summaryrefslogtreecommitdiff
path: root/openstack/usr/share
diff options
context:
space:
mode:
authorRichard Maw <richard.maw@codethink.co.uk>2015-03-23 21:06:52 +0000
committerPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-04-08 18:29:23 +0100
commitf41a9c330d16c546407d91e8a549e48154d967f7 (patch)
treeb744bd5541fba8a171066e0e52bd48e595c4bafe /openstack/usr/share
parentc6d832f7cf10e1f986a617735c1f2a59b26f751f (diff)
downloaddefinitions-f41a9c330d16c546407d91e8a549e48154d967f7.tar.gz
WIP: Add OpenStack initial configuration
TODO: Split this out into: 1. initial config (openstack/etc) default values 2+. as many individual changes to initial config as possible to extract, including support scripts and configuration extensions
Diffstat (limited to 'openstack/usr/share')
-rwxr-xr-xopenstack/usr/share/openstack/apache-httpd-server-setup47
-rw-r--r--openstack/usr/share/openstack/create_openvswitch_veth_pairs32
-rw-r--r--openstack/usr/share/openstack/openstack-cinder-setup132
-rw-r--r--openstack/usr/share/openstack/openstack-glance-setup89
-rw-r--r--openstack/usr/share/openstack/openstack-horizon-setup63
-rw-r--r--openstack/usr/share/openstack/openstack-keystone-setup92
-rw-r--r--openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node56
-rw-r--r--openstack/usr/share/openstack/openstack-neutron-setup95
-rw-r--r--openstack/usr/share/openstack/openstack-nova-setup133
-rw-r--r--openstack/usr/share/openstack/openstack-rabbitmq-setup66
-rw-r--r--openstack/usr/share/openstack/openvswitch-setup44
-rw-r--r--openstack/usr/share/openstack/postgres-setup42
12 files changed, 891 insertions, 0 deletions
diff --git a/openstack/usr/share/openstack/apache-httpd-server-setup b/openstack/usr/share/openstack/apache-httpd-server-setup
new file mode 100755
index 00000000..4c0b3cee
--- /dev/null
+++ b/openstack/usr/share/openstack/apache-httpd-server-setup
@@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# Copyright (C) 2015 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+if [ -f /var/openstack/apache-http-setup ]; then
+ exit 0
+fi
+
+###############################################################################
+# Move suexec to the directory where apache is configured to have it #
+# Check configure in strata/apache-httpd-server/httpd-server.morph #
+###############################################################################
+mkdir -p /srv/www
+groupadd -r apache
+useradd -c "Apache Server" -d /srv/www -g apache \
+ -s /bin/false apache
+
+###############################################################################
+# Move suexec to the directory where apache is configured to have it #
+# Check configure in strata/apache-httpd-server/httpd-server.morph #
+###############################################################################
+mkdir -p /usr/lib/httpd
+mv -v /usr/sbin/suexec /usr/lib/httpd/suexec
+chgrp apache /usr/lib/httpd/suexec
+chmod 4754 /usr/lib/httpd/suexec
+chown -R apache:apache /srv/www
+
+install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/apache-http-setup
+Apache http setup: success
+EOF
+
+exit 0
diff --git a/openstack/usr/share/openstack/create_openvswitch_veth_pairs b/openstack/usr/share/openstack/create_openvswitch_veth_pairs
new file mode 100644
index 00000000..a239ac73
--- /dev/null
+++ b/openstack/usr/share/openstack/create_openvswitch_veth_pairs
@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# Copyright (C) 2015 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -xe
+
+# Get the first ethernet driver and its ip
+eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')"
+eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')"
+
+# Create the veth pairs between bridges (configuration one node)
+ifconfig br-eth0 $eth_ip up
+ip link set br-eth0 promisc on
+ip link set eth1-br-proxy up promisc on
+ip link set ex-br-proxy up promisc on
