From 8de7d921a3f8b7375691a4fbcfcfa8a66c49226c Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Tue, 14 Apr 2015 18:54:57 +0000 Subject: OpenStack: Split nova into control and compute This adds NOVA_ENABLE_{CONTROLLER,COMPUTE}. Both are enabled by deafult, but if CONTROLLER is enabled but COMPUTE isn't, then the conductor service is enabled. Change-Id: I523a7270d4afdcd1e2a30eaac42ea499581fe971 --- clusters/openstack-installer.morph | 4 + openstack-nova.configure | 86 ++++++++++++----- openstack/manifest | 6 +- .../lib/systemd/system/openstack-nova-api.service | 3 +- .../lib/systemd/system/openstack-nova-cert.service | 3 +- .../systemd/system/openstack-nova-compute.service | 3 +- .../system/openstack-nova-conductor.service | 3 +- .../system/openstack-nova-config-setup.service | 9 ++ .../system/openstack-nova-consoleauth.service | 3 +- .../systemd/system/openstack-nova-db-setup.service | 11 +++ .../system/openstack-nova-novncproxy.service | 3 +- .../system/openstack-nova-scheduler.service | 3 +- .../system/openstack-nova-serialproxy.service | 3 +- .../systemd/system/openstack-nova-setup.service | 9 -- openstack/usr/share/openstack/nova-config.yml | 34 +++++++ openstack/usr/share/openstack/nova-db.yml | 51 +++++++++++ openstack/usr/share/openstack/nova.yml | 102 --------------------- 17 files changed, 194 insertions(+), 142 deletions(-) create mode 100644 openstack/usr/lib/systemd/system/openstack-nova-config-setup.service create mode 100644 openstack/usr/lib/systemd/system/openstack-nova-db-setup.service delete mode 100644 openstack/usr/lib/systemd/system/openstack-nova-setup.service create mode 100644 openstack/usr/share/openstack/nova-config.yml create mode 100644 openstack/usr/share/openstack/nova-db.yml delete mode 100644 openstack/usr/share/openstack/nova.yml diff --git a/clusters/openstack-installer.morph b/clusters/openstack-installer.morph index 5cc7c5d1..2f2cbd02 100644 --- a/clusters/openstack-installer.morph +++ b/clusters/openstack-installer.morph @@ -77,6 +77,8 @@ systems: NEUTRON_ENABLE_AGENT: False NEUTRON_ENABLE_MANAGER: True NEUTRON_ENABLE_CONTROLLER: False + NOVA_ENABLE_CONTROLLER: False + NOVA_ENABLE_COMPUTE: False METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret HOSTS_SELF: 10.24.1.83 threenode-network HOSTS_NETWORK: 10.0.0.1 threenode-network.os-mgmt @@ -113,6 +115,7 @@ systems: NEUTRON_ENABLE_AGENT: False NEUTRON_ENABLE_MANAGER: False NEUTRON_ENABLE_CONTROLLER: True + NOVA_ENABLE_CONTROLLER: True METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret HOSTS_SELF: 10.0.0.2 threenode-controller EXTERNAL_INTERFACE: enp2s0 @@ -145,6 +148,7 @@ systems: NEUTRON_ENABLE_AGENT: True NEUTRON_ENABLE_MANAGER: False NEUTRON_ENABLE_CONTROLLER: False + NOVA_ENABLE_COMPUTE: True METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret HOSTS_SELF: 10.0.0.3 threenode-compute EXTERNAL_INTERFACE: eno1 diff --git a/openstack-nova.configure b/openstack-nova.configure index 3605f8b9..b1ad237f 100644 --- a/openstack-nova.configure +++ b/openstack-nova.configure @@ -18,27 +18,10 @@ set -e ROOT="$1" -########################################################################## - -ln -sf "/usr/lib/systemd/system/openstack-nova-setup.service" \ - "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-nova-setup.service" - -########################################################################## -# Enable libvirtd and libvirt-guests services -########################################################################## - -wants_dir="$ROOT"/usr/lib/systemd/system/multi-user.target.wants -mkdir -p "$wants_dir" -mkdir -p "$ROOT"/var/lock/subsys -ln -sf ../libvirtd.service "$wants_dir/libvirtd.service" - -########################################################################## -# Change iprange for the interal libvirt to avoid clashes -# with eth0 ip range -########################################################################## - -sed -i "s/192\.168\.122\./192\.168\.1\./g" \ - "$ROOT"/etc/libvirt/qemu/networks/default.xml +enable(){ + ln -sf "/usr/lib/systemd/system/openstack-nova-$1.