From e10ad8da85f1dc117d8df7a4c088b98d6335806d Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Thu, 28 May 2015 09:54:26 +0000 Subject: OpenStack: Add custom configuration for the components Add custom configuration for Keystone, Nova, Neutron, Cinder, Glance, Ironic, Swift, Ceilometer, Horizon and Tempest for Openstack Kilo release. Notes: - Horizon configuration has change in order to be less error prone and to be close to the default configuration, the following changes has been made to achive this purpose: - Install the openstack_dashboard django project in /var/lib/horizon avoiding: - to write in /usr/lib/python2.7/site-packages/static - to maintain a copy of local_settings.py - to create a symlink as workaround to make django.wsgi to work with the previous configuration. - Change the path of django.wsgi file - Remove the 'horizon/' suffix to access Horizon via URL. - Grant permissions to access to /var/lib/horizon/static Signed-off-by: Francisco Redondo Marchena Signed-off-by: Patrick Darley Signed-off-by: Tiago Gomes Change-Id: I1fda4f85eb334b1b5bfec54dfcd9780a6112ea3b --- extensions/openstack-ceilometer.configure | 2 + .../openstack/etc/horizon/apache-horizon.conf | 10 +- install-files/openstack/etc/tempest/tempest.conf | 228 ++++++++++----------- install-files/openstack/manifest | 2 - .../system/openstack-neutron-l3-agent.service | 3 +- .../usr/share/openstack/ceilometer/ceilometer.conf | 85 ++++---- .../usr/share/openstack/cinder/cinder.conf | 66 +++--- .../usr/share/openstack/glance/glance-api.conf | 62 +++--- .../share/openstack/glance/glance-registry.conf | 60 +++--- .../openstack/usr/share/openstack/horizon.yml | 7 +- .../usr/share/openstack/ironic/ironic.conf | 36 ++-- .../usr/share/openstack/keystone/keystone.conf | 26 +-- .../usr/share/openstack/neutron-config.yml | 11 - .../openstack/usr/share/openstack/neutron-db.yml | 2 +- .../usr/share/openstack/neutron/dhcp_agent.ini | 6 +- .../usr/share/openstack/neutron/l3_agent.ini | 4 +- .../usr/share/openstack/neutron/metadata_agent.ini | 14 +- .../usr/share/openstack/neutron/neutron.conf | 66 +++--- .../openstack/neutron/plugins/ml2/ml2_conf.ini | 24 ++- .../openstack/usr/share/openstack/nova/nova.conf | 134 ++++++------ .../usr/share/swift/etc/swift/container-server.j2 | 8 + .../usr/share/swift/etc/swift/object-server.j2 | 25 ++- .../swift/usr/share/swift/etc/swift/swift.j2 | 53 ++++- strata/openstack-services/horizon.morph | 66 +++--- 24 files changed, 560 insertions(+), 440 deletions(-) diff --git a/extensions/openstack-ceilometer.configure b/extensions/openstack-ceilometer.configure index 9c0b7b6d..a98c4d73 100644 --- a/extensions/openstack-ceilometer.configure +++ b/extensions/openstack-ceilometer.configure @@ -66,6 +66,7 @@ if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \ -z "$RABBITMQ_USER" -o \ -z "$RABBITMQ_PASSWORD" -o \ -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$NOVA_VIRT_TYPE" -o \ -z "$CONTROLLER_HOST_ADDRESS" ]; then echo Some options required for Ceilometer were defined, but not all. exit 1 @@ -114,6 +115,7 @@ ceilometer_configuration={ 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], + 'NOVA_VIRT_TYPE': os.environ['NOVA_VIRT_TYPE'], } yaml.dump(ceilometer_configuration, sys.stdout, default_flow_style=False) diff --git a/install-files/openstack/etc/horizon/apache-horizon.conf b/install-files/openstack/etc/horizon/apache-horizon.conf index ea88897a..ab3cf0c7 100644 --- a/install-files/openstack/etc/horizon/apache-horizon.conf +++ b/install-files/openstack/etc/horizon/apache-horizon.conf @@ -1,16 +1,18 @@ - WSGIScriptAlias /horizon /var/lib/horizon/openstack_dashboard/django.wsgi + WSGIScriptAlias / /var/lib/horizon/openstack_dashboard/wsgi/django.wsgi WSGIDaemonProcess horizon user=horizon group=horizon processes=3 threads=10 home=/var/lib/horizon display-name=horizon WSGIApplicationGroup %{GLOBAL} - RedirectMatch ^/$ /horizon/ - SetEnv APACHE_RUN_USER apache SetEnv APACHE_RUN_GROUP apache WSGIProcessGroup horizon DocumentRoot /var/lib/horizon/.blackhole - Alias /static /var/lib/horizon/openstack_dashboard/static + Alias /static /var/lib/horizon/static + + + Require all granted + Options Indexes FollowSymLinks MultiViews diff --git a/install-files/openstack/etc/tempest/tempest.conf b/install-files/openstack/etc/tempest/tempest.conf index fcc8db9e..ad3d7fb2 100644 --- a/install-files/openstack/etc/tempest/tempest.conf +++ b/install-files/openstack/etc/tempest/tempest.conf @@ -41,7 +41,7 @@ # Use syslog for logging. Existing syslog format is DEPRECATED during # I, and will change in J to honor RFC5424. (boolean value) -#use_syslog = false +use_syslog = true # (Optional) Enables or disables syslog rfc5424 format for logging. If # enabled, prefixes the MSG part of the syslog message with APP-NAME @@ -107,7 +107,7 @@ # achieved configuring a list of test accounts (boolean value) # Deprecated group/name - [compute]/allow_tenant_isolation # Deprecated group/name - [orchestration]/allow_tenant_isolation -#allow_tenant_isolation = true +allow_tenant_isolation = true # Roles to assign to all users created by tempest (list value) #tempest_roles = @@ -208,15 +208,15 @@ # # enable cli tests (boolean value) -#enabled = true +enabled = true # directory where python client binaries are located (string value) -#cli_dir = /usr/local/bin +cli_dir = /usr/bin # Whether the tempest run location has access to the *-manage # commands. In a pure blackbox environment it will not. (boolean # value) -#has_manage = true +has_manage = true # Number of seconds to wait on a CLI timeout (integer value) #timeout = 15 @@ -238,10 +238,10 @@ #image_ref_alt = # Valid primary flavor to use in tests. (string value) -#flavor_ref = 1 +flavor_ref = 1 # Valid secondary flavor to be used in tests. (string value) -#flavor_ref_alt = 2 +flavor_ref_alt = 2 # User name used to authenticate to an instance. (string value) #image_ssh_user = root @@ -254,12 +254,12 @@ #image_alt_ssh_user = root # Time in seconds between build status checks. (integer value) -#build_interval = 1 +build_interval = 1 # Timeout in seconds to wait for an instance to build. Other services # that do not define build_timeout will inherit this value. (integer # value) -#build_timeout = 300 +build_timeout = 300 # Should the tests ssh to instances? (boolean value) #run_ssh = false @@ -269,12 +269,12 @@ # servers with a ssh keypair. Configured: use the configured user and # password. Adminpass: use the injected adminPass. Disabled: avoid # using ssh when it is an option. (string value) -#ssh_auth_method = keypair +ssh_auth_method = adminpass # How to connect to the instance? fixed: using the first ip belongs # the fixed network floating: creating and using a floating ip. # (string value) -#ssh_connect_method = floating +ssh_connect_method = floating # User name used to authenticate to an instance. (string value) #ssh_user = root @@ -314,26 +314,26 @@ #network_for_ssh = public # IP version used for SSH connections. (integer value) -#ip_version_for_ssh = 4 +ip_version_for_ssh = 4 # Does SSH use Floating IPs? (boolean value) #use_floatingip_for_ssh = true # Catalog type of the Compute service. (string value) -#catalog_type = compute +catalog_type = compute # The compute region name to use. If empty, the value of # identity.region is used instead. If no such region is found in the # service catalog, the first found one is used. (string value) -#region = +region = regionOne # The endpoint type to use for the compute service. (string value) # Allowed values: public, admin, internal, publicURL, adminURL, internalURL -#endpoint_type = publicURL +endpoint_type = publicURL # Expected device name when a volume is attached to an instance # (string value) -#volume_device_name = vdb +volume_device_name = vdb # Time in seconds before a shelved instance is eligible for removing # from a host. -1 never offload, 0 offload when shelved. This time @@ -354,7 +354,7 @@ # # If false, skip disk config tests (boolean value) -#disk_config = true +disk_config = true # A list of enabled compute extensions with a special entry all which # indicates every extension is enabled. Each extension should be @@ -364,28 +364,28 @@ # Does the test environment support changing the admin password? # (boolean value) -#change_password = false +change_password = false # Does the test environment support obtaining instance serial console # output? (boolean value) -#console_output = true +console_output = true # Does the test environment support resizing? (boolean value) -#resize = false +resize = false # Does the test environment support pausing? (boolean value) -#pause = true +pause = true # Does the test environment support shelving/unshelving? (boolean # value) -#shelve = true +shelve = true # Does the test environment support suspend/resume? (boolean value) -#suspend = true +suspend = true # Does the test environment support live migration available? (boolean # value) -#live_migration = true +live_migration = false # Does the test environment use block devices for live migration # (boolean value) @@ -394,43 +394,43 @@ # Does the test environment block migration support cinder iSCSI # volumes. Note, libvirt doesn't support this, see # https://bugs.launchpad.net/nova/+bug/1398999 (boolean value) -#block_migrate_cinder_iscsi = false +block_migrate_cinder_iscsi = false # Enable VNC console. This configuration value should be same as # [nova.vnc]->vnc_enabled in nova.conf (boolean value) -#vnc_console = false +vnc_console = true # Enable Spice console. This configuration value should be same as # [nova.spice]->enabled in nova.conf (boolean value) -#spice_console = false +spice_console = false # Enable RDP console. This configuration value should be same as # [nova.rdp]->enabled in nova.conf (boolean value) -#rdp_console = false +rdp_console = false # Does the test environment support instance rescue mode? (boolean # value) -#rescue = true +rescue = true # Enables returning of the instance password by the relevant server # API calls such as create, rebuild or rescue. (boolean value) -#enable_instance_password = true +enable_instance_password = true # Does the test environment support dynamic network interface # attachment? (boolean value) -#interface_attach = true +interface_attach = true # Does the test environment support creating snapshot images of # running instances? (boolean value) -#snapshot = true +snapshot = true # Does the test environment have the ec2 api running? (boolean value) -#ec2_api = true +ec2_api = false # Does Nova preserve preexisting ports from Neutron when deleting an # instance? This should be set to True if testing Kilo+ Nova. (boolean # value) -#preserve_ports = false +preserve_ports = true [dashboard] @@ -440,10 +440,10 @@ # # Where the dashboard can be found (string value) -#dashboard_url = http://localhost/ +dashboard_url = http://{{ CONTROLLER_HOST_ADDRESS }} # Login page for the dashboard (string value) -#login_url = http://localhost/auth/login/ +login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/auth/login/ [data_processing] @@ -515,7 +515,7 @@ # # Catalog type of the Identity service. (string value) -#catalog_type = identity +catalog_type = identity # Set to True if using self-signed SSL certificates. (boolean value) #disable_ssl_certificate_validation = false @@ -525,36 +525,36 @@ #ca_certificates_file = # Full URI of the OpenStack Identity API (Keystone), v2 (string value) -#uri = +uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0/ # Full URI of the OpenStack Identity API (Keystone), v3 (string value) #uri_v3 = # Identity API version to be used for authentication for API tests. # (string value) -#auth_version = v2 +auth_version = v2 # The identity region name to use. Also used as the other services' # region name unless they are set explicitly. If no such region is # found in the service catalog, the first found one is used. (string # value) -#region = RegionOne +region = RegionOne # The endpoint type to use for the identity service. (string value) # Allowed values: public, admin, internal, publicURL, adminURL, internalURL -#endpoint_type = publicURL +endpoint_type = publicURL # Username to use for Nova API requests. (string value) -#username = +username = {{ NOVA_SERVICE_USER }} # Tenant name to use for Nova API requests. (string value) -#tenant_name = +tenant_name = service # Role required to administrate keystone. (string value) -#admin_role = admin +admin_role = admin # API key to use when authenticating. (string value) -#password = +password = {{ NOVA_SERVICE_PASSWORD }} # Domain name for authentication (Keystone V3).The same domain applies # to user and project (string value) @@ -577,14 +577,14 @@ # Administrative Username to use for Keystone API requests. (string # value) -#admin_username = +admin_username = admin # Administrative Tenant name to use for Keystone API requests. (string # value) -#admin_tenant_name = +admin_tenant_name = admin # API key to use when authenticating as admin. (string value) -#admin_password = +admin_password = {{ KEYSTONE_ADMIN_PASSWORD }} # Admin domain name for authentication (Keystone V3).The same domain # applies to user and project (string value) @@ -599,13 +599,13 @@ # Does the identity service have delegation and impersonation enabled # (boolean value) -#trust = true +trust = false # Is the v2 identity API enabled (boolean value) -#api_v2 = true +api_v2 = true # Is the v3 identity API enabled (boolean value) -#api_v3 = true +api_v3 = false [image] @@ -615,27 +615,27 @@ # # Catalog type of the Image service. (string value) -#catalog_type = image +catalog_type = image # The image region name to use. If empty, the value of identity.region # is used instead. If no such region is found in the service catalog, # the first found one is used. (string value) -#region = +region = regionOne # The endpoint type to use for the image service. (string value) # Allowed values: public, admin, internal, publicURL, adminURL, internalURL -#endpoint_type = publicURL +endpoint_type = publicURL # http accessible image (string value) -#http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz +http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz # Timeout in seconds to wait for an image to become available. # (integer value) -#build_timeout = 300 +build_timeout = 300 # Time in seconds between image operation status checks. (integer # value) -#build_interval = 1 +build_interval = 1 [image-feature-enabled] @@ -645,7 +645,7 @@ # # Is the v2 image API enabled (boolean value) -#api_v2 = true +api_v2 = true # Is the v1 image API enabled (boolean value) #api_v1 = true @@ -658,10 +658,10 @@ # # Matching images become parameters for scenario tests (string value) -#image_regex = ^cirros-0.3.1-x86_64-uec$ +image_regex = ^cirros-0.3.1-x86_64-uec$ # Matching flavors become parameters for scenario tests (string value) -#flavor_regex = ^m1.nano$ +flavor_regex = ^m1.nano$ # SSH verification in tests is skippedfor matching images (string # value) @@ -678,33 +678,33 @@ # # Catalog type of the Messaging service. (string value) -#catalog_type = messaging +catalog_type = messaging # The maximum number of queue records per page when listing queues # (integer value) -#max_queues_per_page = 20 +max_queues_per_page = 20 # The maximum metadata size for a queue (integer value) -#max_queue_metadata = 65536 +max_queue_metadata = 65536 # The maximum number of queue message per page when listing (or) # posting messages (integer value) -#max_messages_per_page = 20 +max_messages_per_page = 20 # The maximum size of a message body (integer value) -#max_message_size = 262144 +max_message_size = 262144 # The maximum number of messages per claim (integer value) -#max_messages_per_claim = 20 +max_messages_per_claim = 20 # The maximum ttl for a message (integer value) -#max_message_ttl = 1209600 +max_message_ttl = 1209600 # The maximum ttl for a claim (integer value) -#max_claim_ttl = 43200 +max_claim_ttl = 43200 # The maximum grace period for a claim (integer value) -#max_claim_grace = 43200 +max_claim_grace = 43200 [negative] @@ -714,7 +714,7 @@ # # Test generator class for all negative tests (string value) -#test_generator = tempest.common.generator.negative_generator.NegativeTestGenerator +test_generator = tempest.common.generator.negative_generator.NegativeTestGenerator [network] @@ -724,22 +724,22 @@ # # Catalog type of the Neutron service. (string value) -#catalog_type = network +catalog_type = network # The network region name to use. If empty, the value of # identity.region is used instead. If no such region is found in the # service catalog, the first found one is used. (string value) -#region = +region = regionOne # The endpoint type to use for the network service. (string value) # Allowed values: public, admin, internal, publicURL, adminURL, internalURL -#endpoint_type = publicURL +endpoint_type = publicURL # The cidr block to allocate tenant ipv4 subnets from (string value) -#tenant_network_cidr = 10.100.0.0/16 +tenant_network_cidr = 192.168.1.0/24 # The mask bits for tenant ipv4 subnets (integer value) -#tenant_network_mask_bits = 28 +tenant_network_mask_bits = 28 # The cidr block to allocate tenant ipv6 subnets from (string value) #tenant_network_v6_cidr = 2003::/48 @@ -768,11 +768,11 @@ # Timeout in seconds to wait for network operation to complete. # (integer value) -#build_timeout = 300 +build_timeout = 300 # Time in seconds between network operation status checks. (integer # value) -#build_interval = 1 +build_interval = 1 # List of dns servers which should be used for subnet creation (list # value) @@ -791,7 +791,7 @@ # # Allow the execution of IPv6 tests (boolean value) -#ipv6 = true +ipv6 = false # A list of enabled network extensions with a special entry all which # indicates every extension is enabled. Empty list indicates all @@ -925,14 +925,14 @@ # Enables or disables inter-process locks. (boolean value) # Deprecated group/name - [DEFAULT]/disable_process_locking -#disable_process_locking = false +disable_process_locking = false # Directory to use for lock files. For security, the specified # directory should only be writable by the user running the processes # that need locking. Defaults to environment variable OSLO_LOCK_PATH. # If external locks are used, a lock path must be set. (string value) # Deprecated group/name - [DEFAULT]/lock_path -#lock_path = +lock_path = /run/lock [scenario] @@ -984,41 +984,41 @@ # # Whether or not cinder is expected to be available (boolean value) -#cinder = true +cinder = true # Whether or not neutron is expected to be available (boolean value) -#neutron = false +neutron = true # Whether or not glance is expected to be available (boolean value) -#glance = true +glance = true # Whether or not swift is expected to be available (boolean value) -#swift = true +swift = false # Whether or not nova is expected to be available (boolean value) -#nova = true +nova = true # Whether or not Heat is expected to be available (boolean value) -#heat = false +heat = false # Whether or not Ceilometer is expected to be available (boolean # value) -#ceilometer = true +ceilometer = true # Whether or not Horizon is expected to be available (boolean value) -#horizon = true +horizon = true # Whether or not Sahara is expected to be available (boolean value) -#sahara = false +sahara = false # Whether or not Ironic is expected to be available (boolean value) -#ironic = false +ironic = false # Whether or not Trove is expected to be available (boolean value) -#trove = false +trove = false # Whether or not Zaqar is expected to be available (boolean value) -#zaqar = false +zaqar = false [stress] @@ -1070,15 +1070,15 @@ # # Catalog type of the Telemetry service. (string value) -#catalog_type = metering +catalog_type = metering # The endpoint type to use for the telemetry service. (string value) # Allowed values: public, admin, internal, publicURL, adminURL, internalURL -#endpoint_type = publicURL +endpoint_type = publicURL # This variable is used as flag to enable notification tests (boolean # value) -#too_slow_to_test = true +too_slow_to_test = true [validation] @@ -1091,26 +1091,26 @@ # belonging to the fixed network -floating: creates and uses a # floating IP (string value) # Allowed values: fixed, floating -#connect_method = floating +connect_method = floating # Default authentication method to the instance. Only ssh via keypair # is supported for now. Additional methods will be handled in a # separate spec. (string value) # Allowed values: keypair -#auth_method = keypair +auth_method = keypair # Default IP version for ssh connections. (integer value) -#ip_version_for_ssh = 4 +ip_version_for_ssh = 4 # Timeout in seconds to wait for ping to succeed. (integer value) -#ping_timeout = 120 +ping_timeout = 120 # Timeout in seconds to wait for the TCP connection to be successful. # (integer value) -#connect_timeout = 60 +connect_timeout = 60 # Timeout in seconds to wait for the ssh banner. (integer value) -#ssh_timeout = 300 +ssh_timeout = 300 [volume] @@ -1127,37 +1127,37 @@ #build_timeout = 300 # Catalog type of the Volume Service (string value) -#catalog_type = volume +catalog_type = volume # The volume region name to use. If empty, the value of # identity.region is used instead. If no such region is found in the # service catalog, the first found one is used. (string value) -#region = +region = regionOne # The endpoint type to use for the volume service. (string value) # Allowed values: public, admin, internal, publicURL, adminURL, internalURL -#endpoint_type = publicURL +endpoint_type = publicURL # Name of the backend1 (must be declared in cinder.conf) (string # value) -#backend1_name = BACKEND_1 +backend1_name = LVM_iSCSI # Name of the backend2 (must be declared in cinder.conf) (string # value) #backend2_name = BACKEND_2 # Backend protocol to target when creating volume types (string value) -#storage_protocol = iSCSI +storage_protocol = iSCSI # Backend vendor to target when creating volume types (string value) #vendor_name = Open Source # Disk format to use when copying a volume to image (string value) -#disk_format = raw +disk_format = raw # Default size in GB for volumes created by volumes tests (integer # value) -#volume_size = 1 +volume_size = 1 [volume-feature-enabled] @@ -1167,22 +1167,22 @@ # # Runs Cinder multi-backend test (requires 2 backends) (boolean value) -#multi_backend = false +multi_backend = false # Runs Cinder volumes backup test (boolean value) -#backup = true +backup = false # Runs Cinder volume snapshot test (boolean value) -#snapshot = true +snapshot = true # A list of enabled volume extensions with a special entry all which # indicates every extension is enabled. Empty list indicates all # extensions are disabled (list value) -#api_extensions = all +api_extensions = all # Is the v1 volume API enabled (boolean value) -#api_v1 = true +api_v1 = true # Is the v2 volume API enabled (boolean value) -#api_v2 = true +api_v2 = true diff --git a/install-files/openstack/manifest b/install-files/openstack/manifest index 0b17aa08..da38a638 100644 --- a/install-files/openstack/manifest +++ b/install-files/openstack/manifest @@ -1,7 +1,5 @@ 0040755 0 0 /etc/horizon 0100644 0 0 /etc/horizon/apache-horizon.conf -0040755 0 0 /etc/horizon/openstack_dashboard -0100644 0 0 /etc/horizon/openstack_dashboard/local_settings.py template 0100644 0 0 /etc/tempest/tempest.conf 0040755 0 0 /usr/share/openstack 0100644 0 0 /usr/share/openstack/hosts diff --git a/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service b/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service index 76efea5c..72cd1651 100644 --- a/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service +++ b/install-files/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service @@ -11,8 +11,7 @@ StandardOutput=null StandardError=null