secgroup_v2.swarm_base.name}" - ] - floating_ip = "${element(openstack_networking_floatingip_v2.coreos.*.address, count.index)}" - user_data = "${template_file.cloud_init.rendered}" - provisioner "file" { - source = "files" - destination = "/tmp/files" - connection { - user = "core" - } - } - provisioner "remote-exec" { - inline = [ - # Create TLS certs - "mkdir -p /home/core/.docker", - "cp /tmp/files/ssl/ca.pem /home/core/.docker/", - "cp /tmp/files/ssl/cert.pem /home/core/.docker/", - "cp /tmp/files/ssl/key.pem /home/core/.docker/", - "echo 'subjectAltName = @alt_names' >> /tmp/files/ssl/openssl.cnf", - "echo '[alt_names]' >> /tmp/files/ssl/openssl.cnf", - "echo 'IP.1 = ${self.network.0.fixed_ip_v4}' >> /tmp/files/ssl/openssl.cnf", - "echo 'IP.2 = ${element(openstack_networking_floatingip_v2.coreos.*.address, count.index)}' >> /tmp/files/ssl/openssl.cnf", - "echo 'DNS.1 = ${var.fqdn}' >> /tmp/files/ssl/openssl.cnf", - "echo 'DNS.2 = ${element(openstack_networking_floatingip_v2.coreos.*.address, count.index)}.xip.io' >> /tmp/files/ssl/openssl.cnf", - "openssl req -new -key /tmp/files/ssl/key.pem -out /tmp/files/ssl/cert.csr -subj '/CN=docker-client' -config /tmp/files/ssl/openssl.cnf", - "openssl x509 -req -in /tmp/files/ssl/cert.csr -CA /tmp/files/ssl/ca.pem -CAkey /tmp/files/ssl/ca-key.pem \\", - "-CAcreateserial -out /tmp/files/ssl/cert.pem -days 365 -extensions v3_req -extfile /tmp/files/ssl/openssl.cnf", - "sudo mkdir -p /etc/docker/ssl", - "sudo cp /tmp/files/ssl/ca.pem /etc/docker/ssl/", - "sudo cp /tmp/files/ssl/cert.pem /etc/docker/ssl/", - "sudo cp /tmp/files/ssl/key.pem /etc/docker/ssl/", - # Apply localized settings to services - "sudo mkdir -p /etc/systemd/system/{docker,swarm-agent,swarm-manager}.service.d", - "cat <<'EOF' > /tmp/10-docker-service.conf\n${template_file.10_docker_service.rendered}\nEOF", - "sudo mv /tmp/10-docker-service.conf /etc/systemd/system/docker.service.d/", - "sudo systemctl daemon-reload", - "sudo systemctl restart docker.service", - "sudo systemctl start swarm-agent.service", - "sudo systemctl start swarm-manager.service", - ] - connection { - user = "core" - } - } - depends_on = [ - "template_file.cloud_init" - ] -} - -output "swarm_cluster" { - value = "\nEnvironment Variables for accessing Docker Swarm via floating IP of first host:\nexport DOCKER_HOST=tcp://${openstack_networking_floatingip_v2.coreos.0.address}:2375\nexport DOCKER_TLS_VERIFY=1\nexport DOCKER_CERT_PATH=${path.module}/files/ssl" -} diff --git a/terraform/dockerswarm-coreos/templates/10-docker-service.conf b/terraform/dockerswarm-coreos/templates/10-docker-service.conf deleted file mode 100755 index 21fd9c8..0000000 --- a/terraform/dockerswarm-coreos/templates/10-docker-service.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -Environment="DOCKER_OPTS=-H=0.0.0.0:2376 -H unix:///var/run/docker.sock --tlsverify --tlscacert=/etc/docker/ssl/ca.pem --tlscert=/etc/docker/ssl/cert.pem --tlskey=/etc/docker/ssl/key.pem --cluster-advertise ${net_device}:2376 --cluster-store etcd://127.0.0.1:2379/docker" diff --git a/terraform/dockerswarm-coreos/templates/cloud-init b/terraform/dockerswarm-coreos/templates/cloud-init deleted file mode 100755 index 4a772a0..0000000 --- a/terraform/dockerswarm-coreos/templates/cloud-init +++ /dev/null @@ -1,48 +0,0 @@ -#cloud-config - -coreos: - units: - - name: etcd.service - mask: true - - name: etcd2.service - command: start - - name: docker.service - command: start - - name: swarm-agent.service - content: | - [Unit] - Description=swarm agent - Requires=docker.service - After=docker.service - - [Service] - EnvironmentFile=/etc/environment - TimeoutStartSec=20m - ExecStartPre=/usr/bin/docker pull swarm:${swarm_version} - ExecStartPre=-/usr/bin/docker rm -f swarm-agent - ExecStart=/bin/sh -c "/usr/bin/docker run --rm --name swarm-agent swarm:${swarm_version} join --addr=$COREOS_PRIVATE_IPV4:2376 etcd://$COREOS_PRIVATE_IPV4:2379/docker" - ExecStop=/usr/bin/docker stop swarm-agent - - name: swarm-manager.service - content: | - [Unit] - Description=swarm manager - Requires=docker.service - After=docker.service - - [Service] - EnvironmentFile=/etc/environment - TimeoutStartSec=20m - ExecStartPre=/usr/bin/docker pull swarm:${swarm_version} - ExecStartPre=-/usr/bin/docker rm -f swarm-manager - ExecStart=/bin/sh -c "/usr/bin/docker run --rm --name swarm-manager -v /etc/docker/ssl:/etc/docker/ssl --net=host swarm:${swarm_version} manage --tlsverify --tlscacert=/etc/docker/ssl/ca.pem --tlscert=/etc/docker/ssl/cert.pem --tlskey=/etc/docker/ssl/key.pem etcd://$COREOS_PRIVATE_IPV4:2379/docker" - ExecStop=/usr/bin/docker stop swarm-manager - etcd2: - discovery: ${discovery_url} - advertise-client-urls: http://$private_ipv4:2379 - initial-advertise-peer-urls: http://$private_ipv4:2380 - listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001 - listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001 - data-dir: /var/lib/etcd2 - initial-cluster-token: ${cluster_token} - update: - reboot-strategy: "off" diff --git a/terraform/dockerswarm-coreos/vars-coreos.tf b/terraform/dockerswarm-coreos/vars-coreos.tf deleted file mode 100644 index 7795efa..0000000 --- a/terraform/dockerswarm-coreos/vars-coreos.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "generate_discovery_url" { - default = 1 - description = "set to 0 if you do not want to autogenerate the discovery url" -} diff --git a/terraform/dockerswarm-coreos/vars-openstack.tf b/terraform/dockerswarm-coreos/vars-openstack.tf deleted file mode 100644 index 1e2addd..0000000 --- a/terraform/dockerswarm-coreos/vars-openstack.tf +++ /dev/null @@ -1,46 +0,0 @@ -variable "image_name" { - default = "coreos" -} - -variable "network_name" { - default = "internal" -} - -variable "floatingip_pool" { - default = "external" -} - -variable "net_device" { - description = "Network interface device in the system" - default = "eth0" -} - -variable "flavor" { - default = "m1.medium" -} - -variable "username" { - description = "Your openstack username" -} - -variable "password" { - description = "Your openstack password" -} - -variable "tenant" { - description = "Your openstack tenant/project" -} - -variable "auth_url" { - description = "Your openstack auth URL" -} - -variable "public_key_path" { - description = "The path of the ssh pub key" - default = "~/.ssh/id_rsa.pub" -} - -variable "whitelist_network" { - description = "network to allow connectivity from" - default = "0.0.0.0/0" -} diff --git a/terraform/dockerswarm-coreos/vars-swarm.tf b/terraform/dockerswarm-coreos/vars-swarm.tf deleted file mode 100644 index f94d3ff..0000000 --- a/terraform/dockerswarm-coreos/vars-swarm.tf +++ /dev/null @@ -1,21 +0,0 @@ -variable "cluster_size" { - default = 3 -} - -variable "cluster_name" { - default = "testing" -} - -variable "swarm_version" { - default = "latest" -} - -variable "generate_ssl" { - description = "set to 0 if you want to reuse ssl certs" - default = 1 -} - -variable "fqdn" { - description = "Fully Qualified DNS to add to TLS certs" - default = "swarm.example.com" -} diff --git a/terraform/kubernetes-coreos/.gitignore b/terraform/kubernetes-coreos/.gitignore deleted file mode 100644 index ab6bd58..0000000 --- a/terraform/kubernetes-coreos/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -*.tfstate -*.tfstate.backup -templates/discovery_url -*.override -ssl/admin* -ssl/ca* diff --git a/terraform/kubernetes-coreos/LICENSE b/terraform/kubernetes-coreos/LICENSE deleted file mode 100644 index 7f59651..0000000 --- a/terraform/kubernetes-coreos/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -Copyright (c) 2015 Kelsey Hightower -Copyright (c) 2015 Paul Czarkowski -Copyright (c) 2016 Paul Czarkowski - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is furnished to do -so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/terraform/kubernetes-coreos/README.md b/terraform/kubernetes-coreos/README.md deleted file mode 100644 index 5b418b0..0000000 --- a/terraform/kubernetes-coreos/README.md +++ /dev/null @@ -1,185 +0,0 @@ -# Kubernetes on Openstack with Terraform - -forked from [kelseyhightower/kubestack](https://github.com/kelseyhightower/kubestack) - -Provision a Kubernetes cluster with [Terraform](https://www.terraform.io) on Openstack - -## Status - -Ready for testing. Over the next couple of weeks the repo should be generic