+ip link set proxy-br-eth1 up promisc on
+ip link set proxy-br-ex up promisc on
+
+exit 0
diff --git a/openstack/usr/share/openstack/openstack-cinder-setup b/openstack/usr/share/openstack/openstack-cinder-setup
new file mode 100644
index 00000000..eb97d55a
--- /dev/null
+++ b/openstack/usr/share/openstack/openstack-cinder-setup
@@ -0,0 +1,132 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+# Create required system users and groups
+
+getent group cinder >/dev/null || groupadd -r --gid 165 cinder
+getent passwd cinder >/dev/null || \
+ useradd --uid 165 -r -g cinder -d /var/lib/cinder -s /sbin/nologin \
+ -c "OpenStack Cinder Daemons" cinder
+
+# Create the keystone user and services
+
+export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN##
+export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0'
+
+keystone user-create --name ##CINDER_USER## --pass ##CINDER_PASSWORD##
+keystone user-role-add --tenant service --user ##CINDER_USER## --role admin
+
+# Register the Block Storage service with the Identity service so other OpenStack services
+# can locate it
+keystone service-create --name ##CINDER_USER## --type volume --description "OpenStack Block Storage"
+keystone endpoint-create --service-id $(keystone service-list | awk '/ volume / {print $2}') \
+ --publicurl ##CINDER_PUBLIC_URL## \
+ --internalurl ##CINDER_INTERNAL_URL## \
+ --adminurl ##CINDER_ADMIN_URL##
+
+# Register a service and endpoint for version 2 of the Block Storage service API
+keystone service-create --name ##CINDER_USER_V2## \
+ --type volumev2 --description "OpenStack Block Storage"
+keystone endpoint-create --service-id $(keystone service-list | awk '/ volumev2 / {print $2}') \
+ --publicurl ##CINDER_PUBLIC_URL_V2## \
+ --internalurl ##CINDER_INTERNAL_URL_V2## \
+ --adminurl ##CINDER_ADMIN_URL_V2##
+
+# Create run directory for cinder
+if [ ! -d /var/run/cinder ]; then
+ mkdir -p /var/run/cinder
+ chown -R cinder:cinder /var/run/cinder
+fi
+
+# Create the lock directory for cinder
+if [ ! -d /var/lock/cinder ]; then
+ mkdir -p /var/lock/cinder
+ chown -R cinder:cinder /var/lock/cinder
+fi
+
+# Create the log directory for cinder
+if [ ! -d /var/log/cinder ]; then
+ mkdir -p /var/log/cinder
+ chown -R cinder:cinder /var/log/cinder
+fi
+
+# Create the volumes directory for cinder
+if [ ! -d /var/lib/cinder/volumes ]; then
+ mkdir -p /var/lib/cinder/volumes
+ chown -R cinder:cinder /var/lib/cinder/volumes
+fi
+
+# Setup the cinder database
+if ! sudo -u postgres psql -lqt | grep -q cinder; then
+ # Create posgreSQL user
+ sudo -u postgres createuser \
+ --pwprompt --encrypted \
+ --no-adduser --no-createdb \
+ --no-password \
+ ##CINDER_DB_USER##
+
+ sudo -u postgres createdb \
+ --owner=##CINDER_DB_USER## \
+ cinder
+
+ sudo -u cinder cinder-manage db sync
+fi
+
+chown -R cinder:cinder /var/lib/cinder
+
+# This is only for testing purposes and we need to change it for
+# something more robust to deploy in production.
+# This also assumes that the user will add a second disk to its VM
+# and if it does not find sdb or vda it will fail.
+if [ $(ls /sys/block | grep -v sda | grep [vs]d | wc -l) -ne 1 ]; then
+ echo "Error: More than one or none block device found, cinder will not be able to create a VG."
+ exit 1
+else
+ device=/dev/$(ls /sys/block | grep -v sda | grep [vs]d)
+fi
+
+# Create a physical volume
+pvcreate -ff -y $device
+
+# Create a volume group named "cinder-volumes"
+vgcreate -y cinder-volumes $device
+
+# Remove the one-shot setup service
+rm /etc/systemd/system/multi-user.target.wants/openstack-cinder-setup.service
+
+# Start cinder services
+systemctl start openstack-cinder-api
+systemctl start openstack-cinder-scheduler
+systemctl start openstack-cinder-volume
+systemctl start openstack-cinder-backup
+
+# Create the links to run nova services when system start next times.