ExecStart=/usr/bin/neutron-l3-agent \ --config-file=/etc/neutron/neutron.conf \ - --config-file=/etc/neutron/l3_agent.ini \ - --config-file=/etc/neutron/fwaas_driver.ini + --config-file=/etc/neutron/l3_agent.ini [Install] WantedBy=multi-user.target diff --git a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf index 66a1db14..b1ad2f47 100644 --- a/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf +++ b/install-files/openstack/usr/share/openstack/ceilometer/ceilometer.conf @@ -4,13 +4,15 @@ # From ceilometer # +auth_strategy = keystone + # To reduce large requests at same time to Nova or other components # from different compute agents, shuffle start time of polling task. # (integer value) #shuffle_time_before_polling_task = 0 # Configuration file for WSGI definition of API. (string value) -#api_paste_config = api_paste.ini +api_paste_config = api_paste.ini # Number of workers for Ceilometer API server. (integer value) #api_workers = 1 @@ -24,10 +26,10 @@ #pollster_list = [] # Exchange name for Nova notifications. (string value) -#nova_control_exchange = nova +nova_control_exchange = nova # List of metadata prefixes reserved for metering use. (list value) -#reserved_metadata_namespace = metering. +reserved_metadata_namespace = metering. # Limit on length of reserved metadata values. (integer value) #reserved_metadata_length = 256 @@ -37,11 +39,11 @@ #reserved_metadata_keys = # Inspector to use for inspecting the hypervisor layer. (string value) -#hypervisor_inspector = libvirt +hypervisor_inspector = libvirt # Libvirt domain type. (string value) # Allowed values: kvm, lxc, qemu, uml, xen -#libvirt_type = kvm +libvirt_type = {{ NOVA_VIRT_TYPE }} # Override the default libvirt URI (which is dependent on # libvirt_type). (string value) @@ -55,7 +57,7 @@ #dispatcher = database # Exchange name for Keystone notifications. (string value) -#keystone_control_exchange = keystone +keystone_control_exchange = keystone # Number of items to request in each paginated Glance API request # (parameter used by glancecelient). If this is less than or equal to @@ -64,10 +66,10 @@ #glance_page_size = 0 # Exchange name for Glance notifications. (string value) -#glance_control_exchange = glance +glance_control_exchange = glance # Exchange name for Ironic notifications. (string value) -#ironic_exchange = ironic +ironic_exchange = ironic # Exchanges name to listen for notifications. (multi valued) #http_control_exchanges = nova @@ -77,7 +79,7 @@ # Exchange name for Neutron notifications. (string value) # Deprecated group/name - [DEFAULT]/quantum_control_exchange -#neutron_control_exchange = neutron +neutron_control_exchange = neutron # Allow novaclient's debug log output. (boolean value) #nova_http_log_debug = false @@ -135,7 +137,7 @@ # Use syslog for logging. Existing syslog format is DEPRECATED during # I, and will change in J to honor RFC5424. (boolean value) -#use_syslog = false +use_syslog = True # (Optional) Enables or disables syslog rfc5424 format for logging. If # enabled, prefixes the MSG part of the syslog message with APP-NAME @@ -181,10 +183,10 @@ #heat_control_exchange = heat # Configuration file for pipeline definition. (string value) -#pipeline_cfg_file = pipeline.yaml +pipeline_cfg_file = pipeline.yaml # Configuration file for event pipeline definition. (string value) -#event_pipeline_cfg_file = event_pipeline.yaml +event_pipeline_cfg_file = event_pipeline.yaml # Exchange name for DBaaS notifications. (string value) #trove_control_exchange = trove @@ -218,10 +220,10 @@ # Path to the rootwrap configuration file touse for running commands # as root (string value) -#rootwrap_config = /etc/ceilometer/rootwrap.conf +rootwrap_config = /etc/ceilometer/rootwrap.conf # Exchange name for Cinder notifications. (string value) -#cinder_control_exchange = cinder +cinder_control_exchange = cinder # # From oslo.messaging @@ -282,7 +284,7 @@ # The messaging driver to use, defaults to rabbit. Other drivers # include qpid and zmq. (string value) -#rpc_backend = rabbit +rpc_backend = rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the transport_url @@ -316,7 +318,7 @@ # The topic that ceilometer uses for alarm notifier messages. (string # value) -#notifier_rpc_topic = alarm_notifier +notifier_rpc_topic = alarm_notifier # The topic that ceilometer uses for alarm partition coordination # messages. DEPRECATED: RPC-based partitionedalarm evaluation service @@ -351,10 +353,10 @@ # The port for the ceilometer API server. (integer value) # Deprecated group/name - [DEFAULT]/metering_api_port -#port = 8777 +port = 8777 # The listen IP for the ceilometer API server. (string value) -#host = 0.0.0.0 +host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Toggle Pecan Debug Middleware. (boolean value) #pecan_debug = false @@ -488,6 +490,7 @@ # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = +connection=postgresql://{{ CEILOMETER_DB_USER }}:{{ CEILOMETER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ceilometer # The SQLAlchemy connection string to use to connect to the slave # database. (string value) @@ -593,7 +596,7 @@ # # Configuration file for event definitions. (string value) -#definitions_cfg_file = event_definitions.yaml +definitions_cfg_file = event_definitions.yaml # Drop notifications if no event definition matches. (Otherwise, we # convert them with just the default traits) (boolean value) @@ -642,7 +645,7 @@ # # Complete public Identity API endpoint. (string value) -#auth_uri = +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 # API version of the admin Identity API endpoint. (string value) #auth_version = @@ -785,7 +788,7 @@ # Complete admin Identity API endpoint. This should specify the # unversioned root endpoint e.g. https://localhost:35357/ (string # value) -#identity_uri = +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 # This option is deprecated and may be removed in a future release. # Single shared secret with the Keystone configuration used for @@ -795,13 +798,13 @@ #admin_token = # Service username. (string value) -#admin_user = +admin_user = {{ CEILOMETER_SERVICE_USER }} # Service user password. (string value) -#admin_password = +admin_password = {{ CEILOMETER_SERVICE_PASSWORD }} # Service tenant name. (string value) -#admin_tenant_name = admin +admin_tenant_name = service [matchmaker_redis] @@ -1047,12 +1050,12 @@ # The RabbitMQ broker address where a single node is used. (string # value) # Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host = localhost +rabbit_host = {{ RABBITMQ_HOST }} # The RabbitMQ broker port where a single node is used. (integer # value) # Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port = 5672 +rabbit_port = {{ RABBITMQ_PORT }} # RabbitMQ HA cluster host:port pairs. (list value) # Deprecated group/name - [DEFAULT]/rabbit_hosts @@ -1060,15 +1063,15 @@ # Connect over SSL for RabbitMQ. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_use_ssl -#rabbit_use_ssl = false +rabbit_use_ssl = false # The RabbitMQ userid. (string value) # Deprecated group/name - [DEFAULT]/rabbit_userid -#rabbit_userid = guest +rabbit_userid = {{ RABBITMQ_USER }} # The RabbitMQ password. (string value) # Deprecated group/name - [DEFAULT]/rabbit_password -#rabbit_password = guest +rabbit_password = {{ RABBITMQ_PASSWORD }} # The RabbitMQ login method. (string value) # Deprecated group/name - [DEFAULT]/rabbit_login_method @@ -1076,7 +1079,7 @@ # The RabbitMQ virtual host. (string value) # Deprecated group/name - [DEFAULT]/rabbit_virtual_host -#rabbit_virtual_host = / +rabbit_virtual_host = / # How frequently to retry connecting with RabbitMQ. (integer value) #rabbit_retry_interval = 1 @@ -1120,12 +1123,12 @@ # The JSON file that defines policies. (string value) # Deprecated group/name - [DEFAULT]/policy_file -#policy_file = policy.json +policy_file = policy.json # Default rule. Enforced when a requested rule is not found. (string # value) # Deprecated group/name - [DEFAULT]/policy_default_rule -#policy_default_rule = default +policy_default_rule = default # Directories where policy configuration files are stored. They can be # relative to any directory in the search path defined by the @@ -1216,11 +1219,11 @@ # User name to use for OpenStack service access. (string value) # Deprecated group/name - [DEFAULT]/os_username -#os_username = ceilometer +os_username = {{ CEILOMETER_SERVICE_USER }} # Password to use for OpenStack service access. (string value) # Deprecated group/name - [DEFAULT]/os_password -#os_password = admin +os_password = {{ CEILOMETER_SERVICE_PASSWORD }} # Tenant ID to use for OpenStack service access. (string value) # Deprecated group/name - [DEFAULT]/os_tenant_id @@ -1228,22 +1231,22 @@ # Tenant name to use for OpenStack service access. (string value) # Deprecated group/name - [DEFAULT]/os_tenant_name -#os_tenant_name = admin +os_tenant_name = service # Certificate chain for SSL validation. (string value) #os_cacert = # Auth URL to use for OpenStack service access. (string value) # Deprecated group/name - [DEFAULT]/os_auth_url -#os_auth_url = http://localhost:5000/v2.0 +os_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 # Region name to use for OpenStack service endpoints. (string value) # Deprecated group/name - [DEFAULT]/os_region_name -#os_region_name = +os_region_name = regionOne # Type of endpoint in Identity service catalog to use for # communication with OpenStack services. (string value) -#os_endpoint_type = publicURL +os_endpoint_type = internalURL # Disables X.509 certificate validation when an SSL connection to # Identity Service is established. (boolean value) @@ -1260,13 +1263,13 @@ #kwapi = energy # Glance service type. (string value) -#glance = image +glance = image # Neutron service type. (string value) -#neutron = network +neutron = network # Nova service type. (string value) -#nova = compute +nova = compute # Radosgw service type. (string value) #radosgw = object-store diff --git a/install-files/openstack/usr/share/openstack/cinder/cinder.conf b/install-files/openstack/usr/share/openstack/cinder/cinder.conf index 8afdb941..f690fbed 100644 --- a/install-files/openstack/usr/share/openstack/cinder/cinder.conf +++ b/install-files/openstack/usr/share/openstack/cinder/cinder.conf @@ -1,5 +1,7 @@ [DEFAULT] +use_syslog = True + # # Options defined in oslo.messaging # @@ -45,7 +47,7 @@ # Driver or drivers to handle sending notifications. (multi # valued) -#notification_driver= +notification_driver=messagingv2 # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics @@ -61,12 +63,12 @@ # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) -#rpc_backend=rabbit +rpc_backend=rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) -#control_exchange=openstack +control_exchange=cinder # @@ -481,18 +483,18 @@ # File name for the paste.deploy config for cinder-api (string # value) -#api_paste_config=api-paste.ini +api_paste_config=api-paste.ini # Top-level directory for maintaining cinder's state (string # value) # Deprecated group/name - [DEFAULT]/pybasedir -#state_path=/var/lib/cinder +state_path=/var/lib/cinder # IP address of this host (string value) -#my_ip=10.0.0.1 +my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Default glance host name or IP (string value) -#glance_host=$my_ip +glance_host={{ CONTROLLER_HOST_ADDRESS }} # Default glance port (integer value) #glance_port=9292 @@ -586,7 +588,7 @@ # Path to the rootwrap configuration file to use for running # commands as root (string value) -#rootwrap_config=/etc/cinder/rootwrap.conf +rootwrap_config=/etc/cinder/rootwrap.conf # Enable monkey patching (boolean value) #monkey_patch=false @@ -608,7 +610,7 @@ # The strategy to use for auth. Supports noauth, keystone, and # deprecated. (string value) -#auth_strategy=noauth +auth_strategy=keystone # A list of backend names to use. These backend names should # be backed by a unique [CONFIG] group with its options (list @@ -698,15 +700,15 @@ # Template string to be used to generate volume names (string # value) -#volume_name_template=volume-%s +volume_name_template=volume-%s # Template string to be used to generate snapshot names # (string value) -#snapshot_name_template=snapshot-%s +snapshot_name_template=snapshot-%s # Template string to be used to generate backup names (string # value) -#backup_name_template=backup-%s +backup_name_template=backup-%s # @@ -941,7 +943,7 @@ # The IP address that the iSCSI daemon is listening on (string # value) -#iscsi_ip_address=$my_ip +iscsi_ip_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # The list of secondary IP addresses of the iSCSI daemon (list # value) @@ -958,7 +960,7 @@ # The backend name for a given driver implementation (string # value) -#volume_backend_name= +volume_backend_name=LVM_iSCSI # Do we attach/detach volumes in cinder using multipath for # volume to image and image to volume transfers? (boolean @@ -987,10 +989,10 @@ # support, iseradm for the ISER protocol, ietadm for iSCSI # Enterprise Target, iscsictl for Chelsio iSCSI Target or fake # for testing. (string value) -#iscsi_helper=tgtadm +iscsi_helper=lioadm # Volume configuration file storage directory (string value) -#volumes_dir=$state_path/volumes +volumes_dir=$state_path/volumes # IET configuration file (string value) #iet_conf=/etc/iet/ietd.conf @@ -1588,7 +1590,7 @@ # Name for the VG that will contain exported volumes (string # value) -#volume_group=cinder-volumes +volume_group=cinder-volumes # If >0, create LVs with multiple mirrors. Note that this # requires lvm_mirrors + 2 PVs with available space (integer @@ -2261,7 +2263,7 @@ # # Driver to use for volume creation (string value) -#volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver +volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver # Timeout for creating the volume to migrate to when # performing volume migration (seconds) (integer value) @@ -2357,6 +2359,10 @@ # Deprecated group/name - [DEFAULT]/dbapi_use_tpool #use_tpool=false +# The SQLAlchemy connection string to use to connect to the +# database. (string value) +connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/cinder + [fc-zone-manager] @@ -2428,6 +2434,10 @@ #encryption_api_url=http://localhost:9311/v1 +[oslo_concurrency] + +lock_path = /var/lock/cinder + [keystone_authtoken] # @@ -2435,7 +2445,7 @@ # # Complete public Identity API endpoint. (string value) -#auth_uri= +auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 # API version of the admin Identity API endpoint. (string # value) @@ -2740,23 +2750,23 @@ # The RabbitMQ broker address where a single node is used. # (string value) -#rabbit_host=localhost +rabbit_host={{ RABBITMQ_HOST }} # The RabbitMQ broker port where a single node is used. # (integer value) -#rabbit_port=5672 +rabbit_port={{ RABBITMQ_PORT }} # RabbitMQ HA cluster host:port pairs. (list value) -#rabbit_hosts=$rabbit_host:$rabbit_port +rabbit_hosts=$rabbit_host:$rabbit_port # Connect over SSL for RabbitMQ. (boolean value) #rabbit_use_ssl=false # The RabbitMQ userid. (string value) -#rabbit_userid=guest +rabbit_userid={{ RABBITMQ_USER }} # The RabbitMQ password. (string value) -#rabbit_password=guest +rabbit_password={{ RABBITMQ_PASSWORD }} # The RabbitMQ login method. (string value) #rabbit_login_method=AMQPLAIN @@ -2962,7 +2972,7 @@ # Complete admin Identity API endpoint. This should specify the # unversioned root endpoint e.g. https://localhost:35357/ (string # value) -#identity_uri = +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 # This option is deprecated and may be removed in a future release. # Single shared secret with the Keystone configuration used for @@ -2972,10 +2982,10 @@ #admin_token = # Service username. (string value) -#admin_user = +admin_user = {{ CINDER_SERVICE_USER }} # Service user password. (string value) -#admin_password = +admin_password = {{ CINDER_SERVICE_PASSWORD }} # Service tenant name. (string value) -#admin_tenant_name = admin +admin_tenant_name = service diff --git a/install-files/openstack/usr/share/openstack/glance/glance-api.conf b/install-files/openstack/usr/share/openstack/glance/glance-api.conf index 6e85cbb5..9c2e6628 100644 --- a/install-files/openstack/usr/share/openstack/glance/glance-api.conf +++ b/install-files/openstack/usr/share/openstack/glance/glance-api.conf @@ -12,7 +12,7 @@ #image_size_cap = 1099511627776 # Address to bind the API server -bind_host = 0.0.0.0 +bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Port the bind the API server to bind_port = 9292 @@ -22,7 +22,7 @@ bind_port = 9292 # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. -log_file = /var/log/glance/api.log +# log_file = /var/log/glance/api.log # Backlog requests when creating socket backlog = 4096 @@ -116,7 +116,7 @@ backlog = 4096 # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` -#use_syslog = False +use_syslog = True # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL0 @@ -151,7 +151,7 @@ backlog = 4096 # ============ Registry Options =============================== # Address to find the registry server -registry_host = 0.0.0.0 +registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Port the registry server is listening on registry_port = 9191 @@ -215,7 +215,7 @@ registry_client_protocol = http # Driver or drivers to handle sending notifications. Set to # 'messaging' to send notifications to a message queue. -# notification_driver = noop +notification_driver = messagingv2 # Default publisher_id for outgoing notifications. # default_publisher_id = image.localhost @@ -230,15 +230,15 @@ registry_client_protocol = http # disabled_notifications = [] # Messaging driver used for 'messaging' notifications driver -# rpc_backend = 'rabbit' +rpc_backend = 'rabbit' # Configuration options if sending notifications via rabbitmq (these are # the defaults) -rabbit_host = localhost -rabbit_port = 5672 +rabbit_host = {{ RABBITMQ_HOST }} +rabbit_port = {{ RABBITMQ_PORT }} rabbit_use_ssl = false -rabbit_userid = guest -rabbit_password = guest +rabbit_userid = {{ RABBITMQ_USER }} +rabbit_password = {{ RABBITMQ_PASSWORD }} rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications @@ -246,22 +246,22 @@ rabbit_durable_queues = False # Configuration options if sending notifications via Qpid (these are # the defaults) -qpid_notification_exchange = glance -qpid_notification_topic = notifications -qpid_hostname = localhost -qpid_port = 5672 -qpid_username = -qpid_password = -qpid_sasl_mechanisms = -qpid_reconnect_timeout = 0 -qpid_reconnect_limit = 0 -qpid_reconnect_interval_min = 0 -qpid_reconnect_interval_max = 0 -qpid_reconnect_interval = 0 -qpid_heartbeat = 5 +#qpid_notification_exchange = glance +#qpid_notification_topic = notifications +#qpid_hostname = localhost +#qpid_port = 5672 +#qpid_username = +#qpid_password = +#qpid_sasl_mechanisms = +#qpid_reconnect_timeout = 0 +#qpid_reconnect_limit = 0 +#qpid_reconnect_interval_min = 0 +#qpid_reconnect_interval_max = 0 +#qpid_reconnect_interval = 0 +#qpid_heartbeat = 5 # Set to 'ssl' to enable SSL -qpid_protocol = tcp -qpid_tcp_nodelay = True +#qpid_protocol = tcp +#qpid_tcp_nodelay = True # ============ Delayed Delete Options ============================= @@ -337,6 +337,7 @@ image_cache_dir = /var/lib/glance/image-cache/ # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = +connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To @@ -431,10 +432,11 @@ image_cache_dir = /var/lib/glance/image-cache/ #lock_path = /tmp [keystone_authtoken] -identity_uri = http://127.0.0.1:35357 -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +admin_tenant_name = service +admin_user = {{ GLANCE_SERVICE_USER }} +admin_password = {{ GLANCE_SERVICE_PASSWORD }} revocation_cache_time = 10 [paste_deploy] @@ -445,7 +447,7 @@ revocation_cache_time = 10 # service name removed. For example, if your paste section name is # [pipeline:glance-api-keystone], you would configure the flavor below # as 'keystone'. -#flavor= +flavor=keystone [store_type_location_strategy] # The scheme list to use to get store preference order. The scheme must be diff --git a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf index f7ce7956..40993d8d 100644 --- a/install-files/openstack/usr/share/openstack/glance/glance-registry.conf +++ b/install-files/openstack/usr/share/openstack/glance/glance-registry.conf @@ -6,7 +6,7 @@ #debug = False # Address to bind the registry server -bind_host = 0.0.0.0 +bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Port the bind the registry server to bind_port = 9191 @@ -16,7 +16,7 @@ bind_port = 9191 # # If `log_file` is omitted and `use_syslog` is false, then log messages are # sent to stdout as a fallback. -log_file = /var/log/glance/registry.log +# log_file = /var/log/glance/registry.log # Backlog requests when creating socket backlog = 4096 @@ -65,7 +65,7 @@ limit_param_default = 25 # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` -#use_syslog = False +use_syslog = True # Facility to use. If unset defaults to LOG_USER. #syslog_log_facility = LOG_LOCAL1 @@ -85,21 +85,21 @@ limit_param_default = 25 # Driver or drivers to handle sending notifications. Set to # 'messaging' to send notifications to a message queue. -# notification_driver = noop +notification_driver = messagingv2 # Default publisher_id for outgoing notifications. # default_publisher_id = image.localhost # Messaging driver used for 'messaging' notifications driver -# rpc_backend = 'rabbit' +rpc_backend = 'rabbit' # Configuration options if sending notifications via rabbitmq (these are # the defaults) -rabbit_host = localhost -rabbit_port = 5672 +rabbit_host = {{ RABBITMQ_HOST }} +rabbit_port = {{ RABBITMQ_PORT }} rabbit_use_ssl = false -rabbit_userid = guest -rabbit_password = guest +rabbit_userid = {{ RABBITMQ_USER }} +rabbit_password = {{ RABBITMQ_PASSWORD }} rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications @@ -107,22 +107,22 @@ rabbit_durable_queues = False # Configuration options if sending notifications via Qpid (these are # the defaults) -qpid_notification_exchange = glance -qpid_notification_topic = notifications -qpid_hostname = localhost -qpid_port = 5672 -qpid_username = -qpid_password = -qpid_sasl_mechanisms = -qpid_reconnect_timeout = 0 -qpid_reconnect_limit = 0 -qpid_reconnect_interval_min = 0 -qpid_reconnect_interval_max = 0 -qpid_reconnect_interval = 0 -qpid_heartbeat = 5 +#qpid_notification_exchange = glance +#qpid_notification_topic = notifications +#qpid_hostname = localhost +#qpid_port = 5672 +#qpid_username = +#qpid_password = +#qpid_sasl_mechanisms = +#qpid_reconnect_timeout = 0 +#qpid_reconnect_limit = 0 +#qpid_reconnect_interval_min = 0 +#qpid_reconnect_interval_max = 0 +#qpid_reconnect_interval = 0 +#qpid_heartbeat = 5 # Set to 'ssl' to enable SSL -qpid_protocol = tcp -qpid_tcp_nodelay = True +#qpid_protocol = tcp +#qpid_tcp_nodelay = True # =============== Policy Options ============================== @@ -163,6 +163,7 @@ qpid_tcp_nodelay = True # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = +connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance # The SQL mode to be used for MySQL sessions. This option, # including the default, overrides any server-set SQL mode. To @@ -243,10 +244,11 @@ qpid_tcp_nodelay = True #db_max_retries = 20 [keystone_authtoken] -identity_uri = http://127.0.0.1:35357 -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +admin_tenant_name = service +admin_user = {{ GLANCE_SERVICE_USER }} +admin_password = {{ GLANCE_SERVICE_PASSWORD }} [paste_deploy] # Name of the paste configuration file that defines the available pipelines @@ -256,7 +258,7 @@ admin_password = %SERVICE_PASSWORD% # service name removed. For example, if your paste section name is # [pipeline:glance-registry-keystone], you would configure the flavor below # as 'keystone'. -#flavor= +flavor=keystone [profiler] # If False fully disable profiling