diff options
| author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-05-20 12:36:58 +0100 |
|---|---|---|
| committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-05-20 12:36:58 +0100 |
| commit | 3972dc3a720794f2ded9fe5e6305d3fae4a6a7d7 (patch) | |
| tree | 4875e396af3ef083ee6883775e34c48e52605e2d | |
| parent | c368f61b0b460f120634219a5b70186c803d5bed (diff) | |
| parent | 4b9268eb9cb1f8d140f543d9c4a3aa1aa8298994 (diff) | |
| download | infrastructure-3972dc3a720794f2ded9fe5e6305d3fae4a6a7d7.tar.gz | |
Merge remote-tracking branch 'baserock/baserock/adamcoldrick/mason-2015' into sam/mason-zuul-2
Conflicts:
baserock_irclogs/systems/irclogs-x86_64.morph
hosts
scripts/licensecheck.pl
Change-Id: Ib298ce7928a8f5a23918b1226746c39e48fe705f
480 files changed, 28440 insertions, 2655 deletions
@@ -1 +1 @@ -version: 1 +version: 3 diff --git a/clusters/ci.morph b/clusters/ci.morph index 48e978bc..cb56328c 100644 --- a/clusters/ci.morph +++ b/clusters/ci.morph @@ -20,11 +20,12 @@ systems: DISK_SIZE: 4G - morph: systems/build-system-armv7lhf-jetson.morph deploy: - devel-system-armv7lhf-jetson: + build-system-armv7lhf-jetson: type: rawdisk location: build-system-armv7lhf-jetson.img DISK_SIZE: 2G - ROOT_DEVICE: "/dev/mmcblk0p1" + BOOT_DEVICE: "/dev/mmcblk0p1" + ROOT_DEVICE: "/dev/mmcblk0p2" DTB_PATH: "boot/tegra124-jetson-tk1.dtb" BOOTLOADER_CONFIG_FORMAT: "extlinux" BOOTLOADER_INSTALL: "none" @@ -42,8 +43,75 @@ systems: type: rawdisk location: weston-system-armv7lhf-jetson.img DISK_SIZE: 4G - ROOT_DEVICE: "/dev/mmcblk0p1" + BOOT_DEVICE: "/dev/mmcblk0p1" + ROOT_DEVICE: "/dev/mmcblk0p2" DTB_PATH: "boot/tegra124-jetson-tk1.dtb" BOOTLOADER_CONFIG_FORMAT: "extlinux" BOOTLOADER_INSTALL: "none" KERNEL_ARGS: cma=256M console=tty0 console=ttyS0,115200n8 no_console_suspend=1 nouveau.pstate=1 +- morph: systems/genivi-baseline-system-x86_64-generic.morph + deploy: + genivi-baseline-system-x86_64-generic: + type: rawdisk + location: genivi-baseline-system-x86_64-generic.img + DISK_SIZE: 4G + KERNEL_ARGS: vga=788 +- morph: systems/genivi-baseline-system-armv7lhf-jetson.morph + deploy: + genivi-baseline-system-armv7lhf-jetson: + type: rawdisk + location: genivi-baseline-system-armv7lhf-jetson.img + DISK_SIZE: 4G + BOOT_DEVICE: "/dev/mmcblk0p1" + ROOT_DEVICE: "/dev/mmcblk0p2" + DTB_PATH: "boot/tegra124-jetson-tk1.dtb" + BOOTLOADER_CONFIG_FORMAT: "extlinux" + BOOTLOADER_INSTALL: "none" + KERNEL_ARGS: cma=256M console=tty0 console=ttyS0,115200n8 no_console_suspend=1 nouveau.pstate=1 +- morph: systems/openstack-system-x86_64.morph + deploy: + openstack-system-x86_64: + type: rawdisk + location: baserock-openstack-system-x86_64.img + DISK_SIZE: 5G + INSTALL_FILES: openstack/manifest + HOSTNAME: onenode + RABBITMQ_HOST: onenode + RABBITMQ_PORT: 5672 + RABBITMQ_USER: rabbitmq + RABBITMQ_PASSWORD: veryinsecure + CONTROLLER_HOST_ADDRESS: onenode + MANAGEMENT_INTERFACE_IP_ADDRESS: 127.0.0.1 + KEYSTONE_TEMPORARY_ADMIN_TOKEN: 22f3aa1cf538e3f6d5e8 + KEYSTONE_ADMIN_PASSWORD: veryinsecure + KEYSTONE_DB_USER: keystoneDB + KEYSTONE_DB_PASSWORD: veryinsecure + GLANCE_SERVICE_USER: glance + GLANCE_SERVICE_PASSWORD: veryinsecure + GLANCE_DB_USER: glanceDB + GLANCE_DB_PASSWORD: veryinsecure + NOVA_SERVICE_USER: nova + NOVA_SERVICE_PASSWORD: veryinsecure + NOVA_DB_USER: novaDB + NOVA_DB_PASSWORD: veryinsecure + NOVA_VIRT_TYPE: qemu + CINDER_SERVICE_USER: cinder + CINDER_SERVICE_PASSWORD: veryinsecure + CINDER_DB_USER: cinderDB + CINDER_DB_PASSWORD: veryinsecure + CINDER_DEVICE: /dev/sdb + NEUTRON_SERVICE_USER: neutron + NEUTRON_SERVICE_PASSWORD: veryinsecure + NEUTRON_DB_USER: neutronDB + NEUTRON_DB_PASSWORD: veryinsecure + METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret + IRONIC_SERVICE_USER: ironic + IRONIC_SERVICE_PASSWORD: veryinsecure + IRONIC_DB_USER: ironicDB + IRONIC_DB_PASSWORD: veryinsecure + CEILOMETER_SERVICE_USER: ceilometer + CEILOMETER_SERVICE_PASSWORD: veryinsecure + CEILOMETER_DB_USER: ceilometerDB + CEILOMETER_DB_PASSWORD: veryinsecure + METERING_SECRET: insecureceilometersecret + HOSTS_CONTROLLER: 127.0.0.1 onenode diff --git a/clusters/example-swift-storage-cluster.morph b/clusters/example-swift-storage-cluster.morph new file mode 100644 index 00000000..b1ea784f --- /dev/null +++ b/clusters/example-swift-storage-cluster.morph @@ -0,0 +1,62 @@ +name: example-swift-storage-cluster +kind: cluster +systems: +- morph: systems/swift-system-x86_64.morph + deploy-defaults: + INSTALL_FILES: swift/manifest + + CONTROLLER_HOST_ADDRESS: <controller host address> + + SWIFT_PART_POWER: 10 + SWIFT_REPLICAS: 3 + SWIFT_MIN_PART_HOURS: 1 + + SWIFT_STORAGE_DEVICES: [{ ip: <node0 management ip>, device: sdb, weight: 100 }, + { ip: <node0 management ip>, device: sdc, weight: 100 }, + { ip: <node0 management ip>, device: sdd, weight: 100 }, + + { ip: <node1 management ip>, device: sdb, weight: 100 }, + { ip: <node1 management ip>, device: sdc, weight: 100 }, + { ip: <node1 management ip>, device: sdd, weight: 100 }] + + # This value can be any random string or number + # but each node in your swift cluster must have the same value + SWIFT_REBALANCE_SEED: 3828 + + # NOTE: Replace SWIFT_HASH_PATH_PREFIX and SWIFT_HASH_PATH_SUFFIX + # with your own unique values, + # + # `openssl rand -hex 10' can be used to generate unique values + # + # These values should be kept secret, do not lose them. + # + SWIFT_HASH_PATH_PREFIX: 041fc210e4e1d333ce1d + SWIFT_HASH_PATH_SUFFIX: 4d6f5362a356dda7fb7d + + FSTAB_SDB: /dev/sdb /srv/node/sdb xfs defaults,user,rw 0 0 + FSTAB_SDC: /dev/sdc /srv/node/sdc xfs defaults,user,rw 0 0 + FSTAB_SDD: /dev/sdd /srv/node/sdd xfs defaults,user,rw 0 0 + + deploy: + node0: + type: kvm + location: kvm+ssh://user@host/swift-storage-0/home/user/swift-storage-0.img + DISK_SIZE: 10G + RAM_SIZE: 1G + VCPUS: 1 + HOSTNAME: swift-storage-0 + NIC_CONFIG: network=default + NETWORK_CONFIG: ens3:static,address=<node0 management ip>,netmask=255.255.255.0 + MANAGEMENT_INTERFACE_IP_ADDRESS: <node0 management ip> + ATTACH_DISKS: /dev/node0_sdb:/dev/node0_sdc:/dev/node0_sdd + node1: + type: kvm + location: kvm+ssh://user@host/swift-storage-1/home/user/swift-storage-1.img + DISK_SIZE: 10G + RAM_SIZE: 1G + VCPUS: 1 + HOSTNAME: swift-storage-1 + NIC_CONFIG: network=default + NETWORK_CONFIG: ens3:static,address=<node1 management ip>,netmask=255.255.255.0 + MANAGEMENT_INTERFACE_IP_ADDRESS: <node1 management ip> + ATTACH_DISKS: /dev/node1_sdb:/dev/node1_sdc:/dev/node1_sdd diff --git a/clusters/gitlab-ci-runner-cluster.morph b/clusters/gitlab-ci-runner-cluster.morph deleted file mode 100644 index 97da4a8d..00000000 --- a/clusters/gitlab-ci-runner-cluster.morph +++ /dev/null @@ -1,16 +0,0 @@ -name: gitlab-ci-runner-cluster -kind: cluster -systems: -- morph: systems/gitlab-ci-runner.morph - deploy-defaults: - AUTOSTART: false - DISK_SIZE: 6G - RAM_SIZE: 3G - VCPUS: 2 - VERSION_LABEL: factory - deploy: - gitlab-ci-runner: - type: kvm - location: kvm+ssh://USER@HOST/gitlab-ci-runner/home/USER/gitlab-ci-runner.img - HOSTNAME: gitlab-ci-runner - INSTALL_FILES: gitlab-ci-runner/manifest diff --git a/clusters/gitlab-cluster.morph b/clusters/gitlab-cluster.morph deleted file mode 100644 index 5f3177ca..00000000 --- a/clusters/gitlab-cluster.morph +++ /dev/null @@ -1,48 +0,0 @@ -name: gitlab-cluster -kind: cluster -description: | - This is an example cluster morphology that can be adapted to set up a GitLab - server with GitLab CI running alongside it, along with one or more CI - runners to actually run the CI tests/builds. - - For the server, you will need to specify the GITLAB_HOSTNAME. This is the - domain name or IP by which your deployed GitLab instance will be able to be - reached by. You will also need a GITLAB_PORT, CI_PORT, UNICORN PORT and - UNICORN_CI_PORT. These are the port to use for GitLab, the port to use for - GitLab CI, the port for GitLab's Unicorn process to listen on, and the port - for GitLab CI's Unicorn process to listen on respectively. Finally, you will - need to define a GITLAB_EMAIL, that is the email that mail from your GitLab - instance will appear to be from. -systems: -- morph: systems/gitlab-server.morph - deploy-defaults: - AUTOSTART: false - DISK_SIZE: 10G - RAM_SIZE: 2G - VCPUS: 2 - VERSION_LABEL: factory - deploy: - gitlab: - type: kvm - location: kvm+ssh://USER@HOST/gitlab/home/USER/gitlab.img - CI_PORT: 81 - GITLAB_EMAIL: gitlab@gitlab.example.com - GITLAB_HOSTNAME: gitlab.example.com - GITLAB_PORT: 80 - HOSTNAME: gitlab - INSTALL_FILES: gitlab-server/manifest - UNICORN_CI_PORT: 8081 - UNICORN_PORT: 8080 -- morph: systems/gitlab-ci-runner.morph - deploy-defaults: - AUTOSTART: false - DISK_SIZE: 10G - RAM_SIZE: 3G - VCPUS: 2 - VERSION_LABEL: factory - deploy: - gitlab-ci-runner: - type: kvm - location: kvm+ssh://USER@HOST/gitlab-ci-runner/home/USER/gitlab-ci-runner.img - HOSTNAME: gitlab-ci-runner - INSTALL_FILES: gitlab-ci-runner/manifest diff --git a/clusters/gitlab-server-cluster.morph b/clusters/gitlab-server-cluster.morph deleted file mode 100644 index fcb7c1d2..00000000 --- a/clusters/gitlab-server-cluster.morph +++ /dev/null @@ -1,22 +0,0 @@ -name: gitlab-server-cluster -kind: cluster -systems: -- morph: systems/gitlab-server.morph - deploy-defaults: - AUTOSTART: false - DISK_SIZE: 6G - RAM_SIZE: 2G - VCPUS: 2 - VERSION_LABEL: factory - deploy: - gitlab: - type: kvm - location: kvm+ssh://USER@HOST/gitlab/home/USER/gitlab.img - CI_PORT: 81 - GITLAB_EMAIL: gitlab@gitlab.example.com - GITLAB_HOSTNAME: gitlab.example.com - GITLAB_PORT: 80 - HOSTNAME: gitlab - INSTALL_FILES: gitlab-server/manifest - UNICORN_CI_PORT: 8081 - UNICORN_PORT: 8080 diff --git a/clusters/hardware-deployment.morph b/clusters/hardware-deployment.morph index 0b1335ae..c6b7dce9 100644 --- a/clusters/hardware-deployment.morph +++ b/clusters/hardware-deployment.morph @@ -12,7 +12,6 @@ systems: location: AB:CD:EF:12:34:56:78 #MAC address. PXEBOOT_MODE: spawn-novlan PXEBOOT_DEPLOYER_INTERFACE: ens6 - DISK_SIZE: 6G KERNEL_ARGS: console=ttyS1,9600 console=tty0 init=/usr/lib/baserock-installer/installer HOSTNAME: installer-system IPMI_USER: myipmiuser diff --git a/clusters/installer-build-system-x86_64.morph b/clusters/installer-build-system-x86_64.morph index b31caced..a9ebcaca 100644 --- a/clusters/installer-build-system-x86_64.morph +++ b/clusters/installer-build-system-x86_64.morph @@ -31,7 +31,13 @@ systems: HOSTNAME: installer-x86_64 INSTALLER_TARGET_STORAGE_DEVICE: /dev/sda INSTALLER_ROOTFS_TO_INSTALL: /rootfs + INITRAMFS_PATH: boot/initramfs.gz subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + installer-initramfs: + type: initramfs + location: boot/initramfs.gz - morph: systems/build-system-x86_64.morph deploy: to-install: @@ -41,6 +47,6 @@ systems: subsystems: - morph: systems/initramfs-x86_64.morph deploy: - initramfs: + to-install-initramfs: type: initramfs location: boot/initramfs.gz diff --git a/clusters/jetson-upgrade.morph b/clusters/jetson-upgrade.morph index a73507aa..9fd5155b 100644 --- a/clusters/jetson-upgrade.morph +++ b/clusters/jetson-upgrade.morph @@ -5,7 +5,8 @@ systems: deploy-defaults: TROVE_HOST: TROVE_HOST TROVE_ID: TROVE_ID - ROOT_DEVICE: "/dev/mmcblk0p1" + BOOT_DEVICE: "/dev/mmcblk0p1" + ROOT_DEVICE: "/dev/mmcblk0p2" DTB_PATH: "boot/tegra124-jetson-tk1.dtb" BOOTLOADER_CONFIG_FORMAT: "extlinux" BOOTLOADER_INSTALL: "none" diff --git a/clusters/mason-system-x86_64-openstack-deploy.morph b/clusters/mason-system-x86_64-openstack-deploy.morph new file mode 100644 index 00000000..a03435d3 --- /dev/null +++ b/clusters/mason-system-x86_64-openstack-deploy.morph @@ -0,0 +1,55 @@ +name: mason-system-x86_64-openstack-deploy +kind: cluster +description: | + An example cluster morphology demonstrating how to deploy a Mason + instance into an OpenStack Cloud. + + Mason consists of a distbuild system and Zuul/turbo-hipster to run + tests. In the future, we should make it possible to deploy a Mason + instance which uses an existing distbuild network for builds, + rather than setting up its own. + +systems: +- morph: systems/mason-system-x86_64-generic.morph + deploy-defaults: + # The following are all needed for extensions other than mason.configure + ARTIFACT_CACHE_SERVER: cache.baserock.org + CONTROLLERHOST: mason-system-x86-64 + DISTBUILD_CONTROLLER: true + DISTBUILD_WORKER: true + RAM_SIZE: 8G + DISK_SIZE: 4G + VCPUS: 2 + TROVE_HOST: git.baserock.org + TROVE_ID: baserock + WORKERS: mason-system-x86-64 + WORKER_SSH_KEY: ssh-keys/worker.key + HOSTNAME: mason-system-x86-64 + CLOUD_INIT: yes + KERNEL_ARGS: console=ttyS0 console=tty0 + INSTALL_FILES: distbuild/manifest + # It could be worthwhile setting these in your environment instead of here + OPENSTACK_AUTH_URL: auth-url + OPENSTACK_IMAGENAME: mason-system-x86_64 + OPENSTACK_NETWORK_ID: network-id + OPENSTACK_USER: openstack-username + OPENSTACK_TENANT: openstack-tenant + deploy: + mason: + type: openstack + location: auth-url + MASON_OPENSTACK_AUTH_URL: auth-url + MASON_OPENSTACK_NETWORK_ID: network-id + MASON_OPENSTACK_USER: mason + MASON_OPENSTACK_TENANT: mason-tenant + GERRIT_USER: mason + GERRIT_HOSTNAME: gerrit.example.com + GERRIT_SSH_KEY: ssh-keys/worker.key + GERRIT_SSH_KEY_PATH: /root/.ssh/id_rsa + GEARMAN_HOST: 127.0.0.1 + MASON_CLUSTER_MORPHOLOGY: clusters/ci.morph + MASON_ARCHITECTURE: x86_64 + MASON_TEST_HOSTS: "x86_64:user@auth-url" + MASON_DISTBUILD_CONTROLLERS: "x86_64:not-yet-used" + MASON_TEST_INFRASTRUCTURE_TYPE: openstack + MASON_UPSTREAM_TROVE: some-writeable-artifact-cache diff --git a/clusters/moonshot-m2-armv8b64.morph b/clusters/moonshot-m2-armv8b64.morph new file mode 100644 index 00000000..c8e5bc81 --- /dev/null +++ b/clusters/moonshot-m2-armv8b64.morph @@ -0,0 +1,56 @@ +name: moonshot-m2-deployment +kind: cluster +description: | + Install a build armv8b64 system into the M.2 SSD storage of an HP + Moonshot node, using a combination of the pxeboot.write extension and + the installer system. +systems: +- morph: systems/installer-system-armv8b64.morph + deploy: + installer: + type: pxeboot + location: 14:58:d0:57:7f:42 + PXEBOOT_MODE: existing-server + PXEBOOT_CONFIG_TFTP_ADDRESS: sftp://192.168.0.1/srv/nfsboot/tftp/ + PXEBOOT_ROOTFS_RSYNC_ADDRESS: rsync://192.168.0.1/srv/nfsboot/ + PXEBOOT_PXE_REBOOT_COMMAND: | + ssh Administrator@10.0.1.10 set node power off force c31n1 + ssh Administrator@10.0.1.10 set node boot pxe c31n1 + # Nodes are powered on twice as sometimes powering them on + # once is not enough + ssh Administrator@10.0.1.10 set node power on c31n1 + ssh Administrator@10.0.1.10 set node power on c31n1 + PXEBOOT_REBOOT_COMMAND: | + ssh Administrator@10.0.1.10 set node power off force c31n1 + ssh Administrator@10.0.1.10 set node boot m.2 c31n1 + ssh Administrator@10.0.1.10 set node power on c31n1 + ssh Administrator@10.0.1.10 set node power on c31n1 + + INSTALLER_TARGET_STORAGE_DEVICE: /dev/sda + INSTALLER_ROOTFS_TO_INSTALL: /rootfs + INSTALLER_POST_INSTALL_COMMAND: | + while : ; do + echo "enter 'installed' in your deployment machine to finish the installation" + sleep 2 + done + INSTALLER_CREATE_BOOT_PARTITION: yes + + HOSTNAME: installer-system-c31n1 + DTB_PATH: boot/m400-1003.dtb + KERNEL_ARGS: console=ttyS0,9600n8r init=/usr/lib/baserock-installer/installer + INSTALL_FILES: moonshot/manifest + MOONSHOT_KERNEL: yes + subsystems: + - morph: systems/devel-system-armv8b64.morph + deploy: + to-install: + type: sysroot + location: /rootfs + HOSTNAME: baserock-c31n1 + DTB_PATH: boot/m400-1003.dtb + INSTALL_FILES: moonshot/manifest + MOONSHOT_KERNEL: yes + BOOT_DEVICE: /dev/sda1 + ROOT_DEVICE: /dev/sda2 + BOOTLOADER_CONFIG_FORMAT: extlinux + BOOTLOADER_INSTALL: "none" diff --git a/clusters/moonshot-pxe-armv8b64.morph b/clusters/moonshot-pxe-armv8b64.morph new file mode 100644 index 00000000..2d32efb0 --- /dev/null +++ b/clusters/moonshot-pxe-armv8b64.morph @@ -0,0 +1,30 @@ +name: moonshot-m400-armv8b64-netboot +kind: cluster +description: | + Deploy a big-endian armv8b64 devel system onto an HP Moonshot node + + The system will be configured to boot through PXE from existing DHCP, + TFTP and NFS servers. +systems: +- morph: systems/devel-system-armv8b64.morph + deploy: + netboot: + type: pxeboot + location: 14:58:d0:57:7f:42 + PXEBOOT_MODE: existing-server + PXEBOOT_CONFIG_TFTP_ADDRESS: sftp://192.168.0.1/srv/nfsboot/tftp/ + PXEBOOT_ROOTFS_RSYNC_ADDRESS: rsync://192.168.0.1/srv/nfsboot/ + PXEBOOT_PXE_REBOOT_COMMAND: | + ssh Administrator@10.0.1.10 set node power off force c31n1 + ssh Administrator@10.0.1.10 set node boot pxe c31n1 + # Nodes are powered on twice as sometimes powering them on + # once is not enough + ssh Administrator@10.0.1.10 set node power on c31n1 + ssh Administrator@10.0.1.10 set node power on c31n1 + PXE_INSTALLER: no + + HOSTNAME: baserock-c31n1 + DTB_PATH: boot/m400-1003.dtb + KERNEL_ARGS: console=ttyS0,9600n8r rw + INSTALL_FILES: moonshot/manifest + MOONSHOT_KERNEL: yes diff --git a/clusters/openstack-one-node-swift.morph b/clusters/openstack-one-node-swift.morph new file mode 100644 index 00000000..574b7d61 --- /dev/null +++ b/clusters/openstack-one-node-swift.morph @@ -0,0 +1,124 @@ +name: openstack-one-node-swift +kind: cluster +description: | + This is a cluster morphology for deploying a x86_64 OpenStack system + all-in-one-node. + + Requirements to be able to run and test the system: + + - DISK_SIZE should be bigger than 5G + - The system has to have available at least 4G of RAM, but once + you start instantiating VMs you will need more. + - The IP of the system can't change, and you need to know it beforehand, + that is, the system needs a static IP address. + + This cluster is configurable, but with the following constraints: + + - The hostname in RABBITMQ_HOST has to match CONTROLLER_HOST_ADDRESS, + and HOST_CONTROLLER. + - HOSTS_CONTROLLER is only needed if the hostname (see previous point) + is not a FQDN. + - The IP listed in MANAGEMENT_INTERFACE_IP_ADDRESS has to match the one + used in HOSTS_CONTROLLER. + - CINDER_DEVICE should be a path to a storage device ready to be + used/formated for cinder data. + - EXTERNAL_INTERFACE is required when the system has more than one network + interface. + + You can also have a look at the following suggestions: + + - NOVA_VIRT_TYPE can be either 'kvm' or 'qemu', depending on where the + system is being deployed to. + - We recommend changing all the PASSWORDs variables, also the + KEYSTONE_TEMPORARY_ADMIN_TOKEN and METADATA_PROXY_SHARED_SECRET. + +systems: +- morph: systems/openstack-system-x86_64.morph + deploy: + release: + type: rawdisk + location: baserock-openstack-system-x86_64.img + DISK_SIZE: 10G + INSTALL_FILES: openstack/manifest swift/manifest + + HOSTNAME: onenode + + ######################################################################### + ## Swift config options + ######################################################################### + + SWIFT_CONTROLLER: True + + SWIFT_ADMIN_PASSWORD: insecure + + SWIFT_PART_POWER: 10 + SWIFT_REPLICAS: 3 + SWIFT_MIN_PART_HOURS: 1 + + SWIFT_STORAGE_DEVICES: [{ ip: <storage node 0 management ip>, device: sdb, weight: 100 }, + { ip: <storage node 0 management ip>, device: sdc, weight: 100 }, + { ip: <storage node 0 management ip>, device: sdd, weight: 100 }, + + { ip: <storage node 1 management ip>, device: sdb, weight: 100 }, + { ip: <storage node 1 management ip>, device: sdc, weight: 100 }, + { ip: <storage node 1 management ip>, device: sdd, weight: 100 }] + + # This value can be any random string or number + # but each node in your swift cluster must have the same values + SWIFT_REBALANCE_SEED: 3828 + + # NOTE: Replace SWIFT_HASH_PATH_PREFIX and SWIFT_HASH_PATH_SUFFIX + # with your own unique values, + # + # `openssl rand -hex 10' can be used to generate unique values + # + # These values should be kept secret, do not lose them. + # + SWIFT_HASH_PATH_PREFIX: 041fc210e4e1d333ce1d + SWIFT_HASH_PATH_SUFFIX: 4d6f5362a356dda7fb7d + + ######################################################################### + + RABBITMQ_HOST: onenode + RABBITMQ_PORT: 5672 + RABBITMQ_USER: rabbitmq + RABBITMQ_PASSWORD: veryinsecure + + CONTROLLER_HOST_ADDRESS: onenode + MANAGEMENT_INTERFACE_IP_ADDRESS: <management ip> + + + KEYSTONE_TEMPORARY_ADMIN_TOKEN: 22f3aa1cf538e3f6d5e8 + KEYSTONE_ADMIN_PASSWORD: veryinsecure + KEYSTONE_DB_USER: keystoneDB + KEYSTONE_DB_PASSWORD: veryinsecure + + GLANCE_SERVICE_USER: glance + GLANCE_SERVICE_PASSWORD: veryinsecure + GLANCE_DB_USER: glanceDB + GLANCE_DB_PASSWORD: veryinsecure + + NOVA_SERVICE_USER: nova + NOVA_SERVICE_PASSWORD: veryinsecure + NOVA_DB_USER: novaDB + NOVA_DB_PASSWORD: veryinsecure + NOVA_VIRT_TYPE: qemu + + CINDER_SERVICE_USER: cinder + CINDER_SERVICE_PASSWORD: veryinsecure + CINDER_DB_USER: cinderDB + CINDER_DB_PASSWORD: veryinsecure + # Storage device to be used by Cinder + CINDER_DEVICE: /dev/sdb + + NEUTRON_SERVICE_USER: neutron + NEUTRON_SERVICE_PASSWORD: veryinsecure + NEUTRON_DB_USER: neutronDB + NEUTRON_DB_PASSWORD: veryinsecure + METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret + + HOSTS_CONTROLLER: <management ip> onenode + + # Network interface to be used, only needed if there are more + # than one available. + # EXTERNAL_INTERFACE: eno1 diff --git a/clusters/openstack-one-node.morph b/clusters/openstack-one-node.morph new file mode 100644 index 00000000..037cd23c --- /dev/null +++ b/clusters/openstack-one-node.morph @@ -0,0 +1,106 @@ +name: openstack-one-node +kind: cluster +description: | + This is a cluster morphology for deploying a x86_64 OpenStack system + all-in-one-node. + + Requirements to be able to run and test the system: + + - DISK_SIZE should be bigger than 5G + - The system has to have available at least 4G of RAM, but once + you start instantiating VMs you will need more. + - The IP of the system can't change, and you need to know it beforehand, + that is, the system needs a static IP address. + + This cluster is configurable, but with the following constraints: + + - The hostname in RABBITMQ_HOST has to match CONTROLLER_HOST_ADDRESS, + and HOST_CONTROLLER. + - HOSTS_CONTROLLER is only needed if the hostname (see previous point) + is not a FQDN. + - The IP listed in MANAGEMENT_INTERFACE_IP_ADDRESS has to match the one + used in HOSTS_CONTROLLER. + - CINDER_DEVICE should be a path to a storage device ready to be + used/formated for cinder data. + - EXTERNAL_INTERFACE is required when the system has more than one network + interface. + + You can also have a look at the following suggestions: + + - NOVA_VIRT_TYPE can be either 'kvm' or 'qemu', depending on where the + system is being deployed to. + - We recommend changing all the PASSWORDs variables, also the + KEYSTONE_TEMPORARY_ADMIN_TOKEN, METADATA_PROXY_SHARED_SECRET and + METERING_SECRET + - Setting NOVA_BAREMETAL_SCHEDULING with an YAML truth value will configure + Nova to schedule baremetal machines through the Ironic driver, instead of + sheduling virtual machines. + +systems: +- morph: systems/openstack-system-x86_64.morph + deploy: + release: + type: rawdisk + location: baserock-openstack-system-x86_64.img + DISK_SIZE: 10G + INSTALL_FILES: openstack/manifest + + HOSTNAME: onenode + + RABBITMQ_HOST: onenode + RABBITMQ_PORT: 5672 + RABBITMQ_USER: rabbitmq + RABBITMQ_PASSWORD: veryinsecure + + CONTROLLER_HOST_ADDRESS: onenode + MANAGEMENT_INTERFACE_IP_ADDRESS: <management ip> + + KEYSTONE_ENABLE_SERVICE: True + KEYSTONE_TEMPORARY_ADMIN_TOKEN: 22f3aa1cf538e3f6d5e8 + KEYSTONE_ADMIN_PASSWORD: veryinsecure + KEYSTONE_DB_USER: keystoneDB + KEYSTONE_DB_PASSWORD: veryinsecure + + GLANCE_ENABLE_SERVICE: True + GLANCE_SERVICE_USER: glance + GLANCE_SERVICE_PASSWORD: veryinsecure + GLANCE_DB_USER: glanceDB + GLANCE_DB_PASSWORD: veryinsecure + + NOVA_SERVICE_USER: nova + NOVA_SERVICE_PASSWORD: veryinsecure + NOVA_DB_USER: novaDB + NOVA_DB_PASSWORD: veryinsecure + NOVA_VIRT_TYPE: qemu + NOVA_BAREMETAL_SCHEDULING: no + + CINDER_SERVICE_USER: cinder + CINDER_SERVICE_PASSWORD: veryinsecure + CINDER_DB_USER: cinderDB + CINDER_DB_PASSWORD: veryinsecure + # Storage device to be used by Cinder + CINDER_DEVICE: /dev/sdb + + NEUTRON_SERVICE_USER: neutron + NEUTRON_SERVICE_PASSWORD: veryinsecure + NEUTRON_DB_USER: neutronDB + NEUTRON_DB_PASSWORD: veryinsecure + METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret + + IRONIC_ENABLE_SERVICE: True + IRONIC_SERVICE_USER: ironic + IRONIC_SERVICE_PASSWORD: veryinsecure + IRONIC_DB_USER: ironicDB + IRONIC_DB_PASSWORD: veryinsecure + + CEILOMETER_SERVICE_USER: ceilometer + CEILOMETER_SERVICE_PASSWORD: veryinsecure + CEILOMETER_DB_USER: ceilometerDB + CEILOMETER_DB_PASSWORD: veryinsecure + METERING_SECRET: insecureceilometersecret + + HOSTS_CONTROLLER: <management ip> onenode + + # Network interface to be used, only needed if there are more + # than one available. + # EXTERNAL_INTERFACE: eno1 diff --git a/clusters/openstack-three-node-installer.morph b/clusters/openstack-three-node-installer.morph new file mode 100644 index 00000000..6285217a --- /dev/null +++ b/clusters/openstack-three-node-installer.morph @@ -0,0 +1,239 @@ +name: openstack-three-node-installer +kind: cluster +description: | + + This is a cluster morphology for deploying an installer for an x86_64 + OpenStack system spread across three nodes. + + This cluster creates disk images that may be `dd`'d onto install media to + produce an OpenStack cluster when instantiated. + + Alternatively it may be used to install directly onto a physical disk by + running: + + morph deploy clusters/openstack-three-node-installer.morph \ + network-installer network-installer.location=/dev/vdb + + Substituting network-installer for either compute-installer or + controller-installer will produce different configurations, and it is possible + to substitue /dev/vdb for a different path to a disk image to install to a + different disk image. + + Substitute the values of HOSTNAME, NETWORK_CONFIG, EXTERNAL_INTERFACE, + MANAGEMENT_IP_ADDRESS, CONTROLLER_HOST_ADDRESS, RABBITMQ_HOST and HOSTS_* to + match your hardware and networking configuration. + + Requirements to be able to run and test the system: + + - DISK_SIZE should be bigger than 5G + - The system has to have available at least 4G of RAM, but once + you start instantiating VMs you will need more. + - The IP of the system can't change, and you need to know it beforehand, + that is, the system needs a static IP address. + + This cluster is configurable, but with the following constraints: + + - The hostname in RABBITMQ_HOST has to match CONTROLLER_HOST_ADDRESS, + and HOST_CONTROLLER. + - HOSTS_CONTROLLER is only needed if the hostname (see previous point) + is not a FQDN. + - The IP listed in MANAGEMENT_INTERFACE_IP_ADDRESS has to match the one + used in HOSTS_CONTROLLER. + - CINDER_DEVICE should be a path to a storage device ready to be + used/formated for cinder data. + - EXTERNAL_INTERFACE is required when the system has more than one network + interface. + + You can also have a look at the following suggestions: + + - NOVA_VIRT_TYPE can be either 'kvm' or 'qemu', depending on where the + system is being deployed to. + - We recommend changing all the PASSWORDs variables, also the + KEYSTONE_TEMPORARY_ADMIN_TOKEN, METADATA_PROXY_SHARED_SECRET and + METERING_SECRET. + - Setting NOVA_BAREMETAL_SCHEDULING with an YAML truth value will configure + Nova to schedule baremetal machines through the Ironic driver, instead of + sheduling virtual machines. + +systems: +- morph: systems/installer-system-x86_64.morph + deploy: + network-installer: &installer + type: rawdisk + location: installer-openstack-network-x86_64.img + KERNEL_ARGS: init=/usr/lib/baserock-installer/installer + DISK_SIZE: 6G + HOSTNAME: installer-x86_64 + INSTALLER_TARGET_STORAGE_DEVICE: /dev/sda + INSTALLER_ROOTFS_TO_INSTALL: /rootfs + INSTALLER_POST_INSTALL_COMMAND: 'sync; poweroff -f' + INITRAMFS_PATH: boot/initramfs.gz + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + network-initramfs: &initramfs + type: initramfs + location: boot/initramfs.gz + - morph: systems/openstack-system-x86_64.morph + deploy: + network-to-install: &stack-node + type: sysroot + location: rootfs + INSTALL_FILES: openstack/manifest + INITRAMFS_PATH: boot/initramfs.gz + + HOSTNAME: threenode-network + + RABBITMQ_HOST: threenode-controller.os-mgmt + RABBITMQ_PORT: 5672 + RABBITMQ_USER: rabbitmq + RABBITMQ_PASSWORD: veryinsecure + + # This token needs to be unique and secret + KEYSTONE_ENABLE_SERVICE: False + KEYSTONE_TEMPORARY_ADMIN_TOKEN: 22f3aa1cf538e3f6d5e8 + KEYSTONE_ADMIN_PASSWORD: veryinsecure + KEYSTONE_DB_USER: keystoneDB + KEYSTONE_DB_PASSWORD: veryinsecure + + GLANCE_ENABLE_SERVICE: False + GLANCE_SERVICE_USER: glance + GLANCE_SERVICE_PASSWORD: veryinsecure + GLANCE_DB_USER: glanceDB + GLANCE_DB_PASSWORD: veryinsecure + + NOVA_ENABLE_CONTROLLER: False + NOVA_ENABLE_COMPUTE: False + NOVA_SERVICE_USER: nova + NOVA_SERVICE_PASSWORD: veryinsecure + NOVA_DB_USER: novaDB + NOVA_DB_PASSWORD: veryinsecure + NOVA_VIRT_TYPE: kvm + NOVA_BAREMETAL_SCHEDULING: no + + CINDER_ENABLE_CONTROLLER: False + CINDER_ENABLE_COMPUTE: False + CINDER_ENABLE_STORAGE: False + CINDER_SERVICE_USER: cinder + CINDER_SERVICE_PASSWORD: veryinsecure + CINDER_DB_USER: cinderDB + CINDER_DB_PASSWORD: veryinsecure + # Storage device to be used by Cinder + CINDER_DEVICE: /dev/sdb + + NEUTRON_ENABLE_AGENT: False + NEUTRON_ENABLE_MANAGER: True + NEUTRON_ENABLE_CONTROLLER: False + NEUTRON_SERVICE_USER: neutron + NEUTRON_SERVICE_PASSWORD: veryinsecure + NEUTRON_DB_USER: neutronDB + NEUTRON_DB_PASSWORD: veryinsecure + METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret + + IRONIC_ENABLE_SERVICE: False + IRONIC_SERVICE_USER: ironic + IRONIC_SERVICE_PASSWORD: veryinsecure + IRONIC_DB_USER: ironicDB + IRONIC_DB_PASSWORD: veryinsecure + + CEILOMETER_SERVICE_USER: ceilometer + CEILOMETER_SERVICE_PASSWORD: veryinsecure + CEILOMETER_DB_USER: ceilometerDB + CEILOMETER_DB_PASSWORD: veryinsecure + CEILOMETER_ENABLE_CONTROLLER: False + CEILOMETER_ENABLE_COMPUTE: False + METERING_SECRET: insecureceilometersecret + + CONTROLLER_HOST_ADDRESS: threenode-controller.os-mgmt + MANAGEMENT_INTERFACE_IP_ADDRESS: 10.0.0.1 + + HOSTS_SELF: 10.0.0.1 threenode-network + HOSTS_NETWORK: 10.0.0.1 threenode-network.os-mgmt + HOSTS_CONTROL: 10.0.0.2 threenode-controller.os-mgmt + HOSTS_COMPUTE: 10.0.0.3 threenode-compute.os-mgmt + + EXTERNAL_INTERFACE: enp3s0 + NETWORK_CONFIG: enp3s0:dhcp;enp2s0:static,address=10.0.0.1,netmask=255.255.255.0 + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + network-to-install-initramfs: *initramfs +- morph: systems/installer-system-x86_64.morph + deploy: + controller-installer: + <<: *installer + location: installer-openstack-controller-x86_64.img + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + controller-initramfs: *initramfs + - morph: systems/openstack-system-x86_64.morph + deploy: + controller-to-install: + <<: *stack-node + HOSTNAME: threenode-controller + + KEYSTONE_ENABLE_SERVICE: True + + GLANCE_ENABLE_SERVICE: True + + NOVA_ENABLE_CONTROLLER: True + + CINDER_ENABLE_CONTROLLER: True + CINDER_ENABLE_COMPUTE: False + CINDER_ENABLE_STORAGE: False + + NEUTRON_ENABLE_AGENT: False + NEUTRON_ENABLE_MANAGER: False + NEUTRON_ENABLE_CONTROLLER: True + METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret + + IRONIC_ENABLE_SERVICE: True + + CEILOMETER_ENABLE_CONTROLLER: True + CEILOMETER_ENABLE_COMPUTE: False + + MANAGEMENT_INTERFACE_IP_ADDRESS: 10.0.0.2 + HOSTS_SELF: 10.0.0.2 threenode-controller + EXTERNAL_INTERFACE: enp2s0 + NETWORK_CONFIG: enp2s0:dhcp;enp0s26u1u2:static,address=10.0.0.2,netmask=255.255.255.0 + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + controller-to-install-initramfs: *initramfs +- morph: systems/installer-system-x86_64.morph + deploy: + compute-installer: + <<: *installer + location: installer-openstack-compute-x86_64.img + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + compute-initramfs: *initramfs + - morph: systems/openstack-system-x86_64.morph + deploy: + compute-to-install: + <<: *stack-node + HOSTNAME: threenode-compute + + NOVA_ENABLE_COMPUTE: True + + CINDER_ENABLE_CONTROLLER: False + CINDER_ENABLE_COMPUTE: True + CINDER_ENABLE_STORAGE: True + + NEUTRON_ENABLE_AGENT: True + NEUTRON_ENABLE_MANAGER: False + NEUTRON_ENABLE_CONTROLLER: False + + CEILOMETER_ENABLE_CONTROLLER: False + CEILOMETER_ENABLE_COMPUTE: True + + MANAGEMENT_INTERFACE_IP_ADDRESS: 10.0.0.3 + HOSTS_SELF: 10.0.0.3 threenode-compute + EXTERNAL_INTERFACE: eno1 + NETWORK_CONFIG: eno1:dhcp;enp0s29u1u3:static,address=10.0.0.3,netmask=255.255.255.0 + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + compute-to-install-initramfs: *initramfs diff --git a/clusters/openstack-two-node-installer.morph b/clusters/openstack-two-node-installer.morph new file mode 100644 index 00000000..f05b0e9b --- /dev/null +++ b/clusters/openstack-two-node-installer.morph @@ -0,0 +1,200 @@ +name: openstack-two-node-installer +kind: cluster +description: | + + This is a cluster morphology for deploying an installer for an x86_64 + OpenStack system spread across three nodes. + + This cluster creates disk images that may be `dd`'d onto install media to + produce an OpenStack cluster when instantiated. + + Alternatively it may be used to install directly onto a physical disk by + running: + + morph deploy clusters/openstack-two-node-installer.morph \ + controller-installer controller-installer.location=/dev/vdb + + Substituting contrller-installer for compute-installer will produce + different configurations, and it is possible to substitue /dev/vdb for a + different path to a disk image to install to a different disk image. + + Substitute the values of HOSTNAME, NETWORK_CONFIG, EXTERNAL_INTERFACE, + MANAGEMENT_IP_ADDRESS, CONTROLLER_HOST_ADDRESS, RABBITMQ_HOST and HOSTS_* to + match your hardware and networking configuration. + + Requirements to be able to run and test the system: + + - DISK_SIZE should be bigger than 5G + - The system has to have available at least 4G of RAM, but once + you start instantiating VMs you will need more. + - The IP of the system can't change, and you need to know it beforehand, + that is, the system needs a static IP address. + + This cluster is configurable, but with the following constraints: + + - The hostname in RABBITMQ_HOST has to match CONTROLLER_HOST_ADDRESS, + and HOST_CONTROLLER. + - HOSTS_CONTROLLER is only needed if the hostname (see previous point) + is not a FQDN. + - The IP listed in MANAGEMENT_INTERFACE_IP_ADDRESS has to match the one + used in HOSTS_CONTROLLER. + - CINDER_DEVICE should be a path to a storage device ready to be + used/formated for cinder data. + - EXTERNAL_INTERFACE is required when the system has more than one network + interface. + + You can also have a look at the following suggestions: + + - NOVA_VIRT_TYPE can be either 'kvm' or 'qemu', depending on where the + system is being deployed to. + - We recommend changing all the PASSWORDs variables, also the + KEYSTONE_TEMPORARY_ADMIN_TOKEN, METADATA_PROXY_SHARED_SECRET and + METERING_SECRET. + - Setting NOVA_BAREMETAL_SCHEDULING with a YAML truth value will configure + Nova to schedule baremetal machines through the Ironic driver, instead of + sheduling virtual machines. + +systems: +- morph: systems/installer-system-x86_64.morph + deploy: + controller-installer: &installer + type: rawdisk + location: installer-openstack-controller-x86_64.img + KERNEL_ARGS: init=/usr/lib/baserock-installer/installer + DISK_SIZE: 6G + HOSTNAME: installer-x86_64 + INSTALLER_TARGET_STORAGE_DEVICE: /dev/sda + INSTALLER_ROOTFS_TO_INSTALL: /rootfs + INSTALLER_POST_INSTALL_COMMAND: 'sync; poweroff -f' + INITRAMFS_PATH: boot/initramfs.gz + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + controller-initramfs: &initramfs + type: initramfs + location: boot/initramfs.gz + - morph: systems/openstack-system-x86_64.morph + deploy: + controller-to-install: &stack-node + type: sysroot + location: rootfs + INSTALL_FILES: openstack/manifest + INITRAMFS_PATH: boot/initramfs.gz + + HOSTNAME: twonode-controller + + RABBITMQ_HOST: twonode-controller.os-mgmt + RABBITMQ_PORT: 5672 + RABBITMQ_USER: rabbitmq + RABBITMQ_PASSWORD: veryinsecure + + # This token needs to be unique and secret + KEYSTONE_ENABLE_SERVICE: True + KEYSTONE_TEMPORARY_ADMIN_TOKEN: 22f3aa1cf538e3f6d5e8 + KEYSTONE_ADMIN_PASSWORD: veryinsecure + KEYSTONE_DB_USER: keystoneDB + KEYSTONE_DB_PASSWORD: veryinsecure + + GLANCE_ENABLE_SERVICE: True + GLANCE_SERVICE_USER: glance + GLANCE_SERVICE_PASSWORD: veryinsecure + GLANCE_DB_USER: glanceDB + GLANCE_DB_PASSWORD: veryinsecure + + NOVA_ENABLE_CONTROLLER: True + NOVA_ENABLE_COMPUTE: False + NOVA_SERVICE_USER: nova + NOVA_SERVICE_PASSWORD: veryinsecure + NOVA_DB_USER: novaDB + NOVA_DB_PASSWORD: veryinsecure + NOVA_VIRT_TYPE: kvm + NOVA_BAREMETAL_SCHEDULING: no + + CINDER_ENABLE_CONTROLLER: True + CINDER_ENABLE_COMPUTE: False + CINDER_ENABLE_STORAGE: False + CINDER_SERVICE_USER: cinder + CINDER_SERVICE_PASSWORD: veryinsecure + CINDER_DB_USER: cinderDB + CINDER_DB_PASSWORD: veryinsecure + # Storage device to be used by Cinder + CINDER_DEVICE: /dev/sdb + + NEUTRON_ENABLE_AGENT: False + NEUTRON_ENABLE_MANAGER: True + NEUTRON_ENABLE_CONTROLLER: True + NEUTRON_SERVICE_USER: neutron + NEUTRON_SERVICE_PASSWORD: veryinsecure + NEUTRON_DB_USER: neutronDB + NEUTRON_DB_PASSWORD: veryinsecure + METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret + + IRONIC_ENABLE_SERVICE: True + IRONIC_SERVICE_USER: ironic + IRONIC_SERVICE_PASSWORD: veryinsecure + IRONIC_DB_USER: ironicDB + IRONIC_DB_PASSWORD: veryinsecure + + CEILOMETER_SERVICE_USER: ceilometer + CEILOMETER_SERVICE_PASSWORD: veryinsecure + CEILOMETER_DB_USER: ceilometerDB + CEILOMETER_DB_PASSWORD: veryinsecure + CEILOMETER_ENABLE_CONTROLLER: True + CEILOMETER_ENABLE_COMPUTE: False + METERING_SECRET: insecureceilometersecret + + CONTROLLER_HOST_ADDRESS: twonode-controller.os-mgmt + MANAGEMENT_INTERFACE_IP_ADDRESS: 10.0.0.1 + + HOSTS_SELF: 10.0.0.1 twonode-controller + HOSTS_CONTROL: 10.0.0.1 twonode-controller.os-mgmt + HOSTS_COMPUTE: 10.0.0.3 twonode-compute.os-mgmt + EXTERNAL_INTERFACE: enp3s0 + NETWORK_CONFIG: enp3s0:dhcp;enp2s0:static,address=10.0.0.1,netmask=255.255.255.0 + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + controller-to-install-initramfs: *initramfs +- morph: systems/installer-system-x86_64.morph + deploy: + compute-installer: + <<: *installer + location: installer-openstack-compute-x86_64.img + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + compute-initramfs: *initramfs + - morph: systems/openstack-system-x86_64.morph + deploy: + compute-to-install: + <<: *stack-node + HOSTNAME: twonode-compute + + KEYSTONE_ENABLE_SERVICE: False + + GLANCE_ENABLE_SERVICE: False + + NOVA_ENABLE_COMPUTE: True + NOVA_ENABLE_CONTROLLER: False + + CINDER_ENABLE_CONTROLLER: False + CINDER_ENABLE_COMPUTE: True + CINDER_ENABLE_STORAGE: True + + NEUTRON_ENABLE_AGENT: True + NEUTRON_ENABLE_MANAGER: False + NEUTRON_ENABLE_CONTROLLER: False + + IRONIC_ENABLE_SERVICE: False + + CEILOMETER_ENABLE_CONTROLLER: False + CEILOMETER_ENABLE_COMPUTE: True + + MANAGEMENT_INTERFACE_IP_ADDRESS: 10.0.0.3 + HOSTS_SELF: 10.0.0.3 twonode-compute + EXTERNAL_INTERFACE: eno1 + NETWORK_CONFIG: eno1:dhcp;enp0s29u1u3:static,address=10.0.0.3,netmask=255.255.255.0 + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + compute-to-install-initramfs: *initramfs diff --git a/clusters/release.morph b/clusters/release.morph index f161d0df..c5bfffca 100644 --- a/clusters/release.morph +++ b/clusters/release.morph @@ -29,13 +29,21 @@ systems: type: rawdisk location: build-system-x86_64.img DISK_SIZE: 6G + INITRAMFS_PATH: boot/initramfs.gz + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + initramfs-build-system-x86_64: + type: initramfs + location: boot/initramfs.gz - morph: systems/build-system-armv7lhf-jetson.morph deploy: - devel-system-armv7lhf-jetson: + build-system-armv7lhf-jetson: type: rawdisk location: build-system-armv7lhf-jetson.img DISK_SIZE: 2G - ROOT_DEVICE: "/dev/mmcblk0p1" + BOOT_DEVICE: "/dev/mmcblk0p1" + ROOT_DEVICE: "/dev/mmcblk0p2" DTB_PATH: "boot/tegra124-jetson-tk1.dtb" BOOTLOADER_CONFIG_FORMAT: "extlinux" BOOTLOADER_INSTALL: "none" @@ -47,13 +55,21 @@ systems: location: genivi-baseline-system-x86_64-generic.img DISK_SIZE: 4G KERNEL_ARGS: vga=788 + INITRAMFS_PATH: boot/initramfs.gz + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + initramfs-genivi-baseline-system-x86_64-generic: + type: initramfs + location: boot/initramfs.gz - morph: systems/genivi-baseline-system-armv7lhf-jetson.morph deploy: genivi-baseline-system-armv7lhf-jetson: type: rawdisk location: genivi-baseline-system-armv7lhf-jetson.img DISK_SIZE: 4G - ROOT_DEVICE: "/dev/mmcblk0p1" + BOOT_DEVICE: "/dev/mmcblk0p1" + ROOT_DEVICE: "/dev/mmcblk0p2" DTB_PATH: "boot/tegra124-jetson-tk1.dtb" BOOTLOADER_CONFIG_FORMAT: "extlinux" BOOTLOADER_INSTALL: "none" diff --git a/clusters/trove-example.morph b/clusters/trove-example.morph index 1b1e9777..2812f60e 100644 --- a/clusters/trove-example.morph +++ b/clusters/trove-example.morph @@ -15,7 +15,7 @@ description: | To do the initial deployment: - morph deploy --upgrade clusters/trove-example.morph \ + morph deploy clusters/trove-example.morph \ initial \ initial.location=kvm+ssh://liw@192.168.122.1/test-trove/tmp/test-trove.img diff --git a/clusters/weston-system-x86_64-generic-deploy.morph b/clusters/weston-system-x86_64-generic-deploy.morph index ac63a93a..3a6f29ef 100644 --- a/clusters/weston-system-x86_64-generic-deploy.morph +++ b/clusters/weston-system-x86_64-generic-deploy.morph @@ -1,7 +1,11 @@ -name: release +name: weston-system-x86_64-generic-deploy kind: cluster description: | Deploy a stock weston system. + + The resulting image can be copied to a USB and booted from there, + as well as in a virtual machine. + systems: - morph: systems/weston-system-x86_64-generic.morph deploy: @@ -10,3 +14,10 @@ systems: location: /weston-system-x86_64-generic.img DISK_SIZE: 4G KERNEL_ARGS: vga=788 + INITRAMFS_PATH: boot/initramfs.gz + subsystems: + - morph: systems/initramfs-x86_64.morph + deploy: + initramfs: + type: initramfs + location: boot/initramfs.gz diff --git a/distbuild/manifest b/distbuild/manifest index 35047028..9363fa85 100644 --- a/distbuild/manifest +++ b/distbuild/manifest @@ -10,14 +10,14 @@ 0100644 0 0 /usr/lib/distbuild-setup/ansible/distbuild-setup.yml 0040755 0 0 /usr/lib/systemd 0040755 0 0 /usr/lib/systemd/system -0100755 0 0 /usr/lib/systemd/system/morph-cache-server.service -0100755 0 0 /usr/lib/systemd/system/morph-controller.service -0100755 0 0 /usr/lib/systemd/system/morph-controller-helper.service -0100755 0 0 /usr/lib/systemd/system/morph-worker.service -0100755 0 0 /usr/lib/systemd/system/morph-worker-helper.service -0100755 0 0 /usr/lib/systemd/system/distbuild-setup.service +0100644 0 0 /usr/lib/systemd/system/morph-cache-server.service +0100644 0 0 /usr/lib/systemd/system/morph-controller.service +0100644 0 0 /usr/lib/systemd/system/morph-controller-helper.service +0100644 0 0 /usr/lib/systemd/system/morph-worker.service +0100644 0 0 /usr/lib/systemd/system/morph-worker-helper.service +0100644 0 0 /usr/lib/systemd/system/distbuild-setup.service 0040755 0 0 /usr/lib/systemd/system/multi-user.target.wants -0120755 0 0 /usr/lib/systemd/system/multi-user.target.wants/distbuild-setup.service +0120644 0 0 /usr/lib/systemd/system/multi-user.target.wants/distbuild-setup.service 0040755 0 0 /usr/share 0040755 0 0 /usr/share/distbuild-setup 0100644 0 0 /usr/share/distbuild-setup/morph.conf diff --git a/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml b/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml index e4f94f54..c3074c63 100644 --- a/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml +++ b/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml @@ -64,6 +64,16 @@ fi creates=/etc/ssh/ssh_known_hosts + # This is a kludge. We can add the host key for the TROVE_HOST that was + # specified, but users may access the Trove by other names, e.g. IP address + # or domain name. Distbuild is currently not safe to run except on a private + # network where host key checking is not important, so we disable it by + # default to avoid errors when users don't stick to using the exact same + # TROVE_HOST in repo URLs. + - name: Disable strict SSH host key checking + lineinfile: + dest: /etc/ssh/ssh_config + line: StrictHostKeyChecking no - name: Enable the morph-cache-server service service: name=morph-cache-server.service enabled=yes diff --git a/essential-files/etc/inputrc b/essential-files/etc/inputrc new file mode 100644 index 00000000..ddee44cd --- /dev/null +++ b/essential-files/etc/inputrc @@ -0,0 +1,38 @@ +# Allow the command prompt to wrap to the next line +set horizontal-scroll-mode Off + +# Enable 8bit input +set meta-flag On +set input-meta On + +# Turns off 8th bit stripping +set convert-meta Off + +# Keep the 8th bit for display +set output-meta On + +# none, visible or audible +set bell-style none + +# for linux console and RH/Debian xterm +"\e[1~": beginning-of-line +"\e[4~": end-of-line +"\e[5~": beginning-of-history +"\e[6~": end-of-history +"\e[7~": beginning-of-line +"\e[3~": delete-char +"\e[2~": quoted-insert +"\e[5C": forward-word +"\e[5D": backward-word +"\e\e[C": forward-word +"\e\e[D": backward-word +"\e[1;5C": forward-word +"\e[1;5D": backward-word + +# for non RH/Debian xterm, can't hurt for RH/DEbian xterm +"\eOH": beginning-of-line +"\eOF": end-of-line + +# for Konsole and freebsd console +"\e[H": beginning-of-line +"\e[F": end-of-line diff --git a/essential-files/etc/os-release b/essential-files/etc/os-release new file mode 100644 index 00000000..b729c75f --- /dev/null +++ b/essential-files/etc/os-release @@ -0,0 +1,5 @@ +NAME="Baserock" +ID=baserock +HOME_URL="http://wiki.baserock.org" +SUPPORT_URL="http://wiki.baserock.org/mailinglist" +BUG_REPORT_URL="http://wiki.baserock.org/mailinglist" diff --git a/essential-files/etc/profile b/essential-files/etc/profile new file mode 100644 index 00000000..c5bddd0d --- /dev/null +++ b/essential-files/etc/profile @@ -0,0 +1,9 @@ +# /etc/profile + +# Source global bash config +if test "$PS1" && test "$BASH" && test -r /etc/bash.bashrc; then + . /etc/bash.bashrc +fi + +# Set default pager to less +export MANPAGER='less -R' diff --git a/essential-files/manifest b/essential-files/manifest new file mode 100644 index 00000000..960111c4 --- /dev/null +++ b/essential-files/manifest @@ -0,0 +1,4 @@ +0040755 0 0 /etc +overwrite 0100644 0 0 /etc/os-release +overwrite 0100644 0 0 /etc/profile +overwrite 0100644 0 0 /etc/inputrc diff --git a/gitlab-ci-runner/manifest b/gitlab-ci-runner/manifest deleted file mode 100644 index bad84dea..00000000 --- a/gitlab-ci-runner/manifest +++ /dev/null @@ -1,4 +0,0 @@ -0040755 0 0 /usr/share/gitlab-install -0100755 0 0 /usr/share/gitlab-install/install-runner -0040755 0 0 /usr/share/gitlab-install/systemd-units -0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-ci-runner.service diff --git a/gitlab-ci-runner/usr/share/gitlab-install/install-runner b/gitlab-ci-runner/usr/share/gitlab-install/install-runner deleted file mode 100755 index f1165af8..00000000 --- a/gitlab-ci-runner/usr/share/gitlab-install/install-runner +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -e - -gem install bundler - -git config --global http.sslVerify false -git config --global user.name 'GitLab CI Runner' -git config --global user.email 'ci_runner@localhost' -git config --global core.autocrlf input - -git clone https://gitlab.com/gitlab-org/gitlab-ci-runner.git -b 5-0-stable -cd gitlab-ci-runner - -bundle install --deployment -bundle exec ./bin/setup -nohup bundle exec ./bin/runner & - -cd /etc/systemd/system -cp /usr/share/gitlab-install/systemd-units/gitlab-ci-runner.service . -systemctl enable gitlab-ci-runner.service diff --git a/gitlab-ci-runner/usr/share/gitlab-install/systemd-units/gitlab-ci-runner.service b/gitlab-ci-runner/usr/share/gitlab-install/systemd-units/gitlab-ci-runner.service deleted file mode 100644 index dfc84d96..00000000 --- a/gitlab-ci-runner/usr/share/gitlab-install/systemd-units/gitlab-ci-runner.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=GitLab CI Runner - -[Service] -User=root -WorkingDirectory=/root/gitlab-ci-runner -SyslogIdentifier=gitlab-ci-runner - -ExecStart=/usr/bin/bundle exec "./bin/runner" -ExecStop=/bin/kill -s QUIT $MAINPID -ExecReload=/bin/kill -s USR2 $MAINPID - -[Install] -WantedBy=multi-user.target - diff --git a/gitlab-server/manifest b/gitlab-server/manifest deleted file mode 100644 index 7ac74744..00000000 --- a/gitlab-server/manifest +++ /dev/null @@ -1,37 +0,0 @@ -0100755 0 0 /usr/share/gitlab-setup -0040755 0 0 /usr/share/gitlab-install -0100755 0 0 /usr/share/gitlab-install/backup-gitlab -0040755 0 0 /usr/share/gitlab-install/gitlab -0040755 0 0 /usr/share/gitlab-install/gitlab/config -0100644 0 0 /usr/share/gitlab-install/gitlab/config/gitlab.yml -0040755 0 0 /usr/share/gitlab-install/gitlab/config/initializers -0100644 0 0 /usr/share/gitlab-install/gitlab/config/resque.yml -0100644 0 0 /usr/share/gitlab-install/gitlab/config/unicorn.rb -0100644 0 0 /usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb -0040755 0 0 /usr/share/gitlab-install/gitlab/lib -0040755 0 0 /usr/share/gitlab-install/gitlab/lib/support -0040755 0 0 /usr/share/gitlab-install/gitlab/lib/support/nginx -0100644 0 0 /usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab -0040755 0 0 /usr/share/gitlab-install/gitlab-shell -0100644 0 0 /usr/share/gitlab-install/gitlab-shell/config.yml -0040755 0 0 /usr/share/gitlab-install/gitlab-ci -0040755 0 0 /usr/share/gitlab-install/gitlab-ci/config -0100644 0 0 /usr/share/gitlab-install/gitlab-ci/config/application.yml -0100644 0 0 /usr/share/gitlab-install/gitlab-ci/config/resque.yml -0100644 0 0 /usr/share/gitlab-install/gitlab-ci/config/unicorn.rb -0040755 0 0 /usr/share/gitlab-install/gitlab-ci/lib -0040755 0 0 /usr/share/gitlab-install/gitlab-ci/lib/support -0040755 0 0 /usr/share/gitlab-install/gitlab-ci/lib/support/nginx -0100644 0 0 /usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci -0100644 0 0 /usr/share/gitlab-install/nginx.conf -0040755 0 0 /usr/share/gitlab-install/systemd-units -0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab.target -0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service -0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service -0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service -0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-unicorn.service -0100644 0 0 /usr/share/gitlab-install/systemd-units/nginx.service -0100644 0 0 /usr/share/gitlab-install/systemd-units/postgres.service -0100644 0 0 /usr/share/gitlab-install/systemd-units/redis.service -0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-backup.service -0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-backup.timer diff --git a/gitlab-server/usr/share/gitlab-install/backup-gitlab b/gitlab-server/usr/share/gitlab-install/backup-gitlab deleted file mode 100644 index 1320df81..00000000 --- a/gitlab-server/usr/share/gitlab-install/backup-gitlab +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -# -# Run the gitlab backup script. The backup will be stored as -# /home/git/gitlab-backup.tar . A separate backup host will need to -# back that up. -# -# This script be run as the postgres user on a Baserock GitLab host. - -set -e - -export PATH=/usr/local/bin:/usr/bin:/bin - -mkdir -p /home/postgres/dumps -cd /home/postgres/dumps -pg_dumpall > new.dump -mv new.dump gitlab.pg_dumpall diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml deleted file mode 100644 index 6eb5eb19..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml +++ /dev/null @@ -1,43 +0,0 @@ -defaults: &defaults - gitlab_server_urls: - # Replace with your gitlab server url - - 'http://##GITLAB_HOSTNAME##/' - - ## Gitlab CI settings - gitlab_ci: - ## Web server settings - host: ##GITLAB_HOSTNAME## - port: ##CI_PORT## - https: false - - ## Email settings - # Email address used in the "From" field in mails sent by GitLab-CI - email_from: gitlab-ci@localhost - - # Email address of your support contact (default: same as email_from) - support_email: support@localhost - - # Default project notifications settings: - # - # Send emails only on broken builds (default: true) - # all_broken_builds: true - # - # Add committer to recipients list (default: false) - # add_committer: true - - gravatar: - enabled: true - plain_url: "http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" - ssl_url: "https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm" - - -development: - <<: *defaults - -test: - <<: *defaults - gitlab_server_urls: - - 'http://demo.gitlab.com/' - -production: - <<: *defaults diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml deleted file mode 100644 index f42ffe78..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml +++ /dev/null @@ -1,3 +0,0 @@ -development: redis://127.0.0.1:6379 -test: redis://127.0.0.1:6379 -production: redis://127.0.0.1:6379 diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb deleted file mode 100644 index cdcbe39a..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb +++ /dev/null @@ -1,102 +0,0 @@ -# Sample verbose configuration file for Unicorn (not Rack) -# -# This configuration file documents many features of Unicorn -# that may not be needed for some applications. See -# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb -# for a much simpler configuration file. -# -# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete -# documentation. - -# Use at least one worker per core if you're on a dedicated server, -# more will usually help for _short_ waits on databases/caches. -worker_processes 2 - -# Since Unicorn is never exposed to outside clients, it does not need to -# run on the standard HTTP port (80), there is no reason to start Unicorn -# as root unless it's from system init scripts. -# If running the master process as root and the workers as an unprivileged -# user, do this to switch euid/egid in the workers (also chowns logs): -# user "unprivileged_user", "unprivileged_group" - -# Help ensure your application will always spawn in the symlinked -# "current" directory that Capistrano sets up. -working_directory "/home/gitlab_ci/gitlab-ci" # available in 0.94.0+ - -# listen on both a Unix domain socket and a TCP port, -# we use a shorter backlog for quicker failover when busy -listen "/home/gitlab_ci/gitlab-ci/tmp/sockets/gitlab-ci.socket", :backlog => 64 -listen "127.0.0.1:##UNICORN_CI_PORT##", :tcp_nopush => true - -# nuke workers after 30 seconds instead of 60 seconds (the default) -timeout 30 - -# feel free to point this anywhere accessible on the filesystem -pid "/home/gitlab_ci/gitlab-ci/tmp/pids/unicorn.pid" - -# By default, the Unicorn logger will write to stderr. -# Additionally, some applications/frameworks log to stderr or stdout, -# so prevent them from going to /dev/null when daemonized here: -stderr_path "/home/gitlab_ci/gitlab-ci/log/unicorn.stderr.log" -stdout_path "/home/gitlab_ci/gitlab-ci/log/unicorn.stdout.log" - -# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings -# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow -preload_app true -GC.respond_to?(:copy_on_write_friendly=) and - GC.copy_on_write_friendly = true - -# Enable this flag to have unicorn test client connections by writing the -# beginning of the HTTP headers before calling the application. This -# prevents calling the application for connections that have disconnected -# while queued. This is only guaranteed to detect clients on the same -# host unicorn runs on, and unlikely to detect disconnects even on a -# fast LAN. -check_client_connection false - -before_fork do |server, worker| - # the following is highly recomended for Rails + "preload_app true" - # as there's no need for the master process to hold a connection - defined?(ActiveRecord::Base) and - ActiveRecord::Base.connection.disconnect! - - # The following is only recommended for memory/DB-constrained - # installations. It is not needed if your system can house - # twice as many worker_processes as you have configured. - # - # This allows a new master process to incrementally - # phase out the old master process with SIGTTOU to avoid a - # thundering herd (especially in the "preload_app false" case) - # when doing a transparent upgrade. The last worker spawned - # will then kill off the old master process with a SIGQUIT. - old_pid = "#{server.config[:pid]}.oldbin" - if old_pid != server.pid - begin - sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU - Process.kill(sig, File.read(old_pid).to_i) - rescue Errno::ENOENT, Errno::ESRCH - end - end - # - # Throttle the master from forking too quickly by sleeping. Due - # to the implementation of standard Unix signal handlers, this - # helps (but does not completely) prevent identical, repeated signals - # from being lost when the receiving process is busy. - # sleep 1 -end - -after_fork do |server, worker| - # per-process listener ports for debugging/admin/migrations - # addr = "127.0.0.1:#{9293 + worker.nr}" - # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) - - # the following is *required* for Rails + "preload_app true", - defined?(ActiveRecord::Base) and - ActiveRecord::Base.establish_connection - - # if preload_app is true, then you may also want to check and - # restart any other shared sockets/descriptors such as Memcached, - # and Redis. TokyoCabinet file handles are safe to reuse - # between any number of forked children (assuming your kernel - # correctly implements pread()/pwrite() system calls) -end diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci b/gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci deleted file mode 100644 index aa26614c..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci +++ /dev/null @@ -1,36 +0,0 @@ -# GITLAB CI -# Maintainer: @randx -# App Version: 2.0 - -upstream gitlab_ci { - server unix:/home/gitlab_ci/gitlab-ci/tmp/sockets/gitlab-ci.socket; -} - -server { - listen 81 default_server; # e.g., listen 192.168.1.1:80; - server_name ct-gitlab.dyn.ducie.codethink.co.uk; # e.g., server_name source.example.com; - root /home/gitlab_ci/gitlab-ci/public; - - access_log /var/log/nginx/gitlab_ci_access.log; - error_log /var/log/nginx/gitlab_ci_error.log; - - location / { - try_files $uri $uri/index.html $uri.html @gitlab_ci; - } - - location @gitlab_ci { - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_redirect off; - - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://gitlab_ci; - } - - # adjust this to match the largest build log your runners might submit, - # set to 0 to disable limit - client_max_body_size 10m; -} diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-remote-backup.sh b/gitlab-server/usr/share/gitlab-install/gitlab-remote-backup.sh deleted file mode 100644 index 85618811..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab-remote-backup.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -# -# Copy relevant files of a Baserock Gitlab instance out of the instance. -# -# Usage: backup.sh ADDR -# where ADDR is the address (domain name, IP address) of the instance. -# The files are copied to the current directory. - -set -eux - -ADDR="$1" - -backup() -{ - rsync -ahHS --delete "root@$ADDR:$1" "$2" -} - -mkdir -p dumps repositories uploads -backup /home/postgres/dumps/. dumps/. -backup /home/git/repositories/. repositories/. -backup /home/git/gitlab/public/uploads/. uploads/. - diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-remote-restore.sh b/gitlab-server/usr/share/gitlab-install/gitlab-remote-restore.sh deleted file mode 100644 index 78ff691a..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab-remote-restore.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -# -# Restore a Baserock Gitlab system backup to a fresh instance. -# -# Usage: restore.sh ADDR -# where ADDR is the address (domain name, IP address) of the instance. -# -# What this does is a) stop services b) copy files over c) reset the Postgres -# databases. - -set -eux - -ADDR="$1" - -restore() -{ - rsync -ahHS --delete "$2" "root@$ADDR:$1" -} - -# Stop services so we don't modify files and databases from underneath -# them, and also so they don't modify things while restore is happening. - -ssh "root@$ADDR" systemctl stop \ - crond gitlab-backup.service \ - gitlab-ci-sidekiq.service \ - gitlab-ci-unicorn.service \ - gitlab-sidekiq.service \ - gitlab-unicorn.service \ - gitlab.target \ - gitlab-backup.timer \ - nginx.service \ - redis.service - -# Create the directory where postgres dump files go. - -ssh "root@$ADDR" install -d -o postgres -g postgres /home/postgres/dumps - -# Restore the various files. - -restore /home/postgres/dumps/. dumps/. -restore /home/git/repositories/. repositories/. -restore /home/git/gitlab/public/uploads/. uploads/. - -# And thier uid/gid -ssh "root@$ADDR" chown -R git:git /home/git/repositories /home/git/gitlab/public/uploads - -# Delete tables and roles from Postgres so that the restore can happen. - -ssh "root@$ADDR" sudo -u postgres psql <<EOF -drop database gitlabhq_production; -drop database gitlab_ci_production; -drop role git, gitlab_ci; -EOF - -# Restore the Postgres databases from the latest dump. - -ssh "root@$ADDR" sudo -u postgres psql -q -f /home/postgres/dumps/gitlab.pg_dumpall diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml b/gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml deleted file mode 100644 index fba31eb6..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml +++ /dev/null @@ -1,41 +0,0 @@ -# GitLab user. git by default -user: git - -# Url to gitlab instance. Used for api calls. Should end with a slash. -gitlab_url: "http://##GITLAB_HOSTNAME##/" - -http_settings: -# user: someone -# password: somepass -# ca_file: /etc/ssl/cert.pem -# ca_path: /etc/pki/tls/certs - self_signed_cert: false - -# Repositories path -# Give the canonicalized absolute pathname, -# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!! -# Check twice that none of the components is a symlink, including "/home". -repos_path: "/home/git/repositories" - -# File used as authorized_keys for gitlab user -auth_file: "/home/git/.ssh/authorized_keys" - -# Redis settings used for pushing commit notices to gitlab -redis: - bin: /usr/bin/redis-cli - host: 127.0.0.1 - port: 6379 - # socket: /tmp/redis.socket # Only define this if you want to use sockets - namespace: resque:gitlab - -# Log file. -# Default is gitlab-shell.log in the root directory. -# log_file: "/home/git/gitlab-shell/gitlab-shell.log" - -# Log level. INFO by default -log_level: INFO - -# Audit usernames. -# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but -# incurs an extra API call on every gitlab-shell command. -audit_usernames: false diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml b/gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml deleted file mode 100644 index 66960551..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml +++ /dev/null @@ -1,49 +0,0 @@ -# -# PRODUCTION -# -production: - adapter: postgresql - encoding: unicode - database: gitlabhq_production - pool: 10 - # username: git - # password: - # host: localhost - # port: 5432 - # socket: /tmp/postgresql.sock - -# -# Development specific -# -development: - adapter: postgresql - encoding: unicode - database: gitlabhq_development - pool: 5 - username: postgres - password: - # socket: /tmp/postgresql.sock - -# -# Staging specific -# -staging: - adapter: postgresql - encoding: unicode - database: gitlabhq_staging - pool: 5 - username: postgres - password: - # socket: /tmp/postgresql.sock - -# Warning: The database defined as "test" will be erased and -# re-generated from your development database when you run "rake". -# Do not set this db to the same as development or production. -test: &test - adapter: postgresql - encoding: unicode - database: gitlabhq_test - pool: 5 - username: postgres - password: - # socket: /tmp/postgresql.sock diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml b/gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml deleted file mode 100644 index 06d2cee5..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml +++ /dev/null @@ -1,270 +0,0 @@ -# # # # # # # # # # # # # # # # # # -# GitLab application config file # -# # # # # # # # # # # # # # # # # # -# -# How to use: -# 1. copy file as gitlab.yml -# 2. Replace gitlab -> host with your domain -# 3. Replace gitlab -> email_from - -production: &base - # - # 1. GitLab app settings - # ========================== - - ## GitLab settings - gitlab: - ## Web server settings (note: host is the FQDN, do not include http://) - host: ##GITLAB_HOSTNAME## - port: ##GITLAB_PORT## - https: false - - # Uncomment and customize the last line to run in a non-root path - # WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this. - # Note that four settings need to be changed for this to work. - # 1) In your application.rb file: config.relative_url_root = "/gitlab" - # 2) In your gitlab.yml file: relative_url_root: /gitlab - # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" - # 4) In ../gitlab-shell/config.yml: gitlab_url: "http://127.0.0.1/gitlab" - # To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production - # - # relative_url_root: /gitlab - - # Uncomment and customize if you can't use the default user to run GitLab (default: 'git') - # user: git - - ## Email settings - # Email address used in the "From" field in mails sent by GitLab - email_from: ##GITLAB_EMAIL## - - # Email address of your support contact (default: same as email_from) - support_email: ##GITLAB_EMAIL## - - ## User settings - default_projects_limit: 10 - # default_can_create_group: false # default: true - # username_changing_enabled: false # default: true - User can change her username/namespace - ## Default theme - ## BASIC = 1 - ## MARS = 2 - ## MODERN = 3 - ## GRAY = 4 - ## COLOR = 5 - # default_theme: 2 # default: 2 - - - ## Users management - # default: false - Account passwords are not sent via the email if signup is enabled. - # signup_enabled: true - # - # default: true - If set to false, standard login form won't be shown on the sign-in page - # signin_enabled: false - - - # Restrict setting visibility levels for non-admin users. - # The default is to allow all levels. - #restricted_visibility_levels: [ "public" ] - - ## Automatic issue closing - # If a commit message matches this regular expression, all issues referenced from the matched text will be closed. - # This happens when the commit is pushed or merged into the default branch of a project. - # When not specified the default issue_closing_pattern as specified below will be used. - # issue_closing_pattern: '([Cc]lose[sd]|[Ff]ixe[sd]) #(\d+)' - - ## Default project features settings - default_projects_features: - issues: true - merge_requests: true - wiki: true - wall: false - snippets: false - visibility_level: "private" # can be "private" | "internal" | "public" - - ## Repository downloads directory - # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory. - # The default is 'tmp/repositories' relative to the root of the Rails app. - # repository_downloads_path: tmp/repositories - - ## External issues trackers - issues_tracker: - # redmine: - # title: "Redmine" - # ## If not nil, link 'Issues' on project page will be replaced with this - # ## Use placeholders: - # ## :project_id - GitLab project identifier - # ## :issues_tracker_id - Project Name or Id in external issue tracker - # project_url: "http://redmine.sample/projects/:issues_tracker_id" - # - # ## If not nil, links from /#\d/ entities from commit messages will replaced with this - # ## Use placeholders: - # ## :project_id - GitLab project identifier - # ## :issues_tracker_id - Project Name or Id in external issue tracker - # ## :id - Issue id (from commit messages) - # issues_url: "http://redmine.sample/issues/:id" - # - # ## If not nil, linkis to creating new issues will be replaced with this - # ## Use placeholders: - # ## :project_id - GitLab project identifier - # ## :issues_tracker_id - Project Name or Id in external issue tracker - # new_issue_url: "http://redmine.sample/projects/:issues_tracker_id/issues/new" - # - # jira: - # title: "Atlassian Jira" - # project_url: "http://jira.sample/issues/?jql=project=:issues_tracker_id" - # issues_url: "http://jira.sample/browse/:id" - # new_issue_url: "http://jira.sample/secure/CreateIssue.jspa" - - ## Gravatar - gravatar: - enabled: true # Use user avatar image from Gravatar.com (default: true) - # plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm - # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm - - # - # 2. Auth settings - # ========================== - - ## LDAP settings - # You can inspect a sample of the LDAP users with login access by running: - # bundle exec rake gitlab:ldap:check RAILS_ENV=production - ldap: - enabled: false - host: '_your_ldap_server' - port: 636 - uid: 'sAMAccountName' - method: 'ssl' # "tls" or "ssl" or "plain" - bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' - password: '_the_password_of_the_bind_user' - # If allow_username_or_email_login is enabled, GitLab will ignore everything - # after the first '@' in the LDAP username submitted by the user on login. - # - # Example: - # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; - # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. - # - # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to - # disable this setting, because the userPrincipalName contains an '@'. - allow_username_or_email_login: true - - # Base where we can search for users - # - # Ex. ou=People,dc=gitlab,dc=example - # - base: '' - - # Filter LDAP users - # - # Format: RFC 4515 - # Ex. (employeeType=developer) - # - user_filter: '' - - - ## OmniAuth settings - omniauth: - # Allow login via Twitter, Google, etc. using OmniAuth providers - enabled: false - - # CAUTION! - # This allows users to login without having a user account first (default: false). - # User accounts will be created automatically when authentication was successful. - allow_single_sign_on: false - # Locks down those users until they have been cleared by the admin (default: true). - block_auto_created_users: true - - ## Auth providers - # Uncomment the following lines and fill in the data of the auth provider you want to use - # If your favorite auth provider is not listed you can use others: - # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations - # The 'app_id' and 'app_secret' parameters are always passed as the first two - # arguments, followed by optional 'args' which can be either a hash or an array. - # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html - providers: - # - { name: 'google_oauth2', app_id: 'YOUR APP ID', - # app_secret: 'YOUR APP SECRET', - # args: { access_type: 'offline', approval_prompt: '' } } - # - { name: 'twitter', app_id: 'YOUR APP ID', - # app_secret: 'YOUR APP SECRET'} - # - { name: 'github', app_id: 'YOUR APP ID', - # app_secret: 'YOUR APP SECRET', - # args: { scope: 'user:email' } } - - - - # - # 3. Advanced settings - # ========================== - - # GitLab Satellites - satellites: - # Relative paths are relative to Rails.root (default: tmp/repo_satellites/) - path: /home/git/gitlab-satellites/ - - ## Backup settings - backup: - path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) - # keep_time: 604800 # default: 0 (forever) (in seconds) - - ## GitLab Shell settings - gitlab_shell: - path: /home/git/gitlab-shell/ - - # REPOS_PATH MUST NOT BE A SYMLINK!!! - repos_path: /home/git/repositories/ - hooks_path: /home/git/gitlab-shell/hooks/ - - # Git over HTTP - upload_pack: true - receive_pack: true - - # If you use non-standard ssh port you need to specify it - # ssh_port: 22 - - ## Git settings - # CAUTION! - # Use the default values unless you really know what you are doing - git: - bin_path: /usr/bin/git - # The next value is the maximum memory size grit can use - # Given in number of bytes per git object (e.g. a commit) - # This value can be increased if you have very large commits - max_size: 5242880 # 5.megabytes - # Git timeout to read a commit, in seconds - timeout: 10 - - # - # 4. Extra customization - # ========================== - - extra: - ## Google analytics. Uncomment if you want it - # google_analytics_id: '_your_tracking_id' - - ## Piwik analytics. - # piwik_url: '_your_piwik_url' - # piwik_site_id: '_your_piwik_site_id' - - ## Text under sign-in page (Markdown enabled) - # sign_in_text: | - #  - # [Learn more about CompanyName](http://www.companydomain.com/) - -development: - <<: *base - -test: - <<: *base - gravatar: - enabled: true - gitlab: - host: localhost - port: 80 - issues_tracker: - redmine: - title: "Redmine" - project_url: "http://redmine/projects/:issues_tracker_id" - issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" - new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" - -staging: - <<: *base diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb b/gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb deleted file mode 100644 index bc3234bf..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb +++ /dev/null @@ -1,18 +0,0 @@ -# 1. Rename this file to rack_attack.rb -# 2. Review the paths_to_be_protected and add any other path you need protecting -# - -paths_to_be_protected = [ - "#{Rails.application.config.relative_url_root}/users/password", - "#{Rails.application.config.relative_url_root}/users/sign_in", - "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json", - "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session", - "#{Rails.application.config.relative_url_root}/users", - "#{Rails.application.config.relative_url_root}/users/confirmation" -] - -unless Rails.env.test? - Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req| - req.ip if paths_to_be_protected.include?(req.path) && req.post? - end -end diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml b/gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml deleted file mode 100644 index f42ffe78..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml +++ /dev/null @@ -1,3 +0,0 @@ -development: redis://127.0.0.1:6379 -test: redis://127.0.0.1:6379 -production: redis://127.0.0.1:6379 diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb b/gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb deleted file mode 100644 index 02dbd98a..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb +++ /dev/null @@ -1,113 +0,0 @@ -# Sample verbose configuration file for Unicorn (not Rack) -# -# This configuration file documents many features of Unicorn -# that may not be needed for some applications. See -# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb -# for a much simpler configuration file. -# -# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete -# documentation. - -# Uncomment and customize the last line to run in a non-root path -# WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this. -# Note that four settings need to be changed for this to work. -# 1) In your application.rb file: config.relative_url_root = "/gitlab" -# 2) In your gitlab.yml file: relative_url_root: /gitlab -# 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" -# 4) In ../gitlab-shell/config.yml: gitlab_url: "http://127.0.0.1/gitlab" -# To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production -# -# ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab" - -# Use at least one worker per core if you're on a dedicated server, -# more will usually help for _short_ waits on databases/caches. -worker_processes 2 - -# Since Unicorn is never exposed to outside clients, it does not need to -# run on the standard HTTP port (80), there is no reason to start Unicorn -# as root unless it's from system init scripts. -# If running the master process as root and the workers as an unprivileged -# user, do this to switch euid/egid in the workers (also chowns logs): -# user "unprivileged_user", "unprivileged_group" - -# Help ensure your application will always spawn in the symlinked -# "current" directory that Capistrano sets up. -working_directory "/home/git/gitlab" # available in 0.94.0+ - -# listen on both a Unix domain socket and a TCP port, -# we use a shorter backlog for quicker failover when busy -listen "/home/git/gitlab/tmp/sockets/gitlab.socket", :backlog => 64 -listen "127.0.0.1:##UNICORN_PORT##", :tcp_nopush => true - -# nuke workers after 30 seconds instead of 60 seconds (the default) -timeout 30 - -# feel free to point this anywhere accessible on the filesystem -pid "/home/git/gitlab/tmp/pids/unicorn.pid" - -# By default, the Unicorn logger will write to stderr. -# Additionally, some applications/frameworks log to stderr or stdout, -# so prevent them from going to /dev/null when daemonized here: -stderr_path "/home/git/gitlab/log/unicorn.stderr.log" -stdout_path "/home/git/gitlab/log/unicorn.stdout.log" - -# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings -# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow -preload_app true -GC.respond_to?(:copy_on_write_friendly=) and - GC.copy_on_write_friendly = true - -# Enable this flag to have unicorn test client connections by writing the -# beginning of the HTTP headers before calling the application. This -# prevents calling the application for connections that have disconnected -# while queued. This is only guaranteed to detect clients on the same -# host unicorn runs on, and unlikely to detect disconnects even on a -# fast LAN. -check_client_connection false - -before_fork do |server, worker| - # the following is highly recomended for Rails + "preload_app true" - # as there's no need for the master process to hold a connection - defined?(ActiveRecord::Base) and - ActiveRecord::Base.connection.disconnect! - - # The following is only recommended for memory/DB-constrained - # installations. It is not needed if your system can house - # twice as many worker_processes as you have configured. - # - # This allows a new master process to incrementally - # phase out the old master process with SIGTTOU to avoid a - # thundering herd (especially in the "preload_app false" case) - # when doing a transparent upgrade. The last worker spawned - # will then kill off the old master process with a SIGQUIT. - old_pid = "#{server.config[:pid]}.oldbin" - if old_pid != server.pid - begin - sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU - Process.kill(sig, File.read(old_pid).to_i) - rescue Errno::ENOENT, Errno::ESRCH - end - end - # - # Throttle the master from forking too quickly by sleeping. Due - # to the implementation of standard Unix signal handlers, this - # helps (but does not completely) prevent identical, repeated signals - # from being lost when the receiving process is busy. - # sleep 1 -end - -after_fork do |server, worker| - # per-process listener ports for debugging/admin/migrations - # addr = "127.0.0.1:#{9293 + worker.nr}" - # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) - - # the following is *required* for Rails + "preload_app true", - defined?(ActiveRecord::Base) and - ActiveRecord::Base.establish_connection - - # if preload_app is true, then you may also want to check and - # restart any other shared sockets/descriptors such as Memcached, - # and Redis. TokyoCabinet file handles are safe to reuse - # between any number of forked children (assuming your kernel - # correctly implements pread()/pwrite() system calls) -end diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab b/gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab deleted file mode 100644 index e9d3b1f0..00000000 --- a/gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab +++ /dev/null @@ -1,70 +0,0 @@ -# GITLAB -# Maintainer: @randx - -# CHUNKED TRANSFER -# It is a known issue that Git-over-HTTP requires chunked transfer encoding [0] which is not -# supported by Nginx < 1.3.9 [1]. As a result, pushing a large object with Git (i.e. a single large file) -# can lead to a 411 error. In theory you can get around this by tweaking this configuration file and either -# - installing an old version of Nginx with the chunkin module [2] compiled in, or -# - using a newer version of Nginx. -# -# At the time of writing we do not know if either of these theoretical solutions works. As a workaround -# users can use Git over SSH to push large files. -# -# [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99 -# [1] https://github.com/agentzh/chunkin-nginx-module#status -# [2] https://github.com/agentzh/chunkin-nginx-module - -upstream gitlab { - server unix:/home/git/gitlab/tmp/sockets/gitlab.socket; -} - -server { - listen *:##GITLAB_PORT## default_server; # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea - server_name ##GITLAB_HOSTNAME##; # e.g., server_name source.example.com; - server_tokens off; # don't show the version number, a security best practice - root /home/git/gitlab/public; - - # Increase this if you want to upload large attachments - # Or if you want to accept large git objects over http - client_max_body_size 20m; - - # individual nginx logs for this gitlab vhost - access_log /var/log/nginx/gitlab_access.log; - error_log /var/log/nginx/gitlab_error.log; - - location / { - # serve static files from defined root folder;. - # @gitlab is a named location for the upstream fallback, see below - try_files $uri $uri/index.html $uri.html @gitlab; - } - - # if a file, which is not found in the root folder is requested, - # then the proxy pass the request to the upsteam (gitlab unicorn) - location @gitlab { - # If you use https make sure you disable gzip compression - # to be safe against BREACH attack - # gzip off; - - proxy_read_timeout 300; # Some requests take more than 30 seconds. - proxy_connect_timeout 300; # Some requests take more than 30 seconds. - proxy_redirect off; - - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_pass http://gitlab; - } - - # Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression - location ~ ^/(assets)/ { - root /home/git/gitlab/public; - #gzip_static on; # to serve pre-gzipped version - expires max; - add_header Cache-Control public; - } - - error_page 502 /502.html; -} diff --git a/gitlab-server/usr/share/gitlab-install/nginx.conf b/gitlab-server/usr/share/gitlab-install/nginx.conf deleted file mode 100644 index 6e40b0e9..00000000 --- a/gitlab-server/usr/share/gitlab-install/nginx.conf +++ /dev/null @@ -1,73 +0,0 @@ - -#user nobody; -worker_processes 1; - -#error_log logs/error.log; -#error_log logs/error.log notice; -#error_log logs/error.log info; - -#pid logs/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include mime.types; - default_type application/octet-stream; - - #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; - - #access_log logs/access.log main; - - sendfile on; - #tcp_nopush on; - - #keepalive_timeout 0; - keepalive_timeout 65; - - #gzip on; - - include /home/git/gitlab/lib/support/nginx/gitlab; - include /home/gitlab_ci/gitlab-ci/lib/support/nginx/gitlab_ci; - - # another virtual host using mix of IP-, name-, and port-based configuration - # - #server { - # listen 8000; - # listen somename:8080; - # server_name somename alias another.alias; - - # location / { - # root html; - # index index.html index.htm; - # } - #} - - - # HTTPS server - # - #server { - # listen 443 ssl; - # server_name localhost; - - # ssl_certificate cert.pem; - # ssl_certificate_key cert.key; - - # ssl_session_cache shared:SSL:1m; - # ssl_session_timeout 5m; - - # ssl_ciphers HIGH:!aNULL:!MD5; - # ssl_prefer_server_ciphers on; - - # location / { - # root html; - # index index.html index.htm; - # } - #} - -} diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-backup.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-backup.service deleted file mode 100644 index 8672c36d..00000000 --- a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-backup.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=GitLab Backup Run -After=postgres.service - -[Install] -WantedBy=gitlab.target - -[Service] -ExecStart=/usr/share/gitlab-install/backup-gitlab -User=postgres -Group=postgres diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-backup.timer b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-backup.timer deleted file mode 100644 index 1686843f..00000000 --- a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-backup.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=GitLab Backup Timer - -[Install] -WantedBy=gitlab.target - -[Timer] -OnCalendar=*-*-* 00:*:* diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service deleted file mode 100644 index 9a1a82d2..00000000 --- a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service +++ /dev/null @@ -1,24 +0,0 @@ -##################################################### -# -# GitLab version : 5.x - 6.x -# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 -# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd -# -#################################################### - -[Unit] -Description=GitLab CI Sidekiq Worker - -[Service] -Type=forking -User=gitlab_ci -WorkingDirectory=/home/gitlab_ci/gitlab-ci -Environment=RAILS_ENV=production -SyslogIdentifier=gitlab-ci-sidekiq -PIDFile=/home/gitlab_ci/gitlab-ci/tmp/pids/sidekiq.pid - -ExecStart=/usr/bin/bundle exec "sidekiq -q post_receive,mailer,system_hook,project_web_hook,gitlab_shell,common,default -e production -P tmp/pids/sidekiq.pid -d -L log/sidekiq.log >> log/sidekiq.log 2>&1" -ExecStop=/usr/bin/bundle exec "sidekiqctl stop /home/gitlab_ci/gitlab-ci/tmp/pids/sidekiq.pid >> /home/gitlab_ci/gitlab-ci/log/sidekiq.log 2>&1" - -[Install] -WantedBy=gitlab.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service deleted file mode 100644 index 151f9677..00000000 --- a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service +++ /dev/null @@ -1,24 +0,0 @@ -##################################################### -# -# GitLab version : 5.x - 6.x -# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 -# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd -# -#################################################### - -[Unit] -Description=GitLab CI Unicorn Server - -[Service] -User=gitlab_ci -WorkingDirectory=/home/gitlab_ci/gitlab-ci -Environment=RAILS_ENV=production -SyslogIdentifier=gitlab-ci-unicorn -PIDFile=/home/gitlab_ci/gitlab-ci/tmp/pids/unicorn.pid - -ExecStart=/usr/bin/bundle exec "unicorn_rails -c /home/gitlab_ci/gitlab-ci/config/unicorn.rb -E production" -ExecStop=/bin/kill -s QUIT $MAINPID -ExecReload=/bin/kill -s USR2 $MAINPID - -[Install] -WantedBy=gitlab.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service deleted file mode 100644 index 82ff78d4..00000000 --- a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service +++ /dev/null @@ -1,24 +0,0 @@ -##################################################### -# -# GitLab version : 5.x - 6.x -# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 -# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd -# -#################################################### - -[Unit] -Description=GitLab Sidekiq Worker - -[Service] -Type=forking -User=git -WorkingDirectory=/home/git/gitlab -Environment=RAILS_ENV=production -SyslogIdentifier=gitlab-sidekiq -PIDFile=/home/git/gitlab/tmp/pids/sidekiq.pid - -ExecStart=/usr/bin/bundle exec "sidekiq -q post_receive,mailer,system_hook,project_web_hook,gitlab_shell,common,default -e production -P tmp/pids/sidekiq.pid -d -L log/sidekiq.log >> log/sidekiq.log 2>&1" -ExecStop=/usr/bin/bundle exec "sidekiqctl stop /home/git/gitlab/tmp/pids/sidekiq.pid >> /home/git/gitlab/log/sidekiq.log 2>&1" - -[Install] -WantedBy=gitlab.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service deleted file mode 100644 index a901d323..00000000 --- a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service +++ /dev/null @@ -1,24 +0,0 @@ -##################################################### -# -# GitLab version : 5.x - 6.x -# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 -# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd -# -#################################################### - -[Unit] -Description=GitLab Unicorn Server - -[Service] -User=git -WorkingDirectory=/home/git/gitlab -Environment=RAILS_ENV=production -SyslogIdentifier=gitlab-unicorn -PIDFile=/home/git/gitlab/tmp/pids/unicorn.pid - -ExecStart=/usr/bin/bundle exec "unicorn_rails -c /home/git/gitlab/config/unicorn.rb -E production" -ExecStop=/bin/kill -s QUIT $MAINPID -ExecReload=/bin/kill -s USR2 $MAINPID - -[Install] -WantedBy=gitlab.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target deleted file mode 100644 index 11e85441..00000000 --- a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target +++ /dev/null @@ -1,15 +0,0 @@ -########################################################################################### -# -# GitLab version : 5.x - 6.x -# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91 -# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd -# -########################################################################################### - -[Unit] -Description=GitLab - Self Hosted Git Management -Requires=redis.service postgres.service -After=redis.service postgres.service syslog.target network.target - -[Install] -WantedBy=multi-user.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service b/gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service deleted file mode 100644 index 0a50c50b..00000000 --- a/gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=The nginx HTTP and reverse proxy server -After=syslog.target network.target remote-fs.target nss-lookup.target - -[Service] -Type=forking -PIDFile=/etc/nginx/nginx.pid -ExecStartPre=/usr/sbin/nginx -t -ExecStart=/usr/sbin/nginx -ExecReload=/bin/kill -s HUP $MAINPID -ExecStop=/bin/kill -s QUIT $MAINPID -PrivateTmp=true - -[Install] -WantedBy=multi-user.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/redis.service b/gitlab-server/usr/share/gitlab-install/systemd-units/redis.service deleted file mode 100644 index c936f8da..00000000 --- a/gitlab-server/usr/share/gitlab-install/systemd-units/redis.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Redis Server -After=network.target - -[Service] -Type=simple -ExecStart=/usr/bin/redis-server -ExecStop=/bin/kill -15 $MAINPID -PIDFile=/var/run/redis.pid -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/gitlab-server/usr/share/gitlab-setup b/gitlab-server/usr/share/gitlab-setup deleted file mode 100755 index e60dfcdf..00000000 --- a/gitlab-server/usr/share/gitlab-setup +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -set -e - -# install bundler (not nice, we need to figure out how to do this traceably) -gem install bundler - -# create required users -if [ `grep -c '^git:' /etc/passwd` -ne 1 ] ; then adduser -D --gecos 'GitLab' -s /bin/sh git ; fi -adduser -D -s /bin/sh postgres -adduser -D --gecos 'GitLab CI' -s /bin/sh gitlab_ci - -# initialize postgres database, start server -su -c "mkdir -p pgsql/data" - postgres -su -c "pg_ctl -D pgsql/data initdb" - postgres -su -c "pg_ctl -D pgsql/data -l logfile start" - postgres - -# wait for the database server to start -echo "Waiting for database..." -sleep 2s - -# create gitlab database -su -c "psql -d template1 -c 'CREATE USER git;'" - postgres -su -c "psql -d template1 -c 'CREATE DATABASE gitlabhq_production OWNER git;'" - postgres - -# create the gitlab ci database -su -c "psql -d template1 -c 'CREATE USER gitlab_ci;'" - postgres -su -c "psql -d template1 -c 'CREATE DATABASE gitlab_ci_production OWNER gitlab_ci;'" - postgres - -# set up git config for gitlab user -su -c "git config --global http.sslVerify false" - git -su -c "git config --global user.name 'GitLab'" - git -su -c "git config --global user.email 'gitlab@localhost'" - git -su -c "git config --global core.autocrlf input" - git - -# install gitlab shell -su -c "cp -r /usr/share/gitlab-shell gitlab-shell" - git -cd /home/git/gitlab-shell -cp /usr/share/gitlab-install/gitlab-shell/config.yml ./config.yml -su -c "~/gitlab-shell/bin/install" - git - -# install gitlab -su -c "cp -r /usr/share/gitlab-ce gitlab" - git -cd /home/git/gitlab -su -c "cp config/database.yml.postgresql config/database.yml" git -su -c "cp -r /usr/share/gitlab-install/gitlab/config/* config/" git - -su -c "chmod -R u+rwX log/" git -su -c "chmod -R u+rwX tmp/" git -su -c "chmod o-rwx config/database.yml" git - -su -c "/usr/bin/redis-server" - git & -su -c "bundle install --deployment --without development test mysql aws" git -su -c "export force='yes'; bundle exec rake gitlab:setup RAILS_ENV=production" git -su -c "bundle exec rake assets:precompile RAILS_ENV=production" git - -# set up git config for gitlab_ci user -su -c "git config --global http.sslVerify false" - gitlab_ci -su -c "git config --global user.name 'GitLab CI'" - gitlab_ci -su -c "git config --global user.email 'gitlab_ci@localhost'" - gitlab_ci -su -c "git config --global core.autocrlf input" - gitlab_ci - -# install gitlab ci -su -c "cp -r /usr/share/gitlab-ci gitlab-ci" - gitlab_ci -cd /home/gitlab_ci/gitlab-ci -su -c "cp config/database.yml.postgresql config/database.yml" gitlab_ci -su -c "cp -r /usr/share/gitlab-install/gitlab-ci/config/* config/" gitlab_ci - -su -c "mkdir -p tmp/sockets" gitlab_ci -su -c "mkdir -p tmp/pids" gitlab_ci -su -c "chmod -R u+rwx tmp/sockets" gitlab_ci -su -c "chmod -R u+rwx tmp/pids" gitlab_ci - -su -c "bundle install --without development test mysql --deployment" gitlab_ci -su -c "bundle exec rake setup RAILS_ENV=production" gitlab_ci -su -c "bundle exec whenever -w RAILS_ENV=production" gitlab_ci - -# configure nginx -addgroup nobody -mkdir -p /var/log/nginx -cp /usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab /home/git/gitlab/lib/support/nginx/ -cp /usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci /home/gitlab_ci/gitlab-ci/lib/support/nginx/ -cp /usr/share/gitlab-install/nginx.conf /etc/nginx/nginx.conf - -# make systemd units to start gitlab and required stuff on boot -cd /etc/systemd/system -cp /usr/share/gitlab-install/systemd-units/* . -systemctl enable redis.service nginx.service postgres.service gitlab.target gitlab-unicorn.service gitlab-sidekiq.service gitlab-ci-sidekiq.service gitlab-ci-unicorn.service gitlab-backup.timer gitlab-backup.service -reboot diff --git a/gitlab.configure b/gitlab.configure deleted file mode 100644 index 9798c775..00000000 --- a/gitlab.configure +++ /dev/null @@ -1,128 +0,0 @@ -#!/bin/sh -# -# Copyright (C) 2014 Codethink Limited -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# This is a "morph deploy" configuration extension to fully configure -# a GitLab and GitLab CI instance at deployment time. It uses the -# following variables from the environment: -# -# * GITLAB_HOSTNAME -# * GITLAB_PORT -# * GITLAB_EMAIL -# * UNICORN_PORT -# * CI_PORT -# * UNICORN_CI_PORT -# * MAIL_SEND_TYPE -# * SMTP_ADDR -# * SMTP_PORT -# * SMTP_USER -# * SMTP_PASS -# * SMTP_DOMAIN - -set -e - -ROOT="$1" - - -########################################################################## -# Substitutions in configuration files -########################################################################## - -echo "Creating /etc/gitlab-setup.sed" - -cat <<EOF > "$ROOT"/etc/gitlab-setup.sed -s/##GITLAB_HOSTNAME##/$GITLAB_HOSTNAME/g -s/##GITLAB_PORT##/$GITLAB_PORT/g -s/##GITLAB_EMAIL##/$GITLAB_EMAIL/g -s/##UNICORN_PORT##/$UNICORN_PORT/g -s/##CI_PORT##/$CI_PORT/g -s/##UNICORN_CI_PORT##/$UNICORN_CI_PORT/g -EOF - -echo "Performing substitutions in /usr/share/gitlab config" - -sed -f "$ROOT"/etc/gitlab-setup.sed -i \ - "$ROOT"/usr/share/gitlab-install/gitlab/config/gitlab.yml \ - "$ROOT"/usr/share/gitlab-install/gitlab/config/unicorn.rb \ - "$ROOT"/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab \ - "$ROOT"/usr/share/gitlab-install/gitlab-shell/config.yml \ - "$ROOT"/usr/share/gitlab-install/gitlab-ci/config/application.yml \ - "$ROOT"/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb \ - "$ROOT"/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci \ - "$ROOT"/usr/share/gitlab-install/nginx.conf - -########################################################################## - -echo "Create gitlab-setup unit file" -cat <<EOF > "$ROOT/etc/systemd/system/gitlab-setup.service" -[Unit] -Description=Run gitlab-setup (once) -Requires=network.target -After=network.target -Requires=local-fs.target -After=local-fs.target - -ConditionPathExists=!/home/git/gitlab - -[Service] -Type=oneshot -ExecStart=/usr/share/gitlab-setup -Restart=no - -[Install] -WantedBy=multi-user.target -EOF - -ln -s "/etc/systemd/system/gitlab-setup.service" \ - "$ROOT/etc/systemd/system/multi-user.target.wants/gitlab-setup.service" - -########################################################################## - -rubyescape() { - # In ruby, single quoted strings need \ and ' escaping - printf "%s\n" "$1" | sed -e "s/['\\]/\\\&/g" \ - -e "s/^/'/" \ - -e "s/$/'/" -} - -sedescape() { - # Escape all non-alphanumeric characters - printf "%s\n" "$1" | sed -e 's/\W/\\&/g' -} - -do_escapes() { - printf "%s\n" "$(sedescape "$(rubyescape "$1")")" -} - -if [ "$MAIL_SEND_TYPE" = "smtp" ]; then - - echo "Setting up SMTP for sending e-mail" - - for CONFIG_PATH in \ - "/usr/share/gitlab-ce/config" "/usr/share/gitlab-ci/config" - do - sed -i 's/sendmail/smtp/' \ - "$ROOT$CONFIG_PATH/environments/production.rb" - - sed -e s/\"email.server.com\"/"$(do_escapes "$SMTP_ADDR")/g" \ - -e s/\"smtp\"/"$(do_escapes "$SMTP_USER")/g" \ - -e s/\"123456\"/"$(do_escapes "$SMTP_PASS")/g" \ - -e s/\"gitlab.company.com\"/"$(do_escapes "$SMTP_DOMAIN")/g" \ - -e s/456/$SMTP_PORT/g \ - <"$ROOT$CONFIG_PATH/initializers/smtp_settings.rb.sample" \ - >"$ROOT$CONFIG_PATH/initializers/smtp_settings.rb" - done -fi diff --git a/mason.configure b/mason.configure index 1198ebd0..38792e48 100644 --- a/mason.configure +++ b/mason.configure @@ -14,21 +14,6 @@ # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# This is a "morph deploy" configuration extension to fully configure -# a Mason instance at deployment time. It uses the following variables -# from the environment: -# -# * ARTIFACT_CACHE_SERVER -# * MASON_CLUSTER_MORPHOLOGY -# * MASON_DEFINITIONS_REF -# * MASON_DISTBUILD_ARCH -# * MASON_TEST_HOST -# * OPENSTACK_NETWORK_ID -# * TEST_INFRASTRUCTURE_TYPE -# * TROVE_HOST -# * TROVE_ID -# * CONTROLLERHOST set -e @@ -39,27 +24,21 @@ set -e ROOT="$1" mkdir -p "$ROOT"/usr/lib/mason -cp mason/mason.sh "$ROOT"/usr/lib/mason/mason.sh -cp mason/mason-report.sh "$ROOT"/usr/lib/mason/mason-report.sh cp mason/os-init-script "$ROOT"/usr/lib/mason/os-init-script -cp mason/mason.timer "$ROOT"/etc/systemd/system/mason.timer - -cp mason/mason.service "$ROOT"/etc/systemd/system/mason.service +cp mason/mason-setup.service "$ROOT"/usr/lib/systemd/system/mason-setup.service +cp mason/zuul-server.service "$ROOT"/usr/lib/systemd/system/zuul-server.service +cp mason/zuul-merger.service "$ROOT"/usr/lib/systemd/system/zuul-merger.service +cp mason/turbo-hipster.service "$ROOT"/usr/lib/systemd/system/turbo-hipster.service +cp mason/lighttpd.service "$ROOT"/usr/lib/systemd/system/lighttpd.service ########################################################################## -# Set up httpd web server +# Create required directories ########################################################################## -cp mason/httpd.service "$ROOT"/etc/systemd/system/httpd.service - -mkdir -p "$ROOT"/srv/mason - -cat >>"$ROOT"/etc/httpd.conf <<EOF -.log:text/plain -EOF - -mkdir -p "$ROOT"/var/mason +mkdir -p "$ROOT"/var/www/logs +mkdir -p "$ROOT"/var/lib/zuul +mkdir -p "$ROOT"/var/log/zuul ########################################################################## # Copy files needed for Ansible configuration @@ -68,9 +47,8 @@ mkdir -p "$ROOT"/var/mason mkdir -p "$ROOT/usr/share/mason-setup" mkdir -p "$ROOT/usr/lib/mason-setup" -cp mason/share/* "$ROOT/usr/share/mason-setup" +cp -r mason/share/* "$ROOT/usr/share/mason-setup" cp -r mason/ansible "$ROOT/usr/lib/mason-setup/" -cp mason/mason-setup.service "$ROOT"/etc/systemd/system/mason-setup.service ln -s ../mason-setup.service "$ROOT"/etc/systemd/system/multi-user.target.wants/mason-setup.service @@ -84,26 +62,64 @@ if [ -n "$MASON_GENERIC" ]; then fi if [ -z "$MASON_CLUSTER_MORPHOLOGY" -a \ - -z "$MASON_DEFINITIONS_REF" -a \ - -z "$MASON_DISTBUILD_ARCH" -a \ - -z "$MASON_TEST_HOST" ]; then + -z "$MASON_ARCHITECTURE" -a \ + -z "$MASON_TEST_HOSTS" -a \ + -z "$MASON_DISTBUILD_CONTROLLERS" -a \ + -z "$MASON_TEST_INFRASTRUCTURE_TYPE" -a \ + -z "$MASON_UPSTREAM_TROVE" ]; then # No Mason options defined, do nothing. exit 0 fi -if [ -z "$ARTIFACT_CACHE_SERVER" -o \ - -z "$CONTROLLERHOST" -o \ - -z "$MASON_CLUSTER_MORPHOLOGY" -o \ - -z "$MASON_DEFINITIONS_REF" -o \ - -z "$MASON_DISTBUILD_ARCH" -o \ - -z "$MASON_TEST_HOST" -o \ +if [ -z "GERRIT_HTTP_PORT" ]; then + GERRIT_HTTP_PORT="8080" +fi + +if [ -z "GERRIT_GIT_PORT" ]; then + GERRIT_GIT_PORT="29418" +fi + +if [ -z "GEARMAN_PORT" ]; then + GEARMAN_PORT="4730" +fi + +if [ -z "START_GEARMAN" ]; then + START_GEARMAN="yes" +fi + +if [ -z "$TROVE_ID" -o \ -z "$TROVE_HOST" -o \ - -z "$TROVE_ID" ]; then + -z "$ARTIFACT_CACHE_SERVER" -o \ + -z "$GERRIT_USER" -o \ + -z "$GERRIT_HOSTNAME" -o \ + -z "$GERRIT_HTTP_PORT" -o \ + -z "$GERRIT_GIT_PORT" -o \ + -z "$GERRIT_SSH_KEY" -o \ + -z "$GERRIT_SSH_KEY_PATH" -o \ + -z "$GEARMAN_HOST" -o \ + -z "$GEARMAN_PORT" -o \ + -z "$START_GEARMAN" -o \ + -z "$MASON_CLUSTER_MORPHOLOGY" -o \ + -z "$MASON_ARCHITECTURE" -o \ + -z "$MASON_TEST_HOSTS" -o \ + -z "$MASON_DISTBUILD_CONTROLLERS" -o \ + -z "$MASON_TEST_INFRASTRUCTURE_TYPE" -o \ + -z "$MASON_UPSTREAM_TROVE" ]; then echo Some options required for Mason were defined, but not all. exit 1 fi ########################################################################## +# Copy SSH keys into the system +########################################################################## + +ssh_dir=$(dirname "$ROOT$GERRIT_SSH_KEY_PATH") +mkdir -p "$ssh_dir" +cp -a "$GERRIT_SSH_KEY" "$ROOT$GERRIT_SSH_KEY_PATH" +cp -a "$GERRIT_SSH_KEY".pub "$ROOT$GERRIT_SSH_KEY_PATH".pub +cp -a mason/ssh-config "$ssh_dir"/config + +########################################################################## # Generate config variable shell snippet ########################################################################## @@ -114,40 +130,40 @@ python <<'EOF' >"$MASON_DATA/mason.conf" import os, sys, yaml mason_configuration={ - 'ARTIFACT_CACHE_SERVER': os.environ['ARTIFACT_CACHE_SERVER'], - 'MASON_CLUSTER_MORPHOLOGY': os.environ['MASON_CLUSTER_MORPHOLOGY'], - 'MASON_DEFINITIONS_REF': os.environ['MASON_DEFINITIONS_REF'], - 'MASON_DISTBUILD_ARCH': os.environ['MASON_DISTBUILD_ARCH'], - 'MASON_TEST_HOST': os.environ['MASON_TEST_HOST'], - 'OPENSTACK_NETWORK_ID': os.environ['OPENSTACK_NETWORK_ID'], - 'TEST_INFRASTRUCTURE_TYPE': os.environ['TEST_INFRASTRUCTURE_TYPE'], 'TROVE_ID': os.environ['TROVE_ID'], 'TROVE_HOST': os.environ['TROVE_HOST'], - 'CONTROLLERHOST': os.environ['CONTROLLERHOST'], + 'ARTIFACT_CACHE_SERVER': os.environ['ARTIFACT_CACHE_SERVER'], + 'GERRIT_USER': os.environ['GERRIT_USER'], + 'GERRIT_HOSTNAME': os.environ['GERRIT_HOSTNAME'], + 'GERRIT_HTTP_PORT': os.environ['GERRIT_HTTP_PORT'], + 'GERRIT_GIT_PORT': os.environ['GERRIT_GIT_PORT'], + 'GERRIT_SSH_KEY_PATH': os.environ['GERRIT_SSH_KEY_PATH'], + 'GEARMAN_HOST': os.environ['GEARMAN_HOST'], + 'GEARMAN_PORT': os.environ['GEARMAN_PORT'], + 'START_GEARMAN': os.environ['START_GEARMAN'], + 'MASON_CLUSTER_MORPHOLOGY': os.environ['MASON_CLUSTER_MORPHOLOGY'], + 'MASON_ARCHITECTURE': os.environ['MASON_ARCHITECTURE'], + 'MASON_TEST_HOSTS': os.environ['MASON_TEST_HOSTS'], + 'MASON_DISTBUILD_CONTROLLERS': os.environ['MASON_DISTBUILD_CONTROLLERS'], + 'MASON_TEST_INFRASTRUCTURE_TYPE': os.environ['MASON_TEST_INFRASTRUCTURE_TYPE'], + 'MASON_UPSTREAM_TROVE': os.environ['MASON_UPSTREAM_TROVE'], } yaml.dump(mason_configuration, sys.stdout, default_flow_style=False) EOF -if [ "$TEST_INFRASTRUCTURE_TYPE" = "openstack" ]; then +if [ "$MASON_TEST_INFRASTRUCTURE_TYPE" = "openstack" ]; then python <<'EOF' >>"$MASON_DATA/mason.conf" import os, sys, yaml openstack_credentials={ - 'OS_USERNAME': os.environ['OPENSTACK_USER'], - 'OS_TENANT_NAME': os.environ['OPENSTACK_TENANT'], - 'OS_TENANT_ID': os.environ['OPENSTACK_TENANT_ID'], - 'OS_AUTH_URL': os.environ['OPENSTACK_AUTH_URL'], - 'OS_PASSWORD': os.environ['OPENSTACK_PASSWORD'], + 'OPENSTACK_NETWORK_ID': os.environ['MASON_OPENSTACK_NETWORK_ID'], + 'OS_USERNAME': os.environ['MASON_OPENSTACK_USER'], + 'OS_TENANT_NAME': os.environ['MASON_OPENSTACK_TENANT'], + 'OS_AUTH_URL': os.environ['MASON_OPENSTACK_AUTH_URL'], + 'OS_PASSWORD': os.environ['MASON_OPENSTACK_PASSWORD'], } yaml.dump(openstack_credentials, sys.stdout, default_flow_style=False) EOF fi - -########################################################################## -# Enable services -########################################################################## - -ln -s ../mason.timer "$ROOT"/etc/systemd/system/multi-user.target.wants/mason.timer -ln -s ../httpd.service "$ROOT"/etc/systemd/system/multi-user.target.wants/httpd.service diff --git a/mason.configure.help b/mason.configure.help new file mode 100644 index 00000000..d7b9926d --- /dev/null +++ b/mason.configure.help @@ -0,0 +1,127 @@ +help: | + This is a "morph deploy" configuration extension to fully configure + a Mason instance at deployment time. It uses the following variables + from the environment: + + * TROVE_ID + * TROVE_HOST + * ARTIFACT_CACHE_SERVER + + * GERRIT_USER + * GERRIT_HOSTNAME + * GERRIT_HTTP_PORT + * GERRIT_GIT_PORT + * GERRIT_SSH_KEY + * GERRIT_SSH_KEY_PATH + + * GEARMAN_HOST + * GEARMAN_PORT + * START_GEARMAN + + * MASON_CLUSTER_MORPHOLOGY + * MASON_ARCHITECTURE + * MASON_TEST_HOSTS + * MASON_DISTBUILD_CONTROLLERS + * MASON_TEST_INFRASTRUCTURE_TYPE + * MASON_UPSTREAM_TROVE + + * MASON_OPENSTACK_NETWORK_ID + * MASON_OPENSTACK_USER + * MASON_OPENSTACK_PASSWORD + * MASON_OPENSTACK_TENANT_ID + * MASON_OPENSTACK_TENANT_NAME + * MASON_OPENSTACK_AUTH_URL + + The variables are described in more detail below. + + A Mason deployment needs to know the following things: + + * The ID and public name of the upstream Trove it should + use with morph. + * The hostname of the Gerrit instance to be monitored. + * A username to use on the Gerrit instance to be monitored, + and an ssh key with which to authenticate. + + These, amongst some other configuration for Mason, are provided + by the variables described in this help. + + * TROVE_ID: the same as for distbuild, this is the short ID of + your upstream Trove. + * TROVE_HOST: the same as for distbuild, this is the FQDN or + IP address of your upstream Trove. + * ARTIFACT_CACHE_SERVER: this is the FQDN or IP address of the + artifact cache you wish to use - normally the same as + TROVE_HOST. + + * GERRIT_USER: the username of the Gerrit account Zuul should + use to look for and report on changes. + * GERRIT_HOSTNAME: the FQDN or IP address of the Gerrit instance + to be used. + * GERRIT_HTTP_PORT: the port used to access the HTTP frontend of + Gerrit - normally 8080. + * GERRIT_GIT_PORT: the port used to access Gerrit's git interface + (and via SSH) - normally 29418. + * GERRIT_SSH_KEY: the location of the SSH key to be added to the + system for use when accessing Gerrit. If this is not the same + WORKER_SSH_KEY then GERRIT_SSH_KEY_PATH should *not* be + "/root/.ssh/id_rsa" + * GERRIT_SSH_KEY_PATH: the location to put the SSH key for Gerrit + in the system. Normally, "/root/.ssh/id_rsa" is sufficient, + unless WORKER_SSH_KEY and GERRIT_SSH_KEY are not the same. + + * GEARMAN_HOST: the FQDN or IP address of the Gearman server. If + START_GEARMAN is yes, then this should be 127.0.0.1 + * GEARMAN_PORT: the port used for accessing the Gearman server. + This is normally 4730. + * START_GEARMAN: yes or no. If yes, then a Gearman server is run + on the Mason instance by Zuul. + + * MASON_ARCHITECTURE: this is currently used to determine which + artifacts need to be uploaded. Artifacts from systems in + MASON_CLUSTER_MORPHOLOGY with arch: MASON_ARCHITECTURE are + uploaded. + * MASON_CLUSTER_MORPHOLOGY: this is the cluster morphology which + contains the systems to be tested. + * MASON_DISTBUILD_CONTROLLERS: this is a comma separated list of + pairs of the form "architecture:ip" which defines the distbuild + networks available for Mason. It is not used by the tests at + the moment however. + * MASON_TEST_HOSTS: this is a comma separated list of pairs of the + form "architecture:user@url" which defines the places to deploy + test systems to. If MASON_TEST_INFRASTRUCTURE_TYPE is "openstack" + then use your OpenStack auth URL. + * MASON_TEST_INFRASTRUCTURE_TYPE: this can be 'kvm' or 'openstack', + depending on if you are deploying your test instances to a kvm + host or an OpenStack cloud. + * MASON_UPSTREAM_TROVE: this is the Trove to which artifacts are + uploaded on success by Mason. + + The following are only required if MASON_TEST_INFRASTRUCTURE_TYPE is + openstack: + + * MASON_OPENSTACK_AUTH_URL: the auth url of the OpenStack instance + test systems are deployed to. + * MASON_OPENSTACK_NETWORK_ID: the network ID that test systems will + be connected to. + * MASON_OPENSTACK_USER: the username used by Mason to deploy test + systems with Glance. + * MASON_OPENSTACK_TENANT: the tenancy to deploy test systems in. + * MASON_OPENSTACK_PASSWORD: the password of the Mason user on + OpenStack. Note that this will be stored in plaintext on the + Mason instance. Perhaps pass this via the command line? + + It is possible to deploy a generic Mason which you can then boot + and give configuration to at a later date: + + MASON_GENERIC: yes + + To configure a generic Mason, add a YAML file containing all the + required variables in the form at /etc/mason/mason.conf: + + VARIABLE: value + VARIABLE: value + ... ... + + However, you will still need to provide ARTIFACT_CACHE_SERVER, + TROVE_ID and TROVE_HOST as they are also used by distbuild.configure. + diff --git a/mason/README b/mason/README new file mode 100644 index 00000000..22ece93b --- /dev/null +++ b/mason/README @@ -0,0 +1,120 @@ +Mason with Zuul/Gearman/turbo-hipster +===================================== + +Configuration +------------- + +Some of the configuration is done by Ansible. This is documented in +clusters/mason-system-x86_64-openstack-deploy.morph. The config files +which are dealt with in this way are mason/share/zuul.conf and +mason/share/turbo-hipster-config.yaml. You will probably want to +edit the default configuration in mason/share/zuul-layout.yaml. + +### mason/share/zuul-layout.yaml + +Full documentation of the configuration of Zuul can be found [here][0]. + +The projects section in this file contains a list of projects and the +tests to run on them. The "name" field should be the name of the +project on Gerrit. You then define the jobs to be run for each pipeline +on that project. In the example, + +projects: + - name: baserock/baserock/definitions + check: + - build: + - build_test + +there exists some pipeline named check. The above sets up Zuul to run +the job "build" when the check pipeline gets a change. If the build job +is successful, then Zuul will run the build_test job. On completion, +Zuul will report in the way defined in the pipeline. + +Not all tests have dependencies. The following is also valid: + +projects: + - name: baserock/baserock/definitions + check: + - build + - some-other-test + +[0]: http://ci.openstack.org/zuul/zuul.html#layout-yaml + +Debugging +--------- + +Once you've deployed a Mason and got it configured correctly, you may +want or need to look at its logs or restart it. If you change its config, +you'll need to do: + + systemctl restart zuul-server + systemctl restart zuul-merger + +And if you change /etc/turbo-hipster-config.yaml you will also need +to do: + + systemctl restart turbo-hipster + +The logs created by the current plugins are in /var/www/logs/. These +will be useful if a change causes a build to fail and you need to see why. +They are also accessible by going to "http://<mason-ip>/logs/" in a web +browser. + +Zuul saves its logs in /var/log/zuul/debug.log and /var/log/zuul/zuul.log. +The most useful of these for discovering why something has gone wrong is +debug.log. + +Turbo-hipster saves its logs in /var/log/turbo-hipster/debug.log. Its quite +messy but can be useful for determining what part of a plugin went wrong. + +The plugins are in "/usr/share/system-tests/mason/tests/". If you change +them, you will need to run + + systemctl restart turbo-hipster + +in order for turbo-hipster to use the right plugin code. + +Issues +------ + +### "--verified" is not a valid option + +This suggests that either your Gerrit instance has not been configured +to have a "Verified" label, or your Mason user on Gerrit cannot change +the value of said label. + +### project "foo/bar" is not found + +This means that a Gerrit event has occurred on a project not listed in +the projects section of /etc/zuul-layout.yaml. If that event was a +change you wanted testing, you'll need to amend /etc/zuul-layout.yaml. + +### failing to deploy test systems + +Check your OpenStack credentials. Look in /var/log/morph.log to see +where the deployment (if any) failed. If none, check your config. Does +the test plugin in /etc/turbo-hipster-config.yaml have "deployment-hosts" +set correctly (["architecture:user@url"], for OpenStack x86_64 this could +be "x86_64:user@openstack.example.com:5000/v2.0/" - the username is not +used for OpenStack)? Is the deployment host reachable from your machine? +The turbo-hipster logs may be useful for finding the exact error with +the deployment. + +Useful commands +--------------- + +Run these on the machine running Zuul. + +Show the running jobs: + + zuul -c /etc/zuul.conf show running-jobs + +Force Zuul to reassess a change: + + zuul -c /etc/zuul.conf enqueue --trigger gerrit --pipeline check --project baserock/baserock/definitions --change 71,1 + +where 71 is the change number. + +Full docs of the Zuul client are [here][1]. + +[1]: http://ci.openstack.org/zuul/client.html diff --git a/mason/ansible/mason-setup.yml b/mason/ansible/mason-setup.yml index d1528dbb..d47439b5 100644 --- a/mason/ansible/mason-setup.yml +++ b/mason/ansible/mason-setup.yml @@ -4,7 +4,6 @@ - "/etc/mason/mason.conf" tasks: - - fail: msg='TROVE_ID is mandatory' when: TROVE_ID is not defined @@ -14,70 +13,111 @@ - fail: msg='ARTIFACT_CACHE_SERVER is mandatory' when: ARTIFACT_CACHE_SERVER is not defined + - fail: msg='GERRIT_USER is mandatory' + when: GERRIT_USER is not defined + + - fail: msg='GERRIT_HOSTNAME is mandatory' + when: GERRIT_HOSTNAME is not defined + + - fail: msg='GERRIT_HTTP_PORT is mandatory' + when: GERRIT_HTTP_PORT is not defined + + - fail: msg='GERRIT_GIT_PORT is mandatory' + when: GERRIT_GIT_PORT is not defined + + - fail: msg='GERRIT_SSH_KEY_PATH is mandatory' + when: GERRIT_SSH_KEY_PATH is not defined + + - fail: msg='GEARMAN_HOST is mandatory' + when: GEARMAN_HOST is not defined + + - fail: msg='GEARMAN_PORT is mandatory' + when: GEARMAN_PORT is not defined + + - fail: msg='START_GEARMAN is mandatory' + when: START_GEARMAN is not defined + - fail: msg='MASON_CLUSTER_MORPHOLOGY is mandatory' when: MASON_CLUSTER_MORPHOLOGY is not defined - - fail: msg='MASON_DEFINITIONS_REF is mandatory' - when: MASON_DEFINITIONS_REF is not defined + - fail: msg='MASON_ARCHITECTURE is mandatory' + when: MASON_ARCHITECTURE is not defined - - fail: msg='MASON_DISTBUILD_ARCH is mandatory' - when: MASON_DISTBUILD_ARCH is not defined + - fail: msg='MASON_TEST_HOSTS is mandatory' + when: MASON_TEST_HOSTS is not defined - - fail: msg='MASON_TEST_HOST is mandatory' - when: MASON_TEST_HOST is not defined + - fail: msg='MASON_DISTBUILD_CONTROLLERS is mandatory' + when: MASON_DISTBUILD_CONTROLLERS is not defined - - fail: msg='CONTROLLERHOST is mandatory' - when: CONTROLLERHOST is not defined + - fail: msg='MASON_TEST_INFRASTRUCTURE_TYPE is mandatory' + when: MASON_TEST_INFRASTRUCTURE_TYPE is not defined - - fail: msg='TEST_INFRASTRUCTURE_TYPE is mandatory' - when: TEST_INFRASTRUCTURE_TYPE is not defined + - fail: msg='MASON_UPSTREAM_TROVE is mandatory' + when: MASON_UPSTREAM_TROVE is not defined - - fail: msg='OPENSTACK_NETWORK_ID is mandatory when TEST_INFRASTRUCTURE_TYPE=openstack' - when: TEST_INFRASTRUCTURE_TYPE == "openstack" and OPENSTACK_NETWORK_ID is not defined + - fail: msg='OPENSTACK_NETWORK_ID is mandatory when MASON_TEST_INFRASTRUCTURE_TYPE=openstack' + when: MASON_TEST_INFRASTRUCTURE_TYPE == "openstack" and OPENSTACK_NETWORK_ID is not defined - - fail: msg='OS_USERNAME is mandatory when TEST_INFRASTRUCTURE_TYPE=openstack' - when: TEST_INFRASTRUCTURE_TYPE == "openstack" and OS_USERNAME is not defined + - fail: msg='OS_USERNAME is mandatory when MASON_TEST_INFRASTRUCTURE_TYPE=openstack' + when: MASON_TEST_INFRASTRUCTURE_TYPE == "openstack" and OS_USERNAME is not defined - - fail: msg='OS_PASSWORD is mandatory when TEST_INFRASTRUCTURE_TYPE=openstack' - when: TEST_INFRASTRUCTURE_TYPE == "openstack" and OS_PASSWORD is not defined + - fail: msg='OS_PASSWORD is mandatory when MASON_TEST_INFRASTRUCTURE_TYPE=openstack' + when: MASON_TEST_INFRASTRUCTURE_TYPE == "openstack" and OS_PASSWORD is not defined - - fail: msg='OS_TENANT_ID is mandatory when TEST_INFRASTRUCTURE_TYPE=openstack' - when: TEST_INFRASTRUCTURE_TYPE == "openstack" and OS_TENANT_ID is not defined + - fail: msg='OS_TENANT_NAME is mandatory when MASON_TEST_INFRASTRUCTURE_TYPE=openstack' + when: MASON_TEST_INFRASTRUCTURE_TYPE == "openstack" and OS_TENANT_NAME is not defined - - fail: msg='OS_TENANT_NAME is mandatory when TEST_INFRASTRUCTURE_TYPE=openstack' - when: TEST_INFRASTRUCTURE_TYPE == "openstack" and OS_TENANT_NAME is not defined + - fail: msg='OS_AUTH_URL is mandatory when MASON_TEST_INFRASTRUCTURE_TYPE=openstack' + when: MASON_TEST_INFRASTRUCTURE_TYPE == "openstack" and OS_AUTH_URL is not defined - - fail: msg='OS_AUTH_URL is mandatory when TEST_INFRASTRUCTURE_TYPE=openstack' - when: TEST_INFRASTRUCTURE_TYPE == "openstack" and OS_AUTH_URL is not defined + - name: Create Zuul configuration directory + file: path=/etc/zuul state=directory + + - name: Create Zuul configuration files + template: src=/usr/share/mason-setup/zuul/{{ item }} dest=/etc/zuul/{{ item }} + with_items: + - zuul.conf + - layout.yaml + - logging.conf - - name: Create the Mason configuration file + - name: Create other required configuration files template: src=/usr/share/mason-setup/{{ item }} dest=/etc/{{ item }} with_items: - - mason.conf + - lighttpd.conf + - turbo-hipster-config.yaml - name: Create the OpenStack credentials file template: src=/usr/share/mason-setup/{{ item }} dest=/etc/{{ item }} with_items: - os.conf - when: TEST_INFRASTRUCTURE_TYPE == "openstack" - - - name: Enable the mason service - service: name=mason.service enabled=yes - register: mason_service - - name: Restart the mason service - service: name=mason.service state=restarted - when: mason_service|changed - - - name: Enable the mason timer - service: name=mason.timer enabled=yes - register: mason_timer - - name: Restart the mason timer - service: name=mason.timer state=restarted - when: mason_timer|changed - - - name: Enable the httpd service - service: name=httpd.service enabled=yes - register: httpd_service - - name: Restart the httpd service - service: name=httpd state=restarted - when: httpd_service|changed + when: MASON_TEST_INFRASTRUCTURE_TYPE == "openstack" + + - name: Enable the zuul-server service + service: name=zuul-server.service enabled=yes + register: zuul_server_service + - name: Restart the zuul-server service + service: name=zuul-server.service state=restarted + when: zuul_server_service|changed + + - name: Enable the zuul-merger service + service: name=zuul-merger.service enabled=yes + register: zuul_merger_service + - name: Restart the zuul-merger service + service: name=zuul-merger.service state=restarted + when: zuul_merger_service|changed + + - name: Enable the turbo-hipster service + service: name=turbo-hipster.service enabled=yes + register: turbo_hipster_service + - name: Restart the turbo-hipster service + service: name=turbo-hipster.service state=restarted + when: turbo_hipster_service|changed + + - user: name=www comment="Lighttpd user" + + - name: Enable the lighttpd service + service: name=lighttpd.service enabled=yes + register: lighttpd_service + - name: Restart the lighttpd service + service: name=lighttpd.service state=restarted + when: lighttpd_service|changed diff --git a/mason/httpd.service b/mason/lighttpd.service index 7572b732..ffc1b9a0 100644 --- a/mason/httpd.service +++ b/mason/lighttpd.service @@ -4,7 +4,7 @@ After=network.target [Service] User=root -ExecStart=/usr/sbin/httpd -f -p 80 -h /srv/mason +ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd.conf [Install] WantedBy=multi-user.target diff --git a/mason/mason-generator.sh b/mason/mason-generator.sh deleted file mode 100755 index 187db72c..00000000 --- a/mason/mason-generator.sh +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh - -set -e - -if [ "$#" -lt 5 -o "$#" -gt 6 -o "$1" == "-h" -o "$1" == "--help" ]; then - cat <<EOF -Usage: - `basename $0` HOST_PREFIX UPSTREAM_TROVE_HOSTNAME VM_USER VM_HOST VM_PATH [HOST_POSTFIX] - -Where: - HOST_PREFIX -- Name of your Mason instance - e.g. "my-mason" to produce hostnames: - my-mason-trove and my-mason-controller - UPSTREAM_TROVE_HOSTNAME -- Upstream trove's hostname - VM_USER -- User on VM host for VM deployment - VM_HOST -- VM host for VM deployment - VM_PATH -- Path to store VM images in on VM host - HOST_POSTFIX -- e.g. ".example.com" to get - my-mason-trove.example.com - -This script makes deploying a Mason system simpler by automating -the generation of keys for the systems to use, building of the -systems, filling out the mason deployment cluster morphology -template with useful values, and finally deploying the systems. - -To ensure that the deployed system can deploy test systems, you -must supply an ssh key to the VM host. Do so with the following -command: - ssh-copy-id -i ssh_keys-HOST_PREFIX/worker.key.pub VM_USER@VM_HOST - -To ensure that the mason can upload artifacts to the upstream trove, -you must supply an ssh key to the upstream trove. Do so with the -following command: - ssh-copy-id -i ssh_keys-HOST_PREFIX/id_rsa.key.pub root@UPSTREAM_TROVE_HOSTNAME - -EOF - exit 0 -fi - - -HOST_PREFIX="$1" -UPSTREAM_TROVE="$2" -VM_USER="$3" -VM_HOST="$4" -VM_PATH="$5" -HOST_POSTFIX="$6" - -sedescape() { - # Escape all non-alphanumeric characters - printf "%s\n" "$1" | sed -e 's/\W/\\&/g' -} - - -############################################################################## -# Key generation -############################################################################## - -mkdir -p "ssh_keys-${HOST_PREFIX}" -cd "ssh_keys-${HOST_PREFIX}" -test -e mason.key || ssh-keygen -t rsa -b 2048 -f mason.key -C mason@TROVE_HOST -N '' -test -e lorry.key || ssh-keygen -t rsa -b 2048 -f lorry.key -C lorry@TROVE_HOST -N '' -test -e worker.key || ssh-keygen -t rsa -b 2048 -f worker.key -C worker@TROVE_HOST -N '' -test -e id_rsa || ssh-keygen -t rsa -b 2048 -f id_rsa -C trove-admin@TROVE_HOST -N '' -cd ../ - - -############################################################################## -# Mason setup -############################################################################## - -cp clusters/mason.morph mason-${HOST_PREFIX}.morph - -sed -i "s/red-box-v1/$(sedescape "$HOST_PREFIX")/g" "mason-$HOST_PREFIX.morph" -sed -i "s/ssh_keys/ssh_keys-$(sedescape "$HOST_PREFIX")/g" "mason-$HOST_PREFIX.morph" -sed -i "s/upstream-trove/$(sedescape "$UPSTREAM_TROVE")/" "mason-$HOST_PREFIX.morph" -sed -i "s/vm-user/$(sedescape "$VM_USER")/g" "mason-$HOST_PREFIX.morph" -sed -i "s/vm-host/$(sedescape "$VM_HOST")/g" "mason-$HOST_PREFIX.morph" -sed -i "s/vm-path/$(sedescape "$VM_PATH")/g" "mason-$HOST_PREFIX.morph" -sed -i "s/\.example\.com/$(sedescape "$HOST_POSTFIX")/g" "mason-$HOST_PREFIX.morph" - - -############################################################################## -# System building -############################################################################## - -morph build systems/trove-system-x86_64.morph -morph build systems/build-system-x86_64.morph - - -############################################################################## -# System deployment -############################################################################## - -morph deploy mason-${HOST_PREFIX}.morph - - -############################################################################## -# Cleanup -############################################################################## - -rm mason-${HOST_PREFIX}.morph diff --git a/mason/mason-report.sh b/mason/mason-report.sh deleted file mode 100755 index 9c20b65b..00000000 --- a/mason/mason-report.sh +++ /dev/null @@ -1,252 +0,0 @@ -#!