+ln -s "/etc/systemd/system/openstack-cinder-api.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-cinder-api.service"
+
+ln -s "/etc/systemd/system/openstack-cinder-scheduler.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-cinder-scheduler.service"
+
+ln -s "/etc/systemd/system/openstack-cinder-volume.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-cinder-volume.service"
+
+ln -s "/etc/systemd/system/openstack-cinder-backup.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-cinder-backup.service"
+
+exit 0
diff --git a/openstack/usr/share/openstack/openstack-glance-setup b/openstack/usr/share/openstack/openstack-glance-setup
new file mode 100644
index 00000000..1363a7b7
--- /dev/null
+++ b/openstack/usr/share/openstack/openstack-glance-setup
@@ -0,0 +1,89 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+# Create required system users and groups
+getent group glance >/dev/null || groupadd -r --gid 164 glance
+getent passwd glance >/dev/null || \
+ useradd --uid 164 -r -g glance -d /var/lib/glance -s /sbin/nologin \
+ -c "OpenStack Glance Daemons" glance
+
+# Create required keystone tenants, users and roles
+export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN##
+export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0'
+
+keystone user-create --name ##GLANCE_SERVICE_USER## --pass ##GLANCE_SERVICE_PASSWORD##
+keystone user-role-add --tenant service --user ##GLANCE_SERVICE_USER## --role admin
+
+keystone service-create --name glance --type image --description "OpenStack Image Service"
+keystone endpoint-create --service-id $(keystone service-list | awk '/ image / {print $2}') \
+ --publicurl ##GLANCE_PUBLIC_URL## \
+ --internalurl ##GLANCE_INTERNAL_URL## \
+ --adminurl ##GLANCE_ADMIN_URL##
+
+# Create run directory for glance
+if [ ! -d /var/run/glance ]; then
+ mkdir -p /var/run/glance
+ chown -R glance:glance /var/run/glance
+fi
+
+# Create the lock directory for glance
+if [ ! -d /var/lock/glance ]; then
+ mkdir -p /var/lock/glance
+ chown -R glance:glance /var/lock/glance
+fi
+
+# Create the log directory for glance
+if [ ! -d /var/log/glance ]; then
+ mkdir -p /var/log/glance
+ chown -R glance:glance /var/log/glance
+fi
+
+# Setup the glance database
+if ! sudo -u postgres psql -lqt | grep -q glance; then
+ # Create posgreSQL user
+ sudo -u postgres createuser \
+ --pwprompt --encrypted \
+ --no-adduser --no-createdb \
+ --no-password \
+ ##GLANCE_DB_USER##
+
+ sudo -u postgres createdb \
+ --owner=##GLANCE_DB_USER## \
+ glance
+
+ sudo -u glance glance-manage db_sync
+fi
+
+chown -R glance:glance /var/lib/glance
+
+# Remove the one-shot setup service
+rm /etc/systemd/system/multi-user.target.wants/openstack-glance-setup.service
+
+# Start glance services
+systemctl start openstack-glance-api
+systemctl start openstack-glance-registry
+
+# Create the links to run glance services when system start next times.
+ln -s "/etc/systemd/system/openstack-glance-api.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-glance-api.service"
+
+ln -s "/etc/systemd/system/openstack-glance-registry.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service"
+
+exit 0
diff --git a/openstack/usr/share/openstack/openstack-horizon-setup b/openstack/usr/share/openstack/openstack-horizon-setup
new file mode 100644
index 00000000..d10007d1
--- /dev/null
+++ b/openstack/usr/share/openstack/openstack-horizon-setup
@@ -0,0 +1,63 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+if [ -f /var/openstack/horizon-setup ]; then
+ exit 0
+fi
+
+# Create required system users and groups
+mkdir -p /var/lib/horizon
+getent group horizon >/dev/null || groupadd -r --gid 167 horizon
+getent passwd neutron >/dev/null || \
+ useradd --uid 167 -r -g horizon -d /var/lib/horizon -s /sbin/nologin \
+ -c "Horizon user" horizon
+
+# Work around to make django.wsgi working with horizon
+# See: https://bugs.launchpad.net/osprofiler/+bug/1361235
+# and: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=41c9a1dfad23f8aee366afb6a0b20a6c57ec8f79
+sed -i "s|'../..'|os.path.realpath('../..')|" \
+ /usr/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi
+
+# And link this django.wsgi file to the horizon home directory
+ln -sf /usr/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi \
+ /var/lib/horizon/django.wsgi
+
+# Link Openstack local_settings where openstack_dashboard is installed.
+ln -sf /etc/horizon/openstack_dashboard/local_settings.py \
+ /usr/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.py
+
+# Create the static directory (STATIC_ROOT) used in local_settings.py to keep
+# the static objects like css files.