feature. diff --git a/install-files/openstack/usr/share/openstack/horizon.yml b/install-files/openstack/usr/share/openstack/horizon.yml index 14cea5c5..1fec4ab0 100644 --- a/install-files/openstack/usr/share/openstack/horizon.yml +++ b/install-files/openstack/usr/share/openstack/horizon.yml @@ -23,14 +23,13 @@ shell: /sbin/nologin home: /var/lib/horizon - - name: Create the /var folders for horizon + - name: Fix permissions in /var/lib/horizon file: - path: "{{ item }}" + path: /var/lib/horizon state: directory owner: horizon group: horizon - with_items: - - /var/lib/horizon + recurse: yes - name: Link horizon apache configuration file: diff --git a/install-files/openstack/usr/share/openstack/ironic/ironic.conf b/install-files/openstack/usr/share/openstack/ironic/ironic.conf index ccf368f0..a5b5d2e3 100644 --- a/install-files/openstack/usr/share/openstack/ironic/ironic.conf +++ b/install-files/openstack/usr/share/openstack/ironic/ironic.conf @@ -74,7 +74,7 @@ # # IP address of this host. (string value) -#my_ip=10.0.0.1 +my_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # @@ -102,7 +102,7 @@ # present on your system may be found by enumerating the # "ironic.drivers" entrypoint. An example may be found in the # developer documentation online. (list value) -#enabled_drivers=pxe_ipmitool +enabled_drivers=pxe_ipmitool,pxe_ssh # @@ -307,7 +307,7 @@ # Use syslog for logging. Existing syslog format is DEPRECATED # during I, and will change in J to honor RFC5424. (boolean # value) -#use_syslog=false +use_syslog=true # (Optional) Enables or disables syslog rfc5424 format for # logging. If enabled, prefixes the MSG part of the syslog @@ -434,7 +434,7 @@ # URL of Ironic API service. If not set ironic can get the # current value from the keystone service catalog. (string # value) -#api_url= +api_url = http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 # Seconds between conductor heart beats. (integer value) #heartbeat_interval=10 @@ -574,7 +574,7 @@ # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -#connection= +connection = postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic # The SQLAlchemy connection string to use to connect to the # slave database. (string value) @@ -807,7 +807,7 @@ # # Default glance hostname or IP address. (string value) -#glance_host=$my_ip +glance_host = {{ CONTROLLER_HOST_ADDRESS }} # Default glance port. (integer value) #glance_port=9292 @@ -966,7 +966,7 @@ # # Complete public Identity API endpoint. (string value) -#auth_uri= +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 # API version of the admin Identity API endpoint. (string # value) @@ -1119,7 +1119,7 @@ # Complete admin Identity API endpoint. This should specify # the unversioned root endpoint e.g. https://localhost:35357/ # (string value) -#identity_uri= +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 # This option is deprecated and may be removed in a future # release. Single shared secret with the Keystone @@ -1130,13 +1130,13 @@ #admin_token= # Service username. (string value) -#admin_user= +admin_user = {{ IRONIC_SERVICE_USER }} # Service user password. (string value) -#admin_password= +admin_password = {{ IRONIC_SERVICE_PASSWORD }} # Service tenant name. (string value) -#admin_tenant_name=admin +admin_tenant_name=service [matchmaker_redis] @@ -1173,7 +1173,7 @@ # # URL for connecting to neutron. (string value) -#url=http://$my_ip:9696 +url = http://{{ CONTROLLER_HOST_ADDRESS }}:9696 # Timeout value for connecting to neutron in seconds. (integer # value) @@ -1356,11 +1356,11 @@ # The RabbitMQ broker address where a single node is used. # (string value) -#rabbit_host=localhost +rabbit_host = {{ RABBITMQ_HOST }} # The RabbitMQ broker port where a single node is used. # (integer value) -#rabbit_port=5672 +rabbit_port = {{ RABBITMQ_PORT }} # RabbitMQ HA cluster host:port pairs. (list value) #rabbit_hosts=$rabbit_host:$rabbit_port @@ -1369,10 +1369,10 @@ #rabbit_use_ssl=false # The RabbitMQ userid. (string value) -#rabbit_userid=guest +rabbit_userid = {{ RABBITMQ_USER }} # The RabbitMQ password. (string value) -#rabbit_password=guest +rabbit_password = {{ RABBITMQ_PASSWORD }} # The RabbitMQ login method. (string value) #rabbit_login_method=AMQPLAIN @@ -1483,11 +1483,11 @@ #tftp_server=$my_ip # Ironic compute node's tftp root path. (string value) -#tftp_root=/tftpboot +tftp_root=/srv/tftp_root/ # Directory where master tftp images are stored on disk. # (string value) -#tftp_master_path=/tftpboot/master_images +tftp_master_path=/srv/tftp_root/master_images # Bootfile DHCP parameter. (string value) #pxe_bootfile_name=pxelinux.0 diff --git a/install-files/openstack/usr/share/openstack/keystone/keystone.conf b/install-files/openstack/usr/share/openstack/keystone/keystone.conf index 1c2298bf..1a082601 100644 --- a/install-files/openstack/usr/share/openstack/keystone/keystone.conf +++ b/install-files/openstack/usr/share/openstack/keystone/keystone.conf @@ -9,7 +9,7 @@ # production (highly recommended), remove AdminTokenAuthMiddleware from your # paste application pipelines (for example, in keystone-paste.ini). (string # value) -#admin_token = ADMIN +admin_token = {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} # (Deprecated) The port which the OpenStack Compute service listens on. This # option was only used for string replacement in the templated catalog backend. @@ -249,7 +249,7 @@ # The messaging driver to use, defaults to rabbit. Other drivers include qpid # and zmq. (string value) -#rpc_backend = rabbit +rpc_backend = rabbit # The default exchange under which topics are scoped. May be overridden by an # exchange name specified in the transport_url option. (string value) @@ -415,7 +415,7 @@ # Deprecated group/name - [DEFAULT]/sql_connection # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection -#connection = +connection=postgresql://{{ KEYSTONE_DB_USER }}:{{ KEYSTONE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/keystone # The SQLAlchemy connection string to use to connect to the slave database. # (string value) @@ -557,7 +557,7 @@ # The port number which the public service listens on. (integer value) # Deprecated group/name - [DEFAULT]/public_port -#public_port = 5000 +public_port = 5000 # The IP address of the network interface for the admin service to listen on. # (string value) @@ -567,7 +567,7 @@ # The port number which the admin service listens on. (integer value) # Deprecated group/name - [DEFAULT]/admin_port -#admin_port = 35357 +admin_port = 35357 # Set this to true if you want to enable TCP_KEEPALIVE on server sockets, i.e. # sockets used by the Keystone wsgi server for client connections. (boolean @@ -1337,27 +1337,27 @@ # The RabbitMQ broker address where a single node is used. (string value) # Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host = localhost +rabbit_host = {{ RABBITMQ_HOST }} # The RabbitMQ broker port where a single node is used. (integer value) # Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port = 5672 +rabbit_port = {{ RABBITMQ_PORT }} # RabbitMQ HA cluster host:port pairs. (list value) # Deprecated group/name - [DEFAULT]/rabbit_hosts -#rabbit_hosts = $rabbit_host:$rabbit_port +rabbit_hosts = $rabbit_host:$rabbit_port # Connect over SSL for RabbitMQ. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_use_ssl -#rabbit_use_ssl = false +rabbit_use_ssl = false # The RabbitMQ userid. (string value) # Deprecated group/name - [DEFAULT]/rabbit_userid -#rabbit_userid = guest +rabbit_userid = {{ RABBITMQ_USER }} # The RabbitMQ password. (string value) # Deprecated group/name - [DEFAULT]/rabbit_password -#rabbit_password = guest +rabbit_password = {{ RABBITMQ_PASSWORD }} # The RabbitMQ login method. (string value) # Deprecated group/name - [DEFAULT]/rabbit_login_method @@ -1681,10 +1681,10 @@ # Controls the token construction, validation, and revocation operations. Core # providers are "keystone.token.providers.[fernet|pkiz|pki|uuid].Provider". # (string value) -#provider = keystone.token.providers.uuid.Provider +provider = keystone.token.providers.uuid.Provider # Token persistence backend driver. (string value) -#driver = keystone.token.persistence.backends.sql.Token +driver = keystone.token.persistence.backends.sql.Token # Toggle for token system caching. This has no effect unless global caching is # enabled. (boolean value) diff --git a/install-files/openstack/usr/share/openstack/neutron-config.yml b/install-files/openstack/usr/share/openstack/neutron-config.yml index 97f4c76e..5d594353 100644 --- a/install-files/openstack/usr/share/openstack/neutron-config.yml +++ b/install-files/openstack/usr/share/openstack/neutron-config.yml @@ -22,17 +22,6 @@ - /var/lock/neutron - /var/log/neutron - - name: Get service tenant id needed in neutron.conf - shell: | - keystone \ - --os-endpoint http://{{ CONTROLLER_HOST_ADDRESS|quote }}:35357/v2.0 \ - --os-token {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN|quote }} \ - tenant-get service | grep id | tr -d " " | cut -d"|" -f3 - register: tenant_service_id - - - set_fact: - SERVICE_TENANT_ID: "{{ tenant_service_id.stdout }}" - - name: Create the directories needed for Neutron configuration files. file: path: /etc/{{ item }} diff --git a/install-files/openstack/usr/share/openstack/neutron-db.yml b/install-files/openstack/usr/share/openstack/neutron-db.yml index 91dde6fe..9cc77b5a 100644 --- a/install-files/openstack/usr/share/openstack/neutron-db.yml +++ b/install-files/openstack/usr/share/openstack/neutron-db.yml @@ -46,6 +46,6 @@ neutron-db-manage \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ - upgrade juno + upgrade head sudo: yes sudo_user: neutron diff --git a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini index a0adccaa..e0963e57 100644 --- a/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/dhcp_agent.ini @@ -13,7 +13,7 @@ # Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, # BigSwitch/Floodlight) -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Name of Open vSwitch bridge to use # ovs_integration_bridge = br-int @@ -28,7 +28,7 @@ # The agent can use other DHCP drivers. Dnsmasq is the simplest and requires # no additional setup of the DHCP server. -# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq +dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and # iproute2 package that supports namespaces). This option is deprecated and @@ -41,7 +41,7 @@ # specific host routes to the DHCP request. The metadata service will only # be activated when the subnet does not contain any router port. The guest # instance must be configured to request host routes via DHCP (Option 121). -# enable_isolated_metadata = False +enable_isolated_metadata = True # Allows for serving metadata requests coming from a dedicated metadata # access network whose cidr is 169.254.169.254/16 (or larger prefix), and diff --git a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini index 0d56436b..bc1321e4 100644 --- a/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/l3_agent.ini @@ -4,7 +4,7 @@ # L3 requires that an interface driver be set. Choose the one that best # matches your plugin. -# interface_driver = +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) # that supports L3 agent @@ -59,7 +59,7 @@ # Name of bridge used for external network traffic. This should be set to # empty value for the linux bridge. when this parameter is set, each L3 agent # can be associated with no more than one external network. -# external_network_bridge = br-ex +external_network_bridge = br-ex # TCP Port used by Neutron metadata server # metadata_port = 9697 diff --git a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini index 4a0331ee..ee89c943 100644 --- a/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini +++ b/install-files/openstack/usr/share/openstack/neutron/metadata_agent.ini @@ -3,21 +3,21 @@ # debug = True # The Neutron user information for accessing the