summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-02-23 10:26:47 +0000
committerPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-03-02 16:22:32 +0000
commit9a43afa733fb1132e103cb0d209d73e8a9c769b6 (patch)
treecb7d867952dbdc6b63b8c27f6a466624c18f48fd
parenta80f42218ed968b6c1e61de446130e6b450faed6 (diff)
downloaddefinitions-9a43afa733fb1132e103cb0d209d73e8a9c769b6.tar.gz
Nova migration to Ansible
-rw-r--r--openstack-nova.configure128
-rw-r--r--openstack/etc/nova/rootwrap.conf27
-rw-r--r--openstack/etc/nova/rootwrap.d/api-metadata.filters13
-rw-r--r--openstack/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters9
-rw-r--r--openstack/etc/nova/rootwrap.d/baremetal-deploy-helper.filters11
-rw-r--r--openstack/etc/nova/rootwrap.d/compute.filters228
-rw-r--r--openstack/etc/nova/rootwrap.d/network.filters94
-rw-r--r--openstack/etc/systemd/system/openstack-nova-setup.service6
-rw-r--r--openstack/manifest16
-rw-r--r--openstack/usr/share/openstack/nova.yml72
-rw-r--r--openstack/usr/share/openstack/nova/api-paste.ini (renamed from openstack/etc/nova/api-paste.ini)0
-rw-r--r--openstack/usr/share/openstack/nova/cells.json (renamed from openstack/etc/nova/cells.json)0
-rw-r--r--openstack/usr/share/openstack/nova/logging.conf (renamed from openstack/etc/nova/logging.conf)0
-rw-r--r--openstack/usr/share/openstack/nova/nova-compute.conf (renamed from openstack/etc/nova/nova-compute.conf)0
-rw-r--r--openstack/usr/share/openstack/nova/nova.conf (renamed from openstack/etc/nova/nova.conf)38
-rw-r--r--openstack/usr/share/openstack/nova/nova.conf.example (renamed from openstack/etc/nova/nova.conf.example)0
-rw-r--r--openstack/usr/share/openstack/nova/policy.json (renamed from openstack/etc/nova/policy.json)0
-rw-r--r--openstack/usr/share/openstack/nova/release.sample (renamed from openstack/etc/nova/release.sample)0
-rw-r--r--openstack/usr/share/openstack/openstack-nova-setup133
19 files changed, 204 insertions, 571 deletions
diff --git a/openstack-nova.configure b/openstack-nova.configure
index 4655342c..7e263b22 100644
--- a/openstack-nova.configure
+++ b/openstack-nova.configure
@@ -20,32 +20,9 @@ set -e
ROOT="$1"
##########################################################################
-# Substitutions in configuration files
-##########################################################################
-
-cat <<EOF > "$ROOT"/etc/openstack-nova-setup.sed
-s/##NOVA_SERVICE_USER##/$NOVA_SERVICE_USER/g
-s/##NOVA_SERVICE_PASSWORD##/$NOVA_SERVICE_PASSWORD/g
-s/##NOVA_PUBLIC_URL##/$NOVA_PUBLIC_URL/g
-s/##NOVA_INTERNAL_URL##/$NOVA_INTERNAL_URL/g
-s/##NOVA_ADMIN_URL##/$NOVA_ADMIN_URL/g
-s/##NOVA_HOST##/$NOVA_HOST/g
-s/##NOVA_REGION##/$NOVA_REGION/g
-s/##NOVA_NOVNCPROXY_BASE_URL##/$NOVA_NOVNCPROXY_BASE_URL/g
-s/##NOVA_DB_USER##/$NOVA_DB_USER/g
-s/##NOVA_DB_PASSWORD##/$NOVA_DB_PASSWORD/g
-EOF
-
-sed -f "$ROOT"/etc/openstack-nova-setup.sed -i \
- "$ROOT"/etc/nova/nova.conf \
- "$ROOT"/etc/neutron/neutron.conf \
- "$ROOT"/etc/neutron/metadata_agent.ini \
- "$ROOT"/usr/share/openstack/openstack-nova-setup
-
-##########################################################################
-ln -sf "/etc/systemd/system/openstack-nova-setup.service" \
- "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-nova-setup.service"
+ln -s "/etc/systemd/system/openstack-nova-setup.service" \
+ "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-nova-setup.service"
##########################################################################
# Enable libvirtd and libvirt-guests services
@@ -64,3 +41,104 @@ ln -sf ../libvirt-guests.service "$wants_dir/libvirt-guests.service"
sed -i "s/192\.168\.122\./192\.168\.1\./g" \
"$ROOT"/etc/libvirt/qemu/networks/default.xml
+
+##########################################################################
+# Check variables
+##########################################################################
+
+
+if [ -z "$IDENTITY_URI" -a \
+ -z "$KEYSTONE_INTERNAL_URL" -a \
+ -z "$NOVA_SERVICE_USER" -a \
+ -z "$NOVA_SERVICE_PASSWORD" -a \
+ -z "$NOVA_DB_USER" -a \
+ -z "$NOVA_DB_PASSWORD" -a \
+ -z "$NOVA_NOVNCPROXY_BASE_URL" -a \
+ -z "$NOVA_HOST" -a \
+ -z "$NEUTRON_PUBLIC_URL" -a \
+ -z "$NEUTRON_SERVICE_USER" -a \
+ -z "$NEUTRON_SERVICE_PASSWORD" -a \
+ -z "$KEYSTONE_ADMIN_URL" -a \
+ -z "$METADATA_PROXY_SHARED_SECRET" -a \
+ -z "$RABBITMQ_HOST" -a \
+ -z "$RABBITMQ_USER" -a \
+ -z "$RABBITMQ_PASSWORD" -a \
+ -z "$RABBITMQ_PORT" -a \
+ -z "$CONTROLLER_HOST" -a \
+ -z "$GLANCE_HOST" -a \
+ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -a \
+ -z "$NOVA_PUBLIC_URL" -a \
+ -z "$NOVA_INTERNAL_URL" -a \
+ -z "$NOVA_ADMIN_URL" -a \
+ -z "$NOVA_REGION" ]; then
+ # No NOVA options defined, do nothing.