+mkdir -p /var/lib/horizon/openstack_dashboard/static
+
+# Create the horizon document root for apache configuration
+mkdir -p /var/lib/horizon/openstack_dashboard/.blackhole
+
+# Link horizon configuration file for apache to the directory where our apache load
+# configurations files
+ln -sf /etc/horizon/apache-horizon.conf \
+ /usr/httpd/conf.d/apache-horizon.conf
+
+chown -R horizon:horizon /var/lib/horizon
+
+install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/horizon-setup
+Horizon setup: success
+EOF
+
+exit 0
diff --git a/openstack/usr/share/openstack/openstack-keystone-setup b/openstack/usr/share/openstack/openstack-keystone-setup
new file mode 100644
index 00000000..9c034c5b
--- /dev/null
+++ b/openstack/usr/share/openstack/openstack-keystone-setup
@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+# Create required system users and groups
+
+getent group keystone >/dev/null || groupadd -r --gid 163 keystone
+getent passwd keystone >/dev/null || \
+ useradd --uid 163 -r -g keystone -d /var/lib/keystone -s /sbin/nologin \
+ -c "OpenStack Keystone Daemons" keystone
+
+# Keystone compute configuration
+if [ ! -d /var/run/keystone ]; then
+ mkdir -p /var/run/keystone
+ chown -R keystone:keystone /var/run/keystone
+fi
+
+if [ ! -d /var/lock/keystone ]; then
+ mkdir -p /var/lock/keystone
+ chown -R keystone:keystone /var/lock/keystone
+fi
+
+if [ ! -d /var/log/keystone ]; then
+ mkdir -p /var/log/keystone
+ chown -R keystone:keystone /var/log/keystone
+fi
+
+# Setup the keystone database
+if ! sudo -u postgres psql -lqt | grep -q keystone; then
+ # Create posgreSQL user
+ sudo -u postgres createuser \
+ --pwprompt --encrypted \
+ --no-adduser --no-createdb \
+ --no-password \
+ ##KEYSTONE_DB_USER##
+
+ sudo -u postgres createdb \
+ --owner=##KEYSTONE_DB_USER## \
+ keystone
+
+ sudo -u keystone keystone-manage db_sync
+fi
+
+chown -R keystone:keystone /var/lib/keystone
+
+systemctl start openstack-keystone
+
+export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN##
+export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0'
+
+# This script creates a TEMPORARY admin user, with a password that may
+# float arount on the system. Please delete this user once you have set up
+# the real admin user with a real secure password.
+
+keystone tenant-create --name admin --description "Admin Tenant"
+keystone role-create --name admin
+
+keystone user-create --name temporary_admin --pass ##KEYSTONE_TEMPORARY_ADMIN_PASSWORD##
+keystone user-role-add --tenant admin --user temporary_admin --role admin
+
+keystone tenant-create --name service --description "Service Tenant"
+
+# Define a service for the Identity Service
+keystone service-create --name keystone --type identity --description "Openstack Identity"
+
+# Specify an API endpoint for the Identity Service by using the returned service ID.
+keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') \
+ --publicurl ##KEYSTONE_PUBLIC_URL## \
+ --internalurl ##KEYSTONE_INTERNAL_URL## \
+ --adminurl ##KEYSTONE_ADMIN_URL##
+
+rm /etc/systemd/system/multi-user.target.wants/openstack-keystone-setup.service
+
+ln -s "/etc/systemd/system/openstack-keystone.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-keystone.service"
+
+exit 0
diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node
new file mode 100644
index 00000000..c2ccbd81
--- /dev/null
+++ b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node
@@ -0,0 +1,56 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -xe
+
+# Get the first ethernet driver and its ip
+eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')"
+eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')"
+
+ip link add proxy-br-eth1 type veth peer name eth1-br-proxy
+ip link add proxy-br-ex type veth peer name ex-br-proxy
+
+if [ -f /var/openstack/openvswitch-one-node-setup ]; then
+ exit 0
+fi
+
+# Create the bridges to use the External network mapped
+# This configuration is for 1 node and it was taken from:
+# https://fosskb.wordpress.com/2014/10/18/openstack-juno-on-ubuntu-14-10/
+# and https://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/
+
+
+ovs-vsctl add-br br-eth0
+ovs-vsctl add-port br-eth0 $eth_dev
+ifconfig br-eth0 $eth_ip up
+ip link set br-eth0 promisc on
+ovs-vsctl add-br br-eth1
+ovs-vsctl add-br br-ex
+ovs-vsctl add-port br-eth1 eth1-br-proxy
