diff options
Diffstat (limited to 'openstack')
12 files changed, 91 insertions, 102 deletions
diff --git a/openstack/etc/nova/nova.conf b/openstack/etc/nova/nova.conf index 8b3522b5..ca009273 100644 --- a/openstack/etc/nova/nova.conf +++ b/openstack/etc/nova/nova.conf @@ -253,7 +253,7 @@ dhcpbridge_flagfile=/etc/nova/nova.conf #dhcpbridge=$bindir/nova-dhcpbridge #dhcp_lease_time=120 # Firewall driver (defaults to hypervisor specific iptables driver) (string value) -firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver +#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver # Interface for public IP addresses (default: eth0) (string value) #public_interface=br-ext public_interface=eth0 @@ -634,3 +634,11 @@ allow_resize_to_same_host=True # Actual testing hardware does not support hardware acceleration # so in this step we will configure libvirt to use qemu instead of KVM virt_type=qemu + +################## +# SERIAL CONSOLE # +################## +# Enable serial console proxy for serial console access from the host only +[serial_console] +serialproxy_host=127.0.0.1 +enabled=true diff --git a/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service b/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service index 5eaf8a30..083cf701 100644 --- a/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service +++ b/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service @@ -1,10 +1,12 @@ [Unit] Description=Neutron OVS cleanup -After=network-online.target openstack-neutron-setup.service +After=network-online.target openstack-neutron-setup.service openvswitch.service +Before=openstack-neutron-plugin-openvswitch-agent.service ConditionFileIsExecutable=/usr/bin/neutron-ovs-cleanup [Service] -Type=simple +Type=oneshot +RemainAfterExit=yes User=neutron ExecStart=/usr/bin/neutron-ovs-cleanup \ --log-file /var/log/neutron/ovs-cleanup.log \ diff --git a/openstack/etc/systemd/system/openstack-neutron-server.service b/openstack/etc/systemd/system/openstack-neutron-server.service index b9484b94..c8e816a5 100644 --- a/openstack/etc/systemd/system/openstack-neutron-server.service +++ b/openstack/etc/systemd/system/openstack-neutron-server.service @@ -1,7 +1,7 @@ [Unit] Description=Neutron Api Server -Wants=openvswitch-create-links-one-node.service -After=network-online.target openstack-neutron-setup.service openvswitch-create-links-one-node.service +Wants=openstack-neutron-network-configuration-one-node.service +After=network-online.target openstack-neutron-setup.service openstack-neutron-network-configuration-one-node.service [Service] Type=simple diff --git a/openstack/etc/systemd/system/openstack-neutron-setup.service b/openstack/etc/systemd/system/openstack-neutron-setup.service index 4c09907e..858e76e9 100644 --- a/openstack/etc/systemd/system/openstack-neutron-setup.service +++ b/openstack/etc/systemd/system/openstack-neutron-setup.service @@ -1,7 +1,7 @@ [Unit] Description=Run openstack-neutron-setup (once) -Wants=openvswitch-create-links-one-node.service -After=network-online.target openstack-keystone-setup.service openvswitch-create-links-one-node.service postgres-server.service +Wants=openstack-neutron-network-configuration-one-node.service +After=network-online.target openstack-keystone-setup.service openstack-neutron-network-configuration-one-node.service postgres-server.service [Service] Type=oneshot diff --git a/openstack/etc/systemd/system/openstack-nova-compute.service b/openstack/etc/systemd/system/openstack-nova-compute.service index dc18f225..aa332251 100644 --- a/openstack/etc/systemd/system/openstack-nova-compute.service +++ b/openstack/etc/systemd/system/openstack-nova-compute.service @@ -1,5 +1,5 @@ [Unit] -Description=OpenStack Compute Service (code-named Nova) API server +Description=OpenStack Compute Service (code-named Nova) compute server After=syslog.target network.target libvirtd.service Requires=libvirtd.service diff --git a/openstack/etc/systemd/system/openstack-nova-serialproxy.service b/openstack/etc/systemd/system/openstack-nova-serialproxy.service new file mode 100644 index 00000000..2557dc2b --- /dev/null +++ b/openstack/etc/systemd/system/openstack-nova-serialproxy.service @@ -0,0 +1,11 @@ +[Unit] +Description=OpenStack Nova Serial Proxy +After=syslog.target network.target + +[Service] +Type=simple +User=nova +ExecStart=/usr/bin/nova-serialproxy --config-file /etc/nova/nova.