+ exit 0
+fi
+
+if [ -z "$IDENTITY_URI" -o \
+ -z "$KEYSTONE_INTERNAL_URL" -o \
+ -z "$NOVA_SERVICE_USER" -o \
+ -z "$NOVA_SERVICE_PASSWORD" -o \
+ -z "$NOVA_DB_USER" -o \
+ -z "$NOVA_DB_PASSWORD" -o \
+ -z "$NOVA_NOVNCPROXY_BASE_URL" -o \
+ -z "$NOVA_HOST" -o \
+ -z "$NEUTRON_PUBLIC_URL" -o \
+ -z "$NEUTRON_SERVICE_USER" -o \
+ -z "$NEUTRON_SERVICE_PASSWORD" -o \
+ -z "$KEYSTONE_ADMIN_URL" -o \
+ -z "$METADATA_PROXY_SHARED_SECRET" -o \
+ -z "$RABBITMQ_HOST" -o \
+ -z "$RABBITMQ_USER" -o \
+ -z "$RABBITMQ_PASSWORD" -o \
+ -z "$RABBITMQ_PORT" -o \
+ -z "$CONTROLLER_HOST" -o \
+ -z "$GLANCE_HOST" -o \
+ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \
+ -z "$NOVA_PUBLIC_URL" -o \
+ -z "$NOVA_INTERNAL_URL" -o \
+ -z "$NOVA_ADMIN_URL" -o \
+ -z "$NOVA_REGION" ]; then
+ echo Some options required for Nova were defined, but not all.
+ exit 1
+fi
+
+##########################################################################
+# Generate config variable shell snippet
+##########################################################################
+
+OPENSTACK_DATA="$ROOT/etc/openstack"
+mkdir -p "$OPENSTACK_DATA"
+
+python <<'EOF' >"$OPENSTACK_DATA/nova.conf"
+import os, sys, yaml
+
+nova_configuration={
+ 'IDENTITY_URI': os.environ['IDENTITY_URI'],
+ 'KEYSTONE_INTERNAL_URL': os.environ['KEYSTONE_INTERNAL_URL'],
+ 'NOVA_SERVICE_USER': os.environ['NOVA_SERVICE_USER'],
+ 'NOVA_SERVICE_PASSWORD': os.environ['NOVA_SERVICE_PASSWORD'],
+ 'NOVA_DB_USER': os.environ['NOVA_DB_USER'],
+ 'NOVA_DB_PASSWORD': os.environ['NOVA_DB_PASSWORD'],
+ 'NOVA_NOVNCPROXY_BASE_URL': os.environ['NOVA_NOVNCPROXY_BASE_URL'],
+ 'NOVA_HOST': os.environ['NOVA_HOST'],
+ 'NEUTRON_PUBLIC_URL': os.environ['NEUTRON_PUBLIC_URL'],
+ 'NEUTRON_SERVICE_USER': os.environ['NEUTRON_SERVICE_USER'],
+ 'NEUTRON_SERVICE_PASSWORD': os.environ['NEUTRON_SERVICE_PASSWORD'],
+ 'KEYSTONE_ADMIN_URL': os.environ['KEYSTONE_ADMIN_URL'],
+ 'METADATA_PROXY_SHARED_SECRET': os.environ['METADATA_PROXY_SHARED_SECRET'],
+ 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'],
+ 'RABBITMQ_USER': os.environ['RABBITMQ_USER'],
+ 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'],
+ 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'],
+ 'CONTROLLER_HOST': os.environ['CONTROLLER_HOST'],
+ 'GLANCE_HOST': os.environ['GLANCE_HOST'],
+ 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'],
+ 'NOVA_PUBLIC_URL': os.environ['NOVA_PUBLIC_URL'],
+ 'NOVA_INTERNAL_URL': os.environ['NOVA_INTERNAL_URL'],
+ 'NOVA_ADMIN_URL': os.environ['NOVA_ADMIN_URL'],
+ 'NOVA_REGION': os.environ['NOVA_REGION'],
+}
+
+yaml.dump(nova_configuration, sys.stdout, default_flow_style=False)
+EOF
diff --git a/openstack/etc/nova/rootwrap.conf b/openstack/etc/nova/rootwrap.conf
deleted file mode 100644
index aa466c5d..00000000
--- a/openstack/etc/nova/rootwrap.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# Configuration for nova-rootwrap
-# This file should be owned by (and only-writeable by) the root user
-
-[DEFAULT]
-# List of directories to load filter definitions from (separated by ',').
-# These directories MUST all be only writeable by root !
-filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
-
-# List of directories to search executables in, in case filters do not
-# explicitely specify a full path (separated by ',')
-# If not specified, defaults to system PATH environment variable.
-# These directories MUST all be only writeable by root !
-exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
-
-# Enable logging to syslog
-# Default value is False
-use_syslog=False
-
-# Which syslog facility to use.
