From d7bea69748ec7f2abadad98e2823fe4676b21652 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Wed, 18 Feb 2015 22:19:36 +0000 Subject: Start Open vSwitch before network-pre.target We want the network links to be configured before we start systemd-networkd, because we have to use ovs instead of networkd's config for the interfaces in OpenStack, but we still want to use networkd to manage DHCP on the interfaces. --- openstack/etc/systemd/system/openvswitch.service | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openstack/etc/systemd/system/openvswitch.service b/openstack/etc/systemd/system/openvswitch.service index 446c0f95..6f1a93a8 100644 --- a/openstack/etc/systemd/system/openvswitch.service +++ b/openstack/etc/systemd/system/openvswitch.service @@ -1,6 +1,8 @@ [Unit] Description=Open vSwitch Daemon +Wants=network-pre.target After=openvswitch-initialize-db.service +Before=network-pre.target [Service] Type=forking -- cgit v1.2.1 From 3bb63289fb59cf32e00ed310a3dac12f2a0a3f66 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Thu, 19 Feb 2015 00:04:36 +0000 Subject: After initial switching setup, switch DHCP to external iface After the external interface has been bound to Open vSwitch, we should not attempt to DHCP on it, as it won't receive the DHCP responses. Attempting to DHCP results in startup stalling on network-online.target, because systemd-networkd-wait-online.service looks at every network interface it should configure based on the [Match] sections, and waits for all of them to be configured by systemd-networkd, which will never finish if DHCP is broken. --- .../openstack-neutron-network-configuration-for-one-node | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node index c2ccbd81..28a1c452 100644 --- a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node +++ b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node @@ -49,6 +49,21 @@ ip link set ex-br-proxy up promisc on ip link set proxy-br-eth1 up promisc on ip link set proxy-br-ex up promisc on +# Disable dhcp on the ethernet device we've bound into Open vSwitch +install -D -m 644 /proc/self/fd/0 < Date: Tue, 24 Feb 2015 10:16:33 +0000 Subject: Deallocate IP address from bound interface after binding If we leave that interface with its address, then the routing table is incorrect, as it will try to send connections out from an interface that cannot handle them. --- .../openstack/openstack-neutron-network-configuration-for-one-node | 3 +++ 1 file changed, 3 insertions(+) diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node index 28a1c452..f40ceff5 100644 --- a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node +++ b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node @@ -38,6 +38,9 @@ ovs-vsctl add-br br-eth0 ovs-vsctl add-port br-eth0 $eth_dev ifconfig br-eth0 $eth_ip up ip link set br-eth0 promisc on +# Deallocate ip address for external interface so we don't try to route +# connections out of an interface that no longer works +ip addr del $eth_ip dev $eth_dev ovs-vsctl add-br br-eth1 ovs-vsctl add-br br-ex ovs-vsctl add-port br-eth1 eth1-br-proxy -- cgit v1.2.1 From e107f4784905890c177b45aae9c83e9560f23f1b Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Tue, 24 Feb 2015 10:18:28 +0000 Subject: Ensure newly brought up devices are correctly configured This adds masking config for the virtual devices to prevent them from attempting to DHCP, and stops us from giving the ip of eno1 to the bridge device, since eno1's address was obtained by DHCP, so it's against the rules to statically allocate that address to an interface. Now, we DHCP for a new address for the bridge. --- ...tack-neutron-network-configuration-for-one-node | 37 ++++++++++++---------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node index f40ceff5..68106fac 100644 --- a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node +++ b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node @@ -33,10 +33,30 @@ fi # https://fosskb.wordpress.com/2014/10/18/openstack-juno-on-ubuntu-14-10/ # and https://fosskb.wordpress.com/2014/06/10/managing-openstack-internaldataexternal-network-in-one-interface/ +# Disable dhcp on the bound physical interface, and all the internal interfaces +for devname in $eth_dev br-eth1 br-ex eth1-br-proxy ex-br-proxy \ + proxy-br-eth1 proxy-br-ex ovs-system; do + install -D -m 644 /proc/self/fd/0 < Date: Fri, 27 Feb 2015 09:20:21 +0000 Subject: Rejigger networking so the bridge has the MAC of the external interface This allows the subsequent DHCP request to get the same IP address back, which means it only needs one address for first boot, and the address can be pre-allocated by the DHCP server before deployment. This is needed for the floating address range to be allocated in some set-ups, such as our local one at the office, where a subnet in a different class is routed to the server. --- ...tack-neutron-network-configuration-for-one-node | 29 +++++++++++++++------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node index 68106fac..dadbaaa6 100644 --- a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node +++ b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node @@ -20,6 +20,7 @@ set -xe # Get the first ethernet driver and its ip eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')" eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')" +eth_mac="$(ip link show $eth_dev | tr -s '[:space:]' '\n' | sed -n '/link\/ether/{n;p}')" ip link add proxy-br-eth1 type veth peer name eth1-br-proxy ip link add proxy-br-ex type veth peer name ex-br-proxy @@ -42,8 +43,24 @@ Name=$devname EOF done +# restart networkd so it understands to not bring up these interfaces +systemctl restart systemd-networkd.service + +# Deallocate ip address for external interface so we don't try to route +# connections out of an interface that no longer works +ip addr del $eth_ip dev $eth_dev + +# Create our external bridge +ovs-vsctl add-br br-eth0 +# Bind our external device to the bridge +ovs-vsctl add-port br-eth0 $eth_dev +# Tell the bridge that it has the mac address of the external device now +ovs-vsctl set bridge br-eth0 other-config:hwaddr=$eth_mac +ip link set br-eth0 promisc on -# DHCP on the Open vSwitch device that replaces our external interface +# restart networkd again so it will DHCP on the Open vSwitch device that +# replaces our external interface, but with the mac address of the external +# interface, so it ought to get the same address back install -D -m 644 /proc/self/fd/0 < Date: Mon, 9 Mar 2015 16:18:32 +0000 Subject: Only start neutron-openvswitch-plugin after cleanup has finished ovs-cleanup is responsible for reconciling the state in openvswitch's database and neutron's configuration. This can fail if other services are also changing ovs configuration though, and the missing dependency resulted in neutron removing the interface while ovs-cleanup was about to do so. --- openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service b/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service index 5eaf8a30..083cf701 100644 --- a/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service +++ b/openstack/etc/systemd/system/openstack-neutron-ovs-cleanup.service @@ -1,10 +1,12 @@ [Unit] Description=Neutron OVS cleanup -After=network-online.target openstack-neutron-setup.service +After=network-online.target openstack-neutron-setup.service openvswitch.service +Before=openstack-neutron-plugin-openvswitch-agent.service ConditionFileIsExecutable=/usr/bin/neutron-ovs-cleanup [Service] -Type=simple +Type=oneshot +RemainAfterExit=yes User=neutron ExecStart=/usr/bin/neutron-ovs-cleanup \ --log-file /var/log/neutron/ovs-cleanup.log \ -- cgit v1.2.1 From bc3262db549a32f88727f7e19bf4712991ead5cb Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Tue, 10 Mar 2015 15:01:39 +0000 Subject: Move patch link creation into openvswitch This is required for Open vSwitch to be able to signal that every network interface required has been configured. It also means we no longer need to set the links to promiscuous mode ourselves, since interfaces need to be set in promiscuous mode to allow bridging to work and Open vSwitch handles this responsibility if it is configured to