diff options
author | Richard Maw <richard.maw@codethink.co.uk> | 2015-03-23 21:06:52 +0000 |
---|---|---|
committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2015-04-08 18:29:23 +0100 |
commit | f41a9c330d16c546407d91e8a549e48154d967f7 (patch) | |
tree | b744bd5541fba8a171066e0e52bd48e595c4bafe /openstack/usr/share | |
parent | c6d832f7cf10e1f986a617735c1f2a59b26f751f (diff) | |
download | definitions-f41a9c330d16c546407d91e8a549e48154d967f7.tar.gz |
WIP: Add OpenStack initial configuration
TODO: Split this out into:
1. initial config (openstack/etc) default values
2+. as many individual changes to initial config as possible to extract,
including support scripts and configuration extensions
Diffstat (limited to 'openstack/usr/share')
12 files changed, 891 insertions, 0 deletions
diff --git a/openstack/usr/share/openstack/apache-httpd-server-setup b/openstack/usr/share/openstack/apache-httpd-server-setup new file mode 100755 index 00000000..4c0b3cee --- /dev/null +++ b/openstack/usr/share/openstack/apache-httpd-server-setup @@ -0,0 +1,47 @@ +#!/bin/sh +# +# Copyright (C) 2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +if [ -f /var/openstack/apache-http-setup ]; then + exit 0 +fi + +############################################################################### +# Move suexec to the directory where apache is configured to have it # +# Check configure in strata/apache-httpd-server/httpd-server.morph # +############################################################################### +mkdir -p /srv/www +groupadd -r apache +useradd -c "Apache Server" -d /srv/www -g apache \ + -s /bin/false apache + +############################################################################### +# Move suexec to the directory where apache is configured to have it # +# Check configure in strata/apache-httpd-server/httpd-server.morph # +############################################################################### +mkdir -p /usr/lib/httpd +mv -v /usr/sbin/suexec /usr/lib/httpd/suexec +chgrp apache /usr/lib/httpd/suexec +chmod 4754 /usr/lib/httpd/suexec +chown -R apache:apache /srv/www + +install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/apache-http-setup +Apache http setup: success +EOF + +exit 0 diff --git a/openstack/usr/share/openstack/create_openvswitch_veth_pairs b/openstack/usr/share/openstack/create_openvswitch_veth_pairs new file mode 100644 index 00000000..a239ac73 --- /dev/null +++ b/openstack/usr/share/openstack/create_openvswitch_veth_pairs @@ -0,0 +1,32 @@ +#!/bin/sh +# +# Copyright (C) 2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -xe + +# Get the first ethernet driver and its ip +eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')" +eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')" + +# Create the veth pairs between bridges (configuration one node) +ifconfig br-eth0 $eth_ip up +ip link set br-eth0 promisc on +ip link set eth1-br-proxy up promisc on +ip link set ex-br-proxy up promisc on +ip link set proxy-br-eth1 up promisc on +ip link set proxy-br-ex up promisc on + +exit 0 diff --git a/openstack/usr/share/openstack/openstack-cinder-setup b/openstack/usr/share/openstack/openstack-cinder-setup new file mode 100644 index 00000000..eb97d55a --- /dev/null +++ b/openstack/usr/share/openstack/openstack-cinder-setup @@ -0,0 +1,132 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +# Create required system users and groups + +getent group cinder >/dev/null || groupadd -r --gid 165 cinder +getent passwd cinder >/dev/null || \ + useradd --uid 165 -r -g cinder -d /var/lib/cinder -s /sbin/nologin \ + -c "OpenStack Cinder Daemons" cinder + +# Create the keystone user and services + +export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN## +export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0' + +keystone user-create --name ##CINDER_USER## --pass ##CINDER_PASSWORD## +keystone user-role-add --tenant service --user ##CINDER_USER## --role admin + +# Register the Block Storage service with the Identity service so other OpenStack services +# can locate it +keystone service-create --name ##CINDER_USER## --type volume --description "OpenStack Block Storage" +keystone endpoint-create --service-id $(keystone service-list | awk '/ volume / {print $2}') \ + --publicurl ##CINDER_PUBLIC_URL## \ + --internalurl ##CINDER_INTERNAL_URL## \ + --adminurl ##CINDER_ADMIN_URL## + +# Register a service and endpoint for version 2 of the Block Storage service API +keystone service-create --name ##CINDER_USER_V2## \ + --type volumev2 --description "OpenStack Block Storage" +keystone endpoint-create --service-id $(keystone service-list | awk '/ volumev2 / {print $2}') \ + --publicurl ##CINDER_PUBLIC_URL_V2## \ + --internalurl ##CINDER_INTERNAL_URL_V2## \ + --adminurl ##CINDER_ADMIN_URL_V2## + +# Create run directory for cinder +if [ ! -d /var/run/cinder ]; then + mkdir -p /var/run/cinder + chown -R cinder:cinder /var/run/cinder +fi + +# Create the lock directory for cinder +if [ ! -d /var/lock/cinder ]; then + mkdir -p /var/lock/cinder + chown -R cinder:cinder /var/lock/cinder +fi + +# Create the log directory for cinder +if [ ! -d /var/log/cinder ]; then + mkdir -p /var/log/cinder + chown -R cinder:cinder /var/log/cinder +fi + +# Create the volumes directory for cinder +if [ ! -d /var/lib/cinder/volumes ]; then + mkdir -p /var/lib/cinder/volumes + chown -R cinder:cinder /var/lib/cinder/volumes +fi + +# Setup the cinder database +if ! sudo -u postgres psql -lqt | grep -q cinder; then + # Create posgreSQL user + sudo -u postgres createuser \ + --pwprompt --encrypted \ + --no-adduser --no-createdb \ + --no-password \ + ##CINDER_DB_USER## + + sudo -u postgres createdb \ + --owner=##CINDER_DB_USER## \ + cinder + + sudo -u cinder cinder-manage db sync +fi + +chown -R cinder:cinder /var/lib/cinder + +# This is only for testing purposes and we need to change it for +# something more robust to deploy in production. +# This also assumes that the user will add a second disk to its VM +# and if it does not find sdb or vda it will fail. +if [ $(ls /sys/block | grep -v sda | grep [vs]d | wc -l) -ne 1 ]; then + echo "Error: More than one or none block device found, cinder will not be able to create a VG." + exit 1 +else + device=/dev/$(ls /sys/block | grep -v sda | grep [vs]d) +fi + +# Create a physical volume +pvcreate -ff -y $device + +# Create a volume group named "cinder-volumes" +vgcreate -y cinder-volumes $device + +# Remove the one-shot setup service +rm /etc/systemd/system/multi-user.target.wants/openstack-cinder-setup.service + +# Start cinder services +systemctl start openstack-cinder-api +systemctl start openstack-cinder-scheduler +systemctl start openstack-cinder-volume +systemctl start openstack-cinder-backup + +# Create the links to run nova services when system start next times. +ln -s "/etc/systemd/system/openstack-cinder-api.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-cinder-api.service" + +ln -s "/etc/systemd/system/openstack-cinder-scheduler.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-cinder-scheduler.service" + +ln -s "/etc/systemd/system/openstack-cinder-volume.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-cinder-volume.service" + +ln -s "/etc/systemd/system/openstack-cinder-backup.