-# Valid values include auth, authpriv, syslog, local0, local1...
-# Default value is 'syslog'
-syslog_log_facility=syslog
-
-# Which messages to log.
-# INFO means log all usage
-# ERROR means only log unsuccessful attempts
-syslog_log_level=ERROR
diff --git a/openstack/etc/nova/rootwrap.d/api-metadata.filters b/openstack/etc/nova/rootwrap.d/api-metadata.filters
deleted file mode 100644
index 1aa6f83e..00000000
--- a/openstack/etc/nova/rootwrap.d/api-metadata.filters
+++ /dev/null
@@ -1,13 +0,0 @@
-# nova-rootwrap command filters for api-metadata nodes
-# This is needed on nova-api hosts running with "metadata" in enabled_apis
-# or when running nova-api-metadata
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
-iptables-save: CommandFilter, iptables-save, root
-ip6tables-save: CommandFilter, ip6tables-save, root
-
-# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
-iptables-restore: CommandFilter, iptables-restore, root
-ip6tables-restore: CommandFilter, ip6tables-restore, root
diff --git a/openstack/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters b/openstack/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters
deleted file mode 100644
index 4132a999..00000000
--- a/openstack/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters
+++ /dev/null
@@ -1,9 +0,0 @@
-# nova-rootwrap command filters for compute nodes
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova/virt/baremetal/ipmi.py: 'ipmitool', ..
-ipmitool: CommandFilter, ipmitool, root
-
-# nova/virt/baremetal/ipmi.py: 'kill', '-TERM', str(console_pid)
-kill_shellinaboxd: KillFilter, root, /usr/local/bin/shellinaboxd, -15, -TERM
diff --git a/openstack/etc/nova/rootwrap.d/baremetal-deploy-helper.filters b/openstack/etc/nova/rootwrap.d/baremetal-deploy-helper.filters
deleted file mode 100644
index 6d14b5d9..00000000
--- a/openstack/etc/nova/rootwrap.d/baremetal-deploy-helper.filters
+++ /dev/null
@@ -1,11 +0,0 @@
-# nova-rootwrap command filters for nova-baremetal-deploy-helper
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova-baremetal-deploy-helper
-iscsiadm: CommandFilter, iscsiadm, root
-sfdisk: CommandFilter, sfdisk, root
-dd: CommandFilter, dd, root
-mkswap: CommandFilter, mkswap, root
-blkid: CommandFilter, blkid, root
-mkfs: CommandFilter, mkfs, root
diff --git a/openstack/etc/nova/rootwrap.d/compute.filters b/openstack/etc/nova/rootwrap.d/compute.filters
deleted file mode 100644
index b79851b4..00000000
--- a/openstack/etc/nova/rootwrap.d/compute.filters
+++ /dev/null
@@ -1,228 +0,0 @@
-# nova-rootwrap command filters for compute nodes
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova/virt/disk/mount/api.py: 'kpartx', '-a', device
-# nova/virt/disk/mount/api.py: 'kpartx', '-d', device
-kpartx: CommandFilter, kpartx, root
-
-# nova/virt/xenapi/vm_utils.py: tune2fs, -O ^has_journal, part_path
-# nova/virt/xenapi/vm_utils.py: tune2fs, -j, partition_path
-tune2fs: CommandFilter, tune2fs, root
-
-# nova/virt/disk/mount/api.py: 'mount', mapped_device
-# nova/virt/disk/api.py: 'mount', '-o', 'bind', src, target
-# nova/virt/xenapi/vm_utils.py: 'mount', '-t', 'ext2,ext3,ext4,reiserfs'..
-# nova/virt/configdrive.py: 'mount', device, mountdir
-# nova/virt/libvirt/volume.py: 'mount', '-t', 'sofs' ...
-mount: CommandFilter, mount, root
-
-# nova/virt/disk/mount/api.py: 'umount', mapped_device
-# nova/virt/disk/api.py: 'umount' target
-# nova/virt/xenapi/vm_utils.py: 'umount', dev_path
-# nova/virt/configdrive.py: 'umount', mountdir
-umount: CommandFilter, umount, root
-
-# nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-c', device, image
-# nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-d', device
-qemu-nbd: CommandFilter, qemu-nbd, root
-
-# nova/virt/disk/mount/loop.py: 'losetup', '--find', '--show', image
-# nova/virt/disk/mount/loop.py: 'losetup', '--detach', device
-losetup: CommandFilter, losetup, root
-
-# nova/virt/libvirt/utils.py: 'blockdev', '--getsize64', path
-# nova/virt/disk/mount/nbd.py: 'blockdev', '--flushbufs', device
-blockdev: RegExpFilter, blockdev, root, blockdev, (--getsize64|--flushbufs), /dev/.*
-
-# nova/virt/disk/vfs/localfs.py: 'tee', canonpath
-tee: CommandFilter, tee, root
-
-# nova/virt/disk/vfs/localfs.py: 'mkdir', canonpath
-mkdir: CommandFilter, mkdir, root
-
-# nova/virt/disk/vfs/localfs.py: 'chown'
-# nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log
-# nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log
-# nova/virt/libvirt/connection.py: 'chown', 'root', basepath('disk')
-chown: CommandFilter, chown, root
-
-# nova/virt/disk/vfs/localfs.py: 'chmod'
-chmod: CommandFilter, chmod, root
-
-# nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap'
-# nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up'
-# nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev
-# nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i..
-# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'..
-# nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',..
-# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',..
-# nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev)
-# nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1]
-# nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge
-# nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',..
-# nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ...
-# nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,..
-# nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up'
-# nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up'
-# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up'
-# nova/network/linux_net.py: 'ip', 'route', 'add', ..
-# nova/network/linux_net.py: 'ip', 'route', 'del', .
-# nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev
-ip: CommandFilter, ip, root
-
-# nova/virt/libvirt/vif.py: 'tunctl', '-b', '-t', dev
-# nova/network/linux_net.py: 'tunctl', '-b', '-t', dev
-tunctl: CommandFilter, tunctl, root
-
-# nova/virt/libvirt/vif.py: 'ovs-vsctl', ...
-# nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ...
-# nova/network/linux_net.py: 'ovs-vsctl', ....
-ovs-vsctl: CommandFilter, ovs-vsctl, root
-
-# nova/network/linux_net.py: 'ovs-ofctl', ....
-ovs-ofctl: CommandFilter, ovs-ofctl, root
-
-# nova/virt/libvirt/connection.py: 'dd', if=%s % virsh_output, ...
-dd: CommandFilter, dd, root
-
-# nova/virt/xenapi/volume_utils.py: 'iscsiadm', '-m', ...
-iscsiadm: CommandFilter, iscsiadm, root
-
-# nova/virt/libvirt/volume.py: 'aoe-revalidate', aoedev
-# nova/virt/libvirt/volume.py: 'aoe-discover'
-aoe-revalidate: CommandFilter, aoe-revalidate, root
-aoe-discover: CommandFilter, aoe-discover, root
-
-# nova/virt/xenapi/vm_utils.py: parted, --script, ...
-# nova/virt/xenapi/vm_utils.py: 'parted', '--script', dev_path, ..*.
-parted: CommandFilter, parted, root
-
-# nova/virt/xenapi/vm_utils.py: 'pygrub', '-qn', dev_path
-pygrub: CommandFilter, pygrub, root
-
-# nova/virt/xenapi/vm_utils.py: fdisk %(dev_path)s
-fdisk: CommandFilter, fdisk, root
-
-# nova/virt/xenapi/vm_utils.py: e2fsck, -f, -p, partition_path
-# nova/virt/disk/api.py: e2fsck, -f, -p, image
-e2fsck: CommandFilter, e2fsck, root
-
-# nova/virt/xenapi/vm_utils.py: resize2fs, partition_path
-# nova/virt/disk/api.py: resize2fs, image
-resize2fs: CommandFilter, resize2fs, root
-
-# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
-iptables-save: CommandFilter, iptables-save, root
-ip6tables-save: CommandFilter, ip6tables-save, root
-
-# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
-iptables-restore: CommandFilter, iptables-restore, root
-ip6tables-restore: CommandFilter, ip6tables-restore, root
-
-# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ...
-# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],..
-arping: CommandFilter, arping, root
-
-# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address
-dhcp_release: CommandFilter, dhcp_release, root
-
-# nova/network/linux_net.py: 'kill', '-9', pid
-# nova/network/linux_net.py: 'kill', '-HUP', pid
-kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
-
-# nova/network/linux_net.py: 'kill', pid
-kill_radvd: KillFilter, root, /usr/sbin/radvd
-
-# nova/network/linux_net.py: dnsmasq call
-dnsmasq: EnvFilter, env, root, CONFIG_FILE=, NETWORK_ID=, dnsmasq
-
-# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'..
-radvd: CommandFilter, radvd, root
-
-# nova/network/linux_net.py: 'brctl', 'addbr', bridge
-# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0
-# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off'
-# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface
-brctl: CommandFilter, brctl, root
-
-# nova/virt/libvirt/utils.py: 'mkswap'
-# nova/virt/xenapi/vm_utils.py: 'mkswap'
-mkswap: CommandFilter, mkswap, root
-
-# nova/virt/xenapi/vm_utils.py: 'mkfs'
-# nova/utils.py: 'mkfs', fs, path, label
-mkfs: CommandFilter, mkfs, root
-
-# nova/virt/libvirt/utils.py: 'qemu-img'
-qemu-img: CommandFilter, qemu-img, root
-
-# nova/virt/disk/vfs/localfs.py: 'readlink', '-e'
-readlink: CommandFilter, readlink, root
-
-# nova/virt/disk/api.py: 'touch', target
-touch: CommandFilter, touch, root
-
-# nova/virt/disk/api.py:
-mkfs.ext3: CommandFilter, mkfs.ext3, root
-mkfs.ntfs: CommandFilter, mkfs.ntfs, root
-
-# nova/virt/libvirt/connection.py:
-read_initiator: ReadFileFilter, /etc/iscsi/initiatorname.iscsi
-
-# nova/virt/libvirt/connection.py:
-lvremove: CommandFilter, lvremove, root
-
-# nova/virt/libvirt/utils.py:
-lvcreate: CommandFilter, lvcreate, root
-
-# nova/virt/libvirt/utils.py:
-lvs: CommandFilter, lvs, root
-
-# nova/virt/libvirt/utils.py:
-vgs: CommandFilter, vgs, root
-
-# nova/virt/baremetal/volume_driver.py: 'tgtadm', '--lld', 'iscsi', ...