be the one to do the link setup. --- openstack-neutron.configure | 1 - .../system/openstack-neutron-server.service | 4 +-- .../systemd/system/openstack-neutron-setup.service | 4 +-- .../openvswitch-create-links-one-node.service | 14 --------- openstack/manifest | 2 -- .../share/openstack/create_openvswitch_veth_pairs | 32 -------------------- ...tack-neutron-network-configuration-for-one-node | 34 ++++++++++------------ 7 files changed, 19 insertions(+), 72 deletions(-) delete mode 100644 openstack/etc/systemd/system/openvswitch-create-links-one-node.service delete mode 100644 openstack/usr/share/openstack/create_openvswitch_veth_pairs diff --git a/openstack-neutron.configure b/openstack-neutron.configure index 71b29713..9097336d 100644 --- a/openstack-neutron.configure +++ b/openstack-neutron.configure @@ -44,7 +44,6 @@ sed -f "$ROOT"/etc/openstack-neutron-setup.sed -i \ # Create the links to enable the neutron systemd services # ########################################################################## services=("openstack-neutron-network-configuration-one-node.service" \ - "openvswitch-create-links-one-node.service" \ "openstack-neutron-dhcp-agent.service" \ "openstack-neutron-l3-agent.service" \ "openstack-neutron-metadata-agent.service" \ diff --git a/openstack/etc/systemd/system/openstack-neutron-server.service b/openstack/etc/systemd/system/openstack-neutron-server.service index b9484b94..c8e816a5 100644 --- a/openstack/etc/systemd/system/openstack-neutron-server.service +++ b/openstack/etc/systemd/system/openstack-neutron-server.service @@ -1,7 +1,7 @@ [Unit] Description=Neutron Api Server -Wants=openvswitch-create-links-one-node.service -After=network-online.target openstack-neutron-setup.service openvswitch-create-links-one-node.service +Wants=openstack-neutron-network-configuration-one-node.service +After=network-online.target openstack-neutron-setup.service openstack-neutron-network-configuration-one-node.service [Service] Type=simple diff --git a/openstack/etc/systemd/system/openstack-neutron-setup.service b/openstack/etc/systemd/system/openstack-neutron-setup.service index 4c09907e..858e76e9 100644 --- a/openstack/etc/systemd/system/openstack-neutron-setup.service +++ b/openstack/etc/systemd/system/openstack-neutron-setup.service @@ -1,7 +1,7 @@ [Unit] Description=Run openstack-neutron-setup (once) -Wants=openvswitch-create-links-one-node.service -After=network-online.target openstack-keystone-setup.service openvswitch-create-links-one-node.service postgres-server.service +Wants=openstack-neutron-network-configuration-one-node.service +After=network-online.target openstack-keystone-setup.service openstack-neutron-network-configuration-one-node.service postgres-server.service [Service] Type=oneshot diff --git a/openstack/etc/systemd/system/openvswitch-create-links-one-node.service b/openstack/etc/systemd/system/openvswitch-create-links-one-node.service deleted file mode 100644 index bacfc433..00000000 --- a/openstack/etc/systemd/system/openvswitch-create-links-one-node.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Create Veth pairs -Wants=openstack-neutron-network-configuration-one-node.service -After=network-online.target openstack-neutron-network-configuration-one-node.service - -[Service] -Type=oneshot -ExecStart=/usr/share/openstack/create_openvswitch_veth_pairs -RemainAfterExit=yes -Restart=no - -[Install] -WantedBy=multi-user.target - diff --git a/openstack/manifest b/openstack/manifest index 8c7b9915..691b2343 100644 --- a/openstack/manifest +++ b/openstack/manifest @@ -157,6 +157,4 @@ 0100644 0 0 /etc/horizon/apache-horizon.conf 0100644 0 0 /etc/horizon/openstack_dashboard/local_settings.py 0100644 0 0 /etc/sysctl.conf -0100644 0 0 /etc/systemd/system/openvswitch-create-links-one-node.service -0100755 0 0 /usr/share/openstack/create_openvswitch_veth_pairs 0100644 0 0 /etc/hosts diff --git a/openstack/usr/share/openstack/create_openvswitch_veth_pairs b/openstack/usr/share/openstack/create_openvswitch_veth_pairs deleted file mode 100644 index a239ac73..00000000 --- a/openstack/usr/share/openstack/create_openvswitch_veth_pairs +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2015 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -xe - -# Get the first ethernet driver and its ip -eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')" -eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')" - -# Create the veth pairs between bridges (configuration one node) -ifconfig br-eth0 $eth_ip up -ip link set br-eth0 promisc on -ip link set eth1-br-proxy up promisc on -ip link set ex-br-proxy up promisc on -ip link set proxy-br-eth1 up promisc on -ip link set proxy-br-ex up promisc on - -exit 0 diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node index dadbaaa6..f5f5444a 100644 --- a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node +++ b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node @@ -22,9 +22,6 @@ eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*ine eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')" eth_mac="$(ip link show $eth_dev | tr -s '[:space:]' '\n' | sed -n '/link\/ether/{n;p}')" -ip link add proxy-br-eth1 type veth peer name eth1-br-proxy -ip link add proxy-br-ex type veth peer name ex-br-proxy - if [ -f /var/openstack/openvswitch-one-node-setup ]; then exit 0 fi @@ -51,12 +48,12 @@ systemctl restart systemd-networkd.service ip addr del $eth_ip dev $eth_dev # Create our external bridge -ovs-vsctl add-br br-eth0 # Bind our external device to the bridge -ovs-vsctl add-port br-eth0 $eth_dev # Tell the bridge that it has the mac address of the external device now -ovs-vsctl set bridge br-eth0 other-config:hwaddr=$eth_mac -ip link set br-eth0 promisc on +ovs-vsctl \ + -- add-br br-eth0 \ + -- add-port br-eth0 $eth_dev \ + -- set bridge br-eth0 other-config:hwaddr=$eth_mac # restart networkd again so it will DHCP on the Open vSwitch device that # replaces our external interface, but with the mac address of the external @@ -72,19 +69,18 @@ systemctl restart systemd-networkd.service # Add the rest of the bridges -ovs-vsctl add-br br-eth1 -ovs-vsctl add-br br-ex -ovs-vsctl add-port br-eth1 eth1-br-proxy -ovs-vsctl add-port br-ex ex-br-proxy -ovs-vsctl add-port br-eth0 proxy-br-eth1 -ovs-vsctl add-port br-eth0 proxy-br-ex -ip link set eth1-br-proxy up promisc on -ip link set ex-br-proxy up promisc on -ip link set proxy-br-eth1 up promisc on -ip link set proxy-br-ex up promisc on +ovs-vsctl \ + -- add-br br-eth1 \ + -- add-port br-eth1 eth1-br-proxy \ + -- set interface eth1-br-proxy type=patch options:peer=proxy-br-eth1 \ + -- add-port br-eth0 proxy-br-eth1 \ + -- set interface proxy-br-eth1 type=patch options:peer=eth1-br-proxy \ + -- add-br br-ex \ + -- add-port br-ex ex-br-proxy \ + -- set interface ex-br-proxy type=patch options:peer=proxy-br-ex \ + -- add-port br-eth0 proxy-br-ex \ + -- set interface proxy-br-ex type=patch options:peer=ex-br-proxy install -D -m 644 /proc/self/fd/0 <<'EOF' /var/openstack/openvswitch-one-node-setup Openvswitch one node setup: success EOF - -exit 0 -- cgit v1.2.1 From d91af8d839840fe889c120db7cdcb081799c0cb2 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Wed, 11 Mar 2015 22:17:52 +0000 Subject: Update systemd to development snapshot including netlink fix --- strata/foundation.morph | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/strata/foundation.morph b/strata/foundation.morph index eea872a8..d6c9e05e 100644 --- a/strata/foundation.morph +++ b/strata/foundation.morph @@ -74,8 +74,8 @@ chunks: - name: systemd morph: strata/foundation/systemd.morph repo: upstream:systemd - ref: a88abde72169ddc2df77df3fa5bed30725022253 - unpetrify-ref: v219 + ref: d736e4f3e76daca4ab1b1fc444737e5ee20a27cd + unpetrify-ref: master build-depends: - dbus-pre - gobject-introspection -- cgit v1.2.1 From da5043058d57c52f80b1bbf54883aad1396fd00d Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Tue, 17 Mar 2015 14:40:23 +0000 Subject: Don't enable libvirt-guests.service We don't think it's necessary, and it sometimes races with nova-compute.service, failing if certain network devices aren't created yet, so let's see if Nova should be the one starting the machines up at