/bin/bash - -set -x - -. /etc/mason.conf - -REPORT_PATH=/var/mason/report.html -SERVER_PATH=/srv/mason - -sed_escape() { - printf "%s\n" "$1" | sed -e 's/\W/\\&/g' -} - -create_report() { -cat > $REPORT_PATH <<'EOF' -<html> -<head> -<meta charset="UTF-8"> -<meta http-equiv="refresh" content="60"> -<style> -html, body { - margin: 0; - padding: 0; -} -p.branding { - background: black; - color: #fff; - padding: 0.4em; - margin: 0; - font-weight: bold; -} -h1 { - background: #225588; - color: white; - margin: 0; - padding: 0.6em; -} -table { - width: 90%; - margin: 1em auto 6em auto; - border: 1px solid black; - border-spacing: 0; -} -table tr.headings { - background: #555; - color: white; -} -table tr.pass { - background: #aaffaa; -} -table tr.pass:hover { - background: #bbffbb; -} -table tr.fail { - background: #ffaaaa; -} -table tr.fail:hover { - background: #ffbbbb; -} -table tr.nonet { - background: #ffdd99; -} -table tr.nonet:hover { - background: #ffeeaa; -} -table tr.headings th { - font-weight: bold; - text-align: left; - padding: 3px 2px; -} -table td { - padding: 2px; -} -td.result { - font-weight: bold; - text-transform: uppercase; -} -td.result a { - text-decoration: none; -} -td.result a:before { - content: "➫ "; -} -tr.pass td.result a { - color: #252; -} -tr.pass td.result a:hover { - color: #373; -} -tr.fail td.result a { - color: #622; -} -tr.fail td.result a:hover { - color: #933; -} -tr.nonet td.result a { - color: #641; -} -tr.nonet td.result a:hover { - color: #962; -} -td.ref { - font-family: monospace; -} -td.ref a { - color: #333; -} -td.ref a:hover { - color: #555; -} -table tr.pass td, table tr.fail td { - border-top: solid white 1px; -} -p { - margin: 1.3em; -} -code { - padding: 0.3em 0.5em; - background: #eee; - border: 1px solid #bbb; - border-radius: 1em; -} -#footer { - margin: 0; - background: #aaa; - color: #222; - border-top: #888 1px solid; - font-size: 80%; - padding: 0; - position: fixed; - bottom: 0; - width: 100%; - display: table; -} -#footer p { - padding: 1.3em; - display: table-cell; -} -#footer p code { - font-size: 110%; -} -#footer p.about { - text-align: right; -} -</style> -</head> -<body> -<p class="branding">Mason</p> -<h1>Baserock: Continuous Delivery</h1> -<p>Build log of changes to <code>BRANCH</code> from <code>TROVE</code>. Most recent first.</p> -<table> -<tr class="headings"> - <th>Started</th> - <th>Ref</th> - <th>Duration</th> - <th>Result</th> -</tr> -<!--INSERTION POINT--> -</table> -<div id="footer"> -<p>Last checked for updates at: <code>....-..-.. ..:..:..</code></p> -<p class="about">Generated by Mason | Powered by Baserock</p> -</div> -</body> -</html> -EOF - - sed -i 's/BRANCH/'"$(sed_escape "$1")"'/' $REPORT_PATH - sed -i 's/TROVE/'"$(sed_escape "$2")"'/' $REPORT_PATH -} - -update_report() { - # Give function params sensible names - build_start_time="$1" - build_trove_host="$2" - build_ref="$3" - build_sha1="$4" - build_duration="$5" - build_result="$6" - - # Generate template if report file is not there - if [ ! -f $REPORT_PATH ]; then - create_report $build_ref $build_trove_host - fi - - # Build table row for insertion into report file - if [ "$build_result" = nonet ]; then - msg='<tr class="'"${build_result}"'"><td>'"${build_start_time}"'</td><td class="ref">Failed to contact '"${build_trove_host}"'</a></td><td>'"${build_duration}s"'</td><td class="result"><a href="log/'"${build_sha1}"'--'"${build_start_time}"'.log">'"${build_result}"'</a></td></tr>' - else - msg='<tr class="'"${build_result}"'"><td>'"${build_start_time}"'</td><td class="ref"><a href="http://'"${build_trove_host}"'/cgi-bin/cgit.cgi/baserock/baserock/definitions.git/commit/?h='"${build_ref}"'&id='"${build_sha1}"'">'"${build_sha1}"'</a></td><td>'"${build_duration}s"'</td><td class="result"><a href="log/'"${build_sha1}"'--'"${build_start_time}"'.log">'"${build_result}"'</a></td></tr>' - fi - - # Insert report line, newest at top - sed -i 's/<!--INSERTION POINT-->/<!--INSERTION POINT-->\n'"$(sed_escape "$msg")"'/' $REPORT_PATH -} - -update_report_time() { - # Give function params sensible names - build_start_time="$1" - - # If the report file exists, update the last-checked-for-updates time - if [ -f $REPORT_PATH ]; then - sed -i 's/<code>....-..-.. ..:..:..<\/code>/<code>'"$(sed_escape "$build_start_time")"'<\/code>/' $REPORT_PATH - fi -} - -START_TIME=`date +%Y-%m-%d\ %T` - -update_report_time "$START_TIME" -cp "$REPORT_PATH" "$SERVER_PATH/index.html" - -logfile="$(mktemp)" -/usr/lib/mason/mason.sh 2>&1 | tee "$logfile" -case "${PIPESTATUS[0]}" in -0) - RESULT=pass - ;; -33) - RESULT=skip - ;; -42) - RESULT=nonet - ;; -*) - RESULT=fail - ;; -esac - -# TODO: Update page with last executed time -if [ "$RESULT" = skip ]; then - rm "$logfile" - exit 0 -fi - -DURATION=$(( $(date +%s) - $(date --date="$START_TIME" +%s) )) -SHA1="$(cd "ws/$DEFINITIONS_REF/$UPSTREAM_TROVE_ADDRESS/baserock/baserock/definitions" && git rev-parse HEAD)" - -update_report "$START_TIME" \ - "$UPSTREAM_TROVE_ADDRESS" \ - "$DEFINITIONS_REF" \ - "$SHA1" \ - "$DURATION" \ - "$RESULT" - - -# -# Copy report into server directory -# - -cp "$REPORT_PATH" "$SERVER_PATH/index.html" -mkdir "$SERVER_PATH/log" -mv "$logfile" "$SERVER_PATH/log/$SHA1--$START_TIME.log" diff --git a/mason/mason.sh b/mason/mason.sh deleted file mode 100755 index dba99dfa..00000000 --- a/mason/mason.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/sh - -# Load OpenStack credentials -if [ -f "/etc/os.conf" ]; then - . /etc/os.conf -fi - -set -e -set -x - -# Load our deployment config -. /etc/mason.conf - -if [ ! -e ws ]; then - morph init ws -fi -cd ws - -definitions_repo="$DEFINITIONS_REF"/"$UPSTREAM_TROVE_ADDRESS"/baserock/baserock/definitions -if [ ! -e "$definitions_repo" ]; then - morph checkout git://"$UPSTREAM_TROVE_ADDRESS"/baserock/baserock/definitions "$DEFINITIONS_REF" - cd "$definitions_repo" - git config user.name "$TROVE_ID"-mason - git config user.email "$TROVE_ID"-mason@$(hostname) -else - cd "$definitions_repo" - SHA1_PREV="$(git rev-parse HEAD)" -fi - -if ! git remote update origin; then - echo ERROR: Unable to contact trove - exit 42 -fi -git clean -fxd -git reset --hard origin/"$DEFINITIONS_REF" - -SHA1="$(git rev-parse HEAD)" - -if [ -f "$HOME/success" ] && [ "$SHA1" = "$SHA1_PREV" ]; then - echo INFO: No changes to "$DEFINITIONS_REF", nothing to do - exit 33 -fi - -rm -f "$HOME/success" - -echo INFO: Mason building: $DEFINITIONS_REF at $SHA1 - -if ! "scripts/release-build" --no-default-configs \ - --trove-host "$UPSTREAM_TROVE_ADDRESS" \ - --artifact-cache-server "http://$ARTIFACT_CACHE_SERVER:8080/" \ - --controllers "$DISTBUILD_ARCH:$DISTBUILD_CONTROLLER_ADDRESS" \ - "$BUILD_CLUSTER_MORPHOLOGY"; then - echo ERROR: Failed to build release images - echo Build logs for chunks: - find builds -type f -exec echo {} \; -exec cat {} \; - exit 1 -fi - -releases_made="$(cd release && ls | wc -l)" -if [ "$releases_made" = 0 ]; then - echo ERROR: No release images created - exit 1 -else - echo INFO: Created "$releases_made" release images -fi - -if [ "$TEST_INFRASTRUCTURE_TYPE" = "openstack" ]; then - "scripts/release-test-os" \ - --deployment-host "$DISTBUILD_ARCH":"$MASON_TEST_HOST" \ - --trove-host "$UPSTREAM_TROVE_ADDRESS" \ - --trove-id "$TROVE_ID" \ - --net-id "$OPENSTACK_NETWORK_ID" \ - "$BUILD_CLUSTER_MORPHOLOGY" -elif [ "$TEST_INFRASTRUCTURE_TYPE" = "kvmhost" ]; then - "scripts/release-test" \ - --deployment-host "$DISTBUILD_ARCH":"$MASON_TEST_HOST" \ - --trove-host "$UPSTREAM_TROVE_ADDRESS" \ - --trove-id "$TROVE_ID" \ - "$BUILD_CLUSTER_MORPHOLOGY" -fi - -"scripts/release-upload" --build-trove-host "$ARTIFACT_CACHE_SERVER" \ - --arch "$DISTBUILD_ARCH" \ - --log-level=debug --log="$HOME"/release-upload.log \ - --public-trove-host "$UPSTREAM_TROVE_ADDRESS" \ - --public-trove-username root \ - --public-trove-artifact-dir /home/cache/artifacts \ - --no-upload-release-artifacts \ - "$BUILD_CLUSTER_MORPHOLOGY" - -echo INFO: Artifact upload complete for $DEFINITIONS_REF at $SHA1 - -touch "$HOME/success" diff --git a/mason/mason.timer b/mason/mason.timer deleted file mode 100644 index 107dff97..00000000 --- a/mason/mason.timer +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Runs Mason continually with 1 min between calls - -[Timer] -#Time between Mason finishing and calling it again -OnUnitActiveSec=1min -Unit=mason.service - -[Install] -WantedBy=multi-user.target diff --git a/mason/share/lighttpd.conf b/mason/share/lighttpd.conf new file mode 100644 index 00000000..2e9f6350 --- /dev/null +++ b/mason/share/lighttpd.conf @@ -0,0 +1,21 @@ +server.document-root = "/var/www/" + +server.port = 80 + +server.username = "www" +server.groupname = "www" + +mimetype.assign = ( + ".html" => "text/html", + ".txt" => "text/plain", + ".log" => "text/plain", + ".jpg" => "image/jpeg", + ".png" => "image/png" +) + +static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" ) +index-file.names = ( "index.html" ) + +$HTTP["url"] =~ "^/logs/" { + dir-listing.activate = "enable" +} diff --git a/mason/share/mason.conf b/mason/share/mason.conf deleted file mode 100644 index 1295ce84..00000000 --- a/mason/share/mason.conf +++ /dev/null @@ -1,14 +0,0 @@ -# This file is generarated by the mason-setup systemd unit. -# If you want to change the configuration, change the configuration -# in /etc/mason/mason.conf and restart the service. - -ARTIFACT_CACHE_SERVER={{ ARTIFACT_CACHE_SERVER|quote }} -UPSTREAM_TROVE_ADDRESS={{ TROVE_HOST|quote }} -DEFINITIONS_REF={{ MASON_DEFINITIONS_REF|quote }} -DISTBUILD_ARCH={{ MASON_DISTBUILD_ARCH|quote }} -DISTBUILD_CONTROLLER_ADDRESS={{ CONTROLLERHOST|quote }} -TROVE_ID={{ TROVE_ID|quote }} -BUILD_CLUSTER_MORPHOLOGY={{ MASON_CLUSTER_MORPHOLOGY|quote }} -MASON_TEST_HOST={{ MASON_TEST_HOST|quote }} -TEST_INFRASTRUCTURE_TYPE={{ TEST_INFRASTRUCTURE_TYPE|quote }} -{% if OPENSTACK_NETWORK_ID is defined %}OPENSTACK_NETWORK_ID={{ OPENSTACK_NETWORK_ID|quote }}{% endif %} diff --git a/mason/share/os.conf b/mason/share/os.conf index 21ef398c..1acfff79 100644 --- a/mason/share/os.conf +++ b/mason/share/os.conf @@ -18,7 +18,6 @@ export OS_AUTH_URL={{ OS_AUTH_URL|quote }} # With the addition of Keystone we have standardized on the term **tenant** # as the entity that owns the resources. -export OS_TENANT_ID={{ OS_TENANT_ID|quote }} export OS_TENANT_NAME={{ OS_TENANT_NAME|quote }} # In addition to the owning entity (tenant), openstack stores the entity diff --git a/mason/share/turbo-hipster-config.yaml b/mason/share/turbo-hipster-config.yaml new file mode 100644 index 00000000..8ae8133d --- /dev/null +++ b/mason/share/turbo-hipster-config.yaml @@ -0,0 +1,47 @@ +zuul_server: + gerrit_site: "http://{{ GERRIT_HOSTNAME }}:{{ GERRIT_HTTP_PORT }}" + git_origin: "git://{{ GERRIT_HOSTNAME }}:{{ GERRIT_GIT_PORT }}" + gearman_host: "{{ GEARMAN_HOST }}" + gearman_port: "{{ GEARMAN_PORT }}" + +debug_log: /var/log/turbo-hipster/debug.log +jobs_working_dir: /var/lib/turbo-hipster/jobs +git_working_dir: /var/lib/turbo-hipster/git +pip_download_cache: /var/cache/pip + +plugins: + - name: build + function: build:build + import-path: mason.tests.build + location: /usr/share/system-tests/ + config: + trove-host: "{{ TROVE_HOST }}" + artifact-cache-server: "{{ ARTIFACT_CACHE_SERVER }}" + controllers: [ "{{ MASON_DISTBUILD_CONTROLLERS }}" ] + cluster-morphology: "{{ MASON_CLUSTER_MORPHOLOGY }}" + - name: build-test + function: build:build_test + import-path: mason.tests.build_test + location: /usr/share/system-tests/ + config: + trove-host: "{{ TROVE_HOST }}" + cluster-morphology: "{{ MASON_CLUSTER_MORPHOLOGY }}" + test-infrastructure-type: "{{ MASON_TEST_INFRASTRUCTURE_TYPE }}" + deployment-host: [ "{{ MASON_TEST_HOSTS }}" ] + trove-id: "{{ TROVE_ID }}" + openstack-network-id: "{{ OPENSTACK_NETWORK_ID }}" + - name: artifact-upload + function: build:artifact_upload + import-path: mason.tests.artifact_upload + location: /usr/share/system-tests/ + config: + artifact-cache-server: "{{ ARTIFACT_CACHE_SERVER }}" + cluster-morphology: "{{ MASON_CLUSTER_MORPHOLOGY }}" + architecture: "{{ MASON_ARCHITECTURE }}" + upstream-trove: "{{ MASON_UPSTREAM_TROVE }}" + upload-release-artifacts: False + +publish_logs: + type: local + path: /var/log/ + prepend_url: http://localhost/logs diff --git a/mason/share/zuul/layout.yaml b/mason/share/zuul/layout.yaml new file mode 100644 index 00000000..31f999a5 --- /dev/null +++ b/mason/share/zuul/layout.yaml @@ -0,0 +1,31 @@ +pipelines: + - name: check-change + manager: IndependentPipelineManager + trigger: + gerrit: + - event: patchset-created + success: + gerrit: + verified: 1 + failure: + gerrit: + verified: -1 + - name: post-commit + manager: IndependentPipelineManager + trigger: + gerrit: + - event: ref-updated + ref: ^(!?refs/).*$ + +jobs: + - name: ^.*-merge$ + failure-message: Unable to merge change, please rebase and try again. + +projects: + - name: baserock/baserock/definitions + check-change: + - build: + - build_test + post-commit: + - build: + - build_test diff --git a/mason/share/zuul/logging.conf b/mason/share/zuul/logging.conf new file mode 100644 index 00000000..8b76da26 --- /dev/null +++ b/mason/share/zuul/logging.conf @@ -0,0 +1,44 @@ +[loggers] +keys=root,zuul,gerrit + +[handlers] +keys=console,debug,normal + +[formatters] +keys=simple + +[logger_root] +level=WARNING +handlers=console + +[logger_zuul] +level=DEBUG +handlers=debug,normal +qualname=zuul + +[logger_gerrit] +level=DEBUG +handlers=debug,normal +qualname=gerrit + +[handler_console] +level=WARNING +class=StreamHandler +formatter=simple +args=(sys.stdout,) + +[handler_debug] +level=DEBUG +class=logging.handlers.TimedRotatingFileHandler +formatter=simple +args=('/var/log/zuul/debug.log', 'midnight', 1, 30,) + +[handler_normal] +level=INFO +class=logging.handlers.TimedRotatingFileHandler +formatter=simple +args=('/var/log/zuul/zuul.log', 'midnight', 1, 30,) + +[formatter_simple] +format=%(asctime)s %(levelname)s %(name)s: %(message)s +datefmt= diff --git a/mason/share/zuul/zuul.conf b/mason/share/zuul/zuul.conf new file mode 100644 index 00000000..5d837430 --- /dev/null +++ b/mason/share/zuul/zuul.conf @@ -0,0 +1,27 @@ +[gearman] +server={{ GEARMAN_HOST }} +port={{ GEARMAN_PORT }} + +[gearman_server] +start={{ START_GEARMAN }} + +[gerrit] +server={{ GERRIT_HOSTNAME }} +port={{ GERRIT_GIT_PORT }} +baseurl=http://{{ GERRIT_HOSTNAME }}:{{ GERRIT_HTTP_PORT }} +user={{ GERRIT_USER }} +sshkey={{ GERRIT_SSH_KEY_PATH }} + +[zuul] +layout_config=/etc/zuul/layout.yaml +log_config=/etc/zuul/logging.conf +pidfile=/var/run/zuul/zuul.pid +state_dir=/var/lib/zuul +git_dir=/var/lib/zuul/git +status_url=http://127.0.0.1/logs + +[merger] +git_dir=/var/lib/zuul/git +git_user_email={{ GERRIT_USER }}@mason +git_user_name={{ GERRIT_USER }} +zuul_url=ssh://{{ GERRIT_USER }}@{{ GERRIT_HOSTNAME }}:{{ GERRIT_GIT_PORT }} diff --git a/mason/ssh-config b/mason/ssh-config new file mode 100644 index 00000000..f30d239b --- /dev/null +++ b/mason/ssh-config @@ -0,0 +1,2 @@ +Host * + StrictHostKeyChecking no diff --git a/mason/turbo-hipster.service b/mason/turbo-hipster.service new file mode 100644 index 00000000..20cde2ad --- /dev/null +++ b/mason/turbo-hipster.service @@ -0,0 +1,10 @@ +[Unit] +Description=turbo-hipster: Test runner for Zuul +After=zuul-server.service + +[Service] +User=root +ExecStart=/bin/sh -c ". /etc/os.conf && /usr/bin/turbo-hipster -c /etc/turbo-hipster-config.yaml" + +[Install] +WantedBy=multi-user.target diff --git a/mason/zuul-merger.service b/mason/zuul-merger.service new file mode 100644 index 00000000..c975a0de --- /dev/null +++ b/mason/zuul-merger.service @@ -0,0 +1,10 @@ +[Unit] +Description=Zuul Merger: Handles automated merging of changes +After=zuul-server.service + +[Service] +User=root +ExecStart=/usr/bin/zuul-merger -d + +[Install] +WantedBy=multi-user.target diff --git a/mason/mason.service b/mason/zuul-server.service index a864d610..a71e28d6 100644 --- a/mason/mason.service +++ b/mason/zuul-server.service @@ -1,10 +1,10 @@ [Unit] -Description=Mason: Continuous Delivery Service +Description=Zuul: CI orchestration and Gatekeeper After=mason-setup.service [Service] User=root -ExecStart=/usr/lib/mason/mason-report.sh +ExecStart=/usr/bin/zuul-server -d [Install] WantedBy=multi-user.target diff --git a/openstack-ceilometer.configure b/openstack-ceilometer.configure new file mode 100644 index 00000000..9c0b7b6d --- /dev/null +++ b/openstack-ceilometer.configure @@ -0,0 +1,120 @@ +#!/bin/sh + +# Copyright (C) 2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +ROOT="$1" + +enable(){ + ln -sf "/usr/lib/systemd/system/$1.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/$1.service" +} + +unnaceptable(){ + eval echo Unexpected value \$$1 for $1 >&2 + exit 1 +} + +check_bool(){ + case "$(eval echo \"\$$1\")" in + True|'') + eval "$1=true" + ;; + False) + eval "$1=false" + ;; + *) + unnaceptable "$1" + ;; + esac +} + +########################################################################## +# Check variables +########################################################################## + +check_bool CEILOMETER_ENABLE_CONTROLLER +check_bool CEILOMETER_ENABLE_COMPUTE + +if ! "$CEILOMETER_ENABLE_CONTROLLER" && \ + ! "$CEILOMETER_ENABLE_COMPUTE"; then + exit 0 +fi + +if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \ + -z "$CEILOMETER_SERVICE_USER" -o \ + -z "$CEILOMETER_SERVICE_PASSWORD" -o \ + -z "$CEILOMETER_DB_USER" -o \ + -z "$CEILOMETER_DB_PASSWORD" -o \ + -z "$METERING_SECRET" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$CONTROLLER_HOST_ADDRESS" ]; then + echo Some options required for Ceilometer were defined, but not all. + exit 1 +fi + +###################################### +# Enable relevant openstack services # +###################################### + +if "$CEILOMETER_ENABLE_COMPUTE" || "$CEILOMETER_ENABLE_CONTROLLER"; then + enable openstack-ceilometer-config-setup +fi +if "$CEILOMETER_ENABLE_COMPUTE"; then + enable openstack-ceilometer-compute +fi +if "$CEILOMETER_ENABLE_CONTROLLER"; then + enable openstack-ceilometer-db-setup + enable openstack-ceilometer-api + enable openstack-ceilometer-collector + enable openstack-ceilometer-notification + enable openstack-ceilometer-central + enable openstack-ceilometer-alarm-evaluator + enable openstack-ceilometer-alarm-notifier +fi + +########################################################################## +# Generate configuration file +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/ceilometer.conf" +import os, sys, yaml + +ceilometer_configuration={ + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], + 'CEILOMETER_SERVICE_PASSWORD': os.environ['CEILOMETER_SERVICE_PASSWORD'], + 'CEILOMETER_SERVICE_USER': os.environ['CEILOMETER_SERVICE_USER'], + 'CEILOMETER_DB_USER': os.environ['CEILOMETER_DB_USER'], + 'CEILOMETER_DB_PASSWORD': os.environ['CEILOMETER_DB_PASSWORD'], + 'METERING_SECRET': os.environ['METERING_SECRET'], + 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'], + 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'], + 'RABBITMQ_USER': os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], +} + +yaml.dump(ceilometer_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack-cinder.configure b/openstack-cinder.configure new file mode 100644 index 00000000..4c32e11a --- /dev/null +++ b/openstack-cinder.configure @@ -0,0 +1,125 @@ +#!/bin/sh + +# Copyright (C) 2014-2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +ROOT="$1" + +enable(){ + ln -sf "/usr/lib/systemd/system/$1.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/$1.service" +} + +unnaceptable(){ + eval echo Unexpected value \$$1 for $1 >&2 + exit 1 +} + +check_bool(){ + case "$(eval echo \"\$$1\")" in + True|'') + eval "$1=true" + ;; + False) + eval "$1=false" + ;; + *) + unnaceptable "$1" + ;; + esac +} + +########################################################################## +# Check variables +########################################################################## + +check_bool CINDER_ENABLE_CONTROLLER +check_bool CINDER_ENABLE_COMPUTE +check_bool CINDER_ENABLE_STORAGE + +if ! "$CINDER_ENABLE_CONTROLLER" && \ + ! "$CINDER_ENABLE_COMPUTE" && \ + ! "$CINDER_ENABLE_STORAGE"; then + exit 0 +fi + +if [ -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \ + -z "$CINDER_DB_USER" -o \ + -z "$CINDER_DB_PASSWORD" -o \ + -z "$CONTROLLER_HOST_ADDRESS" -o \ + -z "$CINDER_SERVICE_USER" -o \ + -z "$CINDER_SERVICE_PASSWORD" -o \ + -z "$CINDER_DEVICE" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" ]; then + echo Some options required for Cinder were defined, but not all. + exit 1 +fi + +###################################### +# Enable relevant openstack services # +###################################### + +if "$CINDER_ENABLE_COMPUTE" || "$CINDER_ENABLE_STORAGE"; then + enable iscsi-setup + enable target #target.service! + enable iscsid +fi +if "$CINDER_ENABLE_COMPUTE" || "$CINDER_ENABLE_CONTROLLER" || "$CINDER_ENABLE_STORAGE"; then + enable openstack-cinder-config-setup +fi +if "$CINDER_ENABLE_STORAGE"; then + enable openstack-cinder-lv-setup + enable lvm2-lvmetad + enable openstack-cinder-volume + enable openstack-cinder-backup + enable openstack-cinder-scheduler +fi +if "$CINDER_ENABLE_CONTROLLER"; then + enable openstack-cinder-db-setup + enable openstack-cinder-api +fi + +########################################################################## +# Generate configuration file +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/cinder.conf" +import os, sys, yaml + +cinder_configuration={ + 'RABBITMQ_HOST':os.environ['RABBITMQ_HOST'], + 'RABBITMQ_PORT':os.environ['RABBITMQ_PORT'], + 'RABBITMQ_USER':os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD':os.environ['RABBITMQ_PASSWORD'], + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN':os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], + 'CINDER_DB_USER':os.environ['CINDER_DB_USER'], + 'CINDER_DB_PASSWORD':os.environ['CINDER_DB_PASSWORD'], + 'CONTROLLER_HOST_ADDRESS':os.environ['CONTROLLER_HOST_ADDRESS'], + 'CINDER_SERVICE_USER':os.environ['CINDER_SERVICE_USER'], + 'CINDER_SERVICE_PASSWORD':os.environ['CINDER_SERVICE_PASSWORD'], + 'CINDER_DEVICE':os.environ['CINDER_DEVICE'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS':os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], +} + +yaml.dump(cinder_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack-glance.configure b/openstack-glance.configure new file mode 100644 index 00000000..5da08895 --- /dev/null +++ b/openstack-glance.configure @@ -0,0 +1,101 @@ +#!/bin/sh + +# Copyright (C) 2014-2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +ROOT="$1" + +enable(){ + ln -sf "/usr/lib/systemd/system/$1.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/$1.service" +} + +unnaceptable(){ + eval echo Unexpected value \$$1 for $1 >&2 + exit 1 +} + +check_bool(){ + case "$(eval echo \"\$$1\")" in + True|'') + eval "$1=true" + ;; + False) + eval "$1=false" + ;; + *) + unnaceptable "$1" + ;; + esac +} + +########################################################################## +# Check variables +########################################################################## + +check_bool GLANCE_ENABLE_SERVICE + +if ! "$GLANCE_ENABLE_SERVICE"; then + exit 0 +fi + +if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \ + -z "$GLANCE_SERVICE_USER" -o \ + -z "$GLANCE_SERVICE_PASSWORD" -o \ + -z "$GLANCE_DB_USER" -o \ + -z "$GLANCE_DB_PASSWORD" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$CONTROLLER_HOST_ADDRESS" ]; then + echo Some options required for Glance were defined, but not all. + exit 1 +fi + +###################################### +# Enable relevant openstack services # +###################################### + +enable openstack-glance-setup + +########################################################################## +# Generate configuration file +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/glance.conf" +import os, sys, yaml + +glance_configuration={ + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], + 'GLANCE_SERVICE_PASSWORD': os.environ['GLANCE_SERVICE_PASSWORD'], + 'GLANCE_SERVICE_USER': os.environ['GLANCE_SERVICE_USER'], + 'GLANCE_DB_USER': os.environ['GLANCE_DB_USER'], + 'GLANCE_DB_PASSWORD': os.environ['GLANCE_DB_PASSWORD'], + 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'], + 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'], + 'RABBITMQ_USER': os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], +} + +yaml.dump(glance_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack-ironic.configure b/openstack-ironic.configure new file mode 100644 index 00000000..962bbcd1 --- /dev/null +++ b/openstack-ironic.configure @@ -0,0 +1,155 @@ +#!/bin/sh + +# Copyright (C) 2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +set -e + +ROOT="$1" + +enable(){ + ln -sf "/usr/lib/systemd/system/$1.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/$1.service" +} + +unnaceptable(){ + eval echo Unexpected value \$$1 for $1 >&2 + exit 1 +} + +check_bool(){ + case "$(eval echo \"\$$1\")" in + True|'') + eval "$1=true" + ;; + False) + eval "$1=false" + ;; + *) + unnaceptable "$1" + ;; + esac +} + +########################################################################## +# Check variables +########################################################################## + +check_bool IRONIC_ENABLE_SERVICE + +if ! "$IRONIC_ENABLE_SERVICE"; then + exit 0 +fi + +if [ -z "$IRONIC_SERVICE_USER" -o \ + -z "$IRONIC_SERVICE_PASSWORD" -o \ + -z "$IRONIC_DB_USER" -o \ + -z "$IRONIC_DB_PASSWORD" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$CONTROLLER_HOST_ADDRESS" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then + echo Some options required for Ironic were defined, but not all. + exit 1 +fi + +###################################### +# Enable relevant openstack services # +###################################### + +enable openstack-ironic-setup +enable iscsi-setup +enable target #target.service! +enable iscsid + +########################################################################## +# Generate configuration file +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/ironic.conf" +import os, sys, yaml + +ironic_configuration={ + 'IRONIC_SERVICE_USER': os.environ['IRONIC_SERVICE_USER'], + 'IRONIC_SERVICE_PASSWORD': os.environ['IRONIC_SERVICE_PASSWORD'], + 'IRONIC_DB_USER': os.environ['IRONIC_DB_USER'], + 'IRONIC_DB_PASSWORD': os.environ['IRONIC_DB_PASSWORD'], + 'RABBITMQ_HOST':os.environ['RABBITMQ_HOST'], + 'RABBITMQ_PORT':os.environ['RABBITMQ_PORT'], + 'RABBITMQ_USER':os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD':os.environ['RABBITMQ_PASSWORD'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], + +} + +yaml.dump(ironic_configuration, sys.stdout, default_flow_style=False) +EOF + +########################################################################## +# Configure the TFTP service # +########################################################################## + +tftp_root="/srv/tftp_root/" # trailing slash is essential +mkdir -p "$ROOT/$tftp_root" + +install -D /dev/stdin -m 644 "$ROOT/usr/lib/systemd/system/tftp-hpa.service" << 'EOF' +[Unit] +Description=tftp service for booting kernels +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +EnvironmentFile=/etc/tftp-hpa.conf +ExecStart=/usr/sbin/in.tftpd $TFTP_OPTIONS ${TFTP_ROOT} +StandardInput=socket +StandardOutput=inherit +StandardError=journal + +[Install] +WantedBy=multi-user.target +EOF + +install -D /dev/stdin -m 644 "$ROOT/usr/lib/systemd/system/tftp-hpa.socket" << EOF +[Unit] +Description=Tftp server activation socket + +[Socket] +ListenDatagram=$MANAGEMENT_INTERFACE_IP_ADDRESS:69 +FreeBind=yes + +[Install] +WantedBy=sockets.target +EOF + +install -D -m 644 /dev/stdin "$ROOT"/etc/tftp-hpa.conf << EOF +TFTP_ROOT=$tftp_root +TFTP_OPTIONS="-v -v -v -v -v --map-file $tftp_root/map-file" +EOF + +install -D /dev/stdin -m 644 "$ROOT/$tftp_root"/map-file << EOF +r ^([^/]) $tftp_root\1 +r ^/tftpboot/ $tftp_root\2 +EOF + +cp "$ROOT"/usr/share/syslinux/pxelinux.0 "$ROOT/$tftp_root" diff --git a/openstack-keystone.configure b/openstack-keystone.configure new file mode 100644 index 00000000..6b011b14 --- /dev/null +++ b/openstack-keystone.configure @@ -0,0 +1,123 @@ +#!/bin/sh + +# Copyright (C) 2014-2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +ROOT="$1" + +enable(){ + ln -sf "/usr/lib/systemd/system/$1.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/$1.service" +} + +unnaceptable(){ + eval echo Unexpected value \$$1 for $1 >&2 + exit 1 +} + +check_bool(){ + case "$(eval echo \"\$$1\")" in + True|'') + eval "$1=true" + ;; + False) + eval "$1=false" + ;; + *) + unnaceptable "$1" + ;; + esac +} + +########################################################################## +# Check variables +########################################################################## + +check_bool KEYSTONE_ENABLE_SERVICE + +if ! "$KEYSTONE_ENABLE_SERVICE"; then + exit 0 +fi + +if [ -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" -o \ + -z "$KEYSTONE_ADMIN_PASSWORD" -o \ + -z "$KEYSTONE_DB_USER" -o \ + -z "$KEYSTONE_DB_PASSWORD" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$CONTROLLER_HOST_ADDRESS" ]; then + echo Some options required for Keystone were defined, but not all. + exit 1 +fi + +python <<'EOF' +import socket +import sys +import os + +try: + socket.inet_pton(socket.AF_INET, os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS']) +except: + print "Error: MANAGEMENT_INTERFACE_IP_ADDRESS is not a valid IP" + sys.exit(1) +EOF + +###################################### +# Enable relevant openstack services # +###################################### + +enable openstack-keystone-setup +enable openstack-horizon-setup +enable postgres-server-setup + +########################################################################## +# Generate configuration file +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/keystone.conf" +import os, sys, yaml + +keystone_configuration={ + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], + 'KEYSTONE_ADMIN_PASSWORD': os.environ['KEYSTONE_ADMIN_PASSWORD'], + 'KEYSTONE_DB_USER': os.environ['KEYSTONE_DB_USER'], + 'KEYSTONE_DB_PASSWORD': os.environ['KEYSTONE_DB_PASSWORD'], + 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'], + 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'], + 'RABBITMQ_USER': os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], +} + +yaml.dump(keystone_configuration, sys.stdout, default_flow_style=False) +EOF + +python << 'EOF' > "$OPENSTACK_DATA/postgres.conf" +import os, sys, yaml + +postgres_configuration={ + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], +} + +yaml.dump(postgres_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack-network.configure b/openstack-network.configure new file mode 100644 index 00000000..10be5a1c --- /dev/null +++ b/openstack-network.configure @@ -0,0 +1,50 @@ +#!/bin/sh + +# Copyright (C) 2014-2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +ROOT="$1" + +enable(){ + ln -sf "/usr/lib/systemd/system/$1.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/$1.service" +} + +################### +# Enable services # +################### + +enable openvswitch-setup +enable openstack-network-setup + +########################################################################## +# Generate config variable shell snippet +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/network.conf" +import os, sys, yaml + +network_configuration = {} + +optional_keys = ('EXTERNAL_INTERFACE',) + +network_configuration.update((k, os.environ[k]) for k in optional_keys if k in os.environ) + +yaml.dump(network_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack-neutron.configure b/openstack-neutron.configure new file mode 100644 index 00000000..210222db --- /dev/null +++ b/openstack-neutron.configure @@ -0,0 +1,138 @@ +#!/bin/sh + +# Copyright (C) 2014-2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +ROOT="$1" + +enable(){ + ln -sf "/usr/lib/systemd/system/openstack-neutron-$1.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-neutron-$1.service" +} + +unnaceptable(){ + eval echo Unexpected value \$$1 for $1 >&2 + exit 1 +} + +check_bool(){ + case "$(eval echo \"\$$1\")" in + True|'') + eval "$1=true" + ;; + False) + eval "$1=false" + ;; + *) + unnaceptable "$1" + ;; + esac +} + +########################################################################## +# Check variables +########################################################################## + +check_bool NEUTRON_ENABLE_CONTROLLER +check_bool NEUTRON_ENABLE_MANAGER +check_bool NEUTRON_ENABLE_AGENT + +if ! "$NEUTRON_ENABLE_CONTROLLER" && \ + ! "$NEUTRON_ENABLE_MANAGER" && \ + ! "$NEUTRON_ENABLE_AGENT"; then + exit 0 +fi + +if [ -z "$NEUTRON_SERVICE_USER" -o \ + -z "$NEUTRON_SERVICE_PASSWORD" -o \ + -z "$NEUTRON_DB_USER" -o \ + -z "$NEUTRON_DB_PASSWORD" -o \ + -z "$METADATA_PROXY_SHARED_SECRET" -o \ + -z "$NOVA_SERVICE_USER" -o \ + -z "$NOVA_SERVICE_PASSWORD" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$CONTROLLER_HOST_ADDRESS" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then + echo Some options required for Neutron were defined, but not all. + exit 1 +fi + +############################################# +# Ensure /var/run is an appropriate symlink # +############################################# + +if ! link="$(readlink "$ROOT/var/run")" || [ "$link" != ../run ]; then + rm -rf "$ROOT/var/run" + ln -s ../run "$ROOT/var/run" +fi + +################### +# Enable services # +################### + +if "$NEUTRON_ENABLE_CONTROLLER"; then + enable config-setup + enable db-setup + enable server +fi + +if "$NEUTRON_ENABLE_MANAGER"; then + enable config-setup + enable ovs-cleanup + enable dhcp-agent + enable l3-agent + enable plugin-openvswitch-agent + enable metadata-agent +fi + +if "$NEUTRON_ENABLE_AGENT"; then + enable config-setup + enable plugin-openvswitch-agent +fi + +########################################################################## +# Generate config variable shell snippet +########################################################################## + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/neutron.conf" +import os, sys, yaml + +nova_configuration={ + 'NEUTRON_SERVICE_USER': os.environ['NEUTRON_SERVICE_USER'], + 'NEUTRON_SERVICE_PASSWORD': os.environ['NEUTRON_SERVICE_PASSWORD'], + 'NEUTRON_DB_USER': os.environ['NEUTRON_DB_USER'], + 'NEUTRON_DB_PASSWORD': os.environ['NEUTRON_DB_PASSWORD'], + 'METADATA_PROXY_SHARED_SECRET': os.environ['METADATA_PROXY_SHARED_SECRET'], + 'NOVA_SERVICE_USER': os.environ['NOVA_SERVICE_USER'], + 'NOVA_SERVICE_PASSWORD': os.environ['NOVA_SERVICE_PASSWORD'], + 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'], + 'RABBITMQ_USER': os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], + 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], +} + +yaml.dump(nova_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack-nova.configure b/openstack-nova.configure new file mode 100644 index 00000000..213f1852 --- /dev/null +++ b/openstack-nova.configure @@ -0,0 +1,168 @@ +#!/bin/sh + +# Copyright (C) 2014-2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +ROOT="$1" + +enable(){ + ln -sf "/usr/lib/systemd/system/openstack-nova-$1.service" \ + "$ROOT/etc/systemd/system/multi-user.target.wants/openstack-nova-$1.service" +} + +unnaceptable(){ + eval echo Unexpected value \$$1 for $1 >&2 + exit 1 +} + +check_bool(){ + case "$(eval echo \"\$$1\")" in + True|'') + eval "$1=true" + ;; + False) + eval "$1=false" + ;; + *) + unnaceptable "$1" + ;; + esac +} + +########################################################################## +# Check variables +########################################################################## + +check_bool NOVA_ENABLE_CONTROLLER +check_bool NOVA_ENABLE_COMPUTE + +if ! "$NOVA_ENABLE_CONTROLLER" && \ + ! "$NOVA_ENABLE_COMPUTE"; then + exit 0 +fi + +if [ -z "$NOVA_SERVICE_USER" -o \ + -z "$NOVA_SERVICE_PASSWORD" -o \ + -z "$NOVA_DB_USER" -o \ + -z "$NOVA_DB_PASSWORD" -o \ + -z "$NOVA_VIRT_TYPE" -o \ + -z "$NEUTRON_SERVICE_USER" -o \ + -z "$NEUTRON_SERVICE_PASSWORD" -o \ + -z "$IRONIC_SERVICE_USER" -a \ + -z "$IRONIC_SERVICE_PASSWORD" -a \ + -z "$METADATA_PROXY_SHARED_SECRET" -o \ + -z "$RABBITMQ_HOST" -o \ + -z "$RABBITMQ_USER" -o \ + -z "$RABBITMQ_PASSWORD" -o \ + -z "$RABBITMQ_PORT" -o \ + -z "$CONTROLLER_HOST_ADDRESS" -o \ + -z "$MANAGEMENT_INTERFACE_IP_ADDRESS" -o \ + -z "$KEYSTONE_TEMPORARY_ADMIN_TOKEN" ]; then + echo Some options required for Nova were defined, but not all. + exit 1 +fi + +############################################### +# Enable libvirtd and libvirt-guests services # +############################################### + +wants_dir="$ROOT"/usr/lib/systemd/system/multi-user.target.wants +mkdir -p "$wants_dir" +mkdir -p "$ROOT"/var/lock/subsys +ln -sf ../libvirtd.service "$wants_dir/libvirtd.service" + +###################################### +# Enable relevant openstack services # +###################################### + +if "$NOVA_ENABLE_CONTROLLER" || "$NOVA_ENABLE_COMPUTE"; then + enable config-setup +fi +if "$NOVA_ENABLE_CONTROLLER" && ! "$NOVA_ENABLE_COMPUTE"; then + enable conductor +fi +if "$NOVA_ENABLE_COMPUTE"; then + enable compute +fi +if "$NOVA_ENABLE_CONTROLLER"; then + for service in db-setup api cert consoleauth novncproxy scheduler serialproxy; do + enable "$service" + done +fi + +########################################################################## +# Change iprange for the interal libvirt to avoid clashes +# with eth0 ip range +########################################################################## + +sed -i "s/192\.168\.122\./192\.168\.1\./g" \ + "$ROOT"/etc/libvirt/qemu/networks/default.xml + + +########################################################################## +# Generate configuration file +########################################################################## + +case "$NOVA_BAREMETAL_SCHEDULING" in + True|true|yes) + export COMPUTE_MANAGER=ironic.nova.compute.manager.ClusteredComputeManager + export RESERVED_HOST_MEMORY_MB=0 + export SCHEDULER_HOST_MANAGER=nova.scheduler.ironic_host_manager.IronicHostManager + export RAM_ALLOCATION_RATIO=1.0 + export COMPUTE_DRIVER=nova.virt.ironic.IronicDriver + ;; + *) + export COMPUTE_MANAGER=nova.compute.manager.ComputeManager + export RESERVED_HOST_MEMORY_MB=512 + export SCHEDULER_HOST_MANAGER=nova.scheduler.host_manager.HostManager + export RAM_ALLOCATION_RATIO=1.5 + export COMPUTE_DRIVER=libvirt.LibvirtDriver + ;; +esac + +OPENSTACK_DATA="$ROOT/etc/openstack" +mkdir -p "$OPENSTACK_DATA" + +python <<'EOF' >"$OPENSTACK_DATA/nova.conf" +import os, sys, yaml + +nova_configuration={ + 'NOVA_SERVICE_USER': os.environ['NOVA_SERVICE_USER'], + 'NOVA_SERVICE_PASSWORD': os.environ['NOVA_SERVICE_PASSWORD'], + 'NOVA_DB_USER': os.environ['NOVA_DB_USER'], + 'NOVA_DB_PASSWORD': os.environ['NOVA_DB_PASSWORD'], + 'NOVA_VIRT_TYPE': os.environ['NOVA_VIRT_TYPE'], + 'COMPUTE_MANAGER': os.environ['COMPUTE_MANAGER'], + 'RESERVED_HOST_MEMORY_MB': os.environ['RESERVED_HOST_MEMORY_MB'], + 'SCHEDULER_HOST_MANAGER': os.environ['SCHEDULER_HOST_MANAGER'], + 'RAM_ALLOCATION_RATIO': os.environ['RAM_ALLOCATION_RATIO'], + 'COMPUTE_DRIVER': os.environ['COMPUTE_DRIVER'], + 'NEUTRON_SERVICE_USER': os.environ['NEUTRON_SERVICE_USER'], + 'NEUTRON_SERVICE_PASSWORD': os.environ['NEUTRON_SERVICE_PASSWORD'], + 'IRONIC_SERVICE_USER': os.environ['IRONIC_SERVICE_USER'], + 'IRONIC_SERVICE_PASSWORD': os.environ['IRONIC_SERVICE_PASSWORD'], + 'METADATA_PROXY_SHARED_SECRET': os.environ['METADATA_PROXY_SHARED_SECRET'], + 'RABBITMQ_HOST': os.environ['RABBITMQ_HOST'], + 'RABBITMQ_USER': os.environ['RABBITMQ_USER'], + 'RABBITMQ_PASSWORD': os.environ['RABBITMQ_PASSWORD'], + 'RABBITMQ_PORT': os.environ['RABBITMQ_PORT'], + 'CONTROLLER_HOST_ADDRESS': os.environ['CONTROLLER_HOST_ADDRESS'], + 'MANAGEMENT_INTERFACE_IP_ADDRESS': os.environ['MANAGEMENT_INTERFACE_IP_ADDRESS'], + 'KEYSTONE_TEMPORARY_ADMIN_TOKEN': os.environ['KEYSTONE_TEMPORARY_ADMIN_TOKEN'], +} + +yaml.dump(nova_configuration, sys.stdout, default_flow_style=False) +EOF diff --git a/openstack-swift-controller.configure b/openstack-swift-controller.configure new file mode 100644 index 00000000..424ab57b --- /dev/null +++ b/openstack-swift-controller.configure @@ -0,0 +1,49 @@ +#!/bin/bash +# +# Copyright © 2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. + + +set -e + +export ROOT="$1" + +MANDATORY_OPTIONS="SWIFT_ADMIN_PASSWORD KEYSTONE_TEMPORARY_ADMIN_TOKEN" + +for option in $MANDATORY_OPTIONS +do + if ! [[ -v $option ]] + then + missing_option=True + echo "Required option $option isn't set!" >&2 + fi +done + +if [[ $missing_option = True ]]; then exit 1; fi + +mkdir -p "$ROOT/usr/lib/systemd/system/multi-user.target.wants" # ensure this exists before we make symlinks + +ln -s "/usr/lib/systemd/system/swift-controller-setup.service" \ + "$ROOT/usr/lib/systemd/system/multi-user.target.wants/swift-controller-setup.service" +ln -s "/usr/lib/systemd/system/memcached.service" \ + "$ROOT/usr/lib/systemd/system/multi-user.target.wants/memcached.service" +ln -s "/usr/lib/systemd/system/openstack-swift-proxy.service" \ + "$ROOT/usr/lib/systemd/system/multi-user.target.wants/swift-proxy.service" + +cat << EOF > "$ROOT"/usr/share/openstack/swift-controller-vars.yml +--- +SWIFT_ADMIN_PASSWORD: $SWIFT_ADMIN_PASSWORD +MANAGEMENT_INTERFACE_IP_ADDRESS: $MANAGEMENT_INTERFACE_IP_ADDRESS +KEYSTONE_TEMPORARY_ADMIN_TOKEN: $KEYSTONE_TEMPORARY_ADMIN_TOKEN +EOF diff --git a/openstack/etc/horizon/apache-horizon.conf b/openstack/etc/horizon/apache-horizon.conf new file mode 100644 index 00000000..ea88897a --- /dev/null +++ b/openstack/etc/horizon/apache-horizon.conf @@ -0,0 +1,34 @@ +<VirtualHost *:80> + WSGIScriptAlias /horizon /var/lib/horizon/openstack_dashboard/django.wsgi + WSGIDaemonProcess horizon user=horizon group=horizon processes=3 threads=10 home=/var/lib/horizon display-name=horizon + WSGIApplicationGroup %{GLOBAL} + + RedirectMatch ^/$ /horizon/ + + SetEnv APACHE_RUN_USER apache + SetEnv APACHE_RUN_GROUP apache + WSGIProcessGroup horizon + + DocumentRoot /var/lib/horizon/.blackhole + Alias /static /var/lib/horizon/openstack_dashboard/static + + <Directory /var/lib/horizon/openstack_dashboard > + Options Indexes FollowSymLinks MultiViews + AllowOverride None + # Apache 2.4 uses mod_authz_host for access control now (instead of + # "Allow") + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + </Directory> + + ErrorLog /var/log/httpd/horizon_error.log + LogLevel warn + CustomLog /var/log/httpd/horizon_access.log combined +</VirtualHost> + +WSGISocketPrefix /var/run/httpd diff --git a/openstack/etc/horizon/openstack_dashboard/local_settings.py b/openstack/etc/horizon/openstack_dashboard/local_settings.py new file mode 100644 index 00000000..febc3e70 --- /dev/null +++ b/openstack/etc/horizon/openstack_dashboard/local_settings.py @@ -0,0 +1,551 @@ +import os + +from django.utils.translation import ugettext_lazy as _ + +from openstack_dashboard import exceptions + +DEBUG = True +TEMPLATE_DEBUG = DEBUG + +STATIC_ROOT = "/var/lib/horizon/openstack_dashboard/static" + +# Required for Django 1.5. +# If horizon is running in production (DEBUG is False), set this +# with the list of host/domain names that the application can serve. +# For more information see: +# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts +#ALLOWED_HOSTS = ['horizon.example.com', ] +ALLOWED_HOSTS = ['*'] + +# Set SSL proxy settings: +# For Django 1.4+ pass this header from the proxy after terminating the SSL, +# and don't forget to strip it from the client's request. +# For more information see: +# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header +# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') + +# If Horizon is being served through SSL, then uncomment the following two +# settings to better secure the cookies from security exploits +#CSRF_COOKIE_SECURE = True +#SESSION_COOKIE_SECURE = True + +# Overrides for OpenStack API versions. Use this setting to force the +# OpenStack dashboard to use a specific API version for a given service API. +# NOTE: The version should be formatted as it appears in the URL for the +# service API. For example, The identity service APIs have inconsistent +# use of the decimal point, so valid options would be "2.0" or "3". +# OPENSTACK_API_VERSIONS = { +# "data_processing": 1.1, +# "identity": 3, +# "volume": 2 +# } + +# Set this to True if running on multi-domain model. When this is enabled, it +# will require user to enter the Domain name in addition to username for login. +# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False + +# Overrides the default domain used when running on single-domain model +# with Keystone V3. All entities will be created in the default domain. +# OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' + +# Set Console type: +# valid options would be "AUTO"(default), "VNC", "SPICE", "RDP" or None +# Set to None explicitly if you want to deactivate the console. +# CONSOLE_TYPE = "AUTO" + +# Default OpenStack Dashboard configuration. +HORIZON_CONFIG = { + 'user_home': 'openstack_dashboard.views.get_user_home', + 'ajax_queue_limit': 10, + 'auto_fade_alerts': { + 'delay': 3000, + 'fade_duration': 1500, + 'types': ['alert-success', 'alert-info'] + }, + 'help_url': "http://docs.openstack.org", + 'exceptions': {'recoverable': exceptions.RECOVERABLE, + 'not_found': exceptions.NOT_FOUND, + 'unauthorized': exceptions.UNAUTHORIZED}, + 'modal_backdrop': 'static', + 'angular_modules': [], + 'js_files': [], +} + +# Specify a regular expression to validate user passwords. +# HORIZON_CONFIG["password_validator"] = { +# "regex": '.*', +# "help_text": _("Your password does not meet the requirements.") +# } + +# Disable simplified floating IP address management for deployments with +# multiple floating IP pools or complex network requirements. +# HORIZON_CONFIG["simple_ip_management"] = False + +# Turn off browser autocompletion for forms including the login form and +# the database creation workflow if so desired. +# HORIZON_CONFIG["password_autocomplete"] = "off" + +# Setting this to True will disable the reveal button for password fields, +# including on the login form. +# HORIZON_CONFIG["disable_password_reveal"] = False + +#LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) + +LOCAL_PATH = "/var/lib/horizon" + +# Set custom secret key: +# You can either set it to a specific value or you can let horizon generate a +# default secret key that is unique on this machine, e.i. regardless of the +# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there +# may be situations where you would want to set this explicitly, e.g. when +# multiple dashboard instances are distributed on different machines (usually +# behind a load-balancer). Either you have to make sure that a session gets all +# requests routed to the same dashboard instance or you set the same SECRET_KEY +# for all of them. +from horizon.utils import secret_key +SECRET_KEY = secret_key.generate_or_read_from_file( + os.path.join(LOCAL_PATH, '.secret_key_store')) + +# We recommend you use memcached for development; otherwise after every reload +# of the django development server, you will have to login again. To use +# memcached set CACHES to something like +CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '127.0.0.1:11211', + } +} + +#CACHES = { +# 'default': { +# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache' +# } +#} + +# Send email to the console by default +EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' +# Or send them to /dev/null +#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' + +# Configure these for your outgoing email host +# EMAIL_HOST = 'smtp.my-company.com' +# EMAIL_PORT = 25 +# EMAIL_HOST_USER = 'djangomail' +# EMAIL_HOST_PASSWORD = 'top-secret!' + +# For multiple regions uncomment this configuration, and add (endpoint, title). +# AVAILABLE_REGIONS = [ +# ('http://cluster1.example.com:5000/v2.0', 'cluster1'), +# ('http://cluster2.example.com:5000/v2.0', 'cluster2'), +# ] + +OPENSTACK_HOST = "127.0.0.1" +OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST +OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" + +# Disable SSL certificate checks (useful for self-signed certificates): +# OPENSTACK_SSL_NO_VERIFY = True + +# The CA certificate to use to verify SSL connections +# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' + +# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the +# capabilities of the auth backend for Keystone. +# If Keystone has been configured to use LDAP as the auth backend then set +# can_edit_user to False and name to 'ldap'. +# +# TODO(tres): Remove these once Keystone has an API to identify auth backend. +OPENSTACK_KEYSTONE_BACKEND = { + 'name': 'native', + 'can_edit_user': True, + 'can_edit_group': True, + 'can_edit_project': True, + 'can_edit_domain': True, + 'can_edit_role': True +} + +#Setting this to True, will add a new "Retrieve Password" action on instance, +#allowing Admin session password retrieval/decryption. +#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False + +# The Xen Hypervisor has the ability to set the mount point for volumes +# attached to instances (other Hypervisors currently do not). Setting +# can_set_mount_point to True will add the option to set the mount point +# from the UI. +OPENSTACK_HYPERVISOR_FEATURES = { + 'can_set_mount_point': False, + 'can_set_password': False, +} + +# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional +# services provided by cinder that is not exposed by its extension API. +OPENSTACK_CINDER_FEATURES = { + 'enable_backup': False, +} + +# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional +# services provided by neutron. Options currently available are load +# balancer service, security groups, quotas, VPN service. +OPENSTACK_NEUTRON_NETWORK = { + 'enable_router': True, + 'enable_quotas': True, + 'enable_ipv6': True, + 'enable_distributed_router': False, + 'enable_ha_router': False, + 'enable_lb': True, + 'enable_firewall': True, + 'enable_vpn': True, + # The profile_support option is used to detect if an external router can be + # configured via the dashboard. When using specific plugins the + # profile_support can be turned on if needed. + 'profile_support': None, + #'profile_support': 'cisco', + # Set which provider network types are supported. Only the network types + # in this list will be available to choose from when creating a network. + # Network types include local, flat, vlan, gre, and vxlan. + 'supported_provider_types': ['*'], +} + +# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features +# in the OpenStack Dashboard related to the Image service, such as the list +# of supported image formats. +# OPENSTACK_IMAGE_BACKEND = { +# 'image_formats': [ +# ('', _('Select format')), +# ('aki', _('AKI - Amazon Kernel Image')), +# ('ami', _('AMI - Amazon Machine Image')), +# ('ari', _('ARI - Amazon Ramdisk Image')), +# ('iso', _('ISO - Optical Disk Image')), +# ('qcow2', _('QCOW2 - QEMU Emulator')), +# ('raw', _('Raw')), +# ('vdi', _('VDI')), +# ('vhd', _('VHD')), +# ('vmdk', _('VMDK')) +# ] +# } + +# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for +# image custom property attributes that appear on image detail pages. +IMAGE_CUSTOM_PROPERTY_TITLES = { + "architecture": _("Architecture"), + "kernel_id": _("Kernel ID"), + "ramdisk_id": _("Ramdisk ID"), + "image_state": _("Euca2ools state"), + "project_id": _("Project ID"), + "image_type": _("Image Type") +} + +# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image +# custom properties should not be displayed in the Image Custom Properties +# table. +IMAGE_RESERVED_CUSTOM_PROPERTIES = [] + +# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints +# in the Keystone service catalog. Use this setting when Horizon is running +# external to the OpenStack environment. The default is 'publicURL'. +#OPENSTACK_ENDPOINT_TYPE = "publicURL" + +# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the +# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints +# in the Keystone service catalog. Use this setting when Horizon is running +# external to the OpenStack environment. The default is None. This +# value should differ from OPENSTACK_ENDPOINT_TYPE if used. +#SECONDARY_ENDPOINT_TYPE = "publicURL" + +# The number of objects (Swift containers/objects or images) to display +# on a single page before providing a paging element (a "more" link) +# to paginate results. +API_RESULT_LIMIT = 1000 +API_RESULT_PAGE_SIZE = 20 + +# Specify a maximum number of items to display in a dropdown. +DROPDOWN_MAX_ITEMS = 30 + +# The timezone of the server. This should correspond with the timezone +# of your entire OpenStack installation, and hopefully be in UTC. +TIME_ZONE = "UTC" + +# When launching an instance, the menu of available flavors is +# sorted by RAM usage, ascending. If you would like a different sort order, +# you can provide another flavor attribute as sorting key. Alternatively, you +# can provide a custom callback method to use for sorting. You can also provide +# a flag for reverse sort. For more info, see +# http://docs.python.org/2/library/functions.html#sorted +# CREATE_INSTANCE_FLAVOR_SORT = { +# 'key': 'name', +# # or +# 'key': my_awesome_callback_method, +# 'reverse': False, +# } + +# The Horizon Policy Enforcement engine uses these values to load per service +# policy rule files. The content of these files should match the files the +# OpenStack services are using to determine role based access control in the +# target installation. + +# Path to directory containing policy.json files +#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf") +# Map of local copy of service policy files +#POLICY_FILES = { +# 'identity': 'keystone_policy.json', +# 'compute': 'nova_policy.json', +# 'volume': 'cinder_policy.json', +# 'image': 'glance_policy.json', +# 'orchestration': 'heat_policy.json', +# 'network': 'neutron_policy.json', +#} + +# Trove user and database extension support. By default support for +# creating users and databases on database instances is turned on. +# To disable these extensions set the permission here to something +# unusable such as ["!"]. +# TROVE_ADD_USER_PERMS = [] +# TROVE_ADD_DATABASE_PERMS = [] + +LOGGING = { + 'version': 1, + # When set to True this will disable all logging except + # for loggers specified in this configuration dictionary. Note that + # if nothing is specified here and disable_existing_loggers is True, + # django.db.backends will still log unless it is disabled explicitly. + 'disable_existing_loggers': False, + 'handlers': { + 'null': { + 'level': 'DEBUG', + 'class': 'django.utils.log.NullHandler', + }, + 'console': { + # Set the level to "DEBUG" for verbose output logging. + 'level': 'INFO', + 'class': 'logging.StreamHandler', + }, + }, + 'loggers': { + # Logging from django.db.backends is VERY verbose, send to null + # by default. + 'django.db.backends': { + 'handlers': ['null'], + 'propagate': False, + }, + 'requests': { + 'handlers': ['null'], + 'propagate': False, + }, + 'horizon': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'openstack_dashboard': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'novaclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'cinderclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'keystoneclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'glanceclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'neutronclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'heatclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'ceilometerclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'troveclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'swiftclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'openstack_auth': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'nose.plugins.manager': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'django': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'iso8601': { + 'handlers': ['null'], + 'propagate': False, + }, + 'scss': { + 'handlers': ['null'], + 'propagate': False, + }, + } +} + +# 'direction' should not be specified for all_tcp/udp/icmp. +# It is specified in the form. +SECURITY_GROUP_RULES = { + 'all_tcp': { + 'name': _('All TCP'), + 'ip_protocol': 'tcp', + 'from_port': '1', + 'to_port': '65535', + }, + 'all_udp': { + 'name': _('All UDP'), + 'ip_protocol': 'udp', + 'from_port': '1', + 'to_port': '65535', + }, + 'all_icmp': { + 'name': _('All ICMP'), + 'ip_protocol': 'icmp', + 'from_port': '-1', + 'to_port': '-1', + }, + 'ssh': { + 'name': 'SSH', + 'ip_protocol': 'tcp', + 'from_port': '22', + 'to_port': '22', + }, + 'smtp': { + 'name': 'SMTP', + 'ip_protocol': 'tcp', + 'from_port': '25', + 'to_port': '25', + }, + 'dns': { + 'name': 'DNS', + 'ip_protocol': 'tcp', + 'from_port': '53', + 'to_port': '53', + }, + 'http': { + 'name': 'HTTP', + 'ip_protocol': 'tcp', + 'from_port': '80', + 'to_port': '80', + }, + 'pop3': { + 'name': 'POP3', + 'ip_protocol': 'tcp', + 'from_port': '110', + 'to_port': '110', + }, + 'imap': { + 'name': 'IMAP', + 'ip_protocol': 'tcp', + 'from_port': '143', + 'to_port': '143', + }, + 'ldap': { + 'name': 'LDAP', + 'ip_protocol': 'tcp', + 'from_port': '389', + 'to_port': '389', + }, + 'https': { + 'name': 'HTTPS', + 'ip_protocol': 'tcp', + 'from_port': '443', + 'to_port': '443', + }, + 'smtps': { + 'name': 'SMTPS', + 'ip_protocol': 'tcp', + 'from_port': '465', + 'to_port': '465', + }, + 'imaps': { + 'name': 'IMAPS', + 'ip_protocol': 'tcp', + 'from_port': '993', + 'to_port': '993', + }, + 'pop3s': { + 'name': 'POP3S', + 'ip_protocol': 'tcp', + 'from_port': '995', + 'to_port': '995', + }, + 'ms_sql': { + 'name': 'MS SQL', + 'ip_protocol': 'tcp', + 'from_port': '1433', + 'to_port': '1433', + }, + 'mysql': { + 'name': 'MYSQL', + 'ip_protocol': 'tcp', + 'from_port': '3306', + 'to_port': '3306', + }, + 'rdp': { + 'name': 'RDP', + 'ip_protocol': 'tcp', + 'from_port': '3389', + 'to_port': '3389', + }, +} + +# Deprecation Notice: +# +# The setting FLAVOR_EXTRA_KEYS has been deprecated. +# Please load extra spec metadata into the Glance Metadata Definition Catalog. +# +# The sample quota definitions can be found in: +# <glance_source>/etc/metadefs/compute-quota.json +# +# The metadata definition catalog supports CLI and API: +# $glance --os-image-api-version 2 help md-namespace-import +# $glance-manage db_load_metadefs <directory_with_definition_files> +# +# See Metadata Definitions on: http://docs.openstack.org/developer/glance/ + +# Indicate to the Sahara data processing service whether or not +# automatic floating IP allocation is in effect. If it is not +# in effect, the user will be prompted to choose a floating IP +# pool for use in their cluster. False by default. You would want +# to set this to True if you were running Nova Networking with +# auto_assign_floating_ip = True. +# SAHARA_AUTO_IP_ALLOCATION_ENABLED = False + +# The hash algorithm to use for authentication tokens. This must +# match the hash algorithm that the identity server and the +# auth_token middleware are using. Allowed values are the +# algorithms supported by Python's hashlib library. +# OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5' +LOGIN_URL='/horizon/auth/login/' +LOGOUT_URL='/horizon/auth/logout/' +LOGIN_REDIRECT_URL='/horizon/' diff --git a/openstack/etc/tempest/tempest.conf b/openstack/etc/tempest/tempest.conf new file mode 100644 index 00000000..05f0eca1 --- /dev/null +++ b/openstack/etc/tempest/tempest.conf @@ -0,0 +1,1116 @@ +[DEFAULT] + +# +# From tempest.config +# + +# Whether to disable inter-process locks (boolean value) +#disable_process_locking = false + +# Directory to use for lock files. (string value) +lock_path = /run/lock + +# +# From tempest.config +# + +# Print debugging output (set logging level to DEBUG instead of +# default WARNING level). (boolean value) +#debug = false + +# Print more verbose output (set logging level to INFO instead of +# default WARNING level). (boolean value) +#verbose = false + +# +# From tempest.config +# + +# The name of a logging configuration file. This file is appended to +# any existing logging configuration files. For details about logging +# configuration files, see the Python logging module documentation. +# (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append = <None> + +# Format string for %%(asctime)s in log records. Default: %(default)s +# . (string value) +#log_date_format = %Y-%m-%d %H:%M:%S + +# (Optional) The base directory used for relative --log-file paths. +# (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir = <None> + +# (Optional) Name of log file to output to. If no default is set, +# logging will go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file = <None> + +# DEPRECATED. A logging.Formatter log message format string which may +# use any of the available logging.LogRecord attributes. This option +# is deprecated. Please use logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format = <None> + +# Syslog facility to receive log lines. (string value) +#syslog_log_facility = LOG_USER + +# Use syslog for logging. Existing syslog format is DEPRECATED during +# I, and will change in J to honor RFC5424. (boolean value) +use_syslog = true + +# (Optional) Enables or disables syslog rfc5424 format for logging. If +# enabled, prefixes the MSG part of the syslog message with APP-NAME +# (RFC5424). The format without the APP-NAME is deprecated in I, and +# will be removed in J. (boolean value) +#use_syslog_rfc_format = false + +# +# From tempest.config +# + +# Log output to standard error. (boolean value) +#use_stderr = true + +# +# From tempest.config +# + +# List of logger=LEVEL pairs. (list value) +#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN + +# Enables or disables fatal status of deprecations. (boolean value) +#fatal_deprecations = false + +# The format for an instance that is passed with the log message. +# (string value) +#instance_format = "[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log message. +# (string value) +#instance_uuid_format = "[instance: %(uuid)s] " + +# Format string to use for log messages with context. (string value) +#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG. (string value) +#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d + +# Format string to use for log messages without context. (string +# value) +#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Prefix each line of exception output with this format. (string +# value) +#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# Enables or disables publication of error events. (boolean value) +#publish_errors = false + + +[auth] + +# +# From tempest.config +# + +# Allows test cases to create/destroy tenants and users. This option +# requires that OpenStack Identity API admin credentials are known. If +# false, isolated test cases and parallel execution, can still be +# achieved configuring a list of test accounts (boolean value) +# Deprecated group/name - [compute]/allow_tenant_isolation +# Deprecated group/name - [orchestration]/allow_tenant_isolation +allow_tenant_isolation = true + +# If set to True it enables the Accounts provider, which locks +# credentials to allow for parallel execution with pre-provisioned +# accounts. It can only be used to run tests that ensure credentials +# cleanup happens. It requires at least `2 * CONC` distinct accounts +# configured in `test_accounts_file`, with CONC == the number of +# concurrent test processes. (boolean value) +#locking_credentials_provider = false + +# Path to the yaml file that contains the list of credentials to use +# for running tests (string value) +#test_accounts_file = etc/accounts.yaml + + +[baremetal] + +# +# From tempest.config +# + +# Timeout for Ironic node to completely provision (integer value) +#active_timeout = 300 + +# Timeout for association of Nova instance and Ironic node (integer +# value) +#association_timeout = 30 + +# Catalog type of the baremetal provisioning service (string value) +#catalog_type = baremetal + +# Driver name which Ironic uses (string value) +#driver = fake + +# Whether the Ironic nova-compute driver is enabled (boolean value) +#driver_enabled = false + +# The endpoint type to use for the baremetal provisioning service +# (string value) +#endpoint_type = publicURL + +# Timeout for Ironic power transitions. (integer value) +#power_timeout = 60 + +# Timeout for unprovisioning an Ironic node. (integer value) +#unprovision_timeout = 60 + + +[boto] + +# +# From tempest.config +# + +# AKI Kernel Image manifest (string value) +#aki_manifest = cirros-0.3.0-x86_64-vmlinuz.manifest.xml + +# AMI Machine Image manifest (string value) +#ami_manifest = cirros-0.3.0-x86_64-blank.img.manifest.xml + +# ARI Ramdisk Image manifest (string value) +#ari_manifest = cirros-0.3.0-x86_64-initrd.manifest.xml + +# AWS Access Key (string value) +#aws_access = <None> + +# AWS Secret Key (string value) +#aws_secret = <None> + +# AWS Zone for EC2 tests (string value) +#aws_zone = nova + +# Status Change Test Interval (integer value) +#build_interval = 1 + +# Status Change Timeout (integer value) +#build_timeout = 60 + +# EC2 URL (string value) +#ec2_url = http://localhost:8773/services/Cloud + +# boto Http socket timeout (integer value) +#http_socket_timeout = 3 + +# Instance type (string value) +#instance_type = m1.tiny + +# boto num_retries on error (integer value) +#num_retries = 1 + +# S3 Materials Path (string value) +#s3_materials_path = /opt/stack/devstack/files/images/s3-materials/cirros-0.3.0 + +# S3 URL (string value) +#s3_url = http://localhost:8080 + + +[cli] + +# +# From tempest.config +# + +# directory where python client binaries are located (string value) +cli_dir = /usr/bin + +# enable cli tests (boolean value) +#enabled = true + +# Whether the tempest run location has access to the *-manage +# commands. In a pure blackbox environment it will not. (boolean +# value) +#has_manage = true + +# Number of seconds to wait on a CLI timeout (integer value) +#timeout = 15 + + +[compute] + +# +# From tempest.config +# + +# Time in seconds between build status checks. (integer value) +#build_interval = 1 + +# Timeout in seconds to wait for an instance to build. (integer value) +#build_timeout = 300 + +# Catalog type of the Compute service. (string value) +#catalog_type = compute + +# Catalog type of the Compute v3 service. (string value) +#catalog_v3_type = computev3 + +# The endpoint type to use for the compute service. (string value) +#endpoint_type = publicURL + +# Visible fixed network name (string value) +#fixed_network_name = private + +# Valid primary flavor to use in tests. (string value) +#flavor_ref = 1 + +# Valid secondary flavor to be used in tests. (string value) +#flavor_ref_alt = 2 + +# Unallocated floating IP range, which will be used to test the +# floating IP bulk feature for CRUD operation. (string value) +#floating_ip_range = 10.0.0.0/29 + +# Password used to authenticate to an instance using the alternate +# image. (string value) +#image_alt_ssh_password = password + +# User name used to authenticate to an instance using the alternate +# image. (string value) +#image_alt_ssh_user = root + +# Valid primary image reference to be used in tests. This is a +# required option (string value) +#image_ref = <None> + +# Valid secondary image reference to be used in tests. This is a +# required option, but if only one image is available duplicate the +# value of image_ref above (string value) +#image_ref_alt = <None> + +# Password used to authenticate to an instance. (string value) +#image_ssh_password = password + +# User name used to authenticate to an instance. (string value) +#image_ssh_user = root + +# IP version used for SSH connections. (integer value) +#ip_version_for_ssh = 4 + +# Network used for SSH connections. (string value) +#network_for_ssh = public + +# Path to a private key file for SSH access to remote hosts (string +# value) +#path_to_private_key = <None> + +# Timeout in seconds to wait for ping to succeed. (integer value) +#ping_timeout = 120 + +# Additional wait time for clean state, when there is no OS-EXT-STS +# extension available (integer value) +#ready_wait = 0 + +# The compute region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + +# Should the tests ssh to instances? (boolean value) +#run_ssh = false + +# Time in seconds before a shelved instance is eligible for removing +# from a host. -1 never offload, 0 offload when shelved. This time +# should be the same as the time of nova.conf, and some tests will run +# for as long as the time. (integer value) +#shelved_offload_time = 0 + +# Auth method used for authenticate to the instance. Valid choices +# are: keypair, configured, adminpass. keypair: start the servers with +# an ssh keypair. configured: use the configured user and password. +# adminpass: use the injected adminPass. disabled: avoid using ssh +# when it is an option. (string value) +#ssh_auth_method = keypair + +# Timeout in seconds to wait for output from ssh channel. (integer +# value) +#ssh_channel_timeout = 60 + +# How to connect to the instance? fixed: using the first ip belongs +# the fixed network floating: creating and using a floating ip (string +# value) +#ssh_connect_method = fixed + +# Timeout in seconds to wait for authentication to succeed. (integer +# value) +#ssh_timeout = 300 + +# User name used to authenticate to an instance. (string value) +#ssh_user = root + +# Does SSH use Floating IPs? (boolean value) +#use_floatingip_for_ssh = true + +# Expected device name when a volume is attached to an instance +# (string value) +#volume_device_name = vdb + + +[compute-admin] + +# +# From tempest.config +# + +# Domain name for authentication as admin (Keystone V3).The same +# domain applies to user and project (string value) +#domain_name = <None> + +# API key to use when authenticating as admin. (string value) +password = {{ NOVA_SERVICE_PASSWORD }} + +# Administrative Tenant name to use for Nova API requests. (string +# value) +tenant_name = service + +# Administrative Username to use for Nova API requests. (string value) +username = {{ NOVA_SERVICE_USER }} + + +[compute-feature-enabled] + +# +# From tempest.config +# + +# A list of enabled compute extensions with a special entry all which +# indicates every extension is enabled. Each extension should be +# specified with alias name. Empty list indicates all extensions are +# disabled (list value) +#api_extensions = all + +# If false, skip all nova v3 tests. (boolean value) +api_v3 = false + +# A list of enabled v3 extensions with a special entry all which +# indicates every extension is enabled. Each extension should be +# specified with alias name. Empty list indicates all extensions are +# disabled (list value) +#api_v3_extensions = all + +# Does the test environment block migration support cinder iSCSI +# volumes (boolean value) +#block_migrate_cinder_iscsi = false + +# Does the test environment use block devices for live migration +# (boolean value) +#block_migration_for_live_migration = false + +# Does the test environment support changing the admin password? +# (boolean value) +#change_password = false + +# Does the test environment support obtaining instance serial console +# output? (boolean value) +#console_output = true + +# If false, skip disk config tests (boolean value) +#disk_config = true + +# Enables returning of the instance password by the relevant server +# API calls such as create, rebuild or rescue. (boolean value) +#enable_instance_password = true + +# Does the test environment support dynamic network interface +# attachment? (boolean value) +#interface_attach = true + +# Does the test environment support live migration available? (boolean +# value) +#live_migration = false + +# Does the test environment support pausing? (boolean value) +#pause = true + +# Enable RDP console. This configuration value should be same as +# [nova.rdp]->enabled in nova.conf (boolean value) +#rdp_console = false + +# Does the test environment support instance rescue mode? (boolean +# value) +#rescue = true + +# Does the test environment support resizing? (boolean value) +#resize = false + +# Does the test environment support shelving/unshelving? (boolean +# value) +#shelve = true + +# Does the test environment support creating snapshot images of +# running instances? (boolean value) +snapshot = true + +# Enable Spice console. This configuration value should be same as +# [nova.spice]->enabled in nova.conf (boolean value) +spice_console = false + +# Does the test environment support suspend/resume? (boolean value) +#suspend = true + +# Enable VNC console. This configuration value should be same as +# [nova.vnc]->vnc_enabled in nova.conf (boolean value) +vnc_console = true + +# If false skip all v2 api tests with xml (boolean value) +#xml_api_v2 = true + + +[dashboard] + +# +# From tempest.config +# + +# Where the dashboard can be found (string value) +dashboard_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon + +# Login page for the dashboard (string value) +login_url = http://{{ CONTROLLER_HOST_ADDRESS }}/horizon/auth/login/ + + +[data_processing] + +# +# From tempest.config +# + +# Catalog type of the data processing service. (string value) +#catalog_type = data_processing + +# The endpoint type to use for the data processing service. (string +# value) +#endpoint_type = publicURL + + +[database] + +# +# From tempest.config +# + +# Catalog type of the Database service. (string value) +#catalog_type = database + +# Current database version to use in database tests. (string value) +#db_current_version = v1.0 + +# Valid primary flavor to use in database tests. (string value) +#db_flavor_ref = 1 + + +[debug] + +# +# From tempest.config +# + +# Enable diagnostic commands (boolean value) +#enable = true + +# A regex to determine which requests should be traced. This is a +# regex to match the caller for rest client requests to be able to +# selectively trace calls out of specific classes and methods. It +# largely exists for test development, and is not expected to be used +# in a real deploy of tempest. This will be matched against the +# discovered ClassName:method in the test environment. Expected +# values for this field are: * ClassName:test_method_name - traces +# one test_method * ClassName:setUp(Class) - traces specific setup +# functions * ClassName:tearDown(Class) - traces specific teardown +# functions * ClassName:_run_cleanups - traces the cleanup functions +# If nothing is specified, this feature is not enabled. To trace +# everything specify .* as the regex. (string value) +#trace_requests = + + +[identity] + +# +# From tempest.config +# + +# Admin domain name for authentication (Keystone V3).The same domain +# applies to user and project (string value) +#admin_domain_name = <None> + +# API key to use when authenticating as admin. (string value) +admin_password = {{ KEYSTONE_ADMIN_PASSWORD }} + +# Role required to administrate keystone. (string value) +admin_role = admin + +# Administrative Tenant name to use for Keystone API requests. (string +# value) +admin_tenant_name = admin + +# Administrative Username to use for Keystone API requests. (string +# value) +admin_username = admin + +# Alternate domain name for authentication (Keystone V3).The same +# domain applies to user and project (string value) +#alt_domain_name = <None> + +# API key to use when authenticating as alternate user. (string value) +#alt_password = <None> + +# Alternate user's Tenant name to use for Nova API requests. (string +# value) +#alt_tenant_name = <None> + +# Username of alternate user to use for Nova API requests. (string +# value) +#alt_username = <None> + +# Identity API version to be used for authentication for API tests. +# (string value) +auth_version = v2 + +# Catalog type of the Identity service. (string value) +catalog_type = identity + +# Set to True if using self-signed SSL certificates. (boolean value) +#disable_ssl_certificate_validation = false + +# Domain name for authentication (Keystone V3).The same domain applies +# to user and project (string value) +#domain_name = <None> + +# The endpoint type to use for the identity service. (string value) +#endpoint_type = publicURL + +# API key to use when authenticating. (string value) +password = {{ NOVA_SERVICE_PASSWORD }} + +# The identity region name to use. Also used as the other services' +# region name unless they are set explicitly. If no such region is +# found in the service catalog, the first found one is used. (string +# value) +#region = RegionOne + +# Tenant name to use for Nova API requests. (string value) +tenant_name = service + +# Full URI of the OpenStack Identity API (Keystone), v2 (string value) +uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0/ + +# Full URI of the OpenStack Identity API (Keystone), v3 (string value) +# +# Tempest complains if we don't set any uri_v3, even if it's disabled. +uri_v3 = <None> + +# Username to use for Nova API requests. (string value) +username = {{ NOVA_SERVICE_USER }} + + +[identity-feature-enabled] + +# +# From tempest.config +# + +# Is the v2 identity API enabled (boolean value) +api_v2 = true + +# Is the v3 identity API enabled (boolean value) +api_v3 = false + +# Does the identity service have delegation and impersonation enabled +# (boolean value) +#trust = true + + +[image] + +# +# From tempest.config +# + +# Catalog type of the Image service. (string value) +catalog_type = image + +# The endpoint type to use for the image service. (string value) +endpoint_type = publicURL + +# http accessible image (string value) +http_image = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-uec.tar.gz + +# The image region name to use. If empty, the value of identity.region +# is used instead. If no such region is found in the service catalog, +# the first found one is used. (string value) +#region = + + +[image-feature-enabled] + +# +# From tempest.config +# + +# Is the v1 image API enabled (boolean value) +#api_v1 = true + +# Is the v2 image API enabled (boolean value) +api_v2 = true + + +[input-scenario] + +# +# From tempest.config +# + +# Matching flavors become parameters for scenario tests (string value) +#flavor_regex = ^m1.nano$ + +# Matching images become parameters for scenario tests (string value) +#image_regex = ^cirros-0.3.1-x86_64-uec$ + +# SSH verification in tests is skippedfor matching images (string +# value) +#non_ssh_image_regex = ^.*[Ww]in.*$ + +# List of user mapped to regex to matching image names. (string value) +#ssh_user_regex = [["^.*[Cc]irros.*$", "root"]] + + +[messaging] + +# +# From tempest.config +# + +# Catalog type of the Messaging service. (string value) +#catalog_type = messaging + +# The maximum grace period for a claim (integer value) +#max_claim_grace = 43200 + +# The maximum ttl for a claim (integer value) +#max_claim_ttl = 43200 + +# The maximum size of a message body (integer value) +#max_message_size = 262144 + +# The maximum ttl for a message (integer value) +#max_message_ttl = 1209600 + +# The maximum number of messages per claim (integer value) +#max_messages_per_claim = 20 + +# The maximum number of queue message per page when listing (or) +# posting messages (integer value) +#max_messages_per_page = 20 + +# The maximum metadata size for a queue (integer value) +#max_queue_metadata = 65536 + +# The maximum number of queue records per page when listing queues +# (integer value) +#max_queues_per_page = 20 + + +[negative] + +# +# From tempest.config +# + +# Test generator class for all negative tests (string value) +#test_generator = tempest.common.generator.negative_generator.NegativeTestGenerator + + +[network] + +# +# From tempest.config +# + +# Time in seconds between network operation status checks. (integer +# value) +#build_interval = 1 + +# Timeout in seconds to wait for network operation to complete. +# (integer value) +#build_timeout = 300 + +# Catalog type of the Neutron service. (string value) +#catalog_type = network + +# List of dns servers whichs hould be used for subnet creation (list +# value) +#dns_servers = 8.8.8.8,8.8.4.4 + +# The endpoint type to use for the network service. (string value) +#endpoint_type = publicURL + +# Id of the public network that provides external connectivity (string +# value) +#public_network_id = + +# Id of the public router that provides external connectivity (string +# value) +#public_router_id = + +# The network region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + +# The cidr block to allocate tenant ipv4 subnets from (string value) +#tenant_network_cidr = 10.100.0.0/16 + +# The mask bits for tenant ipv4 subnets (integer value) +#tenant_network_mask_bits = 28 + +# The cidr block to allocate tenant ipv6 subnets from (string value) +#tenant_network_v6_cidr = 2003::/48 + +# The mask bits for tenant ipv6 subnets (integer value) +#tenant_network_v6_mask_bits = 64 + +# Whether tenant network connectivity should be evaluated directly +# (boolean value) +#tenant_networks_reachable = false + + +[network-feature-enabled] + +# +# From tempest.config +# + +# A list of enabled network extensions with a special entry all which +# indicates every extension is enabled. Empty list indicates all +# extensions are disabled (list value) +#api_extensions = all + +# Allow the execution of IPv6 tests (boolean value) +#ipv6 = true + +# Allow the execution of IPv6 subnet tests that use the extended IPv6 +# attributes ipv6_ra_mode and ipv6_address_mode (boolean value) +#ipv6_subnet_attributes = false + + +[object-storage] + +# +# From tempest.config +# + +# Catalog type of the Object-Storage service. (string value) +#catalog_type = object-store + +# Number of seconds to wait while looping to check the status of a +# container to container synchronization (integer value) +#container_sync_interval = 5 + +# Number of seconds to time on waiting for a container to container +# synchronization complete. (integer value) +#container_sync_timeout = 120 + +# The endpoint type to use for the object-store service. (string +# value) +#endpoint_type = publicURL + +# Role to add to users created for swift tests to enable creating +# containers (string value) +#operator_role = Member + +# The object-storage region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + +# User role that has reseller admin (string value) +#reseller_admin_role = ResellerAdmin + + +[object-storage-feature-enabled] + +# +# From tempest.config +# + +# Execute (old style) container-sync tests (boolean value) +#container_sync = true + +# Execute discoverability tests (boolean value) +#discoverability = true + +# A list of the enabled optional discoverable apis. A single entry, +# all, indicates that all of these features are expected to be enabled +# (list value) +#discoverable_apis = all + +# Execute object-versioning tests (boolean value) +#object_versioning = true + + +[orchestration] + +# +# From tempest.config +# + +# Time in seconds between build status checks. (integer value) +#build_interval = 1 + +# Timeout in seconds to wait for a stack to build. (integer value) +#build_timeout = 1200 + +# Catalog type of the Orchestration service. (string value) +#catalog_type = orchestration + +# The endpoint type to use for the orchestration service. (string +# value) +#endpoint_type = publicURL + +# Name of heat-cfntools enabled image to use when launching test +# instances. (string value) +#image_ref = <None> + +# Instance type for tests. Needs to be big enough for a full OS plus +# the test workload (string value) +#instance_type = m1.micro + +# Name of existing keypair to launch servers with. (string value) +#keypair_name = <None> + +# Value must match heat configuration of the same name. (integer +# value) +#max_resources_per_stack = 1000 + +# Value must match heat configuration of the same name. (integer +# value) +#max_template_size = 524288 + +# The orchestration region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + + +[scenario] + +# +# From tempest.config +# + +# AKI image file name (string value) +#aki_img_file = cirros-0.3.1-x86_64-vmlinuz + +# AMI image file name (string value) +#ami_img_file = cirros-0.3.1-x86_64-blank.img + +# ARI image file name (string value) +#ari_img_file = cirros-0.3.1-x86_64-initrd + +# Image container format (string value) +#img_container_format = bare + +# Directory containing image files (string value) +#img_dir = /opt/stack/new/devstack/files/images/cirros-0.3.1-x86_64-uec + +# Image disk format (string value) +#img_disk_format = qcow2 + +# Image file name (string value) +# Deprecated group/name - [DEFAULT]/qcow2_img_file +#img_file = cirros-0.3.1-x86_64-disk.img + +# specifies how many resources to request at once. Used for large +# operations testing. (integer value) +#large_ops_number = 0 + +# ssh username for the image file (string value) +#ssh_user = cirros + + +[service_available] + +# +# From tempest.config +# + +# Whether or not Ceilometer is expected to be available (boolean +# value) +ceilometer = false + +# Whether or not cinder is expected to be available (boolean value) +cinder = true + +# Whether or not glance is expected to be available (boolean value) +glance = true + +# Whether or not Heat is expected to be available (boolean value) +heat = false + +# Whether or not Horizon is expected to be available (boolean value) +horizon = true + +# Whether or not Ironic is expected to be available (boolean value) +ironic = false + +# Whether or not neutron is expected to be available (boolean value) +neutron = true + +# Whether or not nova is expected to be available (boolean value) +nova = true + +# Whether or not Sahara is expected to be available (boolean value) +sahara = false + +# Whether or not swift is expected to be available (boolean value) +swift = false + +# Whether or not Trove is expected to be available (boolean value) +trove = false + +# Whether or not Zaqar is expected to be available (boolean value) +zaqar = false + + +[stress] + +# +# From tempest.config +# + +# Controller host. (string value) +#controller = <None> + +# The number of threads created while stress test. (integer value) +#default_thread_number_per_action = 4 + +# Allows a full cleaning process after a stress test. Caution : this +# cleanup will remove every objects of every tenant. (boolean value) +#full_clean_stack = false + +# Prevent the cleaning (tearDownClass()) between each stress test run +# if an exception occurs during this run. (boolean value) +#leave_dirty_stack = false + +# time (in seconds) between log file error checks. (integer value) +#log_check_interval = 60 + +# Maximum number of instances to create during test. (integer value) +#max_instances = 16 + +# Directory containing log files on the compute nodes (string value) +#nova_logdir = <None> + +# Controller host. (string value) +#target_controller = <None> + +# regexp for list of log files. (string value) +#target_logfiles = <None> + +# Path to private key. (string value) +#target_private_key_path = <None> + +# ssh user. (string value) +#target_ssh_user = <None> + + +[telemetry] + +# +# From tempest.config +# + +# Catalog type of the Telemetry service. (string value) +#catalog_type = metering + +# The endpoint type to use for the telemetry service. (string value) +#endpoint_type = publicURL + +# This variable is used as flag to enable notification tests (boolean +# value) +#too_slow_to_test = true + + +[volume] + +# +# From tempest.config +# + +# Name of the backend1 (must be declared in cinder.conf) (string +# value) +backend1_name = LVM_iSCSI + +# Name of the backend2 (must be declared in cinder.conf) (string +# value) +#backend2_name = BACKEND_2 + +# Time in seconds between volume availability checks. (integer value) +#build_interval = 1 + +# Timeout in seconds to wait for a volume to become available. +# (integer value) +#build_timeout = 300 + +# Catalog type of the Volume Service (string value) +catalog_type = volume + +# Disk format to use when copying a volume to image (string value) +disk_format = raw + +# The endpoint type to use for the volume service. (string value) +endpoint_type = publicURL + +# The volume region name to use. If empty, the value of +# identity.region is used instead. If no such region is found in the +# service catalog, the first found one is used. (string value) +#region = + +# Backend protocol to target when creating volume types (string value) +storage_protocol = iSCSI + +# Backend vendor to target when creating volume types (string value) +#vendor_name = Open Source + +# Default size in GB for volumes created by volumes tests (integer +# value) +volume_size = 1 + + +[volume-feature-enabled] + +# +# From tempest.config +# + +# A list of enabled volume extensions with a special entry all which +# indicates every extension is enabled. Empty list indicates all +# extensions are disabled (list value) +#api_extensions = all + +# Is the v1 volume API enabled (boolean value) +api_v1 = true + +# Is the v2 volume API enabled (boolean value) +api_v2 = true + +# Runs Cinder volumes backup test (boolean value) +backup = true + +# Runs Cinder multi-backend test (requires 2 backends) (boolean value) +multi_backend = false + +# Runs Cinder volume snapshot test (boolean value) +snapshot = true diff --git a/openstack/manifest b/openstack/manifest new file mode 100644 index 00000000..aa4d5430 --- /dev/null +++ b/openstack/manifest @@ -0,0 +1,190 @@ +0040755 0 0 /etc/horizon +0100644 0 0 /etc/horizon/apache-horizon.conf +0040755 0 0 /etc/horizon/openstack_dashboard +0100644 0 0 /etc/horizon/openstack_dashboard/local_settings.py +template 0100644 0 0 /etc/tempest/tempest.conf +0040755 0 0 /usr/share/openstack +0100644 0 0 /usr/share/openstack/hosts +0040755 0 0 /usr/share/openstack/ceilometer +0100644 0 0 /usr/share/openstack/ceilometer-config.yml +0100644 0 0 /usr/share/openstack/ceilometer-db.yml +0100644 0 0 /usr/share/openstack/ceilometer/ceilometer.conf +0040755 0 0 /usr/share/openstack/cinder +0100644 0 0 /usr/share/openstack/cinder-config.yml +0100644 0 0 /usr/share/openstack/cinder-db.yml +0100644 0 0 /usr/share/openstack/cinder-lvs.yml +0100644 0 0 /usr/share/openstack/cinder/cinder.conf +0100644 0 0 /usr/share/openstack/cinder/api-paste.ini +0100644 0 0 /usr/share/openstack/cinder/policy.json +0040755 0 0 /usr/share/openstack/extras +0100644 0 0 /usr/share/openstack/extras/00-disable-device.network +0100644 0 0 /usr/share/openstack/extras/60-device-dhcp.network +0100644 0 0 /usr/share/openstack/glance.yml +0040755 0 0 /usr/share/openstack/glance +0100644 0 0 /usr/share/openstack/glance/logging.conf +0100644 0 0 /usr/share/openstack/glance/glance-api.conf +0100644 0 0 /usr/share/openstack/glance/glance-registry.conf +0100644 0 0 /usr/share/openstack/glance/glance-scrubber.conf +0100644 0 0 /usr/share/openstack/glance/glance-cache.conf +0100644 0 0 /usr/share/openstack/glance/schema-image.json +0100644 0 0 /usr/share/openstack/glance/policy.json +0100644 0 0 /usr/share/openstack/glance/glance-api-paste.ini +0100644 0 0 /usr/share/openstack/glance/glance-registry-paste.ini +0100644 0 0 /usr/share/openstack/horizon.yml +0040755 0 0 /usr/share/openstack/ironic +0100644 0 0 /usr/share/openstack/ironic.yml +0100644 0 0 /usr/share/openstack/ironic/ironic.conf +0100644 0 0 /usr/share/openstack/ironic/policy.json +0100644 0 0 /usr/share/openstack/iscsi.yml +0100644 0 0 /usr/share/openstack/keystone.yml +0040755 0 0 /usr/share/openstack/keystone +0100644 0 0 /usr/share/openstack/keystone/logging.conf +0100644 0 0 /usr/share/openstack/keystone/keystone.conf +0100644 0 0 /usr/share/openstack/keystone/policy.json +0100644 0 0 /usr/share/openstack/keystone/keystone-paste.ini +0100644 0 0 /usr/share/openstack/network.yml +0040755 0 0 /usr/share/openstack/neutron +0100644 0 0 /usr/share/openstack/neutron-config.yml +0100644 0 0 /usr/share/openstack/neutron-db.yml +0100644 0 0 /usr/share/openstack/neutron/neutron.conf +0100644 0 0 /usr/share/openstack/neutron/api-paste.ini +0100644 0 0 /usr/share/openstack/neutron/policy.json +0100644 0 0 /usr/share/openstack/neutron/l3_agent.ini +0100644 0 0 /usr/share/openstack/neutron/dhcp_agent.ini +0100644 0 0 /usr/share/openstack/neutron/lbaas_agent.ini +0100644 0 0 /usr/share/openstack/neutron/metadata_agent.ini +0100644 0 0 /usr/share/openstack/neutron/fwaas_driver.ini +0100644 0 0 /usr/share/openstack/neutron/metering_agent.ini +0100644 0 0 /usr/share/openstack/neutron/vpn_agent.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/ +0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch +0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl +0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs +0040755 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs +0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README +0100644 0 0 /usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README +0040755 0 0 /usr/share/openstack/neutron/plugins/brocade +0100644 0 0 /usr/share/openstack/neutron/plugins/brocade/brocade.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/cisco +0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/embrane +0100644 0 0 /usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/hyperv +0100644 0 0 /usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/ibm +0100644 0 0 /usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/linuxbridge +0100644 0 0 /usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/metaplugin +0100644 0 0 /usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/midonet +0100644 0 0 /usr/share/openstack/neutron/plugins/midonet/midonet.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/ml2 +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini +0100644 0 0 /usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/mlnx +0100644 0 0 /usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/nec +0100644 0 0 /usr/share/openstack/neutron/plugins/nec/nec.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/nuage +0100644 0 0 /usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/oneconvergence +0100644 0 0 /usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/opencontrail +0100644 0 0 /usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/openvswitch +0100644 0 0 /usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/plumgrid +0100644 0 0 /usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini +0040755 0 0 /usr/share/openstack/neutron/plugins/vmware +0100644 0 0 /usr/share/openstack/neutron/plugins/vmware/nsx.ini +0040755 0 0 /usr/share/openstack/nova +0100644 0 0 /usr/share/openstack/nova-config.yml +0100644 0 0 /usr/share/openstack/nova-db.yml +0100644 0 0 /usr/share/openstack/nova/logging.conf +0100644 0 0 /usr/share/openstack/nova/nova.conf +0100644 0 0 /usr/share/openstack/nova/nova-compute.conf +0100644 0 0 /usr/share/openstack/nova/policy.json +0100644 0 0 /usr/share/openstack/nova/cells.json +0100644 0 0 /usr/share/openstack/nova/api-paste.ini +0100644 0 0 /usr/share/openstack/openvswitch.yml +0040755 0 0 /usr/share/openstack/postgres +0100644 0 0 /usr/share/openstack/postgres.yml +0100644 0 0 /usr/share/openstack/postgres/pg_hba.conf +0100644 0 0 /usr/share/openstack/postgres/postgresql.conf +0040755 0 0 /usr/share/openstack/rabbitmq +0100644 0 0 /usr/share/openstack/rabbitmq/rabbitmq-env.conf +0100644 0 0 /usr/share/openstack/rabbitmq/rabbitmq.config +0040755 0 0 /usr/lib/sysctl.d +0100644 0 0 /usr/lib/sysctl.d/neutron.conf +0100644 0 0 /usr/lib/systemd/system/apache-httpd.service +0100644 0 0 /usr/lib/systemd/system/iscsi-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-keystone.service +0100644 0 0 /usr/lib/systemd/system/openstack-keystone-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-glance-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-glance-api.service +0100644 0 0 /usr/lib/systemd/system/openstack-glance-registry.service +0100644 0 0 /usr/lib/systemd/system/openstack-horizon-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-ironic-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-ironic-api.service +0100644 0 0 /usr/lib/systemd/system/openstack-ironic-conductor.service +0100644 0 0 /usr/lib/systemd/system/openstack-network-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-config-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-db-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-server.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-metadata-agent.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-dhcp-agent.service +0100644 0 0 /usr/lib/systemd/system/openstack-neutron-l3-agent.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-config-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-db-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-compute.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-conductor.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-api.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-scheduler.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-consoleauth.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-novncproxy.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-cert.service +0100644 0 0 /usr/lib/systemd/system/openstack-nova-serialproxy.service +0100644 0 0 /usr/lib/systemd/system/rabbitmq-server.service +0100644 0 0 /usr/lib/systemd/system/openstack-cinder-config-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-cinder-db-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-cinder-lv-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-cinder-api.service +0100644 0 0 /usr/lib/systemd/system/openstack-cinder-scheduler.service +0100644 0 0 /usr/lib/systemd/system/openstack-cinder-volume.service +0100644 0 0 /usr/lib/systemd/system/openstack-cinder-backup.service +0100644 0 0 /usr/lib/systemd/system/openstack-ceilometer-config-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-ceilometer-db-setup.service +0100644 0 0 /usr/lib/systemd/system/openstack-ceilometer-alarm-evaluator.service +0100644 0 0 /usr/lib/systemd/system/openstack-ceilometer-alarm-notifier.service +0100644 0 0 /usr/lib/systemd/system/openstack-ceilometer-api.service +0100644 0 0 /usr/lib/systemd/system/openstack-ceilometer-central.service +0100644 0 0 /usr/lib/systemd/system/openstack-ceilometer-collector.service +0100644 0 0 /usr/lib/systemd/system/openstack-ceilometer-compute.service +0100644 0 0 /usr/lib/systemd/system/openstack-ceilometer-notification.service +0100644 0 0 /usr/lib/systemd/system/openvswitch-setup.service +0100644 0 0 /usr/lib/systemd/system/openvswitch-db-server.service +0100644 0 0 /usr/lib/systemd/system/openvswitch.service +0100644 0 0 /usr/lib/systemd/system/postgres-server.service +0100644 0 0 /usr/lib/systemd/system/postgres-server-setup.service +0100644 0 0 /usr/share/openstack/swift-controller.yml +0100644 0 0 /usr/lib/systemd/system/swift-controller-setup.service +0100644 0 0 /usr/lib/systemd/system/swift-proxy.service +0040755 0 0 /usr/share/swift +0040755 0 0 /usr/share/swift/etc +0040755 0 0 /usr/share/swift/etc/swift +0100644 0 0 /usr/share/swift/etc/swift/proxy-server.j2 diff --git a/openstack/usr/lib/sysctl.d/neutron.conf b/openstack/usr/lib/sysctl.d/neutron.conf new file mode 100644 index 00000000..644ca116 --- /dev/null +++ b/openstack/usr/lib/sysctl.d/neutron.conf @@ -0,0 +1,3 @@ +# Disable rp filtering, enabling forwarding is handled by networkd +net.ipv4.conf.all.rp_filter=0 +net.ipv4.conf.default.rp_filter=0 diff --git a/openstack/usr/lib/systemd/system/apache-httpd.service b/openstack/usr/lib/systemd/system/apache-httpd.service new file mode 100644 index 00000000..e2a840c6 --- /dev/null +++ b/openstack/usr/lib/systemd/system/apache-httpd.service @@ -0,0 +1,16 @@ +[Unit] +Description=Apache Web Server +After=network.target remote-fs.target nss-lookup.target +Wants=network.target + +[Service] +Type=forking +PIDFile=/var/run/httpd.pid +ExecStart=/usr/sbin/apachectl start +ExecStop=/usr/sbin/apachectl graceful-stop +ExecReload=/usr/sbin/apachectl graceful +PrivateTmp=true +LimitNOFILE=infinity + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/iscsi-setup.service b/openstack/usr/lib/systemd/system/iscsi-setup.service new file mode 100644 index 00000000..4cb10045 --- /dev/null +++ b/openstack/usr/lib/systemd/system/iscsi-setup.service @@ -0,0 +1,12 @@ +[Unit] +Description=Run iscsi-setup Ansible scripts +Before=iscsid.service target.service +Wants=iscsid.service target.