-tgtadm: CommandFilter, tgtadm, root
-
-# nova/utils.py:read_file_as_root: 'cat', file_path
-# (called from nova/virt/disk/vfs/localfs.py:VFSLocalFS.read_file)
-read_passwd: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/passwd
-read_shadow: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/shadow
-
-# nova/virt/libvirt/volume.py: 'multipath' '-R'
-multipath: CommandFilter, multipath, root
-
-# nova/virt/libvirt/utils.py:
-systool: CommandFilter, systool, root
-
-# nova/virt/libvirt/volume.py:
-sginfo: CommandFilter, sginfo, root
-sg_scan: CommandFilter, sg_scan, root
-ln: RegExpFilter, ln, root, ln, --symbolic, --force, /dev/mapper/ip-.*-iscsi-iqn.2010-10.org.openstack:volume-.*, /dev/disk/by-path/ip-.*-iscsi-iqn.2010-10.org.openstack:volume-.*
-
-# nova/volume/encryptors.py:
-# nova/virt/libvirt/dmcrypt.py:
-cryptsetup: CommandFilter, cryptsetup, root
-
-# nova/virt/xenapi/vm_utils.py:
-xenstore-read: CommandFilter, xenstore-read, root
-
-# nova/virt/baremetal/tilera.py: 'rpc.mountd'
-rpc.mountd: CommandFilter, rpc.mountd, root
-
-# nova/virt/libvirt/utils.py:
-rbd: CommandFilter, rbd, root
-
-# nova/virt/libvirt/utils.py: 'shred', '-n3', '-s%d' % volume_size, path
-shred: CommandFilter, shred, root
-
-# nova/virt/libvirt/volume.py: 'cp', '/dev/stdin', delete_control..
-cp: CommandFilter, cp, root
-
-# nova/virt/xenapi/vm_utils.py:
-sync: CommandFilter, sync, root
-
diff --git a/openstack/etc/nova/rootwrap.d/network.filters b/openstack/etc/nova/rootwrap.d/network.filters
deleted file mode 100644
index 568e8d49..00000000
--- a/openstack/etc/nova/rootwrap.d/network.filters
+++ /dev/null
@@ -1,94 +0,0 @@
-# nova-rootwrap command filters for network nodes
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap'
-# nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up'
-# nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev
-# nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i..
-# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'..
-# nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',..
-# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',..
-# nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev)
-# nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1]
-# nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge
-# nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',..
-# nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ...
-# nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,..
-# nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up'
-# nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up'
-# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up'
-# nova/network/linux_net.py: 'ip', 'route', 'add', ..
-# nova/network/linux_net.py: 'ip', 'route', 'del', .
-# nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev
-ip: CommandFilter, ip, root
-
-# nova/virt/libvirt/vif.py: 'ovs-vsctl', ...
-# nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ...
-# nova/network/linux_net.py: 'ovs-vsctl', ....
-ovs-vsctl: CommandFilter, ovs-vsctl, root
-
-# nova/network/linux_net.py: 'ovs-ofctl', ....
-ovs-ofctl: CommandFilter, ovs-ofctl, root
-
-# nova/virt/libvirt/vif.py: 'ivs-ctl', ...
-# nova/virt/libvirt/vif.py: 'ivs-ctl', 'del-port', ...
-# nova/network/linux_net.py: 'ivs-ctl', ....
-ivs-ctl: CommandFilter, ivs-ctl, root
-
-# nova/virt/libvirt/vif.py: 'ifc_ctl', ...
-ifc_ctl: CommandFilter, /opt/pg/bin/ifc_ctl, root
-
-# nova/virt/libvirt/vif.py: 'ebrctl', ...
-ebrctl: CommandFilter, ebrctl, root
-
-# nova/virt/libvirt/vif.py: 'mm-ctl', ...
-mm-ctl: CommandFilter, mm-ctl, root
-
-# nova/network/linux_net.py: 'ebtables', '-D' ...
-# nova/network/linux_net.py: 'ebtables', '-I' ...
-ebtables: CommandFilter, ebtables, root
-ebtables_usr: CommandFilter, ebtables, root
-
-# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
-iptables-save: CommandFilter, iptables-save, root
-ip6tables-save: CommandFilter, ip6tables-save, root
-
-# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
-iptables-restore: CommandFilter, iptables-restore, root
-ip6tables-restore: CommandFilter, ip6tables-restore, root
-
-# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ...
-# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],..
-arping: CommandFilter, arping, root
-
-# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address
-dhcp_release: CommandFilter, dhcp_release, root
-
-# nova/network/linux_net.py: 'kill', '-9', pid
-# nova/network/linux_net.py: 'kill', '-HUP', pid
-kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
-
-# nova/network/linux_net.py: 'kill', pid
-kill_radvd: KillFilter, root, /usr/sbin/radvd
-
-# nova/network/linux_net.py: dnsmasq call
-dnsmasq: EnvFilter, env, root, CONFIG_FILE=, NETWORK_ID=, dnsmasq
-
-# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'..
-radvd: CommandFilter, radvd, root
-
-# nova/network/linux_net.py: 'brctl', 'addbr', bridge
-# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0
-# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off'
-# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface
-brctl: CommandFilter, brctl, root
-
-# nova/network/linux_net.py: 'sysctl', ....