boot time. --- openstack-nova.configure | 1 - 1 file changed, 1 deletion(-) diff --git a/openstack-nova.configure b/openstack-nova.configure index 4655342c..93d1ee53 100644 --- a/openstack-nova.configure +++ b/openstack-nova.configure @@ -55,7 +55,6 @@ wants_dir="$ROOT"/usr/lib/systemd/system/multi-user.target.wants mkdir -p "$wants_dir" mkdir -p "$ROOT"/var/lock/subsys ln -sf ../libvirtd.service "$wants_dir/libvirtd.service" -ln -sf ../libvirt-guests.service "$wants_dir/libvirt-guests.service" ########################################################################## # Change iprange for the interal libvirt to avoid clashes -- cgit v1.2.1 From 02f0fbe6cf19ed0645df23e14cab16d61a400661 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Tue, 17 Mar 2015 14:55:04 +0000 Subject: neutron.configure: Ensure /var/run is a symlink to /run If /var/run is a directory that is not emptied every boot, then it will contain references to stale network namespaces, which do not work when neutron tries to create networks. If it is flushed appropriately then neutron will create the namespaces when it needs to. --- openstack-neutron.configure | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/openstack-neutron.configure b/openstack-neutron.configure index 9097336d..5b71c09c 100644 --- a/openstack-neutron.configure +++ b/openstack-neutron.configure @@ -56,3 +56,12 @@ for service in ${services[@]}; do ln -sf "/etc/systemd/system/$service" \ "$ROOT/etc/systemd/system/multi-user.target.wants/$service" done + +############################################# +# Ensure /var/run is an appropriate symlink # +############################################# + +if ! link="$(readlink "$ROOT/var/run")" || [ "$link" != ../run ]; then + rm -rf "$ROOT/var/run" + ln -s ../run "$ROOT/var/run" +fi -- cgit v1.2.1 From f9852d6a50ab56ebce951675d4a162b033d6dd42 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Fri, 20 Mar 2015 09:52:35 +0000 Subject: openstack: Disable nova firewall management This should be handled by neutron, and except for the mis-configuration, it should have been. However, since both neutron and nova were configured to handle firewalling, they would both install their firewall rules into iptables, and it would be random which one would be used as either service is likely to start before the other and install their hook first. The result being that we'd randomly not be able to reach VMs after a reboot, unless we'd installed the same firewall rules in both nova and neutron. --- openstack/etc/nova/nova.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openstack/etc/nova/nova.conf b/openstack/etc/nova/nova.conf index 8b3522b5..30f265aa 100644 --- a/openstack/etc/nova/nova.conf +++ b/openstack/etc/nova/nova.conf @@ -253,7 +253,7 @@ dhcpbridge_flagfile=/etc/nova/nova.conf #dhcpbridge=$bindir/nova-dhcpbridge #dhcp_lease_time=120 # Firewall driver (defaults to hypervisor specific iptables driver) (string value) -firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver +#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver # Interface for public IP addresses (default: eth0) (string value) #public_interface=br-ext public_interface=eth0 -- cgit v1.2.1 From 6e0500ed2d1acb507fc2764351d3eb2315717320 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Fri, 20 Mar 2015 09:47:40 +0000 Subject: openstack-net-config: Check whether we need to run before gethering network config --- .../openstack-neutron-network-configuration-for-one-node | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node index f5f5444a..abf1113e 100644 --- a/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node +++ b/openstack/usr/share/openstack/openstack-neutron-network-configuration-for-one-node @@ -17,15 +17,15 @@ set -xe +if [ -f /var/openstack/openvswitch-one-node-setup ]; then + exit 0 +fi + # Get the first ethernet driver and its ip eth_dev="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $1 } ')" eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^e" | head -1 | awk '{ print $2 } ')" eth_mac="$(ip link show $eth_dev | tr -s '[:space:]' '\n' | sed -n '/link\/ether/{n;p}')" -if [ -f /var/openstack/openvswitch-one-node-setup ]; then - exit 0 -fi - # Create the bridges to use the External network mapped # This configuration is for 1 node and it was taken from: # https://fosskb.wordpress.com/2014/10/18/openstack-juno-on-ubuntu-14-10/ -- cgit v1.2.1 From c3c22dc728e1ef0bc586544eec1dd5ae42f67aab Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Wed, 11 Mar 2015 22:14:02 +0000 Subject: Fix openstack-nova-compute.service duplicate description --- openstack/etc/systemd/system/openstack-nova-compute.