enough for reuse with complete documentation. - -Will install a single controller node and two compute nodes by default, can increase or decrease compute nodes using the Terraform variable `compute_count`. - -## Prep - -- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html) -- Upload a Ubuntu Xenial or CentOS 7 image to glance. - -## Terraform - -Terraform will be used to declare and provision a Kubernetes cluster. By default it will be a single controller with a single compute node. You can add more nodes by adjusting the `compute_workers` variable. - -The compute workers do not have a floating ip by default, this means to `ssh` to them you must use the controller node as a bastion and forward your SSH agent through. - -### Prep - -Ensure your local ssh-agent is running and your ssh key has been added. This step is required by the terraform provisioner. - -``` -$ eval $(ssh-agent -s); ssh-add ~/.ssh/id_rsa -``` - -Ensure that you have your Openstack credentials loaded into environment variables. Likely via a command similar to: - -``` -$ source ~/.stackrc -``` - -Edit the terraform.tfvars file to put the name of your ubuntu/centos image, OpenStack network names, etc. If you use centos you will also have to change `ssh_user` to `centos`. - - -### Provision the Kubernetes Cluster - -``` -$ cd terraform -$ export MY_IP=$(curl -s icanhazip.com) -$ terraform plan \ - -var "username=$OS_USERNAME" \ - -var "password=$OS_PASSWORD" \ - -var "tenant=$OS_TENANT_NAME" \ - -var "auth_url=$OS_AUTH_URL" \ - -var "whitelist_network=${MY_IP}/32" -Refreshing Terraform state prior to plan... -... -... -+ template_file.discovery_url - rendered: "" => "" - template: "" => "templates/discovery_url" - -Plan: 12 to add, 0 to change, 0 to destroy. - -$ terraform apply \ - -var "username=$OS_USERNAME" \ - -var "password=$OS_PASSWORD" \ - -var "tenant=$OS_TENANT_NAME" \ - -var "auth_url=$OS_AUTH_URL" \ - -var "whitelist_network=${MY_IP}/32" -... -... -Apply complete! Resources: 16 added, 0 changed, 0 destroyed. - -The state of your infrastructure has been saved to the path -below. This state is required to modify and destroy your -infrastructure, so keep it safe. To inspect the complete state -use the `terraform show` command. - -State path: terraform.tfstate - -Outputs: - - kubernetes-controller = $ ssh -A ubuntu@xx.xx.xx.xx -``` - -## Next Steps - -### Check its up - -``` -$ ssh -A ubuntu@xx.xx.xx.xx - -$ kubectl get nodes -NAME STATUS AGE -kubestack-testing-compute0 Ready 8s -kubestack-testing-compute1 Ready 6s -kubestack-testing-controller0 Ready 2m - -$ kubectl get pods --all-namespaces - -``` - - -### Run a demo application - -``` -$ git clone https://github.com/microservices-demo/microservices-demo -$ kubectl apply \ - -f microservices-demo/deploy/kubernetes/manifests/sock-shop-ns.yml \ - -f microservices-demo/deploy/kubernetes/manifests - -$ kubectl describe svc front-end -n sock-shop -Name: front-end -Namespace: sock-shop -Labels: name=front-end -Selector: name=front-end -Type: NodePort -IP: 100.79.5.35 -Port: 80/TCP -NodePort: 30768/TCP -Endpoints: 10.36.0.3:8079 -Session Affinity: None -``` - -once its online you can browse to it via the IP of the controller node, or via the endpoint if you're on the k8s controller. - -``` -$ curl -s 10.36.0.3:8079 | head - - - - - - - - - - -(23) Failed writing body - -``` - -### Install The Dashboard Addon - -``` -$ kubectl create -f https://rawgit.com/kubernetes/dashboard/master/src/deploy/kubernetes-dashboard.yaml - -$ kubectl describe svc kubernetes-dashboard -n kube-system -Name: kubernetes-dashboard -Namespace: kube-system -Labels: app=kubernetes-dashboard -Selector: app=kubernetes-dashboard -Type: NodePort -IP: 100.64.81.128 -Port: 80/TCP -NodePort: 31149/TCP -Endpoints: 10.44.0.7:9090 -Session Affinity: None - - -``` -You can now access the dashboard from your whitelisted IP at: - ```http://:``` -The service port is supplied when you create the dashboard. In the example here, it was 32584. - - -### Destroy the cluster - -Once you're done with it, don't forget to nuke the whole thing. - -``` -$ terraform destroy \ - -var "username=$OS_USERNAME" \ - -var "password=$OS_PASSWORD" \ - -var "tenant=$OS_TENANT_NAME" \ - -var "auth_url=$OS_AUTH_URL" -Do you really want to destroy? - Terraform will delete all your managed infrastructure. - There is no undo. Only 'yes' will be accepted to confirm. - - Enter a value: yes -... -... -openstack_compute_secgroup_v2.kubernetes_controller: Destruction complete -openstack_compute_secgroup_v2.kubernetes_internal: Destruction complete - -Apply complete! Resources: 0 added, 0 changed, 16 destroyed. -``` diff --git a/terraform/kubernetes-coreos/_securitygroups.tf b/terraform/kubernetes-coreos/_securitygroups.tf deleted file mode 100644 index aff9cb0..0000000 --- a/terraform/kubernetes-coreos/_securitygroups.tf +++ /dev/null @@ -1,57 +0,0 @@ - -resource "openstack_compute_secgroup_v2" "kubernetes_controller" { - name = "${var.project}_kubernetes_controller" - description = "kubernetes Controller Security Group" - rule { - ip_protocol = "tcp" - from_port = "1" - to_port = "65535" - cidr = "${var.whitelist_network}" - } - rule { - ip_protocol = "icmp" - from_port = "-1" - to_port = "-1" - cidr = "${var.whitelist_network}" - } -} - -resource "openstack_compute_secgroup_v2" "kubernetes_compute" { - name = "${var.project}_kubernetes_compute" - description = "kubernetes Compute Security Group" - rule { - ip_protocol = "icmp" - from_port = "-1" - to_port = "-1" - cidr = "${var.whitelist_network}" - } -} - -resource "openstack_compute_secgroup_v2" "kubernetes_base" { - name = "${var.project}_kubernetes_base" - description = "kubernetes Base Security Group" - rule { - ip_protocol = "tcp" - from_port = "22" - to_port = "22" - cidr = "${var.whitelist_network}" - } - rule { - ip_protocol = "icmp" - from_port = "-1" - to_port = "-1" - self = true - } - rule { - ip_protocol = "tcp" - from_port = "1" - to_port = "65535" - self = true - } - rule { - ip_protocol = "udp" - from_port = "1" - to_port = "65535" - self = true - } -} diff --git a/terraform/kubernetes-coreos/files/install_kube.sh b/terraform/kubernetes-coreos/files/install_kube.sh deleted file mode 100644 index f830ade..0000000 --- a/terraform/kubernetes-coreos/files/install_kube.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -if which apt > /dev/null; then - echo "==> Detected Ubuntu" - echo "----> Installing Kubernetes apt repo" - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - - cat < /etc/apt/sources.list.d/kubernetes.list -deb http://apt.kubernetes.io/ kubernetes-xenial main -EOF - apt-get -yq update > /dev/null - echo "----> Installing Kubernetes requirements" - apt-get install -yq docker.io kubelet kubeadm kubectl kubernetes-cni > /dev/null -elif which yum > /dev/null; then - echo "==> Detected CentOS/RHEL" - echo "----> Installing Kubernetes apt repo" - cat < /etc/yum.repos.d/kubernetes.repo -[kubernetes] -name=Kubernetes -baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64 -enabled=1 -gpgcheck=1 -repo_gpgcheck=1 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg -EOF - echo "----> YOLO setenforce" - setenforce 0 - - yum install -y docker kubelet kubeadm kubectl kubernetes-cni > /dev/null - systemctl enable docker && systemctl start docker - systemctl enable kubelet && systemctl start kubelet -else - echo "YOUR OPERATING SYSTEM IS NOT SUPPORTED" - echo "MUST BE Ubuntu Xenial or Centos/Redhat 7" - exit 1 -fi diff --git a/terraform/kubernetes-coreos/files/weave-kube.yml b/terraform/kubernetes-coreos/files/weave-kube.yml deleted file mode 100644 index d640bd2..0000000 --- a/terraform/kubernetes-coreos/files/weave-kube.yml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: weave-net - namespace: kube-system -spec: - template: - metadata: - labels: - name: weave-net - annotations: - scheduler.alpha.kubernetes.io/tolerations: | - [ - { - "key": "dedicated", - "operator": "Equal", - "value": "master", - "effect": "NoSchedule" - } - ] - spec: - hostNetwork: true - hostPID: true - containers: - - name: weave - image: weaveworks/weave-kube:1.7.2 - command: - - /home/weave/launch.sh - livenessProbe: - initialDelaySeconds: 30 - httpGet: - host: 127.0.0.1 - path: /status - port: 6784 - securityContext: - privileged: true - volumeMounts: - - name: weavedb - mountPath: /weavedb - - name: cni-bin - mountPath: /opt - - name: cni-bin2 - mountPath: /host_home - - name: cni-conf - mountPath: /etc - resources: - requests: - cpu: 10m - - name: weave-npc - image: weaveworks/weave-npc:1.7.2 - resources: - requests: - cpu: 10m - securityContext: - privileged: true - restartPolicy: Always - volumes: - - name: weavedb - emptyDir: {} - - name: cni-bin - hostPath: - path: /opt - - name: cni-bin2 - hostPath: - path: /home - - name: cni-conf - hostPath: - path: /etc diff --git a/terraform/kubernetes-coreos/kubernetes.tf b/terraform/kubernetes-coreos/kubernetes.tf deleted file mode 100644 index c34d41d..0000000 --- a/terraform/kubernetes-coreos/kubernetes.tf +++ /dev/null @@ -1,94 +0,0 @@ -resource "openstack_networking_floatingip_v2" "controller" { - count = "1" - pool = "${var.floatingip_pool}" -} - -#resource "openstack_networking_floatingip_v2" "compute" { -# count = "${var.compute_count}" -# pool = "${var.floatingip_pool}" -#} - -resource "openstack_compute_keypair_v2" "kubernetes" { - name = "${var.project}" - public_key = "${file(var.public_key_path)}" -} - -resource "openstack_compute_instance_v2" "controller" { - name = "${var.cluster_name}-controller${count.index}" - count = "1" - image_name = "${var.kubernetes_image}" - flavor_name = "${var.kubernetes_flavor}" - key_pair = "${openstack_compute_keypair_v2.kubernetes.name}" - network { - name = "${var.network_name}" - } - security_groups = [ - "${openstack_compute_secgroup_v2.kubernetes_base.name}", - "${openstack_compute_secgroup_v2.kubernetes_controller.name}" - ] - floating_ip = "${element(openstack_networking_floatingip_v2.controller.*.address, count.index)}" - #user_data = "${template_file.controller_cloud_init.rendered}" - provisioner "file" { - source = "files" - destination = "/tmp/stage" - connection { - user = "${var.ssh_user}" - } - } - provisioner "remote-exec" { - inline = [ - "sudo bash /tmp/stage/install_kube.sh", - "echo '----> Starting Kubernetes Controller'", - "sudo kubeadm init --token ${var.kubernetes_token}", - "echo '----> Installing Weave'", - "kubectl apply -f https://git.io/weave-kube" - ] - connection { - user = "${var.ssh_user}" - } - } - depends_on = [ - ] -} - -resource "openstack_compute_instance_v2" "compute" { - name = "${var.cluster_name}-compute${count.index}" - count = "${var.compute_count}" - image_name = "${var.kubernetes_image}" - flavor_name = "${var.kubernetes_flavor}" - #floating_ip = "${element(openstack_networking_floatingip_v2.compute.*.address, count.index)}" - key_pair = "${openstack_compute_keypair_v2.kubernetes.name}" - network { - name = "${var.network_name}" - } - security_groups = [ - "${openstack_compute_secgroup_v2.kubernetes_base.name}", - "${openstack_compute_secgroup_v2.kubernetes_compute.name}" - ] - provisioner "file" { - source = "files" - destination = "/tmp/stage" - connection { - user = "${var.ssh_user}" - bastion_host = "${openstack_networking_floatingip_v2.controller.0.address}" - } - } - provisioner "remote-exec" { - inline = [ - "sudo bash /tmp/stage/install_kube.sh", - "echo '----> Joining K8s Controller'", - "sudo kubeadm join --token ${var.kubernetes_token} ${openstack_compute_instance_v2.controller.0.network.0.fixed_ip_v4}" - ] - connection { - user = "${var.ssh_user}" - bastion_host = "${openstack_networking_floatingip_v2.controller.0.address}" - } - } - depends_on = [ - "openstack_compute_instance_v2.controller" - ] -} - -output "kubernetes-controller" { - value = "$ ssh -A ${var.ssh_user}@${openstack_networking_floatingip_v2.controller.0.address}" -} diff --git a/terraform/kubernetes-coreos/terraform.tfvars b/terraform/kubernetes-coreos/terraform.tfvars deleted file mode 100644 index 5d9b474..0000000 --- a/terraform/kubernetes-coreos/terraform.tfvars +++ /dev/null @@ -1,8 +0,0 @@ -kubernetes_image = "ubuntu-xenial" -ssh_user = "ubuntu" -cluster_name = "kubestack-testing" -public_key_path = "~/.ssh/id_rsa.pub" -network_name = "internal" -floatingip_pool = "external" - -project = "kubestack" diff --git a/terraform/kubernetes-coreos/variables.tf b/terraform/kubernetes-coreos/variables.tf deleted file mode 100644 index 69b1af9..0000000 --- a/terraform/kubernetes-coreos/variables.tf +++ /dev/null @@ -1,59 +0,0 @@ -variable "kubernetes_image" { - default = "ubuntu-xenial" -} - -variable "project" {} - -variable "ssh_user" { - default = "ubuntu" -} - -variable "compute_count" { - default = 2 -} - -variable "cluster_name" { - default = "testing" -} - -variable "network_name" { - default = "internal" -} - -variable "floatingip_pool" { - default = "external" -} - -variable "kubernetes_flavor" { - default = "m1.medium" -} - -variable "kubernetes_token" { - default = "5aa3f9.c7acfa51e41f1f7d" -} - -variable "username" { - description = "Your openstack username" -} - -variable "password" { - description = "Your openstack password" -} - -variable "tenant" { - description = "Your openstack tenant/project" -} - -variable "auth_url" { - description = "Your openstack auth URL" -} - -variable "public_key_path" { - description = "The path of the ssh pub key" - default = "~/.ssh/id_rsa.pub" -} - -variable "whitelist_network" { - description = "network to allow connectivity from" - default = "0.0.0.0/0" -} diff --git a/terraform/lampstack/README.md b/terraform/lampstack/README.md deleted file mode 100755 index de8f7c6..0000000 --- a/terraform/lampstack/README.md +++ /dev/null @@ -1,162 +0,0 @@ -# LAMPstack Terraform deployments - -## Status - -This will install a 3 node lampstack by defulat. Two nodes will be used as -web servers and one node will be used as database node. - -Once the script finishes, a set of URL will be displayed at the end for -verification. - -## Requirements - -- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html) -- Make sure there is an Ubuntu image available on your cloud. - -## Terraform - -Terraform will be used to provision all of the OpenStack resources required to -LAMP stack and all required software. - -### Prep - -#### Deal with ssh keys for Openstack Authentication - -Ensure your local ssh-agent is running and your ssh key has been added. -This step is required by the terraform provisioner. Otherwise, you will have -to use a key pair without passphrase. - -``` -eval $(ssh-agent -s) -ssh-add ~/.ssh/id_rsa - -``` - -#### General Openstack Settings - -Terraform OpenStack provider requires few environment variables to be set -before you can run the scripts. In general, you can simply export OS -environment varialbes like the following: - -``` -export OS_REGION_NAME=RegionOne -export OS_PROJECT_NAME=demo -export OS_IDENTITY_API_VERSION=3 -export OS_PASSWORD=secret -export OS_DOMAIN_NAME=default -export OS_USERNAME=demo -export OS_TENANT_NAME=demo -export OS_PROJECT_DOMAIN_NAME=default -export OS_AUTH_URL=http://9.30.217.9:5000/v3 - -``` - -The values of these variables should be provided by your cloud provider. When -use keystone 2.0 API, you will not need to setup domain name. - -#### LAMP Stack Settings - -You most likely will need to specify the name of your Ubuntu `glance` image, -flavor, lamp stack size (how many nodes in the stack), private and public -network names, and keys. Here is the list of the default values defined in file -vars_lampstack.tf. - -``` -image_name = "ubuntu-14.04" -private_net = "internal" -public_net = "external" -flavor = "m1.medium" -public_key_path = "~/.ssh/id_rsa.pub" -stack_size = 3 -db_username = dbuser -db_password = dbpass -``` - -You can change the settings in the file or you can simply set in environment -variables like the following: - -``` -export TF_VAR_image_name="trusty 1404" -export TF_VAR_private_net=Bluebox -export TF_VAR_public_net=internet -export TF_VAR_flavor="m1.small" -export TF_VAR_public_key_path="~/.ssh/id_rsa.pub" -export TF_VAR_stack_size=5 -export TF_VAR_db_username=george -export TF_VAR_db_password=secret - -``` - -## Provision the LAMP stack - -With all your OpenStack and TF vars set, you should be able to run -`terraform apply`. But lets check with `terraform plan` that things look -correct first: - - -``` -$ terraform plan -Refreshing Terraform state prior to plan... -... -... -+ openstack_networking_floatingip_v2.database - address: "" - fixed_ip: "" - pool: "internet" - port_id: "" - region: "RegionOne" - tenant_id: "" - - -Plan: 8 to add, 0 to change, 0 to destroy. -``` - -If there is