From d11285a7fdda820fd4d398ede0ae25d6364e7049 Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Fri, 27 Mar 2015 12:24:04 +0000 Subject: nova: Move setup scripts to Ansible. Also change systemd units and configure extension to match this change --- openstack-nova.configure | 97 ++++++++++++----- .../systemd/system/openstack-nova-setup.service | 6 +- openstack/usr/share/openstack/nova.yml | 73 +++++++++++++ openstack/usr/share/openstack/openstack-nova-setup | 115 --------------------- 4 files changed, 149 insertions(+), 142 deletions(-) create mode 100644 openstack/usr/share/openstack/nova.yml delete mode 100644 openstack/usr/share/openstack/openstack-nova-setup diff --git a/openstack-nova.configure b/openstack-nova.configure index b3268fe7..ab05f9e0 100644 --- a/openstack-nova.configure +++ b/openstack-nova.configure @@ -19,29 +19,6 @@ set -e ROOT="$1" -########################################################################## -# Substitutions in configuration files -########################################################################## - -cat < "$ROOT"/etc/openstack-nova-setup.sed -s/##NOVA_SERVICE_USER##/$NOVA_SERVICE_USER/g -s/##NOVA_SERVICE_PASSWORD##/$NOVA_SERVICE_PASSWORD/g -s/##NOVA_PUBLIC_URL##/$NOVA_PUBLIC_URL/g -s/##NOVA_INTERNAL_URL##/$NOVA_INTERNAL_URL/g -s/##NOVA_ADMIN_URL##/$NOVA_ADMIN_URL/g -s/##NOVA_HOST##/$NOVA_HOST/g -s/##NOVA_REGION##/$NOVA_REGION/g -s/##NOVA_NOVNCPROXY_BASE_URL##/$NOVA_NOVNCPROXY_BASE_URL/g -s/##NOVA_DB_USER##/$NOVA_DB_USER/g -s/##NOVA_DB_PASSWORD##/$NOVA_DB_PASSWORD/g -EOF - -sed -f "$ROOT"/etc/openstack-nova-setup.sed -i \ - "$ROOT"/etc/nova/nova.conf \ - "$ROOT"/etc/neutron/neutron.conf \ - "$ROOT"/etc/neutron/metadata_agent.ini \ - "$ROOT"/usr/share/openstack/openstack-nova-setup - ########################################################################## ln -sf "/usr/lib/systemd/system/openstack-nova-setup.service" \ @@ -63,3 +40,77 @@ ln -sf ../libvirtd.service "$wants_dir/libvirtd.service" sed -i "s/192\.168\.122\./192\.168\.1\./g" \ "$ROOT"/etc/libvirt/qemu/networks/default.xml + +########################################################################## +# Check variables +########################################################################## + + +if [ -z "$NOVA_SERVICE_USER" -a \ + -z "$NOVA_SERVICE_PASSWORD" -a \ + -z "$NOVA_DB_USER" -a \ + -z "$NOVA_DB_PASSWORD" -a \ + -z "$NOVA_VIRT_TYPE" -a \ + -z "$NEUTRON_SERVICE_USER" -a \ + -z "$NEUTRON_SERVICE_PASSWORD" -a \ + -z "$METADATA_PROXY_SHARED_SECRET" -a \ + -z "$RABBITMQ_HOST" -a \ + -z "$RABBITMQ_USER" -a \ + -z "$RABBITMQ_PASSWORD" -a \ + -z "$RABBITMQ_PORT" -a \ + -z "$CONTROLLER_HOST_ADDRESS" -a \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -a \ + -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then + # No NOVA options defined, do nothing. + exit 0 +fi + +if [ -z "$NOVA_SERVICE_USER" -o \ + -z "$NOVA_SERVICE_PASSWORD" -o \ + -z "$NOVA_DB_USER" -o \ + -z "$NOVA_DB_PASSWORD" -o \ + -z "$NOVA_VIRT_TYPE" -o \ + -z "$NEUTRON_SERVICE_USER" -o \ + -z "$NEUTRON_SERVICE_PASSWORD" -o \ + -z "$METADATA_PROXY_SHARED_SECRET" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$CONTROLLER_HOST_ADDRESS" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then + echo Some options required for Nova were defined, but not all. + exit 1 +fi + +########################################################################## +# Generate config variable shell snippet +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/nova.conf" +import os, sys, yaml + +nova_configuration={ + 'NOVA_SERVICE_USER': os.environ['NOVA_SERVICE_USER'], + 'NOVA_SERVICE_PASSWORD': os.environ['NOVA_SERVICE_PASSWORD'], + 'NOVA_DB_USER': os.environ['NOVA_DB_USER'], + 'NOVA_DB_PASSWORD': os.environ['NOVA_DB_PASSWORD'], + 