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openstack/etc/systemd/system/openstack-nova-compute.service b/openstack/etc/systemd/system/openstack-nova-compute.service index dc18f225..aa332251 100644 --- a/openstack/etc/systemd/system/openstack-nova-compute.service +++ b/openstack/etc/systemd/system/openstack-nova-compute.service @@ -1,5 +1,5 @@ [Unit] -Description=OpenStack Compute Service (code-named Nova) API server +Description=OpenStack Compute Service (code-named Nova) compute server After=syslog.target network.target libvirtd.service Requires=libvirtd.service -- cgit v1.2.1 From 181330407a7df747d605d8e1b82262a6317736a3 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Wed, 11 Mar 2015 22:33:06 +0000 Subject: systemd: disable building of tests --- strata/foundation/systemd.morph | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/strata/foundation/systemd.morph b/strata/foundation/systemd.morph index 81db9acd..c53cef39 100644 --- a/strata/foundation/systemd.morph +++ b/strata/foundation/systemd.morph @@ -3,9 +3,11 @@ kind: chunk build-system: autotools configure-commands: - sh autogen.sh -- ./configure --prefix="$PREFIX" --enable-xz --disable-manpages --sysconfdir=/etc - --localstatedir=/var --libdir="$PREFIX/lib" --libexecdir="$PREFIX/libexec" --with-rootprefix= - --with-rootlibdir=/lib +- | + ./configure --prefix="$PREFIX" --enable-xz --disable-manpages \ + --disable-tests --sysconfdir=/etc --localstatedir=/var \ + --libdir="$PREFIX/lib" --libexecdir="$PREFIX/libexec" \ + --with-rootprefix= --with-rootlibdir=/lib install-commands: - make DESTDIR="$DESTDIR" install - mkdir -p "$DESTDIR"/sbin -- cgit v1.2.1 From 96957d8ecd530811043135990718c059133c65e9 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Fri, 20 Mar 2015 14:34:20 +0000 Subject: Tidy up some nova service enablement --- openstack/usr/share/openstack/openstack-nova-setup | 29 +++++----------------- 1 file changed, 6 insertions(+), 23 deletions(-) diff --git a/openstack/usr/share/openstack/openstack-nova-setup b/openstack/usr/share/openstack/openstack-nova-setup index 1a93a1b0..2fdd3608 100644 --- a/openstack/usr/share/openstack/openstack-nova-setup +++ b/openstack/usr/share/openstack/openstack-nova-setup @@ -95,38 +95,21 @@ usermod -a -G libvirt nova rm /etc/systemd/system/multi-user.target.wants/openstack-nova-setup.service # Start nova services -systemctl start openstack-nova-compute # [1] Never enable openstack-nova-conductor service in a node with # openstack-nova-compute or the security benefits of removing # database access from nova-compute will be negated #systemctl start openstack-nova-conductor -systemctl start openstack-nova-api -systemctl start openstack-nova-cert -systemctl start openstack-nova-consoleauth -systemctl start openstack-nova-scheduler -systemctl start openstack-nova-novncproxy +for service in compute api cert consoleauth scheduler novncproxy; do + systemctl start openstack-nova-$service.service +done #systemctl start openstack-nova-xvpnvncproxy # Create the links to run nova services when system start next times. -ln -s "/etc/systemd/system/openstack-nova-compute.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service" +for service in compute api cert consoleauth scheduler novncproxy; do + systemctl enable openstack-nova-$service.service +done # See description of why this shouldn't run in a openstack in one node in [1] #ln -s "/etc/systemd/system/openstack-nova-conductor.service" \ # "/etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service" -ln -s "/etc/systemd/system/openstack-nova-api.