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-nova-$1.service" +} ########################################################################## # Check variables @@ -83,6 +66,67 @@ if [ -z "$NOVA_SERVICE_USER" -o \ exit 1 fi +# Check optional variables + +unnaceptable(){ + eval echo Unexpected value \$$1 for $1 >&2 + exit 1 +} + +check_bool(){ + case "$(eval echo \"\$$1\")" in + True|'') + eval "$1=true" + ;; + False) + eval "$1=false" + ;; + *) + unnaceptable "$1" + ;; + esac +} + +check_bool NOVA_ENABLE_CONTROLLER +check_bool NOVA_ENABLE_COMPUTE + +############################################### +# Enable libvirtd and libvirt-guests services # +############################################### + +wants_dir="$ROOT"/usr/lib/systemd/system/multi-user.target.wants +mkdir -p "$wants_dir" +mkdir -p "$ROOT"/var/lock/subsys +ln -sf ../libvirtd.service "$wants_dir/libvirtd.service" + +###################################### +# Enable relevant openstack services # +###################################### + +if "$NOVA_ENABLE_CONTROLLER" || "$NOVA_ENABLE_COMPUTE"; then + enable config-setup +fi +if "$NOVA_ENABLE_CONTROLLER" && ! "$NOVA_ENABLE_COMPUTE"; then + enable conductor +fi +if "$NOVA_ENABLE_COMPUTE"; then + enable compute +fi +if "$NOVA_ENABLE_CONTROLLER"; then + for service in db-setup api cert consoleauth novncproxy scheduler serialproxy; do + enable "$service" + done +fi + +########################################################################## +# Change iprange for the interal libvirt to avoid clashes +# with eth0 ip range +########################################################################## + +sed -i "s/192\.168\.122\./192\.168\.1\./g" \ + "$ROOT"/etc/libvirt/qemu/networks/default.xml + + ########################################################################## # Generate configuration file ########################################################################## diff --git a/openstack/manifest b/openstack/manifest index 8911abbf..4657d218 100644 --- a/openstack/manifest +++ b/openstack/manifest @@ -99,7 +99,8 @@ 0040755 0 0 /usr/share/openstack/neutron/plugins/vmware 0100644 0 0 /usr/share/openstack/neutron/plugins/vmware/nsx.ini 0040755 0 0 /usr/share/openstack/nova -0100644 0 0 /usr/share/openstack/nova.yml +0100644 0 0 /usr/share/openstack/nova-config.yml +0100644 0 0 /usr/share/openstack/nova-db.yml 0100644 0 0 /usr/share/openstack/nova/logging.conf 0100644 0 0 /usr/share/openstack/nova/nova.conf 0100644 0 0 /usr/share/openstack/nova/nova-compute.conf @@ -131,7 +132,8 @@ 0100644 0 0 /usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service 0100644 0 0 /usr/lib/systemd/system/openstack-neutron-dhcp-agent.service 0100644 0 0 /usr/lib/systemd/system/openstack-neutron-l3-agent.service -0100644 0 0 /usr/lib/systemd/system/openstack-nova-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-config-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-db-setup.service 0100644 0 0 /usr/lib/systemd/system/openstack-nova-compute.service 0100644 0 0 /usr/lib/systemd/system/openstack-nova-conductor.service 0100644 0 0 /usr/lib/systemd/system/openstack-nova-api.service diff --git a/openstack/usr/lib/systemd/system/openstack-nova-api.service b/openstack/usr/lib/systemd/system/openstack-nova-api.service index 8ee9cefa..d06afcaa 100644 --- a/openstack/usr/lib/systemd/system/openstack-nova-api.service +++ b/openstack/usr/lib/systemd/system/openstack-nova-api.service @@ -1,6 +1,7 @@ [Unit] Description=OpenStack Compute Service (code-named Nova) API server -After=syslog.target network-online.target +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service Wants=network-online.target [Service] diff --git a/openstack/usr/lib/systemd/system/openstack-nova-cert.service b/openstack/usr/lib/systemd/system/openstack-nova-cert.service index b2a2e1cc..418b060c 100644 --- a/openstack/usr/lib/systemd/system/openstack-nova-cert.service +++ b/openstack/usr/lib/systemd/system/openstack-nova-cert.service @@ -1,6 +1,7 @@ [Unit] Description=OpenStack Nova Cert -After=syslog.target network-online.target +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service Wants=network-online.target [Service] diff --git a/openstack/usr/lib/systemd/system/openstack-nova-compute.service b/openstack/usr/lib/systemd/system/openstack-nova-compute.service index 95a3a872..c9c6924c 100644 --- a/openstack/usr/lib/systemd/system/openstack-nova-compute.service +++ b/openstack/usr/lib/systemd/system/openstack-nova-compute.service @@ -1,6 +1,7 @@ [Unit] Description=OpenStack Compute Service (code-named Nova) compute server -After=syslog.target network-online.target libvirtd.service +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target libvirtd.service openstack-nova-config-setup.service openstack-nova-db-setup.service Wants=network-online.target Requires=libvirtd.service diff --git a/openstack/usr/lib/systemd/system/openstack-nova-conductor.service b/openstack/usr/lib/systemd/system/openstack-nova-conductor.service index 1d2ece69..bf8e0631 100644 --- a/openstack/usr/lib/systemd/system/openstack-nova-conductor.service +++ b/openstack/usr/lib/systemd/system/openstack-nova-conductor.service @@ -1,6 +1,7 @@ [Unit] Description=Database-access support for Compute nodes (nova-conductor) -After=syslog.target network-online.target