no errors showing, we can go ahead and run - -``` -$ terraform apply -... -... -Outputs: - -lampstack = Success!!! - -Access service at the following URLs: -http://99.30.217.44 -http://99.30.217.42 - -``` - -The above results show that the LAMP Stack actually provisioned correctly -and the LAMP application is up running and can be accessed by either of the -urls. - - -## Next Steps - -### Check its up - -Use the access urls to access the application. Since there are multiple web -server nodes, any of the urls should work. - -``` -$ curl http://99.30.217.44 -$ curl http://99.30.217.42 - -``` - -## Cleanup - -Once you're done with it, don't forget to nuke the whole thing. - -``` -$ terraform destroy \ -Do you really want to destroy? - Terraform will delete all your managed infrastructure. - There is no undo. Only 'yes' will be accepted to confirm. - - Enter a value: yes -... -... -Apply complete! Resources: 0 added, 0 changed, 8 destroyed. -``` diff --git a/terraform/lampstack/lampstack.tf b/terraform/lampstack/lampstack.tf deleted file mode 100755 index e42d195..0000000 --- a/terraform/lampstack/lampstack.tf +++ /dev/null @@ -1,108 +0,0 @@ -# The terraform to stand up LAMP stack - -resource "openstack_compute_keypair_v2" "lampstack_key" { - name = "lampstack_key" - public_key = "${file(var.public_key_path)}" -} - -resource "openstack_compute_secgroup_v2" "lampstack_sg" { - name = "lampstack_sg" - description = "lampstack security group" - rule { - from_port = 22 - to_port = 22 - ip_protocol = "tcp" - cidr = "0.0.0.0/0" - } - rule { - from_port = 80 - to_port = 80 - ip_protocol = "tcp" - cidr = "0.0.0.0/0" - } - rule { - from_port = 3306 - to_port = 3306 - ip_protocol = "tcp" - cidr = "0.0.0.0/0" - } -} - -resource "openstack_networking_floatingip_v2" "database" { - count = 1 - pool = "${var.public_net}" -} - -resource "openstack_compute_instance_v2" "database" { - name = "database" - image_name = "${var.image_name}" - flavor_name = "${var.flavor}" - key_pair = "lampstack_key" - security_groups = ["${openstack_compute_secgroup_v2.lampstack_sg.name}"] - network { - name = "${var.private_net}" - } - floating_ip = "${openstack_networking_floatingip_v2.database.0.address}" - - connection { - user = "ubuntu" - timeout = "30s" - } - - provisioner "file" { - source = "onvm" - destination = "/tmp/onvm" - } - - provisioner "remote-exec" { - inline = [ - "echo ${self.network.0.fixed_ip_v4} database > /tmp/onvm/hostname", - "chmod +x /tmp/onvm/scripts/*", - "/tmp/onvm/scripts/installdb.sh ${var.db_username} ${var.db_password}" - ] - } -} - -resource "openstack_networking_floatingip_v2" "apache" { - count = "${var.stack_size - 1}" - pool = "${var.public_net}" -} - -resource "openstack_compute_instance_v2" "apache" { - name = "apache_${count.index}" - count = "${var.stack_size - 1}" - image_name = "${var.image_name}" - flavor_name = "${var.flavor}" - key_pair = "lampstack_key" - security_groups = ["${openstack_compute_secgroup_v2.lampstack_sg.name}"] - network { - name = "${var.private_net}" - } - floating_ip = "${element(openstack_networking_floatingip_v2.apache.*.address, count.index)}" - - depends_on = [ "openstack_compute_instance_v2.database" ] - - connection { - user = "ubuntu" - timeout = "30s" - } - - provisioner "file" { - source = "onvm" - destination = "/tmp/onvm" - } - - provisioner "remote-exec" { - inline = [ - "echo ${openstack_compute_instance_v2.database.network.0.fixed_ip_v4} database > /tmp/onvm/hostname", - "echo ${self.network.0.fixed_ip_v4} apache-${count.index} >> /tmp/onvm/hostname", - "chmod +x /tmp/onvm/scripts/*", - "/tmp/onvm/scripts/installapache.sh ${var.db_username} ${var.db_password}" - ] - } - -} - -output "lampstack" { - value = "Success!!!\n\nAccess service at the following URLs:\nhttp://${join("\nhttp://",openstack_compute_instance_v2.apache.*.floating_ip)}" -} diff --git a/terraform/lampstack/onvm/app/index.php b/terraform/lampstack/onvm/app/index.php deleted file mode 100755 index a3af8a7..0000000 --- a/terraform/lampstack/onvm/app/index.php +++ /dev/null @@ -1,15 +0,0 @@ - setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - echo "Connected successfully"; -} -catch(PDOException $e) { - echo "Connection failed: " . $e->getMessage(); -} -?