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-cinder-backup.service" + +exit 0 diff --git a/openstack/usr/share/openstack/openstack-glance-setup b/openstack/usr/share/openstack/openstack-glance-setup new file mode 100644 index 00000000..1363a7b7 --- /dev/null +++ b/openstack/usr/share/openstack/openstack-glance-setup @@ -0,0 +1,89 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +# Create required system users and groups +getent group glance >/dev/null || groupadd -r --gid 164 glance +getent passwd glance >/dev/null || \ + useradd --uid 164 -r -g glance -d /var/lib/glance -s /sbin/nologin \ + -c "OpenStack Glance Daemons" glance + +# Create required keystone tenants, users and roles +export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN## +export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0' + +keystone user-create --name ##GLANCE_SERVICE_USER## --pass ##GLANCE_SERVICE_PASSWORD## +keystone user-role-add --tenant service --user ##GLANCE_SERVICE_USER## --role admin + +keystone service-create --name glance --type image --description "OpenStack Image Service" +keystone endpoint-create --service-id $(keystone service-list | awk '/ image / {print $2}') \ + --publicurl ##GLANCE_PUBLIC_URL## \ + --internalurl ##GLANCE_INTERNAL_URL## \ + --adminurl ##GLANCE_ADMIN_URL## + +# Create run directory for glance +if [ ! -d /var/run/glance ]; then + mkdir -p /var/run/glance + chown -R glance:glance /var/run/glance +fi + +# Create the lock directory for glance +if [ ! -d /var/lock/glance ]; then + mkdir -p /var/lock/glance + chown -R glance:glance /var/lock/glance +fi + +# Create the log directory for glance +if [ ! -d /var/log/glance ]; then + mkdir -p /var/log/glance + chown -R glance:glance /var/log/glance +fi + +# Setup the glance database +if ! sudo -u postgres psql -lqt | grep -q glance; then + # Create posgreSQL user + sudo -u postgres createuser \ + --pwprompt --encrypted \ + --no-adduser --no-createdb \ + --no-password \ + ##GLANCE_DB_USER## + + sudo -u postgres createdb \ + --owner=##GLANCE_DB_USER## \ + glance + + sudo -u glance glance-manage db_sync +fi + +chown -R glance:glance /var/lib/glance + +# Remove the one-shot setup service +rm /etc/systemd/system/multi-user.target.wants/openstack-glance-setup.service + +# Start glance services +systemctl start openstack-glance-api +systemctl start openstack-glance-registry + +# Create the links to run glance services when system start next times. +ln -s "/etc/systemd/system/openstack-glance-api.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-glance-api.service" + +ln -s "/etc/systemd/system/openstack-glance-registry.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service" + +exit 0 diff --git a/openstack/usr/share/openstack/openstack-horizon-setup b/openstack/usr/share/openstack/openstack-horizon-setup new file mode 100644 index 00000000..d10007d1 --- /dev/null +++ b/openstack/usr/share/openstack/openstack-horizon-setup @@ -0,0 +1,63 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +if [ -f /var/openstack/horizon-setup ]; then + exit 0 +fi + +# Create required system users and groups +mkdir -p /var/lib/horizon +getent group horizon >/dev/null || groupadd -r --gid 167 horizon +getent passwd neutron >/dev/null || \ + useradd --uid 167 -r -g horizon -d /var/lib/horizon -s /sbin/nologin \ + -c "Horizon user" horizon + +# Work around to make django.wsgi working with horizon +# See: https://bugs.launchpad.net/osprofiler/+bug/1361235 +# and: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=41c9a1dfad23f8aee366afb6a0b20a6c57ec8f79 +sed -i "s|'../..'|os.path.realpath('../..')|" \ + /usr/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi + +# And link this django.wsgi file to the horizon home directory +ln -sf /usr/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi \ + /var/lib/horizon/django.wsgi + +# Link Openstack local_settings where openstack_dashboard is installed. +ln -sf /etc/horizon/openstack_dashboard/local_settings.py \ + /usr/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.py + +# Create the static directory (STATIC_ROOT) used in local_settings.py to keep +# the static objects like css files. +mkdir -p /var/lib/horizon/openstack_dashboard/static + +# Create the horizon document root for apache configuration +mkdir -p /var/lib/horizon/openstack_dashboard/.blackhole + +# Link horizon configuration file for apache to the directory where our apache load +# configurations files +ln -sf /etc/horizon/apache-horizon.conf \ + /usr/httpd/conf.d/apache-horizon.conf + +chown -R horizon:horizon /var/lib/horizon + +install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/horizon-setup +Horizon setup: success +EOF + +exit 0 diff --git a/openstack/usr/share/openstack/openstack-keystone-setup b/openstack/usr/share/openstack/openstack-keystone-setup new file mode 100644 index 00000000..9c034c5b --- /dev/null +++ b/openstack/usr/share/openstack/openstack-keystone-setup @@ -0,0 +1,92 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +# Create required system users and groups + +getent group keystone >/dev/null || groupadd -r --gid 163 keystone +getent passwd keystone >/dev/null || \ + useradd --uid 163 -r -g keystone -d /var/lib/keystone -s /sbin/nologin \ + -c "OpenStack Keystone Daemons" keystone + +# Keystone compute configuration +if [ ! -d /var/run/keystone ]; then + mkdir -p /var/run/keystone + chown -R keystone:keystone /var/run/keystone +fi + +if [ ! -d /var/lock/keystone ]; then + mkdir -p /var/lock/keystone + chown -R keystone:keystone /var/lock/keystone +fi + +if [ ! -d /var/log/keystone ]; then + mkdir -p /var/log/keystone + chown -R keystone:keystone /var/log/keystone +fi + +# Setup the keystone database +if ! sudo -u postgres psql -lqt | grep -q keystone; then + # Create posgreSQL user + sudo -u postgres createuser \ + --pwprompt --encrypted \ + --no-adduser --no-createdb \ + --no-password \ + ##KEYSTONE_DB_USER## + + sudo -u postgres createdb \ + --owner=##KEYSTONE_DB_USER## \ + keystone + + sudo -u keystone keystone-manage db_sync +fi + +chown -R keystone:keystone /var/lib/keystone + +systemctl start openstack-keystone + +export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN## +export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0' + +# This script creates a TEMPORARY admin user, with a password that may +# float arount on the system. Please delete this user once you have set up +# the real admin user with a real secure password. + +keystone tenant-create --name admin --description "Admin Tenant" +keystone role-create --name admin + +keystone user-create --name temporary_admin --pass ##KEYSTONE_TEMPORARY_ADMIN_PASSWORD## +keystone user-role-add --tenant admin --user temporary_admin --role admin + +keystone tenant-create --name service --description "Service Tenant" + +# Define a service for the Identity Service +keystone service-create --name keystone --type identity --description "Openstack Identity" + +# Specify an API endpoint for the Identity Service by using the returned service ID. +keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') \ + --publicurl ##KEYSTONE_PUBLIC_URL## \ + --internalurl ##KEYSTONE_INTERNAL_URL## \ + --adminurl ##KEYSTONE_ADMIN_URL## + +rm /etc/systemd/system/multi-user.target.wants/openstack-keystone-setup.service + +ln -s "/etc/systemd/system/openstack-keystone.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-keystone.service" + +exit 0 diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node new file mode 100644 index 00000000..c2ccbd81 --- /dev/null +++ b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node @@ -0,0 +1,56 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -xe + +# Get the first ethernet driver and its ip +eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')" +eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')" + +ip link add proxy-br-eth1 type veth peer name eth1-br-proxy +ip link add proxy-br-ex type veth peer name ex-br-proxy + +if [ -f /var/openstack/openvswitch-one-node-setup ]; then + exit 0 +fi + +# Create the bridges to use the External network mapped +# This configuration is for 1 node and it was taken from: +# https://fosskb.wordpress.com/2014/10/18/openstack-juno-on-ubuntu-14-10/ +# and https://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/ + + +ovs-vsctl add-br br-eth0 +ovs-vsctl add-port br-eth0 $eth_dev +ifconfig br-eth0 $eth_ip up +ip link set br-eth0 promisc on +ovs-vsctl add-br br-eth1 +ovs-vsctl add-br br-ex +ovs-vsctl add-port br-eth1 eth1-br-proxy +ovs-vsctl add-port br-ex ex-br-proxy +ovs-vsctl add-port br-eth0 proxy-br-eth1 +ovs-vsctl add-port br-eth0 proxy-br-ex +ip link set eth1-br-proxy up promisc on +ip link set ex-br-proxy up promisc on +ip link set proxy-br-eth1 up promisc on +ip link set proxy-br-ex up promisc on + +install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/openvswitch-one-node-setup +Openvswitch one node setup: success +EOF + +exit 0 diff --git a/openstack/usr/share/openstack/openstack-neutron-setup b/openstack/usr/share/openstack/openstack-neutron-setup new file mode 100644 index 00000000..ff6496a0 --- /dev/null +++ b/openstack/usr/share/openstack/openstack-neutron-setup @@ -0,0 +1,95 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -xe + +if [ -f /var/openstack/openstack-neutron-setup ]; then + exit 0 +fi + +# Create required system users and groups + +getent group neutron >/dev/null || groupadd -r --gid 166 neutron +getent passwd neutron >/dev/null || \ + useradd --uid 166 -r -g neutron -d /var/lib/neutron -s /sbin/nologin \ + -c "OpenStack Neutron Daemons" neutron + +chown -R neutron:neutron /var/lib/neutron + +# Create the keystone user and services +export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN## +export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0' + +keystone user-create --name ##NEUTRON_SERVICE_USER## --pass ##NEUTRON_SERVICE_PASSWORD## +keystone user-role-add --tenant service --user ##NEUTRON_SERVICE_USER## --role admin + +keystone service-create --name neutron --type network --description "OpenStack Networking" +keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') \ + --publicurl ##NEUTRON_PUBLIC_URL## \ + --internalurl ##NEUTRON_INTERNAL_URL## \ + --adminurl ##NEUTRON_ADMIN_URL## \ + --region regionOne + +# neutron.conf configuration +service_tenant_id=$(keystone tenant-get service | grep id | tr -d " " | cut -d"|" -f3) +sed -i "s/##SERVICE_TENANT_ID##/$service_tenant_id/g" /etc/neutron/neutron.conf + +# Neutron compute configuration +if [ ! -d /var/run/neutron ]; then + mkdir -p /var/run/neutron + chown -R neutron:neutron /var/run/neutron +fi + +if [ ! -d /var/lock/neutron ]; then + mkdir -p /var/lock/neutron + chown -R neutron:neutron /var/lock/neutron +fi + +if [ ! -d /var/log/neutron ]; then + mkdir -p /var/log/neutron + chown -R neutron:neutron /var/log/neutron +fi + +# Setup the neutron database +if ! sudo -u postgres psql -lqt | grep -q neutron; then + # Create postgresSQL user + sudo -u postgres createuser \ + --pwprompt --encrypted \ + --no-adduser --no-createdb \ + --no-password \ + ##NEUTRON_DB_USER## + sudo -u postgres createdb \ + --owner=##NEUTRON_DB_USER## \ + neutron + # Stamp neutron database with the latest stamped version available, + # in this case "icehouse" + sudo -u neutron neutron-db-manage \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + stamp icehouse + # Upgrade database to "juno" + sudo -u neutron neutron-db-manage \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + upgrade juno +fi + +install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/openstack-neutron-setup +Openstack neutron setup: success +EOF + +exit 0 diff --git a/openstack/usr/share/openstack/openstack-nova-setup b/openstack/usr/share/openstack/openstack-nova-setup new file mode 100644 index 00000000..7168e7c2 --- /dev/null +++ b/openstack/usr/share/openstack/openstack-nova-setup @@ -0,0 +1,133 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +# Create required system users and groups + +getent group nova >/dev/null || groupadd -r --gid 162 nova +getent passwd