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/iscsi.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-ceilometer-alarm-evaluator.service b/openstack/usr/lib/systemd/system/openstack-ceilometer-alarm-evaluator.service new file mode 100644 index 00000000..6e3ada59 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ceilometer-alarm-evaluator.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack ceilometer alarm evaluation service +ConditionPathExists=/etc/ceilometer/ceilometer.conf +After=network-online.target openstack-ceilometer-config-setup.service openstack-ceilometer-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=ceilometer +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/ceilometer-alarm-evaluator --config-file /etc/ceilometer/ceilometer.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-ceilometer-alarm-notifier.service b/openstack/usr/lib/systemd/system/openstack-ceilometer-alarm-notifier.service new file mode 100644 index 00000000..7a3e1c91 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ceilometer-alarm-notifier.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack ceilometer alarm notification service +ConditionPathExists=/etc/ceilometer/ceilometer.conf +After=network-online.target openstack-ceilometer-config-setup.service openstack-ceilometer-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=ceilometer +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/ceilometer-alarm-notifier --config-file /etc/ceilometer/ceilometer.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-ceilometer-api.service b/openstack/usr/lib/systemd/system/openstack-ceilometer-api.service new file mode 100644 index 00000000..eb0293bf --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ceilometer-api.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack ceilometer API service +ConditionPathExists=/etc/ceilometer/ceilometer.conf +After=network-online.target openstack-ceilometer-config-setup.service openstack-ceilometer-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=ceilometer +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/ceilometer-api --config-file /etc/ceilometer/ceilometer.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-ceilometer-central.service b/openstack/usr/lib/systemd/system/openstack-ceilometer-central.service new file mode 100644 index 00000000..a1bc11ee --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ceilometer-central.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack ceilometer central agent +ConditionPathExists=/etc/ceilometer/ceilometer.conf +After=network-online.target openstack-ceilometer-config-setup.service openstack-ceilometer-db-setup.service openstack-ceilometer-collector.service +Wants=network-online.target + +[Service] +Type=simple +User=ceilometer +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/ceilometer-agent-central --config-file /etc/ceilometer/ceilometer.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-ceilometer-collector.service b/openstack/usr/lib/systemd/system/openstack-ceilometer-collector.service new file mode 100644 index 00000000..dafc3ac7 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ceilometer-collector.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack ceilometer collection service +ConditionPathExists=/etc/ceilometer/ceilometer.conf +After=network-online.target openstack-ceilometer-config-setup.service openstack-ceilometer-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=ceilometer +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/ceilometer-collector --config-file /etc/ceilometer/ceilometer.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-ceilometer-compute.service b/openstack/usr/lib/systemd/system/openstack-ceilometer-compute.service new file mode 100644 index 00000000..9fe8a1e6 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ceilometer-compute.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack ceilometer compute agent +ConditionPathExists=/etc/ceilometer/ceilometer.conf +After=network-online.target openstack-ceilometer-config-setup.service openstack-ceilometer-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=ceilometer +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/ceilometer-agent-compute --config-file /etc/ceilometer/ceilometer.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-ceilometer-config-setup.service b/openstack/usr/lib/systemd/system/openstack-ceilometer-config-setup.service new file mode 100644 index 00000000..c3e809d7 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ceilometer-config-setup.service @@ -0,0 +1,11 @@ +[Unit] +Description=Run ceilometer-config-setup Ansible scripts +ConditionPathExists=/etc/openstack/ceilometer.conf + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/ceilometer-config.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-ceilometer-db-setup.service b/openstack/usr/lib/systemd/system/openstack-ceilometer-db-setup.service new file mode 100644 index 00000000..7a785227 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ceilometer-db-setup.service @@ -0,0 +1,13 @@ +[Unit] +Description=Run ceilometer-db-setup Ansible scripts +ConditionPathExists=/etc/openstack/ceilometer.conf +After=network-online.target postgres-server-setup.service openstack-keystone-setup.service openstack-ceilometer-config-setup.service +Wants=network-online.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/ceilometer-db.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-ceilometer-notification.service b/openstack/usr/lib/systemd/system/openstack-ceilometer-notification.service new file mode 100644 index 00000000..6696116e --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ceilometer-notification.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack ceilometer notification agent +ConditionPathExists=/etc/ceilometer/ceilometer.conf +After=network-online.target openstack-ceilometer-config-setup.service openstack-ceilometer-db-setup.service openstack-ceilometer-collector.service +Wants=network-online.target + +[Service] +Type=simple +User=ceilometer +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/ceilometer-agent-notification --config-file /etc/ceilometer/ceilometer.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-cinder-api.service b/openstack/usr/lib/systemd/system/openstack-cinder-api.service new file mode 100644 index 00000000..a284f31d --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-cinder-api.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack Volume Service (code-named Cinder) API server +ConditionPathExists=/etc/cinder/cinder.conf +After=network-online.target openstack-cinder-config-setup.service openstack-cinder-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=cinder +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/cinder-api --config-file /etc/cinder/cinder.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-cinder-backup.service b/openstack/usr/lib/systemd/system/openstack-cinder-backup.service new file mode 100644 index 00000000..c14e13aa --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-cinder-backup.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack Cinder backup server +ConditionPathExists=/etc/cinder/cinder.conf +After=network-online.target openstack-cinder-config-setup.service openstack-cinder-db-setup.service openstack-cinder-volume.service +Wants=network-online.target + +[Service] +Type=simple +User=cinder +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/cinder-backup --config-file /etc/cinder/cinder.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-cinder-config-setup.service b/openstack/usr/lib/systemd/system/openstack-cinder-config-setup.service new file mode 100644 index 00000000..1c966933 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-cinder-config-setup.service @@ -0,0 +1,11 @@ +[Unit] +Description=Run cinder-config-setup Ansible scripts +ConditionPathExists=/etc/openstack/cinder.conf + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/cinder-config.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-cinder-db-setup.service b/openstack/usr/lib/systemd/system/openstack-cinder-db-setup.service new file mode 100644 index 00000000..a3c66d67 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-cinder-db-setup.service @@ -0,0 +1,13 @@ +[Unit] +Description=Run cinder-db-setup Ansible scripts +ConditionPathExists=/etc/openstack/cinder.conf +After=network-online.target postgres-server-setup.service openstack-keystone-setup.service openstack-cinder-config-setup.service +Wants=network-online.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/cinder-db.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-cinder-lv-setup.service b/openstack/usr/lib/systemd/system/openstack-cinder-lv-setup.service new file mode 100644 index 00000000..82e9b08d --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-cinder-lv-setup.service @@ -0,0 +1,12 @@ +[Unit] +Description=Run cinder-lvs-setup Ansible scripts +ConditionPathExists=/etc/openstack/cinder.conf +Wants=lvm2-lvmetad.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/cinder-lvs.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-cinder-scheduler.service b/openstack/usr/lib/systemd/system/openstack-cinder-scheduler.service new file mode 100644 index 00000000..f205aaff --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-cinder-scheduler.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack Cinder scheduler server +ConditionPathExists=/etc/cinder/cinder.conf +After=network-online.target openstack-cinder-config-setup.service openstack-cinder-db-setup.service openstack-cinder-volume.service +Wants=network-online.target + +[Service] +Type=simple +User=cinder +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/cinder-scheduler --config-file /etc/cinder/cinder.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-cinder-volume.service b/openstack/usr/lib/systemd/system/openstack-cinder-volume.service new file mode 100644 index 00000000..c56ee693 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-cinder-volume.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack Cinder volume server +ConditionPathExists=/etc/cinder/cinder.conf +After=network-online.target openstack-cinder-config-setup.service openstack-cinder-db-setup.service openstack-cinder-lv-setup.service lvm2-lvmetad.service iscsid.service target.service +Wants=network-online.target + +[Service] +Type=simple +User=cinder +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/cinder-volume --config-file /etc/cinder/cinder.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-glance-api.service b/openstack/usr/lib/systemd/system/openstack-glance-api.service new file mode 100644 index 00000000..4c34ff10 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-glance-api.service @@ -0,0 +1,16 @@ +[Unit] +Description=OpenStack Image Service (code-named Glance) API server +ConditionPathExists=/etc/glance/glance-api.conf +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +User=glance +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/glance-api --config-file /etc/glance/glance-api.conf + +[Install] +WantedBy=multi-user.target + diff --git a/openstack/usr/lib/systemd/system/openstack-glance-registry.service b/openstack/usr/lib/systemd/system/openstack-glance-registry.service new file mode 100644 index 00000000..d53c8b33 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-glance-registry.service @@ -0,0 +1,16 @@ +[Unit] +Description=OpenStack Image Service (code-named Glance) Registry server +ConditionPathExists=/etc/glance/glance-registry.conf +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +User=glance +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/glance-registry --config-file /etc/glance/glance-registry.conf + +[Install] +WantedBy=multi-user.target + diff --git a/openstack/usr/lib/systemd/system/openstack-glance-setup.service b/openstack/usr/lib/systemd/system/openstack-glance-setup.service new file mode 100644 index 00000000..43810797 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-glance-setup.service @@ -0,0 +1,11 @@ +[Unit] +Description=Run glance-setup Ansible scripts +ConditionPathExists=/etc/openstack/glance.conf +After=local-fs.target network-online.target postgres-server-setup.service openstack-keystone-setup.service +Wants=network-online.target + +[Service] +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/glance.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-horizon-setup.service b/openstack/usr/lib/systemd/system/openstack-horizon-setup.service new file mode 100644 index 00000000..9ec3197a --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-horizon-setup.service @@ -0,0 +1,10 @@ +[Unit] +Description=Run horizon-setup Ansible scripts +After=local-fs.target +Before=apache-httpd.service + +[Service] +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/horizon.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-ironic-api.service b/openstack/usr/lib/systemd/system/openstack-ironic-api.service new file mode 100644 index 00000000..5a286a95 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ironic-api.service @@ -0,0 +1,16 @@ +[Unit] +Description=OpenStack Bare Metal Provisioning Service (code-named Ironic) API server +ConditionPathExists=/etc/ironic/ironic.conf +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +User=ironic +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/ironic-api --config-file /etc/ironic/ironic.conf + +[Install] +WantedBy=multi-user.target + diff --git a/openstack/usr/lib/systemd/system/openstack-ironic-conductor.service b/openstack/usr/lib/systemd/system/openstack-ironic-conductor.service new file mode 100644 index 00000000..b3b226e0 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ironic-conductor.service @@ -0,0 +1,16 @@ +[Unit] +Description=OpenStack Bare Metal Provisioning Service (code-named Ironic) Conductor server +ConditionPathExists=/etc/ironic/ironic.conf +After=network-online.target +Wants=network-online.target + +[Service] +Type=simple +User=ironic +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/ironic-conductor --config-file /etc/ironic/ironic.conf + +[Install] +WantedBy=multi-user.target + diff --git a/openstack/usr/lib/systemd/system/openstack-ironic-setup.service b/openstack/usr/lib/systemd/system/openstack-ironic-setup.service new file mode 100644 index 00000000..e3a58eb5 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-ironic-setup.service @@ -0,0 +1,12 @@ +[Unit] +Description=Run ironic-setup Ansible scripts +ConditionPathExists=/etc/openstack/ironic.conf +After=local-fs.target network-online.target postgres-server-setup.service openstack-keystone-setup.service +Wants=network-online.target + +[Service] +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/ironic.yml + +[Install] +WantedBy=multi-user.target + diff --git a/openstack/usr/lib/systemd/system/openstack-keystone-setup.service b/openstack/usr/lib/systemd/system/openstack-keystone-setup.service new file mode 100644 index 00000000..db9d0b2b --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-keystone-setup.service @@ -0,0 +1,14 @@ +[Unit] +Description=Run keystone-setup Ansible scripts +ConditionPathExists=/etc/openstack/keystone.conf +After=local-fs.target network-online.target postgres-server-setup.service +Wants=network-online.target + +[Service] +# Oneshot, since others setup have to wait until this service finishes +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/keystone.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-keystone.service b/openstack/usr/lib/systemd/system/openstack-keystone.service new file mode 100644 index 00000000..6f6ff644 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-keystone.service @@ -0,0 +1,16 @@ +[Unit] +Description=OpenStack Identity Service (code-named Keystone) +ConditionPathExists=/etc/keystone/keystone.conf +After=network-online.target +Wants=network-online.target + +[Service] +Type=notify +Restart=always +User=keystone +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/keystone-all --config-file /etc/keystone/keystone.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-network-setup.service b/openstack/usr/lib/systemd/system/openstack-network-setup.service new file mode 100644 index 00000000..021370d9 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-network-setup.service @@ -0,0 +1,12 @@ +[Unit] +Description=Run Ansible scripts to configure internal network for OpenStack +After=openvswitch-setup.service openvswitch.service +Before=systemd-networkd.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/network.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-config-setup.service b/openstack/usr/lib/systemd/system/openstack-neutron-config-setup.service new file mode 100644 index 00000000..b74f44ab --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-config-setup.service @@ -0,0 +1,13 @@ +[Unit] +Description=Run neutron-config-setup Ansible scripts +ConditionPathExists=/etc/openstack/neutron.conf +After=network-online.target openstack-keystone-setup.service +Wants=network-online.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/neutron-config.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-db-setup.service b/openstack/usr/lib/systemd/system/openstack-neutron-db-setup.service new file mode 100644 index 00000000..5d07da2e --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-db-setup.service @@ -0,0 +1,13 @@ +[Unit] +Description=Run neutron-db-setup Ansible scripts +ConditionPathExists=/etc/openstack/neutron.conf +After=network-online.target postgres-server-setup.service openstack-keystone-setup.service openstack-neutron-config-setup.service +Wants=network-online.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/neutron-db.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service new file mode 100644 index 00000000..9080f3c1 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-dhcp-agent.service @@ -0,0 +1,17 @@ +[Unit] +Description=Neutron DHCP Agent +ConditionPathExists=/etc/neutron/neutron.conf +After=network-online.target openstack-neutron-config-setup.service openstack-neutron-db-setup.service openstack-neutron-ovs-cleanup.service +Wants=network-online.target + +[Service] +Type=simple +User=neutron +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/neutron-dhcp-agent \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/dhcp_agent.ini + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service new file mode 100644 index 00000000..76efea5c --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-l3-agent.service @@ -0,0 +1,18 @@ +[Unit] +Description=Neutron Layer 3 Agent +ConditionPathExists=/etc/neutron/neutron.conf +After=network-online.target openstack-neutron-config-setup.service openstack-neutron-db-setup.service openstack-neutron-ovs-cleanup.service +Wants=network-online.target + +[Service] +Type=simple +User=neutron +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/neutron-l3-agent \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/l3_agent.ini \ + --config-file=/etc/neutron/fwaas_driver.ini + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service new file mode 100644 index 00000000..20540e4c --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-metadata-agent.service @@ -0,0 +1,17 @@ +[Unit] +Description=Neutron Metadata Plugin Agent +ConditionPathExists=/etc/neutron/neutron.conf +After=network-online.target openstack-neutron-config-setup.service openstack-neutron-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=neutron +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/neutron-metadata-agent \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/metadata_agent.ini + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service b/openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service new file mode 100644 index 00000000..f5709028 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-ovs-cleanup.service @@ -0,0 +1,18 @@ +[Unit] +Description=Neutron OVS cleanup +ConditionPathExists=/etc/neutron/neutron.conf +ConditionFileIsExecutable=/usr/bin/neutron-ovs-cleanup +After=network-online.target openstack-neutron-config-setup.service openstack-neutron-db-setup.service openvswitch.service +Before=openstack-neutron-plugin-openvswitch-agent.service +Wants=network-online.target + +[Service] +Type=oneshot +RemainAfterExit=yes +StandardOutput=null +StandardError=null +User=neutron +ExecStart=/usr/bin/neutron-ovs-cleanup --config-file /etc/neutron/neutron.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service b/openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service new file mode 100644 index 00000000..6c579a62 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-plugin-openvswitch-agent.service @@ -0,0 +1,17 @@ +[Unit] +Description=Neutron OpenvSwitch Plugin Agent +ConditionPathExists=/etc/neutron/neutron.conf +After=network-online.target openstack-neutron-config-setup.service openstack-neutron-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=neutron +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/neutron-openvswitch-agent \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-neutron-server.service b/openstack/usr/lib/systemd/system/openstack-neutron-server.service new file mode 100644 index 00000000..6376c3d8 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-neutron-server.service @@ -0,0 +1,17 @@ +[Unit] +Description=Neutron Api Server +ConditionPathExists=/etc/neutron/neutron.conf +After=network-online.target openstack-neutron-config-setup.service openstack-neutron-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=neutron +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/neutron-server \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-api.service b/openstack/usr/lib/systemd/system/openstack-nova-api.service new file mode 100644 index 00000000..521353db --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-api.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack Compute Service (code-named Nova) API server +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=nova +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/nova-api --config-file /etc/nova/nova.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-cert.service b/openstack/usr/lib/systemd/system/openstack-nova-cert.service new file mode 100644 index 00000000..b3733816 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-cert.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack Nova Cert +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=nova +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/nova-cert --config-file /etc/nova/nova.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-compute.service b/openstack/usr/lib/systemd/system/openstack-nova-compute.service new file mode 100644 index 00000000..4f9b8196 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-compute.service @@ -0,0 +1,16 @@ +[Unit] +Description=OpenStack Compute Service (code-named Nova) compute server +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service libvirtd.service +Wants=network-online.target +Requires=libvirtd.service + +[Service] +Type=simple +User=nova +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/nova-compute.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-conductor.service b/openstack/usr/lib/systemd/system/openstack-nova-conductor.service new file mode 100644 index 00000000..4c0d7d43 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-conductor.service @@ -0,0 +1,16 @@ +[Unit] +Description=Database-access support for Compute nodes (nova-conductor) +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service libvirtd.service +Wants=network-online.target +Requires=libvirtd.service + +[Service] +Type=simple +User=nova +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/nova-conductor --config-file /etc/nova/nova.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-config-setup.service b/openstack/usr/lib/systemd/system/openstack-nova-config-setup.service new file mode 100644 index 00000000..df669aa9 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-config-setup.service @@ -0,0 +1,11 @@ +[Unit] +Description=Run nova-config-setup Ansible scripts +ConditionPathExists=/etc/openstack/nova.conf + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/nova-config.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-consoleauth.service b/openstack/usr/lib/systemd/system/openstack-nova-consoleauth.service new file mode 100644 index 00000000..e22780a9 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-consoleauth.service @@ -0,0 +1,15 @@ +[Unit] +Description=Openstack Console Auth (nova-consoleauth) +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=nova +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/nova-consoleauth --config-file /etc/nova/nova.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-db-setup.service b/openstack/usr/lib/systemd/system/openstack-nova-db-setup.service new file mode 100644 index 00000000..8e004327 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-db-setup.service @@ -0,0 +1,13 @@ +[Unit] +Description=Run nova-db-setup Ansible scripts +ConditionPathExists=/etc/openstack/nova.conf +After=network-online.target postgres-server-setup.service openstack-keystone-setup.service openstack-nova-config-setup.service +Wants=network-online.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/nova-db.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-novncproxy.service b/openstack/usr/lib/systemd/system/openstack-nova-novncproxy.service new file mode 100644 index 00000000..8cbb20fd --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-novncproxy.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack Nova NoVNC proxy +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=nova +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/nova-novncproxy --config-file /etc/nova/nova.conf --web /usr/share/novnc + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-scheduler.service b/openstack/usr/lib/systemd/system/openstack-nova-scheduler.service new file mode 100644 index 00000000..e89f0d3e --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-scheduler.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack Nova Scheduler +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=nova +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/nova-scheduler --config-file /etc/nova/nova.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openstack-nova-serialproxy.service b/openstack/usr/lib/systemd/system/openstack-nova-serialproxy.service new file mode 100644 index 00000000..30af8305 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openstack-nova-serialproxy.service @@ -0,0 +1,15 @@ +[Unit] +Description=OpenStack Nova Serial Proxy +ConditionPathExists=/etc/nova/nova.conf +After=network-online.target openstack-nova-config-setup.service openstack-nova-db-setup.service +Wants=network-online.target + +[Service] +Type=simple +User=nova +StandardOutput=null +StandardError=null +ExecStart=/usr/bin/nova-serialproxy --config-file /etc/nova/nova.conf + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openvswitch-db-server.service b/openstack/usr/lib/systemd/system/openvswitch-db-server.service new file mode 100644 index 00000000..34a7c812 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openvswitch-db-server.service @@ -0,0 +1,12 @@ +[Unit] +Description=Open vSwitch Database Server Daemon +After=local-fs.target + +[Service] +Type=forking +ExecStartPre=-/usr/bin/mkdir -p /var/run/openvswitch +ExecStart=/usr/sbin/ovsdb-server --remote=punix:/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,Open_vSwitch,manager_options --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --pidfile --detach + +[Install] +WantedBy=multi-user.target + diff --git a/openstack/usr/lib/systemd/system/openvswitch-setup.service b/openstack/usr/lib/systemd/system/openvswitch-setup.service new file mode 100644 index 00000000..8393ebbc --- /dev/null +++ b/openstack/usr/lib/systemd/system/openvswitch-setup.service @@ -0,0 +1,11 @@ +[Unit] +Description=Run openvswitch-setup Ansible scripts +After=local-fs.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -i /usr/share/openstack/hosts /usr/share/openstack/openvswitch.yml + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/openvswitch.service b/openstack/usr/lib/systemd/system/openvswitch.service new file mode 100644 index 00000000..113911f6 --- /dev/null +++ b/openstack/usr/lib/systemd/system/openvswitch.service @@ -0,0 +1,12 @@ +[Unit] +Description=Open vSwitch Daemon +Before=network-pre.target +Wants=network-pre.target + +[Service] +Type=forking +ExecStartPre=-/usr/bin/mkdir -p /var/run/openvswitch +ExecStart=/usr/sbin/ovs-vswitchd --pidfile --detach + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/postgres-server-setup.service b/openstack/usr/lib/systemd/system/postgres-server-setup.service new file mode 100644 index 00000000..202c0636 --- /dev/null +++ b/openstack/usr/lib/systemd/system/postgres-server-setup.service @@ -0,0 +1,12 @@ +[Unit] +Description=Run postgres-setup Ansible scripts +ConditionPathExists=/etc/openstack/postgres.conf +After=local-fs.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -i /usr/share/openstack/hosts /usr/share/openstack/postgres.yml + +[Install] +WantedBy=multi-user.target diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/postgres.service b/openstack/usr/lib/systemd/system/postgres-server.service index ed46d965..9e11f26d 100644 --- a/gitlab-server/usr/share/gitlab-install/systemd-units/postgres.service +++ b/openstack/usr/lib/systemd/system/postgres-server.service @@ -1,25 +1,26 @@ [Unit] Description=PostgreSQL database server -After=network.target - +After=network-online.target +Wants=network-online.target + [Service] Type=forking TimeoutSec=120 User=postgres Group=postgres - -Environment=PGROOT=/home/postgres/pgsql - + +Environment=PGROOT=/var/lib/pgsql + SyslogIdentifier=postgres -PIDFile=/home/postgres/pgsql/data/postmaster.pid - -ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120 +PIDFile=/var/lib/pgsql/data/postmaster.pid + +ExecStart=/usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120 ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT}/data reload -ExecStop= /usr/bin/pg_ctl -s -D ${PGROOT}/data stop -m fast - +ExecStop=/usr/bin/pg_ctl -s -D ${PGROOT}/data stop -m fast + # Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in # killing Postgres, so adjust it downward OOMScoreAdjust=-200 - + [Install] WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/rabbitmq-server.service b/openstack/usr/lib/systemd/system/rabbitmq-server.service new file mode 100644 index 00000000..1a20f3e4 --- /dev/null +++ b/openstack/usr/lib/systemd/system/rabbitmq-server.service @@ -0,0 +1,16 @@ +[Unit] +Description=RabbitMQ broker +After=network-online.target +Wants=network-online.target + +[Service] +Type=notify +User=rabbitmq +Group=rabbitmq +Environment=HOME=/var/lib/rabbitmq +WorkingDirectory=/var/lib/rabbitmq +ExecStart=/usr/sbin/rabbitmq-server +ExecStop=/usr/sbin/rabbitmqctl stop + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/swift-controller-setup.service b/openstack/usr/lib/systemd/system/swift-controller-setup.service new file mode 100644 index 00000000..ccfbcbe6 --- /dev/null +++ b/openstack/usr/lib/systemd/system/swift-controller-setup.service @@ -0,0 +1,13 @@ +[Unit] +Description=Run swift-controller-setup (once) +After=local-fs.target network-online.target postgres-server-setup.service openstack-keystone-setup.service +Wants=network-online.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -M /usr/share/ansible/ansible-openstack-modules -i /usr/share/openstack/hosts /usr/share/openstack/swift-controller.yml +Restart=no + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/lib/systemd/system/swift-proxy.service b/openstack/usr/lib/systemd/system/swift-proxy.service new file mode 100644 index 00000000..7b0a2e17 --- /dev/null +++ b/openstack/usr/lib/systemd/system/swift-proxy.service @@ -0,0 +1,14 @@ +[Unit] +Description=OpenStack Swift Proxy Server +After=network-online.target swift-controller-setup.service memcached.service +Wants=network-online.target + +[Service] +Type=forking +PIDFile=/var/run/swift/proxy-server.pid +Restart=on-failure +ExecStart=/usr/bin/swift-init proxy-server start +ExecStop=/usr/bin/swift-init proxy-server stop + +[Install] +WantedBy=multi-user.target diff --git a/openstack/usr/share/openstack/ceilometer-config.yml b/openstack/usr/share/openstack/ceilometer-config.yml new file mode 100644 index 00000000..9850d84d --- /dev/null +++ b/openstack/usr/share/openstack/ceilometer-config.yml @@ -0,0 +1,36 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/ceilometer.conf" + tasks: +# Configure ceilometer + - name: Create the ceilometer user. + user: + name: ceilometer + comment: Openstack Ceilometer Daemons + shell: /sbin/nologin + home: /var/lib/ceilometer + + - name: Create the /var folders for ceilometer + file: + path: "{{ item }}" + state: directory + owner: ceilometer + group: ceilometer + with_items: + - /var/run/ceilometer + - /var/lock/ceilometer + - /var/log/ceilometer + - /var/lib/ceilometer + + - name: Create /etc/ceilometer directory + file: + path: /etc/ceilometer + state: directory + + - name: Add the configuration needed for ceilometer in /etc/ceilometer using templates + template: + src: /usr/share/openstack/ceilometer/{{ item }} + dest: /etc/ceilometer/{{ item }} + with_lines: + - cd /usr/share/openstack/ceilometer && find -type f diff --git a/openstack/usr/share/openstack/ceilometer-db.yml b/openstack/usr/share/openstack/ceilometer-db.yml new file mode 100644 index 00000000..717c7d7d --- /dev/null +++ b/openstack/usr/share/openstack/ceilometer-db.yml @@ -0,0 +1,50 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/ceilometer.conf" + tasks: + - name: Create ceilometer service user in service tenant + keystone_user: + user: "{{ CEILOMETER_SERVICE_USER }}" + password: "{{ CEILOMETER_SERVICE_PASSWORD }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Assign admin role to ceilometers service user in the service tenant + keystone_user: + role: admin + user: "{{ CEILOMETER_SERVICE_USER }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Add ceilometer endpoint + keystone_service: + name: ceilometer + type: metering + description: Openstack Metering Service + publicurl: http://{{ CONTROLLER_HOST_ADDRESS }}:8777 + internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:8777 + adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:8777 + region: regionOne + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Create postgresql user for ceilometer + postgresql_user: + name: "{{ CEILOMETER_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + password: "{{ CEILOMETER_DB_PASSWORD }}" + sudo: yes + sudo_user: ceilometer + + - name: Create database for ceilometer services + postgresql_db: + name: ceilometer + owner: "{{ CEILOMETER_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + sudo: yes + sudo_user: ceilometer + + - name: Initiate ceilometer database + command: ceilometer-dbsync + sudo: yes + sudo_user: ceilometer diff --git a/openstack/usr/share/openstack/ceilometer/ceilometer.conf b/openstack/usr/share/openstack/ceilometer/ceilometer.conf new file mode 100644 index 00000000..b572d40f --- /dev/null +++ b/openstack/usr/share/openstack/ceilometer/ceilometer.conf @@ -0,0 +1,1023 @@ +[DEFAULT] + +# +# Options defined in ceilometer.middleware +# + +# Exchanges name to listen for notifications. (multi valued) +#http_control_exchanges=nova +#http_control_exchanges=glance +#http_control_exchanges=neutron +#http_control_exchanges=cinder + + +# +# Options defined in ceilometer.pipeline +# + +# Configuration file for pipeline definition. (string value) +#pipeline_cfg_file=pipeline.yaml + + +# +# Options defined in ceilometer.sample +# + +# Source for samples emitted on this instance. (string value) +# Deprecated group/name - [DEFAULT]/counter_source +#sample_source=openstack + + +# +# Options defined in ceilometer.service +# + +# Name of this node, which must be valid in an AMQP key. Can +# be an opaque identifier. For ZeroMQ only, must be a valid +# host name, FQDN, or IP address. (string value) +#host=ceilometer + +# Dispatcher to process data. (multi valued) +#dispatcher=database + +# Number of workers for collector service. A single +# collector is enabled by default. (integer value) +#collector_workers=1 + +# Number of workers for notification service. A single +# notification agent is enabled by default. (integer value) +#notification_workers=1 + + +# +# Options defined in ceilometer.api.app +# + +# The strategy to use for auth: noauth or keystone. (string +# value) +auth_strategy=keystone + +# Deploy the deprecated v1 API. (boolean value) +#enable_v1_api=true + + +# +# Options defined in ceilometer.compute.notifications +# + +# Exchange name for Nova notifications. (string value) +#nova_control_exchange=nova + + +# +# Options defined in ceilometer.compute.util +# + +# List of metadata prefixes reserved for metering use. (list +# value) +#reserved_metadata_namespace=metering. + +# Limit on length of reserved metadata values. (integer value) +#reserved_metadata_length=256 + + +# +# Options defined in ceilometer.compute.virt.inspector +# + +# Inspector to use for inspecting the hypervisor layer. +# (string value) +#hypervisor_inspector=libvirt + + +# +# Options defined in ceilometer.compute.virt.libvirt.inspector +# + +# Libvirt domain type (valid options are: kvm, lxc, qemu, uml, +# xen). (string value) +#libvirt_type=kvm + +# Override the default libvirt URI (which is dependent on +# libvirt_type). (string value) +#libvirt_uri= + + +# +# Options defined in ceilometer.image.notifications +# + +# Exchange name for Glance notifications. (string value) +#glance_control_exchange=glance + + +# +# Options defined in ceilometer.network.notifications +# + +# Exchange name for Neutron notifications. (string value) +# Deprecated group/name - [DEFAULT]/quantum_control_exchange +#neutron_control_exchange=neutron + + +# +# Options defined in ceilometer.objectstore.swift +# + +# Swift reseller prefix. Must be on par with reseller_prefix +# in proxy-server.conf. (string value) +#reseller_prefix=AUTH_ + + +# +# Options defined in ceilometer.openstack.common.db.sqlalchemy.session +# + +# The file name to use with SQLite (string value) +#sqlite_db=ceilometer.sqlite + +# If True, SQLite uses synchronous mode (boolean value) +#sqlite_synchronous=true + + +# +# Options defined in ceilometer.openstack.common.eventlet_backdoor +# + +# Enable eventlet backdoor. Acceptable values are 0, <port>, +# and <start>:<end>, where 0 results in listening on a random +# tcp port number; <port> results in listening on the +# specified port number (and not enabling backdoor if that +# port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range +# of port numbers. The chosen port is displayed in the +# service's log file. (string value) +#backdoor_port=<None> + + +# +# Options defined in ceilometer.openstack.common.lockutils +# + +# Whether to disable inter-process locks. (boolean value) +#disable_process_locking=false + +# Directory to use for lock files. (string value) +#lock_path=<None> + + +# +# Options defined in ceilometer.openstack.common.log +# + +# Print debugging output (set logging level to DEBUG instead +# of default WARNING level). (boolean value) +#debug=false + +# Print more verbose output (set logging level to INFO instead +# of default WARNING level). (boolean value) +#verbose=false + +# Log output to standard error (boolean value) +#use_stderr=true + +# Format string to use for log messages with context (string +# value) +#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages without context +# (string value) +#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG (string +# value) +#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format +# (string value) +#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# List of logger=LEVEL pairs (list value) +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN + +# Publish error events (boolean value) +#publish_errors=false + +# Make deprecations fatal (boolean value) +#fatal_deprecations=false + +# If an instance is passed with the log message, format it +# like this (string value) +#instance_format="[instance: %(uuid)s] " + +# If an instance UUID is passed with the log message, format +# it like this (string value) +#instance_uuid_format="[instance: %(uuid)s] " + +# The name of logging configuration file. It does not disable +# existing loggers, but just appends specified logging +# configuration to any other existing logging options. Please +# see the Python logging module documentation for details on +# logging configuration files. (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append=<None> + +# DEPRECATED. A logging.Formatter log message format string +# which may use any of the available logging.LogRecord +# attributes. This option is deprecated. Please use +# logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format=<None> + +# Format string for %%(asctime)s in log records. Default: +# %(default)s (string value) +#log_date_format=%Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to output to. If no default is +# set, logging will go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file=<None> + +# (Optional) The base directory used for relative --log-file +# paths (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir=<None> + +# Use syslog for logging. Existing syslog format is DEPRECATED +# during I, and then will be changed in J to honor RFC5424 +# (boolean value) +use_syslog=true + +# (Optional) Use syslog rfc5424 format for logging. If +# enabled, will add APP-NAME (RFC5424) before the MSG part of +# the syslog message. The old format without APP-NAME is +# deprecated in I, and will be removed in J. (boolean value) +#use_syslog_rfc_format=false + +# Syslog facility to receive log lines (string value) +#syslog_log_facility=LOG_USER + + +# +# Options defined in ceilometer.openstack.common.middleware.sizelimit +# + +# The maximum body size per request, in bytes (integer value) +# Deprecated group/name - [DEFAULT]/osapi_max_request_body_size +#max_request_body_size=114688 + + +# +# Options defined in ceilometer.openstack.common.notifier.api +# + +# Driver or drivers to handle sending notifications (multi +# valued) +#notification_driver= + +# Default notification level for outgoing notifications +# (string value) +#default_notification_level=INFO + +# Default publisher_id for outgoing notifications (string +# value) +#default_publisher_id=<None> + + +# +# Options defined in ceilometer.openstack.common.notifier.rpc_notifier +# + +# AMQP topic used for OpenStack notifications (list value) +#notification_topics=notifications + + +# +# Options defined in ceilometer.openstack.common.policy +# + +# JSON file containing policy (string value) +#policy_file=policy.json + +# Rule enforced when requested rule is not found (string +# value) +#policy_default_rule=default + + +# +# Options defined in ceilometer.openstack.common.rpc +# + +# The messaging module to use, defaults to kombu. (string +# value) +rpc_backend=rabbit + +# Size of RPC thread pool (integer value) +#rpc_thread_pool_size=64 + +# Size of RPC connection pool (integer value) +#rpc_conn_pool_size=30 + +# Seconds to wait for a response from call or multicall +# (integer value) +#rpc_response_timeout=60 + +# Seconds to wait before a cast expires (TTL). Only supported +# by impl_zmq. (integer value) +#rpc_cast_timeout=30 + +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. (list value) +#allowed_rpc_exception_modules=nova.exception,cinder.exception,exceptions + +# If passed, use a fake RabbitMQ provider (boolean value) +#fake_rabbit=false + +# AMQP exchange to connect to if using RabbitMQ or Qpid +# (string value) +#control_exchange=openstack + + +# +# Options defined in ceilometer.openstack.common.rpc.amqp +# + +# Use durable queues in amqp. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in amqp. (boolean value) +#amqp_auto_delete=false + + +# +# Options defined in ceilometer.openstack.common.rpc.impl_kombu +# + +# If SSL is enabled, the SSL version to use. Valid values are +# TLSv1, SSLv23 and SSLv3. SSLv2 might be available on some +# distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled) (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled) (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL enabled) +# (string value) +#kombu_ssl_ca_certs= + +# The RabbitMQ broker address where a single node is used +# (string value) +rabbit_host = {{ RABBITMQ_HOST }} + + +# The RabbitMQ broker port where a single node is used +# (integer value) +rabbit_port= {{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ (boolean value) +rabbit_use_ssl=false + +# The RabbitMQ userid (string value) +rabbit_userid= {{ RABBITMQ_USER }} + +# The RabbitMQ password (string value) +rabbit_password = {{ RABBITMQ_PASSWORD }} + + +# The RabbitMQ virtual host (string value) +rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count) (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + + +# +# Options defined in ceilometer.openstack.common.rpc.impl_qpid +# + +# Qpid broker hostname (string value) +#qpid_hostname=localhost + +# Qpid broker port (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for qpid connection (string value) +#qpid_username= + +# Password for qpid connection (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl' (string value) +#qpid_protocol=tcp + +# Disable Nagle algorithm (boolean value) +#qpid_tcp_nodelay=true + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + + +# +# Options defined in ceilometer.openstack.common.rpc.impl_zmq +# + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve +# to this address. (string value) +#rpc_zmq_bind_address=* + +# MatchMaker driver (string value) +#rpc_zmq_matchmaker=ceilometer.openstack.common.rpc.matchmaker.MatchMakerLocalhost + +# ZeroMQ receiver listening port (integer value) +#rpc_zmq_port=9501 + +# Number of ZeroMQ contexts, defaults to 1 (integer value) +#rpc_zmq_contexts=1 + +# Maximum number of ingress messages to locally buffer per +# topic. Default is unlimited. (integer value) +#rpc_zmq_topic_backlog=<None> + +# Directory for holding IPC sockets (string value) +#rpc_zmq_ipc_dir=/var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP +# address. Must match "host" option, if running Nova. (string +# value) +#rpc_zmq_host=ceilometer + + +# +# Options defined in ceilometer.openstack.common.rpc.matchmaker +# + +# Heartbeat frequency (integer value) +#matchmaker_heartbeat_freq=300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl=600 + + +# +# Options defined in ceilometer.orchestration.notifications +# + +# Exchange name for Heat notifications (string value) +#heat_control_exchange=heat + + +# +# Options defined in ceilometer.storage +# + +# DEPRECATED - Database connection string. (string value) +#database_connection=<None> + + +# +# Options defined in ceilometer.storage.sqlalchemy.models +# + +# MySQL engine to use. (string value) +#mysql_engine=InnoDB + + +# +# Options defined in ceilometer.volume.notifications +# + +# Exchange name for Cinder notifications. (string value) +cinder_control_exchange=cinder + + +[alarm] + +# +# Options defined in ceilometer.cli +# + +# Class to launch as alarm evaluation service. (string value) +#evaluation_service=ceilometer.alarm.service.SingletonAlarmService + + +# +# Options defined in ceilometer.alarm.notifier.rest +# + +# SSL Client certificate for REST notifier. (string value) +#rest_notifier_certificate_file= + +# SSL Client private key for REST notifier. (string value) +#rest_notifier_certificate_key= + +# Whether to verify the SSL Server certificate when calling +# alarm action. (boolean value) +#rest_notifier_ssl_verify=true + + +# +# Options defined in ceilometer.alarm.rpc +# + +# The topic that ceilometer uses for alarm notifier messages. +# (string value) +#notifier_rpc_topic=alarm_notifier + +# The topic that ceilometer uses for alarm partition +# coordination messages. (string value) +#partition_rpc_topic=alarm_partition_coordination + + +# +# Options defined in ceilometer.alarm.service +# + +# Period of evaluation cycle, should be >= than configured +# pipeline interval for collection of underlying metrics. +# (integer value) +# Deprecated group/name - [alarm]/threshold_evaluation_interval +#evaluation_interval=60 + + +# +# Options defined in ceilometer.api.controllers.v2 +# + +# Record alarm change events. (boolean value) +#record_history=true + + +[api] + +# +# Options defined in ceilometer.api +# + +# The port for the ceilometer API server. (integer value) +# Deprecated group/name - [DEFAULT]/metering_api_port +#port=8777 + +# The listen IP for the ceilometer API server. (string value) +#host=0.0.0.0 + + +[collector] + +# +# Options defined in ceilometer.collector +# + +# Address to which the UDP socket is bound. Set to an empty +# string to disable. (string value) +#udp_address=0.0.0.0 + +# Port to which the UDP socket is bound. (integer value) +#udp_port=4952 + + +[database] + +# +# Options defined in ceilometer.openstack.common.db.api +# + +# The backend to use for db (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend=sqlalchemy + + +# +# Options defined in ceilometer.openstack.common.db.sqlalchemy.session +# + +# The SQLAlchemy connection string used to connect to the +# database (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +connection=postgresql://{{ CEILOMETER_DB_USER }}:{{ CEILOMETER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ceilometer + +# The SQLAlchemy connection string used to connect to the +# slave database (string value) +#slave_connection= + +# Timeout before idle sql connections are reaped (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout=3600 + +# Minimum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size=1 + +# Maximum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size=<None> + +# Maximum db connection retries during startup. (setting -1 +# implies an infinite retry count) (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries=10 + +# Interval between retries of opening a sql connection +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval=10 + +# If set, use this value for max_overflow with sqlalchemy +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow=<None> + +# Verbosity of SQL debugging information. 0=None, +# 100=Everything (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug=0 + +# Add python stack traces to SQL as comment strings (boolean +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace=false + +# If set, use this value for pool_timeout with sqlalchemy +# (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout=<None> + + +# +# Options defined in ceilometer.storage +# + +# Number of seconds that samples are kept in the database for +# (<= 0 means forever). (integer value) +#time_to_live=-1 + + +[dispatcher_file] + +# +# Options defined in ceilometer.dispatcher.file +# + +# Name and the location of the file to record meters. (string +# value) +#file_path=<None> + +# The max size of the file. (integer value) +#max_bytes=0 + +# The max number of the files to keep. (integer value) +#backup_count=0 + + +[event] + +# +# Options defined in ceilometer.event.converter +# + +# Configuration file for event definitions. (string value) +#definitions_cfg_file=event_definitions.yaml + +# Drop notifications if no event definition matches. +# (Otherwise, we convert them with just the default traits) +# (boolean value) +#drop_unmatched_notifications=false + + +[keystone_authtoken] + +# +# Options defined in keystoneclient.middleware.auth_token +# + +# Prefix to prepend at the beginning of the path (string +# value) +#auth_admin_prefix= + +# Host providing the admin Identity API endpoint (string +# value) +#auth_host=127.0.0.1 + +# Port of the admin Identity API endpoint (integer value) +#auth_port=35357 + +# Protocol of the admin Identity API endpoint(http or https) +# (string value) +#auth_protocol=https + +# Complete public Identity API endpoint (string value) +auth_uri= http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 + + +# API version of the admin Identity API endpoint (string +# value) +#auth_version=<None> + +# Do not handle authorization requests within the middleware, +# but delegate the authorization decision to downstream WSGI +# components (boolean value) +#delay_auth_decision=false + +# Request timeout value for communicating with Identity API +# server. (boolean value) +#http_connect_timeout=<None> + +# How many times are we trying to reconnect when communicating +# with Identity API Server. (integer value) +#http_request_max_retries=3 + +# Allows to pass in the name of a fake http_handler callback +# function used instead of httplib.HTTPConnection or +# httplib.HTTPSConnection. Useful for unit testing where +# network is not available. (string value) +#http_handler=<None> + +# Single shared secret with the Keystone configuration used +# for bootstrapping a Keystone installation, or otherwise +# bypassing the normal authentication process. (string value) +#admin_token=<None> + +# Keystone account username (string value) +admin_user = {{ CEILOMETER_SERVICE_USER }} + +# Keystone account password (string value) +admin_password = {{ CEILOMETER_SERVICE_PASSWORD }} + +# Keystone service account tenant name to validate user tokens +# (string value) +admin_tenant_name = service + +# Env key for the swift cache (string value) +#cache=<None> + +# Required if Keystone server requires client certificate +# (string value) +#certfile=<None> + +# Required if Keystone server requires client certificate +# (string value) +#keyfile=<None> + +# A PEM encoded Certificate Authority to use when verifying +# HTTPS connections. Defaults to system CAs. (string value) +#cafile=<None> + +# Verify HTTPS connections. (boolean value) +#insecure=false + +# Directory used to cache files related to PKI tokens (string +# value) +#signing_dir=<None> + +# If defined, the memcache server(s) to use for caching (list +# value) +# Deprecated group/name - [DEFAULT]/memcache_servers +#memcached_servers=<None> + +# In order to prevent excessive requests and validations, the +# middleware uses an in-memory cache for the tokens the +# Keystone API returns. This is only valid if memcache_servers +# is defined. Set to -1 to disable caching completely. +# (integer value) +#token_cache_time=300 + +# Value only used for unit testing (integer value) +#revocation_cache_time=1 + +# (optional) if defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable +# values are MAC or ENCRYPT. If MAC, token data is +# authenticated (with HMAC) in the cache. If ENCRYPT, token +# data is encrypted and authenticated in the cache. If the +# value is not one of these options or empty, auth_token will +# raise an exception on initialization. (string value) +#memcache_security_strategy=<None> + +# (optional, mandatory if memcache_security_strategy is +# defined) this string is used for key derivation. (string +# value) +#memcache_secret_key=<None> + +# (optional) indicate whether to set the X-Service-Catalog +# header. If False, middleware will not ask for service +# catalog on token validation and will not set the X-Service- +# Catalog header. (boolean value) +#include_service_catalog=true + +# Used to control the use and type of token binding. Can be +# set to: "disabled" to not check token binding. "permissive" +# (default) to validate binding information if the bind type +# is of a form known to the server and ignore it if not. +# "strict" like "permissive" but if the bind type is unknown +# the token will be rejected. "required" any form of token +# binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string +# value) +#enforce_token_bind=permissive + + +[matchmaker_redis] + +# +# Options defined in ceilometer.openstack.common.rpc.matchmaker_redis +# + +# Host to locate redis (string value) +#host=127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port=6379 + +# Password for Redis server. (optional) (string value) +#password=<None> + + +[matchmaker_ring] + +# +# Options defined in ceilometer.openstack.common.rpc.matchmaker_ring +# + +# Matchmaker ring file (JSON) (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile=/etc/oslo/matchmaker_ring.json + + +[notification] + +# +# Options defined in ceilometer.notification +# + +# Acknowledge message when event persistence fails. (boolean +# value) +#ack_on_event_error=true + +# Save event details. (boolean value) +#store_events=false + + +[publisher] + +# +# Options defined in ceilometer.publisher.utils +# + +# Secret value for signing metering messages. (string value) +# Deprecated group/name - [DEFAULT]/metering_secret +# Deprecated group/name - [publisher_rpc]/metering_secret +# It should be set to some random value +metering_secret = {{ METERING_SECRET }} + +[publisher_rpc] + +# +# Options defined in ceilometer.publisher.rpc +# + +# The topic that ceilometer uses for metering messages. +# (string value) +#metering_topic=metering + + +[rpc_notifier2] + +# +# Options defined in ceilometer.openstack.common.notifier.rpc_notifier2 +# + +# AMQP topic(s) used for OpenStack notifications (list value) +#topics=notifications + + +[service_credentials] + +# +# Options defined in ceilometer.service +# + +# User name to use for OpenStack service access. (string +# value) +os_username = {{ CEILOMETER_SERVICE_USER }} + +# Password to use for OpenStack service access. (string value) +os_password = {{ CEILOMETER_SERVICE_PASSWORD }} + +# Tenant ID to use for OpenStack service access. (string +# value) +#os_tenant_id= + +# Tenant name to use for OpenStack service access. (string +# value) +os_tenant_name = service + +# Certificate chain for SSL validation. (string value) +#os_cacert=<None> + +# Auth URL to use for OpenStack service access. (string value) +os_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + +# Region name to use for OpenStack service endpoints. (string +# value) +os_region_name=regionOne + +# Type of endpoint in Identity service catalog to use for +# communication with OpenStack services. (string value) +os_endpoint_type=internalURL + +# Disables X.509 certificate validation when an SSL connection +# to Identity Service is established. (boolean value) +#insecure=false + + +[ssl] + +# +# Options defined in ceilometer.openstack.common.sslutils +# + +# CA certificate file to use to verify connecting clients +# (string value) +#ca_file=<None> + +# Certificate file to use when starting the server securely +# (string value) +#cert_file=<None> + +# Private key file to use when starting the server securely +# (string value) +#key_file=<None> + + +[vmware] + +# +# Options defined in ceilometer.compute.virt.vmware.inspector +# + +# IP address of the VMware Vsphere host (string value) +#host_ip= + +# Username of VMware Vsphere (string value) +#host_username= + +# Password of VMware Vsphere (string value) +#host_password= + +# Number of times a VMware Vsphere API must be retried +# (integer value) +#api_retry_count=10 + +# Sleep time in seconds for polling an ongoing async task +# (floating point value) +#task_poll_interval=0.5 diff --git a/openstack/usr/share/openstack/cinder-config.yml b/openstack/usr/share/openstack/cinder-config.yml new file mode 100644 index 00000000..fd3e2cd0 --- /dev/null +++ b/openstack/usr/share/openstack/cinder-config.yml @@ -0,0 +1,37 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/cinder.conf" + tasks: +# Configure cinder + - name: Create the cinder user. + user: + name: cinder + comment: Openstack Cinder Daemons + shell: /sbin/nologin + home: /var/lib/cinder + + - name: Create the /var folders for cinder + file: + path: "{{ item }}" + state: directory + owner: cinder + group: cinder + with_items: + - /var/run/cinder + - /var/lock/cinder + - /var/log/cinder + - /var/lib/cinder + - /var/lib/cinder/volumes + + - name: Create /etc/cinder directory + file: + path: /etc/cinder + state: directory + + - name: Add the configuration needed for cinder in /etc/cinder using templates + template: + src: /usr/share/openstack/cinder/{{ item }} + dest: /etc/cinder/{{ item }} + with_lines: + - cd /usr/share/openstack/cinder && find -type f diff --git a/openstack/usr/share/openstack/cinder-db.yml b/openstack/usr/share/openstack/cinder-db.yml new file mode 100644 index 00000000..2a211720 --- /dev/null +++ b/openstack/usr/share/openstack/cinder-db.yml @@ -0,0 +1,60 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/cinder.conf" + tasks: + - name: Create cinder service user in service tenant + keystone_user: + user: "{{ CINDER_SERVICE_USER }}" + password: "{{ CINDER_SERVICE_PASSWORD }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Assign admin role to cinder service user in the service tenant + keystone_user: + role: admin + user: "{{ CINDER_SERVICE_USER }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Add cinder endpoint + keystone_service: + name: cinder + type: volume + description: Openstack Block Storage + publicurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8776/v1/%(tenant_id)s' + internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8776/v1/%(tenant_id)s' + adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8776/v1/%(tenant_id)s' + region: regionOne + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Add cinderv2 endpoint + keystone_service: + name: cinderv2 + type: volumev2 + description: Openstack Block Storage + publicurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8776/v2/%(tenant_id)s' + internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8776/v2/%(tenant_id)s' + adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8776/v2/%(tenant_id)s' + region: regionOne + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Create postgresql user for cinder + postgresql_user: + name: "{{ CINDER_DB_USER }}" + password: "{{ CINDER_DB_PASSWORD }}" + sudo: yes + sudo_user: cinder + + - name: Create database for cinder services + postgresql_db: + name: cinder + owner: "{{ CINDER_DB_USER }}" + sudo: yes + sudo_user: cinder + + - name: Initiate cinder database + cinder_manage: + action: dbsync + sudo: yes + sudo_user: cinder diff --git a/openstack/usr/share/openstack/cinder-lvs.yml b/openstack/usr/share/openstack/cinder-lvs.yml new file mode 100644 index 00000000..7a91a306 --- /dev/null +++ b/openstack/usr/share/openstack/cinder-lvs.yml @@ -0,0 +1,21 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/cinder.conf" + tasks: + - name: Check that CINDER_DEVICE exists + stat: + path: "{{ CINDER_DEVICE }}" + register: cinder_device_stats + failed_when: cinder_device_stats.stat.exists == false + + - name: Configure LVM group for cinder + lvg: + vg: cinder-volumes + pvs: "{{ CINDER_DEVICE }}" + + - lineinfile: + dest: /etc/lvm/lvm.conf + regexp: '# filter = \[ \"a\/\.\*/\" \]' + line: ' filter = [ "a|{{ CINDER_DEVICE }}|", "r/.*/" ]' + backrefs: yes diff --git a/openstack/usr/share/openstack/cinder/api-paste.ini b/openstack/usr/share/openstack/cinder/api-paste.ini new file mode 100644 index 00000000..ba922d5f --- /dev/null +++ b/openstack/usr/share/openstack/cinder/api-paste.ini @@ -0,0 +1,60 @@ +############# +# OpenStack # +############# + +[composite:osapi_volume] +use = call:cinder.api:root_app_factory +/: apiversions +/v1: openstack_volume_api_v1 +/v2: openstack_volume_api_v2 + +[composite:openstack_volume_api_v1] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = request_id faultwrap sizelimit osprofiler noauth apiv1 +keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 +keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 + +[composite:openstack_volume_api_v2] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = request_id faultwrap sizelimit osprofiler noauth apiv2 +keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 +keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 + +[filter:request_id] +paste.filter_factory = cinder.openstack.common.middleware.request_id:RequestIdMiddleware.factory + +[filter:faultwrap] +paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory +hmac_keys = SECRET_KEY +enabled = yes + +[filter:noauth] +paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory + +[app:apiv1] +paste.app_factory = cinder.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = cinder.api.v2.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = faultwrap osvolumeversionapp + +[app:osvolumeversionapp] +paste.app_factory = cinder.api.versions:Versions.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/openstack/usr/share/openstack/cinder/cinder.conf b/openstack/usr/share/openstack/cinder/cinder.conf new file mode 100644 index 00000000..a58004b5 --- /dev/null +++ b/openstack/usr/share/openstack/cinder/cinder.conf @@ -0,0 +1,2825 @@ +[DEFAULT] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in AMQP. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in AMQP. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + +# SSL version to use (valid only if SSL enabled). valid values +# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on +# some distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +rabbit_host={{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. +# (integer value) +rabbit_port={{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +rabbit_userid={{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +rabbit_password={{ RABBITMQ_PASSWORD }} + +# the RabbitMQ login method (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake +# (boolean value) +#fake_rabbit=false + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve +# to this address. (string value) +#rpc_zmq_bind_address=* + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port=9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts=1 + +# Maximum number of ingress messages to locally buffer per +# topic. Default is unlimited. (integer value) +#rpc_zmq_topic_backlog=<None> + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir=/var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP +# address. Must match "host" option, if running Nova. (string +# value) +#rpc_zmq_host=cinder + +# Seconds to wait before a cast expires (TTL). Only supported +# by impl_zmq. (integer value) +#rpc_cast_timeout=30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq=300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl=600 + +# Size of RPC greenthread pool. (integer value) +#rpc_thread_pool_size=64 + +# Driver or drivers to handle sending notifications. (multi +# valued) +notification_driver=messagingv2 + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +#notification_topics=notifications + +# Seconds to wait for a response from a call. (integer value) +#rpc_response_timeout=60 + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend +# option and driver specific configuration. (string value) +#transport_url=<None> + +# The messaging driver to use, defaults to rabbit. Other +# drivers include qpid and zmq. (string value) +rpc_backend=rabbit + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the +# transport_url option. (string value) +control_exchange=cinder + + +# +# Options defined in cinder.exception +# + +# Make exception message format errors fatal. (boolean value) +#fatal_exception_format_errors=false + + +# +# Options defined in cinder.quota +# + +# Number of volumes allowed per project (integer value) +#quota_volumes=10 + +# Number of volume snapshots allowed per project (integer +# value) +#quota_snapshots=10 + +# Number of consistencygroups allowed per project (integer +# value) +#quota_consistencygroups=10 + +# Total amount of storage, in gigabytes, allowed for volumes +# and snapshots per project (integer value) +#quota_gigabytes=1000 + +# Number of volume backups allowed per project (integer value) +#quota_backups=10 + +# Total amount of storage, in gigabytes, allowed for backups +# per project (integer value) +#quota_backup_gigabytes=1000 + +# Number of seconds until a reservation expires (integer +# value) +#reservation_expire=86400 + +# Count of reservations until usage is refreshed (integer +# value) +#until_refresh=0 + +# Number of seconds between subsequent usage refreshes +# (integer value) +#max_age=0 + +# Default driver to use for quota checks (string value) +#quota_driver=cinder.quota.DbQuotaDriver + +# Enables or disables use of default quota class with default +# quota. (boolean value) +#use_default_quota_class=true + + +# +# Options defined in cinder.service +# + +# Interval, in seconds, between nodes reporting state to +# datastore (integer value) +#report_interval=10 + +# Interval, in seconds, between running periodic tasks +# (integer value) +#periodic_interval=60 + +# Range, in seconds, to randomly delay when starting the +# periodic task scheduler to reduce stampeding. (Disable by +# setting to 0) (integer value) +#periodic_fuzzy_delay=60 + +# IP address on which OpenStack Volume API listens (string +# value) +#osapi_volume_listen=0.0.0.0 + +# Port on which OpenStack Volume API listens (integer value) +#osapi_volume_listen_port=8776 + +# Number of workers for OpenStack Volume API service. The +# default is equal to the number of CPUs available. (integer +# value) +#osapi_volume_workers=<None> + + +# +# Options defined in cinder.ssh_utils +# + +# Option to enable strict host key checking. When set to +# "True" Cinder will only connect to systems with a host key +# present in the configured "ssh_hosts_key_file". When set to +# "False" the host key will be saved upon first connection and +# used for subsequent connections. Default=False (boolean +# value) +#strict_ssh_host_key_policy=false + +# File containing SSH host keys for the systems with which +# Cinder needs to communicate. OPTIONAL: +# Default=$state_path/ssh_known_hosts (string value) +#ssh_hosts_key_file=$state_path/ssh_known_hosts + + +# +# Options defined in cinder.test +# + +# File name of clean sqlite db (string value) +#sqlite_clean_db=clean.sqlite + + +# +# Options defined in cinder.wsgi +# + +# Maximum line size of message headers to be accepted. +# max_header_line may need to be increased when using large +# tokens (typically those generated by the Keystone v3 API +# with big service catalogs). (integer value) +#max_header_line=16384 + +# If False, closes the client socket connection explicitly. +# Setting it to True to maintain backward compatibility. +# Recommended setting is set it to False. (boolean value) +#wsgi_keep_alive=true + +# Sets the value of TCP_KEEPALIVE (True/False) for each server +# socket. (boolean value) +#tcp_keepalive=true + +# Sets the value of TCP_KEEPIDLE in seconds for each server +# socket. Not supported on OS X. (integer value) +#tcp_keepidle=600 + +# Sets the value of TCP_KEEPINTVL in seconds for each server +# socket. Not supported on OS X. (integer value) +#tcp_keepalive_interval=<None> + +# Sets the value of TCP_KEEPCNT for each server socket. Not +# supported on OS X. (integer value) +#tcp_keepalive_count=<None> + +# CA certificate file to use to verify connecting clients +# (string value) +#ssl_ca_file=<None> + +# Certificate file to use when starting the server securely +# (string value) +#ssl_cert_file=<None> + +# Private key file to use when starting the server securely +# (string value) +#ssl_key_file=<None> + + +# +# Options defined in cinder.api.common +# + +# The maximum number of items that a collection resource +# returns in a single response (integer value) +#osapi_max_limit=1000 + +# Base URL that will be presented to users in links to the +# OpenStack Volume API (string value) +# Deprecated group/name - [DEFAULT]/osapi_compute_link_prefix +#osapi_volume_base_URL=<None> + + +# +# Options defined in cinder.api.middleware.auth +# + +# Treat X-Forwarded-For as the canonical remote address. Only +# enable this if you have a sanitizing proxy. (boolean value) +#use_forwarded_for=false + + +# +# Options defined in cinder.api.middleware.sizelimit +# + +# Max size for body of a request (integer value) +#osapi_max_request_body_size=114688 + + +# +# Options defined in cinder.backup.driver +# + +# Backup metadata version to be used when backing up volume +# metadata. If this number is bumped, make sure the service +# doing the restore supports the new version. (integer value) +#backup_metadata_version=1 + + +# +# Options defined in cinder.backup.drivers.ceph +# + +# Ceph configuration file to use. (string value) +#backup_ceph_conf=/etc/ceph/ceph.conf + +# The Ceph user to connect with. Default here is to use the +# same user as for Cinder volumes. If not using cephx this +# should be set to None. (string value) +#backup_ceph_user=cinder + +# The chunk size, in bytes, that a backup is broken into +# before transfer to the Ceph object store. (integer value) +#backup_ceph_chunk_size=134217728 + +# The Ceph pool where volume backups are stored. (string +# value) +#backup_ceph_pool=backups + +# RBD stripe unit to use when creating a backup image. +# (integer value) +#backup_ceph_stripe_unit=0 + +# RBD stripe count to use when creating a backup image. +# (integer value) +#backup_ceph_stripe_count=0 + +# If True, always discard excess bytes when restoring volumes +# i.e. pad with zeroes. (boolean value) +#restore_discard_excess_bytes=true + + +# +# Options defined in cinder.backup.drivers.swift +# + +# The URL of the Swift endpoint (string value) +#backup_swift_url=<None> + +# Info to match when looking for swift in the service catalog. +# Format is: separated values of the form: +# <service_type>:<service_name>:<endpoint_type> - Only used if +# backup_swift_url is unset (string value) +#swift_catalog_info=object-store:swift:publicURL + +# Swift authentication mechanism (string value) +#backup_swift_auth=per_user + +# Swift authentication version. Specify "1" for auth 1.0, or +# "2" for auth 2.0 (string value) +#backup_swift_auth_version=1 + +# Swift tenant/account name. Required when connecting to an +# auth 2.0 system (string value) +#backup_swift_tenant=<None> + +# Swift user name (string value) +#backup_swift_user=<None> + +# Swift key for authentication (string value) +#backup_swift_key=<None> + +# The default Swift container to use (string value) +#backup_swift_container=volumebackups + +# The size in bytes of Swift backup objects (integer value) +#backup_swift_object_size=52428800 + +# The number of retries to make for Swift operations (integer +# value) +#backup_swift_retry_attempts=3 + +# The backoff time in seconds between Swift retries (integer +# value) +#backup_swift_retry_backoff=2 + +# Compression algorithm (None to disable) (string value) +#backup_compression_algorithm=zlib + + +# +# Options defined in cinder.backup.drivers.tsm +# + +# Volume prefix for the backup id when backing up to TSM +# (string value) +#backup_tsm_volume_prefix=backup + +# TSM password for the running username (string value) +#backup_tsm_password=password + +# Enable or Disable compression for backups (boolean value) +#backup_tsm_compression=true + + +# +# Options defined in cinder.backup.manager +# + +# Driver to use for backups. (string value) +# Deprecated group/name - [DEFAULT]/backup_service +#backup_driver=cinder.backup.drivers.swift + + +# +# Options defined in cinder.common.config +# + +# File name for the paste.deploy config for cinder-api (string +# value) +api_paste_config=api-paste.ini + +# Top-level directory for maintaining cinder's state (string +# value) +# Deprecated group/name - [DEFAULT]/pybasedir +state_path=/var/lib/cinder + +# IP address of this host (string value) +my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# Default glance host name or IP (string value) +glance_host={{ CONTROLLER_HOST_ADDRESS }} + +# Default glance port (integer value) +#glance_port=9292 + +# A list of the glance API servers available to cinder +# ([hostname|ip]:port) (list value) +#glance_api_servers=$glance_host:$glance_port + +# Version of the glance API to use (integer value) +#glance_api_version=1 + +# Number retries when downloading an image from glance +# (integer value) +#glance_num_retries=0 + +# Allow to perform insecure SSL (https) requests to glance +# (boolean value) +#glance_api_insecure=false + +# Enables or disables negotiation of SSL layer compression. In +# some cases disabling compression can improve data +# throughput, such as when high network bandwidth is available +# and you use compressed image formats like qcow2. (boolean +# value) +#glance_api_ssl_compression=false + +# Location of ca certificates file to use for glance client +# requests. (string value) +#glance_ca_certificates_file=<None> + +# http/https timeout value for glance operations. If no value +# (None) is supplied here, the glanceclient default value is +# used. (integer value) +#glance_request_timeout=<None> + +# The topic that scheduler nodes listen on (string value) +#scheduler_topic=cinder-scheduler + +# The topic that volume nodes listen on (string value) +#volume_topic=cinder-volume + +# The topic that volume backup nodes listen on (string value) +#backup_topic=cinder-backup + +# DEPRECATED: Deploy v1 of the Cinder API. (boolean value) +#enable_v1_api=true + +# Deploy v2 of the Cinder API. (boolean value) +#enable_v2_api=true + +# Enables or disables rate limit of the API. (boolean value) +#api_rate_limit=true + +# Specify list of extensions to load when using +# osapi_volume_extension option with +# cinder.api.contrib.select_extensions (list value) +#osapi_volume_ext_list= + +# osapi volume extension to load (multi valued) +#osapi_volume_extension=cinder.api.contrib.standard_extensions + +# Full class name for the Manager for volume (string value) +#volume_manager=cinder.volume.manager.VolumeManager + +# Full class name for the Manager for volume backup (string +# value) +#backup_manager=cinder.backup.manager.BackupManager + +# Full class name for the Manager for scheduler (string value) +#scheduler_manager=cinder.scheduler.manager.SchedulerManager + +# Name of this node. This can be an opaque identifier. It is +# not necessarily a host name, FQDN, or IP address. (string +# value) +#host=cinder + +# Availability zone of this node (string value) +#storage_availability_zone=nova + +# Default availability zone for new volumes. If not set, the +# storage_availability_zone option value is used as the +# default for new volumes. (string value) +#default_availability_zone=<None> + +# Default volume type to use (string value) +#default_volume_type=<None> + +# Time period for which to generate volume usages. The options +# are hour, day, month, or year. (string value) +#volume_usage_audit_period=month + +# Path to the rootwrap configuration file to use for running +# commands as root (string value) +rootwrap_config=/etc/cinder/rootwrap.conf + +# Enable monkey patching (boolean value) +#monkey_patch=false + +# List of modules/decorators to monkey patch (list value) +#monkey_patch_modules= + +# Maximum time since last check-in for a service to be +# considered up (integer value) +#service_down_time=60 + +# The full class name of the volume API class to use (string +# value) +#volume_api_class=cinder.volume.api.API + +# The full class name of the volume backup API class (string +# value) +#backup_api_class=cinder.backup.api.API + +# The strategy to use for auth. Supports noauth, keystone, and +# deprecated. (string value) +auth_strategy=keystone + +# A list of backend names to use. These backend names should +# be backed by a unique [CONFIG] group with its options (list +# value) +#enabled_backends=<None> + +# Whether snapshots count against GigaByte quota (boolean +# value) +#no_snapshot_gb_quota=false + +# The full class name of the volume transfer API class (string +# value) +#transfer_api_class=cinder.transfer.api.API + +# The full class name of the volume replication API class +# (string value) +#replication_api_class=cinder.replication.api.API + +# The full class name of the consistencygroup API class +# (string value) +#consistencygroup_api_class=cinder.consistencygroup.api.API + + +# +# Options defined in cinder.compute +# + +# The full class name of the compute API class to use (string +# value) +#compute_api_class=cinder.compute.nova.API + + +# +# Options defined in cinder.compute.nova +# + +# Match this value when searching for nova in the service +# catalog. Format is: separated values of the form: +# <service_type>:<service_name>:<endpoint_type> (string value) +#nova_catalog_info=compute:nova:publicURL + +# Same as nova_catalog_info, but for admin endpoint. (string +# value) +#nova_catalog_admin_info=compute:nova:adminURL + +# Override service catalog lookup with template for nova +# endpoint e.g. http://localhost:8774/v2/%(project_id)s +# (string value) +#nova_endpoint_template=<None> + +# Same as nova_endpoint_template, but for admin endpoint. +# (string value) +#nova_endpoint_admin_template=<None> + +# Region name of this node (string value) +#os_region_name=<None> + +# Location of ca certificates file to use for nova client +# requests. (string value) +#nova_ca_certificates_file=<None> + +# Allow to perform insecure SSL requests to nova (boolean +# value) +#nova_api_insecure=false + + +# +# Options defined in cinder.db.api +# + +# The backend to use for db (string value) +#db_backend=sqlalchemy + +# Services to be added to the available pool on create +# (boolean value) +#enable_new_services=true + +# Template string to be used to generate volume names (string +# value) +volume_name_template=volume-%s + +# Template string to be used to generate snapshot names +# (string value) +#snapshot_name_template=snapshot-%s + +# Template string to be used to generate backup names (string +# value) +#backup_name_template=backup-%s + + +# +# Options defined in cinder.db.base +# + +# Driver to use for database access (string value) +#db_driver=cinder.db + + +# +# Options defined in cinder.image.glance +# + +# Default core properties of image (list value) +#glance_core_properties=checksum,container_format,disk_format,image_name,image_id,min_disk,min_ram,name,size + +# A list of url schemes that can be downloaded directly via +# the direct_url. Currently supported schemes: [file]. (list +# value) +#allowed_direct_url_schemes= + + +# +# Options defined in cinder.image.image_utils +# + +# Directory used for temporary storage during image conversion +# (string value) +#image_conversion_dir=$state_path/conversion + + +# +# Options defined in cinder.openstack.common.eventlet_backdoor +# + +# Enable eventlet backdoor. Acceptable values are 0, <port>, +# and <start>:<end>, where 0 results in listening on a random +# tcp port number; <port> results in listening on the +# specified port number (and not enabling backdoor if that +# port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range +# of port numbers. The chosen port is displayed in the +# service's log file. (string value) +#backdoor_port=<None> + + +# +# Options defined in cinder.openstack.common.lockutils +# + +# Whether to disable inter-process locks (boolean value) +#disable_process_locking=false + +# Directory to use for lock files. Default to a temp directory +# (string value) +lock_path=/var/lock/cinder + + +# +# Options defined in cinder.openstack.common.log +# + +# Print debugging output (set logging level to DEBUG instead +# of default WARNING level). (boolean value) +#debug=false + +# Print more verbose output (set logging level to INFO instead +# of default WARNING level). (boolean value) +#verbose=false + +# Log output to standard error. (boolean value) +#use_stderr=true + +# Format string to use for log messages with context. (string +# value) +#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages without context. +# (string value) +#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG. (string +# value) +#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format. +# (string value) +#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# List of logger=LEVEL pairs. (list value) +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN + +# Enables or disables publication of error events. (boolean +# value) +#publish_errors=false + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + +# The format for an instance that is passed with the log +# message. (string value) +#instance_format="[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log +# message. (string value) +#instance_uuid_format="[instance: %(uuid)s] " + +# The name of a logging configuration file. This file is +# appended to any existing logging configuration files. For +# details about logging configuration files, see the Python +# logging module documentation. (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append=<None> + +# DEPRECATED. A logging.Formatter log message format string +# which may use any of the available logging.LogRecord +# attributes. This option is deprecated. Please use +# logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format=<None> + +# Format string for %%(asctime)s in log records. Default: +# %(default)s . (string value) +#log_date_format=%Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to output to. If no default is +# set, logging will go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file=<None> + +# (Optional) The base directory used for relative --log-file +# paths. (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir=<None> + +# Use syslog for logging. Existing syslog format is DEPRECATED +# during I, and will change in J to honor RFC5424. (boolean +# value) +use_syslog = True + +# (Optional) Enables or disables syslog rfc5424 format for +# logging. If enabled, prefixes the MSG part of the syslog +# message with APP-NAME (RFC5424). The format without the APP- +# NAME is deprecated in I, and will be removed in J. (boolean +# value) +#use_syslog_rfc_format=false + +# Syslog facility to receive log lines. (string value) +#syslog_log_facility=LOG_USER + + +# +# Options defined in cinder.openstack.common.periodic_task +# + +# Some periodic tasks can be run in a separate process. Should +# we run them here? (boolean value) +#run_external_periodic_tasks=true + + +# +# Options defined in cinder.openstack.common.policy +# + +# The JSON file that defines policies. (string value) +#policy_file=policy.json + +# Default rule. Enforced when a requested rule is not found. +# (string value) +#policy_default_rule=default + + +# +# Options defined in cinder.scheduler.driver +# + +# The scheduler host manager class to use (string value) +#scheduler_host_manager=cinder.scheduler.host_manager.HostManager + +# Maximum number of attempts to schedule an volume (integer +# value) +#scheduler_max_attempts=3 + + +# +# Options defined in cinder.scheduler.host_manager +# + +# Which filter class names to use for filtering hosts when not +# specified in the request. (list value) +#scheduler_default_filters=AvailabilityZoneFilter,CapacityFilter,CapabilitiesFilter + +# Which weigher class names to use for weighing hosts. (list +# value) +#scheduler_default_weighers=CapacityWeigher + + +# +# Options defined in cinder.scheduler.manager +# + +# Default scheduler driver to use (string value) +#scheduler_driver=cinder.scheduler.filter_scheduler.FilterScheduler + + +# +# Options defined in cinder.scheduler.scheduler_options +# + +# Absolute path to scheduler configuration JSON file. (string +# value) +#scheduler_json_config_location= + + +# +# Options defined in cinder.scheduler.simple +# + +# This configure option has been deprecated along with the +# SimpleScheduler. New scheduler is able to gather capacity +# information for each host, thus setting the maximum number +# of volume gigabytes for host is no longer needed. It's safe +# to remove this configure from cinder.conf. (integer value) +#max_gigabytes=10000 + + +# +# Options defined in cinder.scheduler.weights.capacity +# + +# Multiplier used for weighing volume capacity. Negative +# numbers mean to stack vs spread. (floating point value) +#capacity_weight_multiplier=1.0 + +# Multiplier used for weighing volume capacity. Negative +# numbers mean to stack vs spread. (floating point value) +#allocated_capacity_weight_multiplier=-1.0 + + +# +# Options defined in cinder.scheduler.weights.volume_number +# + +# Multiplier used for weighing volume number. Negative numbers +# mean to spread vs stack. (floating point value) +#volume_number_multiplier=-1.0 + + +# +# Options defined in cinder.transfer.api +# + +# The number of characters in the salt. (integer value) +#volume_transfer_salt_length=8 + +# The number of characters in the autogenerated auth key. +# (integer value) +#volume_transfer_key_length=16 + + +# +# Options defined in cinder.volume.api +# + +# Cache volume availability zones in memory for the provided +# duration in seconds (integer value) +#az_cache_duration=3600 + +# Create volume from snapshot at the host where snapshot +# resides (boolean value) +#snapshot_same_host=true + +# Ensure that the new volumes are the same AZ as snapshot or +# source volume (boolean value) +#cloned_volume_same_az=true + + +# +# Options defined in cinder.volume.driver +# + +# The maximum number of times to rescan iSER targetto find +# volume (integer value) +#num_iser_scan_tries=3 + +# The maximum number of iSER target IDs per host (integer +# value) +#iser_num_targets=100 + +# Prefix for iSER volumes (string value) +#iser_target_prefix=iqn.2010-10.org.iser.openstack: + +# The IP address that the iSER daemon is listening on (string +# value) +#iser_ip_address=$my_ip + +# The port that the iSER daemon is listening on (integer +# value) +#iser_port=3260 + +# The name of the iSER target user-land tool to use (string +# value) +#iser_helper=tgtadm + +# Number of times to attempt to run flakey shell commands +# (integer value) +#num_shell_tries=3 + +# The percentage of backend capacity is reserved (integer +# value) +#reserved_percentage=0 + +# The maximum number of iSCSI target IDs per host (integer +# value) +#iscsi_num_targets=100 + +# Prefix for iSCSI volumes (string value) +#iscsi_target_prefix=iqn.2010-10.org.openstack: + +# The IP address that the iSCSI daemon is listening on (string +# value) +iscsi_ip_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# The port that the iSCSI daemon is listening on (integer +# value) +#iscsi_port=3260 + +# The maximum number of times to rescan targets to find volume +# (integer value) +# Deprecated group/name - [DEFAULT]/num_iscsi_scan_tries +#num_volume_device_scan_tries=3 + +# The backend name for a given driver implementation (string +# value) +volume_backend_name=LVM_iSCSI + +# Do we attach/detach volumes in cinder using multipath for +# volume to image and image to volume transfers? (boolean +# value) +#use_multipath_for_image_xfer=false + +# Method used to wipe old volumes (valid options are: none, +# zero, shred) (string value) +#volume_clear=zero + +# Size in MiB to wipe at start of old volumes. 0 => all +# (integer value) +#volume_clear_size=0 + +# The flag to pass to ionice to alter the i/o priority of the +# process used to zero a volume after deletion, for example +# "-c3" for idle only priority. (string value) +#volume_clear_ionice=<None> + +# iSCSI target user-land tool to use. tgtadm is default, use +# lioadm for LIO iSCSI support, iseradm for the ISER protocol, +# or fake for testing. (string value) +iscsi_helper=lioadm + +# Volume configuration file storage directory (string value) +volumes_dir=$state_path/volumes + +# IET configuration file (string value) +#iet_conf=/etc/iet/ietd.conf + +# Comma-separated list of initiator IQNs allowed to connect to +# the iSCSI target. (From Nova compute nodes.) (string value) +#lio_initiator_iqns= + +# Sets the behavior of the iSCSI target to either perform +# blockio or fileio optionally, auto can be set and Cinder +# will autodetect type of backing device (string value) +#iscsi_iotype=fileio + +# The default block size used when copying/clearing volumes +# (string value) +#volume_dd_blocksize=1M + +# The blkio cgroup name to be used to limit bandwidth of +# volume copy (string value) +#volume_copy_blkio_cgroup_name=cinder-volume-copy + +# The upper limit of bandwidth of volume copy. 0 => unlimited +# (integer value) +#volume_copy_bps_limit=0 + +# Sets the behavior of the iSCSI target to either perform +# write-back(on) or write-through(off). This parameter is +# valid if iscsi_helper is set to tgtadm or iseradm. (string +# value) +#iscsi_write_cache=on + +# The path to the client certificate key for verification, if +# the driver supports it. (string value) +#driver_client_cert_key=<None> + +# The path to the client certificate for verification, if the +# driver supports it. (string value) +#driver_client_cert=<None> + + +# +# Options defined in cinder.volume.drivers.block_device +# + +# List of all available devices (list value) +#available_devices= + + +# +# Options defined in cinder.volume.drivers.coraid +# + +# IP address of Coraid ESM (string value) +#coraid_esm_address= + +# User name to connect to Coraid ESM (string value) +#coraid_user=admin + +# Name of group on Coraid ESM to which coraid_user belongs +# (must have admin privilege) (string value) +#coraid_group=admin + +# Password to connect to Coraid ESM (string value) +#coraid_password=password + +# Volume Type key name to store ESM Repository Name (string +# value) +#coraid_repository_key=coraid_repository + + +# +# Options defined in cinder.volume.drivers.datera +# + +# Datera API token. (string value) +#datera_api_token=<None> + +# Datera API port. (string value) +#datera_api_port=7717 + +# Datera API version. (string value) +#datera_api_version=1 + +# Number of replicas to create of an inode. (string value) +#datera_num_replicas=3 + + +# +# Options defined in cinder.volume.drivers.emc.emc_vmax_common +# + +# use this file for cinder emc plugin config data (string +# value) +#cinder_emc_config_file=/etc/cinder/cinder_emc_config.xml + + +# +# Options defined in cinder.volume.drivers.emc.emc_vnx_cli +# + +# VNX authentication scope type. (string value) +#storage_vnx_authentication_type=global + +# Directory path that contains the VNX security file. Make +# sure the security file is generated first. (string value) +#storage_vnx_security_file_dir=<None> + +# Naviseccli Path. (string value) +#naviseccli_path= + +# Storage pool name. (string value) +#storage_vnx_pool_name=<None> + +# VNX secondary SP IP Address. (string value) +#san_secondary_ip=<None> + +# Default timeout for CLI operations in minutes. For example, +# LUN migration is a typical long running operation, which +# depends on the LUN size and the load of the array. An upper +# bound in the specific deployment can be set to avoid +# unnecessary long wait. By default, it is 365 days long. +# (integer value) +#default_timeout=525600 + +# Default max number of LUNs in a storage group. By default, +# the value is 255. (integer value) +#max_luns_per_storage_group=255 + +# To destroy storage group when the last LUN is removed from +# it. By default, the value is False. (boolean value) +#destroy_empty_storage_group=false + +# Mapping between hostname and its iSCSI initiator IP +# addresses. (string value) +#iscsi_initiators= + +# Automatically register initiators. By default, the value is +# False. (boolean value) +#initiator_auto_registration=false + + +# +# Options defined in cinder.volume.drivers.eqlx +# + +# Group name to use for creating volumes (string value) +#eqlx_group_name=group-0 + +# Timeout for the Group Manager cli command execution (integer +# value) +#eqlx_cli_timeout=30 + +# Maximum retry count for reconnection (integer value) +#eqlx_cli_max_retries=5 + +# Use CHAP authentication for targets? (boolean value) +#eqlx_use_chap=false + +# Existing CHAP account name (string value) +#eqlx_chap_login=admin + +# Password for specified CHAP account name (string value) +#eqlx_chap_password=password + +# Pool in which volumes will be created (string value) +#eqlx_pool=default + + +# +# Options defined in cinder.volume.drivers.fujitsu_eternus_dx_common +# + +# The configuration file for the Cinder SMI-S driver (string +# value) +#cinder_smis_config_file=/etc/cinder/cinder_fujitsu_eternus_dx.xml + + +# +# Options defined in cinder.volume.drivers.fusionio.ioControl +# + +# amount of time wait for iSCSI target to come online (integer +# value) +#fusionio_iocontrol_targetdelay=5 + +# number of retries for GET operations (integer value) +#fusionio_iocontrol_retry=3 + +# verify the array certificate on each transaction (boolean +# value) +#fusionio_iocontrol_verify_cert=true + + +# +# Options defined in cinder.volume.drivers.glusterfs +# + +# File with the list of available gluster shares (string +# value) +#glusterfs_shares_config=/etc/cinder/glusterfs_shares + +# Create volumes as sparsed files which take no space.If set +# to False volume is created as regular file.In such case +# volume creation takes a lot of time. (boolean value) +#glusterfs_sparsed_volumes=true + +# Create volumes as QCOW2 files rather than raw files. +# (boolean value) +#glusterfs_qcow2_volumes=false + +# Base dir containing mount points for gluster shares. (string +# value) +#glusterfs_mount_point_base=$state_path/mnt + + +# +# Options defined in cinder.volume.drivers.hds.hds +# + +# The configuration file for the Cinder HDS driver for HUS +# (string value) +#hds_cinder_config_file=/opt/hds/hus/cinder_hus_conf.xml + + +# +# Options defined in cinder.volume.drivers.hds.iscsi +# + +# Configuration file for HDS iSCSI cinder plugin (string +# value) +#hds_hnas_iscsi_config_file=/opt/hds/hnas/cinder_iscsi_conf.xml + + +# +# Options defined in cinder.volume.drivers.hds.nfs +# + +# Configuration file for HDS NFS cinder plugin (string value) +#hds_hnas_nfs_config_file=/opt/hds/hnas/cinder_nfs_conf.xml + + +# +# Options defined in cinder.volume.drivers.hitachi.hbsd_common +# + +# Serial number of storage system (string value) +#hitachi_serial_number=<None> + +# Name of an array unit (string value) +#hitachi_unit_name=<None> + +# Pool ID of storage system (integer value) +#hitachi_pool_id=<None> + +# Thin pool ID of storage system (integer value) +#hitachi_thin_pool_id=<None> + +# Range of logical device of storage system (string value) +#hitachi_ldev_range=<None> + +# Default copy method of storage system (string value) +#hitachi_default_copy_method=FULL + +# Copy speed of storage system (integer value) +#hitachi_copy_speed=3 + +# Interval to check copy (integer value) +#hitachi_copy_check_interval=3 + +# Interval to check copy asynchronously (integer value) +#hitachi_async_copy_check_interval=10 + +# Control port names for HostGroup or iSCSI Target (string +# value) +#hitachi_target_ports=<None> + +# Range of group number (string value) +#hitachi_group_range=<None> + +# Request for creating HostGroup or iSCSI Target (boolean +# value) +#hitachi_group_request=false + + +# +# Options defined in cinder.volume.drivers.hitachi.hbsd_fc +# + +# Request for FC Zone creating HostGroup (boolean value) +#hitachi_zoning_request=false + + +# +# Options defined in cinder.volume.drivers.hitachi.hbsd_horcm +# + +# Instance numbers for HORCM (string value) +#hitachi_horcm_numbers=200,201 + +# Username of storage system for HORCM (string value) +#hitachi_horcm_user=<None> + +# Password of storage system for HORCM (string value) +#hitachi_horcm_password=<None> + +# Add to HORCM configuration (boolean value) +#hitachi_horcm_add_conf=true + + +# +# Options defined in cinder.volume.drivers.hitachi.hbsd_iscsi +# + +# Add CHAP user (boolean value) +#hitachi_add_chap_user=false + +# iSCSI authentication method (string value) +#hitachi_auth_method=<None> + +# iSCSI authentication username (string value) +#hitachi_auth_user=HBSD-CHAP-user + +# iSCSI authentication password (string value) +#hitachi_auth_password=HBSD-CHAP-password + + +# +# Options defined in cinder.volume.drivers.huawei +# + +# The configuration file for the Cinder Huawei driver (string +# value) +#cinder_huawei_conf_file=/etc/cinder/cinder_huawei_conf.xml + + +# +# Options defined in cinder.volume.drivers.ibm.gpfs +# + +# Specifies the path of the GPFS directory where Block Storage +# volume and snapshot files are stored. (string value) +#gpfs_mount_point_base=<None> + +# Specifies the path of the Image service repository in GPFS. +# Leave undefined if not storing images in GPFS. (string +# value) +#gpfs_images_dir=<None> + +# Specifies the type of image copy to be used. Set this when +# the Image service repository also uses GPFS so that image +# files can be transferred efficiently from the Image service +# to the Block Storage service. There are two valid values: +# "copy" specifies that a full copy of the image is made; +# "copy_on_write" specifies that copy-on-write optimization +# strategy is used and unmodified blocks of the image file are +# shared efficiently. (string value) +#gpfs_images_share_mode=<None> + +# Specifies an upper limit on the number of indirections +# required to reach a specific block due to snapshots or +# clones. A lengthy chain of copy-on-write snapshots or +# clones can have a negative impact on performance, but +# improves space utilization. 0 indicates unlimited clone +# depth. (integer value) +#gpfs_max_clone_depth=0 + +# Specifies that volumes are created as sparse files which +# initially consume no space. If set to False, the volume is +# created as a fully allocated file, in which case, creation +# may take a significantly longer time. (boolean value) +#gpfs_sparse_volumes=true + +# Specifies the storage pool that volumes are assigned to. By +# default, the system storage pool is used. (string value) +#gpfs_storage_pool=system + + +# +# Options defined in cinder.volume.drivers.ibm.ibmnas +# + +# IP address or Hostname of NAS system. (string value) +#nas_ip= + +# User name to connect to NAS system. (string value) +#nas_login=admin + +# Password to connect to NAS system. (string value) +#nas_password= + +# SSH port to use to connect to NAS system. (integer value) +#nas_ssh_port=22 + +# Filename of private key to use for SSH authentication. +# (string value) +#nas_private_key= + +# IBMNAS platform type to be used as backend storage; valid +# values are - v7ku : for using IBM Storwize V7000 Unified, +# sonas : for using IBM Scale Out NAS, gpfs-nas : for using +# NFS based IBM GPFS deployments. (string value) +#ibmnas_platform_type=v7ku + + +# +# Options defined in cinder.volume.drivers.ibm.storwize_svc +# + +# Storage system storage pool for volumes (string value) +#storwize_svc_volpool_name=volpool + +# Storage system space-efficiency parameter for volumes +# (percentage) (integer value) +#storwize_svc_vol_rsize=2 + +# Storage system threshold for volume capacity warnings +# (percentage) (integer value) +#storwize_svc_vol_warning=0 + +# Storage system autoexpand parameter for volumes (True/False) +# (boolean value) +#storwize_svc_vol_autoexpand=true + +# Storage system grain size parameter for volumes +# (32/64/128/256) (integer value) +#storwize_svc_vol_grainsize=256 + +# Storage system compression option for volumes (boolean +# value) +#storwize_svc_vol_compression=false + +# Enable Easy Tier for volumes (boolean value) +#storwize_svc_vol_easytier=true + +# The I/O group in which to allocate volumes (integer value) +#storwize_svc_vol_iogrp=0 + +# Maximum number of seconds to wait for FlashCopy to be +# prepared. Maximum value is 600 seconds (10 minutes) (integer +# value) +#storwize_svc_flashcopy_timeout=120 + +# Connection protocol (iSCSI/FC) (string value) +#storwize_svc_connection_protocol=iSCSI + +# Configure CHAP authentication for iSCSI connections +# (Default: Enabled) (boolean value) +#storwize_svc_iscsi_chap_enabled=true + +# Connect with multipath (FC only; iSCSI multipath is +# controlled by Nova) (boolean value) +#storwize_svc_multipath_enabled=false + +# Allows vdisk to multi host mapping (boolean value) +#storwize_svc_multihostmap_enabled=true + +# Indicate whether svc driver is compatible for NPIV setup. If +# it is compatible, it will allow no wwpns being returned on +# get_conn_fc_wwpns during initialize_connection (boolean +# value) +#storwize_svc_npiv_compatibility_mode=false + +# Allow tenants to specify QOS on create (boolean value) +#storwize_svc_allow_tenant_qos=false + +# If operating in stretched cluster mode, specify the name of +# the pool in which mirrored copies are stored.Example: +# "pool2" (string value) +#storwize_svc_stretched_cluster_partner=<None> + + +# +# Options defined in cinder.volume.drivers.ibm.xiv_ds8k +# + +# Proxy driver that connects to the IBM Storage Array (string +# value) +#xiv_ds8k_proxy=xiv_ds8k_openstack.nova_proxy.XIVDS8KNovaProxy + +# Connection type to the IBM Storage Array +# (fibre_channel|iscsi) (string value) +#xiv_ds8k_connection_type=iscsi + +# CHAP authentication mode, effective only for iscsi +# (disabled|enabled) (string value) +#xiv_chap=disabled + + +# +# Options defined in cinder.volume.drivers.lvm +# + +# Name for the VG that will contain exported volumes (string +# value) +volume_group=cinder-volumes + +# If >0, create LVs with multiple mirrors. Note that this +# requires lvm_mirrors + 2 PVs with available space (integer +# value) +#lvm_mirrors=0 + +# Type of LVM volumes to deploy; (default or thin) (string +# value) +#lvm_type=default + + +# +# Options defined in cinder.volume.drivers.netapp.options +# + +# The vFiler unit on which provisioning of block storage +# volumes will be done. This option is only used by the driver +# when connecting to an instance with a storage family of Data +# ONTAP operating in 7-Mode and the storage protocol selected +# is iSCSI. Only use this option when utilizing the MultiStore +# feature on the NetApp storage system. (string value) +#netapp_vfiler=<None> + +# Administrative user account name used to access the storage +# system or proxy server. (string value) +#netapp_login=<None> + +# Password for the administrative user account specified in +# the netapp_login option. (string value) +#netapp_password=<None> + +# This option specifies the virtual storage server (Vserver) +# name on the storage cluster on which provisioning of block +# storage volumes should occur. If using the NFS storage +# protocol, this parameter is mandatory for storage service +# catalog support (utilized by Cinder volume type extra_specs +# support). If this option is specified, the exports belonging +# to the Vserver will only be used for provisioning in the +# future. Block storage volumes on exports not belonging to +# the Vserver specified by this option will continue to +# function normally. (string value) +#netapp_vserver=<None> + +# The hostname (or IP address) for the storage system or proxy +# server. (string value) +#netapp_server_hostname=<None> + +# The TCP port to use for communication with the storage +# system or proxy server. Traditionally, port 80 is used for +# HTTP and port 443 is used for HTTPS; however, this value +# should be changed if an alternate port has been configured +# on the storage system or proxy server. (integer value) +#netapp_server_port=80 + +# This option is used to specify the path to the E-Series +# proxy application on a proxy server. The value is combined +# with the value of the netapp_transport_type, +# netapp_server_hostname, and netapp_server_port options to +# create the URL used by the driver to connect to the proxy +# application. (string value) +#netapp_webservice_path=/devmgr/v2 + +# This option is only utilized when the storage family is +# configured to eseries. This option is used to restrict +# provisioning to the specified controllers. Specify the value +# of this option to be a comma separated list of controller +# hostnames or IP addresses to be used for provisioning. +# (string value) +#netapp_controller_ips=<None> + +# Password for the NetApp E-Series storage array. (string +# value) +#netapp_sa_password=<None> + +# This option is used to restrict provisioning to the +# specified storage pools. Only dynamic disk pools are +# currently supported. Specify the value of this option to be +# a comma separated list of disk pool names to be used for +# provisioning. (string value) +#netapp_storage_pools=<None> + +# This option is used to define how the controllers in the +# E-Series storage array will work with the particular +# operating system on the hosts that are connected to it. +# (string value) +#netapp_eseries_host_type=linux_dm_mp + +# If the percentage of available space for an NFS share has +# dropped below the value specified by this option, the NFS +# image cache will be cleaned. (integer value) +#thres_avl_size_perc_start=20 + +# When the percentage of available space on an NFS share has +# reached the percentage specified by this option, the driver +# will stop clearing files from the NFS image cache that have +# not been accessed in the last M minutes, where M is the +# value of the expiry_thres_minutes configuration option. +# (integer value) +#thres_avl_size_perc_stop=60 + +# This option specifies the threshold for last access time for +# images in the NFS image cache. When a cache cleaning cycle +# begins, images in the cache that have not been accessed in +# the last M minutes, where M is the value of this parameter, +# will be deleted from the cache to create free space on the +# NFS share. (integer value) +#expiry_thres_minutes=720 + +# This option specifies the path of the NetApp copy offload +# tool binary. Ensure that the binary has execute permissions +# set which allow the effective user of the cinder-volume +# process to execute the file. (string value) +#netapp_copyoffload_tool_path=<None> + +# The quantity to be multiplied by the requested volume size +# to ensure enough space is available on the virtual storage +# server (Vserver) to fulfill the volume creation request. +# (floating point value) +#netapp_size_multiplier=1.2 + +# This option is only utilized when the storage protocol is +# configured to use iSCSI. This option is used to restrict +# provisioning to the specified controller volumes. Specify +# the value of this option to be a comma separated list of +# NetApp controller volume names to be used for provisioning. +# (string value) +#netapp_volume_list=<None> + +# The storage family type used on the storage system; valid +# values are ontap_7mode for using Data ONTAP operating in +# 7-Mode, ontap_cluster for using clustered Data ONTAP, or +# eseries for using E-Series. (string value) +#netapp_storage_family=ontap_cluster + +# The storage protocol to be used on the data path with the +# storage system; valid values are iscsi or nfs. (string +# value) +#netapp_storage_protocol=<None> + +# The transport protocol used when communicating with the +# storage system or proxy server. Valid values are http or +# https. (string value) +#netapp_transport_type=http + + +# +# Options defined in cinder.volume.drivers.nexenta.options +# + +# IP address of Nexenta SA (string value) +#nexenta_host= + +# HTTP port to connect to Nexenta REST API server (integer +# value) +#nexenta_rest_port=2000 + +# Use http or https for REST connection (default auto) (string +# value) +#nexenta_rest_protocol=auto + +# User name to connect to Nexenta SA (string value) +#nexenta_user=admin + +# Password to connect to Nexenta SA (string value) +#nexenta_password=nexenta + +# Nexenta target portal port (integer value) +#nexenta_iscsi_target_portal_port=3260 + +# SA Pool that holds all volumes (string value) +#nexenta_volume=cinder + +# IQN prefix for iSCSI targets (string value) +#nexenta_target_prefix=iqn.1986-03.com.sun:02:cinder- + +# Prefix for iSCSI target groups on SA (string value) +#nexenta_target_group_prefix=cinder/ + +# File with the list of available nfs shares (string value) +#nexenta_shares_config=/etc/cinder/nfs_shares + +# Base directory that contains NFS share mount points (string +# value) +#nexenta_mount_point_base=$state_path/mnt + +# Enables or disables the creation of volumes as sparsed files +# that take no space. If disabled (False), volume is created +# as a regular file, which takes a long time. (boolean value) +#nexenta_sparsed_volumes=true + +# Default compression value for new ZFS folders. (string +# value) +#nexenta_volume_compression=on + +# If set True cache NexentaStor appliance volroot option +# value. (boolean value) +#nexenta_nms_cache_volroot=true + +# Enable stream compression, level 1..9. 