Neutron API. -auth_url = http://localhost:5000/v2.0 -auth_region = RegionOne +auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +auth_region = regionOne # Turn off verification of the certificate for ssl # auth_insecure = False # Certificate Authority public key (CA cert) file for ssl # auth_ca_cert = -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +admin_tenant_name = service +admin_user = {{ NEUTRON_SERVICE_USER }} +admin_password = {{ NEUTRON_SERVICE_PASSWORD }} # Network service endpoint type to pull from the keystone catalog # endpoint_type = adminURL # IP address used by Nova metadata server -# nova_metadata_ip = 127.0.0.1 +nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }} # TCP Port used by Nova metadata server # nova_metadata_port = 8775 @@ -40,7 +40,7 @@ admin_password = %SERVICE_PASSWORD% # shared secret to prevent spoofing. You may select any string for a secret, # but it must match here and in the configuration used by the Nova Metadata # Server. NOTE: Nova uses the same config key, but in [neutron] section. -# metadata_proxy_shared_secret = +metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }} # Location of Metadata Proxy UNIX domain socket # metadata_proxy_socket = $state_path/metadata_proxy diff --git a/install-files/openstack/usr/share/openstack/neutron/neutron.conf b/install-files/openstack/usr/share/openstack/neutron/neutron.conf index ee42954b..33c6398a 100644 --- a/install-files/openstack/usr/share/openstack/neutron/neutron.conf +++ b/install-files/openstack/usr/share/openstack/neutron/neutron.conf @@ -29,7 +29,7 @@ # (not user_stderr) and (not log_file) -> stdout # publish_errors -> notification system -# use_syslog = False +use_syslog = True # syslog_log_facility = LOG_USER # use_stderr = True @@ -57,7 +57,7 @@ # previous versions, the class name of a plugin can be specified instead of its # entrypoint name. # -# core_plugin = +core_plugin = ml2 # Example: core_plugin = ml2 # (ListOpt) List of service plugin entrypoints to be loaded from the @@ -66,7 +66,7 @@ # with previous versions, the class name of a plugin can be specified instead # of its entrypoint name. # -# service_plugins = +service_plugins = router # Example: service_plugins = router,firewall,lbaas,vpnaas,metering # Paste configuration file @@ -81,7 +81,7 @@ # The strategy to be used for auth. # Supported values are 'keystone'(default), 'noauth'. -# auth_strategy = keystone +auth_strategy = keystone # Base MAC address. The first 3 octets will remain unchanged. If the # 4h octet is not 00, it will also be used. The others will be @@ -118,7 +118,7 @@ # Enable or disable overlapping IPs for subnets # Attention: the following parameter MUST be set to False if Neutron is # being used in conjunction with nova security groups -# allow_overlapping_ips = False +allow_overlapping_ips = True # Ensure that configured gateway is on subnet. For IPv6, validate only if # gateway is not a link local address. Deprecated, to be removed during the # K release, at which point the check will be mandatory. @@ -334,14 +334,14 @@ # ======== neutron nova interactions ========== # Send notification to nova when port status is active. -# notify_nova_on_port_status_changes = True +notify_nova_on_port_status_changes = True # Send notifications to nova when port data (fixed_ips/floatingips) change # so nova can update it's cache. -# notify_nova_on_port_data_changes = True +notify_nova_on_port_data_changes = True # URL for connection to nova (Only supports one nova region currently). -# nova_url = http://127.0.0.1:8774/v2 +nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2 # Name of nova region to use. Useful if keystone manages more than one region # nova_region_name = @@ -450,7 +450,7 @@ # The RabbitMQ broker port where a single node is used. # (integer value) -# rabbit_port=5672 +# rabbit_port =5672 # RabbitMQ HA cluster host:port pairs. (list value) # rabbit_hosts=$rabbit_host:$rabbit_port @@ -531,7 +531,7 @@ # Driver or drivers to handle sending notifications. (multi # valued) -# notification_driver= +notification_driver = neutron.openstack.common.notifier.rpc_notifier # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics @@ -547,7 +547,7 @@ # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) -# rpc_backend=rabbit +rpc_backend = rabbit # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the @@ -660,7 +660,7 @@ # Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real # root filter facility. # Change to "sudo" to skip the filtering and just run the command directly -# root_helper = sudo +root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf # Set to true to add comments to generated iptables rules that describe # each rule's purpose. (System must support the iptables comments module.) @@ -691,11 +691,11 @@ # =========== end of items for agent management extension ===== [keystone_authtoken] -auth_uri = http://127.0.0.1:35357/v2.0/ -identity_uri = http://127.0.0.1:5000 -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +admin_tenant_name = service +admin_user = {{ NEUTRON_SERVICE_USER }} +admin_password = {{ NEUTRON_SERVICE_PASSWORD }} [database] # This line MUST be changed to actually run the plugin. @@ -703,7 +703,8 @@ admin_password = %SERVICE_PASSWORD% # connection = mysql://root:pass@127.0.0.1:3306/neutron # Replace 127.0.0.1 above with the IP address of the database used by the # main neutron server. (Leave it as is if the database runs on this host.) -# connection = sqlite:// +connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron + # NOTE: In deployment the [database] section and its connection attribute may # be set in the corresponding core plugin '.ini' file. However, it is suggested # to put the [database] section and its connection attribute in this @@ -747,7 +748,7 @@ admin_password = %SERVICE_PASSWORD% [nova] # Name of the plugin to load -# auth_plugin = +auth_plugin = password # Config Section from which to load plugin specific options # auth_section = @@ -765,11 +766,28 @@ admin_password = %SERVICE_PASSWORD% # keyfile = # Name of nova region to use. Useful if keystone manages more than one region. -# region_name = +region_name = regionOne # Timeout value for http requests # timeout = +# Authorization URL for connection to nova in admin context. +auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + +# Username for connection to nova in admin context +username = {{ NOVA_SERVICE_USER }} + +# Password for connection to nova in admin context. +password = {{ NOVA_SERVICE_PASSWORD }} + +# The uuid of the admin nova tenant +# tenant_id = + +# The name of the admin nova tenant. If the uuid of the admin nova tenant +# is set, this is optional. Useful for cases where the uuid of the admin +# nova tenant is not available when configuration is being done. +tenant_name = service + [oslo_concurrency] # Directory to use for lock files. For security, the specified directory should @@ -956,11 +974,11 @@ lock_path = $state_path/lock # The RabbitMQ broker address where a single node is used. (string value) # Deprecated group/name - [DEFAULT]/rabbit_host -# rabbit_host = localhost +rabbit_host = {{ RABBITMQ_HOST }} # The RabbitMQ broker port where a single node is used. (integer value) # Deprecated group/name - [DEFAULT]/rabbit_port -# rabbit_port = 5672 +rabbit_port = {{ RABBITMQ_PORT }} # RabbitMQ HA cluster host:port pairs. (list value) # Deprecated group/name - [DEFAULT]/rabbit_hosts @@ -972,11 +990,11 @@ lock_path = $state_path/lock # The RabbitMQ userid. (string value) # Deprecated group/name - [DEFAULT]/rabbit_userid -# rabbit_userid = guest +rabbit_userid = {{ RABBITMQ_USER }} # The RabbitMQ password. (string value) # Deprecated group/name - [DEFAULT]/rabbit_password -# rabbit_password = guest +rabbit_password = {{ RABBITMQ_PASSWORD }} # The RabbitMQ login method. (string value) # Deprecated group/name - [DEFAULT]/rabbit_login_method diff --git a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini index ac9a3d0d..3258a40f 100644 --- a/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini +++ b/install-files/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini @@ -2,19 +2,19 @@ # (ListOpt) List of network type driver entrypoints to be loaded from # the neutron.ml2.type_drivers namespace. # -# type_drivers = local,flat,vlan,gre,vxlan +type_drivers = flat,gre # Example: type_drivers = flat,vlan,gre,vxlan # (ListOpt) Ordered list of network_types to allocate as tenant # networks. The default value 'local' is useful for single-box testing # but provides no connectivity between hosts. # -# tenant_network_types = local +tenant_network_types = gre # Example: tenant_network_types = vlan,gre,vxlan # (ListOpt) Ordered list of networking mechanism driver entrypoints # to be loaded from the neutron.ml2.mechanism_drivers namespace. -# mechanism_drivers = +mechanism_drivers = openvswitch # Example: mechanism_drivers = openvswitch,mlnx # Example: mechanism_drivers = arista # Example: mechanism_drivers = cisco,logger @@ -63,7 +63,7 @@ # can be created. Use * to allow flat networks with arbitrary # physical_network names. # -# flat_networks = +flat_networks = External # Example:flat_networks = physnet1,physnet2 # Example:flat_networks = * @@ -78,7 +78,7 @@ [ml2_type_gre] # (ListOpt) Comma-separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation -# tunnel_id_ranges = +tunnel_id_ranges = 1:1000 [ml2_type_vxlan] # (ListOpt) Comma-separated list of : tuples enumerating @@ -96,8 +96,18 @@ [securitygroup] # Controls if neutron security group is enabled or not. # It should be false when you use nova security group. -# enable_security_group = True +enable_security_group = True # Use ipset to speed-up the iptables security groups. Enabling ipset support # requires that ipset is installed on L2 agent node. -# enable_ipset = True +enable_ipset = True + +firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + +[ovs] +local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +enable_tunneling = True +bridge_mappings=External:br-ex + +[agent] +tunnel_types = gre diff --git a/install-files/openstack/usr/share/openstack/nova/nova.conf b/install-files/openstack/usr/share/openstack/nova/nova.conf index b49f9522..9fc10493 100644 --- a/install-files/openstack/usr/share/openstack/nova/nova.conf +++ b/install-files/openstack/usr/share/openstack/nova/nova.conf @@ -42,7 +42,7 @@ #rpc_thread_pool_size = 64 # Driver or drivers to handle sending notifications. (multi valued) -#notification_driver = +notification_driver = messagingv2 # AMQP topic used for OpenStack notifications. (list value) # Deprecated group/name - [rpc_notifier2]/topics @@ -58,7 +58,7 @@ # The messaging driver to use, defaults to rabbit. Other drivers include qpid # and zmq. (string value) -#rpc_backend = rabbit +rpc_backend = rabbit # The default exchange under which topics are scoped. May be overridden by an # exchange name specified in the transport_url option. (string value) @@ -121,7 +121,7 @@ # # IP address of this host (string value) -#my_ip=10.0.0.1 +my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Block storage IP address of this host (string value) #my_block_storage_ip=$my_ip @@ -145,7 +145,7 @@ # notifications, "vm_state" for notifications on VM state # changes, or "vm_and_task_state" for notifications on VM and # task state changes. (string value) -#notify_on_state_change= +notify_on_state_change=vm_and_task_state # If set, send api.fault notifications on caught exceptions in # the API service. (boolean value) @@ -173,7 +173,7 @@ # Top-level directory for maintaining nova's state (string # value) -#state_path=$pybasedir +state_path=/var/lib/nova # @@ -265,7 +265,7 @@ #periodic_fuzzy_delay=60 # A list of APIs to enable by default (list value) -#enabled_apis=ec2,osapi_compute,metadata +enabled_apis=ec2,osapi_compute,metadata # A list of APIs with enabled SSL (list value) #enabled_ssl_apis= @@ -309,7 +309,7 @@ #metadata_workers= # Full class name for the Manager for compute (string value) -#compute_manager=nova.compute.manager.ComputeManager +compute_manager={{ COMPUTE_MANAGER }} # Full class name for the Manager for console proxy (string # value) @@ -347,11 +347,11 @@ # Time period to generate instance usages for. Time period # must be hour, day, month or year (string value) -#instance_usage_audit_period=month +instance_usage_audit_period=hour # Path to the rootwrap configuration file to use for running # commands as root (string value) -#rootwrap_config=/etc/nova/rootwrap.conf +rootwrap_config=/etc/nova/rootwrap.conf # Explicitly specify the temporary working directory (string # value) @@ -364,7 +364,7 @@ # File name for the paste.deploy config for nova-api (string # value) -#api_paste_config=api-paste.ini +api_paste_config=api-paste.ini # A python format string that is used as the template to # generate log lines. The following values can be formatted @@ -422,7 +422,7 @@ # checking. noauth provides administrative credentials # regardless of the passed in user, noauth2 only does if # 'admin' is specified as the username. (string value) -#auth_strategy=keystone +auth_strategy=keystone # Treat X-Forwarded-For as the canonical remote address. Only # enable this if you have a sanitizing proxy. (boolean value) @@ -587,7 +587,7 @@ # # osapi compute extension to load (multi valued) -#osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions +osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions # @@ -753,7 +753,7 @@ # Generate periodic compute.instance.exists notifications # (boolean value) -#instance_usage_audit=false +instance_usage_audit= True # Number of 1 second retries needed in live_migration (integer # value) @@ -886,7 +886,7 @@ # Amount of memory in MB to reserve for the host (integer # value) -#reserved_host_memory_mb=512 +reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }} # Class that will manage stats for the local compute host # (string value) @@ -982,11 +982,11 @@ # Template string to be used to generate instance names # (string value) -#instance_name_template=instance-%08x +instance_name_template=instance-%08x # Template string to be used to generate snapshot names # (string value) -#snapshot_name_template=snapshot-%s +snapshot_name_template=snapshot-%s # @@ -1050,7 +1050,7 @@ # The full class name of the network API class to use (string # value) -#network_api_class=nova.network.api.API +network_api_class=nova.network.neutronv2.api.API # @@ -1168,7 +1168,7 @@ #dnsmasq_config_file= # Driver used to create ethernet devices. (string value) -#linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver +linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver # Name of Open vSwitch bridge used with linuxnet (string # value) @@ -1328,7 +1328,7 @@ # # The full class name of the security API class (string value) -#security_group_api=nova +security_group_api=neutron # @@ -1401,7 +1401,7 @@ # Use syslog for logging. Existing syslog format is DEPRECATED during I, and # will change in J to honor RFC5424. (boolean value) -#use_syslog = false +use_syslog = True # (Optional) Enables or disables syslog rfc5424 format for logging. If enabled, # prefixes the MSG part of the syslog message with APP-NAME (RFC5424). The @@ -1474,7 +1474,7 @@ # # The scheduler host manager class to use (string value) -#scheduler_host_manager=nova.scheduler.host_manager.HostManager +scheduler_host_manager={{ SCHEDULER_HOST_MANAGER }} # @@ -1566,7 +1566,7 @@ # for RamFilter. For AggregateRamFilter, it will fall back to # this configuration value if no per-aggregate setting found. # (floating point value) -#ram_allocation_ratio=1.5 +ram_allocation_ratio={{ RAM_ALLOCATION_RATIO }} # @@ -1581,7 +1581,7 @@ # Which filter class names to use for filtering hosts when not # specified in the request. (list value) -#scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter +scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter # Which weight class names to use for weighing hosts (list # value) @@ -1610,7 +1610,7 @@ # # Default driver to use for the scheduler (string value) -#scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler +scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # How often (in seconds) to run periodic tasks in the # scheduler driver of your choice. Please note this is likely @@ -1725,7 +1725,7 @@ # include: libvirt.LibvirtDriver, xenapi.XenAPIDriver, # fake.FakeDriver, baremetal.BareMetalDriver, # vmwareapi.VMwareVCDriver, hyperv.HyperVDriver (string value) -#compute_driver= +compute_driver={{ COMPUTE_DRIVER }} # The default format an ephemeral_volume will be formatted # with on creation. (string value) @@ -1756,7 +1756,7 @@ # Firewall driver (defaults to hypervisor specific iptables # driver) (string value) -#firewall_driver= +firewall_driver=nova.virt.firewall.NoopFirewallDriver # Whether to allow network traffic from same network (boolean # value) @@ -1816,7 +1816,7 @@ # Location of VNC console proxy, in the form # "http://127.0.0.1:6080/vnc_auto.html" (string value) -#novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html +novncproxy_base_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6080/vnc_auto.html # Location of nova xvp VNC console proxy, in the form # "http://127.0.0.1:6081/console" (string value) @@ -1824,17 +1824,17 @@ # IP address on which instance vncservers should listen # (string value) -#vncserver_listen=127.0.0.1 +vncserver_listen=0.0.0.0 # The address to which proxy clients (like nova-xvpvncproxy) # should connect (string value) -#vncserver_proxyclient_address=127.0.0.1 +vncserver_proxyclient_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} # Enable VNC related features (boolean value) -#vnc_enabled=true +vnc_enabled=true # Keymap for VNC (string value) -#vnc_keymap=en-us +vnc_keymap=en-us # @@ -1926,7 +1926,7 @@ # The SQLAlchemy connection string to use to connect to the # Nova API database. (string value) -#connection= +#connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova # If True, SQLite uses synchronous mode. (boolean value) #sqlite_synchronous=true @@ -2172,7 +2172,7 @@ # # Perform nova-conductor operations locally (boolean value) -#use_local=false +use_local=true # The topic on which conductor nodes listen (string value) #topic=conductor @@ -2210,6 +2210,7 @@ # Deprecated group/name - [DATABASE]/sql_connection # Deprecated group/name - [sql]/connection #connection = +connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova # The SQLAlchemy connection string to use to connect to the slave database. # (string value) @@ -2330,19 +2331,19 @@ # # Default glance hostname or IP address (string value) -#host=$my_ip +host={{ CONTROLLER_HOST_ADDRESS }} # Default glance port (integer value) -#port=9292 +port=9292 # Default protocol to use when connecting to glance. Set to # https for SSL. (string value) -#protocol=http +protocol=http # A list of the glance api servers available to nova. Prefix # with https:// for ssl-based glance api servers. # ([hostname|ip]:port) (list value) -#api_servers= +api_servers=$host:$port # Allow to perform insecure SSL (https) requests to glance # (boolean value) @@ -2485,19 +2486,19 @@ #api_version=1 # URL for Ironic API endpoint. (string value) -#api_endpoint= +api_endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:6385/v1 # Ironic keystone admin name (string value) -#admin_username= +admin_username={{ IRONIC_SERVICE_USER }} # Ironic keystone admin password. (string value) -#admin_password= +admin_password={{ IRONIC_SERVICE_PASSWORD }} # Ironic keystone auth token. (string value) #admin_auth_token= # Keystone public API endpoint. (string value) -#admin_url= +admin_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 # Log level override for ironicclient. Set this in order to # override the global "default_log_levels", "verbose", and @@ -2506,7 +2507,7 @@ #client_log_level= # Ironic keystone tenant name. (string value) -#admin_tenant_name= +admin_tenant_name=service # How many retries when a request does conflict. (integer # value) @@ -2544,10 +2545,10 @@ # # Complete public Identity API endpoint. (string value) -#auth_uri = +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 # API version of the admin Identity API endpoint. (string value) -#auth_version = +auth_version = v2.0 # Do not handle authorization requests within the middleware, but delegate the # authorization decision to downstream WSGI components. (boolean value) @@ -2678,7 +2679,7 @@ # Complete admin Identity API endpoint. This should specify the unversioned # root endpoint e.g. https://localhost:35357/ (string value) -#identity_uri = +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 # This option is deprecated and may be removed in a future release. Single # shared secret with the Keystone configuration used for bootstrapping a @@ -2688,13 +2689,13 @@ #admin_token = # Service username. (string value) -#admin_user = +admin_user = {{ NOVA_SERVICE_USER }} # Service user password. (string value) -#admin_password = +admin_password = {{ NOVA_SERVICE_PASSWORD }} # Service tenant name. (string value) -#admin_tenant_name = admin +admin_tenant_name = service [libvirt] @@ -2715,7 +2716,7 @@ # Libvirt domain type (valid options are: kvm, lxc, qemu, uml, # xen and parallels) (string value) -#virt_type=kvm +virt_type={{ NOVA_VIRT_TYPE }} # Override the default libvirt URI (which is dependent on # virt_type) (string value) @@ -3028,11 +3029,11 @@ # Set flag to indicate Neutron will proxy metadata requests # and resolve instance ids. (boolean value) -#service_metadata_proxy=false +service_metadata_proxy=True # Shared secret to validate proxies Neutron metadata requests # (string value) -#metadata_proxy_shared_secret= +metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }} # @@ -3040,7 +3041,7 @@ # # URL for connecting to neutron (string value) -#url=http://127.0.0.1:9696 +url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 # User id for connecting to neutron in admin context. # DEPRECATED: specify an auth_plugin and appropriate @@ -3050,12 +3051,12 @@ # Username for connecting to neutron in admin context # DEPRECATED: specify an auth_plugin and appropriate # credentials instead. (string value) -#admin_username= +admin_username={{ NEUTRON_SERVICE_USER }} # Password for connecting to neutron in admin context # DEPRECATED: specify an auth_plugin and appropriate # credentials instead. (string value) -#admin_password= +admin_password={{ NEUTRON_SERVICE_PASSWORD }} # Tenant id for connecting to neutron in admin context # DEPRECATED: specify an auth_plugin and appropriate @@ -3067,7 +3068,7 @@ # Note that with Keystone V3 tenant names are only unique # within a domain. DEPRECATED: specify an auth_plugin and # appropriate credentials instead. (string value) -#admin_tenant_name= +admin_tenant_name=service # Region name for connecting to neutron in admin context # (string value) @@ -3076,13 +3077,13 @@ # Authorization URL for connecting to neutron in admin # context. DEPRECATED: specify an auth_plugin and appropriate # credentials instead. (string value) -#admin_auth_url=http://localhost:5000/v2.0 +admin_auth_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 # Authorization strategy for connecting to neutron in admin # context. DEPRECATED: specify an auth_plugin and appropriate # credentials instead. If an auth_plugin is specified strategy # will be ignored. (string value) -#auth_strategy=keystone +auth_strategy=keystone # Name of Integration Bridge used by Open vSwitch (string # value) @@ -3141,7 +3142,7 @@ # # Host on which to listen for incoming requests (string value) -#serialproxy_host=0.0.0.0 +serialproxy_host=127.0.0.1 # Port on which to listen for incoming requests (integer # value) @@ -3153,7 +3154,7 @@ # # Enable serial console related features (boolean value) -#enabled=false +enabled=false # Range of TCP ports to use for