nova >/dev/null || \ + useradd --uid 162 -r -g nova -d /var/lib/nova -s /sbin/nologin \ + -c "OpenStack Nova Daemons" nova + +# Create the keystone user and services + +export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN## +export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0' + +keystone user-create --name ##NOVA_SERVICE_USER## --pass ##NOVA_SERVICE_PASSWORD## +keystone user-role-add --tenant service --user ##NOVA_SERVICE_USER## --role admin + +keystone service-create --name nova --type compute --description "OpenStack Compute Service" +keystone endpoint-create --service-id $(keystone service-list | awk '/ compute / {print $2}') \ + --publicurl ##NOVA_PUBLIC_URL## \ + --internalurl ##NOVA_INTERNAL_URL## \ + --adminurl ##NOVA_ADMIN_URL## \ + --region ##NOVA_REGION## + +# Nova compute configuration +if [ ! -d /var/run/nova ]; then + mkdir -p /var/run/nova + chown -R nova:nova /var/run/nova +fi + +if [ ! -d /var/lock/nova ]; then + mkdir -p /var/lock/nova + chown -R nova:nova /var/lock/nova +fi + +if [ ! -d /var/log/nova ]; then + mkdir -p /var/log/nova + chown -R nova:nova /var/log/nova +fi + +if [ ! -d /var/lib/nova/instances ]; then + mkdir /var/lib/nova/instances + chown -R nova:nova /var/lib/nova/instances +fi + +# Setup the nova database +if ! sudo -u postgres psql -lqt | grep -q nova; then + # Create posgreSQL user + sudo -u postgres createuser \ + --pwprompt --encrypted \ + --no-adduser --no-createdb \ + --no-password \ + ##NOVA_DB_USER## + + sudo -u postgres createdb \ + --owner=##NOVA_DB_USER## \ + nova + + sudo -u nova nova-manage db sync +fi + +# Nova novncproxy needs /usr/share/novnc folder available +if [ ! -d /usr/share/novnc ]; then + mkdir /usr/share/novnc + chown -R nova:nova /usr/share/novnc +fi + +chown -R nova:nova /var/lib/nova + +# Add nova to the libvirt group +usermod -a -G libvirt nova + +# Check existence of Network Block Device module in the kernel +# NOTE: modprobe does not work actually and returns always +# failure, enable this check when modprobe is fixed. +#modprobe nbd + +# Remove the one-shot setup service +rm /etc/systemd/system/multi-user.target.wants/openstack-nova-setup.service + +# Start nova services +systemctl start openstack-nova-compute +# [1] Never enable openstack-nova-conductor service in a node with +# openstack-nova-compute or the security benefits of removing +# database access from nova-compute will be negated +#systemctl start openstack-nova-conductor +systemctl start openstack-nova-api +systemctl start openstack-nova-cert +systemctl start openstack-nova-consoleauth +systemctl start openstack-nova-scheduler +systemctl start openstack-nova-novncproxy +#systemctl start openstack-nova-xvpnvncproxy + +# Create the links to run nova services when system start next times. +ln -s "/etc/systemd/system/openstack-nova-compute.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service" +# See description of why this shouldn't run in a openstack in one node in [1] +#ln -s "/etc/systemd/system/openstack-nova-conductor.service" \ +# "/etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service" + +ln -s "/etc/systemd/system/openstack-nova-api.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-nova-api.service" + +ln -s "/etc/systemd/system/openstack-nova-cert.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-nova-cert.service" + +ln -s "/etc/systemd/system/openstack-nova-consoleauth.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service" + +ln -s "/etc/systemd/system/openstack-nova-scheduler.