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/etc/systemd/system/openvswitch-create-links-one-node.service b/openstack/etc/systemd/system/openvswitch-create-links-one-node.service deleted file mode 100644 index bacfc433..00000000 --- a/openstack/etc/systemd/system/openvswitch-create-links-one-node.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Create Veth pairs -Wants=openstack-neutron-network-configuration-one-node.service -After=network-online.target openstack-neutron-network-configuration-one-node.service - -[Service] -Type=oneshot -ExecStart=/usr/share/openstack/create_openvswitch_veth_pairs -RemainAfterExit=yes -Restart=no - -[Install] -WantedBy=multi-user.target - diff --git a/openstack/etc/systemd/system/openvswitch.service b/openstack/etc/systemd/system/openvswitch.service index 446c0f95..6f1a93a8 100644 --- a/openstack/etc/systemd/system/openvswitch.service +++ b/openstack/etc/systemd/system/openvswitch.service @@ -1,6 +1,8 @@ [Unit] Description=Open vSwitch Daemon +Wants=network-pre.target After=openvswitch-initialize-db.service +Before=network-pre.target [Service] Type=forking diff --git a/openstack/manifest b/openstack/manifest index 8c7b9915..76e989d8 100644 --- a/openstack/manifest +++ b/openstack/manifest @@ -47,6 +47,7 @@ 0100644 0 0 /etc/systemd/system/openstack-nova-scheduler.service 0100644 0 0 /etc/systemd/system/openstack-nova-consoleauth.service 0100644 0 0 /etc/systemd/system/openstack-nova-novncproxy.service +0100644 0 0 /etc/systemd/system/openstack-nova-serialproxy.service 0100644 0 0 /etc/systemd/system/openstack-nova-cert.service 0100644 0 0 /etc/systemd/system/openstack-rabbitmq-setup.service 0100644 0 0 /etc/systemd/system/openstack-rabbitmq-server.service @@ -157,6 +158,4 @@ 0100644 0 0 /etc/horizon/apache-horizon.conf 0100644 0 0 /etc/horizon/openstack_dashboard/local_settings.py 0100644 0 0 /etc/sysctl.conf -0100644 0 0 /etc/systemd/system/openvswitch-create-links-one-node.service -0100755 0 0 /usr/share/openstack/create_openvswitch_veth_pairs 0100644 0 0 /etc/hosts diff --git a/openstack/usr/share/openstack/create_openvswitch_veth_pairs b/openstack/usr/share/openstack/create_openvswitch_veth_pairs deleted file mode 100644 index a239ac73..00000000 --- a/openstack/usr/share/openstack/create_openvswitch_veth_pairs +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2015 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -xe - -# Get the first ethernet driver and its ip -eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')" -eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')" - -# Create the veth pairs between bridges (configuration one node) -ifconfig br-eth0 $eth_ip up -ip link set br-eth0 promisc on -ip link set eth1-br-proxy up promisc on -ip link set ex-br-proxy up promisc on -ip link set proxy-br-eth1 up promisc on -ip link set proxy-br-ex up promisc on - -exit 0 diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node index c2ccbd81..abf1113e 100644 --- a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node +++ b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node @@ -17,40 +17,70 @@ set -xe -# Get the first ethernet driver and its ip -eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')" -eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')" - -ip link add proxy-br-eth1 type veth peer name eth1-br-proxy -ip link add proxy-br-ex type veth peer name ex-br-proxy - if [ -f /var/openstack/openvswitch-one-node-setup ]; then exit 0 fi +# Get the first ethernet driver and its ip +eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')" +eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')" +eth_mac="$(ip link show $eth_dev | tr -s '[:space:]' '\n' | sed -n '/link\/ether/{n;p}')" + # Create the bridges to use the External network mapped # This configuration is for 1 node and it was taken from: # https://fosskb.wordpress.com/2014/10/18/openstack-juno-on-ubuntu-14-10/ # and https://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/ +# Disable dhcp on the bound physical interface, and all the internal interfaces +for devname in $eth_dev br-eth1 br-ex eth1-br-proxy ex-br-proxy \ + proxy-br-eth1 proxy-br-ex ovs-system; do + install -D -m 644 /proc/self/fd/0 <<EOF /etc/systemd/network/00-disable-$devname-config.network +[Match] +Name=$devname +EOF +done + +# restart networkd so it understands to not bring up these interfaces +systemctl restart systemd-networkd.service + +# Deallocate ip address for external interface so we don't try to route +# connections out of an interface that no longer works +ip addr del $eth_ip dev $eth_dev -ovs-vsctl add-br br-eth0 -ovs-vsctl add-port br-eth0 $eth_dev -ifconfig br-eth0 $eth_ip up -ip link set br-eth0 promisc on -ovs-vsctl add-br br-eth1 -ovs-vsctl add-br br-ex -ovs-vsctl add-port br-eth1 eth1-br-proxy -ovs-vsctl add-port br-ex ex-br-proxy -ovs-vsctl add-port br-eth0 proxy-br-eth1 -ovs-vsctl add-port br-eth0 proxy-br-ex -ip link set eth1-br-proxy up promisc on -ip link set ex-br-proxy up promisc on -ip link set proxy-br-eth1 up promisc on -ip link set proxy-br-ex up promisc on +# Create our external bridge +# Bind our external device to the bridge +# Tell the bridge that it has the mac address of the external device now +ovs-vsctl \ + -- add-br br-eth0 \ + -- add-port br-eth0 $eth_dev \ + -- set bridge br-eth0 other-config:hwaddr=$eth_mac + +# restart networkd again so it will DHCP on the Open vSwitch device that +# replaces our external interface, but with the mac address of the external +# interface, so it ought to get the same address back +install -D -m 644 /proc/self/fd/0 <<EOF /etc/systemd/network/10-br-ex-dhcp.network +[Match] +Name=br-eth0 + +[Network] +DHCP=yes +EOF +systemctl restart systemd-networkd.service + + +# Add the rest of the bridges +ovs-vsctl \ + -- add-br br-eth1 \ + -- add-port br-eth1 eth1-br-proxy \ + -- set interface eth1-br-proxy type=patch options:peer=proxy-br-eth1 \ + -- add-port br-eth0 proxy-br-eth1 \ + -- set interface proxy-br-eth1 type=patch options:peer=eth1-br-proxy \ + -- add-br br-ex \ + -- add-port br-ex ex-br-proxy \ + -- set interface ex-br-proxy type=patch options:peer=proxy-br-ex \ + -- add-port br-eth0 proxy-br-ex \ + -- set interface proxy-br-ex type=patch options:peer=ex-br-proxy install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/openvswitch-one-node-setup Openvswitch one node setup: success EOF - -exit 0 diff --git a/openstack/usr/share/openstack/openstack-nova-setup b/openstack/usr/share/openstack/openstack-nova-setup index 1a93a1b0..86de2341 100644 --- a/openstack/usr/share/openstack/openstack-nova-setup +++ b/openstack/usr/share/openstack/openstack-nova-setup @@ -95,38 +95,21 @@ usermod -a -G libvirt nova rm /etc/systemd/system/multi-user.target.wants/openstack-nova-setup.service # Start nova services -systemctl start openstack-nova-compute # [1] Never enable openstack-nova-conductor service in a node with # openstack-nova-compute or the security benefits of removing # database access from nova-compute will be negated #systemctl start openstack-nova-conductor -systemctl start openstack-nova-api -systemctl start openstack-nova-cert -systemctl start openstack-nova-consoleauth -systemctl start openstack-nova-scheduler -systemctl start openstack-nova-novncproxy +for service in compute api cert consoleauth scheduler novncproxy serialproxy; do + systemctl start openstack-nova-$service.service +done #systemctl start openstack-nova-xvpnvncproxy # Create the links to run nova services when system start next times. -ln -s "/etc/systemd/system/openstack-nova-compute.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service" +for service in compute api cert consoleauth scheduler novncproxy serialproxy; do + systemctl enable openstack-nova-$service.service +done # See description of why this shouldn't run in a openstack in one node in [1] #ln -s "/etc/systemd/system/openstack-nova-conductor.service" \ # "/etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service" -ln -s "/etc/systemd/system/openstack-nova-api.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-api.service" - -ln -s "/etc/systemd/system/openstack-nova-cert.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-cert.service" - -ln -s "/etc/systemd/system/openstack-nova-consoleauth.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service" - -ln -s "/etc/systemd/system/openstack-nova-scheduler.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service" - -ln -s "/etc/systemd/system/openstack-nova-novncproxy.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service" - exit 0 |