-sysctl: CommandFilter, sysctl, root
-
-# nova/network/linux_net.py: 'conntrack'
-conntrack: CommandFilter, conntrack, root
diff --git a/openstack/etc/systemd/system/openstack-nova-setup.service b/openstack/etc/systemd/system/openstack-nova-setup.service
index e7a9136f..a4ad6ae7 100644
--- a/openstack/etc/systemd/system/openstack-nova-setup.service
+++ b/openstack/etc/systemd/system/openstack-nova-setup.service
@@ -1,11 +1,9 @@
[Unit]
-Description=Run openstack-nova-setup (once)
+Description=Run nova-setup Ansible scripts
After=local-fs.target libvirtd.service openstack-keystone-setup.service postgres-server.service
[Service]
-Type=oneshot
-ExecStart=/usr/share/openstack/openstack-nova-setup
-Restart=no
+ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/nova.yml
[Install]
WantedBy=multi-user.target
diff --git a/openstack/manifest b/openstack/manifest
index d8fe3cb6..c1d9a4b0 100644
--- a/openstack/manifest
+++ b/openstack/manifest
@@ -34,6 +34,14 @@
0100644 0 0 /usr/share/openstack/modules/neutron_subnet
0100644 0 0 /usr/share/openstack/modules/nova_flavor
0100644 0 0 /usr/share/openstack/modules/nova_manage
+0040755 0 0 /usr/share/openstack/nova
+0100644 0 0 /usr/share/openstack/nova.yml
+0100644 0 0 /usr/share/openstack/nova/logging.conf
+0100644 0 0 /usr/share/openstack/nova/nova.conf
+0100644 0 0 /usr/share/openstack/nova/nova-compute.conf
+0100644 0 0 /usr/share/openstack/nova/policy.json
+0100644 0 0 /usr/share/openstack/nova/cells.json
+0100644 0 0 /usr/share/openstack/nova/api-paste.ini
0100644 0 0 /etc/logrotate.d/openstack-keystone
0100644 0 0 /etc/systemd/system/openstack-keystone.service
0100644 0 0 /etc/systemd/system/openstack-keystone-setup.service
@@ -50,14 +58,6 @@
0100644 0 0 /etc/systemd/system/openstack-glance-api.service
0100644 0 0 /etc/systemd/system/openstack-glance-registry.service
0040755 0 0 /var/lib/nova
-0040755 0 0 /etc/nova
-0100644 0 0 /etc/nova/logging.conf
-0100644 0 0 /etc/nova/nova.conf
-0100644 0 0 /etc/nova/nova-compute.conf
-0100644 0 0 /etc/nova/policy.json
-0100644 0 0 /etc/nova/cells.json
-0100644 0 0 /etc/nova/api-paste.ini
-0100755 0 0 /usr/share/openstack/openstack-nova-setup
0100644 0 0 /etc/systemd/system/openstack-nova-setup.service
0100644 0 0 /etc/systemd/system/openstack-nova-compute.service
0100644 0 0 /etc/systemd/system/openstack-nova-conductor.service
diff --git a/openstack/usr/share/openstack/nova.yml b/openstack/usr/share/openstack/nova.yml
new file mode 100644
index 00000000..15b1f3be
--- /dev/null
+++ b/openstack/usr/share/openstack/nova.yml
@@ -0,0 +1,72 @@
+---
+- hosts: localhost
+ vars_files:
+ - "/etc/openstack/nova.conf"
+ tasks:
+ - name: Create the nova user.
+ user: name=nova comment="Openstack Nova Daemons" shell=/sbin/nologin home=/var/lib/nova groups=libvirt append=yes
+
+ - name: Create the /var folders for nova
+ file: path={{ item }} state=directory owner=nova group=nova
+ with_items:
+ - /var/run/nova
+ - /var/lock/nova
+ - /var/log/nova
+ - /var/lib/nova
+ - /var/lib/nova/instances
+
+ - file: path=/etc/nova state=directory
+ - name: Add the configuration needed for nova in /etc/nova using templates
+ template: src=/usr/share/openstack/nova/{{ item }} dest=/etc/nova/{{ item }}
+ with_lines:
+ - (cd /usr/share/openstack/nova && find -type f)
+
+ - keystone_user: >
+ user={{ NOVA_SERVICE_USER }}
+ password={{ NOVA_SERVICE_PASSWORD }}
+ tenant=service
+ token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
+
+ - keystone_user: >
+ role=admin
+ user={{ NOVA_SERVICE_USER }}
+ tenant=service
+ token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
+
+ - keystone_service: >
+ name=nova
+ type=compute
+ description="Openstack Compute Service"
+ publicurl={{ NOVA_PUBLIC_URL }}
+ internalurl={{ NOVA_INTERNAL_URL | default('http://127.0.0.1:8774/v2/%(tenant_id)s') }}
+ adminurl={{ NOVA_ADMIN_URL }}
+ region='RegionOne'
+ token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
+
+ - postgresql_user: name={{ NOVA_DB_USER }}