libvirtd.service +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target libvirtd.service openstack-nova-config-setup.service openstack-nova-db-setup.service Wants=network-online.target Requires=libvirtd.service diff --git a/openstack/usr/lib/systemd/system/openstack-nova-config-setup.service b/openstack/usr/lib/systemd/system/openstack-nova-config-setup.service new file mode 100644 index 00000000..0ba467ad --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-config-setup.service @@ -0,0 +1,9 @@ +[Unit] +Description=Run nova-config-setup Ansible scripts +ConditionPathExists=/etc/openstack/neutron.conf + +[Service] +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/nova-config.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-consoleauth.service b/openstack/usr/lib/systemd/system/openstack-nova-consoleauth.service index 66442d11..68607354 100644 --- a/openstack/usr/lib/systemd/system/openstack-nova-consoleauth.service +++ b/openstack/usr/lib/systemd/system/openstack-nova-consoleauth.service @@ -1,6 +1,7 @@ [Unit] Description=Openstack Console Auth (nova-consoleauth) -After=syslog.target network-online.target +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service Wants=network-online.target [Service] diff --git a/openstack/usr/lib/systemd/system/openstack-nova-db-setup.service b/openstack/usr/lib/systemd/system/openstack-nova-db-setup.service new file mode 100644 index 00000000..ebe7e2bc --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-db-setup.service @@ -0,0 +1,11 @@ +[Unit] +Description=Run nova-db-setup Ansible scripts +ConditionPathExists=/etc/openstack/neutron.conf +After=postgres-server.service openstack-keystone.service openstack-keystone-setup.service +Wants=postgres-server.service openstack-keystone.service + +[Service] +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/nova-db.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-novncproxy.service b/openstack/usr/lib/systemd/system/openstack-nova-novncproxy.service index 597f357a..ecdadde2 100644 --- a/openstack/usr/lib/systemd/system/openstack-nova-novncproxy.service +++ b/openstack/usr/lib/systemd/system/openstack-nova-novncproxy.service @@ -1,6 +1,7 @@ [Unit] Description=OpenStack Nova NoVNC proxy -After=syslog.target network-online.target +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service Wants=network-online.target [Service] diff --git a/openstack/usr/lib/systemd/system/openstack-nova-scheduler.service b/openstack/usr/lib/systemd/system/openstack-nova-scheduler.service index d317b624..9009d49a 100644 --- a/openstack/usr/lib/systemd/system/openstack-nova-scheduler.service +++ b/openstack/usr/lib/systemd/system/openstack-nova-scheduler.service @@ -1,6 +1,7 @@ [Unit] Description=OpenStack Nova Scheduler -After=syslog.target network-online.target +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service Wants=network-online.target [Service] diff --git a/openstack/usr/lib/systemd/system/openstack-nova-serialproxy.service b/openstack/usr/lib/systemd/system/openstack-nova-serialproxy.service index 2d95c1fa..5f5a5b41 100644 --- a/openstack/usr/lib/systemd/system/openstack-nova-serialproxy.service +++ b/openstack/usr/lib/systemd/system/openstack-nova-serialproxy.service @@ -1,6 +1,7 @@ [Unit] Description=OpenStack Nova Serial Proxy -After=syslog.target network-online.target +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service Wants=network-online.target [Service] diff --git a/openstack/usr/lib/systemd/system/openstack-nova-setup.service b/openstack/usr/lib/systemd/system/openstack-nova-setup.service deleted file mode 100644 index a4ad6ae7..00000000 --- a/openstack/usr/lib/systemd/system/openstack-nova-setup.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Run nova-setup Ansible scripts -After=local-fs.target libvirtd.service openstack-keystone-setup.service postgres-server.service - -[Service] -ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/nova.yml - -[Install] -WantedBy=multi-user.target diff --git a/openstack/usr/share/openstack/nova-config.yml b/openstack/usr/share/openstack/nova-config.yml new file mode 100644 index 00000000..4f43db39 --- /dev/null +++ b/openstack/usr/share/openstack/nova-config.yml @@ -0,0 +1,34 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/nova.conf" + tasks: + - name: Create the nova user. + user: + name: nova + comment: Openstack Nova Daemons + shell: /sbin/nologin + home: /var/lib/nova + groups: libvirt + append: yes + + - name: Create the /var folders for nova + file: + path: "{{ item }}" + state: directory + owner: nova + group: nova + with_items: + - /var/run/nova + - /var/lock/nova + - /var/log/nova + - /var/lib/nova + - /var/lib/nova/instances + + - file: path=/etc/nova state=directory + - name: Add the configuration needed for nova in /etc/nova using templates + template: + src: /usr/share/openstack/nova/{{ item }} + dest: /etc/nova/{{ item }} + with_lines: + - cd /usr/share/openstack/nova && find -type f diff --git a/openstack/usr/share/openstack/nova-db.yml b/openstack/usr/share/openstack/nova-db.yml new file mode 100644 index 00000000..e7dc5b10 --- /dev/null +++ b/openstack/usr/share/openstack/nova-db.yml @@ -0,0 +1,51 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/nova.conf" + tasks: + - name: Create nova service user in service tenant + keystone_user: + user: "{{ NOVA_SERVICE_USER }}" + password: "{{ NOVA_SERVICE_PASSWORD }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Assign admin role to nova service user in the service tenant + keystone_user: + role: admin + user: "{{ NOVA_SERVICE_USER }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Add nova endpoint + keystone_service: + name: nova + type: compute + description: Openstack Compute Service + publicurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' + internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' + adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' + region: 'regionOne' + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Create postgresql user for nova + postgresql_user: + name: "{{ NOVA_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + password: "{{ NOVA_DB_PASSWORD }}" + sudo: yes + sudo_user: nova + + - name: Create database for nova services + postgresql_db: + name: nova + owner: "{{ NOVA_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + sudo: yes + sudo_user: nova + + - name: Initiate nova database + nova_manage: + action: dbsync + sudo: yes + sudo_user: nova diff --git a/openstack/usr/share/openstack/nova.yml b/openstack/usr/share/openstack/nova.yml deleted file mode 100644 index c1122c60..00000000 --- a/openstack/usr/share/openstack/nova.yml +++ /dev/null @@ -1,102 +0,0 @@ ---- -- hosts: localhost - vars_files: - - "/etc/openstack/nova.conf" - tasks: - - name: Create the nova user. - user: - name: nova - comment: Openstack Nova Daemons - shell: /sbin/nologin - home: /var/lib/nova - groups: libvirt - append: yes - - - name: Create the /var folders for nova - file: - path: "{{ item }}" - state: directory - owner: nova - group: nova - with_items: - - /var/run/nova - - /var/lock/nova - - /var/log/nova - - /var/lib/nova - - /var/lib/nova/instances - - - file: path=/etc/nova state=directory - - name: Add the configuration needed for nova in /etc/nova using templates - template: - src: /usr/share/openstack/nova/{{ item }} - dest: /etc/nova/{{ item }} - with_lines: - - cd /usr/share/openstack/nova && find -type f - - - name: Create nova service user in service tenant - keystone_user: - user: "{{ NOVA_SERVICE_USER }}" - password: "{{ NOVA_SERVICE_PASSWORD }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Assign admin role to nova service user in the service tenant - keystone_user: - role: admin - user: "{{ NOVA_SERVICE_USER }}" - tenant: service - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Add nova endpoint - keystone_service: - name: nova - type: compute - description: Openstack Compute Service - publicurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' - internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' - adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' - region: 'regionOne' - token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" - - - name: Create postgresql user for nova - postgresql_user: - name: "{{ NOVA_DB_USER }}" - login_host: "{{ CONTROLLER_HOST_ADDRESS }}" - password: "{{ NOVA_DB_PASSWORD }}" - sudo: yes - sudo_user: nova - - - name: Create database for nova services - postgresql_db: - name: nova - owner: "{{ NOVA_DB_USER }}" - login_host: "{{ CONTROLLER_HOST_ADDRESS }}" - sudo: yes - sudo_user: nova - - - name: Initiate nova database - nova_manage: - action: dbsync - sudo: yes - sudo_user: nova - - - -# [1] Never enable openstack-nova-conductor service in a node with -# openstack-nova-compute or the security benefits of removing -# database access from nova-compute will be negated -#systemctl start openstack-nova-conductor - - name: Enable and start openstack-nova services - service: - name: "{{ item }}" - enabled: yes - state: started - with_items: - - openstack-nova-api.service - - openstack-nova-cert.service - - openstack-nova-compute.service - - openstack-nova-consoleauth.service - - openstack-nova-novncproxy.service - - openstack-nova-scheduler.service - - openstack-nova-serialproxy.service -# - openstack-nova-conductor.service -- cgit v1.2.1