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service" + +ln -s "/etc/systemd/system/openstack-nova-novncproxy.service" \ + "/etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service" + +exit 0 diff --git a/openstack/usr/share/openstack/openstack-rabbitmq-setup b/openstack/usr/share/openstack/openstack-rabbitmq-setup new file mode 100644 index 00000000..dd491294 --- /dev/null +++ b/openstack/usr/share/openstack/openstack-rabbitmq-setup @@ -0,0 +1,66 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +# Create required system users and groups +getent group rabbitmq >/dev/null || groupadd -r --gid 1002 rabbitmq +getent passwd rabbitmq >/dev/null || \ + useradd --uid 1002 -r -g rabbitmq -d /var/lib/rabbitmq -s /sbin/nologin \ + -c "Rabbitmq server daemon" rabbitmq + +chown -R rabbitmq:rabbitmq /var/lib/rabbitmq + +# Create directories and files needed to run openstack-rabbitmq-server +if [ ! -d /var/run/rabbitmq ]; then + mkdir -p /var/run/rabbitmq + chown -R rabbitmq:rabbitmq /var/run/rabbitmq + chmod 755 /var/run/rabbitmq +fi + +if [ ! -d /var/log/rabbitmq ]; then + mkdir -p /var/log/rabbitmq + chown -R rabbitmq:rabbitmq /var/log/rabbitmq + chmod 755 /var/log/rabbitmq +fi + +# Install rabbimq.config and rabbitmq-env.conf +install -D -m 644 /proc/self/fd/0 <<'EOF' /var/lib/rabbitmq/etc/rabbitmq/rabbitmq.config +%% -*- Rabbit configuration for Openstack in Baserock +[ + {rabbit, + [ + {default_user, <<"##RABBITMQ_USER##">>}, + {default_pass, <<"##RABBITMQ_PASSWORD##">>}, + {tcp_listeners, [##RABBITMQ_PORT##]} + ]} +]. +EOF + +install -D -m 644 /proc/self/fd/0 <<'EOF' /etc/rabbitmq/rabbitmq-env.conf +# NOTE: Install this file in /etc/rabbitmq/ because rabbitmq-server will load +# it only from this directory. + +# Configure port node where rabbitmq-server will listen from. +NODE_PORT=##RABBITMQ_PORT## +# Config file has to be in $RABBITMQ_HOME/etc/rabbitmq/rabbitmq.config +CONFIG_FILE=/var/lib/rabbitmq/etc/rabbitmq/rabbitmq +EOF + +chown -R rabbitmq:rabbitmq /var/lib/rabbitmq + +exit 0 diff --git a/openstack/usr/share/openstack/openvswitch-setup b/openstack/usr/share/openstack/openvswitch-setup new file mode 100644 index 00000000..a5db7d21 --- /dev/null +++ b/openstack/usr/share/openstack/openvswitch-setup @@ -0,0 +1,44 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +if [ -f /var/openstack/openvswitch-setup ]; then + exit 0 +fi + +# Create the openvswitch required folders +mkdir -p /usr/local/etc/openvswitch +mkdir -p /usr/local/var/run/openvswitch + +# Define openvswitch files +# Example (default values) +#openvswitch_database=/usr/local/etc/openvswitch/conf.db +#openvswitch_pidfile=/usr/local/var/run/openvswitch/ovsdb-server.pid +#openvswitch_logfile=/usr/local/var/run/openvswitch/ovsdb-server.log +openvswitch_database=/usr/local/etc/openvswitch/conf.db +openvswitch_pidfile=/usr/local/var/run/openvswitch/ovsdb-server.pid +openvswitch_logfile=/usr/local/var/run/openvswitch/ovsdb-server.log + +# Create openvswitch database +ovsdb-tool create $openvswitch_database /usr/share/openvswitch/vswitch.ovsschema + +install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/openvswitch-setup +Openvswitch setup: success +EOF + +exit 0 diff --git a/openstack/usr/share/openstack/postgres-setup b/openstack/usr/share/openstack/postgres-setup new file mode 100644 index 00000000..fb224fd8 --- /dev/null +++ b/openstack/usr/share/openstack/postgres-setup @@ -0,0 +1,42 @@ +#!/bin/sh +# +# Copyright (C) 2014 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +if [ -f /var/openstack/postgres-setup ]; then + exit 0 +fi + +# Create postgres directories +install -dm700 /var/lib/pgsql/data +install -dm755 /var/run/postgresql + +# Create required system users and groups +getent group postgress >/dev/null || groupadd -r -g 41 postgres +getent passwd postgres >/dev/null || \ + useradd --uid 41 -r -g postgres -d /var/lib/pgsql -s /sbin/nologin \ + -c "PostgreSQL Server" postgres + +chown -R postgres:postgres /var/lib/pgsql /var/run/postgresql + +test -d /var/lib/pgsql/data/base || sudo -u postgres pg_ctl -D /var/lib/pgsql/data initdb + +install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/postgres-setup +Postgres setup: success +EOF + +exit 0 |