+ sudo: yes
+ sudo_user: nova
+ - postgresql_db: name=nova owner={{ NOVA_DB_USER }}
+ sudo: yes
+ sudo_user: nova
+
+ - nova_manage: action=dbsync
+ sudo: yes
+ sudo_user: nova
+
+
+
+# [1] Never enable openstack-nova-conductor service in a node with
+# openstack-nova-compute or the security benefits of removing
+# database access from nova-compute will be negated
+#systemctl start openstack-nova-conductor
+ - name: Enable and start openstack-nova services
+ service: name={{ item }} enabled=yes state=started
+ with_items:
+ - openstack-nova-api.service
+ - openstack-nova-cert.service
+ - openstack-nova-compute.service
+ - openstack-nova-consoleauth.service
+ - openstack-nova-novncproxy.service
+ - openstack-nova-scheduler.service
+# - openstack-nova-conductor.service
diff --git a/openstack/etc/nova/api-paste.ini b/openstack/usr/share/openstack/nova/api-paste.ini
index 2a825a5b..2a825a5b 100644
--- a/openstack/etc/nova/api-paste.ini
+++ b/openstack/usr/share/openstack/nova/api-paste.ini
diff --git a/openstack/etc/nova/cells.json b/openstack/usr/share/openstack/nova/cells.json
index cc74930d..cc74930d 100644
--- a/openstack/etc/nova/cells.json
+++ b/openstack/usr/share/openstack/nova/cells.json
diff --git a/openstack/etc/nova/logging.conf b/openstack/usr/share/openstack/nova/logging.conf
index 5482a040..5482a040 100644
--- a/openstack/etc/nova/logging.conf
+++ b/openstack/usr/share/openstack/nova/logging.conf
diff --git a/openstack/etc/nova/nova-compute.conf b/openstack/usr/share/openstack/nova/nova-compute.conf
index 1ef5590c..1ef5590c 100644
--- a/openstack/etc/nova/nova-compute.conf
+++ b/openstack/usr/share/openstack/nova/nova-compute.conf
diff --git a/openstack/etc/nova/nova.conf b/openstack/usr/share/openstack/nova/nova.conf
index b703591f..45615927 100644
--- a/openstack/etc/nova/nova.conf
+++ b/openstack/usr/share/openstack/nova/nova.conf
@@ -54,7 +54,7 @@ logdir=/var/log/nova
# Mandatory general options #
#############################
# ip address of this host (string value)
-my_ip=##NOVA_HOST##
+my_ip={{ NOVA_HOST }}
#use_ipv6=false
@@ -181,12 +181,12 @@ scheduler_default_filters=AggregateInstanceExtraSpecsFilter,AvailabilityZoneFilt
############
# RABBITMQ #
############
-rabbit_host = ##RABBITMQ_HOST##
+rabbit_host = {{ RABBITMQ_HOST }}
#fake_rabbit=false
#rabbit_virtual_host=/
-rabbit_userid = ##RABBITMQ_USER##
-rabbit_password = ##RABBITMQ_PASSWORD##
-rabbit_port = ##RABBITMQ_PORT##
+rabbit_userid = {{ RABBITMQ_USER }}
+rabbit_password = {{ RABBITMQ_PASSWORD }}
+rabbit_port = {{ RABBITMQ_PORT }}
rabbit_use_ssl=false
#rabbit_retry_interval=1
# The messaging module to use, defaults to kombu (works for rabbit).
@@ -196,7 +196,7 @@ rpc_backend = nova.openstack.common.rpc.impl_kombu
##########
# GLANCE #
##########
-host=##GLANCE_HOST##
+host={{ GLANCE_HOST }}
port=9292
protocol=http
@@ -281,13 +281,13 @@ flat_interface=eth0
# Neutron #
###########
# This is the URL of your neutron server:
-neutron_url=##NEUTRON_PUBLIC_URL##
+neutron_url={{ NEUTRON_PUBLIC_URL }}
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
-neutron_admin_username=##NEUTRON_SERVICE_USER##
-neutron_admin_password=##NEUTRON_SERVICE_PASSWORD##
+neutron_admin_username={{ NEUTRON_SERVICE_USER }}
+neutron_admin_password={{ NEUTRON_SERVICE_PASSWORD }}
# This is the URL of your Keystone server
-neutron_admin_auth_url=##KEYSTONE_ADMIN_URL##
+neutron_admin_auth_url={{ KEYSTONE_ADMIN_URL }}
# What's below is only needed for nova-compute.
@@ -300,7 +300,7 @@ service_neutron_metadata_proxy=True
# Shared secret to validate proxies Neutron metadata requests
# This password should match what is in /etc/neutron/metadata_agent.ini
# (string value)
-neutron_metadata_proxy_shared_secret= ##METADATA_PROXY_SHARED_SECRET##
+neutron_metadata_proxy_shared_secret= {{ METADATA_PROXY_SHARED_SECRET }}
#################
# NOVNC CONSOLE #
@@ -314,10 +314,10 @@ neutron_metadata_proxy_shared_secret= ##METADATA_PROXY_SHARED_SECRET##