1 - gives best speed; +# 9 - gives best compression. (integer value) +#nexenta_rrmgr_compression=0 + +# TCP Buffer size in KiloBytes. (integer value) +#nexenta_rrmgr_tcp_buf_size=4096 + +# Number of TCP connections. (integer value) +#nexenta_rrmgr_connections=2 + +# Block size for volumes (default=blank means 8KB) (string +# value) +#nexenta_blocksize= + +# Enables or disables the creation of sparse volumes (boolean +# value) +#nexenta_sparse=false + + +# +# Options defined in cinder.volume.drivers.nfs +# + +# File with the list of available nfs shares (string value) +#nfs_shares_config=/etc/cinder/nfs_shares + +# Create volumes as sparsed files which take no space.If set +# to False volume is created as regular file.In such case +# volume creation takes a lot of time. (boolean value) +#nfs_sparsed_volumes=true + +# Percent of ACTUAL usage of the underlying volume before no +# new volumes can be allocated to the volume destination. +# (floating point value) +#nfs_used_ratio=0.95 + +# This will compare the allocated to available space on the +# volume destination. If the ratio exceeds this number, the +# destination will no longer be valid. (floating point value) +#nfs_oversub_ratio=1.0 + +# Base dir containing mount points for nfs shares. (string +# value) +#nfs_mount_point_base=$state_path/mnt + +# Mount options passed to the nfs client. See section of the +# nfs man page for details. (string value) +#nfs_mount_options=<None> + + +# +# Options defined in cinder.volume.drivers.nimble +# + +# Nimble Controller pool name (string value) +#nimble_pool_name=default + +# Nimble Subnet Label (string value) +#nimble_subnet_label=* + + +# +# Options defined in cinder.volume.drivers.prophetstor.options +# + +# DPL pool uuid in which DPL volumes are stored. (string +# value) +#dpl_pool= + +# DPL port number. (integer value) +#dpl_port=8357 + + +# +# Options defined in cinder.volume.drivers.pure +# + +# REST API authorization token. (string value) +#pure_api_token=<None> + + +# +# Options defined in cinder.volume.drivers.rbd +# + +# The RADOS pool where rbd volumes are stored (string value) +#rbd_pool=rbd + +# The RADOS client name for accessing rbd volumes - only set +# when using cephx authentication (string value) +#rbd_user=<None> + +# Path to the ceph configuration file (string value) +#rbd_ceph_conf= + +# Flatten volumes created from snapshots to remove dependency +# from volume to snapshot (boolean value) +#rbd_flatten_volume_from_snapshot=false + +# The libvirt uuid of the secret for the rbd_user volumes +# (string value) +#rbd_secret_uuid=<None> + +# Directory where temporary image files are stored when the +# volume driver does not write them directly to the volume. +# (string value) +#volume_tmp_dir=<None> + +# Maximum number of nested volume clones that are taken before +# a flatten occurs. Set to 0 to disable cloning. (integer +# value) +#rbd_max_clone_depth=5 + +# Volumes will be chunked into objects of this size (in +# megabytes). (integer value) +#rbd_store_chunk_size=4 + +# Timeout value (in seconds) used when connecting to ceph +# cluster. If value < 0, no timeout is set and default +# librados value is used. (integer value) +#rados_connect_timeout=-1 + + +# +# Options defined in cinder.volume.drivers.remotefs +# + +# IP address or Hostname of NAS system. (string value) +#nas_ip= + +# User name to connect to NAS system. (string value) +#nas_login=admin + +# Password to connect to NAS system. (string value) +#nas_password= + +# SSH port to use to connect to NAS system. (integer value) +#nas_ssh_port=22 + +# Filename of private key to use for SSH authentication. +# (string value) +#nas_private_key= + + +# +# Options defined in cinder.volume.drivers.san.hp.hp_3par_common +# + +# 3PAR WSAPI Server Url like https://<3par ip>:8080/api/v1 +# (string value) +#hp3par_api_url= + +# 3PAR Super user username (string value) +#hp3par_username= + +# 3PAR Super user password (string value) +#hp3par_password= + +# The CPG to use for volume creation (string value) +#hp3par_cpg=OpenStack + +# The CPG to use for Snapshots for volumes. If empty +# hp3par_cpg will be used (string value) +#hp3par_cpg_snap= + +# The time in hours to retain a snapshot. You can't delete it +# before this expires. (string value) +#hp3par_snapshot_retention= + +# The time in hours when a snapshot expires and is deleted. +# This must be larger than expiration (string value) +#hp3par_snapshot_expiration= + +# Enable HTTP debugging to 3PAR (boolean value) +#hp3par_debug=false + +# List of target iSCSI addresses to use. (list value) +#hp3par_iscsi_ips= + +# Enable CHAP authentication for iSCSI connections. (boolean +# value) +#hp3par_iscsi_chap_enabled=false + + +# +# Options defined in cinder.volume.drivers.san.hp.hp_lefthand_rest_proxy +# + +# HP LeftHand WSAPI Server Url like https://<LeftHand +# ip>:8081/lhos (string value) +#hplefthand_api_url=<None> + +# HP LeftHand Super user username (string value) +#hplefthand_username=<None> + +# HP LeftHand Super user password (string value) +#hplefthand_password=<None> + +# HP LeftHand cluster name (string value) +#hplefthand_clustername=<None> + +# Configure CHAP authentication for iSCSI connections +# (Default: Disabled) (boolean value) +#hplefthand_iscsi_chap_enabled=false + +# Enable HTTP debugging to LeftHand (boolean value) +#hplefthand_debug=false + + +# +# Options defined in cinder.volume.drivers.san.hp.hp_msa_common +# + +# The VDisk to use for volume creation. (string value) +#msa_vdisk=OpenStack + + +# +# Options defined in cinder.volume.drivers.san.san +# + +# Use thin provisioning for SAN volumes? (boolean value) +#san_thin_provision=true + +# IP address of SAN controller (string value) +#san_ip= + +# Username for SAN controller (string value) +#san_login=admin + +# Password for SAN controller (string value) +#san_password= + +# Filename of private key to use for SSH authentication +# (string value) +#san_private_key= + +# Cluster name to use for creating volumes (string value) +#san_clustername= + +# SSH port to use with SAN (integer value) +#san_ssh_port=22 + +# Execute commands locally instead of over SSH; use if the +# volume service is running on the SAN device (boolean value) +#san_is_local=false + +# SSH connection timeout in seconds (integer value) +#ssh_conn_timeout=30 + +# Minimum ssh connections in the pool (integer value) +#ssh_min_pool_conn=1 + +# Maximum ssh connections in the pool (integer value) +#ssh_max_pool_conn=5 + + +# +# Options defined in cinder.volume.drivers.san.solaris +# + +# The ZFS path under which to create zvols for volumes. +# (string value) +#san_zfs_volume_base=rpool/ + + +# +# Options defined in cinder.volume.drivers.scality +# + +# Path or URL to Scality SOFS configuration file (string +# value) +#scality_sofs_config=<None> + +# Base dir where Scality SOFS shall be mounted (string value) +#scality_sofs_mount_point=$state_path/scality + +# Path from Scality SOFS root to volume dir (string value) +#scality_sofs_volume_dir=cinder/volumes + + +# +# Options defined in cinder.volume.drivers.smbfs +# + +# File with the list of available smbfs shares. (string value) +#smbfs_shares_config=/etc/cinder/smbfs_shares + +# Default format that will be used when creating volumes if no +# volume format is specified. Can be set to: raw, qcow2, vhd +# or vhdx. (string value) +#smbfs_default_volume_format=qcow2 + +# Create volumes as sparsed files which take no space rather +# than regular files when using raw format, in which case +# volume creation takes lot of time. (boolean value) +#smbfs_sparsed_volumes=true + +# Percent of ACTUAL usage of the underlying volume before no +# new volumes can be allocated to the volume destination. +# (floating point value) +#smbfs_used_ratio=0.95 + +# This will compare the allocated to available space on the +# volume destination. If the ratio exceeds this number, the +# destination will no longer be valid. (floating point value) +#smbfs_oversub_ratio=1.0 + +# Base dir containing mount points for smbfs shares. (string +# value) +#smbfs_mount_point_base=$state_path/mnt + +# Mount options passed to the smbfs client. See mount.cifs man +# page for details. (string value) +#smbfs_mount_options=noperm,file_mode=0775,dir_mode=0775 + + +# +# Options defined in cinder.volume.drivers.solidfire +# + +# Set 512 byte emulation on volume creation; (boolean value) +#sf_emulate_512=true + +# Allow tenants to specify QOS on create (boolean value) +#sf_allow_tenant_qos=false + +# Create SolidFire accounts with this prefix. Any string can +# be used here, but the string "hostname" is special and will +# create a prefix using the cinder node hostsname (previous +# default behavior). The default is NO prefix. (string value) +#sf_account_prefix=<None> + +# SolidFire API port. Useful if the device api is behind a +# proxy on a different port. (integer value) +#sf_api_port=443 + + +# +# Options defined in cinder.volume.drivers.vmware.vmdk +# + +# IP address for connecting to VMware ESX/VC server. (string +# value) +#vmware_host_ip=<None> + +# Username for authenticating with VMware ESX/VC server. +# (string value) +#vmware_host_username=<None> + +# Password for authenticating with VMware ESX/VC server. +# (string value) +#vmware_host_password=<None> + +# Optional VIM service WSDL Location e.g +# http://<server>/vimService.wsdl. Optional over-ride to +# default location for bug work-arounds. (string value) +#vmware_wsdl_location=<None> + +# Number of times VMware ESX/VC server API must be retried +# upon connection related issues. (integer value) +#vmware_api_retry_count=10 + +# The interval (in seconds) for polling remote tasks invoked +# on VMware ESX/VC server. (floating point value) +#vmware_task_poll_interval=0.5 + +# Name for the folder in the VC datacenter that will contain +# cinder volumes. (string value) +#vmware_volume_folder=cinder-volumes + +# Timeout in seconds for VMDK volume transfer between Cinder +# and Glance. (integer value) +#vmware_image_transfer_timeout_secs=7200 + +# Max number of objects to be retrieved per batch. Query +# results will be obtained in batches from the server and not +# in one shot. Server may still limit the count to something +# less than the configured value. (integer value) +#vmware_max_objects_retrieval=100 + +# Optional string specifying the VMware VC server version. The +# driver attempts to retrieve the version from VMware VC +# server. Set this configuration only if you want to override +# the VC server version. (string value) +#vmware_host_version=<None> + +# Directory where virtual disks are stored during volume +# backup and restore. (string value) +#vmware_tmp_dir=/tmp + + +# +# Options defined in cinder.volume.drivers.windows.windows +# + +# Path to store VHD backed volumes (string value) +#windows_iscsi_lun_path=C:\iSCSIVirtualDisks + + +# +# Options defined in cinder.volume.drivers.zadara +# + +# Management IP of Zadara VPSA (string value) +#zadara_vpsa_ip=<None> + +# Zadara VPSA port number (string value) +#zadara_vpsa_port=<None> + +# Use SSL connection (boolean value) +#zadara_vpsa_use_ssl=false + +# User name for the VPSA (string value) +#zadara_user=<None> + +# Password for the VPSA (string value) +#zadara_password=<None> + +# Name of VPSA storage pool for volumes (string value) +#zadara_vpsa_poolname=<None> + +# Default thin provisioning policy for volumes (boolean value) +#zadara_vol_thin=true + +# Default encryption policy for volumes (boolean value) +#zadara_vol_encrypt=false + +# Default template for VPSA volume names (string value) +#zadara_vol_name_template=OS_%s + +# Automatically detach from servers on volume delete (boolean +# value) +#zadara_vpsa_auto_detach_on_delete=true + +# Don't halt on deletion of non-existing volumes (boolean +# value) +#zadara_vpsa_allow_nonexistent_delete=true + + +# +# Options defined in cinder.volume.drivers.zfssa.zfssaiscsi +# + +# Storage pool name. (string value) +#zfssa_pool=<None> + +# Project name. (string value) +#zfssa_project=<None> + +# Block size: 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k. +# (string value) +#zfssa_lun_volblocksize=8k + +# Flag to enable sparse (thin-provisioned): True, False. +# (boolean value) +#zfssa_lun_sparse=false + +# Data compression-off, lzjb, gzip-2, gzip, gzip-9. (string +# value) +#zfssa_lun_compression= + +# Synchronous write bias-latency, throughput. (string value) +#zfssa_lun_logbias= + +# iSCSI initiator group. (string value) +#zfssa_initiator_group= + +# iSCSI initiator IQNs. (comma separated) (string value) +#zfssa_initiator= + +# iSCSI initiator CHAP user. (string value) +#zfssa_initiator_user= + +# iSCSI initiator CHAP password. (string value) +#zfssa_initiator_password= + +# iSCSI target group name. (string value) +#zfssa_target_group=tgt-grp + +# iSCSI target CHAP user. (string value) +#zfssa_target_user= + +# iSCSI target CHAP password. (string value) +#zfssa_target_password= + +# iSCSI target portal (Data-IP:Port, w.x.y.z:3260). (string +# value) +#zfssa_target_portal=<None> + +# Network interfaces of iSCSI targets. (comma separated) +# (string value) +#zfssa_target_interfaces=<None> + +# REST connection timeout. (seconds) (integer value) +#zfssa_rest_timeout=<None> + + +# +# Options defined in cinder.volume.manager +# + +# Driver to use for volume creation (string value) +volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver + +# Timeout for creating the volume to migrate to when +# performing volume migration (seconds) (integer value) +#migration_create_volume_timeout_secs=300 + +# Offload pending volume delete during volume service startup +# (boolean value) +#volume_service_inithost_offload=false + +# FC Zoning mode configured (string value) +#zoning_mode=none + +# User defined capabilities, a JSON formatted string +# specifying key/value pairs. (string value) +#extra_capabilities={} + + +[BRCD_FABRIC_EXAMPLE] + +# +# Options defined in cinder.zonemanager.drivers.brocade.brcd_fabric_opts +# + +# Management IP of fabric (string value) +#fc_fabric_address= + +# Fabric user ID (string value) +#fc_fabric_user= + +# Password for user (string value) +#fc_fabric_password= + +# Connecting port (integer value) +#fc_fabric_port=22 + +# overridden zoning policy (string value) +#zoning_policy=initiator-target + +# overridden zoning activation state (boolean value) +#zone_activate=true + +# overridden zone name prefix (string value) +#zone_name_prefix=<None> + +# Principal switch WWN of the fabric (string value) +#principal_switch_wwn=<None> + + +[CISCO_FABRIC_EXAMPLE] + +# +# Options defined in cinder.zonemanager.drivers.cisco.cisco_fabric_opts +# + +# Management IP of fabric (string value) +#cisco_fc_fabric_address= + +# Fabric user ID (string value) +#cisco_fc_fabric_user= + +# Password for user (string value) +#cisco_fc_fabric_password= + +# Connecting port (integer value) +#cisco_fc_fabric_port=22 + +# overridden zoning policy (string value) +#cisco_zoning_policy=initiator-target + +# overridden zoning activation state (boolean value) +#cisco_zone_activate=true + +# overridden zone name prefix (string value) +#cisco_zone_name_prefix=<None> + +# VSAN of the Fabric (string value) +#cisco_zoning_vsan=<None> + + +[database] + +# +# Options defined in oslo.db +# + +# The file name to use with SQLite. (string value) +#sqlite_db=oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +#sqlite_synchronous=true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend=sqlalchemy + +# The SQLAlchemy connection string to use to connect to the +# database. (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +connection=postgresql://{{ CINDER_DB_USER }}:{{ CINDER_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/cinder + +# The SQLAlchemy connection string to use to connect to the +# slave database. (string value) +#slave_connection=<None> + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode=TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout=3600 + +# Minimum number of SQL connections to keep open in a pool. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size=1 + +# Maximum number of SQL connections to keep open in a pool. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size=<None> + +# Maximum number of database connection retries during +# startup. Set to -1 to specify an infinite retry count. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries=10 + +# Interval between retries of opening a SQL connection. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval=10 + +# If set, use this value for max_overflow with SQLAlchemy. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow=<None> + +# Verbosity of SQL debugging information: 0=None, +# 100=Everything. (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug=0 + +# Add Python stack traces to SQL as comment strings. (boolean +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace=false + +# If set, use this value for pool_timeout with SQLAlchemy. +# (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout=<None> + +# Enable the experimental use of database reconnect on +# connection lost. (boolean value) +#use_db_reconnect=false + +# Seconds between database connection retries. (integer value) +#db_retry_interval=1 + +# If True, increases the interval between database connection +# retries up to db_max_retry_interval. (boolean value) +#db_inc_retry_interval=true + +# If db_inc_retry_interval is set, the maximum seconds between +# database connection retries. (integer value) +#db_max_retry_interval=10 + +# Maximum database connection retries before error is raised. +# Set to -1 to specify an infinite retry count. (integer +# value) +#db_max_retries=20 + + +# +# Options defined in oslo.db.concurrency +# + +# Enable the experimental use of thread pooling for all DB API +# calls (boolean value) +# Deprecated group/name - [DEFAULT]/dbapi_use_tpool +#use_tpool=false + + +[fc-zone-manager] + +# +# Options defined in cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver +# + +# Southbound connector for zoning operation (string value) +#brcd_sb_connector=cinder.zonemanager.drivers.brocade.brcd_fc_zone_client_cli.BrcdFCZoneClientCLI + + +# +# Options defined in cinder.zonemanager.drivers.cisco.cisco_fc_zone_driver +# + +# Southbound connector for zoning operation (string value) +#cisco_sb_connector=cinder.zonemanager.drivers.cisco.cisco_fc_zone_client_cli.CiscoFCZoneClientCLI + + +# +# Options defined in cinder.zonemanager.fc_zone_manager +# + +# FC Zone Driver responsible for zone management (string +# value) +#zone_driver=cinder.zonemanager.drivers.brocade.brcd_fc_zone_driver.BrcdFCZoneDriver + +# Zoning policy configured by user (string value) +#zoning_policy=initiator-target + +# Comma separated list of fibre channel fabric names. This +# list of names is used to retrieve other SAN credentials for +# connecting to each SAN fabric (string value) +#fc_fabric_names=<None> + +# FC San Lookup Service (string value) +#fc_san_lookup_service=cinder.zonemanager.drivers.brocade.brcd_fc_san_lookup_service.BrcdFCSanLookupService + + +[keymgr] + +# +# Options defined in cinder.keymgr +# + +# The full class name of the key manager API class (string +# value) +#api_class=cinder.keymgr.conf_key_mgr.ConfKeyManager + + +# +# Options defined in cinder.keymgr.conf_key_mgr +# + +# Fixed key returned by key manager, specified in hex (string +# value) +#fixed_key=<None> + + +# +# Options defined in cinder.keymgr.key_mgr +# + +# Authentication url for encryption service. (string value) +#encryption_auth_url=http://localhost:5000/v2.0 + +# Url for encryption service. (string value) +#encryption_api_url=http://localhost:9311/v1 + + +[keystone_authtoken] + +# +# Options defined in keystonemiddleware.auth_token +# + +# Prefix to prepend at the beginning of the path. Deprecated, +# use identity_uri. (string value) +#auth_admin_prefix= + +# Host providing the admin Identity API endpoint. Deprecated, +# use identity_uri. (string value) +#auth_host=127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port=35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol=https + +# Complete public Identity API endpoint (string value) +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + +# Complete admin Identity API endpoint. This should specify +# the unversioned root endpoint e.g. https://localhost:35357/ +# (string value) +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 + +# API version of the admin Identity API endpoint (string +# value) +#auth_version=<None> + +# Do not handle authorization requests within the middleware, +# but delegate the authorization decision to downstream WSGI +# components (boolean value) +#delay_auth_decision=false + +# Request timeout value for communicating with Identity API +# server. (boolean value) +#http_connect_timeout=<None> + +# How many times are we trying to reconnect when communicating +# with Identity API Server. (integer value) +#http_request_max_retries=3 + +# This option is deprecated and may be removed in a future +# release. Single shared secret with the Keystone +# configuration used for bootstrapping a Keystone +# installation, or otherwise bypassing the normal +# authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token=<None> + +# Keystone account username (string value) +admin_user={{ CINDER_SERVICE_USER }} + +# Keystone account password (string value) +admin_password={{ CINDER_SERVICE_PASSWORD }} + +# Keystone service account tenant name to validate user tokens +# (string value) +admin_tenant_name=service + +# Env key for the swift cache (string value) +#cache=<None> + +# Required if Keystone server requires client certificate +# (string value) +#certfile=<None> + +# Required if Keystone server requires client certificate +# (string value) +#keyfile=<None> + +# A PEM encoded Certificate Authority to use when verifying +# HTTPs connections. Defaults to system CAs. (string value) +#cafile=<None> + +# Verify HTTPS connections. (boolean value) +#insecure=false + +# Directory used to cache files related to PKI tokens (string +# value) +#signing_dir=<None> + +# Optionally specify a list of memcached server(s) to use for +# caching. If left undefined, tokens will instead be cached +# in-process. (list value) +# Deprecated group/name - [DEFAULT]/memcache_servers +#memcached_servers=<None> + +# In order to prevent excessive effort spent validating +# tokens, the middleware caches previously-seen tokens for a +# configurable duration (in seconds). Set to -1 to disable +# caching completely. (integer value) +#token_cache_time=300 + +# Determines the frequency at which the list of revoked tokens +# is retrieved from the Identity service (in seconds). A high +# number of revocation events combined with a low cache +# duration may significantly reduce performance. (integer +# value) +#revocation_cache_time=10 + +# (optional) if defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable +# values are MAC or ENCRYPT. If MAC, token data is +# authenticated (with HMAC) in the cache. If ENCRYPT, token +# data is encrypted and authenticated in the cache. If the +# value is not one of these options or empty, auth_token will +# raise an exception on initialization. (string value) +#memcache_security_strategy=<None> + +# (optional, mandatory if memcache_security_strategy is +# defined) this string is used for key derivation. (string +# value) +#memcache_secret_key=<None> + +# (optional) number of seconds memcached server is considered +# dead before it is tried again. (integer value) +#memcache_pool_dead_retry=300 + +# (optional) max total number of open connections to every +# memcached server. (integer value) +#memcache_pool_maxsize=10 + +# (optional) socket timeout in seconds for communicating with +# a memcache server. (integer value) +#memcache_pool_socket_timeout=3 + +# (optional) number of seconds a connection to memcached is +# held unused in the pool before it is closed. (integer value) +#memcache_pool_unused_timeout=60 + +# (optional) number of seconds that an operation will wait to +# get a memcache client connection from the pool. (integer +# value) +#memcache_pool_conn_get_timeout=10 + +# (optional) use the advanced (eventlet safe) memcache client +# pool. The advanced pool will only work under python 2.x. +# (boolean value) +#memcache_use_advanced_pool=false + +# (optional) indicate whether to set the X-Service-Catalog +# header. If False, middleware will not ask for service +# catalog on token validation and will not set the X-Service- +# Catalog header. (boolean value) +#include_service_catalog=true + +# Used to control the use and type of token binding. Can be +# set to: "disabled" to not check token binding. "permissive" +# (default) to validate binding information if the bind type +# is of a form known to the server and ignore it if not. +# "strict" like "permissive" but if the bind type is unknown +# the token will be rejected. "required" any form of token +# binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string +# value) +#enforce_token_bind=permissive + +# If true, the revocation list will be checked for cached +# tokens. This requires that PKI tokens are configured on the +# Keystone server. (boolean value) +#check_revocations_for_cached=false + +# Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those +# supported by Python standard hashlib.new(). The hashes will +# be tried in the order given, so put the preferred one first +# for performance. The result of the first hash will be stored +# in the cache. This will typically be set to multiple values +# only while migrating from a less secure algorithm to a more +# secure one. Once all the old tokens are expired this option +# should be set to a single value for better performance. +# (list value) +#hash_algorithms=md5 + + +[matchmaker_redis] + +# +# Options defined in oslo.messaging +# + +# Host to locate redis. (string value) +#host=127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port=6379 + +# Password for Redis server (optional). (string value) +#password=<None> + + +[matchmaker_ring] + +# +# Options defined in oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile=/etc/oslo/matchmaker_ring.json + + +[oslo_messaging_amqp] + +# +# Options defined in oslo.messaging +# +# NOTE: Options in this group are supported when using oslo.messaging >=1.5.0. + +# address prefix used when sending to a specific server +# (string value) +#server_request_prefix=exclusive + +# address prefix used when broadcasting to all servers (string +# value) +#broadcast_prefix=broadcast + +# address prefix when sending to any server in group (string +# value) +#group_request_prefix=unicast + +# Name for the AMQP container (string value) +#container_name=<None> + +# Timeout for inactive connections (in seconds) (integer +# value) +#idle_timeout=0 + +# Debug: dump AMQP frames to stdout (boolean value) +#trace=false + +# CA certificate PEM file for verifing server certificate +# (string value) +#ssl_ca_file= + +# Identifying certificate PEM file to present to clients +# (string value) +#ssl_cert_file= + +# Private key PEM file used to sign cert_file certificate +# (string value) +#ssl_key_file= + +# Password for decrypting ssl_key_file (if encrypted) (string +# value) +#ssl_key_password=<None> + +# Accept clients using either SSL or plain TCP (boolean value) +#allow_insecure_clients=false + + +[profiler] + +# +# Options defined in cinder.service +# + +# If False fully disable profiling feature. (boolean value) +#profiler_enabled=false + +# If False doesn't trace SQL requests. (boolean value) +#trace_sqlalchemy=false + + +[ssl] + +# +# Options defined in cinder.openstack.common.sslutils +# + +# CA certificate file to use to verify connecting clients +# (string value) +#ca_file=<None> + +# Certificate file to use when starting the server securely +# (string value) +#cert_file=<None> + +# Private key file to use when starting the server securely +# (string value) +#key_file=<None> + + diff --git a/openstack/usr/share/openstack/cinder/policy.json b/openstack/usr/share/openstack/cinder/policy.json new file mode 100644 index 00000000..8f3a7b2f --- /dev/null +++ b/openstack/usr/share/openstack/cinder/policy.json @@ -0,0 +1,80 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "admin_api": "is_admin:True", + + "volume:create": "", + "volume:get_all": "", + "volume:get_volume_metadata": "", + "volume:get_volume_admin_metadata": "rule:admin_api", + "volume:delete_volume_admin_metadata": "rule:admin_api", + "volume:update_volume_admin_metadata": "rule:admin_api", + "volume:get_snapshot": "", + "volume:get_all_snapshots": "", + "volume:extend": "", + "volume:update_readonly_flag": "", + "volume:retype": "", + + "volume_extension:types_manage": "rule:admin_api", + "volume_extension:types_extra_specs": "rule:admin_api", + "volume_extension:volume_type_encryption": "rule:admin_api", + "volume_extension:volume_encryption_metadata": "rule:admin_or_owner", + "volume_extension:extended_snapshot_attributes": "", + "volume_extension:volume_image_metadata": "", + + "volume_extension:quotas:show": "", + "volume_extension:quotas:update": "rule:admin_api", + "volume_extension:quota_classes": "", + + "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", + "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", + "volume_extension:backup_admin_actions:reset_status": "rule:admin_api", + "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", + "volume_extension:volume_admin_actions:force_detach": "rule:admin_api", + "volume_extension:snapshot_admin_actions:force_delete": "rule:admin_api", + "volume_extension:volume_admin_actions:migrate_volume": "rule:admin_api", + "volume_extension:volume_admin_actions:migrate_volume_completion": "rule:admin_api", + + "volume_extension:volume_host_attribute": "rule:admin_api", + "volume_extension:volume_tenant_attribute": "rule:admin_or_owner", + "volume_extension:volume_mig_status_attribute": "rule:admin_api", + "volume_extension:hosts": "rule:admin_api", + "volume_extension:services": "rule:admin_api", + + "volume_extension:volume_manage": "rule:admin_api", + "volume_extension:volume_unmanage": "rule:admin_api", + + "volume:services": "rule:admin_api", + + "volume:create_transfer": "", + "volume:accept_transfer": "", + "volume:delete_transfer": "", + "volume:get_all_transfers": "", + + "volume_extension:replication:promote": "rule:admin_api", + "volume_extension:replication:reenable": "rule:admin_api", + + "backup:create" : "", + "backup:delete": "", + "backup:get": "", + "backup:get_all": "", + "backup:restore": "", + "backup:backup-import": "rule:admin_api", + "backup:backup-export": "rule:admin_api", + + "snapshot_extension:snapshot_actions:update_snapshot_status": "", + + "consistencygroup:create" : "group:nobody", + "consistencygroup:delete": "group:nobody", + "consistencygroup:get": "group:nobody", + "consistencygroup:get_all": "group:nobody", + + "consistencygroup:create_cgsnapshot" : "", + "consistencygroup:delete_cgsnapshot": "", + "consistencygroup:get_cgsnapshot": "", + "consistencygroup:get_all_cgsnapshots": "", + + "scheduler_extension:scheduler_stats:get_pools" : "rule:admin_api" +} diff --git a/openstack/usr/share/openstack/extras/00-disable-device.network b/openstack/usr/share/openstack/extras/00-disable-device.network new file mode 100644 index 00000000..8e2532d0 --- /dev/null +++ b/openstack/usr/share/openstack/extras/00-disable-device.network @@ -0,0 +1,2 @@ +[Match] +Name={{ item }} diff --git a/openstack/usr/share/openstack/extras/60-device-dhcp.network b/openstack/usr/share/openstack/extras/60-device-dhcp.network new file mode 100644 index 00000000..6fdbfd8d --- /dev/null +++ b/openstack/usr/share/openstack/extras/60-device-dhcp.network @@ -0,0 +1,5 @@ +[Match] +Name={{ item }} + +[Network] +DHCP=yes diff --git a/openstack/usr/share/openstack/glance.yml b/openstack/usr/share/openstack/glance.yml new file mode 100644 index 00000000..aa7e4c78 --- /dev/null +++ b/openstack/usr/share/openstack/glance.yml @@ -0,0 +1,93 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/glance.conf" + tasks: + - name: Create the glance user. + user: + name: glance + comment: Openstack Glance Daemons + shell: /sbin/nologin + home: /var/lib/glance + + - name: Create the /var folders for glance + file: + path: "{{ item }}" + state: directory + owner: glance + group: glance + with_items: + - /var/run/glance + - /var/lock/glance + - /var/log/glance + - /var/lib/glance + - /var/lib/glance/images + - /var/lib/glance/image-cache + + - name: Create /etc/glance directory + file: + path: /etc/glance + state: directory + + - name: Add the configuration needed for glance in /etc/glance using templates + template: + src: /usr/share/openstack/glance/{{ item }} + dest: /etc/glance/{{ item }} + with_lines: + - cd /usr/share/openstack/glance && find -type f + + - name: Create glance service user in service tenant + keystone_user: + user: "{{ GLANCE_SERVICE_USER }}" + password: "{{ GLANCE_SERVICE_PASSWORD }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Assign admin role to glances service user in the service tenant + keystone_user: + role: admin + user: "{{ GLANCE_SERVICE_USER }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Add glance endpoint + keystone_service: + name: glance + type: image + description: Openstack Image Service + publicurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292 + internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292 + adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9292 + region: regionOne + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Create postgresql user for glance + postgresql_user: + name: "{{ GLANCE_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + password: "{{ GLANCE_DB_PASSWORD }}" + sudo: yes + sudo_user: glance + + - name: Create database for glance services + postgresql_db: + name: glance + owner: "{{ GLANCE_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + sudo: yes + sudo_user: glance + + - name: Initiate glance database + glance_manage: + action: dbsync + sudo: yes + sudo_user: glance + + - name: Enable and start openstack-glance services + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - openstack-glance-api.service + - openstack-glance-registry.service diff --git a/openstack/usr/share/openstack/glance/glance-api-paste.ini b/openstack/usr/share/openstack/glance/glance-api-paste.ini new file mode 100644 index 00000000..86a4cdb1 --- /dev/null +++ b/openstack/usr/share/openstack/glance/glance-api-paste.ini @@ -0,0 +1,77 @@ +# Use this pipeline for no auth or image caching - DEFAULT +[pipeline:glance-api] +pipeline = versionnegotiation osprofiler unauthenticated-context rootapp + +# Use this pipeline for image caching and no auth +[pipeline:glance-api-caching] +pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp + +# Use this pipeline for caching w/ management interface but no auth +[pipeline:glance-api-cachemanagement] +pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp + +# Use this pipeline for keystone auth +[pipeline:glance-api-keystone] +pipeline = versionnegotiation osprofiler authtoken context rootapp + +# Use this pipeline for keystone auth with image caching +[pipeline:glance-api-keystone+caching] +pipeline = versionnegotiation osprofiler authtoken context cache rootapp + +# Use this pipeline for keystone auth with caching and cache management +[pipeline:glance-api-keystone+cachemanagement] +pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user. +[pipeline:glance-api-trusted-auth] +pipeline = versionnegotiation osprofiler context rootapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user and uses cache management +[pipeline:glance-api-trusted-auth+cachemanagement] +pipeline = versionnegotiation osprofiler context cache cachemanage rootapp + +[composite:rootapp] +paste.composite_factory = glance.api:root_app_factory +/: apiversions +/v1: apiv1app +/v2: apiv2app + +[app:apiversions] +paste.app_factory = glance.api.versions:create_resource + +[app:apiv1app] +paste.app_factory = glance.api.v1.router:API.factory + +[app:apiv2app] +paste.app_factory = glance.api.v2.router:API.factory + +[filter:versionnegotiation] +paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory + +[filter:cache] +paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory + +[filter:cachemanage] +paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory +delay_auth_decision = true + +[filter:gzip] +paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory +hmac_keys = SECRET_KEY +enabled = yes diff --git a/openstack/usr/share/openstack/glance/glance-api.conf b/openstack/usr/share/openstack/glance/glance-api.conf new file mode 100644 index 00000000..39257a6d --- /dev/null +++ b/openstack/usr/share/openstack/glance/glance-api.conf @@ -0,0 +1,699 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +#verbose = False + +# Show debugging output in logs (sets DEBUG log level output) +#debug = False + +# Which backend scheme should Glance use by default is not specified +# in a request to add a new image to Glance? Known schemes are determined +# by the known_stores option below. +# Default: 'file' +default_store = file + +# Maximum image size (in bytes) that may be uploaded through the +# Glance API server. Defaults to 1 TB. +# WARNING: this value should only be increased after careful consideration +# and must be set to a value under 8 EB (9223372036854775808). +#image_size_cap = 1099511627776 + +# Address to bind the API server +bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# Port the bind the API server to +bind_port = 9292 + +# Log to this file. Make sure you do not set the same log file for both the API +# and registry servers! +# +# If `log_file` is omitted and `use_syslog` is false, then log messages are +# sent to stdout as a fallback. +# log_file = /var/log/glance/api.log + +# Backlog requests when creating socket +backlog = 4096 + +# TCP_KEEPIDLE value in seconds when creating socket. +# Not supported on OS X. +#tcp_keepidle = 600 + +# API to use for accessing data. Default value points to sqlalchemy +# package, it is also possible to use: glance.db.registry.api +# data_api = glance.db.sqlalchemy.api + +# The number of child process workers that will be +# created to service API requests. The default will be +# equal to the number of CPUs available. (integer value) +#workers = 4 + +# Maximum line size of message headers to be accepted. +# max_header_line may need to be increased when using large tokens +# (typically those generated by the Keystone v3 API with big service +# catalogs) +# max_header_line = 16384 + +# Role used to identify an authenticated user as administrator +#admin_role = admin + +# Allow unauthenticated users to access the API with read-only +# privileges. This only applies when using ContextMiddleware. +#allow_anonymous_access = False + +# Allow access to version 1 of glance api +#enable_v1_api = True + +# Allow access to version 2 of glance api +#enable_v2_api = True + +# Return the URL that references where the data is stored on +# the backend storage system. For example, if using the +# file system store a URL of 'file:///path/to/image' will +# be returned to the user in the 'direct_url' meta-data field. +# The default value is false. +#show_image_direct_url = False + +# Send headers containing user and tenant information when making requests to +# the v1 glance registry. This allows the registry to function as if a user is +# authenticated without the need to authenticate a user itself using the +# auth_token middleware. +# The default value is false. +#send_identity_headers = False + +# Supported values for the 'container_format' image attribute +#container_formats=ami,ari,aki,bare,ovf,ova + +# Supported values for the 'disk_format' image attribute +#disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso + +# Directory to use for lock files. Default to a temp directory +# (string value). This setting needs to be the same for both +# glance-scrubber and glance-api. +#lock_path=<None> + +# Property Protections config file +# This file contains the rules for property protections and the roles/policies +# associated with it. +# If this config value is not specified, by default, property protections +# won't be enforced. +# If a value is specified and the file is not found, then the glance-api +# service will not start. +#property_protection_file = + +# Specify whether 'roles' or 'policies' are used in the +# property_protection_file. +# The default value for property_protection_rule_format is 'roles'. +#property_protection_rule_format = roles + +# This value sets what strategy will be used to determine the image location +# order. Currently two strategies are packaged with Glance 'location_order' +# and 'store_type'. +#location_strategy = location_order + +# ================= Syslog Options ============================ + +# Send logs to syslog (/dev/log) instead of to file specified +# by `log_file` +use_syslog = True + +# Facility to use. If unset defaults to LOG_USER. +#syslog_log_facility = LOG_LOCAL0 + +# ================= SSL Options =============================== + +# Certificate file to use when starting API server securely +#cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +#key_file = /path/to/keyfile + +# CA certificate file to use to verify connecting clients +#ca_file = /path/to/cafile + +# ================= Security Options ========================== + +# AES key for encrypting store 'location' metadata, including +# -- if used -- Swift or S3 credentials +# Should be set to a random string of length 16, 24 or 32 bytes +#metadata_encryption_key = <16, 24 or 32 char registry metadata key> + +# ============ Registry Options =============================== + +# Address to find the registry server +registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# Port the registry server is listening on +registry_port = 9191 + +# What protocol to use when connecting to the registry server? +# Set to https for secure HTTP communication +registry_client_protocol = http + +# The path to the key file to use in SSL connections to the +# registry server, if any. Alternately, you may set the +# GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file +#registry_client_key_file = /path/to/key/file + +# The path to the cert file to use in SSL connections to the +# registry server, if any. Alternately, you may set the +# GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file +#registry_client_cert_file = /path/to/cert/file + +# The path to the certifying authority cert file to use in SSL connections +# to the registry server, if any. Alternately, you may set the +# GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file +#registry_client_ca_file = /path/to/ca/file + +# When using SSL in connections to the registry server, do not require +# validation via a certifying authority. This is the registry's equivalent of +# specifying --insecure on the command line using glanceclient for the API +# Default: False +#registry_client_insecure = False + +# The period of time, in seconds, that the API server will wait for a registry +# request to complete. A value of '0' implies no timeout. +# Default: 600 +#registry_client_timeout = 600 + +# Whether to automatically create the database tables. +# Default: False +#db_auto_create = False + +# Enable DEBUG log messages from sqlalchemy which prints every database +# query and response. +# Default: False +#sqlalchemy_debug = True + +# Pass the user's token through for API requests to the registry. +# Default: True +#use_user_token = True + +# If 'use_user_token' is not in effect then admin credentials +# can be specified. Requests to the registry on behalf of +# the API will use these credentials. +# Admin user name +#admin_user = None +# Admin password +#admin_password = None +# Admin tenant name +#admin_tenant_name = None +# Keystone endpoint +#auth_url = None +# Keystone region +#auth_region = None +# Auth strategy +#auth_strategy = keystone + +# ============ Notification System Options ===================== + +# Driver or drivers to handle sending notifications. Set to +# 'messaging' to send notifications to a message queue. +notification_driver = messagingv2 + +# Default publisher_id for outgoing notifications. +# default_publisher_id = image.localhost + +# Messaging driver used for 'messaging' notifications driver +rpc_backend=rabbit + +# Configuration options if sending notifications via rabbitmq +rabbit_host = {{ RABBITMQ_HOST }} +rabbit_port = {{ RABBITMQ_PORT }} +rabbit_use_ssl = false +rabbit_userid = {{ RABBITMQ_USER }} +rabbit_password = {{ RABBITMQ_PASSWORD }} +rabbit_virtual_host = / +rabbit_notification_exchange = glance +rabbit_notification_topic = notifications +rabbit_durable_queues = False + +# Configuration options if sending notifications via Qpid (these are +# the defaults) +#qpid_notification_exchange = glance +#qpid_notification_topic = notifications +#qpid_hostname = localhost +#qpid_port = 5672 +#qpid_username = +#qpid_password = +#qpid_sasl_mechanisms = +#qpid_reconnect_timeout = 0 +#qpid_reconnect_limit = 0 +#qpid_reconnect_interval_min = 0 +#qpid_reconnect_interval_max = 0 +#qpid_reconnect_interval = 0 +#qpid_heartbeat = 5 +# Set to 'ssl' to enable SSL +#qpid_protocol = tcp +#qpid_tcp_nodelay = True + +# ============ Delayed Delete Options ============================= + +# Turn on/off delayed delete +delayed_delete = False + +# Delayed delete time in seconds +scrub_time = 43200 + +# Directory that the scrubber will use to remind itself of what to delete +# Make sure this is also set in glance-scrubber.conf +scrubber_datadir = /var/lib/glance/scrubber + +# =============== Quota Options ================================== + +# The maximum number of image members allowed per image +#image_member_quota = 128 + +# The maximum number of image properties allowed per image +#image_property_quota = 128 + +# The maximum number of tags allowed per image +#image_tag_quota = 128 + +# The maximum number of locations allowed per image +#image_location_quota = 10 + +# Set a system wide quota for every user. This value is the total number +# of bytes that a user can use across all storage systems. A value of +# 0 means unlimited. +#user_storage_quota = 0 + +# =============== Image Cache Options ============================= + +# Base directory that the Image Cache uses +image_cache_dir = /var/lib/glance/image-cache/ + +# =============== Database Options ================================= + +[database] +# The file name to use with SQLite (string value) +#sqlite_db = oslo.sqlite + +# If True, SQLite uses synchronous mode (boolean value) +#sqlite_synchronous = True + +# The backend to use for db (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend = sqlalchemy + +# The SQLAlchemy connection string used to connect to the +# database (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +#connection = <None> +connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance + + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode = TRADITIONAL + +# Timeout before idle sql connections are reaped (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout = 3600 + +# Minimum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size = <None> + +# Maximum db connection retries during startup. (setting -1 +# implies an infinite retry count) (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries = 10 + +# Interval between retries of opening a sql connection +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval = 10 + +# If set, use this value for max_overflow with sqlalchemy +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow = <None> + +# Verbosity of SQL debugging information. 0=None, +# 100=Everything (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug = 0 + +# Add python stack traces to SQL as comment strings (boolean +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +# (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout = <None> + +# Enable the experimental use of database reconnect on +# connection lost (boolean value) +#use_db_reconnect = False + +# seconds between db connection retries (integer value) +#db_retry_interval = 1 + +# Whether to increase interval between db connection retries, +# up to db_max_retry_interval (boolean value) +#db_inc_retry_interval = True + +# max seconds between db connection retries, if +# db_inc_retry_interval is enabled (integer value) +#db_max_retry_interval = 10 + +# maximum db connection retries before error is raised. +# (setting -1 implies an infinite retry count) (integer value) +#db_max_retries = 20 + +[keystone_authtoken] +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +admin_tenant_name = service +admin_user = {{ GLANCE_SERVICE_USER }} +admin_password = {{ GLANCE_SERVICE_PASSWORD }} +revocation_cache_time = 10 + +[paste_deploy] +# Name of the paste configuration file that defines the available pipelines +#config_file = glance-api-paste.ini + +# Partial name of a pipeline in your paste configuration file with the +# service name removed. For example, if your paste section name is +# [pipeline:glance-api-keystone], you would configure the flavor below +# as 'keystone'. +flavor=keystone + +[store_type_location_strategy] +# The scheme list to use to get store preference order. The scheme must be +# registered by one of the stores defined by the 'known_stores' config option. +# This option will be applied when you using 'store_type' option as image +# location strategy defined by the 'location_strategy' config option. +#store_type_preference = + +[profiler] +# If False fully disable profiling feature. +#enabled = False + +# If False doesn't trace SQL requests. +#trace_sqlalchemy = False + +[task] +# ================= Glance Tasks Options ============================ + +# Specifies how long (in hours) a task is supposed to live in the tasks DB +# after succeeding or failing before getting soft-deleted. +# The default value for task_time_to_live is 48 hours. +# task_time_to_live = 48 + +# Specifies which task executor to be used to run the task scripts. +# The default value for task_executor is eventlet. +# task_executor = eventlet + +# Specifies the maximum number of eventlet threads which can be spun up by +# the eventlet based task executor to perform execution of Glance tasks. +# eventlet_executor_pool_size = 1000 + +[glance_store] +# List of which store classes and store class locations are +# currently known to glance at startup. +# Existing but disabled stores: +# glance.store.rbd.Store, +# glance.store.s3.Store, +# glance.store.swift.Store, +# glance.store.sheepdog.Store, +# glance.store.cinder.Store, +# glance.store.gridfs.Store, +# glance.store.vmware_datastore.Store, +#stores = glance.store.filesystem.Store, +# glance.store.http.Store + +# ============ Filesystem Store Options ======================== + +# Directory that the Filesystem backend store +# writes image data to +filesystem_store_datadir = /var/lib/glance/images/ + +# A list of directories where image data can be stored. +# This option may be specified multiple times for specifying multiple store +# directories. Either one of filesystem_store_datadirs or +# filesystem_store_datadir option is required. A priority number may be given +# after each directory entry, separated by a ":". +# When adding an image, the highest priority directory will be selected, unless +# there is not enough space available in cases where the image size is already +# known. If no priority is given, it is assumed to be zero and the directory +# will be considered for selection last. If multiple directories have the same +# priority, then the one with the most free space available is selected. +# If same store is specified multiple times then BadStoreConfiguration +# exception will be raised. +#filesystem_store_datadirs = /var/lib/glance/images/:1 + +# A path to a JSON file that contains metadata describing the storage +# system. When show_multiple_locations is True the information in this +# file will be returned with any location that is contained in this +# store. +#filesystem_store_metadata_file = None + +# ============ Swift Store Options ============================= + +# Version of the authentication service to use +# Valid versions are '2' for keystone and '1' for swauth and rackspace +swift_store_auth_version = 2 + +# Address where the Swift authentication service lives +# Valid schemes are 'http://' and 'https://' +# If no scheme specified, default to 'https://' +# For swauth, use something like '127.0.0.1:8080/v1.0/' +swift_store_auth_address = 127.0.0.1:5000/v2.0/ + +# User to authenticate against the Swift authentication service +# If you use Swift authentication service, set it to 'account':'user' +# where 'account' is a Swift storage account and 'user' +# is a user in that account +swift_store_user = jdoe:jdoe + +# Auth key for the user authenticating against the +# Swift authentication service +swift_store_key = a86850deb2742ec3cb41518e26aa2d89 + +# Container within the account that the account should use +# for storing images in Swift +swift_store_container = glance + +# Do we create the container if it does not exist? +swift_store_create_container_on_put = False + +# What size, in MB, should Glance start chunking image files +# and do a large object manifest in Swift? By default, this is +# the maximum object size in Swift, which is 5GB +swift_store_large_object_size = 5120 + +# swift_store_config_file = glance-swift.conf +# This file contains references for each of the configured +# Swift accounts/backing stores. If used, this option can prevent +# credentials being stored in the database. Using Swift references +# is disabled if this config is left blank. + +# The reference to the default Swift parameters to use for adding new images. +# default_swift_reference = 'ref1' + +# When doing a large object manifest, what size, in MB, should +# Glance write chunks to Swift? This amount of data is written +# to a temporary disk buffer during the process of chunking +# the image file, and the default is 200MB +swift_store_large_object_chunk_size = 200 + +# Whether to use ServiceNET to communicate with the Swift storage servers. +# (If you aren't RACKSPACE, leave this False!) +# +# To use ServiceNET for authentication, prefix hostname of +# `swift_store_auth_address` with 'snet-'. +# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ +swift_enable_snet = False + +# If set to True enables multi-tenant storage mode which causes Glance images +# to be stored in tenant specific Swift accounts. +#swift_store_multi_tenant = False + +# A list of swift ACL strings that will be applied as both read and +# write ACLs to the containers created by Glance in multi-tenant +# mode. This grants the specified tenants/users read and write access +# to all newly created image objects. The standard swift ACL string +# formats are allowed, including: +# <tenant_id>:<username> +# <tenant_name>:<username> +# *:<username> +# Multiple ACLs can be combined using a comma separated list, for +# example: swift_store_admin_tenants = service:glance,*:admin +#swift_store_admin_tenants = + +# The region of the swift endpoint to be used for single tenant. This setting +# is only necessary if the tenant has multiple swift endpoints. +#swift_store_region = + +# If set to False, disables SSL layer compression of https swift requests. +# Setting to 'False' may improve performance for images which are already +# in a compressed format, eg qcow2. If set to True, enables SSL layer +# compression (provided it is supported by the target swift proxy). +#swift_store_ssl_compression = True + +# The number of times a Swift download will be retried before the +# request fails +#swift_store_retry_get_count = 0 + +# Bypass SSL verification for Swift +#swift_store_auth_insecure = False + +# ============ S3 Store Options ============================= + +# Address where the S3 authentication service lives +# Valid schemes are 'http://' and 'https://' +# If no scheme specified, default to 'http://' +s3_store_host = 127.0.0.1:8080/v1.0/ + +# User to authenticate against the S3 authentication service +s3_store_access_key = <20-char AWS access key> + +# Auth key for the user authenticating against the +# S3 authentication service +s3_store_secret_key = <40-char AWS secret key> + +# Container within the account that the account should use +# for storing images in S3. Note that S3 has a flat namespace, +# so you need a unique bucket name for your glance images. An +# easy way to do this is append your AWS access key to "glance". +# S3 buckets in AWS *must* be lowercased, so remember to lowercase +# your AWS access key if you use it in your bucket name below! +s3_store_bucket = <lowercased 20-char aws access key>glance + +# Do we create the bucket if it does not exist? +s3_store_create_bucket_on_put = False + +# When sending images to S3, the data will first be written to a +# temporary buffer on disk. By default the platform's temporary directory +# will be used. If required, an alternative directory can be specified here. +#s3_store_object_buffer_dir = /path/to/dir + +# When forming a bucket url, boto will either set the bucket name as the +# subdomain or as the first token of the path. Amazon's S3 service will +# accept it as the subdomain, but Swift's S3 middleware requires it be +# in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'. +#s3_store_bucket_url_format = subdomain + +# Size, in MB, should S3 start chunking image files +# and do a multipart upload in S3. The default is 100MB. +#s3_store_large_object_size = 100 + +# Multipart upload part size, in MB, should S3 use when uploading +# parts. The size must be greater than or equal to +# 5MB. The default is 10MB. +#s3_store_large_object_chunk_size = 10 + +# The number of thread pools to perform a multipart upload +# in S3. The default is 10. +#s3_store_thread_pools = 10 + +# ============ RBD Store Options ============================= + +# Ceph configuration file path +# If using cephx authentication, this file should +# include a reference to the right keyring +# in a client.<USER> section +#rbd_store_ceph_conf = /etc/ceph/ceph.conf + +# RADOS user to authenticate as (only applicable if using cephx) +# If <None>, a default will be chosen based on the client. section +# in rbd_store_ceph_conf +#rbd_store_user = <None> + +# RADOS pool in which images are stored +#rbd_store_pool = images + +# RADOS images will be chunked into objects of this size (in megabytes). +# For best performance, this should be a power of two +#rbd_store_chunk_size = 8 + +# ============ Sheepdog Store Options ============================= + +sheepdog_store_address = localhost + +sheepdog_store_port = 7000 + +# Images will be chunked into objects of this size (in megabytes). +# For best performance, this should be a power of two +sheepdog_store_chunk_size = 64 + +# ============ Cinder Store Options =============================== + +# Info to match when looking for cinder in the service catalog +# Format is : separated values of the form: +# <service_type>:<service_name>:<endpoint_type> (string value) +#cinder_catalog_info = volume:cinder:publicURL + +# Override service catalog lookup with template for cinder endpoint +# e.g. http://localhost:8776/v1/%(project_id)s (string value) +#cinder_endpoint_template = <None> + +# Region name of this node (string value) +#os_region_name = <None> + +# Location of ca certicates file to use for cinder client requests +# (string value) +#cinder_ca_certificates_file = <None> + +# Number of cinderclient retries on failed http calls (integer value) +#cinder_http_retries = 3 + +# Allow to perform insecure SSL requests to cinder (boolean value) +#cinder_api_insecure = False + +# ============ VMware Datastore Store Options ===================== + +# ESX/ESXi or vCenter Server target system. +# The server value can be an IP address or a DNS name +# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com +#vmware_server_host = <None> + +# Server username (string value) +#vmware_server_username = <None> + +# Server password (string value) +#vmware_server_password = <None> + +# Inventory path to a datacenter (string value) +# Value optional when vmware_server_ip is an ESX/ESXi host: if specified +# should be `ha-datacenter`. +#vmware_datacenter_path = <None> + +# Datastore associated with the datacenter (string value) +#vmware_datastore_name = <None> + +# The number of times we retry on failures +# e.g., socket error, etc (integer value) +#vmware_api_retry_count = 10 + +# The interval used for polling remote tasks +# invoked on VMware ESX/VC server in seconds (integer value) +#vmware_task_poll_interval = 5 + +# Absolute path of the folder containing the images in the datastore +# (string value) +#vmware_store_image_dir = /openstack_glance + +# Allow to perform insecure SSL requests to the target system (boolean value) +#vmware_api_insecure = False diff --git a/openstack/usr/share/openstack/glance/glance-cache.conf b/openstack/usr/share/openstack/glance/glance-cache.conf new file mode 100644 index 00000000..3f2d4603 --- /dev/null +++ b/openstack/usr/share/openstack/glance/glance-cache.conf @@ -0,0 +1,200 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +#verbose = False + +# Show debugging output in logs (sets DEBUG log level output) +#debug = False + +# Log to this file. Make sure you do not set the same log file for both the API +# and registry servers! +# +# If `log_file` is omitted and `use_syslog` is false, then log messages are +# sent to stdout as a fallback. +# log_file = /var/log/glance/image-cache.log + +# Send logs to syslog (/dev/log) instead of to file specified by `log_file` +use_syslog = True + +# Directory that the Image Cache writes data to +image_cache_dir = /var/lib/glance/image-cache/ + +# Number of seconds after which we should consider an incomplete image to be +# stalled and eligible for reaping +image_cache_stall_time = 86400 + +# Max cache size in bytes +image_cache_max_size = 10737418240 + +# Address to find the registry server +registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# Port the registry server is listening on +registry_port = 9191 + +# Auth settings if using Keystone +# auth_url = http://127.0.0.1:5000/v2.0/ +# admin_tenant_name = %SERVICE_TENANT_NAME% +# admin_user = %SERVICE_USER% +# admin_password = %SERVICE_PASSWORD% + +# List of which store classes and store class locations are +# currently known to glance at startup. +# known_stores = glance.store.filesystem.Store, +# glance.store.http.Store, +# glance.store.rbd.Store, +# glance.store.s3.Store, +# glance.store.swift.Store, +# glance.store.sheepdog.Store, +# glance.store.cinder.Store, +# glance.store.vmware_datastore.Store, + +# ============ Filesystem Store Options ======================== + +# Directory that the Filesystem backend store +# writes image data to +filesystem_store_datadir = /var/lib/glance/images/ + +# ============ Swift Store Options ============================= + +# Version of the authentication service to use +# Valid versions are '2' for keystone and '1' for swauth and rackspace +swift_store_auth_version = 2 + +# Address where the Swift authentication service lives +# Valid schemes are 'http://' and 'https://' +# If no scheme specified, default to 'https://' +# For swauth, use something like '127.0.0.1:8080/v1.0/' +swift_store_auth_address = 127.0.0.1:5000/v2.0/ + +# User to authenticate against the Swift authentication service +# If you use Swift authentication service, set it to 'account':'user' +# where 'account' is a Swift storage account and 'user' +# is a user in that account +swift_store_user = jdoe:jdoe + +# Auth key for the user authenticating against the +# Swift authentication service +swift_store_key = a86850deb2742ec3cb41518e26aa2d89 + +# Container within the account that the account should use +# for storing images in Swift +swift_store_container = glance + +# Do we create the container if it does not exist? +swift_store_create_container_on_put = False + +# What size, in MB, should Glance start chunking image files +# and do a large object manifest in Swift? By default, this is +# the maximum object size in Swift, which is 5GB +swift_store_large_object_size = 5120 + +# When doing a large object manifest, what size, in MB, should +# Glance write chunks to Swift? This amount of data is written +# to a temporary disk buffer during the process of chunking +# the image file, and the default is 200MB +swift_store_large_object_chunk_size = 200 + +# Whether to use ServiceNET to communicate with the Swift storage servers. +# (If you aren't RACKSPACE, leave this False!) +# +# To use ServiceNET for authentication, prefix hostname of +# `swift_store_auth_address` with 'snet-'. +# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ +swift_enable_snet = False + +# ============ S3 Store Options ============================= + +# Address where the S3 authentication service lives +# Valid schemes are 'http://' and 'https://' +# If no scheme specified, default to 'http://' +s3_store_host = 127.0.0.1:8080/v1.0/ + +# User to authenticate against the S3 authentication service +s3_store_access_key = <20-char AWS access key> + +# Auth key for the user authenticating against the +# S3 authentication service +s3_store_secret_key = <40-char AWS secret key> + +# Container within the account that the account should use +# for storing images in S3. Note that S3 has a flat namespace, +# so you need a unique bucket name for your glance images. An +# easy way to do this is append your AWS access key to "glance". +# S3 buckets in AWS *must* be lowercased, so remember to lowercase +# your AWS access key if you use it in your bucket name below! +s3_store_bucket = <lowercased 20-char aws access key>glance + +# Do we create the bucket if it does not exist? +s3_store_create_bucket_on_put = False + +# When sending images to S3, the data will first be written to a +# temporary buffer on disk. By default the platform's temporary directory +# will be used. If required, an alternative directory can be specified here. +# s3_store_object_buffer_dir = /path/to/dir + +# ============ Cinder Store Options =========================== + +# Info to match when looking for cinder in the service catalog +# Format is : separated values of the form: +# <service_type>:<service_name>:<endpoint_type> (string value) +#cinder_catalog_info = volume:cinder:publicURL + +# Override service catalog lookup with template for cinder endpoint +# e.g. http://localhost:8776/v1/%(project_id)s (string value) +#cinder_endpoint_template = <None> + +# Region name of this node (string value) +#os_region_name = <None> + +# Location of ca certicates file to use for cinder client requests +# (string value) +#cinder_ca_certificates_file = <None> + +# Number of cinderclient retries on failed http calls (integer value) +#cinder_http_retries = 3 + +# Allow to perform insecure SSL requests to cinder (boolean value) +#cinder_api_insecure = False + +# ============ VMware Datastore Store Options ===================== + +# ESX/ESXi or vCenter Server target system. +# The server value can be an IP address or a DNS name +# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com +#vmware_server_host = <None> + +# Server username (string value) +#vmware_server_username = <None> + +# Server password (string value) +#vmware_server_password = <None> + +# Inventory path to a datacenter (string value) +# Value optional when vmware_server_ip is an ESX/ESXi host: if specified +# should be `ha-datacenter`. +#vmware_datacenter_path = <None> + +# Datastore associated with the datacenter (string value) +#vmware_datastore_name = <None> + +# The number of times we retry on failures +# e.g., socket error, etc (integer value) +#vmware_api_retry_count = 10 + +# The interval used for polling remote tasks +# invoked on VMware ESX/VC server in seconds (integer value) +#vmware_task_poll_interval = 5 + +# Absolute path of the folder containing the images in the datastore +# (string value) +#vmware_store_image_dir = /openstack_glance + +# Allow to perform insecure SSL requests to the target system (boolean value) +#vmware_api_insecure = False + +# ================= Security Options ========================== + +# AES key for encrypting store 'location' metadata, including +# -- if used -- Swift or S3 credentials +# Should be set to a random string of length 16, 24 or 32 bytes +# metadata_encryption_key = <16, 24 or 32 char registry metadata key> diff --git a/openstack/usr/share/openstack/glance/glance-registry-paste.ini b/openstack/usr/share/openstack/glance/glance-registry-paste.ini new file mode 100644 index 00000000..df403f6e --- /dev/null +++ b/openstack/usr/share/openstack/glance/glance-registry-paste.ini @@ -0,0 +1,30 @@ +# Use this pipeline for no auth - DEFAULT +[pipeline:glance-registry] +pipeline = osprofiler unauthenticated-context registryapp + +# Use this pipeline for keystone auth +[pipeline:glance-registry-keystone] +pipeline = osprofiler authtoken context registryapp + +# Use this pipeline for authZ only. This means that the registry will treat a +# user as authenticated without making requests to keystone to reauthenticate +# the user. +[pipeline:glance-registry-trusted-auth] +pipeline = osprofiler context registryapp + +[app:registryapp] +paste.app_factory = glance.registry.api:API.factory + +[filter:context] +paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory + +[filter:unauthenticated-context] +paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory +hmac_keys = SECRET_KEY +enabled = yes diff --git a/openstack/usr/share/openstack/glance/glance-registry.conf b/openstack/usr/share/openstack/glance/glance-registry.conf new file mode 100644 index 00000000..302f4138 --- /dev/null +++ b/openstack/usr/share/openstack/glance/glance-registry.conf @@ -0,0 +1,245 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +#verbose = False + +# Show debugging output in logs (sets DEBUG log level output) +#debug = False + +# Address to bind the registry server +bind_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# Port the bind the registry server to +bind_port = 9191 + +# Log to this file. Make sure you do not set the same log file for both the API +# and registry servers! +# +# If `log_file` is omitted and `use_syslog` is false, then log messages are +# sent to stdout as a fallback. +# log_file = /var/log/glance/registry.log + +# Backlog requests when creating socket +backlog = 4096 + +# TCP_KEEPIDLE value in seconds when creating socket. +# Not supported on OS X. +#tcp_keepidle = 600 + +# API to use for accessing data. Default value points to sqlalchemy +# package. +#data_api = glance.db.sqlalchemy.api + +# The number of child process workers that will be +# created to service Registry requests. The default will be +# equal to the number of CPUs available. (integer value) +#workers = None + +# Enable Registry API versions individually or simultaneously +#enable_v1_registry = True +#enable_v2_registry = True + +# Limit the api to return `param_limit_max` items in a call to a container. If +# a larger `limit` query param is provided, it will be reduced to this value. +api_limit_max = 1000 + +# If a `limit` query param is not provided in an api request, it will +# default to `limit_param_default` +limit_param_default = 25 + +# Role used to identify an authenticated user as administrator +#admin_role = admin + +# Whether to automatically create the database tables. +# Default: False +#db_auto_create = False + +# Enable DEBUG log messages from sqlalchemy which prints every database +# query and response. +# Default: False +#sqlalchemy_debug = True + +# ================= Syslog Options ============================ + +# Send logs to syslog (/dev/log) instead of to file specified +# by `log_file` +use_syslog = True + +# Facility to use. If unset defaults to LOG_USER. +#syslog_log_facility = LOG_LOCAL1 + +# ================= SSL Options =============================== + +# Certificate file to use when starting registry server securely +#cert_file = /path/to/certfile + +# Private key file to use when starting registry server securely +#key_file = /path/to/keyfile + +# CA certificate file to use to verify connecting clients +#ca_file = /path/to/cafile + +# ============ Notification System Options ===================== + +# Driver or drivers to handle sending notifications. Set to +# 'messaging' to send notifications to a message queue. +notification_driver = messagingv2 + +# Default publisher_id for outgoing notifications. +# default_publisher_id = image.localhost + +# Messaging driver used for 'messaging' notifications driver +rpc_backend=rabbit + +# Configuration options if sending notifications via rabbitmq +rabbit_host = {{ RABBITMQ_HOST }} +rabbit_port = {{ RABBITMQ_PORT }} +rabbit_use_ssl = false +rabbit_userid = {{ RABBITMQ_USER }} +rabbit_password = {{ RABBITMQ_PASSWORD }} +rabbit_virtual_host = / +rabbit_notification_exchange = glance +rabbit_notification_topic = notifications +rabbit_durable_queues = False + +# Configuration options if sending notifications via Qpid (these are +# the defaults) +qpid_notification_exchange = glance +qpid_notification_topic = notifications +qpid_hostname = localhost +qpid_port = 5672 +qpid_username = +qpid_password = +qpid_sasl_mechanisms = +qpid_reconnect_timeout = 0 +qpid_reconnect_limit = 0 +qpid_reconnect_interval_min = 0 +qpid_reconnect_interval_max = 0 +qpid_reconnect_interval = 0 +qpid_heartbeat = 5 +# Set to 'ssl' to enable SSL +qpid_protocol = tcp +qpid_tcp_nodelay = True + + +# ================= Database Options ========================== + +[database] +# The file name to use with SQLite (string value) +#sqlite_db = glance.sqlite + +# If True, SQLite uses synchronous mode (boolean value) +#sqlite_synchronous = True + +# The backend to use for db (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend = sqlalchemy + +# The SQLAlchemy connection string used to connect to the +# database (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +#connection = <None> +connection=postgresql://{{ GLANCE_DB_USER }}:{{ GLANCE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/glance + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode = TRADITIONAL + +# Timeout before idle sql connections are reaped (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout = 3600 + +# Minimum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size = <None> + +# Maximum db connection retries during startup. (setting -1 +# implies an infinite retry count) (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries = 10 + +# Interval between retries of opening a sql connection +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval = 10 + +# If set, use this value for max_overflow with sqlalchemy +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow = <None> + +# Verbosity of SQL debugging information. 0=None, +# 100=Everything (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug = 0 + +# Add python stack traces to SQL as comment strings (boolean +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +# (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout = <None> + +# Enable the experimental use of database reconnect on +# connection lost (boolean value) +#use_db_reconnect = False + +# seconds between db connection retries (integer value) +#db_retry_interval = 1 + +# Whether to increase interval between db connection retries, +# up to db_max_retry_interval (boolean value) +#db_inc_retry_interval = True + +# max seconds between db connection retries, if +# db_inc_retry_interval is enabled (integer value) +#db_max_retry_interval = 10 + +# maximum db connection retries before error is raised. +# (setting -1 implies an infinite retry count) (integer value) +#db_max_retries = 20 + +[keystone_authtoken] +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +admin_tenant_name = service +admin_user = {{ GLANCE_SERVICE_USER }} +admin_password = {{ GLANCE_SERVICE_PASSWORD }} + +[paste_deploy] +# Name of the paste configuration file that defines the available pipelines +#config_file = glance-registry-paste.ini + +# Partial name of a pipeline in your paste configuration file with the +# service name removed. For example, if your paste section name is +# [pipeline:glance-registry-keystone], you would configure the flavor below +# as 'keystone'. +flavor=keystone + +[profiler] +# If False fully disable profiling feature. +#enabled = False + +# If False doesn't trace SQL requests. +#trace_sqlalchemy = False diff --git a/openstack/usr/share/openstack/glance/glance-scrubber.conf b/openstack/usr/share/openstack/glance/glance-scrubber.conf new file mode 100644 index 00000000..cdbfda71 --- /dev/null +++ b/openstack/usr/share/openstack/glance/glance-scrubber.conf @@ -0,0 +1,108 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +#verbose = False + +# Show debugging output in logs (sets DEBUG log level output) +#debug = False + +# Log to this file. Make sure you do not set the same log file for both the API +# and registry servers! +# +# If `log_file` is omitted and `use_syslog` is false, then log messages are +# sent to stdout as a fallback. +# log_file = /var/log/glance/scrubber.log + +# Send logs to syslog (/dev/log) instead of to file specified by `log_file` +use_syslog = True + +# Should we run our own loop or rely on cron/scheduler to run us +daemon = False + +# Loop time between checking for new items to schedule for delete +wakeup_time = 300 + +# Directory that the scrubber will use to remind itself of what to delete +# Make sure this is also set in glance-api.conf +scrubber_datadir = /var/lib/glance/scrubber + +# Only one server in your deployment should be designated the cleanup host +cleanup_scrubber = False + +# pending_delete items older than this time are candidates for cleanup +cleanup_scrubber_time = 86400 + +# Address to find the registry server for cleanups +registry_host = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# Port the registry server is listening on +registry_port = 9191 + +# Auth settings if using Keystone +# auth_url = http://127.0.0.1:5000/v2.0/ +# admin_tenant_name = %SERVICE_TENANT_NAME% +# admin_user = %SERVICE_USER% +# admin_password = %SERVICE_PASSWORD% + +# Directory to use for lock files. Default to a temp directory +# (string value). This setting needs to be the same for both +# glance-scrubber and glance-api. +#lock_path=<None> + +# API to use for accessing data. Default value points to sqlalchemy +# package, it is also possible to use: glance.db.registry.api +#data_api = glance.db.sqlalchemy.api + +# ================= Security Options ========================== + +# AES key for encrypting store 'location' metadata, including +# -- if used -- Swift or S3 credentials +# Should be set to a random string of length 16, 24 or 32 bytes +#metadata_encryption_key = <16, 24 or 32 char registry metadata key> + +# ================= Database Options ===============+========== + +[database] + +# The SQLAlchemy connection string used to connect to the +# database (string value) +#connection=sqlite:////glance/openstack/common/db/$sqlite_db + +# The SQLAlchemy connection string used to connect to the +# slave database (string value) +#slave_connection= + +# timeout before idle sql connections are reaped (integer +# value) +#idle_timeout=3600 + +# Minimum number of SQL connections to keep open in a pool +# (integer value) +#min_pool_size=1 + +# Maximum number of SQL connections to keep open in a pool +# (integer value) +#max_pool_size=<None> + +# maximum db connection retries during startup. (setting -1 +# implies an infinite retry count) (integer value) +#max_retries=10 + +# interval between retries of opening a sql connection +# (integer value) +#retry_interval=10 + +# If set, use this value for max_overflow with sqlalchemy +# (integer value) +#max_overflow=<None> + +# Verbosity of SQL debugging information. 0=None, +# 100=Everything (integer value) +#connection_debug=0 + +# Add python stack traces to SQL as comment strings (boolean +# value) +#connection_trace=false + +# If set, use this value for pool_timeout with sqlalchemy +# (integer value) +#pool_timeout=<None> diff --git a/openstack/usr/share/openstack/glance/logging.conf b/openstack/usr/share/openstack/glance/logging.conf new file mode 100644 index 00000000..7e7f31f0 --- /dev/null +++ b/openstack/usr/share/openstack/glance/logging.conf @@ -0,0 +1,54 @@ +[loggers] +keys=root,api,registry,combined + +[formatters] +keys=normal,normal_with_name,debug + +[handlers] +keys=production,file,devel + +[logger_root] +level=NOTSET +handlers=devel + +[logger_api] +level=DEBUG +handlers=devel +qualname=glance-api + +[logger_registry] +level=DEBUG +handlers=devel +qualname=glance-registry + +[logger_combined] +level=DEBUG +handlers=devel +qualname=glance-combined + +[handler_production] +class=handlers.SysLogHandler +level=ERROR +formatter=normal_with_name +args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) + +[handler_file] +class=FileHandler +level=DEBUG +formatter=normal_with_name +args=('glance.log', 'w') + +[handler_devel] +class=StreamHandler +level=NOTSET +formatter=debug +args=(sys.stdout,) + +[formatter_normal] +format=%(asctime)s %(levelname)s %(message)s + +[formatter_normal_with_name] +format=(%(name)s): %(asctime)s %(levelname)s %(message)s + +[formatter_debug] +format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/openstack/usr/share/openstack/glance/policy.json b/openstack/usr/share/openstack/glance/policy.json new file mode 100644 index 00000000..325f00b2 --- /dev/null +++ b/openstack/usr/share/openstack/glance/policy.json @@ -0,0 +1,52 @@ +{ + "context_is_admin": "role:admin", + "default": "", + + "add_image": "", + "delete_image": "", + "get_image": "", + "get_images": "", + "modify_image": "", + "publicize_image": "role:admin", + "copy_from": "", + + "download_image": "", + "upload_image": "", + + "delete_image_location": "", + "get_image_location": "", + "set_image_location": "", + + "add_member": "", + "delete_member": "", + "get_member": "", + "get_members": "", + "modify_member": "", + + "manage_image_cache": "role:admin", + + "get_task": "", + "get_tasks": "", + "add_task": "", + "modify_task": "", + + "get_metadef_namespace": "", + "get_metadef_namespaces":"", + "modify_metadef_namespace":"", + "add_metadef_namespace":"", + + "get_metadef_object":"", + "get_metadef_objects":"", + "modify_metadef_object":"", + "add_metadef_object":"", + + "list_metadef_resource_types":"", + "get_metadef_resource_type":"", + "add_metadef_resource_type_association":"", + + "get_metadef_property":"", + "get_metadef_properties":"", + "modify_metadef_property":"", + "add_metadef_property":"" + +} diff --git a/openstack/usr/share/openstack/glance/schema-image.json b/openstack/usr/share/openstack/glance/schema-image.json new file mode 100644 index 00000000..5aafd6b3 --- /dev/null +++ b/openstack/usr/share/openstack/glance/schema-image.json @@ -0,0 +1,28 @@ +{ + "kernel_id": { + "type": "string", + "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", + "description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image." + }, + "ramdisk_id": { + "type": "string", + "pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$", + "description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image." + }, + "instance_uuid": { + "type": "string", + "description": "ID of instance used to create this image." + }, + "architecture": { + "description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", + "type": "string" + }, + "os_distro": { + "description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html", + "type": "string" + }, + "os_version": { + "description": "Operating system version as specified by the distributor", + "type": "string" + } +} diff --git a/openstack/usr/share/openstack/horizon.yml b/openstack/usr/share/openstack/horizon.yml new file mode 100644 index 00000000..14cea5c5 --- /dev/null +++ b/openstack/usr/share/openstack/horizon.yml @@ -0,0 +1,47 @@ +--- +- hosts: localhost + tasks: + +# Setup apache, this may end up in apache.yml + - name: Create the apache user. + user: + name: apache + comment: Apache Server + shell: /sbin/nologin + home: /var/www + + - file: + path: /usr/sbin/suexec + group: apache + mode: 4750 + +# Setup horizon + - name: Create the horizon user. + user: + name: horizon + comment: Openstack Horizon User + shell: /sbin/nologin + home: /var/lib/horizon + + - name: Create the /var folders for horizon + file: + path: "{{ item }}" + state: directory + owner: horizon + group: horizon + with_items: + - /var/lib/horizon + + - name: Link horizon apache configuration + file: + src: /etc/horizon/apache-horizon.conf + dest: /etc/httpd/conf.d/apache-horizon.conf + state: link + + - name: Enable and start apache services needed by horizon + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - apache-httpd.service diff --git a/openstack/usr/share/openstack/hosts b/openstack/usr/share/openstack/hosts new file mode 100644 index 00000000..5b97818d --- /dev/null +++ b/openstack/usr/share/openstack/hosts @@ -0,0 +1 @@ +localhost ansible_connection=local diff --git a/openstack/usr/share/openstack/ironic.yml b/openstack/usr/share/openstack/ironic.yml new file mode 100644 index 00000000..db0a8aa8 --- /dev/null +++ b/openstack/usr/share/openstack/ironic.yml @@ -0,0 +1,104 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/ironic.conf" + tasks: + - name: Create the ironic user + user: + name: ironic + comment: Openstack Ironic Daemons + shell: /sbin/nologin + home: /var/lib/ironic + + - name: Create the /var folders for Ironic + file: + path: "{{ item }}" + state: directory + owner: ironic + group: ironic + with_items: + - /var/run/ironic + - /var/lock/ironic + - /var/log/ironic + - /var/lib/ironic + + - file: path=/etc/ironic state=directory + - name: Add the configuration needed for ironic in /etc/ironic using templates + template: + src: /usr/share/openstack/ironic/{{ item }} + dest: /etc/ironic/{{ item }} + with_lines: + - cd /usr/share/openstack/ironic && find -type f + + - name: Create Ironic service user in service tenant + keystone_user: + user: "{{ IRONIC_SERVICE_USER }}" + password: "{{ IRONIC_SERVICE_PASSWORD }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Assign admin role to Ironic service user in the service tenant + keystone_user: + role: admin + user: "{{ IRONIC_SERVICE_USER }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Add Ironic endpoint + keystone_service: + name: ironic + type: baremetal + description: Openstack Ironic Service + publicurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:6385' + internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:6385' + adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:6385' + region: 'regionOne' + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Create postgresql user for Ironic + postgresql_user: + name: "{{ IRONIC_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + password: "{{ IRONIC_DB_PASSWORD }}" + sudo: yes + sudo_user: ironic + + - name: Create database for Ironic services + postgresql_db: + name: ironic + owner: "{{ IRONIC_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + sudo: yes + sudo_user: ironic + + - name: Initiate Ironic database + # Use 'upgrade' instead of 'create_schema' to make the operation + # idempotent + shell: | + ironic-dbsync \ + --config-file /etc/ironic/ironic.conf upgrade + sudo: yes + sudo_user: ironic + + - name: Enable and start openstack-ironic services + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - openstack-ironic-conductor.service + - openstack-ironic-api.service + + - name: Set owner and group for the tftp root directory + file: + path: "/srv/tftp_root/" + state: directory + owner: ironic + group: ironic + recurse: yes + + - name: Enable and start tftp-hpa + service: + name: tftp-hpa.socket + enabled: yes + state: started diff --git a/openstack/usr/share/openstack/ironic/ironic.conf b/openstack/usr/share/openstack/ironic/ironic.conf new file mode 100644 index 00000000..75c62b8e --- /dev/null +++ b/openstack/usr/share/openstack/ironic/ironic.conf @@ -0,0 +1,1247 @@ +[DEFAULT] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in amqp. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in amqp. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + +# SSL version to use (valid only if SSL enabled). valid values +# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some +# distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +rabbit_host={{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. +# (integer value) +rabbit_port={{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +rabbit_userid={{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +rabbit_password={{ RABBITMQ_PASSWORD }} + +# the RabbitMQ login method (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# If passed, use a fake RabbitMQ provider. (boolean value) +#fake_rabbit=false + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve +# to this address. (string value) +#rpc_zmq_bind_address=* + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port=9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts=1 + +# Maximum number of ingress messages to locally buffer per +# topic. Default is unlimited. (integer value) +#rpc_zmq_topic_backlog=<None> + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir=/var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP +# address. Must match "host" option, if running Nova. (string +# value) +#rpc_zmq_host=ironic + +# Seconds to wait before a cast expires (TTL). Only supported +# by impl_zmq. (integer value) +#rpc_cast_timeout=30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq=300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl=600 + +# Size of RPC greenthread pool. (integer value) +#rpc_thread_pool_size=64 + +# Driver or drivers to handle sending notifications. (multi +# valued) +#notification_driver= + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +#notification_topics=notifications + +# Seconds to wait for a response from a call. (integer value) +#rpc_response_timeout=60 + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend +# option and driver specific configuration. (string value) +#transport_url=<None> + +# The messaging driver to use, defaults to rabbit. Other +# drivers include qpid and zmq. (string value) +#rpc_backend=rabbit + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the +# transport_url option. (string value) +#control_exchange=openstack + + +# +# Options defined in ironic.netconf +# + +# IP address of this host. (string value) +my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# Use IPv6. (boolean value) +#use_ipv6=false + + +# +# Options defined in ironic.api.app +# + +# Method to use for authentication: noauth or keystone. +# (string value) +#auth_strategy=keystone + + +# +# Options defined in ironic.common.driver_factory +# + +# Specify the list of drivers to load during service +# initialization. Missing drivers, or drivers which fail to +# initialize, will prevent the conductor service from +# starting. The option default is a recommended set of +# production-oriented drivers. A complete list of drivers +# present on your system may be found by enumerating the +# "ironic.drivers" entrypoint. An example may be found in the +# developer documentation online. (list value) +enabled_drivers=pxe_ipmitool,pxe_ssh + + +# +# Options defined in ironic.common.exception +# + +# Make exception message format errors fatal. (boolean value) +#fatal_exception_format_errors=false + + +# +# Options defined in ironic.common.hash_ring +# + +# Exponent to determine number of hash partitions to use when +# distributing load across conductors. Larger values will +# result in more even distribution of load and less load when +# rebalancing the ring, but more memory usage. Number of +# partitions per conductor is (2^hash_partition_exponent). +# This determines the granularity of rebalancing: given 10 +# hosts, and an exponent of the 2, there are 40 partitions in +# the ring.A few thousand partitions should make rebalancing +# smooth in most cases. The default is suitable for up to a +# few hundred conductors. Too many partitions has a CPU +# impact. (integer value) +#hash_partition_exponent=5 + +# [Experimental Feature] Number of hosts to map onto each hash +# partition. Setting this to more than one will cause +# additional conductor services to prepare deployment +# environments and potentially allow the Ironic cluster to +# recover more quickly if a conductor instance is terminated. +# (integer value) +#hash_distribution_replicas=1 + + +# +# Options defined in ironic.common.images +# + +# Force backing images to raw format. (boolean value) +#force_raw_images=true + +# Path to isolinux binary file. (string value) +#isolinux_bin=/usr/lib/syslinux/isolinux.bin + +# Template file for isolinux configuration file. (string +# value) +#isolinux_config_template=$pybasedir/common/isolinux_config.template + + +# +# Options defined in ironic.common.paths +# + +# Directory where the ironic python module is installed. +# (string value) +#pybasedir=/usr/lib/python/site-packages/ironic + +# Directory where ironic binaries are installed. (string +# value) +#bindir=$pybasedir/bin + +# Top-level directory for maintaining ironic's state. (string +# value) +#state_path=$pybasedir + + +# +# Options defined in ironic.common.policy +# + +# JSON file representing policy. (string value) +#policy_file=policy.json + +# Rule checked when requested rule is not found. (string +# value) +#policy_default_rule=default + + +# +# Options defined in ironic.common.service +# + +# Seconds between running periodic tasks. (integer value) +#periodic_interval=60 + +# Name of this node. This can be an opaque identifier. It is +# not necessarily a hostname, FQDN, or IP address. However, +# the node name must be valid within an AMQP key, and if using +# ZeroMQ, a valid hostname, FQDN, or IP address. (string +# value) +#host=ironic + + +# +# Options defined in ironic.common.utils +# + +# Path to the rootwrap configuration file to use for running +# commands as root. (string value) +#rootwrap_config=/etc/ironic/rootwrap.conf + +# Explicitly specify the temporary working directory. (string +# value) +#tempdir=<None> + + +# +# Options defined in ironic.drivers.modules.image_cache +# + +# Run image downloads and raw format conversions in parallel. +# (boolean value) +#parallel_image_downloads=false + + +# +# Options defined in ironic.openstack.common.eventlet_backdoor +# + +# Enable eventlet backdoor. Acceptable values are 0, <port>, +# and <start>:<end>, where 0 results in listening on a random +# tcp port number; <port> results in listening on the +# specified port number (and not enabling backdoor if that +# port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range +# of port numbers. The chosen port is displayed in the +# service's log file. (string value) +#backdoor_port=<None> + + +# +# Options defined in ironic.openstack.common.lockutils +# + +# Enables or disables inter-process locks. (boolean value) +#disable_process_locking=false + +# Directory to use for lock files. (string value) +#lock_path=<None> + + +# +# Options defined in ironic.openstack.common.log +# + +# Print debugging output (set logging level to DEBUG instead +# of default WARNING level). (boolean value) +#debug=false + +# Print more verbose output (set logging level to INFO instead +# of default WARNING level). (boolean value) +#verbose=false + +# Log output to standard error. (boolean value) +#use_stderr=true + +# Format string to use for log messages with context. (string +# value) +#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages without context. +# (string value) +#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG. (string +# value) +#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format. +# (string value) +#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# List of logger=LEVEL pairs. (list value) +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN + +# Enables or disables publication of error events. (boolean +# value) +#publish_errors=false + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + +# The format for an instance that is passed with the log +# message. (string value) +#instance_format="[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log +# message. (string value) +#instance_uuid_format="[instance: %(uuid)s] " + +# The name of a logging configuration file. This file is +# appended to any existing logging configuration files. For +# details about logging configuration files, see the Python +# logging module documentation. (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append=<None> + +# DEPRECATED. A logging.Formatter log message format string +# which may use any of the available logging.LogRecord +# attributes. This option is deprecated. Please use +# logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format=<None> + +# Format string for %%(asctime)s in log records. Default: +# %(default)s . (string value) +#log_date_format=%Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to output to. If no default is +# set, logging will go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file=<None> + +# (Optional) The base directory used for relative --log-file +# paths. (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir=<None> + +# Use syslog for logging. Existing syslog format is DEPRECATED +# during I, and will change in J to honor RFC5424. (boolean +# value) +use_syslog=True + +# (Optional) Enables or disables syslog rfc5424 format for +# logging. If enabled, prefixes the MSG part of the syslog +# message with APP-NAME (RFC5424). The format without the APP- +# NAME is deprecated in I, and will be removed in J. (boolean +# value) +#use_syslog_rfc_format=false + +# Syslog facility to receive log lines. (string value) +#syslog_log_facility=LOG_USER + + +# +# Options defined in ironic.openstack.common.periodic_task +# + +# Some periodic tasks can be run in a separate process. Should +# we run them here? (boolean value) +#run_external_periodic_tasks=true + + +[agent] + +# +# Options defined in ironic.drivers.modules.agent +# + +# Additional append parameters for baremetal PXE boot. (string +# value) +#agent_pxe_append_params=nofb nomodeset vga=normal + +# Template file for PXE configuration. (string value) +#agent_pxe_config_template=$pybasedir/drivers/modules/agent_config.template + +# Neutron bootfile DHCP parameter. (string value) +#agent_pxe_bootfile_name=pxelinux.0 + +# Maximum interval (in seconds) for agent heartbeats. (integer +# value) +#heartbeat_timeout=300 + + +# +# Options defined in ironic.drivers.modules.agent_client +# + +# API version to use for communicating with the ramdisk agent. +# (string value) +#agent_api_version=v1 + + +[api] + +# +# Options defined in ironic.api +# + +# The listen IP for the Ironic API server. (string value) +#host_ip=0.0.0.0 + +# The port for the Ironic API server. (integer value) +#port=6385 + +# The maximum number of items returned in a single response +# from a collection resource. (integer value) +#max_limit=1000 + + +[conductor] + +# +# Options defined in ironic.conductor.manager +# + +# URL of Ironic API service. If not set ironic can get the +# current value from the keystone service catalog. (string +# value) +api_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6385 + +# Seconds between conductor heart beats. (integer value) +#heartbeat_interval=10 + +# Maximum time (in seconds) since the last check-in of a +# conductor. (integer value) +#heartbeat_timeout=60 + +# Interval between syncing the node power state to the +# database, in seconds. (integer value) +#sync_power_state_interval=60 + +# Interval between checks of provision timeouts, in seconds. +# (integer value) +#check_provision_state_interval=60 + +# Timeout (seconds) for waiting callback from deploy ramdisk. +# 0 - unlimited. (integer value) +#deploy_callback_timeout=1800 + +# During sync_power_state, should the hardware power state be +# set to the state recorded in the database (True) or should +# the database be updated based on the hardware state (False). +# (boolean value) +#force_power_state_during_sync=true + +# During sync_power_state failures, limit the number of times +# Ironic should try syncing the hardware node power state with +# the node power state in DB (integer value) +#power_state_sync_max_retries=3 + +# Maximum number of worker threads that can be started +# simultaneously by a periodic task. Should be less than RPC +# thread pool size. (integer value) +#periodic_max_workers=8 + +# The size of the workers greenthread pool. (integer value) +#workers_pool_size=100 + +# Number of attempts to grab a node lock. (integer value) +#node_locked_retry_attempts=3 + +# Seconds to sleep between node lock attempts. (integer value) +#node_locked_retry_interval=1 + +# Enable sending sensor data message via the notification bus +# (boolean value) +#send_sensor_data=false + +# Seconds between conductor sending sensor data message to +# ceilometer via the notification bus. (integer value) +#send_sensor_data_interval=600 + +# List of comma separated metric types which need to be sent +# to Ceilometer. The default value, "ALL", is a special value +# meaning send all the sensor data. (list value) +#send_sensor_data_types=ALL + +# When conductors join or leave the cluster, existing +# conductors may need to update any persistent local state as +# nodes are moved around the cluster. This option controls how +# often, in seconds, each conductor will check for nodes that +# it should "take over". Set it to a negative value to disable +# the check entirely. (integer value) +#sync_local_state_interval=180 + + +[console] + +# +# Options defined in ironic.drivers.modules.console_utils +# + +# Path to serial console terminal program (string value) +#terminal=shellinaboxd + +# Directory containing the terminal SSL cert(PEM) for serial +# console access (string value) +#terminal_cert_dir=<None> + +# Directory for holding terminal pid files. If not specified, +# the temporary directory will be used. (string value) +#terminal_pid_dir=<None> + +# Time interval (in seconds) for checking the status of +# console subprocess. (integer value) +#subprocess_checking_interval=1 + +# Time (in seconds) to wait for the console subprocess to +# start. (integer value) +#subprocess_timeout=10 + + +[database] + +# +# Options defined in oslo.db +# + +# The file name to use with SQLite. (string value) +#sqlite_db=oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +#sqlite_synchronous=true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend=sqlalchemy + +# The SQLAlchemy connection string to use to connect to the +# database. (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +connection=postgresql://{{ IRONIC_DB_USER}}:{{ IRONIC_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/ironic + +# The SQLAlchemy connection string to use to connect to the +# slave database. (string value) +#slave_connection=<None> + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode=TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout=3600 + +# Minimum number of SQL connections to keep open in a pool. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size=1 + +# Maximum number of SQL connections to keep open in a pool. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size=<None> + +# Maximum db connection retries during startup. Set to -1 to +# specify an infinite retry count. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries=10 + +# Interval between retries of opening a SQL connection. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval=10 + +# If set, use this value for max_overflow with SQLAlchemy. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow=<None> + +# Verbosity of SQL debugging information: 0=None, +# 100=Everything. (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug=0 + +# Add Python stack traces to SQL as comment strings. (boolean +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace=false + +# If set, use this value for pool_timeout with SQLAlchemy. +# (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout=<None> + +# Enable the experimental use of database reconnect on +# connection lost. (boolean value) +#use_db_reconnect=false + +# Seconds between database connection retries. (integer value) +#db_retry_interval=1 + +# If True, increases the interval between database connection +# retries up to db_max_retry_interval. (boolean value) +#db_inc_retry_interval=true + +# If db_inc_retry_interval is set, the maximum seconds between +# database connection retries. (integer value) +#db_max_retry_interval=10 + +# Maximum database connection retries before error is raised. +# Set to -1 to specify an infinite retry count. (integer +# value) +#db_max_retries=20 + + +# +# Options defined in ironic.db.sqlalchemy.models +# + +# MySQL engine to use. (string value) +#mysql_engine=InnoDB + + +[dhcp] + +# +# Options defined in ironic.common.dhcp_factory +# + +# DHCP provider to use. "neutron" uses Neutron, and "none" +# uses a no-op provider. (string value) +#dhcp_provider=neutron + + +[disk_partitioner] + +# +# Options defined in ironic.common.disk_partitioner +# + +# After Ironic has completed creating the partition table, it +# continues to check for activity on the attached iSCSI device +# status at this interval prior to copying the image to the +# node, in seconds (integer value) +#check_device_interval=1 + +# The maximum number of times to check that the device is not +# accessed by another process. If the device is still busy +# after that, the disk partitioning will be treated as having +# failed. (integer value) +#check_device_max_retries=20 + + +[glance] + +# +# Options defined in ironic.common.glance_service.v2.image_service +# + +# A list of URL schemes that can be downloaded directly via +# the direct_url. Currently supported schemes: [file]. (list +# value) +#allowed_direct_url_schemes= + +# The secret token given to Swift to allow temporary URL +# downloads. Required for temporary URLs. (string value) +#swift_temp_url_key=<None> + +# The length of time in seconds that the temporary URL will be +# valid for. Defaults to 20 minutes. If some deploys get a 401 +# response code when trying to download from the temporary +# URL, try raising this duration. (integer value) +#swift_temp_url_duration=1200 + +# The "endpoint" (scheme, hostname, optional port) for the +# Swift URL of the form +# "endpoint_url/api_version/account/container/object_id". Do +# not include trailing "/". For example, use +# "https://swift.example.com". Required for temporary URLs. +# (string value) +#swift_endpoint_url=<None> + +# The Swift API version to create a temporary URL for. +# Defaults to "v1". Swift temporary URL format: +# "endpoint_url/api_version/account/container/object_id" +# (string value) +#swift_api_version=v1 + +# The account that Glance uses to communicate with Swift. The +# format is "AUTH_uuid". "uuid" is the UUID for the account +# configured in the glance-api.conf. Required for temporary +# URLs. For example: +# "AUTH_a422b2-91f3-2f46-74b7-d7c9e8958f5d30". Swift temporary +# URL format: +# "endpoint_url/api_version/account/container/object_id" +# (string value) +#swift_account=<None> + +# The Swift container Glance is configured to store its images +# in. Defaults to "glance", which is the default in glance- +# api.conf. Swift temporary URL format: +# "endpoint_url/api_version/account/container/object_id" +# (string value) +#swift_container=glance + + +# +# Options defined in ironic.common.image_service +# + +# Default glance hostname or IP address. (string value) +glance_host={{ CONTROLLER_HOST_ADDRESS }} + +# Default glance port. (integer value) +#glance_port=9292 + +# Default protocol to use when connecting to glance. Set to +# https for SSL. (string value) +#glance_protocol=http + +# A list of the glance api servers available to ironic. Prefix +# with https:// for SSL-based glance API servers. Format is +# [hostname|IP]:port. (string value) +#glance_api_servers=<None> + +# Allow to perform insecure SSL (https) requests to glance. +# (boolean value) +#glance_api_insecure=false + +# Number of retries when downloading an image from glance. +# (integer value) +#glance_num_retries=0 + +# Default protocol to use when connecting to glance. Set to +# https for SSL. (string value) +#auth_strategy=keystone + + +[ilo] + +# +# Options defined in ironic.drivers.modules.ilo.common +# + +# Timeout (in seconds) for iLO operations (integer value) +#client_timeout=60 + +# Port to be used for iLO operations (integer value) +#client_port=443 + +# The Swift iLO container to store data. (string value) +#swift_ilo_container=ironic_ilo_container + +# Amount of time in seconds for Swift objects to auto-expire. +# (integer value) +#swift_object_expiry_timeout=900 + + +# +# Options defined in ironic.drivers.modules.ilo.power +# + +# Number of times a power operation needs to be retried +# (integer value) +#power_retry=6 + +# Amount of time in seconds to wait in between power +# operations (integer value) +#power_wait=2 + + +[ipmi] + +# +# Options defined in ironic.drivers.modules.ipminative +# + +# Maximum time in seconds to retry IPMI operations. (integer +# value) +#retry_timeout=60 + +# Minimum time, in seconds, between IPMI operations sent to a +# server. There is a risk with some hardware that setting this +# too low may cause the BMC to crash. Recommended setting is 5 +# seconds. (integer value) +#min_command_interval=5 + + +[keystone_authtoken] + +# +# Options defined in keystonemiddleware.auth_token +# + +# Prefix to prepend at the beginning of the path. Deprecated, +# use identity_uri. (string value) +#auth_admin_prefix= + +# Host providing the admin Identity API endpoint. Deprecated, +# use identity_uri. (string value) +#auth_host=127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +#auth_port=35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +#auth_protocol=https + +# Complete public Identity API endpoint (string value) +auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + +# Complete admin Identity API endpoint. This should specify +# the unversioned root endpoint e.g. https://localhost:35357/ +# (string value) +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 + +# API version of the admin Identity API endpoint (string +# value) +#auth_version=<None> + +# Do not handle authorization requests within the middleware, +# but delegate the authorization decision to downstream WSGI +# components (boolean value) +#delay_auth_decision=false + +# Request timeout value for communicating with Identity API +# server. (boolean value) +#http_connect_timeout=<None> + +# How many times are we trying to reconnect when communicating +# with Identity API Server. (integer value) +#http_request_max_retries=3 + +# This option is deprecated and may be removed in a future +# release. Single shared secret with the Keystone +# configuration used for bootstrapping a Keystone +# installation, or otherwise bypassing the normal +# authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token=<None> + +# Keystone account username (string value) +admin_user={{ IRONIC_SERVICE_USER }} + +# Keystone account password (string value) +admin_password={{ IRONIC_SERVICE_PASSWORD }} + +# Keystone service account tenant name to validate user tokens +# (string value) +admin_tenant_name=service + +# Env key for the swift cache (string value) +#cache=<None> + +# Required if Keystone server requires client certificate +# (string value) +#certfile=<None> + +# Required if Keystone server requires client certificate +# (string value) +#keyfile=<None> + +# A PEM encoded Certificate Authority to use when verifying +# HTTPs connections. Defaults to system CAs. (string value) +#cafile=<None> + +# Verify HTTPS connections. (boolean value) +#insecure=false + +# Directory used to cache files related to PKI tokens (string +# value) +#signing_dir=<None> + +# Optionally specify a list of memcached server(s) to use for +# caching. If left undefined, tokens will instead be cached +# in-process. (list value) +# Deprecated group/name - [DEFAULT]/memcache_servers +#memcached_servers=<None> + +# In order to prevent excessive effort spent validating +# tokens, the middleware caches previously-seen tokens for a +# configurable duration (in seconds). Set to -1 to disable +# caching completely. (integer value) +#token_cache_time=300 + +# Determines the frequency at which the list of revoked tokens +# is retrieved from the Identity service (in seconds). A high +# number of revocation events combined with a low cache +# duration may significantly reduce performance. (integer +# value) +#revocation_cache_time=10 + +# (optional) if defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable +# values are MAC or ENCRYPT. If MAC, token data is +# authenticated (with HMAC) in the cache. If ENCRYPT, token +# data is encrypted and authenticated in the cache. If the +# value is not one of these options or empty, auth_token will +# raise an exception on initialization. (string value) +#memcache_security_strategy=<None> + +# (optional, mandatory if memcache_security_strategy is +# defined) this string is used for key derivation. (string +# value) +#memcache_secret_key=<None> + +# (optional) number of seconds memcached server is considered +# dead before it is tried again. (integer value) +#memcache_pool_dead_retry=300 + +# (optional) max total number of open connections to every +# memcached server. (integer value) +#memcache_pool_maxsize=10 + +# (optional) socket timeout in seconds for communicating with +# a memcache server. (integer value) +#memcache_pool_socket_timeout=3 + +# (optional) number of seconds a connection to memcached is +# held unused in the pool before it is closed. (integer value) +#memcache_pool_unused_timeout=60 + +# (optional) number of seconds that an operation will wait to +# get a memcache client connection from the pool. (integer +# value) +#memcache_pool_conn_get_timeout=10 + +# (optional) use the advanced (eventlet safe) memcache client +# pool. The advanced pool will only work under python 2.x. +# (boolean value) +#memcache_use_advanced_pool=false + +# (optional) indicate whether to set the X-Service-Catalog +# header. If False, middleware will not ask for service +# catalog on token validation and will not set the X-Service- +# Catalog header. (boolean value) +#include_service_catalog=true + +# Used to control the use and type of token binding. Can be +# set to: "disabled" to not check token binding. "permissive" +# (default) to validate binding information if the bind type +# is of a form known to the server and ignore it if not. +# "strict" like "permissive" but if the bind type is unknown +# the token will be rejected. "required" any form of token +# binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string +# value) +#enforce_token_bind=permissive + +# If true, the revocation list will be checked for cached +# tokens. This requires that PKI tokens are configured on the +# Keystone server. (boolean value) +#check_revocations_for_cached=false + +# Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those +# supported by Python standard hashlib.new(). The hashes will +# be tried in the order given, so put the preferred one first +# for performance. The result of the first hash will be stored +# in the cache. This will typically be set to multiple values +# only while migrating from a less secure algorithm to a more +# secure one. Once all the old tokens are expired this option +# should be set to a single value for better performance. +# (list value) +#hash_algorithms=md5 + + +[matchmaker_redis] + +# +# Options defined in oslo.messaging +# + +# Host to locate redis. (string value) +#host=127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port=6379 + +# Password for Redis server (optional). (string value) +#password=<None> + + +[matchmaker_ring] + +# +# Options defined in oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile=/etc/oslo/matchmaker_ring.json + + +[neutron] + +# +# Options defined in ironic.dhcp.neutron +# + +# URL for connecting to neutron. (string value) +url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + +# Timeout value for connecting to neutron in seconds. (integer +# value) +#url_timeout=30 + +# Default authentication strategy to use when connecting to +# neutron. Can be either "keystone" or "noauth". Running +# neutron in noauth mode (related to but not affected by this +# setting) is insecure and should only be used for testing. +# (string value) +#auth_strategy=keystone + + +[pxe] + +# +# Options defined in ironic.drivers.modules.iscsi_deploy +# + +# Additional append parameters for baremetal PXE boot. (string +# value) +#pxe_append_params=nofb nomodeset vga=normal + +# Default file system format for ephemeral partition, if one +# is created. (string value) +#default_ephemeral_format=ext4 + +# Directory where images are stored on disk. (string value) +#images_path=/var/lib/ironic/images/ + +# Directory where master instance images are stored on disk. +# (string value) +#instance_master_path=/var/lib/ironic/master_images + +# Maximum size (in MiB) of cache for master images, including +# those in use. (integer value) +#image_cache_size=20480 + +# Maximum TTL (in minutes) for old master images in cache. +# (integer value) +#image_cache_ttl=10080 + +# The disk devices to scan while doing the deploy. (string +# value) +#disk_devices=cciss/c0d0,sda,hda,vda + + +# +# Options defined in ironic.drivers.modules.pxe +# + +# Template file for PXE configuration. (string value) +#pxe_config_template=$pybasedir/drivers/modules/pxe_config.template + +# Template file for PXE configuration for UEFI boot loader. +# (string value) +#uefi_pxe_config_template=$pybasedir/drivers/modules/elilo_efi_pxe_config.template + +# IP address of Ironic compute node's tftp server. (string +# value) +#tftp_server=$my_ip + +# Ironic compute node's tftp root path. (string value) +tftp_root=/srv/tftp_root/ + +# Directory where master tftp images are stored on disk. +# (string value) +tftp_master_path=/srv/tftp_root/master_images + +# Bootfile DHCP parameter. (string value) +#pxe_bootfile_name=pxelinux.0 + +# Bootfile DHCP parameter for UEFI boot mode. (string value) +#uefi_pxe_bootfile_name=elilo.efi + +# Ironic compute node's HTTP server URL. Example: +# http://192.1.2.3:8080 (string value) +#http_url=<None> + +# Ironic compute node's HTTP root path. (string value) +#http_root=/httpboot + +# Enable iPXE boot. (boolean value) +#ipxe_enabled=false + +# The path to the main iPXE script file. (string value) +#ipxe_boot_script=$pybasedir/drivers/modules/boot.ipxe + + +[seamicro] + +# +# Options defined in ironic.drivers.modules.seamicro +# + +# Maximum retries for SeaMicro operations (integer value) +#max_retry=3 + +# Seconds to wait for power action to be completed (integer +# value) +#action_timeout=10 + + +[snmp] + +# +# Options defined in ironic.drivers.modules.snmp +# + +# Seconds to wait for power action to be completed (integer +# value) +#power_timeout=10 + + +[ssh] + +# +# Options defined in ironic.drivers.modules.ssh +# + +# libvirt uri (string value) +#libvirt_uri=qemu:///system + + +[swift] + +# +# Options defined in ironic.common.swift +# + +# Maximum number of times to retry a Swift request, before +# failing. (integer value) +#swift_max_retries=2 + + diff --git a/openstack/usr/share/openstack/ironic/policy.json b/openstack/usr/share/openstack/ironic/policy.json new file mode 100644 index 00000000..94ac3a5b --- /dev/null +++ b/openstack/usr/share/openstack/ironic/policy.json @@ -0,0 +1,5 @@ +{ + "admin": "role:admin or role:administrator", + "admin_api": "is_admin:True", + "default": "rule:admin_api" +} diff --git a/openstack/usr/share/openstack/iscsi.yml b/openstack/usr/share/openstack/iscsi.yml new file mode 100644 index 00000000..b80377ae --- /dev/null +++ b/openstack/usr/share/openstack/iscsi.yml @@ -0,0 +1,15 @@ +--- +- hosts: localhost + tasks: + - name: Update kernel module dependencies + command: depmod -a + + - name: generate InitiatorName for iscsi + shell: iscsi-iname + register: initiator_name + + - lineinfile: + dest: /etc/iscsi/initiatorname.iscsi + regexp: '^InitiatorName=$' + line: 'InitiatorName={{ initiator_name.stdout }}' + backrefs: yes diff --git a/openstack/usr/share/openstack/keystone.yml b/openstack/usr/share/openstack/keystone.yml new file mode 100644 index 00000000..330d74d0 --- /dev/null +++ b/openstack/usr/share/openstack/keystone.yml @@ -0,0 +1,143 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/keystone.conf" + tasks: + + # RabbitMQ configuration, this may end up in a different playbook + - name: Create rabbitmq user + user: + name: rabbitmq + comment: Rabbitmq server daemon + shell: /sbin/nologin + home: /var/lib/rabbitmq + + - name: Create the rabbitmq directories + file: + path: "{{ item }}" + state: directory + owner: rabbitmq + group: rabbitmq + with_items: + - /var/run/rabbitmq + - /var/log/rabbitmq + - /etc/rabbitmq + + - name: Add the configuration needed for rabbitmq in /etc/rabbitmq using templates + template: + src: /usr/share/openstack/rabbitmq/{{ item }} + dest: /etc/rabbitmq/{{ item }} + owner: rabbitmq + group: rabbitmq + mode: 0644 + with_items: + - rabbitmq.config + - rabbitmq-env.conf + + - name: Enable and start rabbitmq services + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - rabbitmq-server + + # Keystone configuration + - name: Create the keystone user. + user: + name: keystone + comment: Openstack Keystone Daemons + shell: /sbin/nologin + home: /var/lib/keystone + + - name: Create the /var folders for keystone + file: + path: "{{ item }}" + state: directory + owner: keystone + group: keystone + with_items: + - /var/run/keystone + - /var/lock/keystone + - /var/log/keystone + - /var/lib/keystone + + - name: Create /etc/keystone directory + file: + path: /etc/keystone + state: directory + + - name: Add the configuration needed for keystone in /etc using templates + template: + src: /usr/share/openstack/keystone/{{ item }} + dest: /etc/keystone/{{ item }} + with_lines: + - cd /usr/share/openstack/keystone && find -type f + + - name: Create postgresql user for keystone + postgresql_user: + name: "{{ KEYSTONE_DB_USER }}" + password: "{{ KEYSTONE_DB_PASSWORD }}" + sudo: yes + sudo_user: keystone + + - name: Create database for keystone services + postgresql_db: + name: keystone + owner: "{{ KEYSTONE_DB_USER }}" + sudo: yes + sudo_user: keystone + + - name: Initiatie keystone database + keystone_manage: + action: dbsync + sudo: yes + sudo_user: keystone + + - name: Enable and start openstack-keystone service + service: + name: openstack-keystone.service + enabled: yes + state: started + + - name: Create admin tenant + keystone_user: + tenant: admin + tenant_description: Admin Tenant + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - name: Create admin user for the admin tenant + keystone_user: + user: admin + tenant: admin + password: "{{ KEYSTONE_ADMIN_PASSWORD }}" + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - name: Create admin role for admin user in the admin tenant + keystone_user: + role: admin + user: admin + tenant: admin + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - name: Create service tenant + keystone_user: + tenant: service + tenant_description: Service Tenant + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - name: Add keystone endpoint + keystone_service: + name: keystone + type: identity + description: Keystone Identity Service + publicurl: http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + region: regionOne + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 diff --git a/openstack/usr/share/openstack/keystone/keystone-paste.ini b/openstack/usr/share/openstack/keystone/keystone-paste.ini new file mode 100644 index 00000000..46f994c3 --- /dev/null +++ b/openstack/usr/share/openstack/keystone/keystone-paste.ini @@ -0,0 +1,121 @@ +# Keystone PasteDeploy configuration file. + +[filter:debug] +paste.filter_factory = keystone.common.wsgi:Debug.factory + +[filter:build_auth_context] +paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory + +[filter:token_auth] +paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory + +[filter:admin_token_auth] +paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory + +[filter:xml_body] +paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory + +[filter:xml_body_v2] +paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV2.factory + +[filter:xml_body_v3] +paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV3.factory + +[filter:json_body] +paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory + +[filter:user_crud_extension] +paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory + +[filter:crud_extension] +paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory + +[filter:ec2_extension] +paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory + +[filter:ec2_extension_v3] +paste.filter_factory = keystone.contrib.ec2:Ec2ExtensionV3.factory + +[filter:federation_extension] +paste.filter_factory = keystone.contrib.federation.routers:FederationExtension.factory + +[filter:oauth1_extension] +paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory + +[filter:s3_extension] +paste.filter_factory = keystone.contrib.s3:S3Extension.factory + +[filter:endpoint_filter_extension] +paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory + +[filter:endpoint_policy_extension] +paste.filter_factory = keystone.contrib.endpoint_policy.routers:EndpointPolicyExtension.factory + +[filter:simple_cert_extension] +paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory + +[filter:revoke_extension] +paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory + +[filter:url_normalize] +paste.filter_factory = keystone.middleware:NormalizingFilter.factory + +[filter:sizelimit] +paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory + +[filter:stats_monitoring] +paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory + +[filter:stats_reporting] +paste.filter_factory = keystone.contrib.stats:StatsExtension.factory + +[filter:access_log] +paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory + +[app:public_service] +paste.app_factory = keystone.service:public_app_factory + +[app:service_v3] +paste.app_factory = keystone.service:v3_app_factory + +[app:admin_service] +paste.app_factory = keystone.service:admin_app_factory + +[pipeline:public_api] +# The last item in this pipeline must be public_service or an equivalent +# application. It cannot be a filter. +pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service + +[pipeline:admin_api] +# The last item in this pipeline must be admin_service or an equivalent +# application. It cannot be a filter. +pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service + +[pipeline:api_v3] +# The last item in this pipeline must be service_v3 or an equivalent +# application. It cannot be a filter. +pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3 + +[app:public_version_service] +paste.app_factory = keystone.service:public_version_app_factory + +[app:admin_version_service] +paste.app_factory = keystone.service:admin_version_app_factory + +[pipeline:public_version_api] +pipeline = sizelimit url_normalize xml_body public_version_service + +[pipeline:admin_version_api] +pipeline = sizelimit url_normalize xml_body admin_version_service + +[composite:main] +use = egg:Paste#urlmap +/v2.0 = public_api +/v3 = api_v3 +/ = public_version_api + +[composite:admin] +use = egg:Paste#urlmap +/v2.0 = admin_api +/v3 = api_v3 +/ = admin_version_api diff --git a/openstack/usr/share/openstack/keystone/keystone.conf b/openstack/usr/share/openstack/keystone/keystone.conf new file mode 100644 index 00000000..4e04c81b --- /dev/null +++ b/openstack/usr/share/openstack/keystone/keystone.conf @@ -0,0 +1,1588 @@ +[DEFAULT] + +# +# Options defined in keystone +# + +# A "shared secret" that can be used to bootstrap Keystone. +# This "token" does not represent a user, and carries no +# explicit authorization. To disable in production (highly +# recommended), remove AdminTokenAuthMiddleware from your +# paste application pipelines (for example, in keystone- +# paste.ini). (string value) +admin_token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + +# The IP address of the network interface for the public +# service to listen on. (string value) +# Deprecated group/name - [DEFAULT]/bind_host +#public_bind_host=0.0.0.0 + +# The IP address of the network interface for the admin +# service to listen on. (string value) +# Deprecated group/name - [DEFAULT]/bind_host +#admin_bind_host=0.0.0.0 + +# (Deprecated) The port which the OpenStack Compute service +# listens on. This option was only used for string replacement +# in the templated catalog backend. Templated catalogs should +# replace the "$(compute_port)s" substitution with the static +# port of the compute service. As of Juno, this option is +# deprecated and will be removed in the L release. (integer +# value) +#compute_port=8774 + +# The port number which the admin service listens on. (integer +# value) +admin_port=35357 + +# The port number which the public service listens on. +# (integer value) +public_port=5000 + +# The base public endpoint URL for Keystone that is advertised +# to clients (NOTE: this does NOT affect how Keystone listens +# for connections). Defaults to the base host URL of the +# request. E.g. a request to http://server:5000/v2.0/users +# will default to http://server:5000. You should only need to +# set this value if the base URL contains a path (e.g. +# /prefix/v2.0) or the endpoint should be found on a different +# server. (string value) +#public_endpoint=<None> + +# The base admin endpoint URL for Keystone that is advertised +# to clients (NOTE: this does NOT affect how Keystone listens +# for connections). Defaults to the base host URL of the +# request. E.g. a request to http://server:35357/v2.0/users +# will default to http://server:35357. You should only need to +# set this value if the base URL contains a path (e.g. +# /prefix/v2.0) or the endpoint should be found on a different +# server. (string value) +#admin_endpoint=<None> + +# The number of worker processes to serve the public WSGI +# application. Defaults to number of CPUs (minimum of 2). +# (integer value) +#public_workers=<None> + +# The number of worker processes to serve the admin WSGI +# application. Defaults to number of CPUs (minimum of 2). +# (integer value) +#admin_workers=<None> + +# Enforced by optional sizelimit middleware +# (keystone.middleware:RequestBodySizeLimiter). (integer +# value) +#max_request_body_size=114688 + +# Limit the sizes of user & project ID/names. (integer value) +#max_param_size=64 + +# Similar to max_param_size, but provides an exception for +# token values. (integer value) +#max_token_size=8192 + +# During a SQL upgrade member_role_id will be used to create a +# new role that will replace records in the assignment table +# with explicit role grants. After migration, the +# member_role_id will be used in the API add_user_to_project. +# (string value) +#member_role_id=9fe2ff9ee4384b1894a90878d3e92bab + +# During a SQL upgrade member_role_name will be used to create +# a new role that will replace records in the assignment table +# with explicit role grants. After migration, member_role_name +# will be ignored. (string value) +#member_role_name=_member_ + +# The value passed as the keyword "rounds" to passlib's +# encrypt method. (integer value) +#crypt_strength=40000 + +# Set this to true if you want to enable TCP_KEEPALIVE on +# server sockets, i.e. sockets used by the Keystone wsgi +# server for client connections. (boolean value) +#tcp_keepalive=false + +# Sets the value of TCP_KEEPIDLE in seconds for each server +# socket. Only applies if tcp_keepalive is true. Not supported +# on OS X. (integer value) +#tcp_keepidle=600 + +# The maximum number of entities that will be returned in a +# collection, with no limit set by default. This global limit +# may be then overridden for a specific driver, by specifying +# a list_limit in the appropriate section (e.g. [assignment]). +# (integer value) +#list_limit=<None> + +# Set this to false if you want to enable the ability for +# user, group and project entities to be moved between domains +# by updating their domain_id. Allowing such movement is not +# recommended if the scope of a domain admin is being +# restricted by use of an appropriate policy file (see +# policy.v3cloudsample as an example). (boolean value) +#domain_id_immutable=true + +# If set to true, strict password length checking is performed +# for password manipulation. If a password exceeds the maximum +# length, the operation will fail with an HTTP 403 Forbidden +# error. If set to false, passwords are automatically +# truncated to the maximum length. (boolean value) +#strict_password_check=false + + +# +# Options defined in oslo.messaging +# + +# Use durable queues in amqp. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in amqp. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + +# SSL version to use (valid only if SSL enabled). valid values +# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some +# distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +rabbit_host={{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. +# (integer value) +rabbit_port={{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +rabbit_userid={{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +rabbit_password={{ RABBITMQ_PASSWORD }} + +# the RabbitMQ login method (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# If passed, use a fake RabbitMQ provider. (boolean value) +#fake_rabbit=false + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve +# to this address. (string value) +#rpc_zmq_bind_address=* + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port=9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts=1 + +# Maximum number of ingress messages to locally buffer per +# topic. Default is unlimited. (integer value) +#rpc_zmq_topic_backlog=<None> + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir=/var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP +# address. Must match "host" option, if running Nova. (string +# value) +#rpc_zmq_host=keystone + +# Seconds to wait before a cast expires (TTL). Only supported +# by impl_zmq. (integer value) +#rpc_cast_timeout=30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq=300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl=600 + +# Size of RPC greenthread pool. (integer value) +#rpc_thread_pool_size=64 + +# Driver or drivers to handle sending notifications. (multi +# valued) +#notification_driver= + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +#notification_topics=notifications + +# Seconds to wait for a response from a call. (integer value) +#rpc_response_timeout=60 + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend +# option and driver specific configuration. (string value) +#transport_url=<None> + +# The messaging driver to use, defaults to rabbit. Other +# drivers include qpid and zmq. (string value) +rpc_backend=rabbit + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the +# transport_url option. (string value) +#control_exchange=keystone + + +# +# Options defined in keystone.notifications +# + +# Default publisher_id for outgoing notifications (string +# value) +#default_publisher_id=<None> + + +# +# Options defined in keystone.openstack.common.eventlet_backdoor +# + +# Enable eventlet backdoor. Acceptable values are 0, <port>, +# and <start>:<end>, where 0 results in listening on a random +# tcp port number; <port> results in listening on the +# specified port number (and not enabling backdoor if that +# port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range +# of port numbers. The chosen port is displayed in the +# service's log file. (string value) +#backdoor_port=<None> + + +# +# Options defined in keystone.openstack.common.log +# + +# Print debugging output (set logging level to DEBUG instead +# of default WARNING level). (boolean value) +#debug=false + +# Print more verbose output (set logging level to INFO instead +# of default WARNING level). (boolean value) +#verbose=false + +# Log output to standard error. (boolean value) +#use_stderr=true + +# Format string to use for log messages with context. (string +# value) +#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages without context. +# (string value) +#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG. (string +# value) +#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format. +# (string value) +#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# List of logger=LEVEL pairs. (list value) +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN + +# Enables or disables publication of error events. (boolean +# value) +#publish_errors=false + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + +# The format for an instance that is passed with the log +# message. (string value) +#instance_format="[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log +# message. (string value) +#instance_uuid_format="[instance: %(uuid)s] " + +# The name of a logging configuration file. This file is +# appended to any existing logging configuration files. For +# details about logging configuration files, see the Python +# logging module documentation. (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append=<None> + +# DEPRECATED. A logging.Formatter log message format string +# which may use any of the available logging.LogRecord +# attributes. This option is deprecated. Please use +# logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format=<None> + +# Format string for %%(asctime)s in log records. Default: +# %(default)s . (string value) +#log_date_format=%Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to output to. If no default is +# set, logging will go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file=<None> + +# (Optional) The base directory used for relative --log-file +# paths. (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir=<None> + +# Use syslog for logging. Existing syslog format is DEPRECATED +# during I, and will change in J to honor RFC5424. (boolean +# value) +use_syslog=True + +# (Optional) Enables or disables syslog rfc5424 format for +# logging. If enabled, prefixes the MSG part of the syslog +# message with APP-NAME (RFC5424). The format without the APP- +# NAME is deprecated in I, and will be removed in J. (boolean +# value) +#use_syslog_rfc_format=false + +# Syslog facility to receive log lines. (string value) +#syslog_log_facility=LOG_USER + + +# +# Options defined in keystone.openstack.common.policy +# + +# The JSON file that defines policies. (string value) +#policy_file=policy.json + +# Default rule. Enforced when a requested rule is not found. +# (string value) +#policy_default_rule=default + + +[assignment] + +# +# Options defined in keystone +# + +# Assignment backend driver. (string value) +#driver=<None> + +# Toggle for assignment caching. This has no effect unless +# global caching is enabled. (boolean value) +#caching=true + +# TTL (in seconds) to cache assignment data. This has no +# effect unless global caching is enabled. (integer value) +#cache_time=<None> + +# Maximum number of entities that will be returned in an +# assignment collection. (integer value) +#list_limit=<None> + + +[auth] + +# +# Options defined in keystone +# + +# Default auth methods. (list value) +#methods=external,password,token + +# The password auth plugin module. (string value) +#password=keystone.auth.plugins.password.Password + +# The token auth plugin module. (string value) +#token=keystone.auth.plugins.token.Token + +# The external (REMOTE_USER) auth plugin module. (string +# value) +#external=keystone.auth.plugins.external.DefaultDomain + + +[cache] + +# +# Options defined in keystone +# + +# Prefix for building the configuration dictionary for the +# cache region. This should not need to be changed unless +# there is another dogpile.cache region with the same +# configuration name. (string value) +#config_prefix=cache.keystone + +# Default TTL, in seconds, for any cached item in the +# dogpile.cache region. This applies to any cached method that +# doesn't have an explicit cache expiration time defined for +# it. (integer value) +#expiration_time=600 + +# Dogpile.cache backend module. It is recommended that +# Memcache with pooling (keystone.cache.memcache_pool) or +# Redis (dogpile.cache.redis) be used in production +# deployments. Small workloads (single process) like devstack +# can use the dogpile.cache.memory backend. (string value) +#backend=keystone.common.cache.noop + +# Arguments supplied to the backend module. Specify this +# option once per argument to be passed to the dogpile.cache +# backend. Example format: "<argname>:<value>". (multi valued) +#backend_argument= + +# Proxy classes to import that will affect the way the +# dogpile.cache backend functions. See the dogpile.cache +# documentation on changing-backend-behavior. (list value) +#proxies= + +# Global toggle for all caching using the should_cache_fn +# mechanism. (boolean value) +#enabled=false + +# Extra debugging from the cache backend (cache keys, +# get/set/delete/etc calls). This is only really useful if you +# need to see the specific cache-backend get/set/delete calls +# with the keys/values. Typically this should be left set to +# false. (boolean value) +#debug_cache_backend=false + +# Memcache servers in the format of "host:port". +# (dogpile.cache.memcache and keystone.cache.memcache_pool +# backends only) (list value) +#memcache_servers=localhost:11211 + +# Number of seconds memcached server is considered dead before +# it is tried again. (dogpile.cache.memcache and +# keystone.cache.memcache_pool backends only) (integer value) +#memcache_dead_retry=300 + +# Timeout in seconds for every call to a server. +# (dogpile.cache.memcache and keystone.cache.memcache_pool +# backends only) (integer value) +#memcache_socket_timeout=3 + +# Max total number of open connections to every memcached +# server. (keystone.cache.memcache_pool backend only) (integer +# value) +#memcache_pool_maxsize=10 + +# Number of seconds a connection to memcached is held unused +# in the pool before it is closed. +# (keystone.cache.memcache_pool backend only) (integer value) +#memcache_pool_unused_timeout=60 + +# Number of seconds that an operation will wait to get a +# memcache client connection. (integer value) +#memcache_pool_connection_get_timeout=10 + + +[catalog] + +# +# Options defined in keystone +# + +# Catalog template file name for use with the template catalog +# backend. (string value) +#template_file=default_catalog.templates + +# Catalog backend driver. (string value) +#driver=keystone.catalog.backends.sql.Catalog + +# Toggle for catalog caching. This has no effect unless global +# caching is enabled. (boolean value) +#caching=true + +# Time to cache catalog data (in seconds). This has no effect +# unless global and catalog caching are enabled. (integer +# value) +#cache_time=<None> + +# Maximum number of entities that will be returned in a +# catalog collection. (integer value) +#list_limit=<None> + +# (Deprecated) List of possible substitutions for use in +# formatting endpoints. Use caution when modifying this list. +# It will give users with permission to create endpoints the +# ability to see those values in your configuration file. This +# option will be removed in Juno. (list value) +#endpoint_substitution_whitelist=tenant_id,user_id,public_bind_host,admin_bind_host,compute_host,compute_port,admin_port,public_port,public_endpoint,admin_endpoint + + +[credential] + +# +# Options defined in keystone +# + +# Credential backend driver. (string value) +#driver=keystone.credential.backends.sql.Credential + + +[database] + +# +# Options defined in oslo.db +# + +# The file name to use with SQLite. (string value) +#sqlite_db=oslo.sqlite + +# If True, SQLite uses synchronous mode. (boolean value) +#sqlite_synchronous=true + +# The back end to use for the database. (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend=sqlalchemy + +# The SQLAlchemy connection string to use to connect to the +# database. (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +#connection=<None> +connection=postgresql://{{ KEYSTONE_DB_USER }}:{{ KEYSTONE_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/keystone + +# The SQLAlchemy connection string to use to connect to the +# slave database. (string value) +#slave_connection=<None> + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode=TRADITIONAL + +# Timeout before idle SQL connections are reaped. (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout=3600 + +# Minimum number of SQL connections to keep open in a pool. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size=1 + +# Maximum number of SQL connections to keep open in a pool. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size=<None> + +# Maximum db connection retries during startup. Set to -1 to +# specify an infinite retry count. (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries=10 + +# Interval between retries of opening a SQL connection. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval=10 + +# If set, use this value for max_overflow with SQLAlchemy. +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow=<None> + +# Verbosity of SQL debugging information: 0=None, +# 100=Everything. (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug=0 + +# Add Python stack traces to SQL as comment strings. (boolean +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace=false + +# If set, use this value for pool_timeout with SQLAlchemy. +# (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout=<None> + +# Enable the experimental use of database reconnect on +# connection lost. (boolean value) +#use_db_reconnect=false + +# Seconds between database connection retries. (integer value) +#db_retry_interval=1 + +# If True, increases the interval between database connection +# retries up to db_max_retry_interval. (boolean value) +#db_inc_retry_interval=true + +# If db_inc_retry_interval is set, the maximum seconds between +# database connection retries. (integer value) +#db_max_retry_interval=10 + +# Maximum database connection retries before error is raised. +# Set to -1 to specify an infinite retry count. (integer +# value) +#db_max_retries=20 + + +[ec2] + +# +# Options defined in keystone +# + +# EC2Credential backend driver. (string value) +#driver=keystone.contrib.ec2.backends.kvs.Ec2 + + +[endpoint_filter] + +# +# Options defined in keystone +# + +# Endpoint Filter backend driver (string value) +#driver=keystone.contrib.endpoint_filter.backends.sql.EndpointFilter + +# Toggle to return all active endpoints if no filter exists. +# (boolean value) +#return_all_endpoints_if_no_filter=true + + +[endpoint_policy] + +# +# Options defined in keystone +# + +# Endpoint policy backend driver (string value) +#driver=keystone.contrib.endpoint_policy.backends.sql.EndpointPolicy + + +[federation] + +# +# Options defined in keystone +# + +# Federation backend driver. (string value) +#driver=keystone.contrib.federation.backends.sql.Federation + +# Value to be used when filtering assertion parameters from +# the environment. (string value) +#assertion_prefix= + + +[identity] + +# +# Options defined in keystone +# + +# This references the domain to use for all Identity API v2 +# requests (which are not aware of domains). A domain with +# this ID will be created for you by keystone-manage db_sync +# in migration 008. The domain referenced by this ID cannot be +# deleted on the v3 API, to prevent accidentally breaking the +# v2 API. There is nothing special about this domain, other +# than the fact that it must exist to order to maintain +# support for your v2 clients. (string value) +#default_domain_id=default + +# A subset (or all) of domains can have their own identity +# driver, each with their own partial configuration file in a +# domain configuration directory. Only values specific to the +# domain need to be placed in the domain specific +# configuration file. This feature is disabled by default; set +# to true to enable. (boolean value) +#domain_specific_drivers_enabled=false + +# Path for Keystone to locate the domain specific identity +# configuration files if domain_specific_drivers_enabled is +# set to true. (string value) +#domain_config_dir=/etc/keystone/domains + +# Identity backend driver. (string value) +#driver=keystone.identity.backends.sql.Identity + +# Maximum supported length for user passwords; decrease to +# improve performance. (integer value) +#max_password_length=4096 + +# Maximum number of entities that will be returned in an +# identity collection. (integer value) +#list_limit=<None> + + +[identity_mapping] + +# +# Options defined in keystone +# + +# Keystone Identity Mapping backend driver. (string value) +#driver=keystone.identity.mapping_backends.sql.Mapping + +# Public ID generator for user and group entities. The +# Keystone identity mapper only supports generators that +# produce no more than 64 characters. (string value) +#generator=keystone.identity.id_generators.sha256.Generator + +# The format of user and group IDs changed in Juno for +# backends that do not generate UUIDs (e.g. LDAP), with +# keystone providing a hash mapping to the underlying +# attribute in LDAP. By default this mapping is disabled, +# which ensures that existing IDs will not change. Even when +# the mapping is enabled by using domain specific drivers, any +# users and groups from the default domain being handled by +# LDAP will still not be mapped to ensure their IDs remain +# backward compatible. Setting this value to False will enable +# the mapping for even the default LDAP driver. It is only +# safe to do this if you do not already have assignments for +# users and groups from the default LDAP domain, and it is +# acceptable for Keystone to provide the different IDs to +# clients than it did previously. Typically this means that +# the only time you can set this value to False is when +# configuring a fresh installation. (boolean value) +#backward_compatible_ids=true + + +[kvs] + +# +# Options defined in keystone +# + +# Extra dogpile.cache backend modules to register with the +# dogpile.cache library. (list value) +#backends= + +# Prefix for building the configuration dictionary for the KVS +# region. This should not need to be changed unless there is +# another dogpile.cache region with the same configuration +# name. (string value) +#config_prefix=keystone.kvs + +# Toggle to disable using a key-mangling function to ensure +# fixed length keys. This is toggle-able for debugging +# purposes, it is highly recommended to always leave this set +# to true. (boolean value) +#enable_key_mangler=true + +# Default lock timeout for distributed locking. (integer +# value) +#default_lock_timeout=5 + + +[ldap] + +# +# Options defined in keystone +# + +# URL for connecting to the LDAP server. (string value) +#url=ldap://localhost + +# User BindDN to query the LDAP server. (string value) +#user=<None> + +# Password for the BindDN to query the LDAP server. (string +# value) +#password=<None> + +# LDAP server suffix (string value) +#suffix=cn=example,cn=com + +# If true, will add a dummy member to groups. This is required +# if the objectclass for groups requires the "member" +# attribute. (boolean value) +#use_dumb_member=false + +# DN of the "dummy member" to use when "use_dumb_member" is +# enabled. (string value) +#dumb_member=cn=dumb,dc=nonexistent + +# Delete subtrees using the subtree delete control. Only +# enable this option if your LDAP server supports subtree +# deletion. (boolean value) +#allow_subtree_delete=false + +# The LDAP scope for queries, this can be either "one" +# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). +# (string value) +#query_scope=one + +# Maximum results per page; a value of zero ("0") disables +# paging. (integer value) +#page_size=0 + +# The LDAP dereferencing option for queries. This can be +# either "never", "searching", "always", "finding" or +# "default". The "default" option falls back to using default +# dereferencing configured by your ldap.conf. (string value) +#alias_dereferencing=default + +# Sets the LDAP debugging level for LDAP calls. A value of 0 +# means that debugging is not enabled. This value is a +# bitmask, consult your LDAP documentation for possible +# values. (integer value) +#debug_level=<None> + +# Override the system's default referral chasing behavior for +# queries. (boolean value) +#chase_referrals=<None> + +# Search base for users. (string value) +#user_tree_dn=<None> + +# LDAP search filter for users. (string value) +#user_filter=<None> + +# LDAP objectclass for users. (string value) +#user_objectclass=inetOrgPerson + +# LDAP attribute mapped to user id. WARNING: must not be a +# multivalued attribute. (string value) +#user_id_attribute=cn + +# LDAP attribute mapped to user name. (string value) +#user_name_attribute=sn + +# LDAP attribute mapped to user email. (string value) +#user_mail_attribute=mail + +# LDAP attribute mapped to password. (string value) +#user_pass_attribute=userPassword + +# LDAP attribute mapped to user enabled flag. (string value) +#user_enabled_attribute=enabled + +# Invert the meaning of the boolean enabled values. Some LDAP +# servers use a boolean lock attribute where "true" means an +# account is disabled. Setting "user_enabled_invert = true" +# will allow these lock attributes to be used. This setting +# will have no effect if "user_enabled_mask" or +# "user_enabled_emulation" settings are in use. (boolean +# value) +#user_enabled_invert=false + +# Bitmask integer to indicate the bit that the enabled value +# is stored in if the LDAP server represents "enabled" as a +# bit on an integer rather than a boolean. A value of "0" +# indicates the mask is not used. If this is not set to "0" +# the typical value is "2". This is typically used when +# "user_enabled_attribute = userAccountControl". (integer +# value) +#user_enabled_mask=0 + +# Default value to enable users. This should match an +# appropriate int value if the LDAP server uses non-boolean +# (bitmask) values to indicate if a user is enabled or +# disabled. If this is not set to "True" the typical value is +# "512". This is typically used when "user_enabled_attribute = +# userAccountControl". (string value) +#user_enabled_default=True + +# List of attributes stripped off the user on update. (list +# value) +#user_attribute_ignore=default_project_id,tenants + +# LDAP attribute mapped to default_project_id for users. +# (string value) +#user_default_project_id_attribute=<None> + +# Allow user creation in LDAP backend. (boolean value) +#user_allow_create=true + +# Allow user updates in LDAP backend. (boolean value) +#user_allow_update=true + +# Allow user deletion in LDAP backend. (boolean value) +#user_allow_delete=true + +# If true, Keystone uses an alternative method to determine if +# a user is enabled or not by checking if they are a member of +# the "user_enabled_emulation_dn" group. (boolean value) +#user_enabled_emulation=false + +# DN of the group entry to hold enabled users when using +# enabled emulation. (string value) +#user_enabled_emulation_dn=<None> + +# List of additional LDAP attributes used for mapping +# additional attribute mappings for users. Attribute mapping +# format is <ldap_attr>:<user_attr>, where ldap_attr is the +# attribute in the LDAP entry and user_attr is the Identity +# API attribute. (list value) +#user_additional_attribute_mapping= + +# Search base for projects (string value) +# Deprecated group/name - [ldap]/tenant_tree_dn +#project_tree_dn=<None> + +# LDAP search filter for projects. (string value) +# Deprecated group/name - [ldap]/tenant_filter +#project_filter=<None> + +# LDAP objectclass for projects. (string value) +# Deprecated group/name - [ldap]/tenant_objectclass +#project_objectclass=groupOfNames + +# LDAP attribute mapped to project id. (string value) +# Deprecated group/name - [ldap]/tenant_id_attribute +#project_id_attribute=cn + +# LDAP attribute mapped to project membership for user. +# (string value) +# Deprecated group/name - [ldap]/tenant_member_attribute +#project_member_attribute=member + +# LDAP attribute mapped to project name. (string value) +# Deprecated group/name - [ldap]/tenant_name_attribute +#project_name_attribute=ou + +# LDAP attribute mapped to project description. (string value) +# Deprecated group/name - [ldap]/tenant_desc_attribute +#project_desc_attribute=description + +# LDAP attribute mapped to project enabled. (string value) +# Deprecated group/name - [ldap]/tenant_enabled_attribute +#project_enabled_attribute=enabled + +# LDAP attribute mapped to project domain_id. (string value) +# Deprecated group/name - [ldap]/tenant_domain_id_attribute +#project_domain_id_attribute=businessCategory + +# List of attributes stripped off the project on update. (list +# value) +# Deprecated group/name - [ldap]/tenant_attribute_ignore +#project_attribute_ignore= + +# Allow project creation in LDAP backend. (boolean value) +# Deprecated group/name - [ldap]/tenant_allow_create +#project_allow_create=true + +# Allow project update in LDAP backend. (boolean value) +# Deprecated group/name - [ldap]/tenant_allow_update +#project_allow_update=true + +# Allow project deletion in LDAP backend. (boolean value) +# Deprecated group/name - [ldap]/tenant_allow_delete +#project_allow_delete=true + +# If true, Keystone uses an alternative method to determine if +# a project is enabled or not by checking if they are a member +# of the "project_enabled_emulation_dn" group. (boolean value) +# Deprecated group/name - [ldap]/tenant_enabled_emulation +#project_enabled_emulation=false + +# DN of the group entry to hold enabled projects when using +# enabled emulation. (string value) +# Deprecated group/name - [ldap]/tenant_enabled_emulation_dn +#project_enabled_emulation_dn=<None> + +# Additional attribute mappings for projects. Attribute +# mapping format is <ldap_attr>:<user_attr>, where ldap_attr +# is the attribute in the LDAP entry and user_attr is the +# Identity API attribute. (list value) +# Deprecated group/name - [ldap]/tenant_additional_attribute_mapping +#project_additional_attribute_mapping= + +# Search base for roles. (string value) +#role_tree_dn=<None> + +# LDAP search filter for roles. (string value) +#role_filter=<None> + +# LDAP objectclass for roles. (string value) +#role_objectclass=organizationalRole + +# LDAP attribute mapped to role id. (string value) +#role_id_attribute=cn + +# LDAP attribute mapped to role name. (string value) +#role_name_attribute=ou + +# LDAP attribute mapped to role membership. (string value) +#role_member_attribute=roleOccupant + +# List of attributes stripped off the role on update. (list +# value) +#role_attribute_ignore= + +# Allow role creation in LDAP backend. (boolean value) +#role_allow_create=true + +# Allow role update in LDAP backend. (boolean value) +#role_allow_update=true + +# Allow role deletion in LDAP backend. (boolean value) +#role_allow_delete=true + +# Additional attribute mappings for roles. Attribute mapping +# format is <ldap_attr>:<user_attr>, where ldap_attr is the +# attribute in the LDAP entry and user_attr is the Identity +# API attribute. (list value) +#role_additional_attribute_mapping= + +# Search base for groups. (string value) +#group_tree_dn=<None> + +# LDAP search filter for groups. (string value) +#group_filter=<None> + +# LDAP objectclass for groups. (string value) +#group_objectclass=groupOfNames + +# LDAP attribute mapped to group id. (string value) +#group_id_attribute=cn + +# LDAP attribute mapped to group name. (string value) +#group_name_attribute=ou + +# LDAP attribute mapped to show group membership. (string +# value) +#group_member_attribute=member + +# LDAP attribute mapped to group description. (string value) +#group_desc_attribute=description + +# List of attributes stripped off the group on update. (list +# value) +#group_attribute_ignore= + +# Allow group creation in LDAP backend. (boolean value) +#group_allow_create=true + +# Allow group update in LDAP backend. (boolean value) +#group_allow_update=true + +# Allow group deletion in LDAP backend. (boolean value) +#group_allow_delete=true + +# Additional attribute mappings for groups. Attribute mapping +# format is <ldap_attr>:<user_attr>, where ldap_attr is the +# attribute in the LDAP entry and user_attr is the Identity +# API attribute. (list value) +#group_additional_attribute_mapping= + +# CA certificate file path for communicating with LDAP +# servers. (string value) +#tls_cacertfile=<None> + +# CA certificate directory path for communicating with LDAP +# servers. (string value) +#tls_cacertdir=<None> + +# Enable TLS for communicating with LDAP servers. (boolean +# value) +#use_tls=false + +# Valid options for tls_req_cert are demand, never, and allow. +# (string value) +#tls_req_cert=demand + +# Enable LDAP connection pooling. (boolean value) +#use_pool=false + +# Connection pool size. (integer value) +#pool_size=10 + +# Maximum count of reconnect trials. (integer value) +#pool_retry_max=3 + +# Time span in seconds to wait between two reconnect trials. +# (floating point value) +#pool_retry_delay=0.1 + +# Connector timeout in seconds. Value -1 indicates indefinite +# wait for response. (integer value) +#pool_connection_timeout=-1 + +# Connection lifetime in seconds. (integer value) +#pool_connection_lifetime=600 + +# Enable LDAP connection pooling for end user authentication. +# If use_pool is disabled, then this setting is meaningless +# and is not used at all. (boolean value) +#use_auth_pool=false + +# End user auth connection pool size. (integer value) +#auth_pool_size=100 + +# End user auth connection lifetime in seconds. (integer +# value) +#auth_pool_connection_lifetime=60 + + +[matchmaker_redis] + +# +# Options defined in oslo.messaging +# + +# Host to locate redis. (string value) +#host=127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port=6379 + +# Password for Redis server (optional). (string value) +#password=<None> + + +[matchmaker_ring] + +# +# Options defined in oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile=/etc/oslo/matchmaker_ring.json + + +[memcache] + +# +# Options defined in keystone +# + +# Memcache servers in the format of "host:port". (list value) +#servers=localhost:11211 + +# Number of seconds memcached server is considered dead before +# it is tried again. This is used by the key value store +# system (e.g. token pooled memcached persistence backend). +# (integer value) +#dead_retry=300 + +# Timeout in seconds for every call to a server. This is used +# by the key value store system (e.g. token pooled memcached +# persistence backend). (integer value) +#socket_timeout=3 + +# Max total number of open connections to every memcached +# server. This is used by the key value store system (e.g. +# token pooled memcached persistence backend). (integer value) +#pool_maxsize=10 + +# Number of seconds a connection to memcached is held unused +# in the pool before it is closed. This is used by the key +# value store system (e.g. token pooled memcached persistence +# backend). (integer value) +#pool_unused_timeout=60 + +# Number of seconds that an operation will wait to get a +# memcache client connection. This is used by the key value +# store system (e.g. token pooled memcached persistence +# backend). (integer value) +#pool_connection_get_timeout=10 + + +[oauth1] + +# +# Options defined in keystone +# + +# Credential backend driver. (string value) +#driver=keystone.contrib.oauth1.backends.sql.OAuth1 + +# Duration (in seconds) for the OAuth Request Token. (integer +# value) +#request_token_duration=28800 + +# Duration (in seconds) for the OAuth Access Token. (integer +# value) +#access_token_duration=86400 + + +[os_inherit] + +# +# Options defined in keystone +# + +# role-assignment inheritance to projects from owning domain +# can be optionally enabled. (boolean value) +#enabled=false + + +[paste_deploy] + +# +# Options defined in keystone +# + +# Name of the paste configuration file that defines the +# available pipelines. (string value) +#config_file=keystone-paste.ini + + +[policy] + +# +# Options defined in keystone +# + +# Policy backend driver. (string value) +#driver=keystone.policy.backends.sql.Policy + +# Maximum number of entities that will be returned in a policy +# collection. (integer value) +#list_limit=<None> + + +[revoke] + +# +# Options defined in keystone +# + +# An implementation of the backend for persisting revocation +# events. (string value) +#driver=keystone.contrib.revoke.backends.kvs.Revoke + +# This value (calculated in seconds) is added to token +# expiration before a revocation event may be removed from the +# backend. (integer value) +#expiration_buffer=1800 + +# Toggle for revocation event caching. This has no effect +# unless global caching is enabled. (boolean value) +#caching=true + + +[saml] + +# +# Options defined in keystone +# + +# Default TTL, in seconds, for any generated SAML assertion +# created by Keystone. (integer value) +#assertion_expiration_time=3600 + +# Binary to be called for XML signing. Install the appropriate +# package, specify absolute path or adjust your PATH +# environment variable if the binary cannot be found. (string +# value) +#xmlsec1_binary=xmlsec1 + +# Path of the certfile for SAML signing. For non-production +# environments, you may be interested in using `keystone- +# manage pki_setup` to generate self-signed certificates. +# Note, the path cannot contain a comma. (string value) +#certfile=/etc/keystone/ssl/certs/signing_cert.pem + +# Path of the keyfile for SAML signing. Note, the path cannot +# contain a comma. (string value) +#keyfile=/etc/keystone/ssl/private/signing_key.pem + +# Entity ID value for unique Identity Provider identification. +# Usually FQDN is set with a suffix. A value is required to +# generate IDP Metadata. For example: +# https://keystone.example.com/v3/OS-FEDERATION/saml2/idp +# (string value) +#idp_entity_id=<None> + +# Identity Provider Single-Sign-On service value, required in +# the Identity Provider's metadata. A value is required to +# generate IDP Metadata. For example: +# https://keystone.example.com/v3/OS-FEDERATION/saml2/sso +# (string value) +#idp_sso_endpoint=<None> + +# Language used by the organization. (string value) +#idp_lang=en + +# Organization name the installation belongs to. (string +# value) +#idp_organization_name=<None> + +# Organization name to be displayed. (string value) +#idp_organization_display_name=<None> + +# URL of the organization. (string value) +#idp_organization_url=<None> + +# Company of contact person. (string value) +#idp_contact_company=<None> + +# Given name of contact person (string value) +#idp_contact_name=<None> + +# Surname of contact person. (string value) +#idp_contact_surname=<None> + +# Email address of contact person. (string value) +#idp_contact_email=<None> + +# Telephone number of contact person. (string value) +#idp_contact_telephone=<None> + +# Contact type. Allowed values are: technical, support, +# administrative billing, and other (string value) +#idp_contact_type=other + +# Path to the Identity Provider Metadata file. This file +# should be generated with the keystone-manage +# saml_idp_metadata command. (string value) +#idp_metadata_path=/etc/keystone/saml2_idp_metadata.xml + + +[signing] + +# +# Options defined in keystone +# + +# Deprecated in favor of provider in the [token] section. +# (string value) +#token_format=<None> + +# Path of the certfile for token signing. For non-production +# environments, you may be interested in using `keystone- +# manage pki_setup` to generate self-signed certificates. +# (string value) +#certfile=/etc/keystone/ssl/certs/signing_cert.pem + +# Path of the keyfile for token signing. (string value) +#keyfile=/etc/keystone/ssl/private/signing_key.pem + +# Path of the CA for token signing. (string value) +#ca_certs=/etc/keystone/ssl/certs/ca.pem + +# Path of the CA key for token signing. (string value) +#ca_key=/etc/keystone/ssl/private/cakey.pem + +# Key size (in bits) for token signing cert (auto generated +# certificate). (integer value) +#key_size=2048 + +# Days the token signing cert is valid for (auto generated +# certificate). (integer value) +#valid_days=3650 + +# Certificate subject (auto generated certificate) for token +# signing. (string value) +#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com + + +[ssl] + +# +# Options defined in keystone +# + +# Toggle for SSL support on the Keystone eventlet servers. +# (boolean value) +#enable=false + +# Path of the certfile for SSL. For non-production +# environments, you may be interested in using `keystone- +# manage ssl_setup` to generate self-signed certificates. +# (string value) +#certfile=/etc/keystone/ssl/certs/keystone.pem + +# Path of the keyfile for SSL. (string value) +#keyfile=/etc/keystone/ssl/private/keystonekey.pem + +# Path of the ca cert file for SSL. (string value) +#ca_certs=/etc/keystone/ssl/certs/ca.pem + +# Path of the CA key file for SSL. (string value) +#ca_key=/etc/keystone/ssl/private/cakey.pem + +# Require client certificate. (boolean value) +#cert_required=false + +# SSL key length (in bits) (auto generated certificate). +# (integer value) +#key_size=1024 + +# Days the certificate is valid for once signed (auto +# generated certificate). (integer value) +#valid_days=3650 + +# SSL certificate subject (auto generated certificate). +# (string value) +#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost + + +[stats] + +# +# Options defined in keystone +# + +# Stats backend driver. (string value) +#driver=keystone.contrib.stats.backends.kvs.Stats + + +[token] + +# +# Options defined in keystone +# + +# External auth mechanisms that should add bind information to +# token, e.g., kerberos,x509. (list value) +#bind= + +# Enforcement policy on tokens presented to Keystone with bind +# information. One of disabled, permissive, strict, required +# or a specifically required bind mode, e.g., kerberos or x509 +# to require binding to that authentication. (string value) +#enforce_token_bind=permissive + +# Amount of time a token should remain valid (in seconds). +# (integer value) +#expiration=3600 + +# Controls the token construction, validation, and revocation +# operations. Core providers are +# "keystone.token.providers.[pkiz|pki|uuid].Provider". The +# default provider is pkiz. (string value) +provider=keystone.token.providers.uuid.Provider + +# Token persistence backend driver. (string value) +driver=keystone.token.backends.sql.Token + +# Toggle for token system caching. This has no effect unless +# global caching is enabled. (boolean value) +#caching=true + +# Time to cache the revocation list and the revocation events +# if revoke extension is enabled (in seconds). This has no +# effect unless global and token caching are enabled. (integer +# value) +#revocation_cache_time=3600 + +# Time to cache tokens (in seconds). This has no effect unless +# global and token caching are enabled. (integer value) +#cache_time=<None> + +# Revoke token by token identifier. Setting revoke_by_id to +# true enables various forms of enumerating tokens, e.g. `list +# tokens for user`. These enumerations are processed to +# determine the list of tokens to revoke. Only disable if you +# are switching to using the Revoke extension with a backend +# other than KVS, which stores events in memory. (boolean +# value) +#revoke_by_id=true + +# The hash algorithm to use for PKI tokens. This can be set to +# any algorithm that hashlib supports. WARNING: Before +# changing this value, the auth_token middleware must be +# configured with the hash_algorithms, otherwise token +# revocation will not be processed correctly. (string value) +#hash_algorithm=md5 + + +[trust] + +# +# Options defined in keystone +# + +# Delegation and impersonation features can be optionally +# disabled. (boolean value) +#enabled=true + +# Trust backend driver. (string value) +#driver=keystone.trust.backends.sql.Trust + + diff --git a/openstack/usr/share/openstack/keystone/logging.conf b/openstack/usr/share/openstack/keystone/logging.conf new file mode 100644 index 00000000..6cb8c425 --- /dev/null +++ b/openstack/usr/share/openstack/keystone/logging.conf @@ -0,0 +1,65 @@ +[loggers] +keys=root,access + +[handlers] +keys=production,file,access_file,devel + +[formatters] +keys=minimal,normal,debug + + +########### +# Loggers # +########### + +[logger_root] +level=WARNING +handlers=file + +[logger_access] +level=INFO +qualname=access +handlers=access_file + + +################ +# Log Handlers # +################ + +[handler_production] +class=handlers.SysLogHandler +level=ERROR +formatter=normal +args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER) + +[handler_file] +class=handlers.WatchedFileHandler +level=WARNING +formatter=normal +args=('error.log',) + +[handler_access_file] +class=handlers.WatchedFileHandler +level=INFO +formatter=minimal +args=('access.log',) + +[handler_devel] +class=StreamHandler +level=NOTSET +formatter=debug +args=(sys.stdout,) + + +################## +# Log Formatters # +################## + +[formatter_minimal] +format=%(message)s + +[formatter_normal] +format=(%(name)s): %(asctime)s %(levelname)s %(message)s + +[formatter_debug] +format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s diff --git a/openstack/usr/share/openstack/keystone/policy.json b/openstack/usr/share/openstack/keystone/policy.json new file mode 100644 index 00000000..af65205e --- /dev/null +++ b/openstack/usr/share/openstack/keystone/policy.json @@ -0,0 +1,171 @@ +{ + "admin_required": "role:admin or is_admin:1", + "service_role": "role:service", + "service_or_admin": "rule:admin_required or rule:service_role", + "owner" : "user_id:%(user_id)s", + "admin_or_owner": "rule:admin_required or rule:owner", + + "default": "rule:admin_required", + + "identity:get_region": "", + "identity:list_regions": "", + "identity:create_region": "rule:admin_required", + "identity:update_region": "rule:admin_required", + "identity:delete_region": "rule:admin_required", + + "identity:get_service": "rule:admin_required", + "identity:list_services": "rule:admin_required", + "identity:create_service": "rule:admin_required", + "identity:update_service": "rule:admin_required", + "identity:delete_service": "rule:admin_required", + + "identity:get_endpoint": "rule:admin_required", + "identity:list_endpoints": "rule:admin_required", + "identity:create_endpoint": "rule:admin_required", + "identity:update_endpoint": "rule:admin_required", + "identity:delete_endpoint": "rule:admin_required", + + "identity:get_domain": "rule:admin_required", + "identity:list_domains": "rule:admin_required", + "identity:create_domain": "rule:admin_required", + "identity:update_domain": "rule:admin_required", + "identity:delete_domain": "rule:admin_required", + + "identity:get_project": "rule:admin_required", + "identity:list_projects": "rule:admin_required", + "identity:list_user_projects": "rule:admin_or_owner", + "identity:create_project": "rule:admin_required", + "identity:update_project": "rule:admin_required", + "identity:delete_project": "rule:admin_required", + + "identity:get_user": "rule:admin_required", + "identity:list_users": "rule:admin_required", + "identity:create_user": "rule:admin_required", + "identity:update_user": "rule:admin_required", + "identity:delete_user": "rule:admin_required", + "identity:change_password": "rule:admin_or_owner", + + "identity:get_group": "rule:admin_required", + "identity:list_groups": "rule:admin_required", + "identity:list_groups_for_user": "rule:admin_or_owner", + "identity:create_group": "rule:admin_required", + "identity:update_group": "rule:admin_required", + "identity:delete_group": "rule:admin_required", + "identity:list_users_in_group": "rule:admin_required", + "identity:remove_user_from_group": "rule:admin_required", + "identity:check_user_in_group": "rule:admin_required", + "identity:add_user_to_group": "rule:admin_required", + + "identity:get_credential": "rule:admin_required", + "identity:list_credentials": "rule:admin_required", + "identity:create_credential": "rule:admin_required", + "identity:update_credential": "rule:admin_required", + "identity:delete_credential": "rule:admin_required", + + "identity:ec2_get_credential": "rule:admin_or_owner", + "identity:ec2_list_credentials": "rule:admin_or_owner", + "identity:ec2_create_credential": "rule:admin_or_owner", + "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)", + + "identity:get_role": "rule:admin_required", + "identity:list_roles": "rule:admin_required", + "identity:create_role": "rule:admin_required", + "identity:update_role": "rule:admin_required", + "identity:delete_role": "rule:admin_required", + + "identity:check_grant": "rule:admin_required", + "identity:list_grants": "rule:admin_required", + "identity:create_grant": "rule:admin_required", + "identity:revoke_grant": "rule:admin_required", + + "identity:list_role_assignments": "rule:admin_required", + + "identity:get_policy": "rule:admin_required", + "identity:list_policies": "rule:admin_required", + "identity:create_policy": "rule:admin_required", + "identity:update_policy": "rule:admin_required", + "identity:delete_policy": "rule:admin_required", + + "identity:check_token": "rule:admin_required", + "identity:validate_token": "rule:service_or_admin", + "identity:validate_token_head": "rule:service_or_admin", + "identity:revocation_list": "rule:service_or_admin", + "identity:revoke_token": "rule:admin_or_owner", + + "identity:create_trust": "user_id:%(trust.trustor_user_id)s", + "identity:get_trust": "rule:admin_or_owner", + "identity:list_trusts": "", + "identity:list_roles_for_trust": "", + "identity:check_role_for_trust": "", + "identity:get_role_for_trust": "", + "identity:delete_trust": "", + + "identity:create_consumer": "rule:admin_required", + "identity:get_consumer": "rule:admin_required", + "identity:list_consumers": "rule:admin_required", + "identity:delete_consumer": "rule:admin_required", + "identity:update_consumer": "rule:admin_required", + + "identity:authorize_request_token": "rule:admin_required", + "identity:list_access_token_roles": "rule:admin_required", + "identity:get_access_token_role": "rule:admin_required", + "identity:list_access_tokens": "rule:admin_required", + "identity:get_access_token": "rule:admin_required", + "identity:delete_access_token": "rule:admin_required", + + "identity:list_projects_for_endpoint": "rule:admin_required", + "identity:add_endpoint_to_project": "rule:admin_required", + "identity:check_endpoint_in_project": "rule:admin_required", + "identity:list_endpoints_for_project": "rule:admin_required", + "identity:remove_endpoint_from_project": "rule:admin_required", + + "identity:create_endpoint_group": "rule:admin_required", + "identity:list_endpoint_groups": "rule:admin_required", + "identity:get_endpoint_group": "rule:admin_required", + "identity:update_endpoint_group": "rule:admin_required", + "identity:delete_endpoint_group": "rule:admin_required", + "identity:list_projects_associated_with_endpoint_group": "rule:admin_required", + "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required", + "identity:list_endpoint_groups_for_project": "rule:admin_required", + "identity:add_endpoint_group_to_project": "rule:admin_required", + "identity:remove_endpoint_group_from_project": "rule:admin_required", + + "identity:create_identity_provider": "rule:admin_required", + "identity:list_identity_providers": "rule:admin_required", + "identity:get_identity_providers": "rule:admin_required", + "identity:update_identity_provider": "rule:admin_required", + "identity:delete_identity_provider": "rule:admin_required", + + "identity:create_protocol": "rule:admin_required", + "identity:update_protocol": "rule:admin_required", + "identity:get_protocol": "rule:admin_required", + "identity:list_protocols": "rule:admin_required", + "identity:delete_protocol": "rule:admin_required", + + "identity:create_mapping": "rule:admin_required", + "identity:get_mapping": "rule:admin_required", + "identity:list_mappings": "rule:admin_required", + "identity:delete_mapping": "rule:admin_required", + "identity:update_mapping": "rule:admin_required", + + "identity:get_auth_catalog": "", + "identity:get_auth_projects": "", + "identity:get_auth_domains": "", + + "identity:list_projects_for_groups": "", + "identity:list_domains_for_groups": "", + + "identity:list_revoke_events": "", + + "identity:create_policy_association_for_endpoint": "rule:admin_required", + "identity:check_policy_association_for_endpoint": "rule:admin_required", + "identity:delete_policy_association_for_endpoint": "rule:admin_required", + "identity:create_policy_association_for_service": "rule:admin_required", + "identity:check_policy_association_for_service": "rule:admin_required", + "identity:delete_policy_association_for_service": "rule:admin_required", + "identity:create_policy_association_for_region_and_service": "rule:admin_required", + "identity:check_policy_association_for_region_and_service": "rule:admin_required", + "identity:delete_policy_association_for_region_and_service": "rule:admin_required", + "identity:get_policy_for_endpoint": "rule:admin_required", + "identity:list_endpoints_for_policy": "rule:admin_required" +} diff --git a/openstack/usr/share/openstack/network.yml b/openstack/usr/share/openstack/network.yml new file mode 100644 index 00000000..f99f7f1a --- /dev/null +++ b/openstack/usr/share/openstack/network.yml @@ -0,0 +1,67 @@ +--- +- hosts: localhost + vars_files: + - /etc/openstack/network.conf + tasks: +# Create the bridges to use the External network mapped + +# Count number of network interfaces (interfaces starting with 'e') + - shell: ls /sys/class/net | grep ^e.* | wc -l + register: number_interfaces + +# Abort if there number of interfaces != 1 + - fail: + msg: More than one, or none network interfaces found. + when: EXTERNAL_INTERFACE is not defined and number_interfaces.stdout != "1" + + - shell: ls /sys/class/net | grep ^e.* + register: interface_name + when: EXTERNAL_INTERFACE is not defined + + - set_fact: + ETH_INTERFACE: "{{ interface_name.stdout }}" + when: EXTERNAL_INTERFACE is not defined + + - set_fact: + ETH_INTERFACE: "{{ EXTERNAL_INTERFACE }}" + when: EXTERNAL_INTERFACE is defined + + - set_fact: + ETH_MAC_ADDRESS: "{{ hostvars['localhost']['ansible_' + ETH_INTERFACE]['macaddress'] }}" + + - name: Create the /run/systemd/network + file: + path: /run/systemd/network + state: directory + + - name: Disable dhcp on the bound physical interface + template: + src: /usr/share/openstack/extras/00-disable-device.network + dest: /run/systemd/network/00-disable-{{ item }}-config.network + with_items: + - "{{ ETH_INTERFACE }}" + + - name: Disable dhcp on all the internal interfaces + template: + src: /usr/share/openstack/extras/00-disable-device.network + dest: /run/systemd/network/00-disable-{{ item }}-config.network + with_items: + - ovs-system + + - openvswitch_bridge: + bridge: br-ex + state: present + + - openvswitch_port: + bridge: br-ex + port: "{{ ETH_INTERFACE }}" + state: present + + - shell: ovs-vsctl set bridge br-ex other-config:hwaddr={{ ETH_MAC_ADDRESS }} + + - name: Enable dhcp on the Open vSwitch device that replaces our external interface + template: + src: /usr/share/openstack/extras/60-device-dhcp.network + dest: /run/systemd/network/60-{{ item }}-dhcp.network + with_items: + - br-ex diff --git a/openstack/usr/share/openstack/neutron-config.yml b/openstack/usr/share/openstack/neutron-config.yml new file mode 100644 index 00000000..97f4c76e --- /dev/null +++ b/openstack/usr/share/openstack/neutron-config.yml @@ -0,0 +1,48 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/neutron.conf" + tasks: + + - name: Create the neutron user. + user: + name: neutron + comment: Openstack Neutron Daemons + shell: /sbin/nologin + home: /var/lib/neutron + + - name: Create the /var folders for neutron + file: + path: "{{ item }}" + state: directory + owner: neutron + group: neutron + with_items: + - /var/run/neutron + - /var/lock/neutron + - /var/log/neutron + + - name: Get service tenant id needed in neutron.conf + shell: | + keystone \ + --os-endpoint http://{{ CONTROLLER_HOST_ADDRESS|quote }}:35357/v2.0 \ + --os-token {{ KEYSTONE_TEMPORARY_ADMIN_TOKEN|quote }} \ + tenant-get service | grep id | tr -d " " | cut -d"|" -f3 + register: tenant_service_id + + - set_fact: + SERVICE_TENANT_ID: "{{ tenant_service_id.stdout }}" + + - name: Create the directories needed for Neutron configuration files. + file: + path: /etc/{{ item }} + state: directory + with_lines: + - cd /usr/share/openstack && find neutron -type d + + - name: Add configuration needed for neutron using templates + template: + src: /usr/share/openstack/{{ item }} + dest: /etc/{{ item }} + with_lines: + - cd /usr/share/openstack && find neutron -type f diff --git a/openstack/usr/share/openstack/neutron-db.yml b/openstack/usr/share/openstack/neutron-db.yml new file mode 100644 index 00000000..91dde6fe --- /dev/null +++ b/openstack/usr/share/openstack/neutron-db.yml @@ -0,0 +1,51 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/neutron.conf" + tasks: + - name: Create neutron service user in service tenant + keystone_user: + user: "{{ NEUTRON_SERVICE_USER }}" + password: "{{ NEUTRON_SERVICE_PASSWORD }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Add admin role to neutron service user in service tenant + keystone_user: + role: admin + user: "{{ NEUTRON_SERVICE_USER }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - keystone_service: + name: neutron + type: network + description: Openstack Compute Networking + publicurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + region: regionOne + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Create postgresql user for neutron + postgresql_user: + name: "{{ NEUTRON_DB_USER }}" + password: "{{ NEUTRON_DB_PASSWORD }}" + sudo: yes + sudo_user: neutron + + - name: Create database for neutron services + postgresql_db: + name: neutron + owner: "{{ NEUTRON_DB_USER }}" + sudo: yes + sudo_user: neutron + + - name: Initiate neutron database + shell: | + neutron-db-manage \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + upgrade juno + sudo: yes + sudo_user: neutron diff --git a/openstack/usr/share/openstack/neutron/api-paste.ini b/openstack/usr/share/openstack/neutron/api-paste.ini new file mode 100644 index 00000000..bbcd4152 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/api-paste.ini @@ -0,0 +1,30 @@ +[composite:neutron] +use = egg:Paste#urlmap +/: neutronversions +/v2.0: neutronapi_v2_0 + +[composite:neutronapi_v2_0] +use = call:neutron.auth:pipeline_factory +noauth = request_id catch_errors extensions neutronapiapp_v2_0 +keystone = request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0 + +[filter:request_id] +paste.filter_factory = neutron.openstack.common.middleware.request_id:RequestIdMiddleware.factory + +[filter:catch_errors] +paste.filter_factory = neutron.openstack.common.middleware.catch_errors:CatchErrorsMiddleware.factory + +[filter:keystonecontext] +paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory + +[filter:extensions] +paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory + +[app:neutronversions] +paste.app_factory = neutron.api.versions:Versions.factory + +[app:neutronapiapp_v2_0] +paste.app_factory = neutron.api.v2.router:APIRouter.factory diff --git a/openstack/usr/share/openstack/neutron/dhcp_agent.ini b/openstack/usr/share/openstack/neutron/dhcp_agent.ini new file mode 100644 index 00000000..c6c2b9a7 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/dhcp_agent.ini @@ -0,0 +1,89 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = False +use_syslog = True + +# The DHCP agent will resync its state with Neutron to recover from any +# transient notification or rpc errors. The interval is number of +# seconds between attempts. +# resync_interval = 5 + +# The DHCP agent requires an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, +# BigSwitch/Floodlight) +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Name of Open vSwitch bridge to use +# ovs_integration_bridge = br-int + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +# ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires +# no additional setup of the DHCP server. +dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = True + +# The DHCP server can assist with providing metadata support on isolated +# networks. Setting this value to True will cause the DHCP server to append +# specific host routes to the DHCP request. The metadata service will only +# be activated when the subnet does not contain any router port. The guest +# instance must be configured to request host routes via DHCP (Option 121). +enable_isolated_metadata = True + +# Allows for serving metadata requests coming from a dedicated metadata +# access network whose cidr is 169.254.169.254/16 (or larger prefix), and +# is connected to a Neutron router from which the VMs send metadata +# request. In this case DHCP Option 121 will not be injected in VMs, as +# they will be able to reach 169.254.169.254 through a router. +# This option requires enable_isolated_metadata = True +# enable_metadata_network = False + +# Number of threads to use during sync process. Should not exceed connection +# pool size configured on server. +# num_sync_threads = 4 + +# Location to store DHCP server config files +# dhcp_confs = $state_path/dhcp + +# Domain to use for building the hostnames +# dhcp_domain = openstacklocal + +# Override the default dnsmasq settings with this file +# dnsmasq_config_file = + +# Comma-separated list of DNS servers which will be used by dnsmasq +# as forwarders. +# dnsmasq_dns_servers = + +# Limit number of leases to prevent a denial-of-service. +# dnsmasq_lease_max = 16777216 + +# Location to DHCP lease relay UNIX domain socket +# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# dhcp_delete_namespaces, which is false by default, can be set to True if +# namespaces can be deleted cleanly on the host running the dhcp agent. +# Do not enable this until you understand the problem with the Linux iproute +# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and +# you are sure that your version of iproute does not suffer from the problem. +# If True, namespaces will be deleted when a dhcp server is disabled. +# dhcp_delete_namespaces = False + +# Timeout for ovs-vsctl commands. +# If the timeout expires, ovs commands will fail with ALARMCLOCK error. +# ovs_vsctl_timeout = 10 diff --git a/openstack/usr/share/openstack/neutron/fwaas_driver.ini b/openstack/usr/share/openstack/neutron/fwaas_driver.ini new file mode 100644 index 00000000..41f761ab --- /dev/null +++ b/openstack/usr/share/openstack/neutron/fwaas_driver.ini @@ -0,0 +1,3 @@ +[fwaas] +#driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver +#enabled = True diff --git a/openstack/usr/share/openstack/neutron/l3_agent.ini b/openstack/usr/share/openstack/neutron/l3_agent.ini new file mode 100644 index 00000000..000cd997 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/l3_agent.ini @@ -0,0 +1,103 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = False +use_syslog = True + +# L3 requires that an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) +# that supports L3 agent +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +# ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = True + +# If use_namespaces is set as False then the agent can only configure one router. + +# This is done by setting the specific router_id. +# router_id = + +# When external_network_bridge is set, each L3 agent can be associated +# with no more than one external network. This value should be set to the UUID +# of that external network. To allow L3 agent support multiple external +# networks, both the external_network_bridge and gateway_external_network_id +# must be left empty. +# gateway_external_network_id = + +# Indicates that this L3 agent should also handle routers that do not have +# an external network gateway configured. This option should be True only +# for a single agent in a Neutron deployment, and may be False for all agents +# if all routers must have an external network gateway +# handle_internal_only_routers = True + +# Name of bridge used for external network traffic. This should be set to +# empty value for the linux bridge. when this parameter is set, each L3 agent +# can be associated with no more than one external network. +external_network_bridge = br-ex + +# TCP Port used by Neutron metadata server +# metadata_port = 9697 + +# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 +# to disable this feature. +# send_arp_for_ha = 3 + +# seconds between re-sync routers' data if needed +# periodic_interval = 40 + +# seconds to start to sync routers' data after +# starting agent +# periodic_fuzzy_delay = 5 + +# enable_metadata_proxy, which is true by default, can be set to False +# if the Nova metadata server is not available +# enable_metadata_proxy = True + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# router_delete_namespaces, which is false by default, can be set to True if +# namespaces can be deleted cleanly on the host running the L3 agent. +# Do not enable this until you understand the problem with the Linux iproute +# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and +# you are sure that your version of iproute does not suffer from the problem. +# If True, namespaces will be deleted when a router is destroyed. +# router_delete_namespaces = False + +# Timeout for ovs-vsctl commands. +# If the timeout expires, ovs commands will fail with ALARMCLOCK error. +# ovs_vsctl_timeout = 10 + +# The working mode for the agent. Allowed values are: +# - legacy: this preserves the existing behavior where the L3 agent is +# deployed on a centralized networking node to provide L3 services +# like DNAT, and SNAT. Use this mode if you do not want to adopt DVR. +# - dvr: this mode enables DVR functionality, and must be used for an L3 +# agent that runs on a compute host. +# - dvr_snat: this enables centralized SNAT support in conjunction with +# DVR. This mode must be used for an L3 agent running on a centralized +# node (or in single-host deployments, e.g. devstack). +# agent_mode = legacy + +# Location to store keepalived and all HA configurations +# ha_confs_path = $state_path/ha_confs + +# VRRP authentication type AH/PASS +# ha_vrrp_auth_type = PASS + +# VRRP authentication password +# ha_vrrp_auth_password = + +# The advertisement interval in seconds +# ha_vrrp_advert_int = 2 diff --git a/openstack/usr/share/openstack/neutron/lbaas_agent.ini b/openstack/usr/share/openstack/neutron/lbaas_agent.ini new file mode 100644 index 00000000..68a2759e --- /dev/null +++ b/openstack/usr/share/openstack/neutron/lbaas_agent.ini @@ -0,0 +1,42 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output). +# debug = False + +# The LBaaS agent will resync its state with Neutron to recover from any +# transient notification or rpc errors. The interval is number of +# seconds between attempts. +# periodic_interval = 10 + +# LBaas requires an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC, NVP, +# BigSwitch/Floodlight) +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +# ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# The agent requires drivers to manage the loadbalancer. HAProxy is the opensource version. +# Multiple device drivers reflecting different service providers could be specified: +# device_driver = path.to.provider1.driver.Driver +# device_driver = path.to.provider2.driver.Driver +# Default is: +# device_driver = neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver + +[haproxy] +# Location to store config and state files +# loadbalancer_state_path = $state_path/lbaas + +# The user group +# user_group = nogroup + +# When delete and re-add the same vip, send this many gratuitous ARPs to flush +# the ARP cache in the Router. Set it below or equal to 0 to disable this feature. +# send_gratuitous_arp = 3 diff --git a/openstack/usr/share/openstack/neutron/metadata_agent.ini b/openstack/usr/share/openstack/neutron/metadata_agent.ini new file mode 100644 index 00000000..ed238770 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/metadata_agent.ini @@ -0,0 +1,60 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = True +use_syslog = True + +# The Neutron user information for accessing the Neutron API. +auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +auth_region = regionOne +# Turn off verification of the certificate for ssl +# auth_insecure = False +# Certificate Authority public key (CA cert) file for ssl +# auth_ca_cert = +admin_tenant_name = service +admin_user = {{ NEUTRON_SERVICE_USER }} +admin_password = {{ NEUTRON_SERVICE_PASSWORD }} + +# Network service endpoint type to pull from the keystone catalog +# endpoint_type = adminURL + +# IP address used by Nova metadata server +nova_metadata_ip = {{ CONTROLLER_HOST_ADDRESS }} + +# TCP Port used by Nova metadata server +# nova_metadata_port = 8775 + +# Which protocol to use for requests to Nova metadata server, http or https +# nova_metadata_protocol = http + +# Whether insecure SSL connection should be accepted for Nova metadata server +# requests +# nova_metadata_insecure = False + +# Client certificate for nova api, needed when nova api requires client +# certificates +# nova_client_cert = + +# Private key for nova client certificate +# nova_client_priv_key = + +# When proxying metadata requests, Neutron signs the Instance-ID header with a +# shared secret to prevent spoofing. You may select any string for a secret, +# but it must match here and in the configuration used by the Nova Metadata +# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret +metadata_proxy_shared_secret = {{ METADATA_PROXY_SHARED_SECRET }} + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# Number of separate worker processes for metadata server. Defaults to +# half the number of CPU cores +# metadata_workers = + +# Number of backlog requests to configure the metadata server socket with +# metadata_backlog = 4096 + +# URL to connect to the cache backend. +# default_ttl=0 parameter will cause cache entries to never expire. +# Otherwise default_ttl specifies time in seconds a cache entry is valid for. +# No cache is used in case no value is passed. +# cache_url = memory://?default_ttl=5 diff --git a/openstack/usr/share/openstack/neutron/metering_agent.ini b/openstack/usr/share/openstack/neutron/metering_agent.ini new file mode 100644 index 00000000..88826ce7 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/metering_agent.ini @@ -0,0 +1,18 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = True + +# Default driver: +# driver = neutron.services.metering.drivers.noop.noop_driver.NoopMeteringDriver +# Example of non-default driver +# driver = neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver + +# Interval between two metering measures +# measure_interval = 30 + +# Interval between two metering reports +# report_interval = 300 + +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# use_namespaces = True diff --git a/openstack/usr/share/openstack/neutron/neutron.conf b/openstack/usr/share/openstack/neutron/neutron.conf new file mode 100644 index 00000000..51de7464 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/neutron.conf @@ -0,0 +1,640 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +# verbose = False + +# =========Start Global Config Option for Distributed L3 Router=============== +# Setting the "router_distributed" flag to "True" will default to the creation +# of distributed tenant routers. The admin can override this flag by specifying +# the type of the router on the create request (admin-only attribute). Default +# value is "False" to support legacy mode (centralized) routers. +# +# router_distributed = False +# +# ===========End Global Config Option for Distributed L3 Router=============== + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +# debug = False + +# Where to store Neutron state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/neutron + +# Where to store lock files +lock_path = $state_path/lock + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +use_syslog = True + +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +# log_dir = + +# publish_errors = False + +# Address to bind the API server to +# bind_host = 0.0.0.0 + +# Port the bind the API server to +# bind_port = 9696 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of neutron.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Neutron core plugin entrypoint to be loaded from the +# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the neutron source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +core_plugin = ml2 +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the neutron source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +service_plugins = router +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also be used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# DVR Base MAC address. The first 3 octets will remain unchanged. If the +# 4th octet is not 00, it will also be used. The others will be randomly +# generated. The 'dvr_base_mac' *must* be different from 'base_mac' to +# avoid mixing them up with MAC's allocated for tenant ports. +# A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00 +# The default is 3 octet +# dvr_base_mac = fa:16:3f:00:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds). Use -1 to +# tell dnsmasq to use infinite lease times. +# dhcp_lease_duration = 86400 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Neutron is +# being used in conjunction with nova security groups +allow_overlapping_ips = True +# Ensure that configured gateway is on subnet. For IPv6, validate only if +# gateway is not a link local address. Deprecated, to be removed during the +# K release, at which point the check will be mandatory. +# force_gateway_on_subnet = True + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# Maximum number of routes per router +# max_routes = 30 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +# agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +# network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +# Driver to use for scheduling router to a default L3 agent +# router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +# Driver to use for scheduling a loadbalancer pool to an lbaas agent +# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# neutron server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to neutron server +# router_auto_schedule = True + +# Allow automatic rescheduling of routers from dead L3 agents with +# admin_state_up set to True to alive agents. +# allow_automatic_l3agent_failover = False + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== items for l3 extension ============== +# Enable high availability for virtual routers. +# l3_ha = False +# +# Maximum number of l3 agents which a HA router will be scheduled on. If it +# is set to 0 the router will be scheduled on every agent. +# max_l3_agents_per_router = 3 +# +# Minimum number of l3 agents which a HA router will be scheduled on. The +# default value is 2. +# min_l3_agents_per_router = 2 +# +# CIDR of the administrative network if HA mode is enabled +# l3_ha_net_cidr = 169.254.192.0/18 +# =========== end of items for l3 extension ======= + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +# api_workers = 0 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +# rpc_workers = 0 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== neutron nova interactions ========== +# Send notification to nova when port status is active. +notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +nova_url = http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +nova_region_name = regionOne + +# Username for connection to nova in admin context +nova_admin_username = {{ NOVA_SERVICE_USER }} + +# The uuid of the admin nova tenant +nova_admin_tenant_id = {{ SERVICE_TENANT_ID }} + +# Password for connection to nova in admin context. +nova_admin_password = {{ NOVA_SERVICE_PASSWORD }} + +# Authorization URL for connection to nova in admin context. +nova_admin_auth_url = http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + +# CA file for novaclient to verify server certificates +# nova_ca_certificates_file = + +# Boolean to control ignoring SSL errors on the nova url +# nova_api_insecure = False + +# Number of seconds between sending events to nova if there are any events to send +# send_events_interval = 2 + +# ======== end of neutron nova interactions ========== + +# +# Options defined in oslo.messaging +# + +# Use durable queues in amqp. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in amqp. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + +# SSL version to use (valid only if SSL enabled). valid values +# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some +# distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +rabbit_host={{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. +# (integer value) +rabbit_port={{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +rabbit_userid={{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +rabbit_password={{ RABBITMQ_PASSWORD }} + +# the RabbitMQ login method (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# If passed, use a fake RabbitMQ provider. (boolean value) +#fake_rabbit=false + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve +# to this address. (string value) +#rpc_zmq_bind_address=* + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port=9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts=1 + +# Maximum number of ingress messages to locally buffer per +# topic. Default is unlimited. (integer value) +#rpc_zmq_topic_backlog=<None> + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir=/var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP +# address. Must match "host" option, if running Nova. (string +# value) +#rpc_zmq_host=oslo + +# Seconds to wait before a cast expires (TTL). Only supported +# by impl_zmq. (integer value) +#rpc_cast_timeout=30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq=300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl=600 + +# Size of RPC greenthread pool. (integer value) +#rpc_thread_pool_size=64 + +# Driver or drivers to handle sending notifications. (multi +# valued) +notification_driver=neutron.openstack.common.notifier.rpc_notifier + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +#notification_topics=notifications + +# Seconds to wait for a response from a call. (integer value) +#rpc_response_timeout=60 + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend +# option and driver specific configuration. (string value) +#transport_url=<None> + +# The messaging driver to use, defaults to rabbit. Other +# drivers include qpid and zmq. (string value) +rpc_backend=rabbit + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the +# transport_url option. (string value) +#control_exchange=openstack + + +[matchmaker_redis] + +# +# Options defined in oslo.messaging +# + +# Host to locate redis. (string value) +#host=127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port=6379 + +# Password for Redis server (optional). (string value) +#password=<None> + + +[matchmaker_ring] + +# +# Options defined in oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile=/etc/oslo/matchmaker_ring.json + +[quotas] +# Default driver to use for quota checks +# quota_driver = neutron.db.quota_db.DbQuotaDriver + +# Resource name(s) that are supported in quota features +# quota_items = network,subnet,port + +# Default number of resource allowed per tenant. A negative value means +# unlimited. +# default_quota = -1 + +# Number of networks allowed per tenant. A negative value means unlimited. +# quota_network = 10 + +# Number of subnets allowed per tenant. A negative value means unlimited. +# quota_subnet = 10 + +# Number of ports allowed per tenant. A negative value means unlimited. +# quota_port = 50 + +# Number of security groups allowed per tenant. A negative value means +# unlimited. +# quota_security_group = 10 + +# Number of security group rules allowed per tenant. A negative value means +# unlimited. +# quota_security_group_rule = 100 + +# Number of vips allowed per tenant. A negative value means unlimited. +# quota_vip = 10 + +# Number of pools allowed per tenant. A negative value means unlimited. +# quota_pool = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# The default is unlimited because a member is not a real resource consumer +# on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. +# The default is unlimited because a health monitor is not a real resource +# consumer on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_health_monitor = -1 + +# Number of routers allowed per tenant. A negative value means unlimited. +# quota_router = 10 + +# Number of floating IPs allowed per tenant. A negative value means unlimited. +# quota_floatingip = 50 + +# Number of firewalls allowed per tenant. A negative value means unlimited. +# quota_firewall = 1 + +# Number of firewall policies allowed per tenant. A negative value means +# unlimited. +# quota_firewall_policy = 1 + +# Number of firewall rules allowed per tenant. A negative value means +# unlimited. +# quota_firewall_rule = 100 + +[agent] +# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +# root_helper = sudo +root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +# report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +auth_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 +identity_uri = http://{{ CONTROLLER_HOST_ADDRESS }}:35357 +admin_tenant_name = service +admin_user = {{ NEUTRON_SERVICE_USER }} +admin_password = {{ NEUTRON_SERVICE_PASSWORD }} + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/neutron +# Replace 127.0.0.1 above with the IP address of the database used by the +# main neutron server. (Leave it as is if the database runs on this host.) +# connection = sqlite:// +# NOTE: In deployment the [database] section and its connection attribute may +# be set in the corresponding core plugin '.ini' file. However, it is suggested +# to put the [database] section and its connection attribute in this +# configuration file. +#connection=sqlite:////var/lib/neutron/neutron.sqlite +connection=postgresql://{{ NEUTRON_DB_USER }}:{{ NEUTRON_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/neutron + +# Database engine for which script will be generated when using offline +# migration +# engine = + +# The SQLAlchemy connection string used to connect to the slave database +# slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +# max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +# retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +# min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +# max_pool_size = 10 + +# Timeout in seconds before idle sql connections are reaped +# idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +# max_overflow = 20 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +# connection_debug = 0 + +# Add python stack traces to SQL as comment strings +# connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +# pool_timeout = 10 + +[service_providers] +# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. +# Must be in form: +# service_provider=<service_type>:<name>:<driver>[:default] +# List of allowed service types includes LOADBALANCER, FIREWALL, VPN +# Combination of <service type> and <name> must be unique; <driver> must also be unique +# This is multiline option, example for default provider: +# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default +# example of non-default provider: +# service_provider=FIREWALL:name2:firewall_driver_path +# --- Reference implementations --- +service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +# In order to activate Radware's lbaas driver you need to uncomment the next line. +# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. +# Otherwise comment the HA Proxy line +# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default +# uncomment the following line to make the 'netscaler' LBaaS provider available. +# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver +# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. +# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default +# Uncomment the line below to use Embrane heleos as Load Balancer service provider. +# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default +# Uncomment the line below to use the A10 Networks LBaaS driver. Requires 'pip install a10-neutron-lbaas'. +#service_provider = LOADBALANCER:A10Networks:neutron.services.loadbalancer.drivers.a10networks.driver_v1.ThunderDriver:default +# Uncomment the following line to test the LBaaS v2 API _WITHOUT_ a real backend +# service_provider = LOADBALANCER:LoggingNoop:neutron.services.loadbalancer.drivers.logging_noop.driver.LoggingNoopLoadBalancerDriver:default diff --git a/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini b/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini new file mode 100644 index 00000000..256f7855 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/bigswitch/restproxy.ini @@ -0,0 +1,114 @@ +# Config file for neutron-proxy-plugin. + +[restproxy] +# All configuration for this plugin is in section '[restproxy]' +# +# The following parameters are supported: +# servers : <host:port>[,<host:port>]* (Error if not set) +# server_auth : <username:password> (default: no auth) +# server_ssl : True | False (default: True) +# ssl_cert_directory : <path> (default: /etc/neutron/plugins/bigswitch/ssl) +# no_ssl_validation : True | False (default: False) +# ssl_sticky : True | False (default: True) +# sync_data : True | False (default: False) +# auto_sync_on_failure : True | False (default: True) +# consistency_interval : <integer> (default: 60 seconds) +# server_timeout : <integer> (default: 10 seconds) +# neutron_id : <string> (default: neutron-<hostname>) +# add_meta_server_route : True | False (default: True) +# thread_pool_size : <int> (default: 4) + +# A comma separated list of BigSwitch or Floodlight servers and port numbers. The plugin proxies the requests to the BigSwitch/Floodlight server, which performs the networking configuration. Note that only one server is needed per deployment, but you may wish to deploy multiple servers to support failover. +servers=localhost:8080 + +# The username and password for authenticating against the BigSwitch or Floodlight controller. +# server_auth=username:password + +# Use SSL when connecting to the BigSwitch or Floodlight controller. +# server_ssl=True + +# Directory which contains the ca_certs and host_certs to be used to validate +# controller certificates. +# ssl_cert_directory=/etc/neutron/plugins/bigswitch/ssl/ + +# If a certificate does not exist for a controller, trust and store the first +# certificate received for that controller and use it to validate future +# connections to that controller. +# ssl_sticky=True + +# Do not validate the controller certificates for SSL +# Warning: This will not provide protection against man-in-the-middle attacks +# no_ssl_validation=False + +# Sync data on connect +# sync_data=False + +# If neutron fails to create a resource because the backend controller +# doesn't know of a dependency, automatically trigger a full data +# synchronization to the controller. +# auto_sync_on_failure=True + +# Time between verifications that the backend controller +# database is consistent with Neutron. (0 to disable) +# consistency_interval = 60 + +# Maximum number of seconds to wait for proxy request to connect and complete. +# server_timeout=10 + +# User defined identifier for this Neutron deployment +# neutron_id = + +# Flag to decide if a route to the metadata server should be injected into the VM +# add_meta_server_route = True + +# Number of threads to use to handle large volumes of port creation requests +# thread_pool_size = 4 + +[nova] +# Specify the VIF_TYPE that will be controlled on the Nova compute instances +# options: ivs or ovs +# default: ovs +# vif_type = ovs + +# Overrides for vif types based on nova compute node host IDs +# Comma separated list of host IDs to fix to a specific VIF type +# The VIF type is taken from the end of the configuration item +# node_override_vif_<vif_type> +# For example, the following would set the VIF type to IVS for +# host-id1 and host-id2 +# node_overrride_vif_ivs=host-id1,host-id2 + +[router] +# Specify the default router rules installed in newly created tenant routers +# Specify multiple times for multiple rules +# Format is <tenant>:<source>:<destination>:<action> +# Optionally, a comma-separated list of nexthops may be included after <action> +# Use an * to specify default for all tenants +# Default is any any allow for all tenants +# tenant_default_router_rule=*:any:any:permit + +# Maximum number of rules that a single router may have +# Default is 200 +# max_router_rules=200 + +[restproxyagent] + +# Specify the name of the bridge used on compute nodes +# for attachment. +# Default: br-int +# integration_bridge=br-int + +# Change the frequency of polling by the restproxy agent. +# Value is seconds +# Default: 5 +# polling_interval=5 + +# Virtual switch type on the compute node. +# Options: ovs or ivs +# Default: ovs +# virtual_switch_type = ovs + +[securitygroup] +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True diff --git a/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README b/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README new file mode 100644 index 00000000..e7e47a27 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/ca_certs/README @@ -0,0 +1,3 @@ +Certificates in this folder will be used to +verify signatures for any controllers the plugin +connects to. diff --git a/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README b/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README new file mode 100644 index 00000000..8f5f5e77 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/bigswitch/ssl/host_certs/README @@ -0,0 +1,6 @@ +Certificates in this folder must match the name +of the controller they should be used to authenticate +with a .pem extension. + +For example, the certificate for the controller +"192.168.0.1" should be named "192.168.0.1.pem". diff --git a/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini b/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini new file mode 100644 index 00000000..916e9e5d --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/brocade/brocade.ini @@ -0,0 +1,29 @@ +[switch] +# username = The SSH username to use +# password = The SSH password to use +# address = The address of the host to SSH to +# ostype = Should be NOS, but is unused otherwise +# +# Example: +# username = admin +# password = password +# address = 10.24.84.38 +# ostype = NOS + +[physical_interface] +# physical_interface = The network interface to use when creating a port +# +# Example: +# physical_interface = physnet1 + +[vlans] +# network_vlan_ranges = <physical network name>:nnnn:mmmm +# +# Example: +# network_vlan_ranges = physnet1:1000:2999 + +[linux_bridge] +# physical_interface_mappings = <physical network name>:<local interface> +# +# Example: +# physical_interface_mappings = physnet1:em1 diff --git a/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini b/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini new file mode 100644 index 00000000..d99e8382 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_cfg_agent.ini @@ -0,0 +1,15 @@ +[cfg_agent] +# (IntOpt) Interval in seconds for processing of service updates. +# That is when the config agent's process_services() loop executes +# and it lets each service helper to process its service resources. +# rpc_loop_interval = 10 + +# (StrOpt) Period-separated module path to the routing service helper class. +# routing_svc_helper_class = neutron.plugins.cisco.cfg_agent.service_helpers.routing_svc_helper.RoutingServiceHelper + +# (IntOpt) Timeout value in seconds for connecting to a hosting device. +# device_connection_timeout = 30 + +# (IntOpt) The time in seconds until a backlogged hosting device is +# presumed dead or booted to an error state. +# hosting_device_dead_timeout = 300 diff --git a/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini b/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini new file mode 100644 index 00000000..17eae737 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_plugins.ini @@ -0,0 +1,100 @@ +[cisco] + +# (StrOpt) A short prefix to prepend to the VLAN number when creating a +# VLAN interface. For example, if an interface is being created for +# VLAN 2001 it will be named 'q-2001' using the default prefix. +# +# vlan_name_prefix = q- +# Example: vlan_name_prefix = vnet- + +# (StrOpt) A short prefix to prepend to the VLAN number when creating a +# provider VLAN interface. For example, if an interface is being created +# for provider VLAN 3003 it will be named 'p-3003' using the default prefix. +# +# provider_vlan_name_prefix = p- +# Example: provider_vlan_name_prefix = PV- + +# (BoolOpt) A flag indicating whether Openstack networking should manage the +# creation and removal of VLAN interfaces for provider networks on the Nexus +# switches. If the flag is set to False then Openstack will not create or +# remove VLAN interfaces for provider networks, and the administrator needs +# to manage these interfaces manually or by external orchestration. +# +# provider_vlan_auto_create = True + +# (BoolOpt) A flag indicating whether Openstack networking should manage +# the adding and removing of provider VLANs from trunk ports on the Nexus +# switches. If the flag is set to False then Openstack will not add or +# remove provider VLANs from trunk ports, and the administrator needs to +# manage these operations manually or by external orchestration. +# +# provider_vlan_auto_trunk = True + +# (StrOpt) Period-separated module path to the model class to use for +# the Cisco neutron plugin. +# +# model_class = neutron.plugins.cisco.models.virt_phy_sw_v2.VirtualPhysicalSwitchModelV2 + +# (BoolOpt) A flag to enable Layer 3 support on the Nexus switches. +# Note: This feature is not supported on all models/versions of Cisco +# Nexus switches. To use this feature, all of the Nexus switches in the +# deployment must support it. +# nexus_l3_enable = False + +# (BoolOpt) A flag to enable round robin scheduling of routers for SVI. +# svi_round_robin = False + +# Cisco Nexus Switch configurations. +# Each switch to be managed by Openstack Neutron must be configured here. +# +# N1KV Format. +# [N1KV:<IP address of VSM>] +# username=<credential username> +# password=<credential password> +# +# Example: +# [N1KV:2.2.2.2] +# username=admin +# password=mySecretPassword + +[cisco_n1k] + +# (StrOpt) Specify the name of the integration bridge to which the VIFs are +# attached. +# Default value: br-int +# integration_bridge = br-int + +# (StrOpt) Name of the policy profile to be associated with a port when no +# policy profile is specified during port creates. +# Default value: service_profile +# default_policy_profile = service_profile + +# (StrOpt) Name of the policy profile to be associated with a port owned by +# network node (dhcp, router). +# Default value: dhcp_pp +# network_node_policy_profile = dhcp_pp + +# (StrOpt) Name of the network profile to be associated with a network when no +# network profile is specified during network creates. Admin should pre-create +# a network profile with this name. +# Default value: default_network_profile +# default_network_profile = network_pool + +# (IntOpt) Time in seconds for which the plugin polls the VSM for updates in +# policy profiles. +# Default value: 60 +# poll_duration = 60 + +# (BoolOpt) Specify whether tenants are restricted from accessing all the +# policy profiles. +# Default value: False, indicating all tenants can access all policy profiles. +# +# restrict_policy_profiles = False + +# (IntOpt) Number of threads to use to make HTTP requests to the VSM. +# Default value: 4 +# http_pool_size = 4 + +# (IntOpt) Timeout duration in seconds for the http request +# Default value: 15 +# http_timeout = 15 diff --git a/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini b/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini new file mode 100644 index 00000000..3ef271d2 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_router_plugin.ini @@ -0,0 +1,76 @@ +[general] +#(IntOpt) Time in seconds between renewed scheduling attempts of non-scheduled routers +# backlog_processing_interval = 10 + +#(StrOpt) Name of the L3 admin tenant +# l3_admin_tenant = L3AdminTenant + +#(StrOpt) Name of management network for hosting device configuration +# management_network = osn_mgmt_nw + +#(StrOpt) Default security group applied on management port +# default_security_group = mgmt_sec_grp + +#(IntOpt) Seconds of no status update until a cfg agent is considered down +# cfg_agent_down_time = 60 + +#(StrOpt) Path to templates for hosting devices +# templates_path = /opt/stack/data/neutron/cisco/templates + +#(StrOpt) Path to config drive files for service VM instances +# service_vm_config_path = /opt/stack/data/neutron/cisco/config_drive + +#(BoolOpt) Ensure that Nova is running before attempting to create any VM +# ensure_nova_running = True + +[hosting_devices] +# Settings coupled to CSR1kv VM devices +# ------------------------------------- +#(StrOpt) Name of Glance image for CSR1kv +# csr1kv_image = csr1kv_openstack_img + +#(StrOpt) UUID of Nova flavor for CSR1kv +# csr1kv_flavor = 621 + +#(StrOpt) Plugging driver for CSR1kv +# csr1kv_plugging_driver = neutron.plugins.cisco.l3.plugging_drivers.n1kv_trunking_driver.N1kvTrunkingPlugDriver + +#(StrOpt) Hosting device driver for CSR1kv +# csr1kv_device_driver = neutron.plugins.cisco.l3.hosting_device_drivers.csr1kv_hd_driver.CSR1kvHostingDeviceDriver + +#(StrOpt) Config agent router service driver for CSR1kv +# csr1kv_cfgagent_router_driver = neutron.plugins.cisco.cfg_agent.device_drivers.csr1kv.csr1kv_routing_driver.CSR1kvRoutingDriver + +#(StrOpt) Configdrive template file for CSR1kv +# csr1kv_configdrive_template = csr1kv_cfg_template + +#(IntOpt) Booting time in seconds before a CSR1kv becomes operational +# csr1kv_booting_time = 420 + +#(StrOpt) Username to use for CSR1kv configurations +# csr1kv_username = stack + +#(StrOpt) Password to use for CSR1kv configurations +# csr1kv_password = cisco + +[n1kv] +# Settings coupled to inter-working with N1kv plugin +# -------------------------------------------------- +#(StrOpt) Name of N1kv port profile for management ports +# management_port_profile = osn_mgmt_pp + +#(StrOpt) Name of N1kv port profile for T1 ports (i.e., ports carrying traffic +# from VXLAN segmented networks). +# t1_port_profile = osn_t1_pp + +#(StrOpt) Name of N1kv port profile for T2 ports (i.e., ports carrying traffic +# from VLAN segmented networks). +# t2_port_profile = osn_t2_pp + +#(StrOpt) Name of N1kv network profile for T1 networks (i.e., trunk networks +# for VXLAN segmented traffic). +# t1_network_profile = osn_t1_np + +#(StrOpt) Name of N1kv network profile for T2 networks (i.e., trunk networks +# for VLAN segmented traffic). +# t2_network_profile = osn_t2_np diff --git a/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini b/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini new file mode 100644 index 00000000..0aee17eb --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/cisco/cisco_vpn_agent.ini @@ -0,0 +1,26 @@ +[cisco_csr_ipsec] +# Status check interval in seconds, for VPNaaS IPSec connections used on CSR +# status_check_interval = 60 + +# Cisco CSR management port information for REST access used by VPNaaS +# TODO(pcm): Remove once CSR is integrated in as a Neutron router. +# +# Format is: +# [cisco_csr_rest:<public IP>] +# rest_mgmt = <mgmt port IP> +# tunnel_ip = <tunnel IP> +# username = <user> +# password = <password> +# timeout = <timeout> +# host = <hostname> +# tunnel_if = <tunnel I/F> +# +# where: +# public IP ----- Public IP address of router used with a VPN service (1:1 with CSR) +# tunnel IP ----- Public IP address of the CSR used for the IPSec tunnel +# mgmt port IP -- IP address of CSR for REST API access +# user ---------- Username for REST management port access to Cisco CSR +# password ------ Password for REST management port access to Cisco CSR +# timeout ------- REST request timeout to Cisco CSR (optional) +# hostname ------ Name of host where CSR is running as a VM +# tunnel I/F ---- CSR port name used for tunnels' IP address diff --git a/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini b/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini new file mode 100644 index 00000000..0ca9b46f --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/embrane/heleos_conf.ini @@ -0,0 +1,41 @@ +[heleos] +#configure the ESM management address +#in the first version of this plugin, only one ESM can be specified +#Example: +#esm_mgmt= + +#configure admin username and password +#admin_username= +#admin_password= + +#router image id +#Example: +#router_image=932ce713-e210-3d54-a0a5-518b0b5ee1b0 + +#mgmt shared security zone id +#defines the shared management security zone. Each tenant can have a private one configured through the ESM +#Example: +#mgmt_id=c0bc9b6c-f110-46cf-bb01-733bfe4b5a1a + +#in-band shared security zone id +#defines the shared in-band security zone. Each tenant can have a private one configured through the ESM +#Example: +#inband_id=a6b7999d-3806-4b04-81f6-e0c5c8271afc + +#oob-band shared security zone id +#defines the shared out-of-band security zone. Each tenant can have a private one configured through the ESM +#Example: +#oob_id=e7eda5cc-b977-46cb-9c14-cab43c1b7871 + +#dummy security zone id +#defines the dummy security zone ID. this security zone will be used by the DVAs with no neutron interfaces +#Example: +#dummy_utif_id=d9911310-25fc-4733-a2e0-c0eda024ef08 + +#resource pool id +#define the shared resource pool. Each tenant can have a private one configured through the ESM +#Example +#resource_pool_id= + +#define if the requests have to be executed asynchronously by the plugin or not +#async_requests= diff --git a/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini b/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini new file mode 100644 index 00000000..5eeec570 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/hyperv/hyperv_neutron_plugin.ini @@ -0,0 +1,63 @@ +[hyperv] +# (StrOpt) Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST either change this +# to 'vlan' and configure network_vlan_ranges below or to 'flat'. +# Set to 'none' to disable creation of tenant networks. +# +# tenant_network_type = local +# Example: tenant_network_type = vlan + +# (ListOpt) Comma-separated list of +# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges +# of VLAN IDs on named physical networks that are available for +# allocation. All physical networks listed are available for flat and +# VLAN provider network creation. Specified ranges of VLAN IDs are +# available for tenant network allocation if tenant_network_type is +# 'vlan'. If empty, only gre and local networks may be created. +# +# network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999 + +[agent] +# Agent's polling interval in seconds +# polling_interval = 2 + +# (ListOpt) Comma separated list of <physical_network>:<vswitch> +# where the physical networks can be expressed with wildcards, +# e.g.: ."