+ovs-vsctl add-port br-ex ex-br-proxy
+ovs-vsctl add-port br-eth0 proxy-br-eth1
+ovs-vsctl add-port br-eth0 proxy-br-ex
+ip link set eth1-br-proxy up promisc on
+ip link set ex-br-proxy up promisc on
+ip link set proxy-br-eth1 up promisc on
+ip link set proxy-br-ex up promisc on
+
+install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/openvswitch-one-node-setup
+Openvswitch one node setup: success
+EOF
+
+exit 0
diff --git a/openstack/usr/share/openstack/openstack-neutron-setup b/openstack/usr/share/openstack/openstack-neutron-setup
new file mode 100644
index 00000000..ff6496a0
--- /dev/null
+++ b/openstack/usr/share/openstack/openstack-neutron-setup
@@ -0,0 +1,95 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -xe
+
+if [ -f /var/openstack/openstack-neutron-setup ]; then
+ exit 0
+fi
+
+# Create required system users and groups
+
+getent group neutron >/dev/null || groupadd -r --gid 166 neutron
+getent passwd neutron >/dev/null || \
+ useradd --uid 166 -r -g neutron -d /var/lib/neutron -s /sbin/nologin \
+ -c "OpenStack Neutron Daemons" neutron
+
+chown -R neutron:neutron /var/lib/neutron
+
+# Create the keystone user and services
+export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN##
+export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0'
+
+keystone user-create --name ##NEUTRON_SERVICE_USER## --pass ##NEUTRON_SERVICE_PASSWORD##
+keystone user-role-add --tenant service --user ##NEUTRON_SERVICE_USER## --role admin
+
+keystone service-create --name neutron --type network --description "OpenStack Networking"
+keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') \
+ --publicurl ##NEUTRON_PUBLIC_URL## \
+ --internalurl ##NEUTRON_INTERNAL_URL## \
+ --adminurl ##NEUTRON_ADMIN_URL## \
+ --region regionOne
+
+# neutron.conf configuration
+service_tenant_id=$(keystone tenant-get service | grep id | tr -d " " | cut -d"|" -f3)
+sed -i "s/##SERVICE_TENANT_ID##/$service_tenant_id/g" /etc/neutron/neutron.conf
+
+# Neutron compute configuration
+if [ ! -d /var/run/neutron ]; then
+ mkdir -p /var/run/neutron
+ chown -R neutron:neutron /var/run/neutron
+fi
+
+if [ ! -d /var/lock/neutron ]; then
+ mkdir -p /var/lock/neutron
+ chown -R neutron:neutron /var/lock/neutron
+fi
+
+if [ ! -d /var/log/neutron ]; then
+ mkdir -p /var/log/neutron
+ chown -R neutron:neutron /var/log/neutron
+fi
+
+# Setup the neutron database
+if ! sudo -u postgres psql -lqt | grep -q neutron; then
+ # Create postgresSQL user
+ sudo -u postgres createuser \
+ --pwprompt --encrypted \
+ --no-adduser --no-createdb \
+ --no-password \
+ ##NEUTRON_DB_USER##
+ sudo -u postgres createdb \
+ --owner=##NEUTRON_DB_USER## \
+ neutron
+ # Stamp neutron database with the latest stamped version available,
+ # in this case "icehouse"
+ sudo -u neutron neutron-db-manage \
+ --config-file /etc/neutron/neutron.conf \
+ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+ stamp icehouse
+ # Upgrade database to "juno"
+ sudo -u neutron neutron-db-manage \
+ --config-file /etc/neutron/neutron.conf \
+ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+ upgrade juno
+fi
+
+install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/openstack-neutron-setup
+Openstack neutron setup: success
+EOF
+
+exit 0
diff --git a/openstack/usr/share/openstack/openstack-nova-setup b/openstack/usr/share/openstack/openstack-nova-setup
new file mode 100644
index 00000000..7168e7c2
--- /dev/null
+++ b/openstack/usr/share/openstack/openstack-nova-setup
@@ -0,0 +1,133 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+# Create required system users and groups
+
+getent group nova >/dev/null || groupadd -r --gid 162 nova
+getent passwd nova >/dev/null || \
+ useradd --uid 162 -r -g nova -d /var/lib/nova -s /sbin/nologin \
+ -c "OpenStack Nova Daemons" nova
+
+# Create the keystone user and services
+
+export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN##
+export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0'
+
+keystone user-create --name ##NOVA_SERVICE_USER## --pass ##NOVA_SERVICE_PASSWORD##
+keystone user-role-add --tenant service --user ##NOVA_SERVICE_USER## --role admin
+
+keystone service-create --name nova --type compute --description "OpenStack Compute Service"
+keystone endpoint-create --service-id $(keystone service-list | awk '/ compute / {print $2}') \
+ --publicurl ##NOVA_PUBLIC_URL## \
+ --internalurl ##NOVA_INTERNAL_URL## \