# NoVNC form now on (VMs video card needs to be attached to a console type, and
# they can accept only one video card at a time).
vnc_enabled=True
-novncproxy_base_url=##NOVA_NOVNCPROXY_BASE_URL##
+novncproxy_base_url={{ NOVA_NOVNCPROXY_BASE_URL }}
# Change vncserver_proxyclient_address and vncserver_listen to match each compute host
-vncserver_proxyclient_address=##NOVA_HOST##
-vncserver_listen=##NOVA_HOST##
+vncserver_proxyclient_address={{ NOVA_HOST }}
+vncserver_listen={{ NOVA_HOST }}
vnc_keymap="en-us"
######################################
@@ -365,7 +365,7 @@ vnc_keymap="en-us"
# DATABASE #
############
[database]
-connection=postgresql://##NOVA_DB_USER##:##NOVA_DB_PASSWORD##@onenode/nova
+connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST }}/nova
#############
# CONDUCTOR #
@@ -602,13 +602,13 @@ enabled=false
# Keystone authtoken #
######################
[keystone_authtoken]
-identity_uri = ##IDENTITY_URI##
-auth_uri = ##KEYSTONE_INTERNAL_URL##
+identity_uri = {{ IDENTITY_URI }}
+auth_uri = {{ KEYSTONE_INTERNAL_URL }}
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
-admin_user = ##NOVA_SERVICE_USER##
-admin_password = ##NOVA_SERVICE_PASSWORD##
+admin_user = {{ NOVA_SERVICE_USER }}
+admin_password = {{ NOVA_SERVICE_PASSWORD }}
auth_version = v2.0
###########
diff --git a/openstack/etc/nova/nova.conf.example b/openstack/usr/share/openstack/nova/nova.conf.example
index 999574ca..999574ca 100644
--- a/openstack/etc/nova/nova.conf.example
+++ b/openstack/usr/share/openstack/nova/nova.conf.example
diff --git a/openstack/etc/nova/policy.json b/openstack/usr/share/openstack/nova/policy.json
index cc5b8ea4..cc5b8ea4 100644
--- a/openstack/etc/nova/policy.json
+++ b/openstack/usr/share/openstack/nova/policy.json
diff --git a/openstack/etc/nova/release.sample b/openstack/usr/share/openstack/nova/release.sample
index 4c0d8e48..4c0d8e48 100644
--- a/openstack/etc/nova/release.sample
+++ b/openstack/usr/share/openstack/nova/release.sample
diff --git a/openstack/usr/share/openstack/openstack-nova-setup b/openstack/usr/share/openstack/openstack-nova-setup
deleted file mode 100644
index 7168e7c2..00000000
--- a/openstack/usr/share/openstack/openstack-nova-setup
+++ /dev/null
@@ -1,133 +0,0 @@
-#!/bin/sh
-#
-# Copyright (C) 2014 Codethink Limited
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-set -e
-
-# Create required system users and groups
-
-getent group nova >/dev/null || groupadd -r --gid 162 nova
-getent passwd nova >/dev/null || \
- useradd --uid 162 -r -g nova -d /var/lib/nova -s /sbin/nologin \
- -c "OpenStack Nova Daemons" nova
-
-# Create the keystone user and services
-
-export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN##
-export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0'
-
-keystone user-create --name ##NOVA_SERVICE_USER## --pass ##NOVA_SERVICE_PASSWORD##
-keystone user-role-add --tenant service --user ##NOVA_SERVICE_USER## --role admin
-
-keystone service-create --name nova --type compute --description "OpenStack Compute Service"
-keystone endpoint-create --service-id $(keystone service-list | awk '/ compute / {print $2}') \
- --publicurl ##NOVA_PUBLIC_URL## \
- --internalurl ##NOVA_INTERNAL_URL## \
- --adminurl ##NOVA_ADMIN_URL## \
- --region ##NOVA_REGION##
-
-# Nova compute configuration
-if [ ! -d /var/run/nova ]; then
- mkdir -p /var/run/nova
- chown -R nova:nova /var/run/nova
-fi
-
-if [ ! -d /var/lock/nova ]; then
- mkdir -p /var/lock/nova
- chown -R nova:nova /var/lock/nova
-fi
-
-if [ ! -d /var/log/nova ]; then
- mkdir -p /var/log/nova
- chown -R nova:nova /var/log/nova
-fi
-
-if [ ! -d /var/lib/nova/instances ]; then
- mkdir /var/lib/nova/instances
- chown -R nova:nova /var/lib/nova/instances
-fi
-
-# Setup the nova database
-if ! sudo -u postgres psql -lqt | grep -q nova; then
- # Create posgreSQL user
- sudo -u postgres createuser \
- --pwprompt --encrypted \
- --no-adduser --no-createdb \
- --no-password \
- ##NOVA_DB_USER##
-
- sudo -u postgres createdb \
- --owner=##NOVA_DB_USER## \
- nova
-
- sudo -u nova nova-manage db sync
-fi
-
-# Nova novncproxy needs /usr/share/novnc folder available
-if [ ! -d /usr/share/novnc ]; then
- mkdir /usr/share/novnc
- chown -R nova:nova /usr/share/novnc
-fi
-
-chown -R nova:nova /var/lib/nova
-
-# Add nova to the libvirt group
-usermod -a -G libvirt nova
-
-# Check existence of Network Block Device module in the kernel
-# NOTE: modprobe does not work actually and returns always
-# failure, enable this check when modprobe is fixed.
-#modprobe nbd
-
-# Remove the one-shot setup service
-rm /etc/systemd/system/multi-user.target.wants/openstack-nova-setup.service
-
-# Start nova services
-systemctl start openstack-nova-compute
-# [1] Never enable openstack-nova-conductor service in a node with
-# openstack-nova-compute or the security benefits of removing
-# database access from nova-compute will be negated
-#systemctl start openstack-nova-conductor
-systemctl start openstack-nova-api
-systemctl start openstack-nova-cert
-systemctl start openstack-nova-consoleauth
-systemctl start openstack-nova-scheduler
-systemctl start openstack-nova-novncproxy
-#systemctl start openstack-nova-xvpnvncproxy
-
-# Create the links to run nova services when system start next times.
-ln -s "/etc/systemd/system/openstack-nova-compute.service" \
- "/etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service"
-# See description of why this shouldn't run in a openstack in one node in [1]
-#ln -s "/etc/systemd/system/openstack-nova-conductor.service" \
-# "/etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service"
-
-ln -s "/etc/systemd/system/openstack-nova-api.service" \
- "/etc/systemd/system/multi-user.target.wants/openstack-nova-api.service"
-
-ln -s "/etc/systemd/system/openstack-nova-cert.service" \
- "/etc/systemd/system/multi-user.target.wants/openstack-nova-cert.service"
-
-ln -s "/etc/systemd/system/openstack-nova-consoleauth.service" \
- "/etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service"
-
-ln -s "/etc/systemd/system/openstack-nova-scheduler.service" \
- "/etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service"
-
-ln -s "/etc/systemd/system/openstack-nova-novncproxy.service" \
- "/etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service"
-
-exit 0