*:external". +# The referred external virtual switches need to be already present on +# the Hyper-V server. +# If a given physical network name will not match any value in the list +# the plugin will look for a virtual switch with the same name. +# +# physical_network_vswitch_mappings = *:external +# Example: physical_network_vswitch_mappings = net1:external1,net2:external2 + +# (StrOpt) Private virtual switch name used for local networking. +# +# local_network_vswitch = private +# Example: local_network_vswitch = custom_vswitch + +# (BoolOpt) Enables metrics collections for switch ports by using Hyper-V's +# metric APIs. Collected data can by retrieved by other apps and services, +# e.g.: Ceilometer. Requires Hyper-V / Windows Server 2012 and above. +# +# enable_metrics_collection = False + +#----------------------------------------------------------------------------- +# Sample Configurations. +#----------------------------------------------------------------------------- +# +# Neutron server: +# +# [HYPERV] +# tenant_network_type = vlan +# network_vlan_ranges = default:2000:3999 +# +# Agent running on Hyper-V node: +# +# [AGENT] +# polling_interval = 2 +# physical_network_vswitch_mappings = *:external +# local_network_vswitch = private diff --git a/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini b/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini new file mode 100644 index 00000000..0fab5070 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ibm/sdnve_neutron_plugin.ini @@ -0,0 +1,50 @@ +[sdnve] +# (ListOpt) The IP address of one (or more) SDN-VE controllers +# Default value is: controller_ips = 127.0.0.1 +# Example: controller_ips = 127.0.0.1,127.0.0.2 +# (StrOpt) The integration bridge for OF based implementation +# The default value for integration_bridge is None +# Example: integration_bridge = br-int +# (ListOpt) The interface mapping connecting the integration +# bridge to external network as a list of physical network names and +# interfaces: <physical_network_name>:<interface_name> +# Example: interface_mappings = default:eth2 +# (BoolOpt) Used to reset the integration bridge, if exists +# The default value for reset_bridge is True +# Example: reset_bridge = False +# (BoolOpt) Used to set the OVS controller as out-of-band +# The default value for out_of_band is True +# Example: out_of_band = False +# +# (BoolOpt) The fake controller for testing purposes +# Default value is: use_fake_controller = False +# (StrOpt) The port number for use with controller +# The default value for the port is 8443 +# Example: port = 8443 +# (StrOpt) The userid for use with controller +# The default value for the userid is admin +# Example: userid = sdnve_user +# (StrOpt) The password for use with controller +# The default value for the password is admin +# Example: password = sdnve_password +# +# (StrOpt) The default type of tenants (and associated resources) +# Available choices are: OVERLAY or OF +# The default value for tenant type is OVERLAY +# Example: default_tenant_type = OVERLAY +# (StrOpt) The string in tenant description that indicates +# Default value for OF tenants: of_signature = SDNVE-OF +# (StrOpt) The string in tenant description that indicates +# Default value for OVERLAY tenants: overlay_signature = SDNVE-OVERLAY + +[sdnve_agent] +# (IntOpt) Agent's polling interval in seconds +# polling_interval = 2 +# (StrOpt) What to use for root helper +# The default value: root_helper = 'sudo' +# (BoolOpt) Whether to use rpc or not +# The default value: rpc = True + +[securitygroup] +# The security group is not supported: +# firewall_driver = neutron.agent.firewall.NoopFirewallDriver diff --git a/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini b/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini new file mode 100644 index 00000000..94fe9803 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/linuxbridge/linuxbridge_conf.ini @@ -0,0 +1,78 @@ +[vlans] +# (StrOpt) Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST change this to +# 'vlan' and configure network_vlan_ranges below in order for tenant +# networks to provide connectivity between hosts. Set to 'none' to +# disable creation of tenant networks. +# +# tenant_network_type = local +# Example: tenant_network_type = vlan + +# (ListOpt) Comma-separated list of +# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges +# of VLAN IDs on named physical networks that are available for +# allocation. All physical networks listed are available for flat and +# VLAN provider network creation. Specified ranges of VLAN IDs are +# available for tenant network allocation if tenant_network_type is +# 'vlan'. If empty, only local networks may be created. +# +# network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999 + +[linux_bridge] +# (ListOpt) Comma-separated list of +# <physical_network>:<physical_interface> tuples mapping physical +# network names to the agent's node-specific physical network +# interfaces to be used for flat and VLAN networks. All physical +# networks listed in network_vlan_ranges on the server should have +# mappings to appropriate interfaces on each agent. +# +# physical_interface_mappings = +# Example: physical_interface_mappings = physnet1:eth1 + +[vxlan] +# (BoolOpt) enable VXLAN on the agent +# VXLAN support can be enabled when agent is managed by ml2 plugin using +# linuxbridge mechanism driver. Useless if set while using linuxbridge plugin. +# enable_vxlan = False +# +# (IntOpt) use specific TTL for vxlan interface protocol packets +# ttl = +# +# (IntOpt) use specific TOS for vxlan interface protocol packets +# tos = +# +# (StrOpt) multicast group to use for broadcast emulation. +# This group must be the same on all the agents. +# vxlan_group = 224.0.0.1 +# +# (StrOpt) Local IP address to use for VXLAN endpoints (required) +# local_ip = +# +# (BoolOpt) Flag to enable l2population extension. This option should be used +# in conjunction with ml2 plugin l2population mechanism driver (in that case, +# both linuxbridge and l2population mechanism drivers should be loaded). +# It enables plugin to populate VXLAN forwarding table, in order to limit +# the use of broadcast emulation (multicast will be turned off if kernel and +# iproute2 supports unicast flooding - requires 3.11 kernel and iproute2 3.10) +# l2_population = False + +[agent] +# Agent's polling interval in seconds +# polling_interval = 2 + +# (BoolOpt) Enable server RPC compatibility with old (pre-havana) +# agents. +# +# rpc_support_old_agents = False +# Example: rpc_support_old_agents = True + +[securitygroup] +# Firewall driver for realizing neutron security group function +# firewall_driver = neutron.agent.firewall.NoopFirewallDriver +# Example: firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver + +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True diff --git a/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini b/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini new file mode 100644 index 00000000..2b9bfa5e --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/metaplugin/metaplugin.ini @@ -0,0 +1,31 @@ +# Config file for Metaplugin + +[meta] +# Comma separated list of flavor:neutron_plugin for plugins to load. +# Extension method is searched in the list order and the first one is used. +plugin_list = 'ml2:neutron.plugins.ml2.plugin.Ml2Plugin,nvp:neutron.plugins.vmware.plugin.NsxPluginV2' + +# Comma separated list of flavor:neutron_plugin for L3 service plugins +# to load. +# This is intended for specifying L2 plugins which support L3 functions. +# If you use a router service plugin, set this blank. +l3_plugin_list = + +# Default flavor to use, when flavor:network is not specified at network +# creation. +default_flavor = 'nvp' + +# Default L3 flavor to use, when flavor:router is not specified at router +# creation. +# Ignored if 'l3_plugin_list' is blank. +default_l3_flavor = + +# Comma separated list of supported extension aliases. +supported_extension_aliases = 'provider,binding,agent,dhcp_agent_scheduler' + +# Comma separated list of method:flavor to select specific plugin for a method. +# This has priority over method search order based on 'plugin_list'. +extension_map = 'get_port_stats:nvp' + +# Specifies flavor for plugin to handle 'q-plugin' RPC requests. +rpc_flavor = 'ml2' diff --git a/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini b/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini new file mode 100644 index 00000000..f2e94052 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/midonet/midonet.ini @@ -0,0 +1,19 @@ + +[midonet] +# MidoNet API server URI +# midonet_uri = http://localhost:8080/midonet-api + +# MidoNet admin username +# username = admin + +# MidoNet admin password +# password = passw0rd + +# ID of the project that MidoNet admin user belongs to +# project_id = 77777777-7777-7777-7777-777777777777 + +# Virtual provider router ID +# provider_router_id = 00112233-0011-0011-0011-001122334455 + +# Path to midonet host uuid file +# midonet_host_uuid_path = /etc/midolman/host_uuid.properties diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini new file mode 100644 index 00000000..b8097ce2 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf.ini @@ -0,0 +1,86 @@ +[ml2] +# (ListOpt) List of network type driver entrypoints to be loaded from +# the neutron.ml2.type_drivers namespace. +# +# type_drivers = local,flat,vlan,gre,vxlan +# Example: type_drivers = flat,vlan,gre,vxlan +type_drivers = flat,gre + +# (ListOpt) Ordered list of network_types to allocate as tenant +# networks. The default value 'local' is useful for single-box testing +# but provides no connectivity between hosts. +# +# tenant_network_types = local +# Example: tenant_network_types = vlan,gre,vxlan +tenant_network_types = gre + +# (ListOpt) Ordered list of networking mechanism driver entrypoints +# to be loaded from the neutron.ml2.mechanism_drivers namespace. +# mechanism_drivers = +# Example: mechanism_drivers = openvswitch,mlnx +# Example: mechanism_drivers = arista +# Example: mechanism_drivers = cisco,logger +# Example: mechanism_drivers = openvswitch,brocade +# Example: mechanism_drivers = linuxbridge,brocade +mechanism_drivers = openvswitch + +# (ListOpt) Ordered list of extension driver entrypoints +# to be loaded from the neutron.ml2.extension_drivers namespace. +# extension_drivers = +# Example: extension_drivers = anewextensiondriver + +[ml2_type_flat] +# (ListOpt) List of physical_network names with which flat networks +# can be created. Use * to allow flat networks with arbitrary +# physical_network names. +# +# flat_networks = +# Example:flat_networks = physnet1,physnet2 +# Example:flat_networks = * +flat_networks = External + +[ml2_type_vlan] +# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples +# specifying physical_network names usable for VLAN provider and +# tenant networks, as well as ranges of VLAN tags on each +# physical_network available for allocation as tenant networks. +# +# network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999,physnet2 +#network_vlan_ranges = Physnet1:100:200 + +[ml2_type_gre] +# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation +tunnel_id_ranges = 1:1000 + +[ml2_type_vxlan] +# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating +# ranges of VXLAN VNI IDs that are available for tenant network allocation. +# +# vni_ranges = + +# (StrOpt) Multicast group for the VXLAN interface. When configured, will +# enable sending all broadcast traffic to this multicast group. When left +# unconfigured, will disable multicast VXLAN mode. +# +# vxlan_group = +# Example: vxlan_group = 239.1.1.1 + +[securitygroup] +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +enable_security_group = True + +# Use ipset to speed-up the iptables security groups. Enabling ipset support +# requires that ipset is installed on L2 agent node. +enable_ipset = True + +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + +[ovs] +local_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +enable_tunneling = True +bridge_mappings=External:br-ex + +[agent] +tunnel_types = gre diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini new file mode 100644 index 00000000..abaf5bc7 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_arista.ini @@ -0,0 +1,100 @@ +# Defines configuration options specific for Arista ML2 Mechanism driver + +[ml2_arista] +# (StrOpt) EOS IP address. This is required field. If not set, all +# communications to Arista EOS will fail +# +# eapi_host = +# Example: eapi_host = 192.168.0.1 +# +# (StrOpt) EOS command API username. This is required field. +# if not set, all communications to Arista EOS will fail. +# +# eapi_username = +# Example: arista_eapi_username = admin +# +# (StrOpt) EOS command API password. This is required field. +# if not set, all communications to Arista EOS will fail. +# +# eapi_password = +# Example: eapi_password = my_password +# +# (StrOpt) Defines if hostnames are sent to Arista EOS as FQDNs +# ("node1.domain.com") or as short names ("node1"). This is +# optional. If not set, a value of "True" is assumed. +# +# use_fqdn = +# Example: use_fqdn = True +# +# (IntOpt) Sync interval in seconds between Neutron plugin and EOS. +# This field defines how often the synchronization is performed. +# This is an optional field. If not set, a value of 180 seconds +# is assumed. +# +# sync_interval = +# Example: sync_interval = 60 +# +# (StrOpt) Defines Region Name that is assigned to this OpenStack Controller. +# This is useful when multiple OpenStack/Neutron controllers are +# managing the same Arista HW clusters. Note that this name must +# match with the region name registered (or known) to keystone +# service. Authentication with Keysotne is performed by EOS. +# This is optional. If not set, a value of "RegionOne" is assumed. +# +# region_name = +# Example: region_name = RegionOne + + +[l3_arista] + +# (StrOpt) primary host IP address. This is required field. If not set, all +# communications to Arista EOS will fail. This is the host where +# primary router is created. +# +# primary_l3_host = +# Example: primary_l3_host = 192.168.10.10 +# +# (StrOpt) Primary host username. This is required field. +# if not set, all communications to Arista EOS will fail. +# +# primary_l3_host_username = +# Example: arista_primary_l3_username = admin +# +# (StrOpt) Primary host password. This is required field. +# if not set, all communications to Arista EOS will fail. +# +# primary_l3_host_password = +# Example: primary_l3_password = my_password +# +# (StrOpt) IP address of the second Arista switch paired as +# MLAG (Multi-chassis Link Aggregation) with the first. +# This is optional field, however, if mlag_config flag is set, +# then this is a required field. If not set, all +# communications to Arista EOS will fail. If mlag_config is set +# to False, then this field is ignored +# +# seconadary_l3_host = +# Example: seconadary_l3_host = 192.168.10.20 +# +# (BoolOpt) Defines if Arista switches are configured in MLAG mode +# If yes, all L3 configuration is pushed to both switches +# automatically. If this flag is set, ensure that secondary_l3_host +# is set to the second switch's IP. +# This flag is Optional. If not set, a value of "False" is assumed. +# +# mlag_config = +# Example: mlag_config = True +# +# (BoolOpt) Defines if the router is created in default VRF or a +# a specific VRF. This is optional. +# If not set, a value of "False" is assumed. +# +# Example: use_vrf = True +# +# (IntOpt) Sync interval in seconds between Neutron plugin and EOS. +# This field defines how often the synchronization is performed. +# This is an optional field. If not set, a value of 180 seconds +# is assumed. +# +# l3_sync_interval = +# Example: l3_sync_interval = 60 diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini new file mode 100644 index 00000000..67574110 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_brocade.ini @@ -0,0 +1,15 @@ +[ml2_brocade] +# username = <mgmt admin username> +# password = <mgmt admin password> +# address = <switch mgmt ip address> +# ostype = NOS +# osversion = autodetect | n.n.n +# physical_networks = physnet1,physnet2 +# +# Example: +# username = admin +# password = password +# address = 10.24.84.38 +# ostype = NOS +# osversion = 4.1.1 +# physical_networks = physnet1,physnet2 diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini new file mode 100644 index 00000000..1b69100e --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_cisco.ini @@ -0,0 +1,118 @@ +[ml2_cisco] + +# (StrOpt) A short prefix to prepend to the VLAN number when creating a +# VLAN interface. For example, if an interface is being created for +# VLAN 2001 it will be named 'q-2001' using the default prefix. +# +# vlan_name_prefix = q- +# Example: vlan_name_prefix = vnet- + +# (BoolOpt) A flag to enable round robin scheduling of routers for SVI. +# svi_round_robin = False + +# +# (StrOpt) The name of the physical_network managed via the Cisco Nexus Switch. +# This string value must be present in the ml2_conf.ini network_vlan_ranges +# variable. +# +# managed_physical_network = +# Example: managed_physical_network = physnet1 + +# Cisco Nexus Switch configurations. +# Each switch to be managed by Openstack Neutron must be configured here. +# +# Cisco Nexus Switch Format. +# [ml2_mech_cisco_nexus:<IP address of switch>] +# <hostname>=<intf_type:port> (1) +# ssh_port=<ssh port> (2) +# username=<credential username> (3) +# password=<credential password> (4) +# +# (1) For each host connected to a port on the switch, specify the hostname +# and the Nexus physical port (interface) it is connected to. +# Valid intf_type's are 'ethernet' and 'port-channel'. +# The default setting for <intf_type:> is 'ethernet' and need not be +# added to this setting. +# (2) The TCP port for connecting via SSH to manage the switch. This is +# port number 22 unless the switch has been configured otherwise. +# (3) The username for logging into the switch to manage it. +# (4) The password for logging into the switch to manage it. +# +# Example: +# [ml2_mech_cisco_nexus:1.1.1.1] +# compute1=1/1 +# compute2=ethernet:1/2 +# compute3=port-channel:1 +# ssh_port=22 +# username=admin +# password=mySecretPassword + +[ml2_cisco_apic] + +# Hostname:port list of APIC controllers +# apic_hosts = 1.1.1.1:80, 1.1.1.2:8080, 1.1.1.3:80 + +# Username for the APIC controller +# apic_username = user + +# Password for the APIC controller +# apic_password = password + +# Whether use SSl for connecting to the APIC controller or not +# apic_use_ssl = True + +# How to map names to APIC: use_uuid or use_name +# apic_name_mapping = use_name + +# Names for APIC objects used by Neutron +# Note: When deploying multiple clouds against one APIC, +# these names must be unique between the clouds. +# apic_vmm_domain = openstack +# apic_vlan_ns_name = openstack_ns +# apic_node_profile = openstack_profile +# apic_entity_profile = openstack_entity +# apic_function_profile = openstack_function +# apic_app_profile_name = openstack_app +# Agent timers for State reporting and topology discovery +# apic_sync_interval = 30 +# apic_agent_report_interval = 30 +# apic_agent_poll_interval = 2 + +# Specify your network topology. +# This section indicates how your compute nodes are connected to the fabric's +# switches and ports. The format is as follows: +# +# [apic_switch:<swich_id_from_the_apic>] +# <compute_host>,<compute_host> = <switchport_the_host(s)_are_connected_to> +# +# You can have multiple sections, one for each switch in your fabric that is +# participating in Openstack. e.g. +# +# [apic_switch:17] +# ubuntu,ubuntu1 = 1/10 +# ubuntu2,ubuntu3 = 1/11 +# +# [apic_switch:18] +# ubuntu5,ubuntu6 = 1/1 +# ubuntu7,ubuntu8 = 1/2 + +# Describe external connectivity. +# In this section you can specify the external network configuration in order +# for the plugin to be able to teach the fabric how to route the internal +# traffic to the outside world. The external connectivity configuration +# format is as follows: +# +# [apic_external_network:<externalNetworkName>] +# switch = <switch_id_from_the_apic> +# port = <switchport_the_external_router_is_connected_to> +# encap = <encapsulation> +# cidr_exposed = <cidr_exposed_to_the_external_router> +# gateway_ip = <ip_of_the_external_gateway> +# +# An example follows: +# [apic_external_network:network_ext] +# switch=203 +# port=1/34 +# encap=vlan-100 +# cidr_exposed=10.10.40.2/16 +# gateway_ip=10.10.40.1 diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini new file mode 100644 index 00000000..6ee4a4e0 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_fslsdn.ini @@ -0,0 +1,52 @@ +# Defines Configuration options for FSL SDN OS Mechanism Driver +# Cloud Resource Discovery (CRD) authorization credentials +[ml2_fslsdn] +#(StrOpt) User name for authentication to CRD. +# e.g.: user12 +# +# crd_user_name = + +#(StrOpt) Password for authentication to CRD. +# e.g.: secret +# +# crd_password = + +#(StrOpt) Tenant name for CRD service. +# e.g.: service +# +# crd_tenant_name = + +#(StrOpt) CRD auth URL. +# e.g.: http://127.0.0.1:5000/v2.0/ +# +# crd_auth_url = + +#(StrOpt) URL for connecting to CRD Service. +# e.g.: http://127.0.0.1:9797 +# +# crd_url= + +#(IntOpt) Timeout value for connecting to CRD service +# in seconds, e.g.: 30 +# +# crd_url_timeout= + +#(StrOpt) Region name for connecting to CRD in +# admin context, e.g.: RegionOne +# +# crd_region_name= + +#(BoolOpt)If set, ignore any SSL validation issues (boolean value) +# e.g.: False +# +# crd_api_insecure= + +#(StrOpt)Authorization strategy for connecting to CRD in admin +# context, e.g.: keystone +# +# crd_auth_strategy= + +#(StrOpt)Location of CA certificates file to use for CRD client +# requests. +# +# crd_ca_certificates_file= diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini new file mode 100644 index 00000000..46139aed --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_mlnx.ini @@ -0,0 +1,4 @@ +[eswitch] +# (StrOpt) Type of Network Interface to allocate for VM: +# mlnx_direct or hostdev according to libvirt terminology +# vnic_type = mlnx_direct diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini new file mode 100644 index 00000000..dbbfcbd2 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ncs.ini @@ -0,0 +1,28 @@ +# Defines configuration options specific to the Tail-f NCS Mechanism Driver + +[ml2_ncs] +# (StrOpt) Tail-f NCS HTTP endpoint for REST access to the OpenStack +# subtree. +# If this is not set then no HTTP requests will be made. +# +# url = +# Example: url = http://ncs/api/running/services/openstack + +# (StrOpt) Username for HTTP basic authentication to NCS. +# This is an optional parameter. If unspecified then no authentication is used. +# +# username = +# Example: username = admin + +# (StrOpt) Password for HTTP basic authentication to NCS. +# This is an optional parameter. If unspecified then no authentication is used. +# +# password = +# Example: password = admin + +# (IntOpt) Timeout in seconds to wait for NCS HTTP request completion. +# This is an optional parameter, default value is 10 seconds. +# +# timeout = +# Example: timeout = 15 + diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini new file mode 100644 index 00000000..9e88c1bb --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_odl.ini @@ -0,0 +1,30 @@ +# Configuration for the OpenDaylight MechanismDriver + +[ml2_odl] +# (StrOpt) OpenDaylight REST URL +# If this is not set then no HTTP requests will be made. +# +# url = +# Example: url = http://192.168.56.1:8080/controller/nb/v2/neutron + +# (StrOpt) Username for HTTP basic authentication to ODL. +# +# username = +# Example: username = admin + +# (StrOpt) Password for HTTP basic authentication to ODL. +# +# password = +# Example: password = admin + +# (IntOpt) Timeout in seconds to wait for ODL HTTP request completion. +# This is an optional parameter, default value is 10 seconds. +# +# timeout = 10 +# Example: timeout = 15 + +# (IntOpt) Timeout in minutes to wait for a Tomcat session timeout. +# This is an optional parameter, default value is 30 minutes. +# +# session_timeout = 30 +# Example: session_timeout = 60 diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini new file mode 100644 index 00000000..4a94b987 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_ofa.ini @@ -0,0 +1,13 @@ +# Defines configuration options specific to the OpenFlow Agent Mechanism Driver + +[ovs] +# Please refer to configuration options to the OpenvSwitch + +[agent] +# (IntOpt) Number of seconds to retry acquiring an Open vSwitch datapath. +# This is an optional parameter, default value is 60 seconds. +# +# get_datapath_retry_times = +# Example: get_datapath_retry_times = 30 + +# Please refer to configuration options to the OpenvSwitch else the above. diff --git a/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini new file mode 100644 index 00000000..9566f54c --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ml2/ml2_conf_sriov.ini @@ -0,0 +1,31 @@ +# Defines configuration options for SRIOV NIC Switch MechanismDriver +# and Agent + +[ml2_sriov] +# (ListOpt) Comma-separated list of +# supported Vendor PCI Devices, in format vendor_id:product_id +# +# supported_pci_vendor_devs = 15b3:1004, 8086:10c9 +# Example: supported_pci_vendor_devs = 15b3:1004 +# +# (BoolOpt) Requires running SRIOV neutron agent for port binding +# agent_required = True + +[sriov_nic] +# (ListOpt) Comma-separated list of <physical_network>:<network_device> +# tuples mapping physical network names to the agent's node-specific +# physical network device interfaces of SR-IOV physical function to be used +# for VLAN networks. All physical networks listed in network_vlan_ranges on +# the server should have mappings to appropriate interfaces on each agent. +# +# physical_device_mappings = +# Example: physical_device_mappings = physnet1:eth1 +# +# (ListOpt) Comma-separated list of <network_device>:<vfs__to_exclude> +# tuples, mapping network_device to the agent's node-specific list of virtual +# functions that should not be used for virtual networking. +# vfs_to_exclude is a semicolon-separated list of virtual +# functions to exclude from network_device. The network_device in the +# mapping should appear in the physical_device_mappings list. +# exclude_devices = +# Example: exclude_devices = eth1:0000:07:00.2; 0000:07:00.3 diff --git a/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini b/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini new file mode 100644 index 00000000..b1225111 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/mlnx/mlnx_conf.ini @@ -0,0 +1,79 @@ +[mlnx] +# (StrOpt) Type of network to allocate for tenant networks. The +# default value is 'vlan' You MUST configure network_vlan_ranges below +# in order for tenant networks to provide connectivity between hosts. +# Set to 'none' to disable creation of tenant networks. +# +# tenant_network_type = vlan +# Example: tenant_network_type = vlan + +# (ListOpt) Comma-separated list of +# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges +# of VLAN IDs on named physical networks that are available for +# allocation. All physical networks listed are available for flat and +# VLAN provider network creation. Specified ranges of VLAN IDs are +# available for tenant network allocation if tenant_network_type is +# 'vlan'. If empty, only local networks may be created. +# +# network_vlan_ranges = +# Example: network_vlan_ranges = default:1:100 + +# (ListOpt) Comma-separated list of +# <physical_network>:<physical_network_type> tuples mapping physical +# network names to physical network types. All physical +# networks listed in network_vlan_ranges should have +# mappings to appropriate physical network type. +# Type of the physical network can be either eth (Ethernet) or +# ib (InfiniBand). If empty, physical network eth type is assumed. +# +# physical_network_type_mappings = +# Example: physical_network_type_mappings = default:eth + +# (StrOpt) Type of the physical network, can be either 'eth' or 'ib' +# The default value is 'eth' +# physical_network_type = eth + +[eswitch] +# (ListOpt) Comma-separated list of +# <physical_network>:<physical_interface> tuples mapping physical +# network names to the agent's node-specific physical network +# interfaces to be used for flat and VLAN networks. All physical +# networks listed in network_vlan_ranges on the server should have +# mappings to appropriate interfaces on each agent. +# +# physical_interface_mappings = +# Example: physical_interface_mappings = default:eth2 + +# (StrOpt) Type of Network Interface to allocate for VM: +# direct or hosdev according to libvirt terminology +# vnic_type = mlnx_direct + +# (StrOpt) Eswitch daemon end point connection url +# daemon_endpoint = 'tcp://127.0.0.1:60001' + +# The number of milliseconds the agent will wait for +# response on request to daemon +# request_timeout = 3000 + +# The number of retries the agent will send request +# to daemon before giving up +# retries = 3 + +# The backoff rate multiplier for waiting period between retries +# on request to daemon, i.e. value of 2 will double +# the request timeout each retry +# backoff_rate = 2 + +[agent] +# Agent's polling interval in seconds +# polling_interval = 2 + +# (BoolOpt) Enable server RPC compatibility with old (pre-havana) +# agents. +# +# rpc_support_old_agents = False + +[securitygroup] +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True diff --git a/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini b/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini new file mode 100644 index 00000000..aa4171da --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/nec/nec.ini @@ -0,0 +1,60 @@ +# Sample Configurations + +[ovs] +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch port". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity. +# integration_bridge = br-int + +[agent] +# Agent's polling interval in seconds +# polling_interval = 2 + +[securitygroup] +# Firewall driver for realizing neutron security group function +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True + +[ofc] +# Specify OpenFlow Controller Host, Port and Driver to connect. +# host = 127.0.0.1 +# port = 8888 + +# Base URL of OpenFlow Controller REST API. +# It is prepended to a path of each API request. +# path_prefix = + +# Drivers are in neutron/plugins/nec/drivers/ . +# driver = trema + +# PacketFilter is available when it's enabled in this configuration +# and supported by the driver. +# enable_packet_filter = true + +# Use SSL to connect +# use_ssl = false + +# Key file +# key_file = + +# Certificate file +# cert_file = + +# Disable SSL certificate verification +# insecure_ssl = false + +# Maximum attempts per OFC API request. NEC plugin retries +# API request to OFC when OFC returns ServiceUnavailable (503). +# The value must be greater than 0. +# api_max_attempts = 3 + +[provider] +# Default router provider to use. +# default_router_provider = l3-agent +# List of enabled router providers. +# router_providers = l3-agent,openflow diff --git a/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini b/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini new file mode 100644 index 00000000..aad37bd5 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/nuage/nuage_plugin.ini @@ -0,0 +1,41 @@ +# Please fill in the correct data for all the keys below and uncomment key-value pairs +[restproxy] +# (StrOpt) Default Network partition in which VSD will +# orchestrate network resources using openstack +# +#default_net_partition_name = <default-net-partition-name> + +# (StrOpt) Nuage provided uri for initial authorization to +# access VSD +# +#auth_resource = /auth + +# (StrOpt) IP Address and Port of VSD +# +#server = ip:port + +# (StrOpt) Organization name in which VSD will orchestrate +# network resources using openstack +# +#organization = org + +# (StrOpt) Username and password of VSD for authentication +# +#serverauth = uname:pass + +# (BoolOpt) Boolean for SSL connection with VSD server +# +#serverssl = True + +# (StrOpt) Nuage provided base uri to reach out to VSD +# +#base_uri = /base + +[syncmanager] +# (BoolOpt) Boolean to enable sync between openstack and VSD +# +#enable_sync = False + +# (IntOpt) Sync interval in seconds between openstack and VSD +# +#sync_interval = 0
\ No newline at end of file diff --git a/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini b/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini new file mode 100644 index 00000000..a1c05d97 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/oneconvergence/nvsdplugin.ini @@ -0,0 +1,35 @@ +[nvsd] +# Configure the NVSD controller. The plugin proxies the api calls using +# to NVSD controller which implements the required functionality. + +# IP address of NVSD controller api server +# nvsd_ip = <ip address of nvsd controller> + +# Port number of NVSD controller api server +# nvsd_port = 8082 + +# Authentication credentials to access the api server +# nvsd_user = <nvsd controller username> +# nvsd_passwd = <password> + +# API request timeout in seconds +# request_timeout = <default request timeout> + +# Maximum number of retry attempts to login to the NVSD controller +# Specify 0 to retry until success (default) +# nvsd_retries = 0 + +[securitygroup] +# Specify firewall_driver option, if neutron security groups are disabled, +# then NoopFirewallDriver otherwise OVSHybridIptablesFirewallDriver. +# firewall_driver = neutron.agent.firewall.NoopFirewallDriver + +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True + +[agent] +# root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf + +[database] +# connection = mysql://root:<passwd>@127.0.0.1/<neutron_db>?charset=utf8 diff --git a/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini b/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini new file mode 100644 index 00000000..629f1fc4 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/opencontrail/contrailplugin.ini @@ -0,0 +1,26 @@ +# OpenContrail is an Apache 2.0-licensed project that is built using +# standards-based protocols and provides all the necessary components for +# network virtualization–SDN controller, virtual router, analytics engine, +# and published northbound APIs +# For more information visit: http://opencontrail.org + +# Opencontrail plugin specific configuration +[CONTRAIL] +# (StrOpt) IP address to connect to opencontrail controller. +# Uncomment this line for specifying the IP address of the opencontrail +# Api-Server. +# Default value is local host(127.0.0.1). +# api_server_ip='127.0.0.1' + +# (IntOpt) port to connect to opencontrail controller. +# Uncomment this line for the specifying the Port of the opencontrail +# Api-Server. +# Default value is 8082 +# api_server_port=8082 + +# (DictOpt) enable opencontrail extensions +# Opencontrail in future would support extension such as ipam, policy, +# these extensions can be configured as shown below. Plugin will then +# load the specified extensions. +# Default value is None, it wont load any extension +# contrail_extensions=ipam:<classpath>,policy:<classpath> diff --git a/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini b/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini new file mode 100644 index 00000000..9c8e6b58 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/openvswitch/ovs_neutron_plugin.ini @@ -0,0 +1,190 @@ +[ovs] +# (StrOpt) Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST either change this +# to 'vlan' and configure network_vlan_ranges below or change this to +# 'gre' or 'vxlan' and configure tunnel_id_ranges below in order for +# tenant networks to provide connectivity between hosts. Set to 'none' +# to disable creation of tenant networks. +# +# tenant_network_type = local +# Example: tenant_network_type = gre +# Example: tenant_network_type = vxlan + +# (ListOpt) Comma-separated list of +# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges +# of VLAN IDs on named physical networks that are available for +# allocation. All physical networks listed are available for flat and +# VLAN provider network creation. Specified ranges of VLAN IDs are +# available for tenant network allocation if tenant_network_type is +# 'vlan'. If empty, only gre, vxlan and local networks may be created. +# +# network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999 + +# (BoolOpt) Set to True in the server and the agents to enable support +# for GRE or VXLAN networks. Requires kernel support for OVS patch ports and +# GRE or VXLAN tunneling. +# +# WARNING: This option will be deprecated in the Icehouse release, at which +# point setting tunnel_type below will be required to enable +# tunneling. +# +# enable_tunneling = False + +# (StrOpt) The type of tunnel network, if any, supported by the plugin. If +# this is set, it will cause tunneling to be enabled. If this is not set and +# the option enable_tunneling is set, this will default to 'gre'. +# +# tunnel_type = +# Example: tunnel_type = gre +# Example: tunnel_type = vxlan + +# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples +# enumerating ranges of GRE or VXLAN tunnel IDs that are available for +# tenant network allocation if tenant_network_type is 'gre' or 'vxlan'. +# +# tunnel_id_ranges = +# Example: tunnel_id_ranges = 1:1000 + +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch bay". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity. +# +# integration_bridge = br-int + +# Only used for the agent if tunnel_id_ranges (above) is not empty for +# the server. In most cases, the default value should be fine. +# +# tunnel_bridge = br-tun + +# Peer patch port in integration bridge for tunnel bridge +# int_peer_patch_port = patch-tun + +# Peer patch port in tunnel bridge for integration bridge +# tun_peer_patch_port = patch-int + +# Uncomment this line for the agent if tunnel_id_ranges (above) is not +# empty for the server. Set local-ip to be the local IP address of +# this hypervisor. +# +# local_ip = + +# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples +# mapping physical network names to the agent's node-specific OVS +# bridge names to be used for flat and VLAN networks. The length of +# bridge names should be no more than 11. Each bridge must +# exist, and should have a physical network interface configured as a +# port. All physical networks listed in network_vlan_ranges on the +# server should have mappings to appropriate bridges on each agent. +# +# bridge_mappings = +# Example: bridge_mappings = physnet1:br-eth1 + +# (BoolOpt) Use veths instead of patch ports to interconnect the integration +# bridge to physical networks. Support kernel without ovs patch port support +# so long as it is set to True. +# use_veth_interconnection = False + +[agent] +# Agent's polling interval in seconds +# polling_interval = 2 + +# Minimize polling by monitoring ovsdb for interface changes +# minimize_polling = True + +# When minimize_polling = True, the number of seconds to wait before +# respawning the ovsdb monitor after losing communication with it +# ovsdb_monitor_respawn_interval = 30 + +# (ListOpt) The types of tenant network tunnels supported by the agent. +# Setting this will enable tunneling support in the agent. This can be set to +# either 'gre' or 'vxlan'. If this is unset, it will default to [] and +# disable tunneling support in the agent. When running the agent with the OVS +# plugin, this value must be the same as "tunnel_type" in the "[ovs]" section. +# When running the agent with ML2, you can specify as many values here as +# your compute hosts supports. +# +# tunnel_types = +# Example: tunnel_types = gre +# Example: tunnel_types = vxlan +# Example: tunnel_types = vxlan, gre + +# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By +# default, this will make use of the Open vSwitch default value of '4789' if +# not specified. +# +# vxlan_udp_port = +# Example: vxlan_udp_port = 8472 + +# (IntOpt) This is the MTU size of veth interfaces. +# Do not change unless you have a good reason to. +# The default MTU size of veth interfaces is 1500. +# This option has no effect if use_veth_interconnection is False +# veth_mtu = +# Example: veth_mtu = 1504 + +# (BoolOpt) Flag to enable l2-population extension. This option should only be +# used in conjunction with ml2 plugin and l2population mechanism driver. It'll +# enable plugin to populate remote ports macs and IPs (using fdb_add/remove +# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to +# optimize tunnel management. +# +# l2_population = False + +# Enable local ARP responder. Requires OVS 2.1. This is only used by the l2 +# population ML2 MechanismDriver. +# +# arp_responder = False + +# (BoolOpt) Set or un-set the don't fragment (DF) bit on outgoing IP packet +# carrying GRE/VXLAN tunnel. The default value is True. +# +# dont_fragment = True + +# (BoolOpt) Set to True on L2 agents to enable support +# for distributed virtual routing. +# +# enable_distributed_routing = False + +[securitygroup] +# Firewall driver for realizing neutron security group function. +# firewall_driver = neutron.agent.firewall.NoopFirewallDriver +# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True + +#----------------------------------------------------------------------------- +# Sample Configurations. +#----------------------------------------------------------------------------- +# +# 1. With VLANs on eth1. +# [ovs] +# network_vlan_ranges = default:2000:3999 +# tunnel_id_ranges = +# integration_bridge = br-int +# bridge_mappings = default:br-eth1 +# +# 2. With GRE tunneling. +# [ovs] +# network_vlan_ranges = +# tunnel_id_ranges = 1:1000 +# integration_bridge = br-int +# tunnel_bridge = br-tun +# local_ip = 10.0.0.3 +# +# 3. With VXLAN tunneling. +# [ovs] +# network_vlan_ranges = +# tenant_network_type = vxlan +# tunnel_type = vxlan +# tunnel_id_ranges = 1:1000 +# integration_bridge = br-int +# tunnel_bridge = br-tun +# local_ip = 10.0.0.3 +# [agent] +# tunnel_types = vxlan diff --git a/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini b/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini new file mode 100644 index 00000000..bfe8062a --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/plumgrid/plumgrid.ini @@ -0,0 +1,14 @@ +# Config file for Neutron PLUMgrid Plugin + +[plumgriddirector] +# This line should be pointing to the PLUMgrid Director, +# for the PLUMgrid platform. +# director_server=<director-ip-address> +# director_server_port=<director-port> +# Authentification parameters for the Director. +# These are the admin credentials to manage and control +# the PLUMgrid Director server. +# username=<director-admin-username> +# password=<director-admin-password> +# servertimeout=5 +# driver=<plugin-driver> diff --git a/openstack/usr/share/openstack/neutron/plugins/ryu/ryu.ini b/openstack/usr/share/openstack/neutron/plugins/ryu/ryu.ini new file mode 100644 index 00000000..9d9cfa25 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/ryu/ryu.ini @@ -0,0 +1,44 @@ +[ovs] +# integration_bridge = br-int + +# openflow_rest_api = <host IP address of ofp rest api service>:<port: 8080> +# openflow_rest_api = 127.0.0.1:8080 + +# tunnel key range: 0 < tunnel_key_min < tunnel_key_max +# VLAN: 12bits, GRE, VXLAN: 24bits +# tunnel_key_min = 1 +# tunnel_key_max = 0xffffff + +# tunnel_ip = <ip address for tunneling> +# tunnel_interface = interface for tunneling +# when tunnel_ip is NOT specified, ip address is read +# from this interface +# tunnel_ip = +# tunnel_interface = +tunnel_interface = eth0 + +# ovsdb_port = port number on which ovsdb is listening +# ryu-agent uses this parameter to setup ovsdb. +# ovs-vsctl set-manager ptcp:<ovsdb_port> +# See set-manager section of man ovs-vsctl for details. +# currently ptcp is only supported. +# ovsdb_ip = <host IP address on which ovsdb is listening> +# ovsdb_interface = interface for ovsdb +# when ovsdb_addr NOT specifiied, ip address is gotten +# from this interface +# ovsdb_port = 6634 +# ovsdb_ip = +# ovsdb_interface = +ovsdb_interface = eth0 + +[securitygroup] +# Firewall driver for realizing neutron security group function +# firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True + +[agent] +# Agent's polling interval in seconds +# polling_interval = 2 diff --git a/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini b/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini new file mode 100644 index 00000000..baca73b8 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/plugins/vmware/nsx.ini @@ -0,0 +1,200 @@ +[DEFAULT] +# User name for NSX controller +# nsx_user = admin + +# Password for NSX controller +# nsx_password = admin + +# Time before aborting a request on an unresponsive controller (Seconds) +# http_timeout = 75 + +# Maximum number of times a particular request should be retried +# retries = 2 + +# Maximum number of times a redirect response should be followed +# redirects = 2 + +# Comma-separated list of NSX controller endpoints (<ip>:<port>). When port +# is omitted, 443 is assumed. This option MUST be specified, e.g.: +# nsx_controllers = xx.yy.zz.ww:443, aa.bb.cc.dd, ee.ff.gg.hh.ee:80 + +# UUID of the pre-existing default NSX Transport zone to be used for creating +# tunneled isolated "Neutron" networks. This option MUST be specified, e.g.: +# default_tz_uuid = 1e8e52cf-fa7f-46b0-a14a-f99835a9cb53 + +# (Optional) UUID for the default l3 gateway service to use with this cluster. +# To be specified if planning to use logical routers with external gateways. +# default_l3_gw_service_uuid = + +# (Optional) UUID for the default l2 gateway service to use with this cluster. +# To be specified for providing a predefined gateway tenant for connecting their networks. +# default_l2_gw_service_uuid = + +# (Optional) UUID for the default service cluster. A service cluster is introduced to +# represent a group of gateways and it is needed in order to use Logical Services like +# dhcp and metadata in the logical space. NOTE: If agent_mode is set to 'agentless' this +# config parameter *MUST BE* set to a valid pre-existent service cluster uuid. +# default_service_cluster_uuid = + +# Name of the default interface name to be used on network-gateway. This value +# will be used for any device associated with a network gateway for which an +# interface name was not specified +# default_interface_name = breth0 + +[quotas] +# number of network gateways allowed per tenant, -1 means unlimited +# quota_network_gateway = 5 + +[vcns] +# URL for VCNS manager +# manager_uri = https://management_ip + +# User name for VCNS manager +# user = admin + +# Password for VCNS manager +# password = default + +# (Optional) Datacenter ID for Edge deployment +# datacenter_moid = + +# (Optional) Deployment Container ID for NSX Edge deployment +# If not specified, either a default global container will be used, or +# the resource pool and datastore specified below will be used +# deployment_container_id = + +# (Optional) Resource pool ID for NSX Edge deployment +# resource_pool_id = + +# (Optional) Datastore ID for NSX Edge deployment +# datastore_id = + +# (Required) UUID of logic switch for physical network connectivity +# external_network = + +# (Optional) Asynchronous task status check interval +# default is 2000 (millisecond) +# task_status_check_interval = 2000 + +[nsx] +# Maximum number of ports for each bridged logical switch +# The recommended value for this parameter varies with NSX version +# Please use: +# NSX 2.x -> 64 +# NSX 3.0, 3.1 -> 5000 +# NSX 3.2 -> 10000 +# max_lp_per_bridged_ls = 5000 + +# Maximum number of ports for each overlay (stt, gre) logical switch +# max_lp_per_overlay_ls = 256 + +# Number of connections to each controller node. +# default is 10 +# concurrent_connections = 10 + +# Number of seconds a generation id should be valid for (default -1 meaning do not time out) +# nsx_gen_timeout = -1 + +# Acceptable values for 'metadata_mode' are: +# - 'access_network': this enables a dedicated connection to the metadata +# proxy for metadata server access via Neutron router. +# - 'dhcp_host_route': this enables host route injection via the dhcp agent. +# This option is only useful if running on a host that does not support +# namespaces otherwise access_network should be used. +# metadata_mode = access_network + +# The default network transport type to use (stt, gre, bridge, ipsec_gre, or ipsec_stt) +# default_transport_type = stt + +# Specifies in which mode the plugin needs to operate in order to provide DHCP and +# metadata proxy services to tenant instances. If 'agent' is chosen (default) +# the NSX plugin relies on external RPC agents (i.e. dhcp and metadata agents) to +# provide such services. In this mode, the plugin supports API extensions 'agent' +# and 'dhcp_agent_scheduler'. If 'agentless' is chosen (experimental in Icehouse), +# the plugin will use NSX logical services for DHCP and metadata proxy. This +# simplifies the deployment model for Neutron, in that the plugin no longer requires +# the RPC agents to operate. When 'agentless' is chosen, the config option metadata_mode +# becomes ineffective. The 'agentless' mode is supported from NSX 4.2 or above. +# Furthermore, a 'combined' mode is also provided and is used to support existing +# deployments that want to adopt the agentless mode going forward. With this mode, +# existing networks keep being served by the existing infrastructure (thus preserving +# backward compatibility, whereas new networks will be served by the new infrastructure. +# Migration tools are provided to 'move' one network from one model to another; with +# agent_mode set to 'combined', option 'network_auto_schedule' in neutron.conf is +# ignored, as new networks will no longer be scheduled to existing dhcp agents. +# agent_mode = agent + +# Specifies which mode packet replication should be done in. If set to service +# a service node is required in order to perform packet replication. This can +# also be set to source if one wants replication to be performed locally (NOTE: +# usually only useful for testing if one does not want to deploy a service node). +# In order to leverage distributed routers, replication_mode should be set to +# "service". +# replication_mode = service + +[nsx_sync] +# Interval in seconds between runs of the status synchronization task. +# The plugin will aim at resynchronizing operational status for all +# resources in this interval, and it should be therefore large enough +# to ensure the task is feasible. Otherwise the plugin will be +# constantly synchronizing resource status, ie: a new task is started +# as soon as the previous is completed. +# If this value is set to 0, the state synchronization thread for this +# Neutron instance will be disabled. +# state_sync_interval = 10 + +# Random additional delay between two runs of the state synchronization task. +# An additional wait time between 0 and max_random_sync_delay seconds +# will be added on top of state_sync_interval. +# max_random_sync_delay = 0 + +# Minimum delay, in seconds, between two status synchronization requests for NSX. +# Depending on chunk size, controller load, and other factors, state +# synchronization requests might be pretty heavy. This means the +# controller might take time to respond, and its load might be quite +# increased by them. This parameter allows to specify a minimum +# interval between two subsequent requests. +# The value for this parameter must never exceed state_sync_interval. +# If this does, an error will be raised at startup. +# min_sync_req_delay = 1 + +# Minimum number of resources to be retrieved from NSX in a single status +# synchronization request. +# The actual size of the chunk will increase if the number of resources is such +# that using the minimum chunk size will cause the interval between two +# requests to be less than min_sync_req_delay +# min_chunk_size = 500 + +# Enable this option to allow punctual state synchronization on show +# operations. In this way, show operations will always fetch the operational +# status of the resource from the NSX backend, and this might have +# a considerable impact on overall performance. +# always_read_status = False + +[nsx_lsn] +# Pull LSN information from NSX in case it is missing from the local +# data store. This is useful to rebuild the local store in case of +# server recovery +# sync_on_missing_data = False + +[nsx_dhcp] +# (Optional) Comma separated list of additional dns servers. Default is an empty list +# extra_domain_name_servers = + +# Domain to use for building the hostnames +# domain_name = openstacklocal + +# Default DHCP lease time +# default_lease_time = 43200 + +[nsx_metadata] +# IP address used by Metadata server +# metadata_server_address = 127.0.0.1 + +# TCP Port used by Metadata server +# metadata_server_port = 8775 + +# When proxying metadata requests, Neutron signs the Instance-ID header with a +# shared secret to prevent spoofing. You may select any string for a secret, +# but it MUST match with the configuration used by the Metadata server +# metadata_shared_secret = diff --git a/openstack/usr/share/openstack/neutron/policy.json b/openstack/usr/share/openstack/neutron/policy.json new file mode 100644 index 00000000..e7db4357 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/policy.json @@ -0,0 +1,138 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s", + "admin_or_network_owner": "rule:context_is_admin or tenant_id:%(network:tenant_id)s", + "admin_only": "rule:context_is_admin", + "regular_user": "", + "shared": "field:networks:shared=True", + "shared_firewalls": "field:firewalls:shared=True", + "external": "field:networks:router:external=True", + "default": "rule:admin_or_owner", + + "create_subnet": "rule:admin_or_network_owner", + "get_subnet": "rule:admin_or_owner or rule:shared", + "update_subnet": "rule:admin_or_network_owner", + "delete_subnet": "rule:admin_or_network_owner", + + "create_network": "", + "get_network": "rule:admin_or_owner or rule:shared or rule:external", + "get_network:router:external": "rule:regular_user", + "get_network:segments": "rule:admin_only", + "get_network:provider:network_type": "rule:admin_only", + "get_network:provider:physical_network": "rule:admin_only", + "get_network:provider:segmentation_id": "rule:admin_only", + "get_network:queue_id": "rule:admin_only", + "create_network:shared": "rule:admin_only", + "create_network:router:external": "rule:admin_only", + "create_network:segments": "rule:admin_only", + "create_network:provider:network_type": "rule:admin_only", + "create_network:provider:physical_network": "rule:admin_only", + "create_network:provider:segmentation_id": "rule:admin_only", + "update_network": "rule:admin_or_owner", + "update_network:segments": "rule:admin_only", + "update_network:shared": "rule:admin_only", + "update_network:provider:network_type": "rule:admin_only", + "update_network:provider:physical_network": "rule:admin_only", + "update_network:provider:segmentation_id": "rule:admin_only", + "update_network:router:external": "rule:admin_only", + "delete_network": "rule:admin_or_owner", + + "create_port": "", + "create_port:mac_address": "rule:admin_or_network_owner", + "create_port:fixed_ips": "rule:admin_or_network_owner", + "create_port:port_security_enabled": "rule:admin_or_network_owner", + "create_port:binding:host_id": "rule:admin_only", + "create_port:binding:profile": "rule:admin_only", + "create_port:mac_learning_enabled": "rule:admin_or_network_owner", + "get_port": "rule:admin_or_owner", + "get_port:queue_id": "rule:admin_only", + "get_port:binding:vif_type": "rule:admin_only", + "get_port:binding:vif_details": "rule:admin_only", + "get_port:binding:host_id": "rule:admin_only", + "get_port:binding:profile": "rule:admin_only", + "update_port": "rule:admin_or_owner", + "update_port:fixed_ips": "rule:admin_or_network_owner", + "update_port:port_security_enabled": "rule:admin_or_network_owner", + "update_port:binding:host_id": "rule:admin_only", + "update_port:binding:profile": "rule:admin_only", + "update_port:mac_learning_enabled": "rule:admin_or_network_owner", + "delete_port": "rule:admin_or_owner", + + "get_router:ha": "rule:admin_only", + "create_router": "rule:regular_user", + "create_router:external_gateway_info:enable_snat": "rule:admin_only", + "create_router:distributed": "rule:admin_only", + "create_router:ha": "rule:admin_only", + "get_router": "rule:admin_or_owner", + "get_router:distributed": "rule:admin_only", + "update_router:external_gateway_info:enable_snat": "rule:admin_only", + "update_router:distributed": "rule:admin_only", + "update_router:ha": "rule:admin_only", + "delete_router": "rule:admin_or_owner", + + "add_router_interface": "rule:admin_or_owner", + "remove_router_interface": "rule:admin_or_owner", + + "create_firewall": "", + "get_firewall": "rule:admin_or_owner", + "create_firewall:shared": "rule:admin_only", + "get_firewall:shared": "rule:admin_only", + "update_firewall": "rule:admin_or_owner", + "update_firewall:shared": "rule:admin_only", + "delete_firewall": "rule:admin_or_owner", + + "create_firewall_policy": "", + "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewalls", + "create_firewall_policy:shared": "rule:admin_or_owner", + "update_firewall_policy": "rule:admin_or_owner", + "delete_firewall_policy": "rule:admin_or_owner", + + "create_firewall_rule": "", + "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls", + "update_firewall_rule": "rule:admin_or_owner", + "delete_firewall_rule": "rule:admin_or_owner", + + "create_qos_queue": "rule:admin_only", + "get_qos_queue": "rule:admin_only", + + "update_agent": "rule:admin_only", + "delete_agent": "rule:admin_only", + "get_agent": "rule:admin_only", + + "create_dhcp-network": "rule:admin_only", + "delete_dhcp-network": "rule:admin_only", + "get_dhcp-networks": "rule:admin_only", + "create_l3-router": "rule:admin_only", + "delete_l3-router": "rule:admin_only", + "get_l3-routers": "rule:admin_only", + "get_dhcp-agents": "rule:admin_only", + "get_l3-agents": "rule:admin_only", + "get_loadbalancer-agent": "rule:admin_only", + "get_loadbalancer-pools": "rule:admin_only", + + "create_floatingip": "rule:regular_user", + "update_floatingip": "rule:admin_or_owner", + "delete_floatingip": "rule:admin_or_owner", + "get_floatingip": "rule:admin_or_owner", + + "create_network_profile": "rule:admin_only", + "update_network_profile": "rule:admin_only", + "delete_network_profile": "rule:admin_only", + "get_network_profiles": "", + "get_network_profile": "", + "update_policy_profiles": "rule:admin_only", + "get_policy_profiles": "", + "get_policy_profile": "", + + "create_metering_label": "rule:admin_only", + "delete_metering_label": "rule:admin_only", + "get_metering_label": "rule:admin_only", + + "create_metering_label_rule": "rule:admin_only", + "delete_metering_label_rule": "rule:admin_only", + "get_metering_label_rule": "rule:admin_only", + + "get_service_provider": "rule:regular_user", + "get_lsn": "rule:admin_only", + "create_lsn": "rule:admin_only" +} diff --git a/openstack/usr/share/openstack/neutron/vpn_agent.ini b/openstack/usr/share/openstack/neutron/vpn_agent.ini new file mode 100644 index 00000000..c3089df9 --- /dev/null +++ b/openstack/usr/share/openstack/neutron/vpn_agent.ini @@ -0,0 +1,14 @@ +[DEFAULT] +# VPN-Agent configuration file +# Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also + +[vpnagent] +# vpn device drivers which vpn agent will use +# If we want to use multiple drivers, we need to define this option multiple times. +# vpn_device_driver=neutron.services.vpn.device_drivers.ipsec.OpenSwanDriver +# vpn_device_driver=neutron.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver +# vpn_device_driver=another_driver + +[ipsec] +# Status check interval +# ipsec_status_check_interval=60 diff --git a/openstack/usr/share/openstack/nova-config.yml b/openstack/usr/share/openstack/nova-config.yml new file mode 100644 index 00000000..4f43db39 --- /dev/null +++ b/openstack/usr/share/openstack/nova-config.yml @@ -0,0 +1,34 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/nova.conf" + tasks: + - name: Create the nova user. + user: + name: nova + comment: Openstack Nova Daemons + shell: /sbin/nologin + home: /var/lib/nova + groups: libvirt + append: yes + + - name: Create the /var folders for nova + file: + path: "{{ item }}" + state: directory + owner: nova + group: nova + with_items: + - /var/run/nova + - /var/lock/nova + - /var/log/nova + - /var/lib/nova + - /var/lib/nova/instances + + - file: path=/etc/nova state=directory + - name: Add the configuration needed for nova in /etc/nova using templates + template: + src: /usr/share/openstack/nova/{{ item }} + dest: /etc/nova/{{ item }} + with_lines: + - cd /usr/share/openstack/nova && find -type f diff --git a/openstack/usr/share/openstack/nova-db.yml b/openstack/usr/share/openstack/nova-db.yml new file mode 100644 index 00000000..e7dc5b10 --- /dev/null +++ b/openstack/usr/share/openstack/nova-db.yml @@ -0,0 +1,51 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/nova.conf" + tasks: + - name: Create nova service user in service tenant + keystone_user: + user: "{{ NOVA_SERVICE_USER }}" + password: "{{ NOVA_SERVICE_PASSWORD }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Assign admin role to nova service user in the service tenant + keystone_user: + role: admin + user: "{{ NOVA_SERVICE_USER }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Add nova endpoint + keystone_service: + name: nova + type: compute + description: Openstack Compute Service + publicurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' + internalurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' + adminurl: 'http://{{ CONTROLLER_HOST_ADDRESS }}:8774/v2/%(tenant_id)s' + region: 'regionOne' + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - name: Create postgresql user for nova + postgresql_user: + name: "{{ NOVA_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + password: "{{ NOVA_DB_PASSWORD }}" + sudo: yes + sudo_user: nova + + - name: Create database for nova services + postgresql_db: + name: nova + owner: "{{ NOVA_DB_USER }}" + login_host: "{{ CONTROLLER_HOST_ADDRESS }}" + sudo: yes + sudo_user: nova + + - name: Initiate nova database + nova_manage: + action: dbsync + sudo: yes + sudo_user: nova diff --git a/openstack/usr/share/openstack/nova/api-paste.ini b/openstack/usr/share/openstack/nova/api-paste.ini new file mode 100644 index 00000000..2a825a5b --- /dev/null +++ b/openstack/usr/share/openstack/nova/api-paste.ini @@ -0,0 +1,118 @@ +############ +# Metadata # +############ +[composite:metadata] +use = egg:Paste#urlmap +/: meta + +[pipeline:meta] +pipeline = ec2faultwrap logrequest metaapp + +[app:metaapp] +paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory + +####### +# EC2 # +####### + +[composite:ec2] +use = egg:Paste#urlmap +/services/Cloud: ec2cloud + +[composite:ec2cloud] +use = call:nova.api.auth:pipeline_factory +noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor +keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor + +[filter:ec2faultwrap] +paste.filter_factory = nova.api.ec2:FaultWrapper.factory + +[filter:logrequest] +paste.filter_factory = nova.api.ec2:RequestLogging.factory + +[filter:ec2lockout] +paste.filter_factory = nova.api.ec2:Lockout.factory + +[filter:ec2keystoneauth] +paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory + +[filter:ec2noauth] +paste.filter_factory = nova.api.ec2:NoAuth.factory + +[filter:cloudrequest] +controller = nova.api.ec2.cloud.CloudController +paste.filter_factory = nova.api.ec2:Requestify.factory + +[filter:authorizer] +paste.filter_factory = nova.api.ec2:Authorizer.factory + +[filter:validator] +paste.filter_factory = nova.api.ec2:Validator.factory + +[app:ec2executor] +paste.app_factory = nova.api.ec2:Executor.factory + +############# +# OpenStack # +############# + +[composite:osapi_compute] +use = call:nova.api.openstack.urlmap:urlmap_factory +/: oscomputeversions +/v1.1: openstack_compute_api_v2 +/v2: openstack_compute_api_v2 +/v3: openstack_compute_api_v3 + +[composite:openstack_compute_api_v2] +use = call:nova.api.auth:pipeline_factory +noauth = compute_req_id faultwrap sizelimit noauth ratelimit osapi_compute_app_v2 +keystone = compute_req_id faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2 +keystone_nolimit = compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2 + +[composite:openstack_compute_api_v3] +use = call:nova.api.auth:pipeline_factory_v3 +noauth = request_id faultwrap sizelimit noauth_v3 osapi_compute_app_v3 +keystone = request_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v3 + +[filter:request_id] +paste.filter_factory = nova.openstack.common.middleware.request_id:RequestIdMiddleware.factory + +[filter:compute_req_id] +paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory + +[filter:faultwrap] +paste.filter_factory = nova.api.openstack:FaultWrapper.factory + +[filter:noauth] +paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory + +[filter:noauth_v3] +paste.filter_factory = nova.api.openstack.auth:NoAuthMiddlewareV3.factory + +[filter:ratelimit] +paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = nova.api.sizelimit:RequestBodySizeLimiter.factory + +[app:osapi_compute_app_v2] +paste.app_factory = nova.api.openstack.compute:APIRouter.factory + +[app:osapi_compute_app_v3] +paste.app_factory = nova.api.openstack.compute:APIRouterV3.factory + +[pipeline:oscomputeversions] +pipeline = faultwrap oscomputeversionapp + +[app:oscomputeversionapp] +paste.app_factory = nova.api.openstack.compute.versions:Versions.factory + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/openstack/usr/share/openstack/nova/cells.json b/openstack/usr/share/openstack/nova/cells.json new file mode 100644 index 00000000..cc74930d --- /dev/null +++ b/openstack/usr/share/openstack/nova/cells.json @@ -0,0 +1,26 @@ +{ + "parent": { + "name": "parent", + "api_url": "http://api.example.com:8774", + "transport_url": "rabbit://rabbit.example.com", + "weight_offset": 0.0, + "weight_scale": 1.0, + "is_parent": true + }, + "cell1": { + "name": "cell1", + "api_url": "http://api.example.com:8774", + "transport_url": "rabbit://rabbit1.example.com", + "weight_offset": 0.0, + "weight_scale": 1.0, + "is_parent": false + }, + "cell2": { + "name": "cell2", + "api_url": "http://api.example.com:8774", + "transport_url": "rabbit://rabbit2.example.com", + "weight_offset": 0.0, + "weight_scale": 1.0, + "is_parent": false + } +} diff --git a/openstack/usr/share/openstack/nova/logging.conf b/openstack/usr/share/openstack/nova/logging.conf new file mode 100644 index 00000000..5482a040 --- /dev/null +++ b/openstack/usr/share/openstack/nova/logging.conf @@ -0,0 +1,81 @@ +[loggers] +keys = root, nova + +[handlers] +keys = stderr, stdout, watchedfile, syslog, null + +[formatters] +keys = context, default + +[logger_root] +level = WARNING +handlers = null + +[logger_nova] +level = INFO +handlers = stderr +qualname = nova + +[logger_amqp] +level = WARNING +handlers = stderr +qualname = amqp + +[logger_amqplib] +level = WARNING +handlers = stderr +qualname = amqplib + +[logger_sqlalchemy] +level = WARNING +handlers = stderr +qualname = sqlalchemy +# "level = INFO" logs SQL queries. +# "level = DEBUG" logs SQL queries and results. +# "level = WARNING" logs neither. (Recommended for production systems.) + +[logger_boto] +level = WARNING +handlers = stderr +qualname = boto + +[logger_suds] +level = INFO +handlers = stderr +qualname = suds + +[logger_eventletwsgi] +level = WARNING +handlers = stderr +qualname = eventlet.wsgi.server + +[handler_stderr] +class = StreamHandler +args = (sys.stderr,) +formatter = context + +[handler_stdout] +class = StreamHandler +args = (sys.stdout,) +formatter = context + +[handler_watchedfile] +class = handlers.WatchedFileHandler +args = ('nova.log',) +formatter = context + +[handler_syslog] +class = handlers.SysLogHandler +args = ('/dev/log', handlers.SysLogHandler.LOG_USER) +formatter = context + +[handler_null] +class = nova.openstack.common.log.NullHandler +formatter = default +args = () + +[formatter_context] +class = nova.openstack.common.log.ContextFormatter + +[formatter_default] +format = %(message)s diff --git a/openstack/usr/share/openstack/nova/nova-compute.conf b/openstack/usr/share/openstack/nova/nova-compute.conf new file mode 100644 index 00000000..8d186211 --- /dev/null +++ b/openstack/usr/share/openstack/nova/nova-compute.conf @@ -0,0 +1,4 @@ +[DEFAULT] +compute_driver={{ COMPUTE_DRIVER }} +[libvirt] +virt_type={{ NOVA_VIRT_TYPE }} diff --git a/openstack/usr/share/openstack/nova/nova.conf b/openstack/usr/share/openstack/nova/nova.conf new file mode 100644 index 00000000..43343cdd --- /dev/null +++ b/openstack/usr/share/openstack/nova/nova.conf @@ -0,0 +1,3809 @@ +[DEFAULT] + +# +# Options defined in oslo.messaging +# + +# Use durable queues in amqp. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in amqp. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The number of prefetched messages held by receiver. (integer +# value) +#qpid_receiver_capacity=1 + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + +# SSL version to use (valid only if SSL enabled). valid values +# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some +# distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +rabbit_host={{ RABBITMQ_HOST }} + +# The RabbitMQ broker port where a single node is used. +# (integer value) +rabbit_port={{ RABBITMQ_PORT }} + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +rabbit_userid={{ RABBITMQ_USER }} + +# The RabbitMQ password. (string value) +rabbit_password={{ RABBITMQ_PASSWORD }} + +# the RabbitMQ login method (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# If passed, use a fake RabbitMQ provider. (boolean value) +#fake_rabbit=false + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve +# to this address. (string value) +#rpc_zmq_bind_address=* + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port=9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts=1 + +# Maximum number of ingress messages to locally buffer per +# topic. Default is unlimited. (integer value) +#rpc_zmq_topic_backlog=<None> + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir=/var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP +# address. Must match "host" option, if running Nova. (string +# value) +#rpc_zmq_host=nova + +# Seconds to wait before a cast expires (TTL). Only supported +# by impl_zmq. (integer value) +#rpc_cast_timeout=30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq=300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl=600 + +# Size of RPC greenthread pool. (integer value) +#rpc_thread_pool_size=64 + +# Driver or drivers to handle sending notifications. (multi +# valued) +notification_driver=messagingv2 + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +#notification_topics=notifications + +# Seconds to wait for a response from a call. (integer value) +#rpc_response_timeout=60 + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend +# option and driver specific configuration. (string value) +#transport_url=<None> + +# The messaging driver to use, defaults to rabbit. Other +# drivers include qpid and zmq. (string value) +rpc_backend=rabbit + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the +# transport_url option. (string value) +#control_exchange=openstack + + +# +# Options defined in nova.availability_zones +# + +# The availability_zone to show internal services under +# (string value) +#internal_service_availability_zone=internal + +# Default compute node availability_zone (string value) +#default_availability_zone=nova + + +# +# Options defined in nova.crypto +# + +# Filename of root CA (string value) +#ca_file=cacert.pem + +# Filename of private key (string value) +#key_file=private/cakey.pem + +# Filename of root Certificate Revocation List (string value) +#crl_file=crl.pem + +# Where we keep our keys (string value) +#keys_path=$state_path/keys + +# Where we keep our root CA (string value) +#ca_path=$state_path/CA + +# Should we use a CA for each project? (boolean value) +#use_project_ca=false + +# Subject for certificate for users, %s for project, user, +# timestamp (string value) +#user_cert_subject=/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=%.16s-%.16s-%s + +# Subject for certificate for projects, %s for project, +# timestamp (string value) +#project_cert_subject=/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=project-ca-%.16s-%s + + +# +# Options defined in nova.exception +# + +# Make exception message format errors fatal (boolean value) +#fatal_exception_format_errors=false + + +# +# Options defined in nova.netconf +# + +# IP address of this host (string value) +my_ip={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# Name of this node. This can be an opaque identifier. It is +# not necessarily a hostname, FQDN, or IP address. However, +# the node name must be valid within an AMQP key, and if using +# ZeroMQ, a valid hostname, FQDN, or IP address (string value) +#host=nova + +# Use IPv6 (boolean value) +#use_ipv6=false + + +# +# Options defined in nova.notifications +# + +# If set, send compute.instance.update notifications on +# instance state changes. Valid values are None for no +# notifications, "vm_state" for notifications on VM state +# changes, or "vm_and_task_state" for notifications on VM and +# task state changes. (string value) +notify_on_state_change=vm_and_task_state + +# If set, send api.fault notifications on caught exceptions in +# the API service. (boolean value) +#notify_api_faults=false + +# Default notification level for outgoing notifications +# (string value) +#default_notification_level=INFO + +# Default publisher_id for outgoing notifications (string +# value) +#default_publisher_id=<None> + + +# +# Options defined in nova.paths +# + +# Directory where the nova python module is installed (string +# value) +#pybasedir=/usr/lib/python/site-packages + +# Directory where nova binaries are installed (string value) +#bindir=/usr/local/bin + +# Top-level directory for maintaining nova's state (string +# value) +state_path=/var/lib/nova + + +# +# Options defined in nova.quota +# + +# Number of instances allowed per project (integer value) +#quota_instances=10 + +# Number of instance cores allowed per project (integer value) +#quota_cores=20 + +# Megabytes of instance RAM allowed per project (integer +# value) +#quota_ram=51200 + +# Number of floating IPs allowed per project (integer value) +#quota_floating_ips=10 + +# Number of fixed IPs allowed per project (this should be at +# least the number of instances allowed) (integer value) +#quota_fixed_ips=-1 + +# Number of metadata items allowed per instance (integer +# value) +#quota_metadata_items=128 + +# Number of injected files allowed (integer value) +#quota_injected_files=5 + +# Number of bytes allowed per injected file (integer value) +#quota_injected_file_content_bytes=10240 + +# Length of injected file path (integer value) +# Deprecated group/name - [DEFAULT]/quota_injected_file_path_bytes +#quota_injected_file_path_length=255 + +# Number of security groups per project (integer value) +#quota_security_groups=10 + +# Number of security rules per security group (integer value) +#quota_security_group_rules=20 + +# Number of key pairs per user (integer value) +#quota_key_pairs=100 + +# Number of server groups per project (integer value) +#quota_server_groups=10 + +# Number of servers per server group (integer value) +#quota_server_group_members=10 + +# Number of seconds until a reservation expires (integer +# value) +#reservation_expire=86400 + +# Count of reservations until usage is refreshed (integer +# value) +#until_refresh=0 + +# Number of seconds between subsequent usage refreshes +# (integer value) +#max_age=0 + +# Default driver to use for quota checks (string value) +#quota_driver=nova.quota.DbQuotaDriver + + +# +# Options defined in nova.service +# + +# Seconds between nodes reporting state to datastore (integer +# value) +#report_interval=10 + +# Enable periodic tasks (boolean value) +#periodic_enable=true + +# Range of seconds to randomly delay when starting the +# periodic task scheduler to reduce stampeding. (Disable by +# setting to 0) (integer value) +#periodic_fuzzy_delay=60 + +# A list of APIs to enable by default (list value) +enabled_apis=ec2,osapi_compute,metadata + +# A list of APIs with enabled SSL (list value) +#enabled_ssl_apis= + +# The IP address on which the EC2 API will listen. (string +# value) +#ec2_listen=0.0.0.0 + +# The port on which the EC2 API will listen. (integer value) +#ec2_listen_port=8773 + +# Number of workers for EC2 API service. The default will be +# equal to the number of CPUs available. (integer value) +#ec2_workers=<None> + +# The IP address on which the OpenStack API will listen. +# (string value) +#osapi_compute_listen=0.0.0.0 + +# The port on which the OpenStack API will listen. (integer +# value) +#osapi_compute_listen_port=8774 + +# Number of workers for OpenStack API service. The default +# will be the number of CPUs available. (integer value) +#osapi_compute_workers=<None> + +# OpenStack metadata service manager (string value) +#metadata_manager=nova.api.manager.MetadataManager + +# The IP address on which the metadata API will listen. +# (string value) +#metadata_listen=0.0.0.0 + +# The port on which the metadata API will listen. (integer +# value) +#metadata_listen_port=8775 + +# Number of workers for metadata service. The default will be +# the number of CPUs available. (integer value) +#metadata_workers=<None> + +# Full class name for the Manager for compute (string value) +compute_manager={{ COMPUTE_MANAGER }} + +# Full class name for the Manager for console proxy (string +# value) +#console_manager=nova.console.manager.ConsoleProxyManager + +# Manager for console auth (string value) +#consoleauth_manager=nova.consoleauth.manager.ConsoleAuthManager + +# Full class name for the Manager for cert (string value) +#cert_manager=nova.cert.manager.CertManager + +# Full class name for the Manager for network (string value) +#network_manager=nova.network.manager.VlanManager + +# Full class name for the Manager for scheduler (string value) +#scheduler_manager=nova.scheduler.manager.SchedulerManager + +# Maximum time since last check-in for up service (integer +# value) +#service_down_time=60 + + +# +# Options defined in nova.test +# + +# File name of clean sqlite db (string value) +#sqlite_clean_db=clean.sqlite + + +# +# Options defined in nova.utils +# + +# Whether to log monkey patching (boolean value) +#monkey_patch=false + +# List of modules/decorators to monkey patch (list value) +#monkey_patch_modules=nova.api.ec2.cloud:nova.notifications.notify_decorator,nova.compute.api:nova.notifications.notify_decorator + +# Length of generated instance admin passwords (integer value) +#password_length=12 + +# Time period to generate instance usages for. Time period +# must be hour, day, month or year (string value) +instance_usage_audit_period=hour + +# Path to the rootwrap configuration file to use for running +# commands as root (string value) +rootwrap_config=/etc/nova/rootwrap.conf + +# Explicitly specify the temporary working directory (string +# value) +#tempdir=<None> + + +# +# Options defined in nova.wsgi +# + +# File name for the paste.deploy config for nova-api (string +# value) +api_paste_config=api-paste.ini + +# A python format string that is used as the template to +# generate log lines. The following values can be formatted +# into it: client_ip, date_time, request_line, status_code, +# body_length, wall_seconds. (string value) +#wsgi_log_format=%(client_ip)s "%(request_line)s" status: %(status_code)s len: %(body_length)s time: %(wall_seconds).7f + +# CA certificate file to use to verify connecting clients +# (string value) +#ssl_ca_file=<None> + +# SSL certificate of API server (string value) +#ssl_cert_file=<None> + +# SSL private key of API server (string value) +#ssl_key_file=<None> + +# Sets the value of TCP_KEEPIDLE in seconds for each server +# socket. Not supported on OS X. (integer value) +#tcp_keepidle=600 + +# Size of the pool of greenthreads used by wsgi (integer +# value) +#wsgi_default_pool_size=1000 + +# Maximum line size of message headers to be accepted. +# max_header_line may need to be increased when using large +# tokens (typically those generated by the Keystone v3 API +# with big service catalogs). (integer value) +#max_header_line=16384 + + +# +# Options defined in nova.api.auth +# + +# Whether to use per-user rate limiting for the api. This +# option is only used by v2 api. Rate limiting is removed from +# v3 api. (boolean value) +#api_rate_limit=false + +# The strategy to use for auth: noauth or keystone. (string +# value) +auth_strategy=keystone + +# Treat X-Forwarded-For as the canonical remote address. Only +# enable this if you have a sanitizing proxy. (boolean value) +#use_forwarded_for=false + + +# +# Options defined in nova.api.ec2 +# + +# Number of failed auths before lockout. (integer value) +#lockout_attempts=5 + +# Number of minutes to lockout if triggered. (integer value) +#lockout_minutes=15 + +# Number of minutes for lockout window. (integer value) +#lockout_window=15 + +# URL to get token from ec2 request. (string value) +#keystone_ec2_url=http://localhost:5000/v2.0/ec2tokens + +# Return the IP address as private dns hostname in describe +# instances (boolean value) +#ec2_private_dns_show_ip=false + +# Validate security group names according to EC2 specification +# (boolean value) +#ec2_strict_validation=true + +# Time in seconds before ec2 timestamp expires (integer value) +#ec2_timestamp_expiry=300 + + +# +# Options defined in nova.api.ec2.cloud +# + +# The IP address of the EC2 API server (string value) +#ec2_host=$my_ip + +# The internal IP address of the EC2 API server (string value) +#ec2_dmz_host=$my_ip + +# The port of the EC2 API server (integer value) +#ec2_port=8773 + +# The protocol to use when connecting to the EC2 API server +# (http, https) (string value) +#ec2_scheme=http + +# The path prefix used to call the ec2 API server (string +# value) +#ec2_path=/services/Cloud + +# List of region=fqdn pairs separated by commas (list value) +#region_list= + + +# +# Options defined in nova.api.metadata.base +# + +# List of metadata versions to skip placing into the config +# drive (string value) +#config_drive_skip_versions=1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 + +# Driver to use for vendor data (string value) +#vendordata_driver=nova.api.metadata.vendordata_json.JsonFileVendorData + + +# +# Options defined in nova.api.metadata.vendordata_json +# + +# File to load JSON formatted vendor data from (string value) +#vendordata_jsonfile_path=<None> + + +# +# Options defined in nova.api.openstack.common +# + +# The maximum number of items returned in a single response +# from a collection resource (integer value) +#osapi_max_limit=1000 + +# Base URL that will be presented to users in links to the +# OpenStack Compute API (string value) +#osapi_compute_link_prefix=<None> + +# Base URL that will be presented to users in links to glance +# resources (string value) +#osapi_glance_link_prefix=<None> + + +# +# Options defined in nova.api.openstack.compute +# + +# Permit instance snapshot operations. (boolean value) +#allow_instance_snapshots=true + + +# +# Options defined in nova.api.openstack.compute.contrib +# + +# Specify list of extensions to load when using +# osapi_compute_extension option with +# nova.api.openstack.compute.contrib.select_extensions (list +# value) +osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions + + +# +# Options defined in nova.api.openstack.compute.contrib.fping +# + +# Full path to fping. (string value) +#fping_path=/usr/sbin/fping + + +# +# Options defined in nova.api.openstack.compute.contrib.os_tenant_networks +# + +# Enables or disables quota checking for tenant networks +# (boolean value) +#enable_network_quota=false + +# Control for checking for default networks (string value) +#use_neutron_default_nets=False + +# Default tenant id when creating neutron networks (string +# value) +#neutron_default_tenant_id=default + + +# +# Options defined in nova.api.openstack.compute.extensions +# + +# osapi compute extension to load (multi valued) +#osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions + + +# +# Options defined in nova.api.openstack.compute.plugins.v3.hide_server_addresses +# + +# List of instance states that should hide network info (list +# value) +#osapi_hide_server_address_states=building + + +# +# Options defined in nova.api.openstack.compute.servers +# + +# Enables returning of the instance password by the relevant +# server API calls such as create, rebuild or rescue, If the +# hypervisor does not support password injection then the +# password returned will not be correct (boolean value) +#enable_instance_password=true + + +# +# Options defined in nova.api.sizelimit +# + +# The maximum body size per each osapi request(bytes) (integer +# value) +#osapi_max_request_body_size=114688 + + +# +# Options defined in nova.cert.rpcapi +# + +# The topic cert nodes listen on (string value) +#cert_topic=cert + + +# +# Options defined in nova.cloudpipe.pipelib +# + +# Image ID used when starting up a cloudpipe vpn server +# (string value) +#vpn_image_id=0 + +# Flavor for vpn instances (string value) +#vpn_flavor=m1.tiny + +# Template for cloudpipe instance boot script (string value) +#boot_script_template=$pybasedir/nova/cloudpipe/bootscript.template + +# Network to push into openvpn config (string value) +#dmz_net=10.0.0.0 + +# Netmask to push into openvpn config (string value) +#dmz_mask=255.255.255.0 + +# Suffix to add to project name for vpn key and secgroups +# (string value) +#vpn_key_suffix=-vpn + + +# +# Options defined in nova.cmd.novnc +# + +# Record sessions to FILE.[session_number] (boolean value) +#record=false + +# Become a daemon (background process) (boolean value) +#daemon=false + +# Disallow non-encrypted connections (boolean value) +#ssl_only=false + +# Source is ipv6 (boolean value) +#source_is_ipv6=false + +# SSL certificate file (string value) +#cert=self.pem + +# SSL key file (if separate from cert) (string value) +#key=<None> + +# Run webserver on same port. Serve files from DIR. (string +# value) +#web=/usr/share/spice-html5 + + +# +# Options defined in nova.cmd.novncproxy +# + +# Host on which to listen for incoming requests (string value) +#novncproxy_host=0.0.0.0 + +# Port on which to listen for incoming requests (integer +# value) +#novncproxy_port=6080 + + +# +# Options defined in nova.compute.api +# + +# Allow destination machine to match source for resize. Useful +# when testing in single-host environments. (boolean value) +#allow_resize_to_same_host=false + +# Allow migrate machine to the same host. Useful when testing +# in single-host environments. (boolean value) +#allow_migrate_to_same_host=false + +# Availability zone to use when user doesn't specify one +# (string value) +#default_schedule_zone=<None> + +# These are image properties which a snapshot should not +# inherit from an instance (list value) +#non_inheritable_image_properties=cache_in_nova,bittorrent + +# Kernel image that indicates not to use a kernel, but to use +# a raw disk image instead (string value) +#null_kernel=nokernel + +# When creating multiple instances with a single request using +# the os-multiple-create API extension, this template will be +# used to build the display name for each instance. The +# benefit is that the instances end up with different +# hostnames. To restore legacy behavior of every instance +# having the same name, set this option to "%(name)s". Valid +# keys for the template are: name, uuid, count. (string value) +#multi_instance_display_name_template=%(name)s-%(uuid)s + +# Maximum number of devices that will result in a local image +# being created on the hypervisor node. Setting this to 0 +# means nova will allow only boot from volume. A negative +# number means unlimited. (integer value) +#max_local_block_devices=3 + + +# +# Options defined in nova.compute.flavors +# + +# Default flavor to use for the EC2 API only. The Nova API +# does not support a default flavor. (string value) +#default_flavor=m1.small + + +# +# Options defined in nova.compute.manager +# + +# Console proxy host to use to connect to instances on this +# host. (string value) +#console_host=nova + +# Name of network to use to set access IPs for instances +# (string value) +#default_access_ip_network_name=<None> + +# Whether to batch up the application of IPTables rules during +# a host restart and apply all at the end of the init phase +# (boolean value) +#defer_iptables_apply=false + +# Where instances are stored on disk (string value) +#instances_path=$state_path/instances + +# Generate periodic compute.instance.exists notifications +# (boolean value) +instance_usage_audit=True + +# Number of 1 second retries needed in live_migration (integer +# value) +#live_migration_retry_count=30 + +# Whether to start guests that were running before the host +# rebooted (boolean value) +#resume_guests_state_on_host_boot=false + +# Number of times to retry network allocation on failures +# (integer value) +#network_allocate_retries=0 + +# Number of times to retry block device allocation on failures +# (integer value) +#block_device_allocate_retries=60 + +# The number of times to attempt to reap an instance's files. +# (integer value) +#maximum_instance_delete_attempts=5 + +# Interval to pull network bandwidth usage info. Not supported +# on all hypervisors. Set to -1 to disable. Setting this to 0 +# will disable, but this will change in the K release to mean +# "run at the default rate". (integer value) +#bandwidth_poll_interval=600 + +# Interval to sync power states between the database and the +# hypervisor. Set to -1 to disable. Setting this to 0 will +# disable, but this will change in Juno to mean "run at the +# default rate". (integer value) +#sync_power_state_interval=600 + +# Number of seconds between instance info_cache self healing +# updates (integer value) +#heal_instance_info_cache_interval=60 + +# Interval in seconds for reclaiming deleted instances +# (integer value) +#reclaim_instance_interval=0 + +# Interval in seconds for gathering volume usages (integer +# value) +#volume_usage_poll_interval=0 + +# Interval in seconds for polling shelved instances to +# offload. Set to -1 to disable.Setting this to 0 will +# disable, but this will change in Juno to mean "run at the +# default rate". (integer value) +#shelved_poll_interval=3600 + +# Time in seconds before a shelved instance is eligible for +# removing from a host. -1 never offload, 0 offload when +# shelved (integer value) +#shelved_offload_time=0 + +# Interval in seconds for retrying failed instance file +# deletes (integer value) +#instance_delete_interval=300 + +# Waiting time interval (seconds) between block device +# allocation retries on failures (integer value) +#block_device_allocate_retries_interval=3 + +# Action to take if a running deleted instance is +# detected.Valid options are 'noop', 'log', 'shutdown', or +# 'reap'. Set to 'noop' to take no action. (string value) +#running_deleted_instance_action=reap + +# Number of seconds to wait between runs of the cleanup task. +# (integer value) +#running_deleted_instance_poll_interval=1800 + +# Number of seconds after being deleted when a running +# instance should be considered eligible for cleanup. (integer +# value) +#running_deleted_instance_timeout=0 + +# Automatically hard reboot an instance if it has been stuck +# in a rebooting state longer than N seconds. Set to 0 to +# disable. (integer value) +#reboot_timeout=0 + +# Amount of time in seconds an instance can be in BUILD before +# going into ERROR status.Set to 0 to disable. (integer value) +#instance_build_timeout=0 + +# Automatically unrescue an instance after N seconds. Set to 0 +# to disable. (integer value) +#rescue_timeout=0 + +# Automatically confirm resizes after N seconds. Set to 0 to +# disable. (integer value) +#resize_confirm_window=0 + +# Total amount of time to wait in seconds for an instance to +# perform a clean shutdown. (integer value) +#shutdown_timeout=60 + + +# +# Options defined in nova.compute.monitors +# + +# Monitor classes available to the compute which may be +# specified more than once. (multi valued) +#compute_available_monitors=nova.compute.monitors.all_monitors + +# A list of monitors that can be used for getting compute +# metrics. (list value) +#compute_monitors= + + +# +# Options defined in nova.compute.resource_tracker +# + +# Amount of disk in MB to reserve for the host (integer value) +#reserved_host_disk_mb=0 + +# Amount of memory in MB to reserve for the host (integer +# value) +reserved_host_memory_mb={{ RESERVED_HOST_MEMORY_MB }} + +# Class that will manage stats for the local compute host +# (string value) +#compute_stats_class=nova.compute.stats.Stats + +# The names of the extra resources to track. (list value) +#compute_resources=vcpu + + +# +# Options defined in nova.compute.rpcapi +# + +# The topic compute nodes listen on (string value) +#compute_topic=compute + + +# +# Options defined in nova.conductor.tasks.live_migrate +# + +# Number of times to retry live-migration before failing. If +# == -1, try until out of hosts. If == 0, only try once, no +# retries. (integer value) +#migrate_max_retries=-1 + + +# +# Options defined in nova.console.manager +# + +# Driver to use for the console proxy (string value) +#console_driver=nova.console.xvp.XVPConsoleProxy + +# Stub calls to compute worker for tests (boolean value) +#stub_compute=false + +# Publicly visible name for this console host (string value) +#console_public_hostname=nova + + +# +# Options defined in nova.console.rpcapi +# + +# The topic console proxy nodes listen on (string value) +#console_topic=console + + +# +# Options defined in nova.console.vmrc +# + +# DEPRECATED. Port for VMware VMRC connections (integer value) +#console_vmrc_port=443 + +# DEPRECATED. Number of retries for retrieving VMRC +# information (integer value) +#console_vmrc_error_retries=10 + + +# +# Options defined in nova.console.xvp +# + +# XVP conf template (string value) +#console_xvp_conf_template=$pybasedir/nova/console/xvp.conf.template + +# Generated XVP conf file (string value) +#console_xvp_conf=/etc/xvp.conf + +# XVP master process pid file (string value) +#console_xvp_pid=/var/run/xvp.pid + +# XVP log file (string value) +#console_xvp_log=/var/log/xvp.log + +# Port for XVP to multiplex VNC connections on (integer value) +#console_xvp_multiplex_port=5900 + + +# +# Options defined in nova.consoleauth +# + +# The topic console auth proxy nodes listen on (string value) +#consoleauth_topic=consoleauth + + +# +# Options defined in nova.consoleauth.manager +# + +# How many seconds before deleting tokens (integer value) +#console_token_ttl=600 + + +# +# Options defined in nova.db.api +# + +# Services to be added to the available pool on create +# (boolean value) +#enable_new_services=true + +# Template string to be used to generate instance names +# (string value) +instance_name_template=instance-%08x + +# Template string to be used to generate snapshot names +# (string value) +snapshot_name_template=snapshot-%s + + +# +# Options defined in nova.db.base +# + +# The driver to use for database access (string value) +#db_driver=nova.db + + +# +# Options defined in nova.db.sqlalchemy.api +# + +# When set, compute API will consider duplicate hostnames +# invalid within the specified scope, regardless of case. +# Should be empty, "project" or "global". (string value) +#osapi_compute_unique_server_name_scope= + + +# +# Options defined in nova.image.s3 +# + +# Parent directory for tempdir used for image decryption +# (string value) +#image_decryption_dir=/tmp + +# Hostname or IP for OpenStack to use when accessing the S3 +# api (string value) +#s3_host=$my_ip + +# Port used when accessing the S3 api (integer value) +#s3_port=3333 + +# Access key to use for S3 server for images (string value) +#s3_access_key=notchecked + +# Secret key to use for S3 server for images (string value) +#s3_secret_key=notchecked + +# Whether to use SSL when talking to S3 (boolean value) +#s3_use_ssl=false + +# Whether to affix the tenant id to the access key when +# downloading from S3 (boolean value) +#s3_affix_tenant=false + + +# +# Options defined in nova.ipv6.api +# + +# Backend to use for IPv6 generation (string value) +#ipv6_backend=rfc2462 + + +# +# Options defined in nova.network +# + +# The full class name of the network API class to use (string +# value) +network_api_class=nova.network.neutronv2.api.API + + +# +# Options defined in nova.network.driver +# + +# Driver to use for network creation (string value) +#network_driver=nova.network.linux_net + + +# +# Options defined in nova.network.floating_ips +# + +# Default pool for floating IPs (string value) +#default_floating_pool=nova + +# Autoassigning floating IP to VM (boolean value) +#auto_assign_floating_ip=false + +# Full class name for the DNS Manager for floating IPs (string +# value) +#floating_ip_dns_manager=nova.network.noop_dns_driver.NoopDNSDriver + +# Full class name for the DNS Manager for instance IPs (string +# value) +#instance_dns_manager=nova.network.noop_dns_driver.NoopDNSDriver + +# Full class name for the DNS Zone for instance IPs (string +# value) +#instance_dns_domain= + + +# +# Options defined in nova.network.ldapdns +# + +# URL for LDAP server which will store DNS entries (string +# value) +#ldap_dns_url=ldap://ldap.example.com:389 + +# User for LDAP DNS (string value) +#ldap_dns_user=uid=admin,ou=people,dc=example,dc=org + +# Password for LDAP DNS (string value) +#ldap_dns_password=password + +# Hostmaster for LDAP DNS driver Statement of Authority +# (string value) +#ldap_dns_soa_hostmaster=hostmaster@example.org + +# DNS Servers for LDAP DNS driver (multi valued) +#ldap_dns_servers=dns.example.org + +# Base DN for DNS entries in LDAP (string value) +#ldap_dns_base_dn=ou=hosts,dc=example,dc=org + +# Refresh interval (in seconds) for LDAP DNS driver Statement +# of Authority (string value) +#ldap_dns_soa_refresh=1800 + +# Retry interval (in seconds) for LDAP DNS driver Statement of +# Authority (string value) +#ldap_dns_soa_retry=3600 + +# Expiry interval (in seconds) for LDAP DNS driver Statement +# of Authority (string value) +#ldap_dns_soa_expiry=86400 + +# Minimum interval (in seconds) for LDAP DNS driver Statement +# of Authority (string value) +#ldap_dns_soa_minimum=7200 + + +# +# Options defined in nova.network.linux_net +# + +# Location of flagfiles for dhcpbridge (multi valued) +#dhcpbridge_flagfile=/etc/nova/nova-dhcpbridge.conf + +# Location to keep network config files (string value) +#networks_path=$state_path/networks + +# Interface for public IP addresses (string value) +#public_interface=eth0 + +# Location of nova-dhcpbridge (string value) +#dhcpbridge=$bindir/nova-dhcpbridge + +# Public IP of network host (string value) +#routing_source_ip=$my_ip + +# Lifetime of a DHCP lease in seconds (integer value) +#dhcp_lease_time=86400 + +# If set, uses specific DNS server for dnsmasq. Can be +# specified multiple times. (multi valued) +#dns_server= + +# If set, uses the dns1 and dns2 from the network ref. as dns +# servers. (boolean value) +#use_network_dns_servers=false + +# A list of dmz range that should be accepted (list value) +#dmz_cidr= + +# Traffic to this range will always be snatted to the fallback +# ip, even if it would normally be bridged out of the node. +# Can be specified multiple times. (multi valued) +#force_snat_range= + +# Override the default dnsmasq settings with this file (string +# value) +#dnsmasq_config_file= + +# Driver used to create ethernet devices. (string value) +linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver + +# Name of Open vSwitch bridge used with linuxnet (string +# value) +#linuxnet_ovs_integration_bridge=br-int + +# Send gratuitous ARPs for HA setup (boolean value) +#send_arp_for_ha=false + +# Send this many gratuitous ARPs for HA setup (integer value) +#send_arp_for_ha_count=3 + +# Use single default gateway. Only first nic of vm will get +# default gateway from dhcp server (boolean value) +#use_single_default_gateway=false + +# An interface that bridges can forward to. If this is set to +# all then all traffic will be forwarded. Can be specified +# multiple times. (multi valued) +#forward_bridge_interface=all + +# The IP address for the metadata API server (string value) +#metadata_host=$my_ip + +# The port for the metadata API port (integer value) +#metadata_port=8775 + +# Regular expression to match iptables rule that should always +# be on the top. (string value) +#iptables_top_regex= + +# Regular expression to match iptables rule that should always +# be on the bottom. (string value) +#iptables_bottom_regex= + +# The table that iptables to jump to when a packet is to be +# dropped. (string value) +#iptables_drop_action=DROP + +# Amount of time, in seconds, that ovs_vsctl should wait for a +# response from the database. 