+ --adminurl ##NOVA_ADMIN_URL## \
+ --region ##NOVA_REGION##
+
+# Nova compute configuration
+if [ ! -d /var/run/nova ]; then
+ mkdir -p /var/run/nova
+ chown -R nova:nova /var/run/nova
+fi
+
+if [ ! -d /var/lock/nova ]; then
+ mkdir -p /var/lock/nova
+ chown -R nova:nova /var/lock/nova
+fi
+
+if [ ! -d /var/log/nova ]; then
+ mkdir -p /var/log/nova
+ chown -R nova:nova /var/log/nova
+fi
+
+if [ ! -d /var/lib/nova/instances ]; then
+ mkdir /var/lib/nova/instances
+ chown -R nova:nova /var/lib/nova/instances
+fi
+
+# Setup the nova database
+if ! sudo -u postgres psql -lqt | grep -q nova; then
+ # Create posgreSQL user
+ sudo -u postgres createuser \
+ --pwprompt --encrypted \
+ --no-adduser --no-createdb \
+ --no-password \
+ ##NOVA_DB_USER##
+
+ sudo -u postgres createdb \
+ --owner=##NOVA_DB_USER## \
+ nova
+
+ sudo -u nova nova-manage db sync
+fi
+
+# Nova novncproxy needs /usr/share/novnc folder available
+if [ ! -d /usr/share/novnc ]; then
+ mkdir /usr/share/novnc
+ chown -R nova:nova /usr/share/novnc
+fi
+
+chown -R nova:nova /var/lib/nova
+
+# Add nova to the libvirt group
+usermod -a -G libvirt nova
+
+# Check existence of Network Block Device module in the kernel
+# NOTE: modprobe does not work actually and returns always
+# failure, enable this check when modprobe is fixed.
+#modprobe nbd
+
+# Remove the one-shot setup service
+rm /etc/systemd/system/multi-user.target.wants/openstack-nova-setup.service
+
+# Start nova services
+systemctl start openstack-nova-compute
+# [1] Never enable openstack-nova-conductor service in a node with
+# openstack-nova-compute or the security benefits of removing
+# database access from nova-compute will be negated
+#systemctl start openstack-nova-conductor
+systemctl start openstack-nova-api
+systemctl start openstack-nova-cert
+systemctl start openstack-nova-consoleauth
+systemctl start openstack-nova-scheduler
+systemctl start openstack-nova-novncproxy
+#systemctl start openstack-nova-xvpnvncproxy
+
+# Create the links to run nova services when system start next times.
+ln -s "/etc/systemd/system/openstack-nova-compute.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service"
+# See description of why this shouldn't run in a openstack in one node in [1]
+#ln -s "/etc/systemd/system/openstack-nova-conductor.service" \
+# "/etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service"
+
+ln -s "/etc/systemd/system/openstack-nova-api.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-nova-api.service"
+
+ln -s "/etc/systemd/system/openstack-nova-cert.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-nova-cert.service"
+
+ln -s "/etc/systemd/system/openstack-nova-consoleauth.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service"
+
+ln -s "/etc/systemd/system/openstack-nova-scheduler.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service"
+
+ln -s "/etc/systemd/system/openstack-nova-novncproxy.service" \
+ "/etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service"
+
+exit 0
diff --git a/openstack/usr/share/openstack/openstack-rabbitmq-setup b/openstack/usr/share/openstack/openstack-rabbitmq-setup
new file mode 100644
index 00000000..dd491294
--- /dev/null
+++ b/openstack/usr/share/openstack/openstack-rabbitmq-setup
@@ -0,0 +1,66 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+# Create required system users and groups
+getent group rabbitmq >/dev/null || groupadd -r --gid 1002 rabbitmq
+getent passwd rabbitmq >/dev/null || \
+ useradd --uid 1002 -r -g rabbitmq -d /var/lib/rabbitmq -s /sbin/nologin \
+ -c "Rabbitmq server daemon" rabbitmq
+
+chown -R rabbitmq:rabbitmq /var/lib/rabbitmq
+
+# Create directories and files needed to run openstack-rabbitmq-server
+if [ ! -d /var/run/rabbitmq ]; then
+ mkdir -p /var/run/rabbitmq
+ chown -R rabbitmq:rabbitmq /var/run/rabbitmq
+ chmod 755 /var/run/rabbitmq
+fi
+
+if [ ! -d /var/log/rabbitmq ]; then
+ mkdir -p /var/log/rabbitmq
+ chown -R rabbitmq:rabbitmq /var/log/rabbitmq
+ chmod 755 /var/log/rabbitmq
+fi
+
+# Install rabbimq.config and rabbitmq-env.conf
+install -D -m 644 /proc/self/fd/0 <<'EOF' /var/lib/rabbitmq/etc/rabbitmq/rabbitmq.config
+%% -*- Rabbit configuration for Openstack in Baserock
+[
+ {rabbit,
+ [
+ {default_user, <<"##RABBITMQ_USER##">>},
+ {default_pass, <<"##RABBITMQ_PASSWORD##">>},
+ {tcp_listeners, [##RABBITMQ_PORT##]}
+ ]}
+].