'NOVA_VIRT_TYPE': os.environ['NOVA_VIRT_TYPE'], + 'NEUTRON_SERVICE_USER': os.environ['NEUTRON_SERVICE_USER'], + 'NEUTRON_SERVICE_PASSWORD': os.environ['NEUTRON_SERVICE_PASSWORD'], + 'METADATA_PROXY_SHARED_SECRET': os.environ['METADATA_PROXY_SHARED_SECRET'], + 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'], + 'RABBITMQ_USER': os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], + 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], +} + +yaml.dump(nova_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack/usr/lib/systemd/system/openstack-nova-setup.service b/openstack/usr/lib/systemd/system/openstack-nova-setup.service index e7a9136f..a4ad6ae7 100644 --- a/openstack/usr/lib/systemd/system/openstack-nova-setup.service +++ b/openstack/usr/lib/systemd/system/openstack-nova-setup.service @@ -1,11 +1,9 @@ [Unit] -Description=Run openstack-nova-setup (once) +Description=Run nova-setup Ansible scripts After=local-fs.target libvirtd.service openstack-keystone-setup.service postgres-server.service [Service] -Type=oneshot -ExecStart=/usr/share/openstack/openstack-nova-setup -Restart=no +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/nova.yml [Install] WantedBy=multi-user.target diff --git a/openstack/usr/share/openstack/nova.yml b/openstack/usr/share/openstack/nova.yml new file mode 100644 index 00000000..947df037 --- /dev/null +++ b/openstack/usr/share/openstack/nova.yml @@ -0,0 +1,73 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/nova.conf" + tasks: + - name: Create the nova user. + user: name=nova comment="Openstack Nova Daemons" shell=/sbin/nologin home=/var/lib/nova groups=libvirt append=yes + + - name: Create the /var folders for nova + file: path={{ item }} state=directory owner=nova group=nova + with_items: + - /var/run/nova + - /var/lock/nova + - /var/log/nova + - /var/lib/nova + - /var/lib/nova/instances + + - file: path=/etc/nova state=directory + - name: Add the configuration needed for nova in /etc/nova using templates + template: src=/usr/share/openstack/nova/{{ item }} dest=/etc/nova/{{ item }} + with_lines: + - (cd /usr/share/openstack/nova && find -type f) + + - keystone_user: > + user={{ NOVA_SERVICE_USER }} + password={{ NOVA_SERVICE_PASSWORD }} + tenant=service + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + + - keystone_user: > + role=admin + user={{ NOVA_SERVICE_USER }} + tenant=service + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + + - keystone_service: > + name=nova + type=compute + description="Openstack Compute Service" + publicurl='http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' + internalurl='http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' + adminurl='http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' + region='regionOne' + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + + - postgresql_user: name={{ NOVA_DB_USER }} login_host={{ CONTROLLER_HOST_ADDRESS }} password={{ NOVA_DB_PASSWORD }} + sudo: yes + sudo_user: nova + - postgresql_db: name=nova owner={{ NOVA_DB_USER }} login_host={{ CONTROLLER_HOST_ADDRESS }} + sudo: yes + sudo_user: nova + + - nova_manage: action=dbsync + sudo: yes + sudo_user: nova + + + +# [1] Never enable openstack-nova-conductor service in a node with +# openstack-nova-compute or the security benefits of removing +# database access from nova-compute will be negated +#systemctl start openstack-nova-conductor + - name: Enable and start openstack-nova services + service: name={{ item }} enabled=yes state=started + with_items: + - openstack-nova-api.service + - openstack-nova-cert.service + - openstack-nova-compute.service + - openstack-nova-consoleauth.service + - openstack-nova-novncproxy.service + - openstack-nova-scheduler.service + - openstack-nova-serialproxy.service +# - openstack-nova-conductor.service diff --git a/openstack/usr/share/openstack/openstack-nova-setup b/openstack/usr/share/openstack/openstack-nova-setup deleted file mode 100644 index 86de2341..00000000 --- a/openstack/usr/share/openstack/openstack-nova-setup +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -e - -# Create required system users and groups - -getent group nova >/dev/null || groupadd -r --gid 162 nova -getent passwd nova >/dev/null || \ - useradd --uid 162 -r -g nova -d /var/lib/nova -s /sbin/nologin \ - -c "OpenStack Nova Daemons" nova - -# Create the keystone user and services - -export OS_SERVICE_TOKEN=##KEYSTONE_TEMPORARY_ADMIN_TOKEN## -export OS_SERVICE_ENDPOINT='http://onenode:35357/v2.0' - -keystone user-create --name ##NOVA_SERVICE_USER## --pass ##NOVA_SERVICE_PASSWORD## -keystone user-role-add --tenant service --user ##NOVA_SERVICE_USER## --role admin - -keystone service-create --name nova --type compute --description "OpenStack Compute Service" -keystone endpoint-create --service-id $(keystone service-list | awk '/ compute / {print $2}') \ - --publicurl ##NOVA_PUBLIC_URL## \ - --internalurl ##NOVA_INTERNAL_URL## \ - --adminurl ##NOVA_ADMIN_URL## \ - --region ##NOVA_REGION## - -# Nova compute configuration -if [ ! -d /var/run/nova ]; then - mkdir -p /var/run/nova - chown -R nova:nova /var/run/nova -fi - -if [ ! -d /var/lock/nova ]; then - mkdir -p /var/lock/nova - chown -R nova:nova /var/lock/nova -fi - -if [ ! -d /var/log/nova ]; then - mkdir -p /var/log/nova - chown -R nova:nova /var/log/nova -fi - -if [ ! -d /var/lib/nova/instances ]; then - mkdir /var/lib/nova/instances - chown -R nova:nova /var/lib/nova/instances -fi - -# Setup the nova database -if ! sudo -u postgres psql -lqt | grep -q nova; then - # Create posgreSQL user - sudo -u postgres createuser \ - --pwprompt --encrypted \ - --no-adduser --no-createdb \ - --no-password \ - ##NOVA_DB_USER## - - sudo -u postgres createdb \ - --owner=##NOVA_DB_USER## \ - nova - - sudo -u nova nova-manage db sync -fi - -# Nova novncproxy needs to know the ip of the novnc host -# this is a workaround to make nova known which is the novnc host -eth_ip="$(ip addr | perl -pe 'if (/^\d+: ([^:]+)/) { $iface=$1; } if (m@^\s*inet ([^/]+)/@) { print "$iface $1\n"; } $_=undef;' | grep "^br-eth0" | head -1 | awk '{ print $2 } ')" -sed -i "s/\#\#NOVNC_HOST\#\#/$eth_ip/g" /etc/nova/nova.conf - -chown -R nova:nova /var/lib/nova - -# Add nova to the libvirt group -usermod -a -G libvirt nova - -# Check existence of Network Block Device module in the kernel -# NOTE: modprobe does not work actually and returns always -# failure, enable this check when modprobe is fixed. -#modprobe nbd - -# Remove the one-shot setup service -rm /etc/systemd/system/multi-user.target.wants/openstack-nova-setup.service - -# Start nova services -# [1] Never enable openstack-nova-conductor service in a node with -# openstack-nova-compute or the security benefits of removing -# database access from nova-compute will be negated -#systemctl start openstack-nova-conductor -for service in compute api cert consoleauth scheduler novncproxy serialproxy; do - systemctl start openstack-nova-$service.service -done -#systemctl start openstack-nova-xvpnvncproxy - -# Create the links to run nova services when system start next times. -for service in compute api cert consoleauth scheduler novncproxy serialproxy; do - systemctl enable openstack-nova-$service.service -done -# See description of why this shouldn't run in a openstack in one node in [1] -#ln -s "/etc/systemd/system/openstack-nova-conductor.service" \ -# "/etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service" - -exit 0 -- cgit v1.2.1