0 is to wait forever. (integer +# value) +#ovs_vsctl_timeout=120 + +# If passed, use fake network devices and addresses (boolean +# value) +#fake_network=false + + +# +# Options defined in nova.network.manager +# + +# Bridge for simple network instances (string value) +#flat_network_bridge=<None> + +# DNS server for simple network (string value) +#flat_network_dns=8.8.4.4 + +# Whether to attempt to inject network setup into guest +# (boolean value) +#flat_injected=false + +# FlatDhcp will bridge into this interface if set (string +# value) +#flat_interface=<None> + +# First VLAN for private networks (integer value) +#vlan_start=100 + +# VLANs will bridge into this interface if set (string value) +#vlan_interface=<None> + +# Number of networks to support (integer value) +#num_networks=1 + +# Public IP for the cloudpipe VPN servers (string value) +#vpn_ip=$my_ip + +# First Vpn port for private networks (integer value) +#vpn_start=1000 + +# Number of addresses in each private subnet (integer value) +#network_size=256 + +# Fixed IPv6 address block (string value) +#fixed_range_v6=fd00::/48 + +# Default IPv4 gateway (string value) +#gateway=<None> + +# Default IPv6 gateway (string value) +#gateway_v6=<None> + +# Number of addresses reserved for vpn clients (integer value) +#cnt_vpn_clients=0 + +# Seconds after which a deallocated IP is disassociated +# (integer value) +#fixed_ip_disassociate_timeout=600 + +# Number of attempts to create unique mac address (integer +# value) +#create_unique_mac_address_attempts=5 + +# If True, skip using the queue and make local calls (boolean +# value) +#fake_call=false + +# If True, unused gateway devices (VLAN and bridge) are +# deleted in VLAN network mode with multi hosted networks +# (boolean value) +#teardown_unused_network_gateway=false + +# If True, send a dhcp release on instance termination +# (boolean value) +#force_dhcp_release=true + +# If True, when a DNS entry must be updated, it sends a fanout +# cast to all network hosts to update their DNS entries in +# multi host mode (boolean value) +#update_dns_entries=false + +# Number of seconds to wait between runs of updates to DNS +# entries. (integer value) +#dns_update_periodic_interval=-1 + +# Domain to use for building the hostnames (string value) +#dhcp_domain=novalocal + +# Indicates underlying L3 management library (string value) +#l3_lib=nova.network.l3.LinuxNetL3 + + +# +# Options defined in nova.network.rpcapi +# + +# The topic network nodes listen on (string value) +#network_topic=network + +# Default value for multi_host in networks. Also, if set, some +# rpc network calls will be sent directly to host. (boolean +# value) +#multi_host=false + + +# +# Options defined in nova.network.security_group.openstack_driver +# + +# The full class name of the security API class (string value) +security_group_api=neutron + + +# +# Options defined in nova.objects.network +# + +# DEPRECATED: THIS VALUE SHOULD BE SET WHEN CREATING THE +# NETWORK. If True in multi_host mode, all compute hosts share +# the same dhcp address. The same IP address used for DHCP +# will be added on each nova-network node which is only +# visible to the vms on the same host. (boolean value) +#share_dhcp_address=false + +# DEPRECATED: THIS VALUE SHOULD BE SET WHEN CREATING THE +# NETWORK. MTU setting for network interface. (integer value) +#network_device_mtu=<None> + + +# +# Options defined in nova.objectstore.s3server +# + +# Path to S3 buckets (string value) +#buckets_path=$state_path/buckets + +# IP address for S3 API to listen (string value) +#s3_listen=0.0.0.0 + +# Port for S3 API to listen (integer value) +#s3_listen_port=3333 + + +# +# Options defined in nova.openstack.common.eventlet_backdoor +# + +# Enable eventlet backdoor. Acceptable values are 0, <port>, +# and <start>:<end>, where 0 results in listening on a random +# tcp port number; <port> results in listening on the +# specified port number (and not enabling backdoor if that +# port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range +# of port numbers. The chosen port is displayed in the +# service's log file. (string value) +#backdoor_port=<None> + + +# +# Options defined in nova.openstack.common.lockutils +# + +# Enables or disables inter-process locks. (boolean value) +#disable_process_locking=false + +# Directory to use for lock files. (string value) +lock_path=/var/lock/nova + + +# +# Options defined in nova.openstack.common.log +# + +# Print debugging output (set logging level to DEBUG instead +# of default WARNING level). (boolean value) +#debug=false + +# Print more verbose output (set logging level to INFO instead +# of default WARNING level). (boolean value) +#verbose=false + +# Log output to standard error. (boolean value) +#use_stderr=true + +# Format string to use for log messages with context. (string +# value) +#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages without context. +# (string value) +#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG. (string +# value) +#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format. +# (string value) +#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# List of logger=LEVEL pairs. (list value) +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN + +# Enables or disables publication of error events. (boolean +# value) +#publish_errors=false + +# Enables or disables fatal status of deprecations. (boolean +# value) +#fatal_deprecations=false + +# The format for an instance that is passed with the log +# message. (string value) +#instance_format="[instance: %(uuid)s] " + +# The format for an instance UUID that is passed with the log +# message. (string value) +#instance_uuid_format="[instance: %(uuid)s] " + +# The name of a logging configuration file. This file is +# appended to any existing logging configuration files. For +# details about logging configuration files, see the Python +# logging module documentation. (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append=<None> + +# DEPRECATED. A logging.Formatter log message format string +# which may use any of the available logging.LogRecord +# attributes. This option is deprecated. Please use +# logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format=<None> + +# Format string for %%(asctime)s in log records. Default: +# %(default)s . (string value) +#log_date_format=%Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to output to. If no default is +# set, logging will go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file=<None> + +# (Optional) The base directory used for relative --log-file +# paths. (string value) +# Deprecated group/name - [DEFAULT]/logdir +#log_dir=<None> + +# Use syslog for logging. Existing syslog format is DEPRECATED +# during I, and will change in J to honor RFC5424. (boolean +# value) +use_syslog=True + +# (Optional) Enables or disables syslog rfc5424 format for +# logging. If enabled, prefixes the MSG part of the syslog +# message with APP-NAME (RFC5424). The format without the APP- +# NAME is deprecated in I, and will be removed in J. (boolean +# value) +#use_syslog_rfc_format=false + +# Syslog facility to receive log lines. (string value) +#syslog_log_facility=LOG_USER + + +# +# Options defined in nova.openstack.common.memorycache +# + +# Memcached servers or None for in process cache. (list value) +#memcached_servers=<None> + + +# +# Options defined in nova.openstack.common.periodic_task +# + +# Some periodic tasks can be run in a separate process. Should +# we run them here? (boolean value) +#run_external_periodic_tasks=true + + +# +# Options defined in nova.openstack.common.policy +# + +# The JSON file that defines policies. (string value) +#policy_file=policy.json + +# Default rule. Enforced when a requested rule is not found. +# (string value) +#policy_default_rule=default + + +# +# Options defined in nova.pci.pci_request +# + +# An alias for a PCI passthrough device requirement. This +# allows users to specify the alias in the extra_spec for a +# flavor, without needing to repeat all the PCI property +# requirements. For example: pci_alias = { "name": +# "QuicAssist", "product_id": "0443", "vendor_id": "8086", +# "device_type": "ACCEL" } defines an alias for the Intel +# QuickAssist card. (multi valued) (multi valued) +#pci_alias= + + +# +# Options defined in nova.pci.pci_whitelist +# + +# White list of PCI devices available to VMs. For example: +# pci_passthrough_whitelist = [{"vendor_id": "8086", +# "product_id": "0443"}] (multi valued) +#pci_passthrough_whitelist= + + +# +# Options defined in nova.scheduler.driver +# + +# The scheduler host manager class to use (string value) +scheduler_host_manager={{ SCHEDULER_HOST_MANAGER }} + + +# +# Options defined in nova.scheduler.filter_scheduler +# + +# New instances will be scheduled on a host chosen randomly +# from a subset of the N best hosts. This property defines the +# subset size that a host is chosen from. A value of 1 chooses +# the first host returned by the weighing functions. This +# value must be at least 1. Any value less than 1 will be +# ignored, and 1 will be used instead (integer value) +#scheduler_host_subset_size=1 + + +# +# Options defined in nova.scheduler.filters.aggregate_image_properties_isolation +# + +# Force the filter to consider only keys matching the given +# namespace. (string value) +#aggregate_image_properties_isolation_namespace=<None> + +# The separator used between the namespace and keys (string +# value) +#aggregate_image_properties_isolation_separator=. + + +# +# Options defined in nova.scheduler.filters.core_filter +# + +# Virtual CPU to physical CPU allocation ratio which affects +# all CPU filters. This configuration specifies a global ratio +# for CoreFilter. For AggregateCoreFilter, it will fall back +# to this configuration value if no per-aggregate setting +# found. (floating point value) +#cpu_allocation_ratio=16.0 + + +# +# Options defined in nova.scheduler.filters.disk_filter +# + +# Virtual disk to physical disk allocation ratio (floating +# point value) +#disk_allocation_ratio=1.0 + + +# +# Options defined in nova.scheduler.filters.io_ops_filter +# + +# Tells filters to ignore hosts that have this many or more +# instances currently in build, resize, snapshot, migrate, +# rescue or unshelve task states (integer value) +#max_io_ops_per_host=8 + + +# +# Options defined in nova.scheduler.filters.isolated_hosts_filter +# + +# Images to run on isolated host (list value) +#isolated_images= + +# Host reserved for specific images (list value) +#isolated_hosts= + +# Whether to force isolated hosts to run only isolated images +# (boolean value) +#restrict_isolated_hosts_to_isolated_images=true + + +# +# Options defined in nova.scheduler.filters.num_instances_filter +# + +# Ignore hosts that have too many instances (integer value) +#max_instances_per_host=50 + + +# +# Options defined in nova.scheduler.filters.ram_filter +# + +# Virtual ram to physical ram allocation ratio which affects +# all ram filters. This configuration specifies a global ratio +# for RamFilter. For AggregateRamFilter, it will fall back to +# this configuration value if no per-aggregate setting found. +# (floating point value) +ram_allocation_ratio={{ RAM_ALLOCATION_RATIO }} + + +# +# Options defined in nova.scheduler.host_manager +# + +# Filter classes available to the scheduler which may be +# specified more than once. An entry of +# "nova.scheduler.filters.standard_filters" maps to all +# filters included with nova. (multi valued) +#scheduler_available_filters=nova.scheduler.filters.all_filters + +# Which filter class names to use for filtering hosts when not +# specified in the request. (list value) +scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter + +# Which weight class names to use for weighing hosts (list +# value) +#scheduler_weight_classes=nova.scheduler.weights.all_weighers + + +# +# Options defined in nova.scheduler.ironic_host_manager +# + +# Which filter class names to use for filtering baremetal +# hosts when not specified in the request. (list value) +#baremetal_scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ExactRamFilter,ExactDiskFilter,ExactCoreFilter + +# Flag to decide whether to use +# baremetal_scheduler_default_filters or not. (boolean value) +#scheduler_use_baremetal_filters=false + + +# +# Options defined in nova.scheduler.manager +# + +# Default driver to use for the scheduler (string value) +scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler + +# How often (in seconds) to run periodic tasks in the +# scheduler driver of your choice. Please note this is likely +# to interact with the value of service_down_time, but exactly +# how they interact will depend on your choice of scheduler +# driver. (integer value) +#scheduler_driver_task_period=60 + + +# +# Options defined in nova.scheduler.rpcapi +# + +# The topic scheduler nodes listen on (string value) +#scheduler_topic=scheduler + + +# +# Options defined in nova.scheduler.scheduler_options +# + +# Absolute path to scheduler configuration JSON file. (string +# value) +#scheduler_json_config_location= + + +# +# Options defined in nova.scheduler.utils +# + +# Maximum number of attempts to schedule an instance (integer +# value) +#scheduler_max_attempts=3 + + +# +# Options defined in nova.scheduler.weights.ram +# + +# Multiplier used for weighing ram. Negative numbers mean to +# stack vs spread. (floating point value) +#ram_weight_multiplier=1.0 + + +# +# Options defined in nova.servicegroup.api +# + +# The driver for servicegroup service (valid options are: db, +# zk, mc) (string value) +#servicegroup_driver=db + + +# +# Options defined in nova.virt.configdrive +# + +# Config drive format. One of iso9660 (default) or vfat +# (string value) +#config_drive_format=iso9660 + +# DEPRECATED (not needed any more): Where to put temporary +# files associated with config drive creation (string value) +#config_drive_tempdir=<None> + +# Set to force injection to take place on a config drive (if +# set, valid options are: always) (string value) +#force_config_drive=<None> + +# Name and optionally path of the tool used for ISO image +# creation (string value) +#mkisofs_cmd=genisoimage + + +# +# Options defined in nova.virt.disk.api +# + +# Name of the mkfs commands for ephemeral device. The format +# is <os_type>=<mkfs command> (multi valued) +#virt_mkfs= + +# Attempt to resize the filesystem by accessing the image over +# a block device. This is done by the host and may not be +# necessary if the image contains a recent version of cloud- +# init. Possible mechanisms require the nbd driver (for qcow +# and raw), or loop (for raw). (boolean value) +#resize_fs_using_block_device=false + + +# +# Options defined in nova.virt.disk.mount.nbd +# + +# Amount of time, in seconds, to wait for NBD device start up. +# (integer value) +#timeout_nbd=10 + + +# +# Options defined in nova.virt.driver +# + +# Driver to use for controlling virtualization. Options +# include: libvirt.LibvirtDriver, xenapi.XenAPIDriver, +# fake.FakeDriver, baremetal.BareMetalDriver, +# vmwareapi.VMwareVCDriver, hyperv.HyperVDriver (string value) +compute_driver={{ COMPUTE_DRIVER }} + +# The default format an ephemeral_volume will be formatted +# with on creation. (string value) +#default_ephemeral_format=<None> + +# VM image preallocation mode: "none" => no storage +# provisioning is done up front, "space" => storage is fully +# allocated at instance start (string value) +#preallocate_images=none + +# Whether to use cow images (boolean value) +#use_cow_images=true + +# Fail instance boot if vif plugging fails (boolean value) +#vif_plugging_is_fatal=true + +# Number of seconds to wait for neutron vif plugging events to +# arrive before continuing or failing (see +# vif_plugging_is_fatal). If this is set to zero and +# vif_plugging_is_fatal is False, events should not be +# expected to arrive at all. (integer value) +#vif_plugging_timeout=300 + + +# +# Options defined in nova.virt.firewall +# + +# Firewall driver (defaults to hypervisor specific iptables +# driver) (string value) +firewall_driver=nova.virt.firewall.NoopFirewallDriver + +# Whether to allow network traffic from same network (boolean +# value) +#allow_same_net_traffic=true + + +# +# Options defined in nova.virt.hardware +# + +# Defines which pcpus that instance vcpus can use. For +# example, "4-12,^8,15" (string value) +#vcpu_pin_set=<None> + + +# +# Options defined in nova.virt.imagecache +# + +# Number of seconds to wait between runs of the image cache +# manager. Set to -1 to disable. Setting this to 0 will +# disable, but this will change in the K release to mean "run +# at the default rate". (integer value) +#image_cache_manager_interval=2400 + +# Where cached images are stored under $instances_path. This +# is NOT the full path - just a folder name. For per-compute- +# host cached images, set to _base_$my_ip (string value) +#image_cache_subdirectory_name=_base + +# Should unused base images be removed? (boolean value) +#remove_unused_base_images=true + +# Unused unresized base images younger than this will not be +# removed (integer value) +#remove_unused_original_minimum_age_seconds=86400 + + +# +# Options defined in nova.virt.images +# + +# Force backing images to raw format (boolean value) +#force_raw_images=true + + +# +# Options defined in nova.virt.netutils +# + +# Template file for injected network (string value) +#injected_network_template=$pybasedir/nova/virt/interfaces.template + + +# +# Options defined in nova.vnc +# + +# Location of VNC console proxy, in the form +# "http://127.0.0.1:6080/vnc_auto.html" (string value) +novncproxy_base_url=http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:6080/vnc_auto.html + +# Location of nova xvp VNC console proxy, in the form +# "http://127.0.0.1:6081/console" (string value) +#xvpvncproxy_base_url=http://127.0.0.1:6081/console + +# IP address on which instance vncservers should listen +# (string value) +vncserver_listen=0.0.0.0 + +# The address to which proxy clients (like nova-xvpvncproxy) +# should connect (string value) +vncserver_proxyclient_address={{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +# Enable VNC related features (boolean value) +vnc_enabled=true + +# Keymap for VNC (string value) +vnc_keymap=en-us + + +# +# Options defined in nova.vnc.xvp_proxy +# + +# Port that the XCP VNC proxy should bind to (integer value) +#xvpvncproxy_port=6081 + +# Address that the XCP VNC proxy should bind to (string value) +#xvpvncproxy_host=0.0.0.0 + + +# +# Options defined in nova.volume +# + +# The full class name of the volume API class to use (string +# value) +#volume_api_class=nova.volume.cinder.API + + +[baremetal] + +# +# Options defined in nova.virt.baremetal.db.api +# + +# The backend to use for bare-metal database (string value) +#db_backend=sqlalchemy + + +# +# Options defined in nova.virt.baremetal.db.sqlalchemy.session +# + +# The SQLAlchemy connection string used to connect to the +# bare-metal database (string value) +#sql_connection=sqlite:///$state_path/baremetal_nova.sqlite + + +# +# Options defined in nova.virt.baremetal.driver +# + +# Baremetal VIF driver. (string value) +#vif_driver=nova.virt.baremetal.vif_driver.BareMetalVIFDriver + +# Baremetal volume driver. (string value) +#volume_driver=nova.virt.baremetal.volume_driver.LibvirtVolumeDriver + +# A list of additional capabilities corresponding to +# flavor_extra_specs for this compute host to advertise. Valid +# entries are name=value, pairs For example, "key1:val1, +# key2:val2" (list value) +#flavor_extra_specs= + +# Baremetal driver back-end (pxe or tilera) (string value) +#driver=nova.virt.baremetal.pxe.PXE + +# Baremetal power management method (string value) +#power_manager=nova.virt.baremetal.ipmi.IPMI + +# Baremetal compute node's tftp root path (string value) +#tftp_root=/tftpboot + + +# +# Options defined in nova.virt.baremetal.ipmi +# + +# Path to baremetal terminal program (string value) +#terminal=shellinaboxd + +# Path to baremetal terminal SSL cert(PEM) (string value) +#terminal_cert_dir=<None> + +# Path to directory stores pidfiles of baremetal_terminal +# (string value) +#terminal_pid_dir=$state_path/baremetal/console + +# Maximal number of retries for IPMI operations (integer +# value) +#ipmi_power_retry=10 + + +# +# Options defined in nova.virt.baremetal.pxe +# + +# Default kernel image ID used in deployment phase (string +# value) +#deploy_kernel=<None> + +# Default ramdisk image ID used in deployment phase (string +# value) +#deploy_ramdisk=<None> + +# Template file for injected network config (string value) +#net_config_template=$pybasedir/nova/virt/baremetal/net-dhcp.ubuntu.template + +# Additional append parameters for baremetal PXE boot (string +# value) +#pxe_append_params=nofb nomodeset vga=normal + +# Template file for PXE configuration (string value) +#pxe_config_template=$pybasedir/nova/virt/baremetal/pxe_config.template + +# If True, enable file injection for network info, files and +# admin password (boolean value) +#use_file_injection=false + +# Timeout for PXE deployments. Default: 0 (unlimited) (integer +# value) +#pxe_deploy_timeout=0 + +# If set, pass the network configuration details to the +# initramfs via cmdline. (boolean value) +#pxe_network_config=false + +# This gets passed to Neutron as the bootfile dhcp parameter. +# (string value) +#pxe_bootfile_name=pxelinux.0 + + +# +# Options defined in nova.virt.baremetal.tilera_pdu +# + +# IP address of tilera pdu (string value) +#tile_pdu_ip=10.0.100.1 + +# Management script for tilera pdu (string value) +#tile_pdu_mgr=/tftpboot/pdu_mgr + +# Power status of tilera PDU is OFF (integer value) +#tile_pdu_off=2 + +# Power status of tilera PDU is ON (integer value) +#tile_pdu_on=1 + +# Power status of tilera PDU (integer value) +#tile_pdu_status=9 + +# Wait time in seconds until check the result after tilera +# power operations (integer value) +#tile_power_wait=9 + + +# +# Options defined in nova.virt.baremetal.virtual_power_driver +# + +# IP or name to virtual power host (string value) +#virtual_power_ssh_host= + +# Port to use for ssh to virtual power host (integer value) +#virtual_power_ssh_port=22 + +# Base command to use for virtual power(vbox, virsh) (string +# value) +#virtual_power_type=virsh + +# User to execute virtual power commands as (string value) +#virtual_power_host_user= + +# Password for virtual power host_user (string value) +#virtual_power_host_pass= + +# The ssh key for virtual power host_user (string value) +#virtual_power_host_key=<None> + + +# +# Options defined in nova.virt.baremetal.volume_driver +# + +# Do not set this out of dev/test environments. If a node does +# not have a fixed PXE IP address, volumes are exported with +# globally opened ACL (boolean value) +#use_unsafe_iscsi=false + +# The iSCSI IQN prefix used in baremetal volume connections. +# (string value) +#iscsi_iqn_prefix=iqn.2010-10.org.openstack.baremetal + + +[cells] + +# +# Options defined in nova.cells.manager +# + +# Cells communication driver to use (string value) +#driver=nova.cells.rpc_driver.CellsRPCDriver + +# Number of seconds after an instance was updated or deleted +# to continue to update cells (integer value) +#instance_updated_at_threshold=3600 + +# Number of instances to update per periodic task run (integer +# value) +#instance_update_num_instances=1 + + +# +# Options defined in nova.cells.messaging +# + +# Maximum number of hops for cells routing. (integer value) +#max_hop_count=10 + +# Cells scheduler to use (string value) +#scheduler=nova.cells.scheduler.CellsScheduler + + +# +# Options defined in nova.cells.opts +# + +# Enable cell functionality (boolean value) +#enable=false + +# The topic cells nodes listen on (string value) +#topic=cells + +# Manager for cells (string value) +#manager=nova.cells.manager.CellsManager + +# Name of this cell (string value) +#name=nova + +# Key/Multi-value list with the capabilities of the cell (list +# value) +#capabilities=hypervisor=xenserver;kvm,os=linux;windows + +# Seconds to wait for response from a call to a cell. (integer +# value) +#call_timeout=60 + +# Percentage of cell capacity to hold in reserve. Affects both +# memory and disk utilization (floating point value) +#reserve_percent=10.0 + +# Type of cell: api or compute (string value) +#cell_type=compute + +# Number of seconds after which a lack of capability and +# capacity updates signals the child cell is to be treated as +# a mute. (integer value) +#mute_child_interval=300 + +# Seconds between bandwidth updates for cells. (integer value) +#bandwidth_update_interval=600 + + +# +# Options defined in nova.cells.rpc_driver +# + +# Base queue name to use when communicating between cells. +# Various topics by message type will be appended to this. +# (string value) +#rpc_driver_queue_base=cells.intercell + + +# +# Options defined in nova.cells.scheduler +# + +# Filter classes the cells scheduler should use. An entry of +# "nova.cells.filters.all_filters" maps to all cells filters +# included with nova. (list value) +#scheduler_filter_classes=nova.cells.filters.all_filters + +# Weigher classes the cells scheduler should use. An entry of +# "nova.cells.weights.all_weighers" maps to all cell weighers +# included with nova. (list value) +#scheduler_weight_classes=nova.cells.weights.all_weighers + +# How many retries when no cells are available. (integer +# value) +#scheduler_retries=10 + +# How often to retry in seconds when no cells are available. +# (integer value) +#scheduler_retry_delay=2 + + +# +# Options defined in nova.cells.state +# + +# Interval, in seconds, for getting fresh cell information +# from the database. (integer value) +#db_check_interval=60 + +# Configuration file from which to read cells configuration. +# If given, overrides reading cells from the database. (string +# value) +#cells_config=<None> + + +# +# Options defined in nova.cells.weights.mute_child +# + +# Multiplier used to weigh mute children. (The value should be +# negative.) (floating point value) +#mute_weight_multiplier=-10.0 + +# Weight value assigned to mute children. (The value should be +# positive.) (floating point value) +#mute_weight_value=1000.0 + + +# +# Options defined in nova.cells.weights.ram_by_instance_type +# + +# Multiplier used for weighing ram. Negative numbers mean to +# stack vs spread. (floating point value) +#ram_weight_multiplier=10.0 + + +# +# Options defined in nova.cells.weights.weight_offset +# + +# Multiplier used to weigh offset weigher. (floating point +# value) +#offset_weight_multiplier=1.0 + + +[cinder] + +# +# Options defined in nova.volume.cinder +# + +# Info to match when looking for cinder in the service +# catalog. Format is: separated values of the form: +# <service_type>:<service_name>:<endpoint_type> (string value) +# Deprecated group/name - [DEFAULT]/cinder_catalog_info +#catalog_info=volume:cinder:publicURL + +# Override service catalog lookup with template for cinder +# endpoint e.g. http://localhost:8776/v1/%(project_id)s +# (string value) +# Deprecated group/name - [DEFAULT]/cinder_endpoint_template +#endpoint_template=<None> + +# Region name of this node (string value) +# Deprecated group/name - [DEFAULT]/os_region_name +#os_region_name=<None> + +# Location of ca certificates file to use for cinder client +# requests. (string value) +# Deprecated group/name - [DEFAULT]/cinder_ca_certificates_file +#ca_certificates_file=<None> + +# Number of cinderclient retries on failed http calls (integer +# value) +# Deprecated group/name - [DEFAULT]/cinder_http_retries +#http_retries=3 + +# HTTP inactivity timeout (in seconds) (integer value) +# Deprecated group/name - [DEFAULT]/cinder_http_timeout +#http_timeout=<None> + +# Allow to perform insecure SSL requests to cinder (boolean +# value) +# Deprecated group/name - [DEFAULT]/cinder_api_insecure +#api_insecure=false + +# Allow attach between instance and volume in different +# availability zones. (boolean value) +# Deprecated group/name - [DEFAULT]/cinder_cross_az_attach +#cross_az_attach=true + + +[conductor] + +# +# Options defined in nova.conductor.api +# + +# Perform nova-conductor operations locally (boolean value) +use_local=true + +# The topic on which conductor nodes listen (string value) +#topic=conductor + +# Full class name for the Manager for conductor (string value) +#manager=nova.conductor.manager.ConductorManager + +# Number of workers for OpenStack Conductor service. The +# default will be the number of CPUs available. (integer +# value) +#workers=<None> + + +[ephemeral_storage_encryption] + +# +# Options defined in nova.compute.api +# + +# Whether to encrypt ephemeral storage (boolean value) +#enabled=false + +# The cipher and mode to be used to encrypt ephemeral storage. +# Which ciphers are available ciphers depends on kernel +# support. See /proc/crypto for the list of available options. +# (string value) +#cipher=aes-xts-plain64 + +# The bit length of the encryption key to be used to encrypt +# ephemeral storage (in XTS mode only half of the bits are +# used for encryption key) (integer value) +#key_size=512 + + +[glance] + +# +# Options defined in nova.image.glance +# + +# Default glance hostname or IP address (string value) +# Deprecated group/name - [DEFAULT]/glance_host +host={{ CONTROLLER_HOST_ADDRESS }} + +# Default glance port (integer value) +# Deprecated group/name - [DEFAULT]/glance_port +port=9292 + +# Default protocol to use when connecting to glance. Set to +# https for SSL. (string value) +# Deprecated group/name - [DEFAULT]/glance_protocol +protocol=http + +# A list of the glance api servers available to nova. Prefix +# with https:// for ssl-based glance api servers. +# ([hostname|ip]:port) (list value) +# Deprecated group/name - [DEFAULT]/glance_api_servers +api_servers=$host:$port + +# Allow to perform insecure SSL (https) requests to glance +# (boolean value) +# Deprecated group/name - [DEFAULT]/glance_api_insecure +#api_insecure=false + +# Number of retries when downloading an image from glance +# (integer value) +# Deprecated group/name - [DEFAULT]/glance_num_retries +#num_retries=0 + +# A list of url scheme that can be downloaded directly via the +# direct_url. Currently supported schemes: [file]. (list +# value) +#allowed_direct_url_schemes= + + +[hyperv] + +# +# Options defined in nova.virt.hyperv.pathutils +# + +# The name of a Windows share name mapped to the +# "instances_path" dir and used by the resize feature to copy +# files to the target host. If left blank, an administrative +# share will be used, looking for the same "instances_path" +# used locally (string value) +#instances_path_share= + + +# +# Options defined in nova.virt.hyperv.utilsfactory +# + +# Force V1 WMI utility classes (boolean value) +#force_hyperv_utils_v1=false + +# Force V1 volume utility class (boolean value) +#force_volumeutils_v1=false + + +# +# Options defined in nova.virt.hyperv.vif +# + +# External virtual switch Name, if not provided, the first +# external virtual switch is used (string value) +#vswitch_name=<None> + + +# +# Options defined in nova.virt.hyperv.vmops +# + +# Required for live migration among hosts with different CPU +# features (boolean value) +#limit_cpu_features=false + +# Sets the admin password in the config drive image (boolean +# value) +#config_drive_inject_password=false + +# Path of qemu-img command which is used to convert between +# different image types (string value) +#qemu_img_cmd=qemu-img.exe + +# Attaches the Config Drive image as a cdrom drive instead of +# a disk drive (boolean value) +#config_drive_cdrom=false + +# Enables metrics collections for an instance by using +# Hyper-V's metric APIs. Collected data can by retrieved by +# other apps and services, e.g.: Ceilometer. Requires Hyper-V +# / Windows Server 2012 and above (boolean value) +#enable_instance_metrics_collection=false + +# Enables dynamic memory allocation (ballooning) when set to a +# value greater than 1. The value expresses the ratio between +# the total RAM assigned to an instance and its startup RAM +# amount. For example a ratio of 2.0 for an instance with +# 1024MB of RAM implies 512MB of RAM allocated at startup +# (floating point value) +#dynamic_memory_ratio=1.0 + +# Number of seconds to wait for instance to shut down after +# soft reboot request is made. We fall back to hard reboot if +# instance does not shutdown within this window. (integer +# value) +#wait_soft_reboot_seconds=60 + + +# +# Options defined in nova.virt.hyperv.volumeops +# + +# The number of times to retry to attach a volume (integer +# value) +#volume_attach_retry_count=10 + +# Interval between volume attachment attempts, in seconds +# (integer value) +#volume_attach_retry_interval=5 + +# The number of times to retry checking for a disk mounted via +# iSCSI. (integer value) +#mounted_disk_query_retry_count=10 + +# Interval between checks for a mounted iSCSI disk, in +# seconds. (integer value) +#mounted_disk_query_retry_interval=5 + + +[image_file_url] + +# +# Options defined in nova.image.download.file +# + +# List of file systems that are configured in this file in the +# image_file_url:<list entry name> sections (list value) +#filesystems= + + +[ironic] + +# +# Options defined in nova.virt.ironic.driver +# + +# Version of Ironic API service endpoint. (integer value) +#api_version=1 + +# URL for Ironic API endpoint. (string value) +api_endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:6385/v1 + +# Ironic keystone admin name (string value) +admin_username={{ IRONIC_SERVICE_USER }} + +# Ironic keystone admin password. (string value) +admin_password={{ IRONIC_SERVICE_PASSWORD }} + +# Ironic keystone auth token. (string value) +#admin_auth_token=<None> + +# Keystone public API endpoint. (string value) +admin_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + +# Log level override for ironicclient. Set this in order to +# override the global "default_log_levels", "verbose", and +# "debug" settings. (string value) +#client_log_level=<None> + +# Ironic keystone tenant name. (string value) +admin_tenant_name=service + +# How many retries when a request does conflict. (integer +# value) +#api_max_retries=60 + +# How often to retry in seconds when a request does conflict +# (integer value) +#api_retry_interval=2 + + +[keymgr] + +# +# Options defined in nova.keymgr +# + +# The full class name of the key manager API class (string +# value) +#api_class=nova.keymgr.conf_key_mgr.ConfKeyManager + + +# +# Options defined in nova.keymgr.conf_key_mgr +# + +# Fixed key returned by key manager, specified in hex (string +# value) +#fixed_key=<None> + + +[keystone_authtoken] + +# +# Options defined in keystonemiddleware.auth_token +# + +# Prefix to prepend at the beginning of the path. Deprecated, +# use identity_uri. (string value) +#auth_admin_prefix= + +# Host providing the admin Identity API endpoint. Deprecated, +# use identity_uri. (string value) +#auth_host=127.0.0.1 + +# Port of the admin Identity API endpoint. Deprecated, use +# identity_uri. (integer value) +auth_port=35357 + +# Protocol of the admin Identity API endpoint (http or https). +# Deprecated, use identity_uri. (string value) +auth_protocol=http + +# Complete public Identity API endpoint (string value) +auth_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + +# Complete admin Identity API endpoint. This should specify +# the unversioned root endpoint e.g. https://localhost:35357/ +# (string value) +identity_uri=http://{{ CONTROLLER_HOST_ADDRESS }}:35357 + +# API version of the admin Identity API endpoint (string +# value) +auth_version=v2.0 + +# Do not handle authorization requests within the middleware, +# but delegate the authorization decision to downstream WSGI +# components (boolean value) +#delay_auth_decision=false + +# Request timeout value for communicating with Identity API +# server. (boolean value) +#http_connect_timeout=<None> + +# How many times are we trying to reconnect when communicating +# with Identity API Server. (integer value) +#http_request_max_retries=3 + +# This option is deprecated and may be removed in a future +# release. Single shared secret with the Keystone +# configuration used for bootstrapping a Keystone +# installation, or otherwise bypassing the normal +# authentication process. This option should not be used, use +# `admin_user` and `admin_password` instead. (string value) +#admin_token=<None> + +# Keystone account username (string value) +admin_user={{ NOVA_SERVICE_USER }} + +# Keystone account password (string value) +admin_password={{ NOVA_SERVICE_PASSWORD }} + +# Keystone service account tenant name to validate user tokens +# (string value) +admin_tenant_name=service + +# Env key for the swift cache (string value) +#cache=<None> + +# Required if Keystone server requires client certificate +# (string value) +#certfile=<None> + +# Required if Keystone server requires client certificate +# (string value) +#keyfile=<None> + +# A PEM encoded Certificate Authority to use when verifying +# HTTPs connections. Defaults to system CAs. (string value) +#cafile=<None> + +# Verify HTTPS connections. (boolean value) +#insecure=false + +# Directory used to cache files related to PKI tokens (string +# value) +#signing_dir=<None> + +# Optionally specify a list of memcached server(s) to use for +# caching. If left undefined, tokens will instead be cached +# in-process. (list value) +# Deprecated group/name - [DEFAULT]/memcache_servers +#memcached_servers=<None> + +# In order to prevent excessive effort spent validating +# tokens, the middleware caches previously-seen tokens for a +# configurable duration (in seconds). Set to -1 to disable +# caching completely. (integer value) +#token_cache_time=300 + +# Determines the frequency at which the list of revoked tokens +# is retrieved from the Identity service (in seconds). A high +# number of revocation events combined with a low cache +# duration may significantly reduce performance. (integer +# value) +#revocation_cache_time=10 + +# (optional) if defined, indicate whether token data should be +# authenticated or authenticated and encrypted. Acceptable +# values are MAC or ENCRYPT. If MAC, token data is +# authenticated (with HMAC) in the cache. If ENCRYPT, token +# data is encrypted and authenticated in the cache. If the +# value is not one of these options or empty, auth_token will +# raise an exception on initialization. (string value) +#memcache_security_strategy=<None> + +# (optional, mandatory if memcache_security_strategy is +# defined) this string is used for key derivation. (string +# value) +#memcache_secret_key=<None> + +# (optional) number of seconds memcached server is considered +# dead before it is tried again. (integer value) +#memcache_pool_dead_retry=300 + +# (optional) max total number of open connections to every +# memcached server. (integer value) +#memcache_pool_maxsize=10 + +# (optional) socket timeout in seconds for communicating with +# a memcache server. (integer value) +#memcache_pool_socket_timeout=3 + +# (optional) number of seconds a connection to memcached is +# held unused in the pool before it is closed. (integer value) +#memcache_pool_unused_timeout=60 + +# (optional) number of seconds that an operation will wait to +# get a memcache client connection from the pool. (integer +# value) +#memcache_pool_conn_get_timeout=10 + +# (optional) use the advanced (eventlet safe) memcache client +# pool. The advanced pool will only work under python 2.x. +# (boolean value) +#memcache_use_advanced_pool=false + +# (optional) indicate whether to set the X-Service-Catalog +# header. If False, middleware will not ask for service +# catalog on token validation and will not set the X-Service- +# Catalog header. (boolean value) +#include_service_catalog=true + +# Used to control the use and type of token binding. Can be +# set to: "disabled" to not check token binding. "permissive" +# (default) to validate binding information if the bind type +# is of a form known to the server and ignore it if not. +# "strict" like "permissive" but if the bind type is unknown +# the token will be rejected. "required" any form of token +# binding is needed to be allowed. Finally the name of a +# binding method that must be present in tokens. (string +# value) +#enforce_token_bind=permissive + +# If true, the revocation list will be checked for cached +# tokens. This requires that PKI tokens are configured on the +# Keystone server. (boolean value) +#check_revocations_for_cached=false + +# Hash algorithms to use for hashing PKI tokens. This may be a +# single algorithm or multiple. The algorithms are those +# supported by Python standard hashlib.new(). The hashes will +# be tried in the order given, so put the preferred one first +# for performance. The result of the first hash will be stored +# in the cache. This will typically be set to multiple values +# only while migrating from a less secure algorithm to a more +# secure one. Once all the old tokens are expired this option +# should be set to a single value for better performance. +# (list value) +#hash_algorithms=md5 + + +[libvirt] + +# +# Options defined in nova.virt.libvirt.driver +# + +# Rescue ami image. This will not be used if an image id is +# provided by the user. (string value) +#rescue_image_id=<None> + +# Rescue aki image (string value) +#rescue_kernel_id=<None> + +# Rescue ari image (string value) +#rescue_ramdisk_id=<None> + +# Libvirt domain type (valid options are: kvm, lxc, qemu, uml, +# xen) (string value) +virt_type={{ NOVA_VIRT_TYPE }} + +# Override the default libvirt URI (which is dependent on +# virt_type) (string value) +#connection_uri= + +# Inject the admin password at boot time, without an agent. +# (boolean value) +#inject_password=false + +# Inject the ssh public key at boot time (boolean value) +#inject_key=false + +# The partition to inject to : -2 => disable, -1 => inspect +# (libguestfs only), 0 => not partitioned, >0 => partition +# number (integer value) +#inject_partition=-2 + +# Sync virtual and real mouse cursors in Windows VMs (boolean +# value) +#use_usb_tablet=true + +# Migration target URI (any included "%s" is replaced with the +# migration target hostname) (string value) +#live_migration_uri=qemu+tcp://%s/system + +# Migration flags to be set for live migration (string value) +#live_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED + +# Migration flags to be set for block migration (string value) +#block_migration_flag=VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED, VIR_MIGRATE_NON_SHARED_INC + +# Maximum bandwidth to be used during migration, in Mbps +# (integer value) +#live_migration_bandwidth=0 + +# Snapshot image format (valid options are : raw, qcow2, vmdk, +# vdi). Defaults to same as source image (string value) +#snapshot_image_format=<None> + +# DEPRECATED. Libvirt handlers for remote volumes. This option +# is deprecated and will be removed in the Kilo release. (list +# value) +#volume_drivers=iscsi=nova.virt.libvirt.volume.LibvirtISCSIVolumeDriver,iser=nova.virt.libvirt.volume.LibvirtISERVolumeDriver,local=nova.virt.libvirt.volume.LibvirtVolumeDriver,fake=nova.virt.libvirt.volume.LibvirtFakeVolumeDriver,rbd=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,sheepdog=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,nfs=nova.virt.libvirt.volume.LibvirtNFSVolumeDriver,aoe=nova.virt.libvirt.volume.LibvirtAOEVolumeDriver,glusterfs=nova.virt.libvirt.volume.LibvirtGlusterfsVolumeDriver,fibre_channel=nova.virt.libvirt.volume.LibvirtFibreChannelVolumeDriver,scality=nova.virt.libvirt.volume.LibvirtScalityVolumeDriver + +# Override the default disk prefix for the devices attached to +# a server, which is dependent on virt_type. (valid options +# are: sd, xvd, uvd, vd) (string value) +#disk_prefix=<None> + +# Number of seconds to wait for instance to shut down after +# soft reboot request is made. We fall back to hard reboot if +# instance does not shutdown within this window. (integer +# value) +#wait_soft_reboot_seconds=120 + +# Set to "host-model" to clone the host CPU feature flags; to +# "host-passthrough" to use the host CPU model exactly; to +# "custom" to use a named CPU model; to "none" to not set any +# CPU model. If virt_type="kvm|qemu", it will default to +# "host-model", otherwise it will default to "none" (string +# value) +#cpu_mode=<None> + +# Set to a named libvirt CPU model (see names listed in +# /usr/share/libvirt/cpu_map.xml). Only has effect if +# cpu_mode="custom" and virt_type="kvm|qemu" (string value) +#cpu_model=<None> + +# Location where libvirt driver will store snapshots before +# uploading them to image service (string value) +#snapshots_directory=$instances_path/snapshots + +# Location where the Xen hvmloader is kept (string value) +#xen_hvmloader_path=/usr/lib/xen/boot/hvmloader + +# Specific cachemodes to use for different disk types e.g: +# file=directsync,block=none (list value) +#disk_cachemodes= + +# A path to a device that will be used as source of entropy on +# the host. Permitted options are: /dev/random or /dev/hwrng +# (string value) +#rng_dev_path=<None> + +# For qemu or KVM guests, set this option to specify a default +# machine type per host architecture. You can find a list of +# supported machine types in your environment by checking the +# output of the "virsh capabilities"command. The format of the +# value for this config option is host-arch=machine-type. For +# example: x86_64=machinetype1,armv7l=machinetype2 (list +# value) +#hw_machine_type=<None> + +# The data source used to the populate the host "serial" UUID +# exposed to guest in the virtual BIOS. Permitted options are +# "hardware", "os", "none" or "auto" (default). (string value) +#sysinfo_serial=auto + +# A number of seconds to memory usage statistics period. Zero +# or negative value mean to disable memory usage statistics. +# (integer value) +#mem_stats_period_seconds=10 + +# List of uid targets and ranges.Syntax is guest-uid:host- +# uid:countMaximum of 5 allowed. (list value) +#uid_maps= + +# List of guid targets and ranges.Syntax is guest-gid:host- +# gid:countMaximum of 5 allowed. (list value) +#gid_maps= + + +# +# Options defined in nova.virt.libvirt.imagebackend +# + +# VM Images format. Acceptable values are: raw, qcow2, lvm, +# rbd, default. If default is specified, then use_cow_images +# flag is used instead of this one. (string value) +#images_type=default + +# LVM Volume Group that is used for VM images, when you +# specify images_type=lvm. (string value) +#images_volume_group=<None> + +# Create sparse logical volumes (with virtualsize) if this +# flag is set to True. (boolean value) +#sparse_logical_volumes=false + +# Method used to wipe old volumes (valid options are: none, +# zero, shred) (string value) +#volume_clear=zero + +# Size in MiB to wipe at start of old volumes. 0 => all +# (integer value) +#volume_clear_size=0 + +# The RADOS pool in which rbd volumes are stored (string +# value) +#images_rbd_pool=rbd + +# Path to the ceph configuration file to use (string value) +#images_rbd_ceph_conf= + +# Discard option for nova managed disks (valid options are: +# ignore, unmap). Need Libvirt(1.0.6) Qemu1.5 (raw format) +# Qemu1.6(qcow2 format) (string value) +#hw_disk_discard=<None> + + +# +# Options defined in nova.virt.libvirt.imagecache +# + +# Allows image information files to be stored in non-standard +# locations (string value) +#image_info_filename_pattern=$instances_path/$image_cache_subdirectory_name/%(image)s.info + +# Should unused kernel images be removed? This is only safe to +# enable if all compute nodes have been updated to support +# this option. This will be enabled by default in future. +# (boolean value) +#remove_unused_kernels=false + +# Unused resized base images younger than this will not be +# removed (integer value) +#remove_unused_resized_minimum_age_seconds=3600 + +# Write a checksum for files in _base to disk (boolean value) +#checksum_base_images=false + +# How frequently to checksum base images (integer value) +#checksum_interval_seconds=3600 + + +# +# Options defined in nova.virt.libvirt.utils +# + +# Compress snapshot images when possible. This currently +# applies exclusively to qcow2 images (boolean value) +#snapshot_compression=false + + +# +# Options defined in nova.virt.libvirt.vif +# + +# Use virtio for bridge interfaces with KVM/QEMU (boolean +# value) +#use_virtio_for_bridges=true + + +# +# Options defined in nova.virt.libvirt.volume +# + +# Number of times to rescan iSCSI target to find volume +# (integer value) +#num_iscsi_scan_tries=5 + +# Number of times to rescan iSER target to find volume +# (integer value) +#num_iser_scan_tries=5 + +# The RADOS client name for accessing rbd volumes (string +# value) +#rbd_user=<None> + +# The libvirt UUID of the secret for the rbd_uservolumes +# (string value) +#rbd_secret_uuid=<None> + +# Directory where the NFS volume is mounted on the compute +# node (string value) +#nfs_mount_point_base=$state_path/mnt + +# Mount options passedf to the NFS client. See section of the +# nfs man page for details (string value) +#nfs_mount_options=<None> + +# Number of times to rediscover AoE target to find volume +# (integer value) +#num_aoe_discover_tries=3 + +# Directory where the glusterfs volume is mounted on the +# compute node (string value) +#glusterfs_mount_point_base=$state_path/mnt + +# Use multipath connection of the iSCSI volume (boolean value) +#iscsi_use_multipath=false + +# Use multipath connection of the iSER volume (boolean value) +#iser_use_multipath=false + +# Path or URL to Scality SOFS configuration file (string +# value) +#scality_sofs_config=<None> + +# Base dir where Scality SOFS shall be mounted (string value) +#scality_sofs_mount_point=$state_path/scality + +# Protocols listed here will be accessed directly from QEMU. +# Currently supported protocols: [gluster] (list value) +#qemu_allowed_storage_drivers= + + +[matchmaker_redis] + +# +# Options defined in oslo.messaging +# + +# Host to locate redis. (string value) +#host=127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port=6379 + +# Password for Redis server (optional). (string value) +#password=<None> + + +[matchmaker_ring] + +# +# Options defined in oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile=/etc/oslo/matchmaker_ring.json + + +[metrics] + +# +# Options defined in nova.scheduler.weights.metrics +# + +# Multiplier used for weighing metrics. (floating point value) +#weight_multiplier=1.0 + +# How the metrics are going to be weighed. This should be in +# the form of "<name1>=<ratio1>, <name2>=<ratio2>, ...", where +# <nameX> is one of the metrics to be weighed, and <ratioX> is +# the corresponding ratio. So for "name1=1.0, name2=-1.0" The +# final weight would be name1.value * 1.0 + name2.value * +# -1.0. (list value) +#weight_setting= + +# How to treat the unavailable metrics. When a metric is NOT +# available for a host, if it is set to be True, it would +# raise an exception, so it is recommended to use the +# scheduler filter MetricFilter to filter out those hosts. If +# it is set to be False, the unavailable metric would be +# treated as a negative factor in weighing process, the +# returned value would be set by the option +# weight_of_unavailable. (boolean value) +#required=true + +# The final weight value to be returned if required is set to +# False and any one of the metrics set by weight_setting is +# unavailable. (floating point value) +#weight_of_unavailable=-10000.0 + + +[neutron] + +# +# Options defined in nova.api.metadata.handler +# + +# Set flag to indicate Neutron will proxy metadata requests +# and resolve instance ids. (boolean value) +# Deprecated group/name - [DEFAULT]/service_neutron_metadata_proxy +service_metadata_proxy=True + +# Shared secret to validate proxies Neutron metadata requests +# (string value) +# Deprecated group/name - [DEFAULT]/neutron_metadata_proxy_shared_secret +metadata_proxy_shared_secret={{ METADATA_PROXY_SHARED_SECRET }} + + +# +# Options defined in nova.network.neutronv2.api +# + +# URL for connecting to neutron (string value) +# Deprecated group/name - [DEFAULT]/neutron_url +url=http://{{ CONTROLLER_HOST_ADDRESS }}:9696 + +# Timeout value for connecting to neutron in seconds (integer +# value) +# Deprecated group/name - [DEFAULT]/neutron_url_timeout +#url_timeout=30 + +# User id for connecting to neutron in admin context (string +# value) +#admin_user_id=<None> + +# Username for connecting to neutron in admin context (string +# value) +# Deprecated group/name - [DEFAULT]/neutron_admin_username +admin_username={{ NEUTRON_SERVICE_USER }} + +# Password for connecting to neutron in admin context (string +# value) +# Deprecated group/name - [DEFAULT]/neutron_admin_password +admin_password={{ NEUTRON_SERVICE_PASSWORD }} + +# Tenant id for connecting to neutron in admin context (string +# value) +# Deprecated group/name - [DEFAULT]/neutron_admin_tenant_id +#admin_tenant_id=<None> + +# Tenant name for connecting to neutron in admin context. This +# option will be ignored if neutron_admin_tenant_id is set. +# Note that with Keystone V3 tenant names are only unique +# within a domain. (string value) +# Deprecated group/name - [DEFAULT]/neutron_admin_tenant_name +admin_tenant_name=service + +# Region name for connecting to neutron in admin context +# (string value) +# Deprecated group/name - [DEFAULT]/neutron_region_name +#region_name=<None> + +# Authorization URL for connecting to neutron in admin context +# (string value) +# Deprecated group/name - [DEFAULT]/neutron_admin_auth_url +admin_auth_url=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + +# If set, ignore any SSL validation issues (boolean value) +# Deprecated group/name - [DEFAULT]/neutron_api_insecure +#api_insecure=false + +# Authorization strategy for connecting to neutron in admin +# context (string value) +# Deprecated group/name - [DEFAULT]/neutron_auth_strategy +auth_strategy=keystone + +# Name of Integration Bridge used by Open vSwitch (string +# value) +# Deprecated group/name - [DEFAULT]/neutron_ovs_bridge +#ovs_bridge=br-int + +# Number of seconds before querying neutron for extensions +# (integer value) +# Deprecated group/name - [DEFAULT]/neutron_extension_sync_interval +#extension_sync_interval=600 + +# Location of CA certificates file to use for neutron client +# requests. (string value) +# Deprecated group/name - [DEFAULT]/neutron_ca_certificates_file +#ca_certificates_file=<None> + +# Allow an instance to have multiple vNICs attached to the +# same Neutron network. (boolean value) +#allow_duplicate_networks=false + + +[osapi_v3] + +# +# Options defined in nova.api.openstack +# + +# Whether the V3 API is enabled or not (boolean value) +#enabled=false + +# A list of v3 API extensions to never load. Specify the +# extension aliases here. (list value) +#extensions_blacklist= + +# If the list is not empty then a v3 API extension will only +# be loaded if it exists in this list. Specify the extension +# aliases here. (list value) +#extensions_whitelist= + + +[rdp] + +# +# Options defined in nova.rdp +# + +# Location of RDP html5 console proxy, in the form +# "http://127.0.0.1:6083/" (string value) +#html5_proxy_base_url=http://127.0.0.1:6083/ + +# Enable RDP related features (boolean value) +#enabled=false + + +[serial_console] + +# +# Options defined in nova.cmd.serialproxy +# + +# Host on which to listen for incoming requests (string value) +serialproxy_host=127.0.0.1 + +# Port on which to listen for incoming requests (integer +# value) +#serialproxy_port=6083 + + +# +# Options defined in nova.console.serial +# + +# Enable serial console related features (boolean value) +enabled=false + +# Range of TCP ports to use for serial ports on compute hosts +# (string value) +#port_range=10000:20000 + +# Location of serial console proxy. (string value) +#base_url=ws://127.0.0.1:6083/ + +# IP address on which instance serial console should listen +# (string value) +#listen=127.0.0.1 + +# The address to which proxy clients (like nova-serialproxy) +# should connect (string value) +#proxyclient_address=127.0.0.1 + + +[spice] + +# +# Options defined in nova.cmd.spicehtml5proxy +# + +# Host on which to listen for incoming requests (string value) +# Deprecated group/name - [DEFAULT]/spicehtml5proxy_host +#html5proxy_host=0.0.0.0 + +# Port on which to listen for incoming requests (integer +# value) +# Deprecated group/name - [DEFAULT]/spicehtml5proxy_port +#html5proxy_port=6082 + + +# +# Options defined in nova.spice +# + +# Location of spice HTML5 console proxy, in the form +# "http://127.0.0.1:6082/spice_auto.html" (string value) +#html5proxy_base_url=http://127.0.0.1:6082/spice_auto.html + +# IP address on which instance spice server should listen +# (string value) +#server_listen=127.0.0.1 + +# The address to which proxy clients (like nova- +# spicehtml5proxy) should connect (string value) +#server_proxyclient_address=127.0.0.1 + +# Enable spice related features (boolean value) +enabled=false + +# Enable spice guest agent support (boolean value) +#agent_enabled=true + +# Keymap for spice (string value) +#keymap=en-us + + +[ssl] + +# +# Options defined in nova.openstack.common.sslutils +# + +# CA certificate file to use to verify connecting clients. +# (string value) +#ca_file=<None> + +# Certificate file to use when starting the server securely. +# (string value) +#cert_file=<None> + +# Private key file to use when starting the server securely. +# (string value) +#key_file=<None> + + +[trusted_computing] + +# +# Options defined in nova.scheduler.filters.trusted_filter +# + +# Attestation server HTTP (string value) +#attestation_server=<None> + +# Attestation server Cert file for Identity verification +# (string value) +#attestation_server_ca_file=<None> + +# Attestation server port (string value) +#attestation_port=8443 + +# Attestation web API URL (string value) +#attestation_api_url=/OpenAttestationWebServices/V1.0 + +# Attestation authorization blob - must change (string value) +#attestation_auth_blob=<None> + +# Attestation status cache valid period length (integer value) +#attestation_auth_timeout=60 + +# Disable SSL cert verification for Attestation service +# (boolean value) +#attestation_insecure_ssl=false + + +[upgrade_levels] + +# +# Options defined in nova.baserpc +# + +# Set a version cap for messages sent to the base api in any +# service (string value) +#baseapi=<None> + + +# +# Options defined in nova.cells.rpc_driver +# + +# Set a version cap for messages sent between cells services +# (string value) +#intercell=<None> + + +# +# Options defined in nova.cells.rpcapi +# + +# Set a version cap for messages sent to local cells services +# (string value) +#cells=<None> + + +# +# Options defined in nova.cert.rpcapi +# + +# Set a version cap for messages sent to cert services (string +# value) +#cert=<None> + + +# +# Options defined in nova.compute.rpcapi +# + +# Set a version cap for messages sent to compute services. If +# you plan to do a live upgrade from havana to icehouse, you +# should set this option to "icehouse-compat" before beginning +# the live upgrade procedure. (string value) +#compute=<None> + + +# +# Options defined in nova.conductor.rpcapi +# + +# Set a version cap for messages sent to conductor services +# (string value) +#conductor=<None> + + +# +# Options defined in nova.console.rpcapi +# + +# Set a version cap for messages sent to console services +# (string value) +#console=<None> + + +# +# Options defined in nova.consoleauth.rpcapi +# + +# Set a version cap for messages sent to consoleauth services +# (string value) +#consoleauth=<None> + + +# +# Options defined in nova.network.rpcapi +# + +# Set a version cap for messages sent to network services +# (string value) +#network=<None> + + +# +# Options defined in nova.scheduler.rpcapi +# + +# Set a version cap for messages sent to scheduler services +# (string value) +#scheduler=<None> + + +[vmware] + +# +# Options defined in nova.virt.vmwareapi.driver +# + +# Hostname or IP address for connection to VMware VC host. +# (string value) +#host_ip=<None> + +# Port for connection to VMware VC host. (integer value) +#host_port=443 + +# Username for connection to VMware VC host. (string value) +#host_username=<None> + +# Password for connection to VMware VC host. (string value) +#host_password=<None> + +# Name of a VMware Cluster ComputeResource. (multi valued) +#cluster_name=<None> + +# Regex to match the name of a datastore. (string value) +#datastore_regex=<None> + +# The interval used for polling of remote tasks. (floating +# point value) +#task_poll_interval=0.5 + +# The number of times we retry on failures, e.g., socket +# error, etc. (integer value) +#api_retry_count=10 + +# VNC starting port (integer value) +#vnc_port=5900 + +# Total number of VNC ports (integer value) +#vnc_port_total=10000 + +# Whether to use linked clone (boolean value) +#use_linked_clone=true + +# Optional VIM Service WSDL Location e.g +# http://<server>/vimService.wsdl. Optional over-ride to +# default location for bug work-arounds (string value) +#wsdl_location=<None> + + +# +# Options defined in nova.virt.vmwareapi.vif +# + +# Physical ethernet adapter name for vlan networking (string +# value) +#vlan_interface=vmnic0 + +# Name of Integration Bridge (string value) +#integration_bridge=br-int + + +# +# Options defined in nova.virt.vmwareapi.vim_util +# + +# The maximum number of ObjectContent data objects that should +# be returned in a single result. A positive value will cause +# the operation to suspend the retrieval when the count of +# objects reaches the specified maximum. The server may still +# limit the count to something less than the configured value. +# Any remaining objects may be retrieved with additional +# requests. (integer value) +#maximum_objects=100 + + +[xenserver] + +# +# Options defined in nova.virt.xenapi.agent +# + +# Number of seconds to wait for agent reply (integer value) +#agent_timeout=30 + +# Number of seconds to wait for agent to be fully operational +# (integer value) +#agent_version_timeout=300 + +# Number of seconds to wait for agent reply to resetnetwork +# request (integer value) +#agent_resetnetwork_timeout=60 + +# Specifies the path in which the XenAPI guest agent should be +# located. If the agent is present, network configuration is +# not injected into the image. Used if +# compute_driver=xenapi.XenAPIDriver and flat_injected=True +# (string value) +#agent_path=usr/sbin/xe-update-networking + +# Disables the use of the XenAPI agent in any image regardless +# of what image properties are present. (boolean value) +#disable_agent=false + +# Determines if the XenAPI agent should be used when the image +# used does not contain a hint to declare if the agent is +# present or not. The hint is a glance property +# "xenapi_use_agent" that has the value "True" or "False". +# Note that waiting for the agent when it is not present will +# significantly increase server boot times. (boolean value) +#use_agent_default=false + + +# +# Options defined in nova.virt.xenapi.client.session +# + +# Timeout in seconds for XenAPI login. (integer value) +#login_timeout=10 + +# Maximum number of concurrent XenAPI connections. Used only +# if compute_driver=xenapi.XenAPIDriver (integer value) +#connection_concurrent=5 + + +# +# Options defined in nova.virt.xenapi.driver +# + +# URL for connection to XenServer/Xen Cloud Platform. A +# special value of unix://local can be used to connect to the +# local unix socket. Required if +# compute_driver=xenapi.XenAPIDriver (string value) +#connection_url=<None> + +# Username for connection to XenServer/Xen Cloud Platform. +# Used only if compute_driver=xenapi.XenAPIDriver (string +# value) +#connection_username=root + +# Password for connection to XenServer/Xen Cloud Platform. +# Used only if compute_driver=xenapi.XenAPIDriver (string +# value) +#connection_password=<None> + +# The interval used for polling of coalescing vhds. Used only +# if compute_driver=xenapi.XenAPIDriver (floating point value) +#vhd_coalesce_poll_interval=5.0 + +# Ensure compute service is running on host XenAPI connects +# to. (boolean value) +#check_host=true + +# Max number of times to poll for VHD to coalesce. Used only +# if compute_driver=xenapi.XenAPIDriver (integer value) +#vhd_coalesce_max_attempts=20 + +# Base path to the storage repository (string value) +#sr_base_path=/var/run/sr-mount + +# The iSCSI Target Host (string value) +#target_host=<None> + +# The iSCSI Target Port, default is port 3260 (string value) +#target_port=3260 + +# IQN Prefix (string value) +#iqn_prefix=iqn.2010-10.org.openstack + +# Used to enable the remapping of VBD dev (Works around an +# issue in Ubuntu Maverick) (boolean value) +#remap_vbd_dev=false + +# Specify prefix to remap VBD dev to (ex. /dev/xvdb -> +# /dev/sdb) (string value) +#remap_vbd_dev_prefix=sd + + +# +# Options defined in nova.virt.xenapi.image.bittorrent +# + +# Base URL for torrent files. (string value) +#torrent_base_url=<None> + +# Probability that peer will become a seeder. (1.0 = 100%) +# (floating point value) +#torrent_seed_chance=1.0 + +# Number of seconds after downloading an image via BitTorrent +# that it should be seeded for other peers. (integer value) +#torrent_seed_duration=3600 + +# Cached torrent files not accessed within this number of +# seconds can be reaped (integer value) +#torrent_max_last_accessed=86400 + +# Beginning of port range to listen on (integer value) +#torrent_listen_port_start=6881 + +# End of port range to listen on (integer value) +#torrent_listen_port_end=6891 + +# Number of seconds a download can remain at the same progress +# percentage w/o being considered a stall (integer value) +#torrent_download_stall_cutoff=600 + +# Maximum number of seeder processes to run concurrently +# within a given dom0. (-1 = no limit) (integer value) +#torrent_max_seeder_processes_per_host=1 + + +# +# Options defined in nova.virt.xenapi.pool +# + +# To use for hosts with different CPUs (boolean value) +#use_join_force=true + + +# +# Options defined in nova.virt.xenapi.vif +# + +# Name of Integration Bridge used by Open vSwitch (string +# value) +#ovs_integration_bridge=xapi1 + + +# +# Options defined in nova.virt.xenapi.vm_utils +# + +# Cache glance images locally. `all` will cache all images, +# `some` will only cache images that have the image_property +# `cache_in_nova=True`, and `none` turns off caching entirely +# (string value) +#cache_images=all + +# Compression level for images, e.g., 9 for gzip -9. Range is +# 1-9, 9 being most compressed but most CPU intensive on dom0. +# (integer value) +#image_compression_level=<None> + +# Default OS type (string value) +#default_os_type=linux + +# Time to wait for a block device to be created (integer +# value) +#block_device_creation_timeout=10 + +# Maximum size in bytes of kernel or ramdisk images (integer +# value) +#max_kernel_ramdisk_size=16777216 + +# Filter for finding the SR to be used to install guest +# instances on. To use the Local Storage in default +# XenServer/XCP installations set this flag to other-config +# :i18n-key=local-storage. To select an SR with a different +# matching criteria, you could set it to other- +# config:my_favorite_sr=true. On the other hand, to fall back +# on the Default SR, as displayed by XenCenter, set this flag +# to: default-sr:true (string value) +#sr_matching_filter=default-sr:true + +# Whether to use sparse_copy for copying data on a resize down +# (False will use standard dd). This speeds up resizes down +# considerably since large runs of zeros won't have to be +# rsynced (boolean value) +#sparse_copy=true + +# Maximum number of retries to unplug VBD (integer value) +#num_vbd_unplug_retries=10 + +# Whether or not to download images via Bit Torrent +# (all|some|none). (string value) +#torrent_images=none + +# Name of network to use for booting iPXE ISOs (string value) +#ipxe_network_name=<None> + +# URL to the iPXE boot menu (string value) +#ipxe_boot_menu_url=<None> + +# Name and optionally path of the tool used for ISO image +# creation (string value) +#ipxe_mkisofs_cmd=mkisofs + + +# +# Options defined in nova.virt.xenapi.vmops +# + +# Number of seconds to wait for instance to go to running +# state (integer value) +#running_timeout=60 + +# The XenAPI VIF driver using XenServer Network APIs. (string +# value) +#vif_driver=nova.virt.xenapi.vif.XenAPIBridgeDriver + +# Dom0 plugin driver used to handle image uploads. (string +# value) +#image_upload_handler=nova.virt.xenapi.image.glance.GlanceStore + + +# +# Options defined in nova.virt.xenapi.volume_utils +# + +# Number of seconds to wait for an SR to settle if the VDI +# does not exist when first introduced (integer value) +#introduce_vdi_retry_wait=20 + + +[zookeeper] + +# +# Options defined in nova.servicegroup.drivers.zk +# + +# The ZooKeeper addresses for servicegroup service in the +# format of host1:port,host2:port,host3:port (string value) +#address=<None> + +# The recv_timeout parameter for the zk session (integer +# value) +#recv_timeout=4000 + +# The prefix used in ZooKeeper to store ephemeral nodes +# (string value) +#sg_prefix=/servicegroups + +# Number of seconds to wait until retrying to join the session +# (integer value) +#sg_retry_interval=5 + +[database] + +# The SQLAlchemy connection string to use to connect to the +# database. (string value) +connection=postgresql://{{ NOVA_DB_USER }}:{{ NOVA_DB_PASSWORD }}@{{ CONTROLLER_HOST_ADDRESS }}/nova diff --git a/openstack/usr/share/openstack/nova/policy.json b/openstack/usr/share/openstack/nova/policy.json new file mode 100644 index 00000000..cc5b8ea4 --- /dev/null +++ b/openstack/usr/share/openstack/nova/policy.json @@ -0,0 +1,324 @@ +{ + "context_is_admin": "role:admin", + "admin_or_owner": "is_admin:True or project_id:%(project_id)s", + "default": "rule:admin_or_owner", + + "cells_scheduler_filter:TargetCellFilter": "is_admin:True", + + "compute:create": "", + "compute:create:attach_network": "", + "compute:create:attach_volume": "", + "compute:create:forced_host": "is_admin:True", + "compute:get_all": "", + "compute:get_all_tenants": "", + "compute:start": "rule:admin_or_owner", + "compute:stop": "rule:admin_or_owner", + "compute:unlock_override": "rule:admin_api", + + "compute:shelve": "", + "compute:shelve_offload": "", + "compute:unshelve": "", + + "compute:volume_snapshot_create": "", + "compute:volume_snapshot_delete": "", + + "admin_api": "is_admin:True", + "compute:v3:servers:start": "rule:admin_or_owner", + "compute:v3:servers:stop": "rule:admin_or_owner", + "compute_extension:v3:os-access-ips:discoverable": "", + "compute_extension:v3:os-access-ips": "", + "compute_extension:accounts": "rule:admin_api", + "compute_extension:admin_actions": "rule:admin_api", + "compute_extension:admin_actions:pause": "rule:admin_or_owner", + "compute_extension:admin_actions:unpause": "rule:admin_or_owner", + "compute_extension:admin_actions:suspend": "rule:admin_or_owner", + "compute_extension:admin_actions:resume": "rule:admin_or_owner", + "compute_extension:admin_actions:lock": "rule:admin_or_owner", + "compute_extension:admin_actions:unlock": "rule:admin_or_owner", + "compute_extension:admin_actions:resetNetwork": "rule:admin_api", + "compute_extension:admin_actions:injectNetworkInfo": "rule:admin_api", + "compute_extension:admin_actions:createBackup": "rule:admin_or_owner", + "compute_extension:admin_actions:migrateLive": "rule:admin_api", + "compute_extension:admin_actions:resetState": "rule:admin_api", + "compute_extension:admin_actions:migrate": "rule:admin_api", + "compute_extension:v3:os-admin-actions": "rule:admin_api", + "compute_extension:v3:os-admin-actions:discoverable": "", + "compute_extension:v3:os-admin-actions:reset_network": "rule:admin_api", + "compute_extension:v3:os-admin-actions:inject_network_info": "rule:admin_api", + "compute_extension:v3:os-admin-actions:reset_state": "rule:admin_api", + "compute_extension:v3:os-admin-password": "", + "compute_extension:v3:os-admin-password:discoverable": "", + "compute_extension:aggregates": "rule:admin_api", + "compute_extension:v3:os-aggregates:discoverable": "", + "compute_extension:v3:os-aggregates:index": "rule:admin_api", + "compute_extension:v3:os-aggregates:create": "rule:admin_api", + "compute_extension:v3:os-aggregates:show": "rule:admin_api", + "compute_extension:v3:os-aggregates:update": "rule:admin_api", + "compute_extension:v3:os-aggregates:delete": "rule:admin_api", + "compute_extension:v3:os-aggregates:add_host": "rule:admin_api", + "compute_extension:v3:os-aggregates:remove_host": "rule:admin_api", + "compute_extension:v3:os-aggregates:set_metadata": "rule:admin_api", + "compute_extension:agents": "rule:admin_api", + "compute_extension:v3:os-agents": "rule:admin_api", + "compute_extension:v3:os-agents:discoverable": "", + "compute_extension:attach_interfaces": "", + "compute_extension:v3:os-attach-interfaces": "", + "compute_extension:v3:os-attach-interfaces:discoverable": "", + "compute_extension:baremetal_nodes": "rule:admin_api", + "compute_extension:cells": "rule:admin_api", + "compute_extension:v3:os-cells": "rule:admin_api", + "compute_extension:v3:os-cells:discoverable": "", + "compute_extension:certificates": "", + "compute_extension:v3:os-certificates:create": "", + "compute_extension:v3:os-certificates:show": "", + "compute_extension:v3:os-certificates:discoverable": "", + "compute_extension:cloudpipe": "rule:admin_api", + "compute_extension:cloudpipe_update": "rule:admin_api", + "compute_extension:console_output": "", + "compute_extension:v3:consoles:discoverable": "", + "compute_extension:v3:os-console-output:discoverable": "", + "compute_extension:v3:os-console-output": "", + "compute_extension:consoles": "", + "compute_extension:v3:os-remote-consoles": "", + "compute_extension:v3:os-remote-consoles:discoverable": "", + "compute_extension:createserverext": "", + "compute_extension:v3:os-create-backup:discoverable": "", + "compute_extension:v3:os-create-backup": "rule:admin_or_owner", + "compute_extension:deferred_delete": "", + "compute_extension:v3:os-deferred-delete": "", + "compute_extension:v3:os-deferred-delete:discoverable": "", + "compute_extension:disk_config": "", + "compute_extension:evacuate": "rule:admin_api", + "compute_extension:v3:os-evacuate": "rule:admin_api", + "compute_extension:v3:os-evacuate:discoverable": "", + "compute_extension:extended_server_attributes": "rule:admin_api", + "compute_extension:v3:os-extended-server-attributes": "rule:admin_api", + "compute_extension:v3:os-extended-server-attributes:discoverable": "", + "compute_extension:extended_status": "", + "compute_extension:v3:os-extended-status": "", + "compute_extension:v3:os-extended-status:discoverable": "", + "compute_extension:extended_availability_zone": "", + "compute_extension:v3:os-extended-availability-zone": "", + "compute_extension:v3:os-extended-availability-zone:discoverable": "", + "compute_extension:extended_ips": "", + "compute_extension:extended_ips_mac": "", + "compute_extension:extended_vif_net": "", + "compute_extension:v3:extension_info:discoverable": "", + "compute_extension:extended_volumes": "", + "compute_extension:v3:os-extended-volumes": "", + "compute_extension:v3:os-extended-volumes:swap": "", + "compute_extension:v3:os-extended-volumes:discoverable": "", + "compute_extension:v3:os-extended-volumes:attach": "", + "compute_extension:v3:os-extended-volumes:detach": "", + "compute_extension:fixed_ips": "rule:admin_api", + "compute_extension:flavor_access": "", + "compute_extension:flavor_access:addTenantAccess": "rule:admin_api", + "compute_extension:flavor_access:removeTenantAccess": "rule:admin_api", + "compute_extension:v3:flavor-access": "", + "compute_extension:v3:flavor-access:discoverable": "", + "compute_extension:v3:flavor-access:remove_tenant_access": "rule:admin_api", + "compute_extension:v3:flavor-access:add_tenant_access": "rule:admin_api", + "compute_extension:flavor_disabled": "", + "compute_extension:flavor_rxtx": "", + "compute_extension:v3:os-flavor-rxtx": "", + "compute_extension:v3:os-flavor-rxtx:discoverable": "", + "compute_extension:flavor_swap": "", + "compute_extension:flavorextradata": "", + "compute_extension:flavorextraspecs:index": "", + "compute_extension:flavorextraspecs:show": "", + "compute_extension:flavorextraspecs:create": "rule:admin_api", + "compute_extension:flavorextraspecs:update": "rule:admin_api", + "compute_extension:flavorextraspecs:delete": "rule:admin_api", + "compute_extension:v3:flavors:discoverable": "", + "compute_extension:v3:flavor-extra-specs:discoverable": "", + "compute_extension:v3:flavor-extra-specs:index": "", + "compute_extension:v3:flavor-extra-specs:show": "", + "compute_extension:v3:flavor-extra-specs:create": "rule:admin_api", + "compute_extension:v3:flavor-extra-specs:update": "rule:admin_api", + "compute_extension:v3:flavor-extra-specs:delete": "rule:admin_api", + "compute_extension:flavormanage": "rule:admin_api", + "compute_extension:v3:flavor-manage": "rule:admin_api", + "compute_extension:floating_ip_dns": "", + "compute_extension:floating_ip_pools": "", + "compute_extension:floating_ips": "", + "compute_extension:floating_ips_bulk": "rule:admin_api", + "compute_extension:fping": "", + "compute_extension:fping:all_tenants": "rule:admin_api", + "compute_extension:hide_server_addresses": "is_admin:False", + "compute_extension:v3:os-hide-server-addresses": "is_admin:False", + "compute_extension:v3:os-hide-server-addresses:discoverable": "", + "compute_extension:hosts": "rule:admin_api", + "compute_extension:v3:os-hosts": "rule:admin_api", + "compute_extension:v3:os-hosts:discoverable": "", + "compute_extension:hypervisors": "rule:admin_api", + "compute_extension:v3:os-hypervisors": "rule:admin_api", + "compute_extension:v3:os-hypervisors:discoverable": "", + "compute_extension:image_size": "", + "compute_extension:instance_actions": "", + "compute_extension:v3:os-server-actions": "", + "compute_extension:v3:os-server-actions:discoverable": "", + "compute_extension:instance_actions:events": "rule:admin_api", + "compute_extension:v3:os-server-actions:events": "rule:admin_api", + "compute_extension:instance_usage_audit_log": "rule:admin_api", + "compute_extension:v3:ips:discoverable": "", + "compute_extension:keypairs": "", + "compute_extension:keypairs:index": "", + "compute_extension:keypairs:show": "", + "compute_extension:keypairs:create": "", + "compute_extension:keypairs:delete": "", + "compute_extension:v3:keypairs:discoverable": "", + "compute_extension:v3:keypairs": "", + "compute_extension:v3:keypairs:index": "", + "compute_extension:v3:keypairs:show": "", + "compute_extension:v3:keypairs:create": "", + "compute_extension:v3:keypairs:delete": "", + "compute_extension:v3:os-lock-server:discoverable": "", + "compute_extension:v3:os-lock-server:lock": "rule:admin_or_owner", + "compute_extension:v3:os-lock-server:unlock": "rule:admin_or_owner", + "compute_extension:v3:os-migrate-server:discoverable": "", + "compute_extension:v3:os-migrate-server:migrate": "rule:admin_api", + "compute_extension:v3:os-migrate-server:migrate_live": "rule:admin_api", + "compute_extension:multinic": "", + "compute_extension:v3:os-multinic": "", + "compute_extension:v3:os-multinic:discoverable": "", + "compute_extension:networks": "rule:admin_api", + "compute_extension:networks:view": "", + "compute_extension:networks_associate": "rule:admin_api", + "compute_extension:v3:os-pause-server:discoverable": "", + "compute_extension:v3:os-pause-server:pause": "rule:admin_or_owner", + "compute_extension:v3:os-pause-server:unpause": "rule:admin_or_owner", + "compute_extension:v3:os-pci:pci_servers": "", + "compute_extension:v3:os-pci:discoverable": "", + "compute_extension:v3:os-pci:index": "rule:admin_api", + "compute_extension:v3:os-pci:detail": "rule:admin_api", + "compute_extension:v3:os-pci:show": "rule:admin_api", + "compute_extension:quotas:show": "", + "compute_extension:quotas:update": "rule:admin_api", + "compute_extension:quotas:delete": "rule:admin_api", + "compute_extension:v3:os-quota-sets:discoverable": "", + "compute_extension:v3:os-quota-sets:show": "", + "compute_extension:v3:os-quota-sets:update": "rule:admin_api", + "compute_extension:v3:os-quota-sets:delete": "rule:admin_api", + "compute_extension:v3:os-quota-sets:detail": "rule:admin_api", + "compute_extension:quota_classes": "", + "compute_extension:rescue": "", + "compute_extension:v3:os-rescue": "", + "compute_extension:v3:os-rescue:discoverable": "", + "compute_extension:v3:os-scheduler-hints:discoverable": "", + "compute_extension:security_group_default_rules": "rule:admin_api", + "compute_extension:security_groups": "", + "compute_extension:v3:os-security-groups": "", + "compute_extension:v3:os-security-groups:discoverable": "", + "compute_extension:server_diagnostics": "rule:admin_api", + "compute_extension:v3:os-server-diagnostics": "rule:admin_api", + "compute_extension:v3:os-server-diagnostics:discoverable": "", + "compute_extension:server_groups": "", + "compute_extension:server_password": "", + "compute_extension:v3:os-server-password": "", + "compute_extension:v3:os-server-password:discoverable": "", + "compute_extension:server_usage": "", + "compute_extension:v3:os-server-usage": "", + "compute_extension:v3:os-server-usage:discoverable": "", + "compute_extension:services": "rule:admin_api", + "compute_extension:v3:os-services": "rule:admin_api", + "compute_extension:v3:os-services:discoverable": "", + "compute_extension:v3:server-metadata:discoverable": "", + "compute_extension:v3:servers:discoverable": "", + "compute_extension:shelve": "", + "compute_extension:shelveOffload": "rule:admin_api", + "compute_extension:v3:os-shelve:shelve": "", + "compute_extension:v3:os-shelve:shelve:discoverable": "", + "compute_extension:v3:os-shelve:shelve_offload": "rule:admin_api", + "compute_extension:simple_tenant_usage:show": "rule:admin_or_owner", + "compute_extension:v3:os-suspend-server:discoverable": "", + "compute_extension:v3:os-suspend-server:suspend": "rule:admin_or_owner", + "compute_extension:v3:os-suspend-server:resume": "rule:admin_or_owner", + "compute_extension:simple_tenant_usage:list": "rule:admin_api", + "compute_extension:unshelve": "", + "compute_extension:v3:os-shelve:unshelve": "", + "compute_extension:users": "rule:admin_api", + "compute_extension:v3:os-user-data:discoverable": "", + "compute_extension:virtual_interfaces": "", + "compute_extension:virtual_storage_arrays": "", + "compute_extension:volumes": "", + "compute_extension:volume_attachments:index": "", + "compute_extension:volume_attachments:show": "", + "compute_extension:volume_attachments:create": "", + "compute_extension:volume_attachments:update": "", + "compute_extension:volume_attachments:delete": "", + "compute_extension:volumetypes": "", + "compute_extension:availability_zone:list": "", + "compute_extension:v3:os-availability-zone:list": "", + "compute_extension:v3:os-availability-zone:discoverable": "", + "compute_extension:availability_zone:detail": "rule:admin_api", + "compute_extension:v3:os-availability-zone:detail": "rule:admin_api", + "compute_extension:used_limits_for_admin": "rule:admin_api", + "compute_extension:migrations:index": "rule:admin_api", + "compute_extension:v3:os-migrations:index": "rule:admin_api", + "compute_extension:v3:os-migrations:discoverable": "", + "compute_extension:os-assisted-volume-snapshots:create": "rule:admin_api", + "compute_extension:os-assisted-volume-snapshots:delete": "rule:admin_api", + "compute_extension:console_auth_tokens": "rule:admin_api", + "compute_extension:v3:os-console-auth-tokens": "rule:admin_api", + "compute_extension:os-server-external-events:create": "rule:admin_api", + "compute_extension:v3:os-server-external-events:create": "rule:admin_api", + + "volume:create": "", + "volume:get_all": "", + "volume:get_volume_metadata": "", + "volume:get_snapshot": "", + "volume:get_all_snapshots": "", + + + "volume_extension:types_manage": "rule:admin_api", + "volume_extension:types_extra_specs": "rule:admin_api", + "volume_extension:volume_admin_actions:reset_status": "rule:admin_api", + "volume_extension:snapshot_admin_actions:reset_status": "rule:admin_api", + "volume_extension:volume_admin_actions:force_delete": "rule:admin_api", + + + "network:get_all": "", + "network:get": "", + "network:create": "", + "network:delete": "", + "network:associate": "", + "network:disassociate": "", + "network:get_vifs_by_instance": "", + "network:allocate_for_instance": "", + "network:deallocate_for_instance": "", + "network:validate_networks": "", + "network:get_instance_uuids_by_ip_filter": "", + "network:get_instance_id_by_floating_address": "", + "network:setup_networks_on_host": "", + "network:get_backdoor_port": "", + + "network:get_floating_ip": "", + "network:get_floating_ip_pools": "", + "network:get_floating_ip_by_address": "", + "network:get_floating_ips_by_project": "", + "network:get_floating_ips_by_fixed_address": "", + "network:allocate_floating_ip": "", + "network:deallocate_floating_ip": "", + "network:associate_floating_ip": "", + "network:disassociate_floating_ip": "", + "network:release_floating_ip": "", + "network:migrate_instance_start": "", + "network:migrate_instance_finish": "", + + "network:get_fixed_ip": "", + "network:get_fixed_ip_by_address": "", + "network:add_fixed_ip_to_instance": "", + "network:remove_fixed_ip_from_instance": "", + "network:add_network_to_project": "", + "network:get_instance_nw_info": "", + + "network:get_dns_domains": "", + "network:add_dns_entry": "", + "network:modify_dns_entry": "", + "network:delete_dns_entry": "", + "network:get_dns_entries_by_address": "", + "network:get_dns_entries_by_name": "", + "network:create_private_dns_domain": "", + "network:create_public_dns_domain": "", + "network:delete_dns_domain": "" +} diff --git a/openstack/usr/share/openstack/openvswitch.yml b/openstack/usr/share/openstack/openvswitch.yml new file mode 100644 index 00000000..47257f7f --- /dev/null +++ b/openstack/usr/share/openstack/openvswitch.yml @@ -0,0 +1,38 @@ +--- +- hosts: localhost + tasks: + + - name: Create openvswitch directories + file: path={{ item }} state=directory + with_items: + - /etc/openvswitch + - /var/run/openvswitch + + - shell: > + ovsdb-tool create /etc/openvswitch/conf.db /usr/share/openvswitch/vswitch.ovsschema + creates=/etc/openvswitch/conf.db + + # We enable the openvswitch-db-server in a different task to identify + # the first time we run this script by identifying when we enable the + # unit. + # + # We need to identify this to initialise the database. + - name: Enable openvswitch database service + service: name={{ item }} enabled=yes + with_items: + - openvswitch-db-server.service + register: openvswitch_db_enable + + - name: Start openvswitch database service + service: name={{ item }} state=started + with_items: + - openvswitch-db-server.service + + - name: initialise openvswitch-db + shell: ovs-vsctl --no-wait init + when: openvswitch_db_enable|changed + + - name: Enable and start Open vSwitch service + service: name={{ item }} enabled=yes state=started + with_items: + - openvswitch.service diff --git a/openstack/usr/share/openstack/postgres.yml b/openstack/usr/share/openstack/postgres.yml new file mode 100644 index 00000000..5ff9355e --- /dev/null +++ b/openstack/usr/share/openstack/postgres.yml @@ -0,0 +1,48 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/postgres.conf" + tasks: + + - name: Create postgres user + user: + name: postgres + comment: PostgreSQL Server + shell: /sbin/nologin + home: /var/lib/pgsql + + - name: Create the postgres directories + file: + path: "{{ item }}" + state: directory + owner: postgres + group: postgres + with_items: + - /var/run/postgresql + - /var/lib/pgsql/data + + - name: Initialise postgres database + command: pg_ctl -D /var/lib/pgsql/data initdb + args: + creates: /var/lib/pgsql/data/base + sudo: yes + sudo_user: postgres + + - name: Add the configuration needed for postgres for Openstack + template: + src: /usr/share/openstack/postgres/{{ item }} + dest: /var/lib/pgsql/data/{{ item }} + owner: postgres + group: postgres + mode: 0600 + with_items: + - postgresql.conf + - pg_hba.conf + + - name: Enable and start postgres services + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - postgres-server diff --git a/openstack/usr/share/openstack/postgres/pg_hba.conf b/openstack/usr/share/openstack/postgres/pg_hba.conf new file mode 100644 index 00000000..78186924 --- /dev/null +++ b/openstack/usr/share/openstack/postgres/pg_hba.conf @@ -0,0 +1,5 @@ +local all all trust +host all all 127.0.0.0/8 trust +host all all ::1/128 trust +host all all {{ MANAGEMENT_INTERFACE_IP_ADDRESS }}/32 trust +host all all 0.0.0.0/0 md5 diff --git a/openstack/usr/share/openstack/postgres/postgresql.conf b/openstack/usr/share/openstack/postgres/postgresql.conf new file mode 100644 index 00000000..74153385 --- /dev/null +++ b/openstack/usr/share/openstack/postgres/postgresql.conf @@ -0,0 +1,11 @@ +listen_addresses = '{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}' +max_connections = 100 +shared_buffers = 128MB +log_timezone = 'UTC' +datestyle = 'iso, mdy' +timezone = 'UTC' +lc_messages = 'C' +lc_monetary = 'C' +lc_numeric = 'C' +lc_time = 'C' +default_text_search_config = 'pg_catalog.english' diff --git a/openstack/usr/share/openstack/rabbitmq/rabbitmq-env.conf b/openstack/usr/share/openstack/rabbitmq/rabbitmq-env.conf new file mode 100644 index 00000000..d4c58dae --- /dev/null +++ b/openstack/usr/share/openstack/rabbitmq/rabbitmq-env.conf @@ -0,0 +1,3 @@ +# Configure port node where rabbitmq-server will listen from. +NODE_PORT={{ RABBITMQ_PORT }} +CONFIG_FILE=/etc/rabbitmq/rabbitmq diff --git a/openstack/usr/share/openstack/rabbitmq/rabbitmq.config b/openstack/usr/share/openstack/rabbitmq/rabbitmq.config new file mode 100644 index 00000000..9b93881e --- /dev/null +++ b/openstack/usr/share/openstack/rabbitmq/rabbitmq.config @@ -0,0 +1,9 @@ +%% -*- Rabbit configuration for Openstack in Baserock +[ + {rabbit, + [ + {default_user, <<"{{ RABBITMQ_USER }}">>}, + {default_pass, <<"{{ RABBITMQ_PASSWORD }}">>}, + {tcp_listeners, [{{ RABBITMQ_PORT }}]} + ]} +]. diff --git a/openstack/usr/share/openstack/swift-controller.yml b/openstack/usr/share/openstack/swift-controller.yml new file mode 100644 index 00000000..690de087 --- /dev/null +++ b/openstack/usr/share/openstack/swift-controller.yml @@ -0,0 +1,52 @@ +--- +- hosts: localhost + vars_files: + - swift-controller-vars.yml + vars: + - ring_name_port_map: + account: + port: 6002 + container: + port: 6001 + object: + port: 6000 + remote_user: root + tasks: + - user: + name: swift + comment: Swift user + + - file: + path: /etc/swift + owner: swift + group: swift + state: directory + + - template: + src: /usr/share/swift/etc/swift/proxy-server.j2 + dest: /etc/swift/proxy-server.conf + mode: 0644 + owner: swift + group: swift + + - keystone_user: + user: swift + password: "{{ SWIFT_ADMIN_PASSWORD }}" + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - keystone_user: + role: admin + user: swift + tenant: service + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + + - keystone_service: + name: swift + type: object-store + description: OpenStack Object Storage + publicurl: http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:8080/v1/AUTH_%(tenant_id)s + internalurl: http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:8080/v1/AUTH_%(tenant_id)s + adminurl: http://{{ MANAGEMENT_INTERFACE_IP_ADDRESS }}:8080 + region: regionOne + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" diff --git a/openstack/usr/share/swift/etc/rsyncd.j2 b/openstack/usr/share/swift/etc/rsyncd.j2 new file mode 100644 index 00000000..c0657665 --- /dev/null +++ b/openstack/usr/share/swift/etc/rsyncd.j2 @@ -0,0 +1,23 @@ +uid = swift +gid = swift +log file = /var/log/rsyncd.log +pid file = /var/run/rsyncd.pid +address = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +[account] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/account.lock + +[container] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/container.lock + +[object] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/object.lock diff --git a/openstack/usr/share/swift/etc/swift/proxy-server.j2 b/openstack/usr/share/swift/etc/swift/proxy-server.j2 new file mode 100644 index 00000000..dda82d5a --- /dev/null +++ b/openstack/usr/share/swift/etc/swift/proxy-server.j2 @@ -0,0 +1,630 @@ +[DEFAULT] +# bind_ip = 0.0.0.0 +bind_port = 8080 +# bind_timeout = 30 +# backlog = 4096 +swift_dir = /etc/swift +user = swift + +# Enables exposing configuration settings via HTTP GET /info. +# expose_info = true + +# Key to use for admin calls that are HMAC signed. Default is empty, +# which will disable admin calls to /info. +# admin_key = secret_admin_key +# +# Allows the ability to withhold sections from showing up in the public calls +# to /info. You can withhold subsections by separating the dict level with a +# ".". The following would cause the sections 'container_quotas' and 'tempurl' +# to not be listed, and the key max_failed_deletes would be removed from +# bulk_delete. Default is empty, allowing all registered fetures to be listed +# via HTTP GET /info. +# disallowed_sections = container_quotas, tempurl, bulk_delete.max_failed_deletes + +# Use an integer to override the number of pre-forked processes that will +# accept connections. Should default to the number of effective cpu +# cores in the system. It's worth noting that individual workers will +# use many eventlet co-routines to service multiple concurrent requests. +# workers = auto +# +# Maximum concurrent requests per worker +# max_clients = 1024 +# +# Set the following two lines to enable SSL. This is for testing only. +# cert_file = /etc/swift/proxy.crt +# key_file = /etc/swift/proxy.key +# +# expiring_objects_container_divisor = 86400 +# expiring_objects_account_name = expiring_objects +# +# You can specify default log routing here if you want: +# log_name = swift +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_headers = false +# log_address = /dev/log +# The following caps the length of log lines to the value given; no limit if +# set to 0, the default. +# log_max_line_length = 0 +# +# This optional suffix (default is empty) that would be appended to the swift transaction +# id allows one to easily figure out from which cluster that X-Trans-Id belongs to. +# This is very useful when one is managing more than one swift cluster. +# trans_id_suffix = +# +# comma separated list of functions to call to setup custom log handlers. +# functions get passed: conf, name, log_to_console, log_route, fmt, logger, +# adapted_logger +# log_custom_handlers = +# +# If set, log_udp_host will override log_address +# log_udp_host = +# log_udp_port = 514 +# +# You can enable StatsD logging here: +# log_statsd_host = localhost +# log_statsd_port = 8125 +# log_statsd_default_sample_rate = 1.0 +# log_statsd_sample_rate_factor = 1.0 +# log_statsd_metric_prefix = +# +# Use a comma separated list of full url (http://foo.bar:1234,https://foo.bar) +# cors_allow_origin = +# strict_cors_mode = True +# +# client_timeout = 60 +# eventlet_debug = false + +[pipeline:main] +#pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit tempauth container-quotas account-quotas slo dlo proxy-logging proxy-server +pipeline = authtoken cache healthcheck keystoneauth proxy-logging proxy-server + +[app:proxy-server] +use = egg:swift#proxy +# You can override the default log routing for this app here: +# set log_name = proxy-server +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_address = /dev/log +# +# log_handoffs = true +# recheck_account_existence = 60 +# recheck_container_existence = 60 +# object_chunk_size = 65536 +# client_chunk_size = 65536 +# +# How long the proxy server will wait on responses from the a/c/o servers. +# node_timeout = 10 +# +# How long the proxy server will wait for an initial response and to read a +# chunk of data from the object servers while serving GET / HEAD requests. +# Timeouts from these requests can be recovered from so setting this to +# something lower than node_timeout would provide quicker error recovery +# while allowing for a longer timeout for non-recoverable requests (PUTs). +# Defaults to node_timeout, should be overriden if node_timeout is set to a +# high number to prevent client timeouts from firing before the proxy server +# has a chance to retry. +# recoverable_node_timeout = node_timeout +# +# conn_timeout = 0.5 +# +# How long to wait for requests to finish after a quorum has been established. +# post_quorum_timeout = 0.5 +# +# How long without an error before a node's error count is reset. This will +# also be how long before a node is reenabled after suppression is triggered. +# error_suppression_interval = 60 +# +# How many errors can accumulate before a node is temporarily ignored. +# error_suppression_limit = 10 +# +# If set to 'true' any authorized user may create and delete accounts; if +# 'false' no one, even authorized, can. +allow_account_management = true +# +# Set object_post_as_copy = false to turn on fast posts where only the metadata +# changes are stored anew and the original data file is kept in place. This +# makes for quicker posts; but since the container metadata isn't updated in +# this mode, features like container sync won't be able to sync posts. +# object_post_as_copy = true +# +# If set to 'true' authorized accounts that do not yet exist within the Swift +# cluster will be automatically created. +account_autocreate = true +# +# If set to a positive value, trying to create a container when the account +# already has at least this maximum containers will result in a 403 Forbidden. +# Note: This is a soft limit, meaning a user might exceed the cap for +# recheck_account_existence before the 403s kick in. +# max_containers_per_account = 0 +# +# This is a comma separated list of account hashes that ignore the +# max_containers_per_account cap. +# max_containers_whitelist = +# +# Comma separated list of Host headers to which the proxy will deny requests. +# deny_host_headers = +# +# Prefix used when automatically creating accounts. +# auto_create_account_prefix = . +# +# Depth of the proxy put queue. +# put_queue_depth = 10 +# +# Storage nodes can be chosen at random (shuffle), by using timing +# measurements (timing), or by using an explicit match (affinity). +# Using timing measurements may allow for lower overall latency, while +# using affinity allows for finer control. In both the timing and +# affinity cases, equally-sorting nodes are still randomly chosen to +# spread load. +# The valid values for sorting_method are "affinity", "shuffle", and "timing". +# sorting_method = shuffle +# +# If the "timing" sorting_method is used, the timings will only be valid for +# the number of seconds configured by timing_expiry. +# timing_expiry = 300 +# +# The maximum time (seconds) that a large object connection is allowed to last. +# max_large_object_get_time = 86400 +# +# Set to the number of nodes to contact for a normal request. You can use +# '* replicas' at the end to have it use the number given times the number of +# replicas for the ring being used for the request. +# request_node_count = 2 * replicas +# +# Which backend servers to prefer on reads. Format is r<N> for region +# N or r<N>z<M> for region N, zone M. The value after the equals is +# the priority; lower numbers are higher priority. +# +# Example: first read from region 1 zone 1, then region 1 zone 2, then +# anything in region 2, then everything else: +# read_affinity = r1z1=100, r1z2=200, r2=300 +# Default is empty, meaning no preference. +# read_affinity = +# +# Which backend servers to prefer on writes. Format is r<N> for region +# N or r<N>z<M> for region N, zone M. If this is set, then when +# handling an object PUT request, some number (see setting +# write_affinity_node_count) of local backend servers will be tried +# before any nonlocal ones. +# +# Example: try to write to regions 1 and 2 before writing to any other +# nodes: +# write_affinity = r1, r2 +# Default is empty, meaning no preference. +# write_affinity = +# +# The number of local (as governed by the write_affinity setting) +# nodes to attempt to contact first, before any non-local ones. You +# can use '* replicas' at the end to have it use the number given +# times the number of replicas for the ring being used for the +# request. +# write_affinity_node_count = 2 * replicas +# +# These are the headers whose values will only be shown to swift_owners. The +# exact definition of a swift_owner is up to the auth system in use, but +# usually indicates administrative responsibilities. +# swift_owner_headers = x-container-read, x-container-write, x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-account-access-control + +[filter:tempauth] +use = egg:swift#tempauth +# You can override the default log routing for this filter here: +# set log_name = tempauth +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = false +# set log_address = /dev/log +# +# The reseller prefix will verify a token begins with this prefix before even +# attempting to validate it. Also, with authorization, only Swift storage +# accounts with this prefix will be authorized by this middleware. Useful if +# multiple auth systems are in use for one Swift cluster. +# reseller_prefix = AUTH +# +# The auth prefix will cause requests beginning with this prefix to be routed +# to the auth subsystem, for granting tokens, etc. +# auth_prefix = /auth/ +# token_life = 86400 +# +# This allows middleware higher in the WSGI pipeline to override auth +# processing, useful for middleware such as tempurl and formpost. If you know +# you're not going to use such middleware and you want a bit of extra security, +# you can set this to false. +# allow_overrides = true +# +# This specifies what scheme to return with storage urls: +# http, https, or default (chooses based on what the server is running as) +# This can be useful with an SSL load balancer in front of a non-SSL server. +# storage_url_scheme = default +# +# Lastly, you need to list all the accounts/users you want here. The format is: +# user_<account>_<user> = <key> [group] [group] [...] [storage_url] +# or if you want underscores in <account> or <user>, you can base64 encode them +# (with no equal signs) and use this format: +# user64_<account_b64>_<user_b64> = <key> [group] [group] [...] [storage_url] +# There are special groups of: +# .reseller_admin = can do anything to any account for this auth +# .admin = can do anything within the account +# If neither of these groups are specified, the user can only access containers +# that have been explicitly allowed for them by a .admin or .reseller_admin. +# The trailing optional storage_url allows you to specify an alternate url to +# hand back to the user upon authentication. If not specified, this defaults to +# $HOST/v1/<reseller_prefix>_<account> where $HOST will do its best to resolve +# to what the requester would need to use to reach this host. +# Here are example entries, required for running the tests: +user_admin_admin = admin .admin .reseller_admin +user_test_tester = testing .admin +user_test2_tester2 = testing2 .admin +user_test_tester3 = testing3 + +# To enable Keystone authentication you need to have the auth token +# middleware first to be configured. Here is an example below, please +# refer to the keystone's documentation for details about the +# different settings. +# +# You'll need to have as well the keystoneauth middleware enabled +# and have it in your main pipeline so instead of having tempauth in +# there you can change it to: authtoken keystoneauth +# +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory +# auth_host = keystonehost +# auth_port = 35357 +# auth_protocol = http +# auth_uri = http://keystonehost:5000/ +#auth_uri = http://controller:5000/v2.0 +auth_uri = http://127.0.0.1:5000/v2.0 +identity_uri = http://127.0.0.1:35357 +admin_tenant_name = service +admin_user = swift +admin_password = {{ SWIFT_ADMIN_PASSWORD }} +delay_auth_decision = 1 +# cache = swift.cache +# include_service_catalog = False +# +[filter:keystoneauth] +use = egg:swift#keystoneauth +# Operator roles is the role which user would be allowed to manage a +# tenant and be able to create container or give ACL to others. +# operator_roles = admin, swiftoperator +operator_roles = admin, _member_ +# The reseller admin role has the ability to create and delete accounts +# reseller_admin_role = ResellerAdmin +# For backwards compatibility, keystoneauth will match names in cross-tenant +# access control lists (ACLs) when both the requesting user and the tenant +# are in the default domain i.e the domain to which existing tenants are +# migrated. The default_domain_id value configured here should be the same as +# the value used during migration of tenants to keystone domains. +# default_domain_id = default +# For a new installation, or an installation in which keystone projects may +# move between domains, you should disable backwards compatible name matching +# in ACLs by setting allow_names_in_acls to false: +# allow_names_in_acls = true + +[filter:healthcheck] +use = egg:swift#healthcheck +# An optional filesystem path, which if present, will cause the healthcheck +# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE". +# This facility may be used to temporarily remove a Swift node from a load +# balancer pool during maintenance or upgrade (remove the file to allow the +# node back into the load balancer pool). +# disable_path = + +[filter:cache] +use = egg:swift#memcache +# You can override the default log routing for this filter here: +# set log_name = cache +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = false +# set log_address = /dev/log +# +# If not set here, the value for memcache_servers will be read from +# memcache.conf (see memcache.conf-sample) or lacking that file, it will +# default to the value below. You can specify multiple servers separated with +# commas, as in: 10.1.2.3:11211,10.1.2.4:11211 +memcache_servers = 127.0.0.1:11211 +# +# Sets how memcache values are serialized and deserialized: +# 0 = older, insecure pickle serialization +# 1 = json serialization but pickles can still be read (still insecure) +# 2 = json serialization only (secure and the default) +# If not set here, the value for memcache_serialization_support will be read +# from /etc/swift/memcache.conf (see memcache.conf-sample). +# To avoid an instant full cache flush, existing installations should +# upgrade with 0, then set to 1 and reload, then after some time (24 hours) +# set to 2 and reload. +# In the future, the ability to use pickle serialization will be removed. +# memcache_serialization_support = 2 +# +# Sets the maximum number of connections to each memcached server per worker +# memcache_max_connections = 2 + +[filter:ratelimit] +use = egg:swift#ratelimit +# You can override the default log routing for this filter here: +# set log_name = ratelimit +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = false +# set log_address = /dev/log +# +# clock_accuracy should represent how accurate the proxy servers' system clocks +# are with each other. 1000 means that all the proxies' clock are accurate to +# each other within 1 millisecond. No ratelimit should be higher than the +# clock accuracy. +# clock_accuracy = 1000 +# +# max_sleep_time_seconds = 60 +# +# log_sleep_time_seconds of 0 means disabled +# log_sleep_time_seconds = 0 +# +# allows for slow rates (e.g. running up to 5 sec's behind) to catch up. +# rate_buffer_seconds = 5 +# +# account_ratelimit of 0 means disabled +# account_ratelimit = 0 + +# these are comma separated lists of account names +# account_whitelist = a,b +# account_blacklist = c,d + +# with container_limit_x = r +# for containers of size x limit write requests per second to r. The container +# rate will be linearly interpolated from the values given. With the values +# below, a container of size 5 will get a rate of 75. +# container_ratelimit_0 = 100 +# container_ratelimit_10 = 50 +# container_ratelimit_50 = 20 + +# Similarly to the above container-level write limits, the following will limit +# container GET (listing) requests. +# container_listing_ratelimit_0 = 100 +# container_listing_ratelimit_10 = 50 +# container_listing_ratelimit_50 = 20 + +[filter:domain_remap] +use = egg:swift#domain_remap +# You can override the default log routing for this filter here: +# set log_name = domain_remap +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = false +# set log_address = /dev/log +# +# storage_domain = example.com +# path_root = v1 +# reseller_prefixes = AUTH + +[filter:catch_errors] +use = egg:swift#catch_errors +# You can override the default log routing for this filter here: +# set log_name = catch_errors +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = false +# set log_address = /dev/log + +[filter:cname_lookup] +# Note: this middleware requires python-dnspython +use = egg:swift#cname_lookup +# You can override the default log routing for this filter here: +# set log_name = cname_lookup +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = false +# set log_address = /dev/log +# +# Specify the storage_domain that match your cloud, multiple domains +# can be specified separated by a comma +# storage_domain = example.com +# +# lookup_depth = 1 + +# Note: Put staticweb just after your auth filter(s) in the pipeline +[filter:staticweb] +use = egg:swift#staticweb + +# Note: Put tempurl before dlo, slo and your auth filter(s) in the pipeline +[filter:tempurl] +use = egg:swift#tempurl +# The methods allowed with Temp URLs. +# methods = GET HEAD PUT POST DELETE +# +# The headers to remove from incoming requests. Simply a whitespace delimited +# list of header names and names can optionally end with '*' to indicate a +# prefix match. incoming_allow_headers is a list of exceptions to these +# removals. +# incoming_remove_headers = x-timestamp +# +# The headers allowed as exceptions to incoming_remove_headers. Simply a +# whitespace delimited list of header names and names can optionally end with +# '*' to indicate a prefix match. +# incoming_allow_headers = +# +# The headers to remove from outgoing responses. Simply a whitespace delimited +# list of header names and names can optionally end with '*' to indicate a +# prefix match. outgoing_allow_headers is a list of exceptions to these +# removals. +# outgoing_remove_headers = x-object-meta-* +# +# The headers allowed as exceptions to outgoing_remove_headers. Simply a +# whitespace delimited list of header names and names can optionally end with +# '*' to indicate a prefix match. +# outgoing_allow_headers = x-object-meta-public-* + +# Note: Put formpost just before your auth filter(s) in the pipeline +[filter:formpost] +use = egg:swift#formpost + +# Note: Just needs to be placed before the proxy-server in the pipeline. +[filter:name_check] +use = egg:swift#name_check +# forbidden_chars = '"`<> +# maximum_length = 255 +# forbidden_regexp = /\./|/\.\./|/\.$|/\.\.$ + +[filter:list-endpoints] +use = egg:swift#list_endpoints +# list_endpoints_path = /endpoints/ + +[filter:proxy-logging] +use = egg:swift#proxy_logging +# If not set, logging directives from [DEFAULT] without "access_" will be used +# access_log_name = swift +# access_log_facility = LOG_LOCAL0 +# access_log_level = INFO +# access_log_address = /dev/log +# +# If set, access_log_udp_host will override access_log_address +# access_log_udp_host = +# access_log_udp_port = 514 +# +# You can use log_statsd_* from [DEFAULT] or override them here: +# access_log_statsd_host = localhost +# access_log_statsd_port = 8125 +# access_log_statsd_default_sample_rate = 1.0 +# access_log_statsd_sample_rate_factor = 1.0 +# access_log_statsd_metric_prefix = +# access_log_headers = false +# +# If access_log_headers is True and access_log_headers_only is set only +# these headers are logged. Multiple headers can be defined as comma separated +# list like this: access_log_headers_only = Host, X-Object-Meta-Mtime +# access_log_headers_only = +# +# By default, the X-Auth-Token is logged. To obscure the value, +# set reveal_sensitive_prefix to the number of characters to log. +# For example, if set to 12, only the first 12 characters of the +# token appear in the log. An unauthorized access of the log file +# won't allow unauthorized usage of the token. However, the first +# 12 or so characters is unique enough that you can trace/debug +# token usage. Set to 0 to suppress the token completely (replaced +# by '...' in the log). +# Note: reveal_sensitive_prefix will not affect the value +# logged with access_log_headers=True. +# reveal_sensitive_prefix = 16 +# +# What HTTP methods are allowed for StatsD logging (comma-sep); request methods +# not in this list will have "BAD_METHOD" for the <verb> portion of the metric. +# log_statsd_valid_http_methods = GET,HEAD,POST,PUT,DELETE,COPY,OPTIONS +# +# Note: The double proxy-logging in the pipeline is not a mistake. The +# left-most proxy-logging is there to log requests that were handled in +# middleware and never made it through to the right-most middleware (and +# proxy server). Double logging is prevented for normal requests. See +# proxy-logging docs. + +# Note: Put before both ratelimit and auth in the pipeline. +[filter:bulk] +use = egg:swift#bulk +# max_containers_per_extraction = 10000 +# max_failed_extractions = 1000 +# max_deletes_per_request = 10000 +# max_failed_deletes = 1000 + +# In order to keep a connection active during a potentially long bulk request, +# Swift may return whitespace prepended to the actual response body. This +# whitespace will be yielded no more than every yield_frequency seconds. +# yield_frequency = 10 + +# Note: The following parameter is used during a bulk delete of objects and +# their container. This would frequently fail because it is very likely +# that all replicated objects have not been deleted by the time the middleware got a +# successful response. It can be configured the number of retries. And the +# number of seconds to wait between each retry will be 1.5**retry + +# delete_container_retry_count = 0 + +# Note: Put after auth in the pipeline. +[filter:container-quotas] +use = egg:swift#container_quotas + +# Note: Put after auth and staticweb in the pipeline. +[filter:slo] +use = egg:swift#slo +# max_manifest_segments = 1000 +# max_manifest_size = 2097152 +# min_segment_size = 1048576 +# Start rate-limiting SLO segment serving after the Nth segment of a +# segmented object. +# rate_limit_after_segment = 10 +# +# Once segment rate-limiting kicks in for an object, limit segments served +# to N per second. 0 means no rate-limiting. +# rate_limit_segments_per_sec = 0 +# +# Time limit on GET requests (seconds) +# max_get_time = 86400 + +# Note: Put after auth and staticweb in the pipeline. +# If you don't put it in the pipeline, it will be inserted for you. +[filter:dlo] +use = egg:swift#dlo +# Start rate-limiting DLO segment serving after the Nth segment of a +# segmented object. +# rate_limit_after_segment = 10 +# +# Once segment rate-limiting kicks in for an object, limit segments served +# to N per second. 