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-api.service" - -ln -s "/etc/systemd/system/openstack-nova-cert.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-cert.service" - -ln -s "/etc/systemd/system/openstack-nova-consoleauth.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service" - -ln -s "/etc/systemd/system/openstack-nova-scheduler.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service" - -ln -s "/etc/systemd/system/openstack-nova-novncproxy.service" \ - "/etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service" - exit 0 -- cgit v1.2.1 From 73a471f4cc4e8e6ae33b6519f5c4e6d47d0ada95 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Fri, 20 Mar 2015 14:29:32 +0000 Subject: Enable nova serial console This enables serial console access to local nodes from the host machine by running `novaconsole $VM_NAME` after it has been installed by running pip install git+http://github.com/larsks/novaconsole.git --- openstack/etc/nova/nova.conf | 8 ++++++++ .../etc/systemd/system/openstack-nova-serialproxy.service | 11 +++++++++++ openstack/manifest | 1 + openstack/usr/share/openstack/openstack-nova-setup | 4 ++-- 4 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 openstack/etc/systemd/system/openstack-nova-serialproxy.service diff --git a/openstack/etc/nova/nova.conf b/openstack/etc/nova/nova.conf index 30f265aa..ca009273 100644 --- a/openstack/etc/nova/nova.conf +++ b/openstack/etc/nova/nova.conf @@ -634,3 +634,11 @@ allow_resize_to_same_host=True # Actual testing hardware does not support hardware acceleration # so in this step we will configure libvirt to use qemu instead of KVM virt_type=qemu + +################## +# SERIAL CONSOLE # +################## +# Enable serial console proxy for serial console access from the host only +[serial_console] +serialproxy_host=127.0.0.1 +enabled=true diff --git a/openstack/etc/systemd/system/openstack-nova-serialproxy.service b/openstack/etc/systemd/system/openstack-nova-serialproxy.service new file mode 100644 index 00000000..2557dc2b --- /dev/null +++ b/openstack/etc/systemd/system/openstack-nova-serialproxy.service @@ -0,0 +1,11 @@ +[Unit] +Description=OpenStack Nova Serial Proxy +After=syslog.target network.target + +[Service] +Type=simple +User=nova +ExecStart=/usr/bin/nova-serialproxy --config-file /etc/nova/nova.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/manifest b/openstack/manifest index 691b2343..76e989d8 100644 --- a/openstack/manifest +++ b/openstack/manifest @@ -47,6 +47,7 @@ 0100644 0 0 /etc/systemd/system/openstack-nova-scheduler.service 0100644 0 0 /etc/systemd/system/openstack-nova-consoleauth.service 0100644 0 0 /etc/systemd/system/openstack-nova-novncproxy.service +0100644 0 0 /etc/systemd/system/openstack-nova-serialproxy.service 0100644 0 0 /etc/systemd/system/openstack-nova-cert.service 0100644 0 0 /etc/systemd/system/openstack-rabbitmq-setup.service 0100644 0 0 /etc/systemd/system/openstack-rabbitmq-server.service diff --git a/openstack/usr/share/openstack/openstack-nova-setup b/openstack/usr/share/openstack/openstack-nova-setup index 2fdd3608..86de2341 100644 --- a/openstack/usr/share/openstack/openstack-nova-setup +++ b/openstack/usr/share/openstack/openstack-nova-setup @@ -99,13 +99,13 @@ rm /etc/systemd/system/multi-user.target.wants/openstack-nova-setup.service # openstack-nova-compute or the security benefits of removing # database access from nova-compute will be negated #systemctl start openstack-nova-conductor -for service in compute api cert consoleauth scheduler novncproxy; do +for service in compute api cert consoleauth scheduler novncproxy serialproxy; do systemctl start openstack-nova-$service.service done #systemctl start openstack-nova-xvpnvncproxy # Create the links to run nova services when system start next times. -for service in compute api cert consoleauth scheduler novncproxy; do +for service in compute api cert consoleauth scheduler novncproxy serialproxy; do systemctl enable openstack-nova-$service.service done # See description of why this shouldn't run in a openstack in one node in [1] -- cgit v1.2.1