serial ports on compute hosts # (string value) @@ -3202,7 +3203,7 @@ #server_proxyclient_address=127.0.0.1 # Enable spice related features (boolean value) -#enabled=false +enabled=false # Enable spice guest agent support (boolean value) #agent_enabled=true @@ -3783,7 +3784,7 @@ # Defaults to environment variable OSLO_LOCK_PATH. If external locks are used, # a lock path must be set. (string value) # Deprecated group/name - [DEFAULT]/lock_path -#lock_path = +lock_path = /var/lock/nova [oslo_messaging_amqp] @@ -3946,11 +3947,11 @@ # The RabbitMQ broker address where a single node is used. (string value) # Deprecated group/name - [DEFAULT]/rabbit_host -#rabbit_host = localhost +rabbit_host = {{ RABBITMQ_HOST }} # The RabbitMQ broker port where a single node is used. (integer value) # Deprecated group/name - [DEFAULT]/rabbit_port -#rabbit_port = 5672 +rabbit_port = {{ RABBITMQ_PORT }} # RabbitMQ HA cluster host:port pairs. (list value) # Deprecated group/name - [DEFAULT]/rabbit_hosts @@ -3958,15 +3959,15 @@ # Connect over SSL for RabbitMQ. (boolean value) # Deprecated group/name - [DEFAULT]/rabbit_use_ssl -#rabbit_use_ssl = false +rabbit_use_ssl = false # The RabbitMQ userid. (string value) # Deprecated group/name - [DEFAULT]/rabbit_userid -#rabbit_userid = guest +rabbit_userid = {{ RABBITMQ_USER }} # The RabbitMQ password. (string value) # Deprecated group/name - [DEFAULT]/rabbit_password -#rabbit_password = guest +rabbit_password = {{ RABBITMQ_PASSWORD }} # The RabbitMQ login method. (string value) # Deprecated group/name - [DEFAULT]/rabbit_login_method @@ -4005,4 +4006,3 @@ # Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake (boolean value) # Deprecated group/name - [DEFAULT]/fake_rabbit #fake_rabbit = false - diff --git a/install-files/swift/usr/share/swift/etc/swift/container-server.j2 b/install-files/swift/usr/share/swift/etc/swift/container-server.j2 index d226d016..3c63b7d0 100644 --- a/install-files/swift/usr/share/swift/etc/swift/container-server.j2 +++ b/install-files/swift/usr/share/swift/etc/swift/container-server.j2 @@ -168,6 +168,14 @@ recon_cache_path = /var/cache/swift # # Maximum amount of time to spend syncing each container per pass # container_time = 60 +# +# Maximum amount of time in seconds for the connection attempt +# conn_timeout = 5 +# Server errors from requests will be retried by default +# request_tries = 3 +# +# Internal client config file path +# internal_client_conf_path = /etc/swift/internal-client.conf # Note: Put it at the beginning of the pipeline to profile all middleware. But # it is safer to put this after healthcheck. diff --git a/install-files/swift/usr/share/swift/etc/swift/object-server.j2 b/install-files/swift/usr/share/swift/etc/swift/object-server.j2 index 66990be9..19d72f6c 100644 --- a/install-files/swift/usr/share/swift/etc/swift/object-server.j2 +++ b/install-files/swift/usr/share/swift/etc/swift/object-server.j2 @@ -77,7 +77,7 @@ use = egg:swift#object # slow = 0 # # Objects smaller than this are not evicted from the buffercache once read -# keep_cache_size = 5424880 +# keep_cache_size = 5242880 # # If true, objects for authenticated GET requests may be kept in buffer cache # if small enough @@ -212,6 +212,29 @@ recon_cache_path = /var/cache/swift # removed when it has successfully replicated to all the canonical nodes. # handoff_delete = auto +[object-reconstructor] +# You can override the default log routing for this app here (don't use set!): +# Unless otherwise noted, each setting below has the same meaning as described +# in the [object-replicator] section, however these settings apply to the EC +# reconstructor +# +# log_name = object-reconstructor +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# daemonize = on +# run_pause = 30 +# concurrency = 1 +# stats_interval = 300 +# node_timeout = 10 +# http_timeout = 60 +# lockup_timeout = 1800 +# reclaim_age = 604800 +# ring_check_interval = 15 +# recon_cache_path = /var/cache/swift +# handoffs_first = False + [object-updater] # You can override the default log routing for this app here (don't use set!): # log_name = object-updater diff --git a/install-files/swift/usr/share/swift/etc/swift/swift.j2 b/install-files/swift/usr/share/swift/etc/swift/swift.j2 index 6d76215a..933e207e 100644 --- a/install-files/swift/usr/share/swift/etc/swift/swift.j2 +++ b/install-files/swift/usr/share/swift/etc/swift/swift.j2 @@ -22,9 +22,13 @@ swift_hash_path_prefix = {{ SWIFT_HASH_PATH_PREFIX }} # defined you must define a policy with index 0 and you must specify a # default. It is recommended you always define a section for # storage-policy:0. +# +# A 'policy_type' argument is also supported but is not mandatory. Default +# policy type 'replication' is used when 'policy_type' is unspecified. [storage-policy:0] name = Policy-0 default = yes +#policy_type = replication # the following section would declare a policy called 'silver', the number of # replicas will be determined by how the ring is built. In this example the @@ -39,9 +43,45 @@ default = yes # current default. #[storage-policy:1] #name = silver +#policy_type = replication + +# The following declares a storage policy of type 'erasure_coding' which uses +# Erasure Coding for data reliability. The 'erasure_coding' storage policy in +# Swift is available as a "beta". Please refer to Swift documentation for +# details on how the 'erasure_coding' storage policy is implemented. +# +# Swift uses PyECLib, a Python Erasure coding API library, for encode/decode +# operations. Please refer to Swift documentation for details on how to +# install PyECLib. +# +# When defining an EC policy, 'policy_type' needs to be 'erasure_coding' and +# EC configuration parameters 'ec_type', 'ec_num_data_fragments' and +# 'ec_num_parity_fragments' must be specified. 'ec_type' is chosen from the +# list of EC backends supported by PyECLib. The ring configured for the +# storage policy must have it's "replica" count configured to +# 'ec_num_data_fragments' + 'ec_num_parity_fragments' - this requirement is +# validated when services start. 'ec_object_segment_size' is the amount of +# data that will be buffered up before feeding a segment into the +# encoder/decoder. More information about these configuration options and +# supported `ec_type` schemes is available in the Swift documentation. Please +# refer to Swift documentation for details on how to configure EC policies. +# +# The example 'deepfreeze10-4' policy defined below is a _sample_ +# configuration with 10 'data' and 4 'parity' fragments. 'ec_type' +# defines the Erasure Coding scheme. 'jerasure_rs_vand' (Reed-Solomon +# Vandermonde) is used as an example below. +# +#[storage-policy:2] +#name = deepfreeze10-4 +#policy_type = erasure_coding +#ec_type = jerasure_rs_vand +#ec_num_data_fragments = 10 +#ec_num_parity_fragments = 4 +#ec_object_segment_size = 1048576 + # The swift-constraints section sets the basic constraints on data -# saved in the swift cluster. These constraints are automatically +# saved in the swift cluster. These constraints are automatically # published by the proxy server in responses to /info requests. [swift-constraints] @@ -116,3 +156,14 @@ default = yes # of a container name #max_container_name_length = 256 + + +# By default all REST API calls should use "v1" or "v1.0" as the version string, +# for example "/v1/account". This can be manually overridden to make this +# backward-compatible, in case a different version string has been used before. +# Use a comma-separated list in case of multiple allowed versions, for example +# valid_api_versions = v0,v1,v2 +# This is only enforced for account, container and object requests. The allowed +# api versions are by default excluded from /info. + +# valid_api_versions = v1,v1.0 diff --git a/strata/openstack-services/horizon.morph b/strata/openstack-services/horizon.morph index ae6399b1..74930a1e 100644 --- a/strata/openstack-services/horizon.morph +++ b/strata/openstack-services/horizon.morph @@ -4,16 +4,12 @@ configure-commands: # Remove unnecessary .mo files they will be generated # later during package build. - find . -name "django*.mo" -exec rm -f '{}' \; -# Set COMPRESS_OFFLINE=True -- | - sed -i 's:COMPRESS_OFFLINE.=.False:COMPRESS_OFFLINE = True:' \ - openstack_dashboard/settings.py build-commands: # Compile message strings -- cd horizon && django-admin.py compilemessages && cd .. -- cd openstack_dashboard && django-admin.py compilemessages && cd .. +- cd horizon && django-admin.py compilemessages +- cd openstack_dashboard && django-admin.py compilemessages - python setup.py build -post-build-commands: + # Use the local_settings.py example to compile and compress the css, js, etc files. # This is a hack to make SECRET_KEY work. - | @@ -23,37 +19,45 @@ post-build-commands: - python manage.py collectstatic --noinput - python manage.py compress --force install-commands: -# Undo hack +# Install horizon in a temporary folder first, and then move things to the +# right place in $DESTDIR +- mkdir temproot +- python setup.py install -O1 --skip-build --prefix "$PREFIX" --root temproot +# Remove unnecessary .po files +- find temproot -name django.po -exec rm '{}' \; +- find temproot -name djangojs.po -exec rm '{}' \; + +# Move openstack_dashboard to /var/lib/horizon +- mkdir -p "$DESTDIR"/var/lib/horizon/ +- | + mv temproot/"$PREFIX"/lib/python*/site-packages/openstack_dashboard \ + "$DESTDIR"/var/lib/horizon/ +- cp manage.py "$DESTDIR"/var/lib/horizon/openstack_dashboard/ + +# Copy the rest to $DESTDIR +- cp -a temproot/* "$DESTDIR" + +# Copy local_settings to /etc/horizon/openstack_dashboard, so that they +# can be modified, and link them where openstack_dashboard is installed. +- mkdir -p "$DESTDIR"/etc/horizon/openstack_dashboard/ - | cp openstack_dashboard/local/local_settings.py.example \ - openstack_dashboard/local/local_settings.py -# Install horizon -- python setup.py install -O1 --skip-build --prefix "$PREFIX" --root "$DESTDIR" -post-install-commands: -# Remove unnecessary .po files -- find "$DESTDIR" -name django.po -exec rm '{}' \; -- find "$DESTDIR" -name djangojs.po -exec rm '{}' \; -# Link Openstack local_settings where openstack_dashboard is installed. + "$DESTDIR"/etc/horizon/openstack_dashboard/local_settings.py +# Set COMPRESS_OFFLINE=True +- | + echo "COMPRESS_OFFLINE=True" >> \ + "$DESTDIR"/etc/horizon/openstack_dashboard/local_settings.py + - mkdir -p "$DESTDIR"/var/lib/horizon/openstack_dashboard/local - | ln -sf /etc/horizon/openstack_dashboard/local_settings.py \ - "$DESTDIR$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.py + "$DESTDIR"/var/lib/horizon/openstack_dashboard/local/local_settings.py + # Create the static directory (STATIC_ROOT) used in local_settings.py to keep # the static objects like css files. -- mkdir -p "$DESTDIR"/var/lib/horizon/openstack_dashboard/static +- mkdir -p "$DESTDIR"/var/lib/horizon/static # Copy the compressed static files to horizon. -- cp -a openstack_dashboard/static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static -- cp -a horizon/static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static -- cp -a static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static -# Work around to make django.wsgi working with horizon -# See: https://bugs.launchpad.net/osprofiler/+bug/1361235 -# and: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=41c9a1dfad23f8aee366afb6a0b20a6c57ec8f79 -- | - sed -i "s|'../..'|os.path.realpath('../..')|" \ - "$DESTDIR$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi -# And link this django.wsgi file to the horizon home directory -- | - ln -sf "$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi \ - "$DESTDIR"/var/lib/horizon/openstack_dashboard/django.wsgi +- cp -a static/* "$DESTDIR"/var/lib/horizon/static + # Create the horizon document root for apache configuration - mkdir -p "$DESTDIR"/var/lib/horizon/.blackhole -- cgit v1.2.1