+EOF
+
+install -D -m 644 /proc/self/fd/0 <<'EOF' /etc/rabbitmq/rabbitmq-env.conf
+# NOTE: Install this file in /etc/rabbitmq/ because rabbitmq-server will load
+# it only from this directory.
+
+# Configure port node where rabbitmq-server will listen from.
+NODE_PORT=##RABBITMQ_PORT##
+# Config file has to be in $RABBITMQ_HOME/etc/rabbitmq/rabbitmq.config
+CONFIG_FILE=/var/lib/rabbitmq/etc/rabbitmq/rabbitmq
+EOF
+
+chown -R rabbitmq:rabbitmq /var/lib/rabbitmq
+
+exit 0
diff --git a/openstack/usr/share/openstack/openvswitch-setup b/openstack/usr/share/openstack/openvswitch-setup
new file mode 100644
index 00000000..a5db7d21
--- /dev/null
+++ b/openstack/usr/share/openstack/openvswitch-setup
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+if [ -f /var/openstack/openvswitch-setup ]; then
+ exit 0
+fi
+
+# Create the openvswitch required folders
+mkdir -p /usr/local/etc/openvswitch
+mkdir -p /usr/local/var/run/openvswitch
+
+# Define openvswitch files
+# Example (default values)
+#openvswitch_database=/usr/local/etc/openvswitch/conf.db
+#openvswitch_pidfile=/usr/local/var/run/openvswitch/ovsdb-server.pid
+#openvswitch_logfile=/usr/local/var/run/openvswitch/ovsdb-server.log
+openvswitch_database=/usr/local/etc/openvswitch/conf.db
+openvswitch_pidfile=/usr/local/var/run/openvswitch/ovsdb-server.pid
+openvswitch_logfile=/usr/local/var/run/openvswitch/ovsdb-server.log
+
+# Create openvswitch database
+ovsdb-tool create $openvswitch_database /usr/share/openvswitch/vswitch.ovsschema
+
+install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/openvswitch-setup
+Openvswitch setup: success
+EOF
+
+exit 0
diff --git a/openstack/usr/share/openstack/postgres-setup b/openstack/usr/share/openstack/postgres-setup
new file mode 100644
index 00000000..fb224fd8
--- /dev/null
+++ b/openstack/usr/share/openstack/postgres-setup
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+if [ -f /var/openstack/postgres-setup ]; then
+ exit 0
+fi
+
+# Create postgres directories
+install -dm700 /var/lib/pgsql/data
+install -dm755 /var/run/postgresql
+
+# Create required system users and groups
+getent group postgress >/dev/null || groupadd -r -g 41 postgres
+getent passwd postgres >/dev/null || \
+ useradd --uid 41 -r -g postgres -d /var/lib/pgsql -s /sbin/nologin \
+ -c "PostgreSQL Server" postgres
+
+chown -R postgres:postgres /var/lib/pgsql /var/run/postgresql
+
+test -d /var/lib/pgsql/data/base || sudo -u postgres pg_ctl -D /var/lib/pgsql/data initdb
+
+install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/postgres-setup
+Postgres setup: success
+EOF
+
+exit 0