> \ No newline at end of file diff --git a/terraform/lampstack/onvm/scripts/installapache.sh b/terraform/lampstack/onvm/scripts/installapache.sh deleted file mode 100755 index b5e390c..0000000 --- a/terraform/lampstack/onvm/scripts/installapache.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash -# $1 db_username -# $2 db_password - -cat /tmp/onvm/hostname | sudo tee -a /etc/hosts >/dev/null -echo 'Installing apache2 and php 5...' -sudo apt-get -qqy update -sudo apt-get -qqy install apache2 php5 php5-mysql -echo 'ServerName localhost' | sudo tee -a /etc/apache2/apache2.conf >/dev/null - -sudo mv /tmp/onvm/app/* /var/www/html -sudo chown -R www-data:www-data /var/www/html -sudo rm -r -f /var/www/html/index.html - -cmdStr=$(echo "s/TTTFFFdbuser/$1/g") -sudo sed -i -e "${cmdStr}" /var/www/html/index.php - -cmdStr=$(echo "s/TTTFFFdbpass/$2/g") -sudo sed -i -e "${cmdStr}" /var/www/html/index.php diff --git a/terraform/lampstack/onvm/scripts/installdb.sh b/terraform/lampstack/onvm/scripts/installdb.sh deleted file mode 100755 index 9f04e4b..0000000 --- a/terraform/lampstack/onvm/scripts/installdb.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash -# $1 db_username -# $2 db_password - -cat /tmp/onvm/hostname | sudo tee -a /etc/hosts >/dev/null -pw=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1) -sudo apt-get -qqy update -sudo debconf-set-selections <<< "mysql-server mysql-server/root_password password $pw" -sudo debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $pw" -sudo apt-get -qqy install mysql-server -echo 'Creating a database...' - -mysql -uroot -p$pw -e "CREATE DATABASE decision2016;" -mysql -uroot -p$pw -e "use decision2016; GRANT ALL PRIVILEGES ON decision2016.* TO '$1'@'localhost' IDENTIFIED BY '$2';" -mysql -uroot -p$pw -e "use decision2016; GRANT ALL PRIVILEGES ON decision2016.* TO '$1'@'%' IDENTIFIED BY '$2';" -mysql -uroot -p$pw -e "flush privileges" - -cmdStr=$(echo 's/127.0.0.1/database/g') -sudo sed -i -e "${cmdStr}" /etc/mysql/my.cnf - -sudo service mysql restart diff --git a/terraform/lampstack/vars_lampstack.tf b/terraform/lampstack/vars_lampstack.tf deleted file mode 100755 index cc64907..0000000 --- a/terraform/lampstack/vars_lampstack.tf +++ /dev/null @@ -1,34 +0,0 @@ -variable "image_name" { - default = "ubuntu-14.04" -} - -variable "private_net" { - default = "internal" -} - -variable "public_net" { - default = "external" -} - -variable "flavor" { - default = "m1.medium" -} - -variable "public_key_path" { - description = "The path of the ssh pub key" - default = "~/.ssh/id_rsa.pub" -} - -variable "stack_size" { - default = 3 -} - -variable "db_username" { - description = "The lamp stack database user for remote access" - default = "dbuser" -} - -variable "db_password" { - description = "The lamp stack database user password for remote access" - default = "dbpass" -} \ No newline at end of file diff --git a/tox.ini b/tox.ini deleted file mode 100644 index f3b0e9a..0000000 --- a/tox.ini +++ /dev/null @@ -1,40 +0,0 @@ -[tox] -envlist = py27 -minversion = 2.3.1 -skip_install = True -skipsdist = True - -[testenv] -sitepackages = False -setenv = - VIRTUAL_ENV={envdir} - LAMPSTACK_DIR = {toxinidir}/ansible/lampstack - ANSIBLE_HOST_KEY_CHECKING = False - ANSIBLE_SSH_CONTROL_PATH = /tmp/%%h-%%r - ANSIBLE_INVENTORY = {env:LAMPSTACK_DIR}/hosts - ANSIBLE_CONFIG = {env:LAMPSTACK_DIR}/ansible.cfg - ANSIBLE_LOCAL_TEMP = {envtmpdir} -deps = - setuptools - -r{toxinidir}/ansible_requirements.txt - -[testenv:lampstack] -setenv = - {[testenv]setenv} -commands = ansible-playbook -e "action=apply {posargs}" {env:LAMPSTACK_DIR}/site.yml -passenv = - OS_USERNAME - OS_PASSWORD - OS_PROJECT_NAME - -[testenv:profile] -setenv = - {[testenv]setenv} - ANSIBLE_CALLBACK_WHITELIST = profile_tasks -commands = ansible-playbook -e "action=apply {posargs}" {env:LAMPSTACK_DIR}/site.yml - -[testenv:lampstack-syntax] -setenv = - {[testenv]setenv} -commands = ansible-playbook --syntax-check {env:LAMPSTACK_DIR}/site.yml -e "action=apply {posargs}" - ansible-playbook --syntax-check {env:LAMPSTACK_DIR}/site.yml -e "action=destroy {posargs}"