0 means no rate-limiting. +# rate_limit_segments_per_sec = 1 +# +# Time limit on GET requests (seconds) +# max_get_time = 86400 + +[filter:account-quotas] +use = egg:swift#account_quotas + +[filter:gatekeeper] +use = egg:swift#gatekeeper +# You can override the default log routing for this filter here: +# set log_name = gatekeeper +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_headers = false +# set log_address = /dev/log + +[filter:container_sync] +use = egg:swift#container_sync +# Set this to false if you want to disallow any full url values to be set for +# any new X-Container-Sync-To headers. This will keep any new full urls from +# coming in, but won't change any existing values already in the cluster. +# Updating those will have to be done manually, as knowing what the true realm +# endpoint should be cannot always be guessed. +# allow_full_urls = true +# Set this to specify this clusters //realm/cluster as "current" in /info +# current = //REALM/CLUSTER + +# Note: Put it at the beginning of the pipleline to profile all middleware. But +# it is safer to put this after catch_errors, gatekeeper and healthcheck. +[filter:xprofile] +use = egg:swift#xprofile +# This option enable you to switch profilers which should inherit from python +# standard profiler. Currently the supported value can be 'cProfile', +# 'eventlet.green.profile' etc. +# profile_module = eventlet.green.profile +# +# This prefix will be used to combine process ID and timestamp to name the +# profile data file. Make sure the executing user has permission to write +# into this path (missing path segments will be created, if necessary). +# If you enable profiling in more than one type of daemon, you must override +# it with an unique value like: /var/log/swift/profile/proxy.profile +# log_filename_prefix = /tmp/log/swift/profile/default.profile +# +# the profile data will be dumped to local disk based on above naming rule +# in this interval. +# dump_interval = 5.0 +# +# Be careful, this option will enable profiler to dump data into the file with +# time stamp which means there will be lots of files piled up in the directory. +# dump_timestamp = false +# +# This is the path of the URL to access the mini web UI. +# path = /__profile__ +# +# Clear the data when the wsgi server shutdown. +# flush_at_shutdown = false +# +# unwind the iterator of applications +# unwind = false diff --git a/pxeboot.write b/pxeboot.write index 399914f5..3a12ebcc 100755..100644 --- a/pxeboot.write +++ b/pxeboot.write @@ -313,6 +313,14 @@ class PXEBoot(morphlib.writeexts.WriteExtension): self.status(msg='Removing %(dst)s', dst=dst) os.unlink(dst) + @contextlib.contextmanager + def _local_symlink(self, src, dst): + os.symlink(src, dst) + try: + yield + finally: + os.unlink(dst) + def local_pxelinux(self, tftproot): return self._local_copy('/usr/share/syslinux/pxelinux.0', os.path.join(tftproot, 'pxelinux.0')) @@ -406,14 +414,20 @@ class PXEBoot(morphlib.writeexts.WriteExtension): os.path.basename(rootfs)) @staticmethod - def _write_pxe_config(fh, kernel_tftp_url, rootfs_nfs_url, + def _write_pxe_config(fh, kernel_tftp_url, rootfs_nfs_url, device=None, fdt_subpath=None, extra_args=''): + + if device is None: + ip_cfg = "ip=dhcp" + else: + ip_cfg = "ip=:::::{device}:dhcp::".format(device=device) + fh.write(textwrap.dedent('''\ DEFAULT default LABEL default LINUX {kernel_url} - APPEND root=/dev/nfs ip=dhcp nfsroot={rootfs_nfs_url} {extra_args} - ''').format(kernel_url=kernel_tftp_url, + APPEND root=/dev/nfs {ip_cfg} nfsroot={rootfs_nfs_url} {extra_args} + ''').format(kernel_url=kernel_tftp_url, ip_cfg=ip_cfg, rootfs_nfs_url=rootfs_nfs_url, extra_args=extra_args)) if fdt_subpath is not None: fh.write("FDT {}\n".format(fdt_subpath)) @@ -421,7 +435,7 @@ class PXEBoot(morphlib.writeexts.WriteExtension): @contextlib.contextmanager def local_pxeboot_config(self, tftproot, macaddr, ip, tftp_port, - nfsroot_dir): + nfsroot_dir, device=None): kernel_tftp_url = 'tftp://{}:{}/kernel'.format(ip, tftp_port) rootfs_nfs_url = '{}:{}'.format(ip, nfsroot_dir) pxe_cfg_filename = _normalise_macaddr(macaddr) @@ -430,9 +444,16 @@ class PXEBoot(morphlib.writeexts.WriteExtension): with open(pxe_cfg_path, 'w') as f: self._write_pxe_config(fh=f, kernel_tftp_url=kernel_tftp_url, rootfs_nfs_url=rootfs_nfs_url, + device=device, extra_args=os.environ.get('KERNEL_ARGS','')) + try: - yield + with self._local_symlink( + src=pxe_cfg_filename, + dst=os.path.join(tftproot, + 'pxelinux.cfg', + '01-' + pxe_cfg_filename)): + yield finally: os.unlink(pxe_cfg_path) @@ -623,6 +644,7 @@ class PXEBoot(morphlib.writeexts.WriteExtension): def process_args(self, (temp_root, macaddr)): interface = os.environ.get('PXEBOOT_DEPLOYER_INTERFACE', None) + target_interface = os.environ.get('PXEBOOT_TARGET_INTERFACE', None) vlan = os.environ.get('PXEBOOT_VLAN') if vlan is not None: vlan = int(vlan) mode = os.environ.get('PXEBOOT_MODE') @@ -648,6 +670,7 @@ class PXEBoot(morphlib.writeexts.WriteExtension): self.local_kernel(rootfs=temp_root, tftproot=tftproot), \ self.local_nfsroot(rootfs=temp_root, target_ip=target_ip), \ self.local_pxeboot_config(tftproot=tftproot, macaddr=macaddr, + device=target_interface, ip=host_ip, tftp_port=tftp_port, nfsroot_dir=temp_root), \ self.dhcp_server(interface=interface, host_ip=host_ip, @@ -668,6 +691,7 @@ class PXEBoot(morphlib.writeexts.WriteExtension): self.local_kernel(rootfs=temp_root, tftproot=tftproot), \ self.local_nfsroot(rootfs=temp_root, target_ip=target_ip), \ self.local_pxeboot_config(tftproot=tftproot, macaddr=macaddr, + device=target_interface, ip=host_ip, tftp_port=tftp_port, nfsroot_dir=temp_root), \ self.dhcp_server(interface=interface, host_ip=host_ip, diff --git a/pxeboot.write.help b/pxeboot.write.help index 3aefe75e..7cb78bce 100644 --- a/pxeboot.write.help +++ b/pxeboot.write.help @@ -152,3 +152,15 @@ help: > device tree blob if specified, will not be removed after the deployment finishes. This variable is only meanful on the `existing-server` mode. + + + ## PXEBOOT_TARGET_INTERFACE + + Name of the interface of the target to pxeboot from. Some targets + with more than one interface try to get the rootfs from a different + interface than the interface from where the pxeboot server is + reachable. Using this variable, the kernel arguments will be filled + to include the device. + + Note that the name of this interface is the kernel's default name, + usually called ethX, and is non-determinisic. diff --git a/strata/ansible.morph b/strata/ansible.morph index 33a23750..43ebc2bd 100644 --- a/strata/ansible.morph +++ b/strata/ansible.morph @@ -8,5 +8,10 @@ chunks: - name: ansible morph: strata/ansible/ansible.morph repo: upstream:ansible - ref: ebc8d48d34296fe010096f044e2b7591df37a622 + ref: 0a7124541247cc613352054f4bc0c3e116e0b657 unpetrify-ref: baserock/v1.8.4 +- name: openstack-ansible-modules + morph: strata/ansible/openstack-ansible-modules.morph + repo: upstream:openstack/openstack-ansible-modules + ref: 451dcdeadfd35615a867d5e59a684e4aa82959ae + unpetrify-ref: master diff --git a/strata/ansible/openstack-ansible-modules.morph b/strata/ansible/openstack-ansible-modules.morph new file mode 100644 index 00000000..d8e885e6 --- /dev/null +++ b/strata/ansible/openstack-ansible-modules.morph @@ -0,0 +1,5 @@ +name: openstack-ansible-modules +kind: chunk +install-commands: +- mkdir -p "$DESTDIR$PREFIX"/share/ansible/ansible-openstack-modules +- cp -r * "$DESTDIR$PREFIX"/share/ansible/ansible-openstack-modules diff --git a/strata/apache-httpd-server/httpd-server.morph b/strata/apache-httpd-server/httpd-server.morph index f7662912..41f0c36b 100644 --- a/strata/apache-httpd-server/httpd-server.morph +++ b/strata/apache-httpd-server/httpd-server.morph @@ -29,7 +29,7 @@ configure-commands: --with-suexec-caller=apache \ --with-suexec-docroot=/var/www \ --with-suexec-logfile=/var/log/httpd/suexec.log \ - --with-suexec-bin="$PREFIX"/lib/httpd/suexec \ + --with-suexec-bin="$PREFIX"/sbin/suexec \ --with-suexec-uidmin=500 --with-suexec-gidmin=100\ --with-suexec-userdir=public_html \ --enable-pie \ diff --git a/strata/armv7lhf-cross-toolchain.morph b/strata/armv7lhf-cross-toolchain.morph index f153e0c3..ffc4a9dd 100644 --- a/strata/armv7lhf-cross-toolchain.morph +++ b/strata/armv7lhf-cross-toolchain.morph @@ -27,8 +27,8 @@ chunks: - name: armv7lhf-cross-glibc morph: strata/armv7lhf-cross-toolchain/armv7lhf-cross-glibc.morph repo: upstream:glibc - ref: 52cf9a0153c14df4f6ae3bd0e1e6cc5d171e586c - unpetrify-ref: baserock/glibc-2.20 + ref: 4e42b5b8f89f0e288e68be7ad70f9525aebc2cff + unpetrify-ref: baserock/glibc-2.21 build-depends: - armv7lhf-cross-binutils - armv7lhf-cross-gcc-nolibc diff --git a/strata/baserock-ci-tests.morph b/strata/baserock-ci-tests.morph new file mode 100644 index 00000000..574a3333 --- /dev/null +++ b/strata/baserock-ci-tests.morph @@ -0,0 +1,14 @@ +name: baserock-ci-tests +kind: stratum +description: | + This stratum contains chunks which provide tests to be run by the + Baserock CI Pipeline (Mason). +build-depends: +- morph: strata/morph-utils.morph +chunks: +- name: system-tests + morph: strata/baserock-ci-tests/system-tests.morph + repo: baserock:baserock/system-tests + ref: 7fb68b7f377583dac40634338870583baaa2fe65 + unpetrify-ref: baserock/mason-v2 + build-depends: [] diff --git a/strata/baserock-ci-tests/system-tests.morph b/strata/baserock-ci-tests/system-tests.morph new file mode 100644 index 00000000..2f356e19 --- /dev/null +++ b/strata/baserock-ci-tests/system-tests.morph @@ -0,0 +1,5 @@ +name: system-tests +kind: chunk +install-commands: +- mkdir -p "$DESTDIR$PREFIX"/share/system-tests +- cp -a mason "$DESTDIR$PREFIX"/share/system-tests/mason diff --git a/strata/baserock-import.morph b/strata/baserock-import.morph index 2b18d02d..5623886e 100644 --- a/strata/baserock-import.morph +++ b/strata/baserock-import.morph @@ -3,20 +3,12 @@ kind: stratum description: Tools for importing software into Baserock definitions. build-depends: - morph: strata/python-common.morph -- morph: strata/python-cliapp.morph +- morph: strata/morph-utils.morph chunks: - name: ansicolor repo: upstream:python-packages/ansicolor ref: 9d3adbaff35bb6cde1d63414a8cc72f572c4d0ef unpetrify-ref: 0.2.4 -- name: python-decorator - repo: upstream:python-packages/python-decorator - ref: b02f7a254c3679dfac57a824e08dd02ced850636 - unpetrify-ref: decorator-3.4.0 -- name: networkx - repo: upstream:python-packages/networkx - ref: 8ac796aba866ade1a56b83e30f25ed392ca3512c - unpetrify-ref: networkx-1.9.1 - name: requests-cache repo: upstream:python-packages/requests-cache ref: a1b5e65ccd715f1e8434f18f27913715340d6aaf @@ -27,5 +19,3 @@ chunks: unpetrify-ref: master build-depends: - ansicolor - - networkx - - python-decorator diff --git a/strata/bsp-armv5l-openbmc-aspeed.morph b/strata/bsp-armv5l-openbmc-aspeed.morph new file mode 100644 index 00000000..83bb74ef --- /dev/null +++ b/strata/bsp-armv5l-openbmc-aspeed.morph @@ -0,0 +1,19 @@ +name: bsp-armv5l-openbmc-aspeed +kind: stratum +description: +- | + The set of platform specific components required for booting + armvl5-openbmc-aspeed based systems +build-depends: +- morph: strata/core.morph +chunks: +- name: linux-armv5l-openbmc-aspeed-wedge + morph: strata/bsp-armv5l-openbmc-aspeed/linux-armv5l-openbmc-aspeed.morph + repo: upstream:linux-stable + ref: 5cbce86c2115075b8054e4dba8cdf328aa6fa5b6 + unpetrify-ref: baserock/v2.6.28.9/openbmc_aspeed_wedge +- name: u-boot@aspeed + morph: strata/bsp-armv5l-openbmc-aspeed/u-boot@aspeed.morph + repo: upstream:u-boot + ref: af962087db0b88f4073f8f5a6184cb7f011d224d + unpetrify-ref: baserock/v2013.07+aspeed_wedge diff --git a/strata/bsp-armv5l-openbmc-aspeed/linux-armv5l-openbmc-aspeed.morph b/strata/bsp-armv5l-openbmc-aspeed/linux-armv5l-openbmc-aspeed.morph new file mode 100644 index 00000000..c6e38c63 --- /dev/null +++ b/strata/bsp-armv5l-openbmc-aspeed/linux-armv5l-openbmc-aspeed.morph @@ -0,0 +1,9 @@ +name: linux-armv5l-openbmc-aspeed +kind: chunk +configure-commands: +- make ast2400_defconfig +build-commands: +- make $MAKEFLAGS +install-commands: +- mkdir -p "$DESTDIR"/boot +- cp arch/arm/boot/Image "$DESTDIR/boot/vmlinux" diff --git a/strata/bsp-armv5l-openbmc-aspeed/u-boot@aspeed.morph b/strata/bsp-armv5l-openbmc-aspeed/u-boot@aspeed.morph new file mode 100644 index 00000000..1ded05c5 --- /dev/null +++ b/strata/bsp-armv5l-openbmc-aspeed/u-boot@aspeed.morph @@ -0,0 +1,14 @@ +name: u-boot@aspeed +kind: chunk +configure-commands: +- make ast2400_spi_config +build-commands: +- make +- make tools +install-commands: +- mkdir -p "$DESTDIR$PREFIX/bin" +- install -m 755 tools/img2brec.sh "$DESTDIR$PREFIX/bin/" +- install -m 755 tools/jtagconsole "$DESTDIR$PREFIX/bin/" +- install -m 755 tools/netconsole "$DESTDIR$PREFIX/bin/" +- install -m 755 tools/mkenvimage "$DESTDIR$PREFIX/bin/" +- install -m 755 tools/mkimage "$DESTDIR$PREFIX/bin/" diff --git a/strata/bsp-armv7-highbank.morph b/strata/bsp-armv7-highbank.morph index 2cf541a7..9ac97e6c 100644 --- a/strata/bsp-armv7-highbank.morph +++ b/strata/bsp-armv7-highbank.morph @@ -6,6 +6,12 @@ build-depends: chunks: - name: linux-armv7-highbank morph: strata/bsp-armv7-highbank/linux-armv7-highbank.morph - repo: upstream:linux - ref: bfa76d49576599a4b9f9b7a71f23d73d6dcff735 - unpetrify-ref: v3.19 + repo: upstream:linux-stable + + # Linux 3.16 and later do not boot on Calxeda. They fail just before + # starting 'init' with this sort of message: + # + # Unhandled fault: imprecise external abort (0xc06) at 0xb6fea878 + + ref: f35b5e46feabab668a44df5b33f3558629f94dfc + unpetrify-ref: v3.15.10 diff --git a/strata/bsp-armv7-highbank/linux-armv7-highbank.morph b/strata/bsp-armv7-highbank/linux-armv7-highbank.morph index dfebf69c..b03e17ad 100644 --- a/strata/bsp-armv7-highbank/linux-armv7-highbank.morph +++ b/strata/bsp-armv7-highbank/linux-armv7-highbank.morph @@ -8,6 +8,8 @@ configure-commands: - scripts/config -e CONFIG_POSIX_MQUEUE - scripts/config -e CPU_IDLE - scripts/config -e EXT4_FS +- scripts/config -e FUSE_FS +#- scripts/config -e OVERLAY_FS # Activate when we build Linux >= 3.18 - scripts/config -e EXT4_USE_FOR_EXT23 - scripts/config -e PACKET - scripts/config -e UNIX @@ -32,6 +34,7 @@ configure-commands: - scripts/config -e DEVTMPFS_MOUNT - scripts/config -e CONFIG_FHANDLE - scripts/config --set-str UEVENT_HELPER_PATH '' +- scripts/config -e DM_SNAPSHOT - scripts/config -e IKCONFIG - scripts/config -e IKCONFIG_PROC - scripts/config -e TMPFS @@ -39,6 +42,7 @@ configure-commands: - scripts/config -e VFAT_FS - scripts/config -e VLAN_8021Q - scripts/config -e BRIDGE_VLAN_FILTERING +- scripts/config -e VETH - yes '' | make oldconfig build-commands: - make zImage $MAKEFLAGS diff --git a/strata/bsp-armv7-versatile.morph b/strata/bsp-armv7-versatile.morph index f8d19b9b..470f6c56 100644 --- a/strata/bsp-armv7-versatile.morph +++ b/strata/bsp-armv7-versatile.morph @@ -7,6 +7,6 @@ build-depends: chunks: - name: linux-armv7-versatile morph: strata/bsp-armv7-versatile/linux-armv7-versatile.morph - repo: upstream:linux - ref: bfa76d49576599a4b9f9b7a71f23d73d6dcff735 - unpetrify-ref: v3.19 + repo: upstream:linux-stable + ref: 660613d1a4e94144490850b6c3d350331860fac4 + unpetrify-ref: v3.19.2 diff --git a/strata/bsp-armv7-versatile/linux-armv7-versatile.morph b/strata/bsp-armv7-versatile/linux-armv7-versatile.morph index 1da640e7..7e66ce73 100644 --- a/strata/bsp-armv7-versatile/linux-armv7-versatile.morph +++ b/strata/bsp-armv7-versatile/linux-armv7-versatile.morph @@ -7,11 +7,14 @@ configure-commands: - scripts/config -d BTRFS_FS_CHECK_INTEGRITY - scripts/config -e DEVTMPFS - scripts/config -e DEVTMPFS_MOUNT +- scripts/config -e FUSE_FS +- scripts/config -e OVERLAY_FS - scripts/config -e CONFIG_FHANDLE - scripts/config -e CGROUPS - scripts/config -e AUTOFS4_FS - scripts/config -e BLK_DEV_LOOP - scripts/config --set-str UEVENT_HELPER_PATH '' +- scripts/config -e DM_SNAPSHOT - scripts/config -e IKCONFIG - scripts/config -e IKCONFIG_PROC - scripts/config -e SECCOMP diff --git a/strata/bsp-armv7b-highbank.morph b/strata/bsp-armv7b-highbank.morph index 7b0f0fa0..397b9fcb 100644 --- a/strata/bsp-armv7b-highbank.morph +++ b/strata/bsp-armv7b-highbank.morph @@ -6,6 +6,12 @@ build-depends: chunks: - name: linux-armv7b-highbank morph: strata/bsp-armv7b-highbank/linux-armv7b-highbank.morph - repo: upstream:linux - ref: bfa76d49576599a4b9f9b7a71f23d73d6dcff735 - unpetrify-ref: v3.19 + repo: upstream:linux-stable + + # Linux 3.16 and later do not boot on Calxeda. They fail just before + # starting 'init' with this sort of message: + # + # Unhandled fault: imprecise external abort (0xc06) at 0xb6fea878 + + ref: f35b5e46feabab668a44df5b33f3558629f94dfc + unpetrify-ref: v3.15.10 diff --git a/strata/bsp-armv7b-highbank/linux-armv7b-highbank.morph b/strata/bsp-armv7b-highbank/linux-armv7b-highbank.morph index ea1a2d5f..377aaa8d 100644 --- a/strata/bsp-armv7b-highbank/linux-armv7b-highbank.morph +++ b/strata/bsp-armv7b-highbank/linux-armv7b-highbank.morph @@ -14,12 +14,15 @@ configure-commands: - scripts/config -e IP_PNP_DHCP - scripts/config -e IP_PNP_BOOTP - scripts/config --set-str UEVENT_HELPER_PATH '' +- scripts/config -e DM_SNAPSHOT - scripts/config -e DEVTMPFS - scripts/config -e DEVTMPFS_MOUNT - scripts/config -e CONFIG_FHANDLE - scripts/config -e BLK_DEV_LOOP - scripts/config -e BTRFS_FS - scripts/config -e TMPFS +- scripts/config -e FUSE_FS +#- scripts/config -e OVERLAY_FS # Activate when we build Linux >= 3.18 - scripts/config -e IKCONFIG - scripts/config -e IKCONFIG_PROC - scripts/config -e CGROUPS diff --git a/strata/bsp-armv7b-vexpress-tc2.morph b/strata/bsp-armv7b-vexpress-tc2.morph index 616d564f..ea67c386 100644 --- a/strata/bsp-armv7b-vexpress-tc2.morph +++ b/strata/bsp-armv7b-vexpress-tc2.morph @@ -6,6 +6,6 @@ build-depends: chunks: - name: linux-armv7b-vexpress-tc2 morph: strata/bsp-armv7b-vexpress-tc2/linux-armv7b-vexpress-tc2.morph - repo: upstream:linux - ref: bfa76d49576599a4b9f9b7a71f23d73d6dcff735 - unpetrify-ref: v3.19 + repo: upstream:linux-stable + ref: 660613d1a4e94144490850b6c3d350331860fac4 + unpetrify-ref: v3.19.2 diff --git a/strata/bsp-armv7b-vexpress-tc2/linux-armv7b-vexpress-tc2.morph b/strata/bsp-armv7b-vexpress-tc2/linux-armv7b-vexpress-tc2.morph index ecf6b9bc..c232c493 100644 --- a/strata/bsp-armv7b-vexpress-tc2/linux-armv7b-vexpress-tc2.morph +++ b/strata/bsp-armv7b-vexpress-tc2/linux-armv7b-vexpress-tc2.morph @@ -14,11 +14,14 @@ configure-commands: - scripts/config -e IP_PNP_DHCP - scripts/config -e IP_PNP_BOOTP - scripts/config --set-str UEVENT_HELPER_PATH '' +- scripts/config -e DM_SNAPSHOT - scripts/config -e DEVTMPFS - scripts/config -e DEVTMPFS_MOUNT - scripts/config -e BLK_DEV_LOOP - scripts/config -e BTRFS_FS - scripts/config -e TMPFS +- scripts/config -e FUSE_FS +- scripts/config -e OVERLAY_FS - scripts/config -e IKCONFIG - scripts/config -e IKCONFIG_PROC - scripts/config -e CGROUPS @@ -41,6 +44,7 @@ configure-commands: - scripts/config -e VFAT_FS - scripts/config -e VLAN_8021Q - scripts/config -e BRIDGE_VLAN_FILTERING +- scripts/config -e VETH - yes '' | make oldconfig build-commands: - make zImage vexpress-v2p-ca15_a7.dtb diff --git a/strata/bsp-armv8b64-generic.morph b/strata/bsp-armv8b64-generic.morph new file mode 100644 index 00000000..a4d6645b --- /dev/null +++ b/strata/bsp-armv8b64-generic.morph @@ -0,0 +1,16 @@ +name: bsp-armv8b64-generic +kind: stratum +description: +- | + The set of platform specific components required for booting generic ARMv8 + systems in big-endian mode, such as the 64-bit APM XGene ARM based m400 + Moonshot cartridge. +build-depends: +- morph: strata/core.morph +chunks: +- name: linux-armv8b64-generic + morph: strata/bsp-armv8b64-generic/linux-armv8b64-generic.morph + repo: upstream:linux + ref: cd1397b1f6e429b82e94565b0af93c6bd44e4271 + unpetrify-ref: baserock/bjdooks/m400-be3 + build-depends: [] diff --git a/strata/bsp-armv8b64-generic/linux-armv8b64-generic.morph b/strata/bsp-armv8b64-generic/linux-armv8b64-generic.morph new file mode 100644 index 00000000..ecf383b0 --- /dev/null +++ b/strata/bsp-armv8b64-generic/linux-armv8b64-generic.morph @@ -0,0 +1,277 @@ +name: linux-armv8b64-generic +kind: chunk +configure-commands: +- make ARCH=arm64 defconfig +- scripts/config -e PACKET +- scripts/config -e SATA_AHCI +- scripts/config -e ATA_GENERIC +- scripts/config -e HAVE_IDE +- scripts/config -d BLK_DEV_IDE_SATA +- scripts/config -e BTRFS_FS +- scripts/config -e BTRFS_FS_POSIX_ACL +- scripts/config -e DEVTMPFS +- scripts/config -e DEVTMPFS_MOUNT +- scripts/config -e CONFIG_FHANDLE +- scripts/config -e CGROUPS +- scripts/config -e AUTOFS4_FS +- scripts/config --set-str UEVENT_HELPER_PATH '' +- scripts/config -e EXT2_FS +- scripts/config -e EXT2_FS_XATTR +- scripts/config -e EXT2_FS_POSIX_ACL +- scripts/config -e EXT2_FS_SECURITY +- scripts/config -e EXT2_FS_XIP +- scripts/config -e EXT3_FS +- scripts/config -d EXT3_DEFAULTS_TO_ORDERED +- scripts/config -e EXT3_FS_XATTR +- scripts/config -e EXT3_FS_POSIX_ACL +- scripts/config -e EXT3_FS_SECURITY +- scripts/config -e EXT4_FS +- scripts/config -e EXT4_FS_XATTR +- scripts/config -e EXT4_FS_POSIX_ACL +- scripts/config -e EXT4_FS_SECURITY +- scripts/config -d EXT4_DEBUG +- scripts/config -e XFS_FS +- scripts/config -e LIBCRC32C +- scripts/config -e FUSE_FS +- scripts/config -e OVERLAY_FS +- scripts/config -d JBD_DEBUG +- scripts/config -d JBD2_DEBUG +- scripts/config -e BLK_DEV_LOOP +- scripts/config -d BLK_DEV_CRYPTOLOOP +- scripts/config -e CEPH_FS +- scripts/config --set-val BLK_DEV_LOOP_MIN_COUNT 8 +- scripts/config -e DM_SNAPSHOT +- scripts/config -e VIRTIO +- scripts/config -e VIRTIO_RING +- scripts/config -e VIRTIO_PCI +- scripts/config -e VIRTIO_BALLOON +- scripts/config -e VIRTIO_BLK +- scripts/config -e VIRTIO_NET +- scripts/config -e VIRTIO_CONSOLE +- scripts/config -e HW_RANDOM_VIRTIO +- scripts/config -e 9P_FS +- scripts/config -e 9P_FSCACHE +- scripts/config -e 9P_FS_POSIX_ACL +- scripts/config -e NET_9P +- scripts/config -e NET_9P_VIRTIO +- scripts/config -e R8169 +- scripts/config -e 8139TOO +- scripts/config -e 8139CP +- scripts/config -e IKCONFIG +- scripts/config -e IKCONFIG_PROC +- scripts/config -e SECCOMP +- scripts/config -d DEBUG_STACK_TRACE +- scripts/config -e NFSD +- scripts/config -e NFSD_V3 +- scripts/config -e KVM +- scripts/config -e TUN +- scripts/config -e BRIDGE +- scripts/config -e VHOST_NET +- scripts/config -e NF_NAT +- scripts/config -e IP_NF_NAT +- scripts/config -e IP_NF_TARGET_MASQUERADE +- scripts/config -e FB_VESA +- scripts/config -e HOTPLUG_PCI +- scripts/config -e HOTPLUG_PCI_ACPI +- scripts/config -e VLAN_8021Q +- scripts/config -e BRIDGE_VLAN_FILTERING +- scripts/config -e IPV6 +- scripts/config -e BLK_DEV_NBD +- scripts/config -e BRIDGE_NF_EBTABLES +- scripts/config -e NETFILTER +- scripts/config -e NETFILTER_ADVANCED +- scripts/config -e NETFILTER_XT_MATCH_ADDRTYPE +- scripts/config -e OPENVSWITCH +- scripts/config -e OPENVSWITCH_VXLAN +- scripts/config -e CONFIG_OPENVSWITCH_GRE +- scripts/config -e NET_CLS_BASIC +- scripts/config -e NET_SCH_INGRESS +- scripts/config -e NET_ACT_POLICE +- scripts/config -e NET_IPGRE_DEMUX +- scripts/config -e NET_SCH_HTB +- scripts/config -e NET_SCH_HFSC +- scripts/config -e VXLAN +- scripts/config -e VETH +- scripts/config -e IP_NF_MATCH_AH +- scripts/config -e IP_NF_MATCH_ECN +- scripts/config -e IP_NF_MATCH_RPFILTER +- scripts/config -e IP_NF_MATCH_TTL +- scripts/config -e IP_NF_TARGET_SYNPROXY +- scripts/config -e IP_NF_TARGET_NETMAP +- scripts/config -e IP_NF_TARGET_REDIRECT +- scripts/config -e IP_NF_TARGET_CLUSTERIP +- scripts/config -e IP_NF_TARGET_ECN +- scripts/config -e IP_NF_TARGET_TTL +- scripts/config -e IP_NF_RAW +- scripts/config -e IP_NF_SECURITY +- scripts/config -e IP_NF_ARPTABLES +- scripts/config -e NETFILTER_NETLINK_QUEUE +- scripts/config -e SCSI_NETLINK +- scripts/config -e NETFILTER_XT_TARGET_MARK +- scripts/config -e NETFILTER_XT_SET +- scripts/config -e IP_SET +- scripts/config -e IP_SET_BITMAP_IP +- scripts/config -e IP_SET_BITMAP_IPMAC +- scripts/config -e IP_SET_BITMAP_PORT +- scripts/config -e IP_SET_HASH_IP +- scripts/config -e IP_SET_HASH_IPMARK +- scripts/config -e IP_SET_HASH_IPPORT +- scripts/config -e IP_SET_HASH_IPPORTIP +- scripts/config -e IP_SET_HASH_IPPORTNET +- scripts/config -e IP_SET_HASH_MAC +- scripts/config -e IP_SET_HASH_NETPORTNET +- scripts/config -e IP_SET_HASH_NET +- scripts/config -e IP_SET_HASH_NETNET +- scripts/config -e IP_SET_HASH_NETPORT +- scripts/config -e IP_SET_HASH_NETIFACE +- scripts/config -e IP_SET_LIST_SET +- scripts/config -e NF_CONNTRACK_TIMEOUT +- scripts/config -e NF_CONNTRACK_TIMESTAMP +- scripts/config -e NF_CONNTRACK_EVENTS +- scripts/config -e NF_CONNTRACK_LABELS +- scripts/config -e NETFILTER_NETLINK_ACCT +- scripts/config -e NETFILTER_NETLINK_QUEUE_CT +- scripts/config -e NF_CT_PROTO_DCCP +- scripts/config -e NF_CT_PROTO_GRE +- scripts/config -e NF_CT_PROTO_SCTP +- scripts/config -e NF_CT_PROTO_UDPLITE +- scripts/config -e NF_CT_NETLINK_TIMEOUT +- scripts/config -e NF_CT_NETLINK_HELPER +- scripts/config -e NF_CONNTRACK_AMANDA +- scripts/config -e NF_CONNTRACK_H323 +- scripts/config -e NF_CONNTRACK_BROADCAST +- scripts/config -e NF_CONNTRACK_NETBIOS_NS +- scripts/config -e NF_CONNTRACK_SNMP +- scripts/config -e NF_CONNTRACK_PPTP +- scripts/config -e NF_CONNTRACK_SANE +- scripts/config -e NF_CONNTRACK_TFTP +- scripts/config -e NF_LOG_COMMON +- scripts/config -e NF_NAT_PROTO_DCCP +- scripts/config -e NF_NAT_PROTO_UDPLITE +- scripts/config -e NF_NAT_PROTO_SCTP +- scripts/config -e NF_NAT_AMANDA +- scripts/config -e NF_NAT_TFTP +- scripts/config -e NF_TABLES +- scripts/config -e NF_TABLES_INET +- scripts/config -e NFT_COMPAT +- scripts/config -e NFT_EXTHDR +- scripts/config -e NFT_META +- scripts/config -e NFT_CT +- scripts/config -e NFT_LIMIT +- scripts/config -e NFT_NAT +- scripts/config -e NFT_QUEUE +- scripts/config -e NFT_REJECT +- scripts/config -e NFT_REJECT_INET +- scripts/config -e NFT_RBTREE +- scripts/config -e NFT_HASH +- scripts/config -e NFT_COUNTER +- scripts/config -e NFT_LOG +- scripts/config -e NFT_MASQ +- scripts/config -e NETFILTER_XT_CONNMARK +- scripts/config -e NETFILTER_XT_TARGET_AUDIT +- scripts/config -e NETFILTER_XT_TARGET_CHECKSUM +- scripts/config -e NETFILTER_XT_TARGET_CLASSIFY +- scripts/config -e NETFILTER_XT_TARGET_CT +- scripts/config -e NETFILTER_XT_TARGET_DSCP +- scripts/config -e NETFILTER_XT_TARGET_HMARK +- scripts/config -e NETFILTER_XT_TARGET_LED +- scripts/config -e NETFILTER_XT_TARGET_LOG +- scripts/config -e NETFILTER_XT_TARGET_NFQUEUE +- scripts/config -e NETFILTER_XT_TARGET_RATEEST +- scripts/config -e NETFILTER_XT_TARGET_TPROXY +- scripts/config -e NETFILTER_XT_TARGET_TCPOPTSTRIP +- scripts/config -e NETFILTER_XT_TARGET_TEE +- scripts/config -e NETFILTER_XT_TARGET_TRACE +- scripts/config -e NETFILTER_XT_TARGET_IDLETIMER +- scripts/config -e NETFILTER_XT_MATCH_BPF +- scripts/config -e NETFILTER_XT_MATCH_CLUSTER +- scripts/config -e NETFILTER_XT_MATCH_COMMENT +- scripts/config -e NETFILTER_XT_MATCH_CONNBYTES +- scripts/config -e NETFILTER_XT_MATCH_CONNLABEL +- scripts/config -e NETFILTER_XT_MATCH_CONNLIMIT +- scripts/config -e NETFILTER_XT_MATCH_CPU +- scripts/config -e NETFILTER_XT_MATCH_DCCP +- scripts/config -e NETFILTER_XT_MATCH_DEVGROUP +- scripts/config -e NETFILTER_XT_MATCH_DSCP +- scripts/config -e NETFILTER_XT_MATCH_ESP +- scripts/config -e NETFILTER_XT_MATCH_HASHLIMIT +- scripts/config -e NETFILTER_XT_MATCH_HELPER +- scripts/config -e NETFILTER_XT_MATCH_IPCOMP +- scripts/config -e NETFILTER_XT_MATCH_IPRANGE +- scripts/config -e NETFILTER_XT_MATCH_IPVS +- scripts/config -e NETFILTER_XT_MATCH_L2TP +- scripts/config -e NETFILTER_XT_MATCH_LENGTH +- scripts/config -e NETFILTER_XT_MATCH_LIMIT +- scripts/config -e NETFILTER_XT_MATCH_MAC +- scripts/config -e NETFILTER_XT_MATCH_MULTIPORT +- scripts/config -e NETFILTER_XT_MATCH_NFACCT +- scripts/config -e NETFILTER_XT_MATCH_OSF +- scripts/config -e NETFILTER_XT_MATCH_OWNER +- scripts/config -e NETFILTER_XT_MATCH_CGROUP +- scripts/config -e NETFILTER_XT_MATCH_PHYSDEV +- scripts/config -e NETFILTER_XT_MATCH_PKTTYPE +- scripts/config -e NETFILTER_XT_MATCH_QUOTA +- scripts/config -e NETFILTER_XT_MATCH_RATEEST +- scripts/config -e NETFILTER_XT_MATCH_REALM +- scripts/config -e NETFILTER_XT_MATCH_RECENT +- scripts/config -e NETFILTER_XT_MATCH_SCTP +- scripts/config -e NETFILTER_XT_MATCH_SOCKET +- scripts/config -e NETFILTER_XT_MATCH_STATISTIC +- scripts/config -e NETFILTER_XT_MATCH_STRING +- scripts/config -e NETFILTER_XT_MATCH_TCPMSS +- scripts/config -e NETFILTER_XT_MATCH_TIME +- scripts/config -e NETFILTER_XT_MATCH_U32 +- scripts/config -e IP_VS +- scripts/config -e BRIDGE_NETFILTER +- scripts/config -e CRYPTO_CRC32C +- scripts/config -e CONFIGFS_FS +- scripts/config -e EXPERT +- scripts/config -e TARGET_CORE +- scripts/config -e ISCSI_TARGET +- scripts/config -e TCM_IBLOCK +- scripts/config -e TCM_FILEIO +- scripts/config -e TCM_PSCSI +- scripts/config -e TCM_USER +- scripts/config -e CONFIG_UIO +- scripts/config -e LOOPBACK_TARGET +- scripts/config -e TCM_FC +- scripts/config -e LIBFC +- scripts/config -e SCSI_FC_ATTRS +- scripts/config -e SCSI_ISCSI_ATTRS +- scripts/config -e ISCSI_TCP +- scripts/config -e SCSI_LOWLEVEL +# Required for M400 +- scripts/config -e SATA_AHCI_PLATFORM +- scripts/config -e AHCI_XGENE +- scripts/config -e GENERIC_PHY +- scripts/config -e PHY_XGENE +- scripts/config -e NET_VENDOR_MELLANOX +- scripts/config -e MLX4_EN +- scripts/config -e MLX4_EN_DCB +- scripts/config -e MLX4_EN_VXLAN +- scripts/config -e MLX4_CORE +- scripts/config -e MLX5_CORE +- scripts/config -e NET_IP_TUNNEL +- scripts/config -e VXLAN +- scripts/config -e UIO +- scripts/config -e UIO_PDRV_GENIRQ +- scripts/config -e GPIO_DWAPB +- scripts/config -e KEYBOARD_GPIO +- scripts/config -e INPUT_POLLDEV +- scripts/config -e KEYBOARD_GPIO_POLLED +- scripts/config -d DMA_CMA +- scripts/config -e POWER_RESET +- scripts/config -e POWER_RESET_GPIO +- scripts/config -e POWER_RESET_SYSCON +- scripts/config -e POWER_AVS +# Big endian kernel +- scripts/config -e CPU_BIG_ENDIAN +- yes '' | make ARCH=arm64 oldconfig +build-commands: +# Only generate Image here, uImage generated in deployment +# due to availability of mkimage build systems +- make vmlinux dtbs $MAKEFLAGS +install-commands: +- mkdir -p "$DESTDIR"/boot +- make install dtbs_install INSTALL_PATH="$DESTDIR/boot" +- cp arch/arm64/boot/Image "$DESTDIR/boot/vmlinux" diff --git a/strata/bsp-armv8l64-generic/linux-armv8l64-generic.morph b/strata/bsp-armv8l64-generic/linux-armv8l64-generic.morph index 4eb92de4..018e5710 100644 --- a/strata/bsp-armv8l64-generic/linux-armv8l64-generic.morph +++ b/strata/bsp-armv8l64-generic/linux-armv8l64-generic.morph @@ -30,12 +30,17 @@ configure-commands: - scripts/config -e EXT4_FS_POSIX_ACL - scripts/config -e EXT4_FS_SECURITY - scripts/config -d EXT4_DEBUG +- scripts/config -e FUSE_FS +- scripts/config -e OVERLAY_FS +- scripts/config -e XFS_FS +- scripts/config -e LIBCRC32C - scripts/config -d JBD_DEBUG - scripts/config -d JBD2_DEBUG - scripts/config -e BLK_DEV_LOOP - scripts/config -d BLK_DEV_CRYPTOLOOP - scripts/config -e CEPH_FS - scripts/config --set-val BLK_DEV_LOOP_MIN_COUNT 8 +- scripts/config -e DM_SNAPSHOT - scripts/config -e VIRTIO - scripts/config -e VIRTIO_RING - scripts/config -e VIRTIO_PCI @@ -63,13 +68,178 @@ configure-commands: - scripts/config -e BRIDGE - scripts/config -e VHOST_NET - scripts/config -e NF_NAT -- scripts/config -e NF_NAT_IPV4 +- scripts/config -e IP_NF_NAT - scripts/config -e IP_NF_TARGET_MASQUERADE - scripts/config -e FB_VESA - scripts/config -e HOTPLUG_PCI - scripts/config -e HOTPLUG_PCI_ACPI - scripts/config -e VLAN_8021Q - scripts/config -e BRIDGE_VLAN_FILTERING +- scripts/config -e IPV6 +- scripts/config -e BLK_DEV_NBD +- scripts/config -e BRIDGE_NF_EBTABLES +- scripts/config -e NETFILTER +- scripts/config -e NETFILTER_ADVANCED +- scripts/config -e NETFILTER_XT_MATCH_ADDRTYPE +- scripts/config -e OPENVSWITCH +- scripts/config -e OPENVSWITCH_VXLAN +- scripts/config -e CONFIG_OPENVSWITCH_GRE +- scripts/config -e NET_CLS_BASIC +- scripts/config -e NET_SCH_INGRESS +- scripts/config -e NET_ACT_POLICE +- scripts/config -e NET_IPGRE_DEMUX +- scripts/config -e NET_SCH_HTB +- scripts/config -e NET_SCH_HFSC +- scripts/config -e VXLAN +- scripts/config -e VETH +- scripts/config -e IP_NF_MATCH_AH +- scripts/config -e IP_NF_MATCH_ECN +- scripts/config -e IP_NF_MATCH_RPFILTER +- scripts/config -e IP_NF_MATCH_TTL +- scripts/config -e IP_NF_TARGET_SYNPROXY +- scripts/config -e IP_NF_TARGET_NETMAP +- scripts/config -e IP_NF_TARGET_REDIRECT +- scripts/config -e IP_NF_TARGET_CLUSTERIP +- scripts/config -e IP_NF_TARGET_ECN +- scripts/config -e IP_NF_TARGET_TTL +- scripts/config -e IP_NF_RAW +- scripts/config -e IP_NF_SECURITY +- scripts/config -e IP_NF_ARPTABLES +- scripts/config -e NETFILTER_NETLINK_QUEUE +- scripts/config -e SCSI_NETLINK +- scripts/config -e NETFILTER_XT_TARGET_MARK +- scripts/config -e NETFILTER_XT_SET +- scripts/config -e IP_SET +- scripts/config -e IP_SET_BITMAP_IP +- scripts/config -e IP_SET_BITMAP_IPMAC +- scripts/config -e IP_SET_BITMAP_PORT +- scripts/config -e IP_SET_HASH_IP +- scripts/config -e IP_SET_HASH_IPMARK +- scripts/config -e IP_SET_HASH_IPPORT +- scripts/config -e IP_SET_HASH_IPPORTIP +- scripts/config -e IP_SET_HASH_IPPORTNET +- scripts/config -e IP_SET_HASH_MAC +- scripts/config -e IP_SET_HASH_NETPORTNET +- scripts/config -e IP_SET_HASH_NET +- scripts/config -e IP_SET_HASH_NETNET +- scripts/config -e IP_SET_HASH_NETPORT +- scripts/config -e IP_SET_HASH_NETIFACE +- scripts/config -e IP_SET_LIST_SET +- scripts/config -e NF_CONNTRACK_TIMEOUT +- scripts/config -e NF_CONNTRACK_TIMESTAMP +- scripts/config -e NF_CONNTRACK_EVENTS +- scripts/config -e NF_CONNTRACK_LABELS +- scripts/config -e NETFILTER_NETLINK_ACCT +- scripts/config -e NETFILTER_NETLINK_QUEUE_CT +- scripts/config -e NF_CT_PROTO_DCCP +- scripts/config -e NF_CT_PROTO_GRE +- scripts/config -e NF_CT_PROTO_SCTP +- scripts/config -e NF_CT_PROTO_UDPLITE +- scripts/config -e NF_CT_NETLINK_TIMEOUT +- scripts/config -e NF_CT_NETLINK_HELPER +- scripts/config -e NF_CONNTRACK_AMANDA +- scripts/config -e NF_CONNTRACK_H323 +- scripts/config -e NF_CONNTRACK_BROADCAST +- scripts/config -e NF_CONNTRACK_NETBIOS_NS +- scripts/config -e NF_CONNTRACK_SNMP +- scripts/config -e NF_CONNTRACK_PPTP +- scripts/config -e NF_CONNTRACK_SANE +- scripts/config -e NF_CONNTRACK_TFTP +- scripts/config -e NF_LOG_COMMON +- scripts/config -e NF_NAT_PROTO_DCCP +- scripts/config -e NF_NAT_PROTO_UDPLITE +- scripts/config -e NF_NAT_PROTO_SCTP +- scripts/config -e NF_NAT_AMANDA +- scripts/config -e NF_NAT_TFTP +- scripts/config -e NF_TABLES +- scripts/config -e NF_TABLES_INET +- scripts/config -e NFT_COMPAT +- scripts/config -e NFT_EXTHDR +- scripts/config -e NFT_META +- scripts/config -e NFT_CT +- scripts/config -e NFT_LIMIT +- scripts/config -e NFT_NAT +- scripts/config -e NFT_QUEUE +- scripts/config -e NFT_REJECT +- scripts/config -e NFT_REJECT_INET +- scripts/config -e NFT_RBTREE +- scripts/config -e NFT_HASH +- scripts/config -e NFT_COUNTER +- scripts/config -e NFT_LOG +- scripts/config -e NFT_MASQ +- scripts/config -e NETFILTER_XT_CONNMARK +- scripts/config -e NETFILTER_XT_TARGET_AUDIT +- scripts/config -e NETFILTER_XT_TARGET_CHECKSUM +- scripts/config -e NETFILTER_XT_TARGET_CLASSIFY +- scripts/config -e NETFILTER_XT_TARGET_CT +- scripts/config -e NETFILTER_XT_TARGET_DSCP +- scripts/config -e NETFILTER_XT_TARGET_HMARK +- scripts/config -e NETFILTER_XT_TARGET_LED +- scripts/config -e NETFILTER_XT_TARGET_LOG +- scripts/config -e NETFILTER_XT_TARGET_NFQUEUE +- scripts/config -e NETFILTER_XT_TARGET_RATEEST +- scripts/config -e NETFILTER_XT_TARGET_TPROXY +- scripts/config -e NETFILTER_XT_TARGET_TCPOPTSTRIP +- scripts/config -e NETFILTER_XT_TARGET_TEE +- scripts/config -e NETFILTER_XT_TARGET_TRACE +- scripts/config -e NETFILTER_XT_TARGET_IDLETIMER +- scripts/config -e NETFILTER_XT_MATCH_BPF +- scripts/config -e NETFILTER_XT_MATCH_CLUSTER +- scripts/config -e NETFILTER_XT_MATCH_COMMENT +- scripts/config -e NETFILTER_XT_MATCH_CONNBYTES +- scripts/config -e NETFILTER_XT_MATCH_CONNLABEL +- scripts/config -e NETFILTER_XT_MATCH_CONNLIMIT +- scripts/config -e NETFILTER_XT_MATCH_CPU +- scripts/config -e NETFILTER_XT_MATCH_DCCP +- scripts/config -e NETFILTER_XT_MATCH_DEVGROUP +- scripts/config -e NETFILTER_XT_MATCH_DSCP +- scripts/config -e NETFILTER_XT_MATCH_ESP +- scripts/config -e NETFILTER_XT_MATCH_HASHLIMIT +- scripts/config -e NETFILTER_XT_MATCH_HELPER +- scripts/config -e NETFILTER_XT_MATCH_IPCOMP +- scripts/config -e NETFILTER_XT_MATCH_IPRANGE +- scripts/config -e NETFILTER_XT_MATCH_IPVS +- scripts/config -e NETFILTER_XT_MATCH_L2TP +- scripts/config -e NETFILTER_XT_MATCH_LENGTH +- scripts/config -e NETFILTER_XT_MATCH_LIMIT +- scripts/config -e NETFILTER_XT_MATCH_MAC +- scripts/config -e NETFILTER_XT_MATCH_MULTIPORT +- scripts/config -e NETFILTER_XT_MATCH_NFACCT +- scripts/config -e NETFILTER_XT_MATCH_OSF +- scripts/config -e NETFILTER_XT_MATCH_OWNER +- scripts/config -e NETFILTER_XT_MATCH_CGROUP +- scripts/config -e NETFILTER_XT_MATCH_PHYSDEV +- scripts/config -e NETFILTER_XT_MATCH_PKTTYPE +- scripts/config -e NETFILTER_XT_MATCH_QUOTA +- scripts/config -e NETFILTER_XT_MATCH_RATEEST +- scripts/config -e NETFILTER_XT_MATCH_REALM +- scripts/config -e NETFILTER_XT_MATCH_RECENT +- scripts/config -e NETFILTER_XT_MATCH_SCTP +- scripts/config -e NETFILTER_XT_MATCH_SOCKET +- scripts/config -e NETFILTER_XT_MATCH_STATISTIC +- scripts/config -e NETFILTER_XT_MATCH_STRING +- scripts/config -e NETFILTER_XT_MATCH_TCPMSS +- scripts/config -e NETFILTER_XT_MATCH_TIME +- scripts/config -e NETFILTER_XT_MATCH_U32 +- scripts/config -e IP_VS +- scripts/config -e BRIDGE_NETFILTER +- scripts/config -e CRYPTO_CRC32C +- scripts/config -e CONFIGFS_FS +- scripts/config -e EXPERT +- scripts/config -e TARGET_CORE +- scripts/config -e ISCSI_TARGET +- scripts/config -e TCM_IBLOCK +- scripts/config -e TCM_FILEIO +- scripts/config -e TCM_PSCSI +- scripts/config -e TCM_USER +- scripts/config -e CONFIG_UIO +- scripts/config -e LOOPBACK_TARGET +- scripts/config -e TCM_FC +- scripts/config -e LIBFC +- scripts/config -e SCSI_FC_ATTRS +- scripts/config -e SCSI_ISCSI_ATTRS +- scripts/config -e ISCSI_TCP +- scripts/config -e SCSI_LOWLEVEL # Required for M400 - scripts/config -e SATA_AHCI_PLATFORM - scripts/config -e AHCI_XGENE diff --git a/strata/bsp-jetson.morph b/strata/bsp-jetson.morph index 85ab5ecf..48d7218c 100644 --- a/strata/bsp-jetson.morph +++ b/strata/bsp-jetson.morph @@ -15,34 +15,29 @@ chunks: - name: device-tree-compiler morph: strata/bsp-jetson/device-tree-compiler.morph repo: upstream:device-tree-compiler - ref: c92f284c3cf76d471eb27a271de3a51cb45ed058 - unpetrify-ref: baserock/morph + ref: 302fca9f4c283e1994cf0a5a9ce1cf43ca15e6d2 + unpetrify-ref: v1.4.1 - name: u-boot@jetson morph: strata/bsp-jetson/u-boot@jetson.morph repo: upstream:u-boot - ref: c77921345b943cdf5f2f28bbe88c6d8970620d2e - unpetrify-ref: baserock/jetson/u-boot-tegra-next + ref: f33cdaa4c3da4a8fd35aa2f9a3172f31cc887b35 + unpetrify-ref: v2015.04 build-depends: - device-tree-compiler - name: linux-jetson-tk1 morph: strata/bsp-jetson/linux-jetson-tk1.morph repo: upstream:linux - ref: 682c943b0159b1a4105f31020605bf8a0f155ffd - unpetrify-ref: baserock/v3.18-with-cpufreq -- name: bsp-support - morph: strata/bsp-jetson/bsp-support.morph - repo: baserock:baserock/bsp-support - ref: 19bc31ce3198a3c19cdd96d392bde34cb34ed525 - unpetrify-ref: baserock/arm/tegra-3.10 + ref: a6df05fd37874251833bd6f18404cd2efaa62603 + unpetrify-ref: baserock/tegra/4.0-with-cpufreq-gpu - name: nouveau-drm morph: strata/bsp-jetson/nouveau-drm.morph repo: upstream:nouveau - ref: 4d0929aa231a0c2d2b66fa1f8ea1c8fa4d872501 - unpetrify-ref: baserock/jetson/gk20a + ref: 73de0a7758eb447d6157d2ed79c84d1a4e6ca09b + unpetrify-ref: baserock/tegra/4.0 build-depends: - linux-jetson-tk1 - name: linux-firmware-jetson morph: strata/bsp-jetson/linux-firmware-jetson.morph repo: upstream:linux-firmware - ref: 9322ef5b14c78ec28163baa41bff240a0e098810 - unpetrify-ref: baserock/jetson + ref: ff2afc9d9649cab2a1f79b8d4eeb0cc0100a2f85 + unpetrify-ref: baserock/tegra/4.0 diff --git a/strata/bsp-jetson/bsp-support.morph b/strata/bsp-jetson/bsp-support.morph index 23524ac7..5adb02e4 100644 --- a/strata/bsp-jetson/bsp-support.morph +++ b/strata/bsp-jetson/bsp-support.morph @@ -1,6 +1,6 @@ name: bsp-support kind: chunk install-commands: -- install -o 0 -g 0 -m 755 -D nv-ondemand-cpufreq-governor.service "$DESTDIR/usr/lib/systemd/system/nv-ondemand-cpufreq-governor.service" +- install -o 0 -g 0 -m 644 -D nv-ondemand-cpufreq-governor.service "$DESTDIR/usr/lib/systemd/system/nv-ondemand-cpufreq-governor.service" - install -d "$DESTDIR/usr/lib/systemd/system/sysinit.target.wants" - ln -s /usr/lib/systemd/system/nv-ondemand-cpufreq-governor.service "$DESTDIR/usr/lib/systemd/system/sysinit.target.wants/nv-ondemand-cpufreq-governor.service" diff --git a/strata/bsp-jetson/linux-firmware-jetson.morph b/strata/bsp-jetson/linux-firmware-jetson.morph index c803eab2..e24e7ec7 100644 --- a/strata/bsp-jetson/linux-firmware-jetson.morph +++ b/strata/bsp-jetson/linux-firmware-jetson.morph @@ -2,5 +2,14 @@ name: linux-firmware-jetson kind: chunk install-commands: - install -d "$DESTDIR/lib/firmware/nvidia/tegra124" -- install -m644 nvidia/tegra124/gk20a_ctxsw.bin "$DESTDIR/lib/firmware/nvidia/tegra124" +- install -d "$DESTDIR/lib/firmware/nouveau" +- install -m644 nouveau/nvea_fuc409c "$DESTDIR/lib/firmware/nouveau" +- install -m644 nouveau/nvea_fuc409d "$DESTDIR/lib/firmware/nouveau" +- install -m644 nouveau/nvea_fuc41ac "$DESTDIR/lib/firmware/nouveau" +- install -m644 nouveau/nvea_fuc41ad "$DESTDIR/lib/firmware/nouveau" +- install -m644 nouveau/nvea_bundle "$DESTDIR/lib/firmware/nouveau" +- install -m644 nouveau/nvea_method "$DESTDIR/lib/firmware/nouveau" +- install -m644 nouveau/nvea_sw_ctx "$DESTDIR/lib/firmware/nouveau" +- install -m644 nouveau/nvea_sw_nonctx "$DESTDIR/lib/firmware/nouveau" - install -m644 nvidia/tegra124/xusb.bin "$DESTDIR/lib/firmware/nvidia/tegra124" +- install -m644 LICENCE.nvidia "$DESTDIR/lib/firmware" diff --git a/strata/bsp-jetson/linux-jetson-tk1.morph b/strata/bsp-jetson/linux-jetson-tk1.morph index 42c16f01..073a5a02 100644 --- a/strata/bsp-jetson/linux-jetson-tk1.morph +++ b/strata/bsp-jetson/linux-jetson-tk1.morph @@ -33,11 +33,16 @@ configure-commands: - scripts/config -e EXT4_FS_POSIX_ACL - scripts/config -e EXT4_FS_SECURITY - scripts/config -d EXT4_DEBUG +- scripts/config -e FUSE_FS +- scripts/config -e OVERLAY_FS +- scripts/config -e XFS_FS +- scripts/config -e LIBCRC32C - scripts/config -d JBD_DEBUG - scripts/config -d JBD2_DEBUG - scripts/config -e BLK_DEV_LOOP - scripts/config -d BLK_DEV_CRYPTOLOOP - scripts/config --set-val BLK_DEV_LOOP_MIN_COUNT 8 +- scripts/config -e DM_SNAPSHOT - scripts/config -e IKCONFIG - scripts/config -e IKCONFIG_PROC - scripts/config -e SECCOMP @@ -48,6 +53,175 @@ configure-commands: - scripts/config -m DRM_NOUVEAU - scripts/config -e VLAN_8021Q - scripts/config -e BRIDGE_VLAN_FILTERING +- scripts/config -e BLK_DEV_NBD +- scripts/config -e BRIDGE_NF_EBTABLES +- scripts/config -e NETFILTER +- scripts/config -e NETFILTER_ADVANCED +- scripts/config -e NETFILTER_XT_MATCH_ADDRTYPE +- scripts/config -e OPENVSWITCH +- scripts/config -e OPENVSWITCH_VXLAN +- scripts/config -e CONFIG_OPENVSWITCH_GRE +- scripts/config -e NET_CLS_BASIC +- scripts/config -e NET_SCH_INGRESS +- scripts/config -e NET_ACT_POLICE +- scripts/config -e NET_IPGRE_DEMUX +- scripts/config -e NET_SCH_HTB +- scripts/config -e NET_SCH_HFSC +- scripts/config -e VXLAN +- scripts/config -e VETH +- scripts/config -e IP_NF_MATCH_AH +- scripts/config -e IP_NF_MATCH_ECN +- scripts/config -e IP_NF_MATCH_RPFILTER +- scripts/config -e IP_NF_MATCH_TTL +- scripts/config -e IP_NF_TARGET_SYNPROXY +- scripts/config -e IP_NF_TARGET_NETMAP +- scripts/config -e IP_NF_TARGET_REDIRECT +- scripts/config -e IP_NF_TARGET_CLUSTERIP +- scripts/config -e IP_NF_TARGET_ECN +- scripts/config -e IP_NF_TARGET_TTL +- scripts/config -e IP_NF_RAW +- scripts/config -e IP_NF_SECURITY +- scripts/config -e IP_NF_ARPTABLES +- scripts/config -e NETFILTER_NETLINK_QUEUE +- scripts/config -e SCSI_NETLINK +- scripts/config -e NETFILTER_XT_TARGET_MARK +- scripts/config -e NETFILTER_XT_SET +- scripts/config -e IP_SET +- scripts/config -e IP_SET_BITMAP_IP +- scripts/config -e IP_SET_BITMAP_IPMAC +- scripts/config -e IP_SET_BITMAP_PORT +- scripts/config -e IP_SET_HASH_IP +- scripts/config -e IP_SET_HASH_IPMARK +- scripts/config -e IP_SET_HASH_IPPORT +- scripts/config -e IP_SET_HASH_IPPORTIP +- scripts/config -e IP_SET_HASH_IPPORTNET +- scripts/config -e IP_SET_HASH_MAC +- scripts/config -e IP_SET_HASH_NETPORTNET +- scripts/config -e IP_SET_HASH_NET +- scripts/config -e IP_SET_HASH_NETNET +- scripts/config -e IP_SET_HASH_NETPORT +- scripts/config -e IP_SET_HASH_NETIFACE +- scripts/config -e IP_SET_LIST_SET +- scripts/config -e NF_CONNTRACK_TIMEOUT +- scripts/config -e NF_CONNTRACK_TIMESTAMP +- scripts/config -e NF_CONNTRACK_EVENTS +- scripts/config -e NF_CONNTRACK_LABELS +- scripts/config -e NETFILTER_NETLINK_ACCT +- scripts/config -e NETFILTER_NETLINK_QUEUE_CT +- scripts/config -e NF_CT_PROTO_DCCP +- scripts/config -e NF_CT_PROTO_GRE +- scripts/config -e NF_CT_PROTO_SCTP +- scripts/config -e NF_CT_PROTO_UDPLITE +- scripts/config -e NF_CT_NETLINK_TIMEOUT +- scripts/config -e NF_CT_NETLINK_HELPER +- scripts/config -e NF_CONNTRACK_AMANDA +- scripts/config -e NF_CONNTRACK_H323 +- scripts/config -e NF_CONNTRACK_BROADCAST +- scripts/config -e NF_CONNTRACK_NETBIOS_NS +- scripts/config -e NF_CONNTRACK_SNMP +- scripts/config -e NF_CONNTRACK_PPTP +- scripts/config -e NF_CONNTRACK_SANE +- scripts/config -e NF_CONNTRACK_TFTP +- scripts/config -e NF_LOG_COMMON +- scripts/config -e NF_NAT_PROTO_DCCP +- scripts/config -e NF_NAT_PROTO_UDPLITE +- scripts/config -e NF_NAT_PROTO_SCTP +- scripts/config -e NF_NAT_AMANDA +- scripts/config -e NF_NAT_TFTP +- scripts/config -e NF_TABLES +- scripts/config -e NF_TABLES_INET +- scripts/config -e NFT_COMPAT +- scripts/config -e NFT_EXTHDR +- scripts/config -e NFT_META +- scripts/config -e NFT_CT +- scripts/config -e NFT_LIMIT +- scripts/config -e NFT_NAT +- scripts/config -e NFT_QUEUE +- scripts/config -e NFT_REJECT +- scripts/config -e NFT_REJECT_INET +- scripts/config -e NFT_RBTREE +- scripts/config -e NFT_HASH +- scripts/config -e NFT_COUNTER +- scripts/config -e NFT_LOG +- scripts/config -e NFT_MASQ +- scripts/config -e NETFILTER_XT_CONNMARK +- scripts/config -e NETFILTER_XT_TARGET_AUDIT +- scripts/config -e NETFILTER_XT_TARGET_CHECKSUM +- scripts/config -e NETFILTER_XT_TARGET_CLASSIFY +- scripts/config -e NETFILTER_XT_TARGET_CT +- scripts/config -e NETFILTER_XT_TARGET_DSCP +- scripts/config -e NETFILTER_XT_TARGET_HMARK +- scripts/config -e NETFILTER_XT_TARGET_LED +- scripts/config -e NETFILTER_XT_TARGET_LOG +- scripts/config -e NETFILTER_XT_TARGET_NFQUEUE +- scripts/config -e NETFILTER_XT_TARGET_RATEEST +- scripts/config -e NETFILTER_XT_TARGET_TPROXY +- scripts/config -e NETFILTER_XT_TARGET_TCPOPTSTRIP +- scripts/config -e NETFILTER_XT_TARGET_TEE +- scripts/config -e NETFILTER_XT_TARGET_TRACE +- scripts/config -e NETFILTER_XT_TARGET_IDLETIMER +- scripts/config -e NETFILTER_XT_MATCH_BPF +- scripts/config -e NETFILTER_XT_MATCH_CLUSTER +- scripts/config -e NETFILTER_XT_MATCH_COMMENT +- scripts/config -e NETFILTER_XT_MATCH_CONNBYTES +- scripts/config -e NETFILTER_XT_MATCH_CONNLABEL +- scripts/config -e NETFILTER_XT_MATCH_CONNLIMIT +- scripts/config -e NETFILTER_XT_MATCH_CPU +- scripts/config -e NETFILTER_XT_MATCH_DCCP +- scripts/config -e NETFILTER_XT_MATCH_DEVGROUP +- scripts/config -e NETFILTER_XT_MATCH_DSCP +- scripts/config -e NETFILTER_XT_MATCH_ESP +- scripts/config -e NETFILTER_XT_MATCH_HASHLIMIT +- scripts/config -e NETFILTER_XT_MATCH_HELPER +- scripts/config -e NETFILTER_XT_MATCH_IPCOMP +- scripts/config -e NETFILTER_XT_MATCH_IPRANGE +- scripts/config -e NETFILTER_XT_MATCH_IPVS +- scripts/config -e NETFILTER_XT_MATCH_L2TP +- scripts/config -e NETFILTER_XT_MATCH_LENGTH +- scripts/config -e NETFILTER_XT_MATCH_LIMIT +- scripts/config -e NETFILTER_XT_MATCH_MAC +- scripts/config -e NETFILTER_XT_MATCH_MULTIPORT +- scripts/config -e NETFILTER_XT_MATCH_NFACCT +- scripts/config -e NETFILTER_XT_MATCH_OSF +- scripts/config -e NETFILTER_XT_MATCH_OWNER +- scripts/config -e NETFILTER_XT_MATCH_CGROUP +- scripts/config -e NETFILTER_XT_MATCH_PHYSDEV +- scripts/config -e NETFILTER_XT_MATCH_PKTTYPE +- scripts/config -e NETFILTER_XT_MATCH_QUOTA +- scripts/config -e NETFILTER_XT_MATCH_RATEEST +- scripts/config -e NETFILTER_XT_MATCH_REALM +- scripts/config -e NETFILTER_XT_MATCH_RECENT +- scripts/config -e NETFILTER_XT_MATCH_SCTP +- scripts/config -e NETFILTER_XT_MATCH_SOCKET +- scripts/config -e NETFILTER_XT_MATCH_STATISTIC +- scripts/config -e NETFILTER_XT_MATCH_STRING +- scripts/config -e NETFILTER_XT_MATCH_TCPMSS +- scripts/config -e NETFILTER_XT_MATCH_TIME +- scripts/config -e NETFILTER_XT_MATCH_U32 +- scripts/config -e IP_VS +- scripts/config -e BRIDGE_NETFILTER +- scripts/config -e CRYPTO_CRC32C +- scripts/config -e CONFIGFS_FS +- scripts/config -e EXPERT +- scripts/config -e TARGET_CORE +- scripts/config -e ISCSI_TARGET +- scripts/config -e TCM_IBLOCK +- scripts/config -e TCM_FILEIO +- scripts/config -e TCM_PSCSI +- scripts/config -e TCM_USER +- scripts/config -e CONFIG_UIO +- scripts/config -e LOOPBACK_TARGET +- scripts/config -e TCM_FC +- scripts/config -e LIBFC +- scripts/config -e SCSI_FC_ATTRS +- scripts/config -e SCSI_ISCSI_ATTRS +- scripts/config -e ISCSI_TCP +- scripts/config -e SCSI_LOWLEVEL +- scripts/config -m DRM_NOUVEAU +- scripts/config -e NOUVEAU_PLATFORM_DRIVER +- scripts/config -e DRM_TEGRA_STAGING +- scripts/config --set-val NOUVEAU_DEBUG 5 +- scripts/config --set-val NOUVEAU_DEBUG_DEFAULT 3 - yes '' | make ARCH=arm oldconfig build-commands: - make $MAKEFLAGS ARCH=arm LOADADDR=0x80200000 zImage dtbs diff --git a/strata/bsp-jetson/nouveau-drm.morph b/strata/bsp-jetson/nouveau-drm.morph index e297a069..33221a70 100644 --- a/strata/bsp-jetson/nouveau-drm.morph +++ b/strata/bsp-jetson/nouveau-drm.morph @@ -1,12 +1,12 @@ name: nouveau-drm kind: chunk build-commands: - - cd drm && make ARCH=arm M=$(pwd) -C /usr/src/linux/ modules + - sed -e 's/.*android\/sync.*/#ifdef CONFIG_SYNC\n&\n#endif/' -i drm/nouveau/nouveau_fence.c + - cd drm/nouveau && make ARCH=arm M=$(pwd) -C /usr/src/linux/ modules install-commands: - - cd drm && make ARCH=arm M="$(pwd)" -C /usr/src/linux/ INSTALL_MOD_PATH="$DESTDIR" modules_install + - cd drm/nouveau && make ARCH=arm M="$(pwd)" -C /usr/src/linux/ INSTALL_MOD_PATH="$DESTDIR" modules_install system-integration: nouveau-drm-misc: 00-earlyconf: - (cd /lib/modules && for version in *; do rm "$version/kernel/drivers/gpu/drm/nouveau/nouveau.ko"; done) - - (cd /lib/modules && for version in *; do rm "$version/kernel/drivers/gpu/drm/nouveau/nouveau_platform.ko"; done) - (cd /lib/modules && for version in *; do depmod -a "$version"; done) diff --git a/strata/bsp-ppc64-generic.morph b/strata/bsp-ppc64-generic.morph index 58038d60..ea606a75 100644 --- a/strata/bsp-ppc64-generic.morph +++ b/strata/bsp-ppc64-generic.morph @@ -7,5 +7,5 @@ chunks: - name: linux-ppc64 morph: strata/bsp-ppc64-generic/linux-ppc64.morph repo: upstream:linux - ref: bfa76d49576599a4b9f9b7a71f23d73d6dcff735 - unpetrify-ref: v3.19 + ref: 39a8804455fb23f09157341d3ba7db6d7ae6ee76 + unpetrify-ref: v4.0 diff --git a/strata/bsp-ppc64-generic/linux-ppc64.morph b/strata/bsp-ppc64-generic/linux-ppc64.morph index 1740a144..b8b189c7 100644 --- a/strata/bsp-ppc64-generic/linux-ppc64.morph +++ b/strata/bsp-ppc64-generic/linux-ppc64.morph @@ -31,11 +31,16 @@ configure-commands: - scripts/config -e EXT4_FS_POSIX_ACL - scripts/config -e EXT4_FS_SECURITY - scripts/config -d EXT4_DEBUG +- scripts/config -e FUSE_FS +- scripts/config -e OVERLAY_FS +- scripts/config -e XFS_FS +- scripts/config -e LIBCRC32C - scripts/config -d JBD_DEBUG - scripts/config -d JBD2_DEBUG - scripts/config -e BLK_DEV_LOOP - scripts/config -d BLK_DEV_CRYPTOLOOP - scripts/config --set-val BLK_DEV_LOOP_MIN_COUNT 8 +- scripts/config -e DM_SNAPSHOT - scripts/config -e IKCONFIG - scripts/config -e IKCONFIG_PROC - scripts/config -e SECCOMP @@ -48,6 +53,170 @@ configure-commands: - scripts/config -e ROOT_NFS - scripts/config -e PCI - scripts/config -e TIGON3 +- scripts/config -e BLK_DEV_NBD +- scripts/config -e BRIDGE_NF_EBTABLES +- scripts/config -e NETFILTER +- scripts/config -e NETFILTER_ADVANCED +- scripts/config -e NETFILTER_XT_MATCH_ADDRTYPE +- scripts/config -e OPENVSWITCH +- scripts/config -e OPENVSWITCH_VXLAN +- scripts/config -e CONFIG_OPENVSWITCH_GRE +- scripts/config -e NET_CLS_BASIC +- scripts/config -e NET_SCH_INGRESS +- scripts/config -e NET_ACT_POLICE +- scripts/config -e NET_IPGRE_DEMUX +- scripts/config -e NET_SCH_HTB +- scripts/config -e NET_SCH_HFSC +- scripts/config -e VXLAN +- scripts/config -e VETH +- scripts/config -e IP_NF_MATCH_AH +- scripts/config -e IP_NF_MATCH_ECN +- scripts/config -e IP_NF_MATCH_RPFILTER +- scripts/config -e IP_NF_MATCH_TTL +- scripts/config -e IP_NF_TARGET_SYNPROXY +- scripts/config -e IP_NF_TARGET_NETMAP +- scripts/config -e IP_NF_TARGET_REDIRECT +- scripts/config -e IP_NF_TARGET_CLUSTERIP +- scripts/config -e IP_NF_TARGET_ECN +- scripts/config -e IP_NF_TARGET_TTL +- scripts/config -e IP_NF_RAW +- scripts/config -e IP_NF_SECURITY +- scripts/config -e IP_NF_ARPTABLES +- scripts/config -e NETFILTER_NETLINK_QUEUE +- scripts/config -e SCSI_NETLINK +- scripts/config -e NETFILTER_XT_TARGET_MARK +- scripts/config -e NETFILTER_XT_SET +- scripts/config -e IP_SET +- scripts/config -e IP_SET_BITMAP_IP +- scripts/config -e IP_SET_BITMAP_IPMAC +- scripts/config -e IP_SET_BITMAP_PORT +- scripts/config -e IP_SET_HASH_IP +- scripts/config -e IP_SET_HASH_IPMARK +- scripts/config -e IP_SET_HASH_IPPORT +- scripts/config -e IP_SET_HASH_IPPORTIP +- scripts/config -e IP_SET_HASH_IPPORTNET +- scripts/config -e IP_SET_HASH_MAC +- scripts/config -e IP_SET_HASH_NETPORTNET +- scripts/config -e IP_SET_HASH_NET +- scripts/config -e IP_SET_HASH_NETNET +- scripts/config -e IP_SET_HASH_NETPORT +- scripts/config -e IP_SET_HASH_NETIFACE +- scripts/config -e IP_SET_LIST_SET +- scripts/config -e NF_CONNTRACK_TIMEOUT +- scripts/config -e NF_CONNTRACK_TIMESTAMP +- scripts/config -e NF_CONNTRACK_EVENTS +- scripts/config -e NF_CONNTRACK_LABELS +- scripts/config -e NETFILTER_NETLINK_ACCT +- scripts/config -e NETFILTER_NETLINK_QUEUE_CT +- scripts/config -e NF_CT_PROTO_DCCP +- scripts/config -e NF_CT_PROTO_GRE +- scripts/config -e NF_CT_PROTO_SCTP +- scripts/config -e NF_CT_PROTO_UDPLITE +- scripts/config -e NF_CT_NETLINK_TIMEOUT +- scripts/config -e NF_CT_NETLINK_HELPER +- scripts/config -e NF_CONNTRACK_AMANDA +- scripts/config -e NF_CONNTRACK_H323 +- scripts/config -e NF_CONNTRACK_BROADCAST +- scripts/config -e NF_CONNTRACK_NETBIOS_NS +- scripts/config -e NF_CONNTRACK_SNMP +- scripts/config -e NF_CONNTRACK_PPTP +- scripts/config -e NF_CONNTRACK_SANE +- scripts/config -e NF_CONNTRACK_TFTP +- scripts/config -e NF_LOG_COMMON +- scripts/config -e NF_NAT_PROTO_DCCP +- scripts/config -e NF_NAT_PROTO_UDPLITE +- scripts/config -e NF_NAT_PROTO_SCTP +- scripts/config -e NF_NAT_AMANDA +- scripts/config -e NF_NAT_TFTP +- scripts/config -e NF_TABLES +- scripts/config -e NF_TABLES_INET +- scripts/config -e NFT_COMPAT +- scripts/config -e NFT_EXTHDR +- scripts/config -e NFT_META +- scripts/config -e NFT_CT +- scripts/config -e NFT_LIMIT +- scripts/config -e NFT_NAT +- scripts/config -e NFT_QUEUE +- scripts/config -e NFT_REJECT +- scripts/config -e NFT_REJECT_INET +- scripts/config -e NFT_RBTREE +- scripts/config -e NFT_HASH +- scripts/config -e NFT_COUNTER +- scripts/config -e NFT_LOG +- scripts/config -e NFT_MASQ +- scripts/config -e NETFILTER_XT_CONNMARK +- scripts/config -e NETFILTER_XT_TARGET_AUDIT +- scripts/config -e NETFILTER_XT_TARGET_CHECKSUM +- scripts/config -e NETFILTER_XT_TARGET_CLASSIFY +- scripts/config -e NETFILTER_XT_TARGET_CT +- scripts/config -e NETFILTER_XT_TARGET_DSCP +- scripts/config -e NETFILTER_XT_TARGET_HMARK +- scripts/config -e NETFILTER_XT_TARGET_LED +- scripts/config -e NETFILTER_XT_TARGET_LOG +- scripts/config -e NETFILTER_XT_TARGET_NFQUEUE +- scripts/config -e NETFILTER_XT_TARGET_RATEEST +- scripts/config -e NETFILTER_XT_TARGET_TPROXY +- scripts/config -e NETFILTER_XT_TARGET_TCPOPTSTRIP +- scripts/config -e NETFILTER_XT_TARGET_TEE +- scripts/config -e NETFILTER_XT_TARGET_TRACE +- scripts/config -e NETFILTER_XT_TARGET_IDLETIMER +- scripts/config -e NETFILTER_XT_MATCH_BPF +- scripts/config -e NETFILTER_XT_MATCH_CLUSTER +- scripts/config -e NETFILTER_XT_MATCH_COMMENT +- scripts/config -e NETFILTER_XT_MATCH_CONNBYTES +- scripts/config -e NETFILTER_XT_MATCH_CONNLABEL +- scripts/config -e NETFILTER_XT_MATCH_CONNLIMIT +- scripts/config -e NETFILTER_XT_MATCH_CPU +- scripts/config -e NETFILTER_XT_MATCH_DCCP +- scripts/config -e NETFILTER_XT_MATCH_DEVGROUP +- scripts/config -e NETFILTER_XT_MATCH_DSCP +- scripts/config -e NETFILTER_XT_MATCH_ESP +- scripts/config -e NETFILTER_XT_MATCH_HASHLIMIT +- scripts/config -e NETFILTER_XT_MATCH_HELPER +- scripts/config -e NETFILTER_XT_MATCH_IPCOMP +- scripts/config -e NETFILTER_XT_MATCH_IPRANGE +- scripts/config -e NETFILTER_XT_MATCH_IPVS +- scripts/config -e NETFILTER_XT_MATCH_L2TP +- scripts/config -e NETFILTER_XT_MATCH_LENGTH +- scripts/config -e NETFILTER_XT_MATCH_LIMIT +- scripts/config -e NETFILTER_XT_MATCH_MAC +- scripts/config -e NETFILTER_XT_MATCH_MULTIPORT +- scripts/config -e NETFILTER_XT_MATCH_NFACCT +- scripts/config -e NETFILTER_XT_MATCH_OSF +- scripts/config -e NETFILTER_XT_MATCH_OWNER +- scripts/config -e NETFILTER_XT_MATCH_CGROUP +- scripts/config -e NETFILTER_XT_MATCH_PHYSDEV +- scripts/config -e NETFILTER_XT_MATCH_PKTTYPE +- scripts/config -e NETFILTER_XT_MATCH_QUOTA +- scripts/config -e NETFILTER_XT_MATCH_RATEEST +- scripts/config -e NETFILTER_XT_MATCH_REALM +- scripts/config -e NETFILTER_XT_MATCH_RECENT +- scripts/config -e NETFILTER_XT_MATCH_SCTP +- scripts/config -e NETFILTER_XT_MATCH_SOCKET +- scripts/config -e NETFILTER_XT_MATCH_STATISTIC +- scripts/config -e NETFILTER_XT_MATCH_STRING +- scripts/config -e NETFILTER_XT_MATCH_TCPMSS +- scripts/config -e NETFILTER_XT_MATCH_TIME +- scripts/config -e NETFILTER_XT_MATCH_U32 +- scripts/config -e IP_VS +- scripts/config -e BRIDGE_NETFILTER +- scripts/config -e CRYPTO_CRC32C +- scripts/config -e CONFIGFS_FS +- scripts/config -e EXPERT +- scripts/config -e TARGET_CORE +- scripts/config -e ISCSI_TARGET +- scripts/config -e TCM_IBLOCK +- scripts/config -e TCM_FILEIO +- scripts/config -e TCM_PSCSI +- scripts/config -e TCM_USER +- scripts/config -e CONFIG_UIO +- scripts/config -e LOOPBACK_TARGET +- scripts/config -e TCM_FC +- scripts/config -e LIBFC +- scripts/config -e SCSI_FC_ATTRS +- scripts/config -e SCSI_ISCSI_ATTRS +- scripts/config -e ISCSI_TCP +- scripts/config -e SCSI_LOWLEVEL - yes '' | make oldconfig build-commands: - make $MAKEFLAGS ARCH=powerpc zImage diff --git a/strata/bsp-wandboard.morph b/strata/bsp-wandboard.morph index 2ab095df..ba704b1b 100644 --- a/strata/bsp-wandboard.morph +++ b/strata/bsp-wandboard.morph @@ -11,8 +11,8 @@ chunks: unpetrify-ref: baserock/morph - name: linux-armv7-wandboard morph: strata/bsp-wandboard/linux-armv7-wandboard.morph - repo: upstream:linux - ref: bfa76d49576599a4b9f9b7a71f23d73d6dcff735 - unpetrify-ref: v3.19 + repo: upstream:linux-stable + ref: 660613d1a4e94144490850b6c3d350331860fac4 + unpetrify-ref: v3.19.2 build-depends: - u-boot@wandboard diff --git a/strata/bsp-wandboard/linux-armv7-wandboard.morph b/strata/bsp-wandboard/linux-armv7-wandboard.morph index 15317978..bf337725 100644 --- a/strata/bsp-wandboard/linux-armv7-wandboard.morph +++ b/strata/bsp-wandboard/linux-armv7-wandboard.morph @@ -33,11 +33,14 @@ configure-commands: - scripts/config -e EXT4_FS_POSIX_ACL - scripts/config -e EXT4_FS_SECURITY - scripts/config -d EXT4_DEBUG +- scripts/config -e FUSE_FS +- scripts/config -e OVERLAY_FS - scripts/config -d JBD_DEBUG - scripts/config -d JBD2_DEBUG - scripts/config -e BLK_DEV_LOOP - scripts/config -d BLK_DEV_CRYPTOLOOP - scripts/config --set-val BLK_DEV_LOOP_MIN_COUNT 8 +- scripts/config -e DM_SNAPSHOT - scripts/config -e IKCONFIG - scripts/config -e IKCONFIG_PROC - scripts/config -e SECCOMP @@ -46,6 +49,7 @@ configure-commands: - scripts/config -e NFSD_V3 - scripts/config -e VLAN_8021Q - scripts/config -e BRIDGE_VLAN_FILTERING +- scripts/config -e VETH - yes '' | make oldconfig build-commands: - make $MAKEFLAGS ARCH=arm LOADADDR=0x10800000 uImage dtbs diff --git a/strata/bsp-x86_32-generic.morph b/strata/bsp-x86_32-generic.morph index 10c4dbe5..41003643 100644 --- a/strata/bsp-x86_32-generic.morph +++ b/strata/bsp-x86_32-generic.morph @@ -8,8 +8,8 @@ chunks: - name: linux-x86-32-generic morph: strata/bsp-x86_32-generic/linux-x86-32-generic.morph repo: upstream:linux - ref: bfa76d49576599a4b9f9b7a71f23d73d6dcff735 - unpetrify-ref: v3.19 + ref: 39a8804455fb23f09157341d3ba7db6d7ae6ee76 + unpetrify-ref: v4.0 - name: nasm morph: strata/bsp-x86_32-generic/nasm.morph repo: upstream:nasm diff --git a/strata/bsp-x86_32-generic/linux-x86-32-generic.morph b/strata/bsp-x86_32-generic/linux-x86-32-generic.morph index 593d9a65..1616748f 100644 --- a/strata/bsp-x86_32-generic/linux-x86-32-generic.morph +++ b/strata/bsp-x86_32-generic/linux-x86-32-generic.morph @@ -40,12 +40,17 @@ configure-commands: - scripts/config -e EXT4_FS_POSIX_ACL - scripts/config -e EXT4_FS_SECURITY - scripts/config -d EXT4_DEBUG +- scripts/config -e FUSE_FS +- scripts/config -e OVERLAY_FS +- scripts/config -e XFS_FS +- scripts/config -e LIBCRC32C - scripts/config -d JBD_DEBUG - scripts/config -d JBD2_DEBUG - scripts/config -e BLK_DEV_LOOP - scripts/config -d BLK_DEV_CRYPTOLOOP - scripts/config -e CEPH_FS - scripts/config --set-val BLK_DEV_LOOP_MIN_COUNT 8 +- scripts/config -e DM_SNAPSHOT - scripts/config -e VIRTIO - scripts/config -e VIRTIO_RING - scripts/config -e VIRTIO_PCI @@ -62,6 +67,16 @@ configure-commands: - scripts/config -e R8169 - scripts/config -e 8139TOO - scripts/config -e 8139CP +- scripts/config -e ATL1 +- scripts/config -e ATL1C +- scripts/config -e ATL1E +- scripts/config -e E100 +- scripts/config -e E1000 +- scripts/config -e E1000E +- scripts/config -e USB_USBNET +- scripts/config -e USB_NET_AX8817X +- scripts/config -e USB_NET_AX88179_178A +- scripts/config -e USB_NET_DM9601 - scripts/config -e IKCONFIG - scripts/config -e IKCONFIG_PROC - scripts/config -e SECCOMP @@ -73,13 +88,181 @@ configure-commands: - scripts/config -e BRIDGE - scripts/config -e VHOST_NET - scripts/config -e NF_NAT -- scripts/config -e NF_NAT_IPV4 +- scripts/config -e IP_NF_NAT - scripts/config -e IP_NF_TARGET_MASQUERADE - scripts/config -e FB_VESA - scripts/config -e HOTPLUG_PCI - scripts/config -e HOTPLUG_PCI_ACPI - scripts/config -e VLAN_8021Q - scripts/config -e BRIDGE_VLAN_FILTERING +- scripts/config -e BLK_DEV_NBD +- scripts/config -e BRIDGE_NF_EBTABLES +- scripts/config -e NETFILTER +- scripts/config -e NETFILTER_ADVANCED +- scripts/config -e NETFILTER_XT_MATCH_ADDRTYPE +- scripts/config -e OPENVSWITCH +- scripts/config -e OPENVSWITCH_VXLAN +- scripts/config -e CONFIG_OPENVSWITCH_GRE +- scripts/config -e NET_CLS_BASIC +- scripts/config -e NET_SCH_INGRESS +- scripts/config -e NET_ACT_POLICE +- scripts/config -e NET_IPGRE_DEMUX +- scripts/config -e NET_SCH_HTB +- scripts/config -e NET_SCH_HFSC +- scripts/config -e VXLAN +- scripts/config -e VETH +- scripts/config -e IP_NF_MATCH_AH +- scripts/config -e IP_NF_MATCH_ECN +- scripts/config -e IP_NF_MATCH_RPFILTER +- scripts/config -e IP_NF_MATCH_TTL +- scripts/config -e IP_NF_TARGET_SYNPROXY +- scripts/config -e IP_NF_TARGET_NETMAP +- scripts/config -e IP_NF_TARGET_REDIRECT +- scripts/config -e IP_NF_TARGET_CLUSTERIP +- scripts/config -e IP_NF_TARGET_ECN +- scripts/config -e IP_NF_TARGET_TTL +- scripts/config -e IP_NF_RAW +- scripts/config -e IP_NF_SECURITY +- scripts/config -e IP_NF_ARPTABLES +- scripts/config -e KVM_INTEL +- scripts/config -e NETFILTER_NETLINK_QUEUE +- scripts/config -e SCSI_NETLINK +- scripts/config -e NETFILTER_XT_TARGET_MARK +- scripts/config -e NETFILTER_XT_SET +- scripts/config -e IP_SET +- scripts/config -e IP_SET_BITMAP_IP +- scripts/config -e IP_SET_BITMAP_IPMAC +- scripts/config -e IP_SET_BITMAP_PORT +- scripts/config -e IP_SET_HASH_IP +- scripts/config -e IP_SET_HASH_IPMARK +- scripts/config -e IP_SET_HASH_IPPORT +- scripts/config -e IP_SET_HASH_IPPORTIP +- scripts/config -e IP_SET_HASH_IPPORTNET +- scripts/config -e IP_SET_HASH_MAC +- scripts/config -e IP_SET_HASH_NETPORTNET +- scripts/config -e IP_SET_HASH_NET +- scripts/config -e IP_SET_HASH_NETNET +- scripts/config -e IP_SET_HASH_NETPORT +- scripts/config -e IP_SET_HASH_NETIFACE +- scripts/config -e IP_SET_LIST_SET +- scripts/config -e NF_CONNTRACK_TIMEOUT +- scripts/config -e NF_CONNTRACK_TIMESTAMP +- scripts/config -e NF_CONNTRACK_EVENTS +- scripts/config -e NF_CONNTRACK_LABELS +- scripts/config -e NETFILTER_NETLINK_ACCT +- scripts/config -e NETFILTER_NETLINK_QUEUE_CT +- scripts/config -e NF_CT_PROTO_DCCP +- scripts/config -e NF_CT_PROTO_GRE +- scripts/config -e NF_CT_PROTO_SCTP +- scripts/config -e NF_CT_PROTO_UDPLITE +- scripts/config -e NF_CT_NETLINK_TIMEOUT +- scripts/config -e NF_CT_NETLINK_HELPER +- scripts/config -e NF_CONNTRACK_AMANDA +- scripts/config -e NF_CONNTRACK_H323 +- scripts/config -e NF_CONNTRACK_BROADCAST +- scripts/config -e NF_CONNTRACK_NETBIOS_NS +- scripts/config -e NF_CONNTRACK_SNMP +- scripts/config -e NF_CONNTRACK_PPTP +- scripts/config -e NF_CONNTRACK_SANE +- scripts/config -e NF_CONNTRACK_TFTP +- scripts/config -e NF_LOG_COMMON +- scripts/config -e NF_NAT_PROTO_DCCP +- scripts/config -e NF_NAT_PROTO_UDPLITE +- scripts/config -e NF_NAT_PROTO_SCTP +- scripts/config -e NF_NAT_AMANDA +- scripts/config -e NF_NAT_TFTP +- scripts/config -e NF_TABLES +- scripts/config -e NF_TABLES_INET +- scripts/config -e NFT_COMPAT +- scripts/config -e NFT_EXTHDR +- scripts/config -e NFT_META +- scripts/config -e NFT_CT +- scripts/config -e NFT_LIMIT +- scripts/config -e NFT_NAT +- scripts/config -e NFT_QUEUE +- scripts/config -e NFT_REJECT +- scripts/config -e NFT_REJECT_INET +- scripts/config -e NFT_RBTREE +- scripts/config -e NFT_HASH +- scripts/config -e NFT_COUNTER +- scripts/config -e NFT_LOG +- scripts/config -e NFT_MASQ +- scripts/config -e NETFILTER_XT_CONNMARK +- scripts/config -e NETFILTER_XT_TARGET_AUDIT +- scripts/config -e NETFILTER_XT_TARGET_CHECKSUM +- scripts/config -e NETFILTER_XT_TARGET_CLASSIFY +- scripts/config -e NETFILTER_XT_TARGET_CT +- scripts/config -e NETFILTER_XT_TARGET_DSCP +- scripts/config -e NETFILTER_XT_TARGET_HMARK +- scripts/config -e NETFILTER_XT_TARGET_LED +- scripts/config -e NETFILTER_XT_TARGET_LOG +- scripts/config -e NETFILTER_XT_TARGET_NFQUEUE +- scripts/config -e NETFILTER_XT_TARGET_RATEEST +- scripts/config -e NETFILTER_XT_TARGET_TPROXY +- scripts/config -e NETFILTER_XT_TARGET_TCPOPTSTRIP +- scripts/config -e NETFILTER_XT_TARGET_TEE +- scripts/config -e NETFILTER_XT_TARGET_TRACE +- scripts/config -e NETFILTER_XT_TARGET_IDLETIMER +- scripts/config -e NETFILTER_XT_MATCH_BPF +- scripts/config -e NETFILTER_XT_MATCH_CLUSTER +- scripts/config -e NETFILTER_XT_MATCH_COMMENT +- scripts/config -e NETFILTER_XT_MATCH_CONNBYTES +- scripts/config -e NETFILTER_XT_MATCH_CONNLABEL +- scripts/config -e NETFILTER_XT_MATCH_CONNLIMIT +- scripts/config -e NETFILTER_XT_MATCH_CPU +- scripts/config -e NETFILTER_XT_MATCH_DCCP +- scripts/config -e NETFILTER_XT_MATCH_DEVGROUP +- scripts/config -e NETFILTER_XT_MATCH_DSCP +- scripts/config -e NETFILTER_XT_MATCH_ESP +- scripts/config -e NETFILTER_XT_MATCH_HASHLIMIT +- scripts/config -e NETFILTER_XT_MATCH_HELPER +- scripts/config -e NETFILTER_XT_MATCH_IPCOMP +- scripts/config -e NETFILTER_XT_MATCH_IPRANGE +- scripts/config -e NETFILTER_XT_MATCH_IPVS +- scripts/config -e NETFILTER_XT_MATCH_L2TP +- scripts/config -e NETFILTER_XT_MATCH_LENGTH +- scripts/config -e NETFILTER_XT_MATCH_LIMIT +- scripts/config -e NETFILTER_XT_MATCH_MAC +- scripts/config -e NETFILTER_XT_MATCH_MULTIPORT +- scripts/config -e NETFILTER_XT_MATCH_NFACCT +- scripts/config -e NETFILTER_XT_MATCH_OSF +- scripts/config -e NETFILTER_XT_MATCH_OWNER +- scripts/config -e NETFILTER_XT_MATCH_CGROUP +- scripts/config -e NETFILTER_XT_MATCH_PHYSDEV +- scripts/config -e NETFILTER_XT_MATCH_PKTTYPE +- scripts/config -e NETFILTER_XT_MATCH_QUOTA +- scripts/config -e NETFILTER_XT_MATCH_RATEEST +- scripts/config -e NETFILTER_XT_MATCH_REALM +- scripts/config -e NETFILTER_XT_MATCH_RECENT +- scripts/config -e NETFILTER_XT_MATCH_SCTP +- scripts/config -e NETFILTER_XT_MATCH_SOCKET +- scripts/config -e NETFILTER_XT_MATCH_STATISTIC +- scripts/config -e NETFILTER_XT_MATCH_STRING +- scripts/config -e NETFILTER_XT_MATCH_TCPMSS +- scripts/config -e NETFILTER_XT_MATCH_TIME +- scripts/config -e NETFILTER_XT_MATCH_U32 +- scripts/config -e IP_VS +- scripts/config -e BRIDGE_NETFILTER +- scripts/config -e CRYPTO_CRC32C +- scripts/config -e CONFIGFS_FS +- scripts/config -e EXPERT +- scripts/config -e TARGET_CORE +- scripts/config -e ISCSI_TARGET +- scripts/config -e TCM_IBLOCK +- scripts/config -e TCM_FILEIO +- scripts/config -e TCM_PSCSI +- scripts/config -e TCM_USER +- scripts/config -e CONFIG_UIO +- scripts/config -e LOOPBACK_TARGET +- scripts/config -e TCM_FC +- scripts/config -e LIBFC +- scripts/config -e SCSI_FC_ATTRS +- scripts/config -e SCSI_ISCSI_ATTRS +- scripts/config -e ISCSI_TCP +- scripts/config -e SCSI_LOWLEVEL +- scripts/config -e SCSI_VIRTIO +- scripts/config -e HYPERVISOR_GUEST +- scripts/config -e PARAVIRT - yes '' | make oldconfig build-commands: - make $MAKEFLAGS diff --git a/strata/bsp-x86_64-generic.morph b/strata/bsp-x86_64-generic.morph index 749e3722..799af9d2 100644 --- a/strata/bsp-x86_64-generic.morph +++ b/strata/bsp-x86_64-generic.morph @@ -8,8 +8,8 @@ chunks: - name: linux-x86-64-generic morph: strata/bsp-x86_64-generic/linux-x86-64-generic.morph repo: upstream:linux - ref: bfa76d49576599a4b9f9b7a71f23d73d6dcff735 - unpetrify-ref: v3.19 + ref: 39a8804455fb23f09157341d3ba7db6d7ae6ee76 + unpetrify-ref: v4.0 - name: nasm morph: strata/bsp-x86_64-generic/nasm.morph repo: upstream:nasm diff --git a/strata/bsp-x86_64-generic/linux-x86-64-generic.morph b/strata/bsp-x86_64-generic/linux-x86-64-generic.morph index fe0721cc..7364b033 100644 --- a/strata/bsp-x86_64-generic/linux-x86-64-generic.morph +++ b/strata/bsp-x86_64-generic/linux-x86-64-generic.morph @@ -40,12 +40,17 @@ configure-commands: - scripts/config -e EXT4_FS_POSIX_ACL - scripts/config -e EXT4_FS_SECURITY - scripts/config -d EXT4_DEBUG +- scripts/config -e FUSE_FS +- scripts/config -e OVERLAY_FS +- scripts/config -e XFS_FS +- scripts/config -e LIBCRC32C - scripts/config -d JBD_DEBUG - scripts/config -d JBD2_DEBUG - scripts/config -e BLK_DEV_LOOP - scripts/config -d BLK_DEV_CRYPTOLOOP - scripts/config -e CEPH_FS - scripts/config --set-val BLK_DEV_LOOP_MIN_COUNT 8 +- scripts/config -e DM_SNAPSHOT - scripts/config -e VIRTIO - scripts/config -e VIRTIO_RING - scripts/config -e VIRTIO_PCI @@ -62,6 +67,16 @@ configure-commands: - scripts/config -e R8169 - scripts/config -e 8139TOO - scripts/config -e 8139CP +- scripts/config -e ATL1 +- scripts/config -e ATL1C +- scripts/config -e ATL1E +- scripts/config -e E100 +- scripts/config -e E1000 +- scripts/config -e E1000E +- scripts/config -e USB_USBNET +- scripts/config -e USB_NET_AX8817X +- scripts/config -e USB_NET_AX88179_178A +- scripts/config -e USB_NET_DM9601 - scripts/config -e IKCONFIG - scripts/config -e IKCONFIG_PROC - scripts/config -e SECCOMP @@ -73,13 +88,181 @@ configure-commands: - scripts/config -e BRIDGE - scripts/config -e VHOST_NET - scripts/config -e NF_NAT -- scripts/config -e NF_NAT_IPV4 +- scripts/config -e IP_NF_NAT - scripts/config -e IP_NF_TARGET_MASQUERADE - scripts/config -e FB_VESA - scripts/config -e HOTPLUG_PCI - scripts/config -e HOTPLUG_PCI_ACPI - scripts/config -e VLAN_8021Q - scripts/config -e BRIDGE_VLAN_FILTERING +- scripts/config -e BLK_DEV_NBD +- scripts/config -e BRIDGE_NF_EBTABLES +- scripts/config -e NETFILTER +- scripts/config -e NETFILTER_ADVANCED +- scripts/config -e NETFILTER_XT_MATCH_ADDRTYPE +- scripts/config -e OPENVSWITCH +- scripts/config -e OPENVSWITCH_VXLAN +- scripts/config -e CONFIG_OPENVSWITCH_GRE +- scripts/config -e NET_CLS_BASIC +- scripts/config -e NET_SCH_INGRESS +- scripts/config -e NET_ACT_POLICE +- scripts/config -e NET_IPGRE_DEMUX +- scripts/config -e NET_SCH_HTB +- scripts/config -e NET_SCH_HFSC +- scripts/config -e VXLAN +- scripts/config -e VETH +- scripts/config -e IP_NF_MATCH_AH +- scripts/config -e IP_NF_MATCH_ECN +- scripts/config -e IP_NF_MATCH_RPFILTER +- scripts/config -e IP_NF_MATCH_TTL +- scripts/config -e IP_NF_TARGET_SYNPROXY +- scripts/config -e IP_NF_TARGET_NETMAP +- scripts/config -e IP_NF_TARGET_REDIRECT +- scripts/config -e IP_NF_TARGET_CLUSTERIP +- scripts/config -e IP_NF_TARGET_ECN +- scripts/config -e IP_NF_TARGET_TTL +- scripts/config -e IP_NF_RAW +- scripts/config -e IP_NF_SECURITY +- scripts/config -e IP_NF_ARPTABLES +- scripts/config -e KVM_INTEL +- scripts/config -e NETFILTER_NETLINK_QUEUE +- scripts/config -e SCSI_NETLINK +- scripts/config -e NETFILTER_XT_TARGET_MARK +- scripts/config -e NETFILTER_XT_SET +- scripts/config -e IP_SET +- scripts/config -e IP_SET_BITMAP_IP +- scripts/config -e IP_SET_BITMAP_IPMAC +- scripts/config -e IP_SET_BITMAP_PORT +- scripts/config -e IP_SET_HASH_IP +- scripts/config -e IP_SET_HASH_IPMARK +- scripts/config -e IP_SET_HASH_IPPORT +- scripts/config -e IP_SET_HASH_IPPORTIP +- scripts/config -e IP_SET_HASH_IPPORTNET +- scripts/config -e IP_SET_HASH_MAC +- scripts/config -e IP_SET_HASH_NETPORTNET +- scripts/config -e IP_SET_HASH_NET +- scripts/config -e IP_SET_HASH_NETNET +- scripts/config -e IP_SET_HASH_NETPORT +- scripts/config -e IP_SET_HASH_NETIFACE +- scripts/config -e IP_SET_LIST_SET +- scripts/config -e NF_CONNTRACK_TIMEOUT +- scripts/config -e NF_CONNTRACK_TIMESTAMP +- scripts/config -e NF_CONNTRACK_EVENTS +- scripts/config -e NF_CONNTRACK_LABELS +- scripts/config -e NETFILTER_NETLINK_ACCT +- scripts/config -e NETFILTER_NETLINK_QUEUE_CT +- scripts/config -e NF_CT_PROTO_DCCP +- scripts/config -e NF_CT_PROTO_GRE +- scripts/config -e NF_CT_PROTO_SCTP +- scripts/config -e NF_CT_PROTO_UDPLITE +- scripts/config -e NF_CT_NETLINK_TIMEOUT +- scripts/config -e NF_CT_NETLINK_HELPER +- scripts/config -e NF_CONNTRACK_AMANDA +- scripts/config -e NF_CONNTRACK_H323 +- scripts/config -e NF_CONNTRACK_BROADCAST +- scripts/config -e NF_CONNTRACK_NETBIOS_NS +- scripts/config -e NF_CONNTRACK_SNMP +- scripts/config -e NF_CONNTRACK_PPTP +- scripts/config -e NF_CONNTRACK_SANE +- scripts/config -e NF_CONNTRACK_TFTP +- scripts/config -e NF_LOG_COMMON +- scripts/config -e NF_NAT_PROTO_DCCP +- scripts/config -e NF_NAT_PROTO_UDPLITE +- scripts/config -e NF_NAT_PROTO_SCTP +- scripts/config -e NF_NAT_AMANDA +- scripts/config -e NF_NAT_TFTP +- scripts/config -e NF_TABLES +- scripts/config -e NF_TABLES_INET +- scripts/config -e NFT_COMPAT +- scripts/config -e NFT_EXTHDR +- scripts/config -e NFT_META +- scripts/config -e NFT_CT +- scripts/config -e NFT_LIMIT +- scripts/config -e NFT_NAT +- scripts/config -e NFT_QUEUE +- scripts/config -e NFT_REJECT +- scripts/config -e NFT_REJECT_INET +- scripts/config -e NFT_RBTREE +- scripts/config -e NFT_HASH +- scripts/config -e NFT_COUNTER +- scripts/config -e NFT_LOG +- scripts/config -e NFT_MASQ +- scripts/config -e NETFILTER_XT_CONNMARK +- scripts/config -e NETFILTER_XT_TARGET_AUDIT +- scripts/config -e NETFILTER_XT_TARGET_CHECKSUM +- scripts/config -e NETFILTER_XT_TARGET_CLASSIFY +- scripts/config -e NETFILTER_XT_TARGET_CT +- scripts/config -e NETFILTER_XT_TARGET_DSCP +- scripts/config -e NETFILTER_XT_TARGET_HMARK +- scripts/config -e NETFILTER_XT_TARGET_LED +- scripts/config -e NETFILTER_XT_TARGET_LOG +- scripts/config -e NETFILTER_XT_TARGET_NFQUEUE +- scripts/config -e NETFILTER_XT_TARGET_RATEEST +- scripts/config -e NETFILTER_XT_TARGET_TPROXY +- scripts/config -e NETFILTER_XT_TARGET_TCPOPTSTRIP +- scripts/config -e NETFILTER_XT_TARGET_TEE +- scripts/config -e NETFILTER_XT_TARGET_TRACE +- scripts/config -e NETFILTER_XT_TARGET_IDLETIMER +- scripts/config -e NETFILTER_XT_MATCH_BPF +- scripts/config -e NETFILTER_XT_MATCH_CLUSTER +- scripts/config -e NETFILTER_XT_MATCH_COMMENT +- scripts/config -e NETFILTER_XT_MATCH_CONNBYTES +- scripts/config -e NETFILTER_XT_MATCH_CONNLABEL +- scripts/config -e NETFILTER_XT_MATCH_CONNLIMIT +- scripts/config -e NETFILTER_XT_MATCH_CPU +- scripts/config -e NETFILTER_XT_MATCH_DCCP +- scripts/config -e NETFILTER_XT_MATCH_DEVGROUP +- scripts/config -e NETFILTER_XT_MATCH_DSCP +- scripts/config -e NETFILTER_XT_MATCH_ESP +- scripts/config -e NETFILTER_XT_MATCH_HASHLIMIT +- scripts/config -e NETFILTER_XT_MATCH_HELPER +- scripts/config -e NETFILTER_XT_MATCH_IPCOMP +- scripts/config -e NETFILTER_XT_MATCH_IPRANGE +- scripts/config -e NETFILTER_XT_MATCH_IPVS +- scripts/config -e NETFILTER_XT_MATCH_L2TP +- scripts/config -e NETFILTER_XT_MATCH_LENGTH +- scripts/config -e NETFILTER_XT_MATCH_LIMIT +- scripts/config -e NETFILTER_XT_MATCH_MAC +- scripts/config -e NETFILTER_XT_MATCH_MULTIPORT +- scripts/config -e NETFILTER_XT_MATCH_NFACCT +- scripts/config -e NETFILTER_XT_MATCH_OSF +- scripts/config -e NETFILTER_XT_MATCH_OWNER +- scripts/config -e NETFILTER_XT_MATCH_CGROUP +- scripts/config -e NETFILTER_XT_MATCH_PHYSDEV +- scripts/config -e NETFILTER_XT_MATCH_PKTTYPE +- scripts/config -e NETFILTER_XT_MATCH_QUOTA +- scripts/config -e NETFILTER_XT_MATCH_RATEEST +- scripts/config -e NETFILTER_XT_MATCH_REALM +- scripts/config -e NETFILTER_XT_MATCH_RECENT +- scripts/config -e NETFILTER_XT_MATCH_SCTP +- scripts/config -e NETFILTER_XT_MATCH_SOCKET +- scripts/config -e NETFILTER_XT_MATCH_STATISTIC +- scripts/config -e NETFILTER_XT_MATCH_STRING +- scripts/config -e NETFILTER_XT_MATCH_TCPMSS +- scripts/config -e NETFILTER_XT_MATCH_TIME +- scripts/config -e NETFILTER_XT_MATCH_U32 +- scripts/config -e IP_VS +- scripts/config -e BRIDGE_NETFILTER +- scripts/config -e CRYPTO_CRC32C +- scripts/config -e CONFIGFS_FS +- scripts/config -e EXPERT +- scripts/config -e TARGET_CORE +- scripts/config -e ISCSI_TARGET +- scripts/config -e TCM_IBLOCK +- scripts/config -e TCM_FILEIO +- scripts/config -e TCM_PSCSI +- scripts/config -e TCM_USER +- scripts/config -e CONFIG_UIO +- scripts/config -e LOOPBACK_TARGET +- scripts/config -e TCM_FC +- scripts/config -e LIBFC +- scripts/config -e SCSI_FC_ATTRS +- scripts/config -e SCSI_ISCSI_ATTRS +- scripts/config -e ISCSI_TCP +- scripts/config -e SCSI_LOWLEVEL +- scripts/config -e SCSI_VIRTIO +- scripts/config -e HYPERVISOR_GUEST +- scripts/config -e PARAVIRT - yes '' | make oldconfig build-commands: - make $MAKEFLAGS diff --git a/strata/build-essential.morph b/strata/build-essential.morph index 0758fee8..4a03fe35 100644 --- a/strata/build-essential.morph +++ b/strata/build-essential.morph @@ -34,6 +34,13 @@ description: | PLEASE KEEP THE REFS IN 'armv7lhf-cross-toolchain' STRATUM UP TO DATE WITH THIS ONE! + + Please note that the chunk 'build-depends' field is treated differently in + this stratum to how other strata in definitions.git use it. Other strata + rely on the fact that dependencies of a dependency (called 'transitive + dependencies') are implicitly included in the staging area. Within + build-essential, some chunks list transitive dependencies explicitly to + make clearer what is going on. products: - artifact: build-essential-minimal include: @@ -62,8 +69,8 @@ chunks: - name: stage2-linux-api-headers morph: strata/build-essential/stage2-linux-api-headers.morph repo: upstream:linux - ref: bfa76d49576599a4b9f9b7a71f23d73d6dcff735 - unpetrify-ref: v3.19 + ref: 39a8804455fb23f09157341d3ba7db6d7ae6ee76 + unpetrify-ref: v4.0 build-depends: - stage1-binutils - stage1-gcc @@ -73,8 +80,8 @@ chunks: - name: stage2-glibc morph: strata/build-essential/stage2-glibc.morph repo: upstream:glibc - ref: 52cf9a0153c14df4f6ae3bd0e1e6cc5d171e586c - unpetrify-ref: baserock/glibc-2.20 + ref: 4e42b5b8f89f0e288e68be7ad70f9525aebc2cff + unpetrify-ref: glibc-2.21 build-depends: - stage1-binutils - stage1-gcc @@ -90,6 +97,7 @@ chunks: build-depends: - stage1-binutils - stage1-gcc + - stage2-linux-api-headers - stage2-glibc build-mode: bootstrap prefix: /tools @@ -102,6 +110,7 @@ chunks: build-depends: - stage1-binutils - stage1-gcc + - stage2-linux-api-headers - stage2-glibc build-mode: bootstrap prefix: /tools @@ -114,6 +123,7 @@ chunks: build-depends: - stage1-binutils - stage1-gcc + - stage2-linux-api-headers - stage2-glibc build-mode: bootstrap prefix: /tools @@ -126,6 +136,7 @@ chunks: build-depends: - stage1-binutils - stage1-gcc + - stage2-linux-api-headers - stage2-glibc - stage2-gcc-fixed-headers - stage2-libstdc++ @@ -140,6 +151,7 @@ chunks: build-depends: - stage1-binutils - stage1-gcc + - stage2-linux-api-headers - stage2-glibc build-mode: bootstrap prefix: /tools @@ -155,7 +167,7 @@ chunks: - name: stage2-fhs-dirs morph: strata/build-essential/stage2-fhs-dirs.morph repo: baserock:baserock/fhs-dirs - ref: 41bbb474cd4647ee715bc94c21c161d12a20deb4 + ref: 1218cbd38a4f4e9da75af6f7fae946ca92666afb unpetrify-ref: master build-mode: bootstrap prefix: /tools @@ -163,11 +175,12 @@ chunks: - name: stage2-gawk morph: strata/build-essential/stage2-gawk.morph repo: upstream:gawk - ref: dc5af665700d9b04fdf9c18930526d28eef5d5d9 - unpetrify-ref: gawk-4.1.1 + ref: 925f9363c4b0a5bb9375298afcdcf404efb32587 + unpetrify-ref: gawk-4.1-stable build-depends: - stage1-binutils - stage1-gcc + - stage2-linux-api-headers - stage2-glibc build-mode: bootstrap prefix: /tools @@ -180,6 +193,7 @@ chunks: build-depends: - stage1-binutils - stage1-gcc + - stage2-linux-api-headers - stage2-glibc build-mode: bootstrap prefix: /tools @@ -187,8 +201,8 @@ chunks: - name: stage2-reset-specs morph: strata/build-essential/stage2-reset-specs.morph repo: upstream:glibc - ref: 52cf9a0153c14df4f6ae3bd0e1e6cc5d171e586c - unpetrify-ref: baserock/glibc-2.20 + ref: 4e42b5b8f89f0e288e68be7ad70f9525aebc2cff + unpetrify-ref: glibc-2.21 build-depends: - stage1-binutils - stage1-gcc @@ -200,7 +214,7 @@ chunks: - name: fhs-dirs morph: strata/build-essential/fhs-dirs.morph repo: baserock:baserock/fhs-dirs - ref: 41bbb474cd4647ee715bc94c21c161d12a20deb4 + ref: 1218cbd38a4f4e9da75af6f7fae946ca92666afb unpetrify-ref: master build-depends: - stage2-binutils @@ -216,8 +230,8 @@ chunks: - name: linux-api-headers morph: strata/build-essential/linux-api-headers.morph repo: upstream:linux - ref: bfa76d49576599a4b9f9b7a71f23d73d6dcff735 - unpetrify-ref: v3.19 + ref: 39a8804455fb23f09157341d3ba7db6d7ae6ee76 + unpetrify-ref: v4.0 build-depends: - stage2-binutils - stage2-busybox @@ -232,8 +246,8 @@ chunks: - name: glibc morph: strata/build-essential/glibc.morph repo: upstream:glibc - ref: 52cf9a0153c14df4f6ae3bd0e1e6cc5d171e586c - unpetrify-ref: baserock/glibc-2.20 + ref: 4e42b5b8f89f0e288e68be7ad70f9525aebc2cff + unpetrify-ref: glibc-2.21 build-depends: - stage2-binutils - stage2-busybox @@ -332,7 +346,9 @@ chunks: - stage2-busybox - stage2-glibc - stage2-fhs-dirs + - stage2-gawk - stage2-gcc + - stage2-linux-api-headers - stage2-make - stage2-reset-specs - glibc @@ -355,6 +371,7 @@ chunks: - glibc - zlib - m4-tarball + - linux-api-headers artifacts: gcc-libs: build-essential-minimal diff --git a/strata/build-essential/busybox.morph b/strata/build-essential/busybox.morph index 85327648..b5418bc0 100644 --- a/strata/build-essential/busybox.morph +++ b/strata/build-essential/busybox.morph @@ -68,11 +68,6 @@ install-commands: # Set up man environment variables - mkdir -p "$DESTDIR"/etc - | - cat << EOF > "$DESTDIR/etc/profile" - # Set default pager to less - export MANPAGER='less -R' - EOF -- | cat << EOF > "$DESTDIR/etc/man.conf" # This file is used by man to provide a manpath for those without one by # examining their PATH environment variable. diff --git a/strata/build-essential/gcc.morph b/strata/build-essential/gcc.morph index 345d3b00..a9d25ac1 100644 --- a/strata/build-essential/gcc.morph +++ b/strata/build-essential/gcc.morph @@ -48,6 +48,8 @@ configure-commands: build-commands: - | case "$MORPH_ARCH" in + armv5*) sed -i "s/--host=none/--host=armv5/" o/Makefile + sed -i "s/--target=none/--target=armv5/" o/Makefile ;; armv7*) sed -i "s/--host=none/--host=armv7a/" o/Makefile sed -i "s/--target=none/--target=armv7a/" o/Makefile ;; esac diff --git a/strata/build-essential/glibc.morph b/strata/build-essential/glibc.morph index e6f87fde..f820547d 100644 --- a/strata/build-essential/glibc.morph +++ b/strata/build-essential/glibc.morph @@ -20,7 +20,10 @@ products: - (usr/)?lib/libSegFault\.so(\.\d+)*$ - artifact: glibc-libs include: + # This is processed after bins, so bins can take libSegFault.so - (usr/)?lib(32|64)?/lib[^/]*\.so(\.\d+)*$ + - etc/ld.so.conf + - etc/ld.so.conf.d - artifact: glibc-devel include: - (usr/)?include/.* @@ -56,7 +59,7 @@ configure-commands: $ARCH_FLAGS \ --prefix="$PREFIX" \ --disable-profile \ - --enable-kernel=2.6.25 \ + --enable-kernel=3.0.0 \ --without-cvs \ --without-selinux \ --enable-obsolete-rpc @@ -67,6 +70,7 @@ build-commands: install-commands: - cd o && make install_root="$DESTDIR" localtime=UTC install - mkdir -p "$DESTDIR/etc" +- mkdir -p "$DESTDIR/etc/ld.so.conf.d" - | cat <<EOF > nsswitch.conf passwd: compat @@ -92,9 +96,3 @@ install-commands: include /etc/ld.so.conf.d/*.conf EOF - install -m 644 -o root -g root ld.so.conf "$DESTDIR/etc/ld.so.conf" -# Compatibility symlink to work around the ABI break GLIBC introduced for -# ARMv7 hard-float platforms in commit d3b36017d43. -- case "$MORPH_ARCH" in - armv7*hf*) - ln -s ld-2.20.so "$DESTDIR/lib/ld-linux.so.3" ;; - esac diff --git a/strata/build-essential/linux-api-headers.morph b/strata/build-essential/linux-api-headers.morph index 0cd61ce1..62aa22b8 100644 --- a/strata/build-essential/linux-api-headers.morph +++ b/strata/build-essential/linux-api-headers.morph @@ -3,6 +3,8 @@ kind: chunk install-commands: - | case "$MORPH_ARCH" in + armv5l) + ARCH="arm" ;; armv7b|armv7l|armv7lhf) ARCH="arm" ;; armv8l64|armv8b64) diff --git a/strata/build-essential/stage2-gcc.morph b/strata/build-essential/stage2-gcc.morph index 98f9cfe7..cd600e18 100644 --- a/strata/build-essential/stage2-gcc.morph +++ b/strata/build-essential/stage2-gcc.morph @@ -52,6 +52,8 @@ configure-commands: build-commands: - | case "$MORPH_ARCH" in + armv5*) sed -i "s/--host=none/--host=armv5/" o/Makefile + sed -i "s/--target=none/--target=armv5/" o/Makefile ;; armv7*) sed -i "s/--host=none/--host=armv7a/" o/Makefile sed -i "s/--target=none/--target=armv7a/" o/Makefile ;; esac diff --git a/strata/build-essential/stage2-glibc.morph b/strata/build-essential/stage2-glibc.morph index 48ceb767..f44d0ebb 100644 --- a/strata/build-essential/stage2-glibc.morph +++ b/strata/build-essential/stage2-glibc.morph @@ -33,6 +33,7 @@ build-commands: install-commands: - cd o && make install_root="$DESTDIR" localtime=UTC install - mkdir -p "$DESTDIR/etc" +- mkdir -p "$DESTDIR/etc/ld.so.conf.d" - | cat <<EOF > ld.so.conf /lib @@ -41,7 +42,41 @@ install-commands: include /etc/ld.so.conf.d/*.conf EOF - install -m 644 -o root -g root ld.so.conf "$DESTDIR/etc/ld.so.conf" -- sh stage2-glibc-fix-specs +- | + # Fix up GCC to handle the sysroot containing glibc being in a different + # location for each chunk build. + # + # For headers, it's enough to pass -B in the CPPFLAGS. This would work for + # the startup files (crt*.o) as well, except where libtool is involved (in + # which case it strips -B out of your LDFLAGS before calling GCC). We get + # around this by making GCC locate them relative to the environment variable + # STAGE2_SYSROOT, which we can then set along with CPPFLAGS in each stage 2 + # chunk build. + # + # We also force the use of the program loader at PREFIX/lib/ld.so instead + # of its usual home in /lib or /lib64, which is necessary for the output of + # stage 2 to work as a chroot when building stage 3. + + sysroot="$(dirname "$(pwd)")" + specs_dir="$(dirname $($TARGET_STAGE1-gcc --print-libgcc-file-name))" + target_specs_dir="$DESTDIR/${specs_dir#$sysroot}" + mkdir -p "$target_specs_dir" + + $TARGET_STAGE1-gcc -dumpspecs | + sed -e "s@[gMS]\?crt[1in].o%s@%:getenv(STAGE2_SYSROOT $PREFIX/lib/&)@g" \ + -e "s@/lib\(64\)\?/ld@$PREFIX/lib/ld@g" \ + > "$target_specs_dir/specs-for-sysroot" + + # NASTY HACK # + # We create a symlink to the actual specs here, so that later the + # symlink can be replaced with a dangling link. + # + # This is necessary as we need to have gcc use its internal specs, + # which can differ to the specs generated by `gcc -dumpspecs`. + # + # The dangling symlink will not make it onto the final system, just + # like all other bootstrap only components. + ln -s specs-for-sysroot "$target_specs_dir/specs" # Install a symlink for the program interpreter (ld.so) so that binaries # built in stage 3 before the stage 3 glibc is built can use it. @@ -62,5 +97,7 @@ install-commands: "$DESTDIR/lib64/ld64.so.1" ;; *) loader=$(basename $(ls "$DESTDIR$PREFIX"/lib/ld-linux*)) + [ -z $loader ] && loader=$(basename $(ls "$DESTDIR$PREFIX"/lib/ld.so*)) + [ -z $loader ] && ( echo "Bug in stage2-glibc ld.so symlinks" ; exit 1 ) ln -s "$PREFIX/lib/$loader" "$DESTDIR/lib/$loader" esac diff --git a/strata/build-essential/stage2-linux-api-headers.morph b/strata/build-essential/stage2-linux-api-headers.morph index b296408f..1da94ee9 100644 --- a/strata/build-essential/stage2-linux-api-headers.morph +++ b/strata/build-essential/stage2-linux-api-headers.morph @@ -3,6 +3,8 @@ kind: chunk install-commands: - | case "$MORPH_ARCH" in + armv5l) + ARCH="arm" ;; armv7b|armv7l|armv7lhf) ARCH="arm" ;; armv8l64|armv8b64) diff --git a/strata/ceph-service.morph b/strata/ceph-service.morph index 0fc987c4..14601fbf 100644 --- a/strata/ceph-service.morph +++ b/strata/ceph-service.morph @@ -48,8 +48,8 @@ chunks: - name: ceph morph: strata/ceph-service/ceph.morph repo: upstream:ceph - ref: d3f2ec34d26264ec4deb0b54678ee7bbb2ebc76f - unpetrify-ref: master + ref: e61c4f093f88e44961d157f65091733580cea79a + unpetrify-ref: v0.94 build-depends: - libaio - gperftools diff --git a/strata/ceph-service/ceph.morph b/strata/ceph-service/ceph.morph index 9bb038d1..a6b06759 100644 --- a/strata/ceph-service/ceph.morph +++ b/strata/ceph-service/ceph.morph @@ -10,10 +10,10 @@ install-commands: - make install - install -D -m 755 src/init-ceph.in "$DESTDIR"/etc/init.d/ceph-SysV - install -D -m 755 systemd/ceph "$DESTDIR"/etc/systemd/system/ceph -- install -D -m 755 systemd/ceph-mon@.service "$DESTDIR"/etc/systemd/system/ceph-mon@.service -- install -D -m 755 systemd/ceph-osd@.service "$DESTDIR"/etc/systemd/system/ceph-osd@.service -- install -D -m 755 systemd/ceph-mds@.service "$DESTDIR"/etc/systemd/system/ceph-mds@.service -- install -D -m 755 systemd/ceph.target "$DESTDIR"/etc/systemd/system/ceph.target +- install -D -m 644 systemd/ceph-mon@.service "$DESTDIR"/etc/systemd/system/ceph-mon@.service +- install -D -m 644 systemd/ceph-osd@.service "$DESTDIR"/etc/systemd/system/ceph-osd@.service +- install -D -m 644 systemd/ceph-mds@.service "$DESTDIR"/etc/systemd/system/ceph-mds@.service +- install -D -m 644 systemd/ceph.target "$DESTDIR"/etc/systemd/system/ceph.target - install -d "$DESTDIR"/etc/ceph - install -D -d "$DESTDIR"/var/lib/ceph - install -d "$DESTDIR"/var/lib/ceph/mon diff --git a/strata/cloudinit-support.morph b/strata/cloudinit-support.morph index 1c752e58..9c89c7e4 100644 --- a/strata/cloudinit-support.morph +++ b/strata/cloudinit-support.morph @@ -7,24 +7,14 @@ build-depends: - morph: strata/python-common.morph - morph: strata/foundation.morph chunks: -- name: configobj - repo: upstream:configobj - ref: 935a78736e4eb43b9fafae87f5e9902328673f63 - unpetrify-ref: baserock/morph - name: python-cheetah repo: upstream:python-cheetah ref: 831aa6b99d9b4fb012ee644d8e80e0bc0eb6d6ed unpetrify-ref: baserock/morph -- name: boto - repo: upstream:boto - ref: bd49c22b5a30bf58096d58efc4762f1fea3e2caf - unpetrify-ref: baserock/morph - name: cloud-init morph: strata/cloudinit-support/cloud-init.morph repo: upstream:cloud-init ref: 130d51acc5b0becd64e7007f9dfe41a6e022eaec unpetrify-ref: baserock/morph build-depends: - - boto - - configobj - python-cheetah diff --git a/strata/core.morph b/strata/core.morph index b424a023..7f30de1c 100644 --- a/strata/core.morph +++ b/strata/core.morph @@ -12,8 +12,8 @@ chunks: - name: cmake morph: strata/core/cmake.morph repo: upstream:cmake - ref: 0b3781e4c497566acaa504d4106d11c02a642501 - unpetrify-ref: v2.8.12.2 + ref: 732d8a467ab8a295b1bbf580f865980f8a1a9b29 + unpetrify-ref: v3.2.1 - name: gdbm morph: strata/core/gdbm.morph repo: upstream:gdbm-tarball @@ -81,8 +81,8 @@ chunks: - name: openssl-new morph: strata/core/openssl-new.morph repo: upstream:openssl-new - ref: 872e681c00a713e840ebed77a4e05fa0e181f16f - unpetrify-ref: OpenSSL_1_0_1j + ref: 506c1068801fdeef5cb00f2053854bf56150fb6d + unpetrify-ref: OpenSSL_1_0_1m build-depends: - perl - name: bzip2 @@ -108,6 +108,12 @@ chunks: - sqlite3 - ncurses - readline +- name: cython + repo: upstream:cython + ref: 4dd8e762fa51d01775506fbbc102c45dbcea065d + unpetrify-ref: 0.22 + build-depends: + - cpython - name: libtool-tarball morph: strata/core/libtool-tarball.morph repo: upstream:libtool-tarball @@ -199,6 +205,7 @@ chunks: build-depends: - autoconf-tarball - automake + - bash - flex - gettext-tarball - git @@ -227,34 +234,55 @@ chunks: - autoconf-tarball - automake - libtool-tarball -- name: util-linux - morph: strata/core/util-linux.morph - repo: upstream:util-linux - ref: b567c9cbc854a36da0a198e4dcc463e134d26a25 - unpetrify-ref: v2.25.2 +- name: attr + morph: strata/core/attr.morph + repo: upstream:attr + ref: 4b005410f865895d4dcd56e2c135278a7a315877 + unpetrify-ref: baserock/morph build-depends: - autoconf-tarball - automake - gettext-tarball - - git - libtool-tarball - - pkg-config -- name: nano - morph: strata/core/nano.morph - repo: upstream:nano-tarball - ref: 8b74abeb02c01ddc768c465a826360cf33cec063 - unpetrify-ref: baserock/morph +- name: acl + morph: strata/core/acl.morph + repo: upstream:acl + ref: f13e09bd54fd4a501c4952f002ed2752bdd9f93b + unpetrify-ref: v2.2.52 build-depends: - - ncurses + - autoconf-tarball - automake - gettext-tarball -- name: bc - repo: upstream:bc-tarball - ref: 0956d119432ff6a2e85bae1fa336df799cad70b0 - unpetrify-ref: baserock/morph + - libtool-tarball + - attr +- name: linux-pam + morph: strata/core/linux-pam.morph + repo: upstream:linux-pam + ref: b1521c97e73b10469f7b34c0571d51c647eca83c + unpetrify-ref: Linux-PAM-1.1.8 build-depends: + - autoconf-tarball + - automake + - gettext-tarball + - libtool-tarball + - pkg-config - flex - - texinfo-tarball + - attr + - acl +- name: libcap2 + morph: strata/core/libcap2.morph + repo: upstream:libcap2 + ref: 4f7cca1bc9c2a274edb39d351b65747010d3ba7b + unpetrify-ref: baserock/morph + build-depends: + - autoconf-tarball + - automake + - gettext-tarball + - libtool-tarball + - pkg-config + - attr + - acl + - linux-pam - name: shadow morph: strata/core/shadow.morph repo: upstream:shadow @@ -266,6 +294,31 @@ chunks: - gettext-tarball - libtool-tarball - bison + - attr + - acl + - linux-pam + - libcap2 +- name: util-linux + morph: strata/core/util-linux.morph + repo: upstream:util-linux + ref: 34760e62e0d5a25262a6aa801b2f1df61216363f + unpetrify-ref: v2.26.1 + build-depends: + - autoconf-tarball + - automake + - gettext-tarball + - git + - libtool-tarball + - pkg-config + - linux-pam + - shadow +- name: bc + repo: upstream:bc-tarball + ref: 0956d119432ff6a2e85bae1fa336df799cad70b0 + unpetrify-ref: baserock/morph + build-depends: + - flex + - texinfo-tarball - name: patch morph: strata/core/patch.morph repo: upstream:patch @@ -273,3 +326,51 @@ chunks: unpetrify-ref: baserock/v2.7.1 build-depends: - shadow +- name: libxslt + repo: upstream:libxslt + ref: 73e08bf7c36a9145d38f51d37e66529b873c011a + unpetrify-ref: master + build-depends: + - autoconf-tarball + - libtool-tarball + - automake + - libxml2 +- name: gnome-common + repo: upstream:gnome-common + ref: 5d61b55e8bea32fe2b52e21682ee4b3719b290c5 + unpetrify-ref: 3.14.0 + build-depends: + - autoconf-tarball + - automake +- name: libffi + morph: strata/foundation/libffi.morph + repo: upstream:libffi + ref: 77d4586cc47e8f4c02278afbc220145bba0d442b + unpetrify-ref: baserock/morph + build-depends: + - autoconf-tarball + - automake +- name: glib + repo: upstream:glib + ref: 966ffb16f6bd54cb3d928a55d00d0eda73592094 + unpetrify-ref: 2.44.0 + build-depends: + - autoconf-tarball + - automake + - cpython + - gettext-tarball + - libffi + - pkg-config +- name: gobject-introspection + repo: upstream:gobject-introspection + ref: c0243e116c5e261c262dded9f4d7726a770c5a19 + unpetrify-ref: GOBJECT_INTROSPECTION_1_44_0 + build-depends: + - autoconf-tarball + - automake + - bison + - cpython + - flex + - glib + - libffi + - pkg-config diff --git a/strata/core/acl.morph b/strata/core/acl.morph new file mode 100644 index 00000000..23f08c1f --- /dev/null +++ b/strata/core/acl.morph @@ -0,0 +1,6 @@ +name: acl +kind: chunk +build-commands: +- make +install-commands: +- make DESTDIR="$DESTDIR" install-lib install-dev diff --git a/strata/foundation/attr.morph b/strata/core/attr.morph index 46d0b9c0..46d0b9c0 100644 --- a/strata/foundation/attr.morph +++ b/strata/core/attr.morph diff --git a/strata/core/bash.morph b/strata/core/bash.morph index 9639593b..5d0b8f03 100644 --- a/strata/core/bash.morph +++ b/strata/core/bash.morph @@ -1,8 +1,37 @@ name: bash kind: chunk +build-system: autotools configure-commands: -- ./configure --prefix=/usr --bindir=/bin --without-bash-malloc --with-installed-readline -build-commands: -- make -install-commands: -- make DESTDIR="$DESTDIR" install +- | + export CFLAGS="${CFLAGS} -DSYS_BASHRC='\"/etc/bash.bashrc\"'"; + ./configure --prefix="$PREFIX" \ + --bindir=/bin \ + --without-bash-malloc \ + --with-installed-readline \ + --enable-readline +post-install-commands: +- | + cat <<'EOF' >> bash.bashrc + # + # /etc/bash.bashrc + # + + # If not running interactively, don't do anything + [[ $- != *i* ]] && return + + # Configure prompt for different terminals + case ${TERM} in + xterm*|rxvt*|Eterm|aterm|kterm|gnome*) + PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"' + + ;; + screen) + PROMPT_COMMAND=${PROMPT_COMMAND:+$PROMPT_COMMAND; }'printf "\033_%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/\~}"' + ;; + esac + + # Enable bash completion if present + [ -r /usr/share/bash-completion/bash_completion ] && . /usr/share/bash-completion/bash_completion + EOF +- mkdir -p "$DESTDIR"/etc +- install -m 644 bash.bashrc "$DESTDIR"/etc/bash.bashrc diff --git a/strata/core/bison.morph b/strata/core/bison.morph index 5f50fe89..7c7fffd9 100644 --- a/strata/core/bison.morph +++ b/strata/core/bison.morph @@ -2,4 +2,4 @@ name: bison kind: chunk build-system: autotools pre-configure-commands: -- ./bootstrap --skip-po +- bash bootstrap --skip-po diff --git a/strata/foundation/libcap2.morph b/strata/core/libcap2.morph index 3e4f205e..3e4f205e 100644 --- a/strata/foundation/libcap2.morph +++ b/strata/core/libcap2.morph diff --git a/strata/core/linux-pam.morph b/strata/core/linux-pam.morph new file mode 100644 index 00000000..71ad98e9 --- /dev/null +++ b/strata/core/linux-pam.morph @@ -0,0 +1,9 @@ +name: linux-pam +kind: chunk +build-system: autotools +pre-configure-commands: +- autoreconf -ivf +configure-commands: +# libdir has to be specified or it'll go into lib64. It has to be /lib because +# systemd installs its pam library into /lib/security. +- ./configure --prefix="$PREFIX" --libdir="/lib" diff --git a/strata/core/nano.morph b/strata/core/nano.morph deleted file mode 100644 index 6a55dc2d..00000000 --- a/strata/core/nano.morph +++ /dev/null @@ -1,4 +0,0 @@ -name: nano -kind: chunk -pre-configure-commands: -- autoreconf -ivf diff --git a/strata/core/shadow.morph b/strata/core/shadow.morph index 6887a6b3..c8715a7d 100644 --- a/strata/core/shadow.morph +++ b/strata/core/shadow.morph @@ -2,4 +2,52 @@ name: shadow kind: chunk build-system: autotools configure-commands: -- ./autogen.sh --with-selinux=no --sysconfdir=/etc +# Installing to /bin so that they overwrite busybox login. +- | + ./autogen.sh --with-selinux=no \ + --sysconfdir=/etc \ + --with-libpam=yes \ + --prefix="$PREFIX" \ + --bindir=/bin +post-install-commands: +# Disable things handled by pam instead +- | + for OPTION in FAIL_DELAY \ + FAILLOG_ENAB \ + LASTLOG_ENAB \ + MAIL_CHECK_ENAB \ + OBSCURE_CHECKS_ENAB \ + PORTTIME_CHECKS_ENAB \ + QUOTAS_ENAB \ + CONSOLE MOTD_FILE \ + FTMP_FILE \ + NOLOGINS_FILE \ + ENV_HZ \ + PASS_MIN_LEN \ + SU_WHEEL_ONLY \ + CRACKLIB_DICTPATH \ + PASS_CHANGE_TRIES \ + PASS_ALWAYS_WARN \ + CHFN_AUTH \ + ENVIRON_FILE + do + sed -i -e "s/^${OPTION}.*/# & #This option is handled by PAM instead./" \ + "$DESTDIR/etc/login.defs" + done +# ENCRYPT_METHOD is handled specially with PAM, it will use the default as +# provided in login.defs, but it may be overridden in the pam.d config. +# We do not currently override this though, and it's better to guard oursleves +# against accidentally reducing password security by forgetting to include the +# algorithm as an argument to the PAM module, so ENCRYPT_METHOD is configured +# here, rather than in PAM. +- | + if grep -q '[\s#]ENCRYPT_METHOD' "$DESTDIR/etc/login.defs"; then + sed -i -e '/^[\s#]*ENCRYPT_METHOD /s/.*/ENCRYPT_METHOD SHA512/g' "$DESTDIR/etc/login.defs" + else + echo 'ENCRYPT_METHOD SHA512' >>"$DESTDIR/etc/login.defs" + fi + +# The default pam.d config files have pam_selinux.so as a requirement, even +# when shadow is configured '--with-selinux=no'. We change this default config +# to make this requirement optional. +- sed -i -e 's/\(.*\)required\(.*pam_selinux.so.*\)/\1optional\2/' "$DESTDIR"/etc/pam.d/* diff --git a/strata/core/util-linux.morph b/strata/core/util-linux.morph index 22f19529..eebba6f6 100644 --- a/strata/core/util-linux.morph +++ b/strata/core/util-linux.morph @@ -3,4 +3,8 @@ kind: chunk build-system: autotools configure-commands: - ./autogen.sh -- ./configure --prefix="$PREFIX" --disable-use-tty-group +# Installing to /bin so that they overwrite busybox login. +- | + ./configure --prefix="$PREFIX" \ + --disable-use-tty-group \ + --bindir=/bin diff --git a/strata/coreutils-common.morph b/strata/coreutils-common.morph index f226f50b..430e3fe5 100644 --- a/strata/coreutils-common.morph +++ b/strata/coreutils-common.morph @@ -26,3 +26,10 @@ chunks: unpetrify-ref: baserock/v3.3 build-depends: - coreutils +- name: tar + morph: strata/coreutils-common/tar.morph + repo: upstream:tar + ref: 9a58d148c26c220cb1b163c71e7a51a2e41f6b37 + unpetrify-ref: baserock/release_1_28 + build-depends: + - coreutils diff --git a/strata/coreutils-common/tar.morph b/strata/coreutils-common/tar.morph new file mode 100644 index 00000000..17d6a597 --- /dev/null +++ b/strata/coreutils-common/tar.morph @@ -0,0 +1,18 @@ +name: tar +kind: chunk +build-system: autotools +pre-configure-commands: +- rm .gitmodules +- bash bootstrap --skip-po --gnulib-srcdir="$(pwd)/gnulib" --paxutils-srcdir="$(pwd)/paxutils" +configure-commands: +# Configure flag notes: +# 1. Needed to run configure as root +# 2. Disable some warning that cause the build to fail +# 3. To use GNU tar instead the busybox one. +# This will dissappear when we merge /usr/bin and /bin + +- | + `# [1]` env FORCE_UNSAFE_CONFIGURE=1 \ + ./configure --prefix="$PREFIX" \ + `# [2]` --disable-gcc-warnings \ + `# [3]` --bindir=/bin diff --git a/strata/databases/memcached.morph b/strata/databases/memcached.morph index f1cb287e..e81a8be1 100644 --- a/strata/databases/memcached.morph +++ b/strata/databases/memcached.morph @@ -8,7 +8,7 @@ configure-commands: - ./configure --prefix="$PREFIX" install-commands: - make install -- install -D -m 755 scripts/memcached.service "$DESTDIR$PREFIX"/lib/systemd/system/memcached.service +- install -D -m 644 scripts/memcached.service "$DESTDIR$PREFIX"/lib/systemd/system/memcached.service post-install-commands: - mkdir -p "$DESTDIR"/etc/sysconfig - | diff --git a/strata/devtools.morph b/strata/devtools.morph index 9a295db5..5fb93c1d 100644 --- a/strata/devtools.morph +++ b/strata/devtools.morph @@ -6,8 +6,14 @@ description: | stratum should not have any dependants (please don't build-depend on this stratum) build-depends: -- morph: strata/foundation.morph +- morph: strata/core.morph +- morph: strata/python-core.morph chunks: +- name: nano + morph: strata/devtools/nano.morph + repo: upstream:nano-tarball + ref: fb040ea36cb8e2158ccd9100600652f94ae90af1 + unpetrify-ref: baserock/morph - name: vim morph: strata/devtools/vim.morph repo: upstream:vim @@ -26,3 +32,7 @@ chunks: repo: upstream:less ref: 09a405d8f652b56944c93ebf5c673cdfe5319b04 unpetrify-ref: baserock/morph +- name: git-review + repo: upstream:git-review + ref: 79262a52301c146a6b60d09a828661a83a5f5ba7 + unpetrify-ref: master diff --git a/strata/devtools/nano.morph b/strata/devtools/nano.morph new file mode 100644 index 00000000..3eeee120 --- /dev/null +++ b/strata/devtools/nano.morph @@ -0,0 +1,16 @@ +name: nano +kind: chunk +build-system: autotools +configure-commands: +- ./configure --prefix="$PREFIX" --sysconfdir=/etc +post-install-commands: +- | + cat <<EOF >> nanorc + set smooth + include /usr/share/nano/c.nanorc + include /usr/share/nano/patch.nanorc + include /usr/share/nano/python.nanorc + include /usr/share/nano/sh.nanorc + EOF +- mkdir -p "$DESTDIR"/etc +- install -m 644 nanorc "$DESTDIR"/etc/nanorc diff --git a/strata/foundation.morph b/strata/foundation.morph index eea872a8..29473e6d 100644 --- a/strata/foundation.morph +++ b/strata/foundation.morph @@ -4,11 +4,10 @@ description: Basic userland runtime system build-depends: - morph: strata/coreutils-common.morph chunks: -- name: attr - morph: strata/foundation/attr.morph - repo: upstream:attr - ref: 4b005410f865895d4dcd56e2c135278a7a315877 - unpetrify-ref: baserock/morph +- name: bash-completion + repo: upstream:bash-completion + ref: 3085c7e12179817a02a611016606391295c69942 + unpetrify-ref: 2.1 - name: groff morph: strata/foundation/groff.morph repo: upstream:groff-git @@ -24,65 +23,35 @@ chunks: repo: upstream:tz ref: a0782484f101ac55c916568bc1c490d7761fc904 unpetrify-ref: 2015a -- name: libcap2 - morph: strata/foundation/libcap2.morph - repo: upstream:libcap2 - ref: 4f7cca1bc9c2a274edb39d351b65747010d3ba7b - unpetrify-ref: baserock/morph - build-depends: - - attr -- name: libffi - morph: strata/foundation/libffi.morph - repo: upstream:libffi - ref: 77d4586cc47e8f4c02278afbc220145bba0d442b - unpetrify-ref: baserock/morph - name: pciutils morph: strata/foundation/pciutils.morph repo: upstream:pciutils ref: bae04bd0473c68a2f21b7712a627abb08fd84b29 unpetrify-ref: baserock/morph -- name: glib - repo: upstream:glib - ref: 4125415e7f4d1213fc7122beac0d91af08e37b28 - build-depends: - - libffi -- name: gobject-introspection - repo: upstream:gobject-introspection - ref: a543d8563f8e9ca059afb7218c63496f577cd0fc - build-depends: - - glib - name: dbus-pre morph: strata/foundation/dbus-pre.morph repo: upstream:dbus - ref: ff01faa12daa3481d6a3d2936929c5a2a1fe6fb5 - unpetrify-ref: baserock/genivi/dbus-1.8.8 - build-depends: - - glib + ref: 3c055572ced8f63eb9756caa4b1a19225f22e6ff + unpetrify-ref: baserock/dbus-1.8.16-1-g3c05557/genivi/J-1.0 - name: libgpg-error + morph: strata/foundation/libgpg-error.morph repo: upstream:libgpg-error - ref: a498812d767c59ae2b75b0c985f5280b139e7dc4 + ref: d77c33ae608d67086ea057cca5ddee99a7202f8b + unpetrify-ref: libgpg-error-1.19 - name: libgcrypt repo: upstream:libgcrypt ref: 412eed473b557ed2172d81d76fa1e1f53c973a67 build-depends: - libgpg-error -- name: linux-pam - morph: strata/foundation/linux-pam.morph - repo: upstream:linux-pam - ref: b1521c97e73b10469f7b34c0571d51c647eca83c - unpetrify-ref: Linux-PAM-1.1.8 - name: systemd morph: strata/foundation/systemd.morph repo: upstream:systemd - ref: a88abde72169ddc2df77df3fa5bed30725022253 - unpetrify-ref: v219 + ref: 163ab2961268232e1cb49e990a8ccefe24b7649f + unpetrify-ref: baserock/v219-729-g163ab29-jetson_btrfs_fixes build-depends: - dbus-pre - - gobject-introspection - kmod - - libcap2 - libgcrypt - - linux-pam - name: libusb repo: upstream:libusb ref: e11525c66c7dd2db466c8f5785ff0b37d6a99ec9 @@ -105,13 +74,6 @@ chunks: repo: upstream:fuse ref: d69e627e79862e2df4ff9ff1ddb0363c4520d8a8 unpetrify-ref: baserock/morph -- name: acl - morph: strata/foundation/acl.morph - repo: upstream:acl - ref: f13e09bd54fd4a501c4952f002ed2752bdd9f93b - unpetrify-ref: v2.2.52 - build-depends: - - attr - name: e2fsprogs morph: strata/foundation/e2fsprogs.morph repo: upstream:e2fsprogs @@ -123,22 +85,15 @@ chunks: ref: 563ff3b07d85517e3589a1f2e6f45a8265e3f071 unpetrify-ref: v3.18.2 build-depends: - - attr - - acl - lzo - e2fsprogs - name: dbus morph: strata/foundation/dbus.morph repo: upstream:dbus - ref: ff01faa12daa3481d6a3d2936929c5a2a1fe6fb5 - unpetrify-ref: baserock/genivi/dbus-1.8.8 + ref: 3c055572ced8f63eb9756caa4b1a19225f22e6ff + unpetrify-ref: baserock/dbus-1.8.16-1-g3c05557/genivi/J-1.0 build-depends: - - glib - systemd -- name: libxslt - repo: upstream:libxslt - ref: 8785a2ffd0d146df0395ab71ce4734d0a8ba0f7e - unpetrify-ref: baserock/morph - name: openssh morph: strata/foundation/openssh.morph repo: upstream:openssh-git @@ -151,15 +106,12 @@ chunks: repo: baserock:baserock/tbdiff ref: 47fb728f2432929868666afc915dbc5a64836c08 unpetrify-ref: master - build-depends: - - attr - name: dbus-glib repo: upstream:dbus-glib ref: 397e8297d433547c9bf4150ddd2b9e0b4c39628c unpetrify-ref: dbus-glib_0.102 build-depends: - dbus - - glib - name: rsync morph: strata/foundation/rsync.morph repo: upstream:rsync diff --git a/strata/foundation/acl.morph b/strata/foundation/acl.morph deleted file mode 100644 index 4489f5d5..00000000 --- a/strata/foundation/acl.morph +++ /dev/null @@ -1,4 +0,0 @@ -name: acl -kind: chunk -install-commands: -- make DESTDIR="$DESTDIR" install-dev diff --git a/strata/foundation/kmod.morph b/strata/foundation/kmod.morph index 12ac8692..8f158e8e 100644 --- a/strata/foundation/kmod.morph +++ b/strata/foundation/kmod.morph @@ -5,15 +5,45 @@ configure-commands: - sed -i -e'/SUBDIRS/{s/\S*doc\S*//;s/\S*man\S*//}' Makefile.am - sed -i -e'/AC_CONFIG_FILES(\[/,/])/{/docs/d}' configure.ac - autoreconf -fiv -- ./configure --prefix=/usr --bindir=/bin --libdir=/lib --sysconfdir=/etc --without-xz - --with-zlib --disable-manpages +- | + ./configure --prefix="$PREFIX" --bindir="$PREFIX"/bin \ + --libdir="$PREFIX"/lib --sysconfdir=/etc \ + --without-xz --with-zlib \ + --disable-manpages --enable-python build-commands: - make install-commands: -- make DESTDIR="$DESTDIR" pkgconfigdir=/usr/lib/pkgconfig install -- ln -s kmod "$DESTDIR"/bin/modprobe -- ln -s kmod "$DESTDIR"/bin/lsmod -- ln -s kmod "$DESTDIR"/bin/rmmod -- ln -s kmod "$DESTDIR"/bin/insmod -- ln -s kmod "$DESTDIR"/bin/modinfo -- ln -s kmod "$DESTDIR"/bin/depmod +- make DESTDIR="$DESTDIR" pkgconfigdir="$PREFIX"/lib/pkgconfig install + +# WARNING with the following command: +# if the staging area when kmod is built is sufficiently different to the +# staging area that kmod is included in, then these symlinks may not work. +# +# i.e. if /sbin isn't a symlink when this is built (fhs-dirs isn't included or +# doesn't symlink /sbin to /usr/bin) then we get symlinks in /sbin which point +# to ../usr/bin, but if /sbin is itself a symlink to /usr/bin, then the symlinks +# would end up in /usr/bin, which would point to ../usr/bin, which would evaluate +# to /usr/usr/bin. +# +# The alternatives to this are: +# +# 1. Use hardlinks instead, which has the problem of ssh-rsync upgrades duplicating +# the binary +# +# 2. Use an absolute path for the symlink, which makes things interesting when +# inspecting a chroot +# +# 3. Use a wrapper script to invoke kmod with a different name, which isn't +# possible in busybox ash without making a temporary directory, which means +# you need an extra process to hang around to clean that directory up. +- | + if [ -h /sbin ]; then + for app in modprobe lsmod rmmod insmod modinfo depmod; do + ln -sf kmod "$DESTDIR$PREFIX/bin/$app" + done + else + install -d "$DESTDIR"/sbin + for app in modprobe lsmod rmmod insmod modinfo depmod; do + ln -sf ../"$PREFIX"/bin/kmod "$DESTDIR/sbin/$app" + done + fi diff --git a/strata/foundation/libgpg-error.morph b/strata/foundation/libgpg-error.morph new file mode 100644 index 00000000..bc8dcdab --- /dev/null +++ b/strata/foundation/libgpg-error.morph @@ -0,0 +1,7 @@ +name: libgpg-error +kind: chunk +build-system: autotools +pre-configure-commands: +- autoreconf -fi +configure-commands: +- ./configure --prefix="$PREFIX" --disable-doc diff --git a/strata/foundation/linux-pam.morph b/strata/foundation/linux-pam.morph deleted file mode 100644 index 0dfbe759..00000000 --- a/strata/foundation/linux-pam.morph +++ /dev/null @@ -1,15 +0,0 @@ -name: linux-pam -kind: chunk -build-system: autotools -pre-configure-commands: -- autoreconf -ivf -post-install-commands: -# sudo command is expecting this file. -- | - install -D -m 0644 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/pam.d/other - #%PAM-1.0 - auth required pam_unix.so - account required pam_unix.so - password required pam_unix.so - session required pam_unix.so - EOF diff --git a/strata/foundation/rsync.morph b/strata/foundation/rsync.morph index fb10f94e..54337412 100644 --- a/strata/foundation/rsync.morph +++ b/strata/foundation/rsync.morph @@ -6,4 +6,4 @@ build-commands: - make install-commands: - make install -- install -D -m 755 packaging/systemd/rsync.service "$DESTDIR$PREFIX"/lib/systemd/system/rsync.service +- install -D -m 644 packaging/systemd/rsync.service "$DESTDIR$PREFIX"/lib/systemd/system/rsync.service diff --git a/strata/foundation/systemd.morph b/strata/foundation/systemd.morph index 81db9acd..5dc48e70 100644 --- a/strata/foundation/systemd.morph +++ b/strata/foundation/systemd.morph @@ -1,11 +1,23 @@ name: systemd kind: chunk build-system: autotools +pre-configure-commands: +# systemd prematurely kills the user session. This is a known bug in systemd +# https://bugs.freedesktop.org/show_bug.cgi?id=70593 +- | + cat >> units/user@.service.m4.in <<EOF + KillSignal=SIGCONT + ExecStop=/bin/kill -TERM \$MAINPID + EOF configure-commands: - sh autogen.sh -- ./configure --prefix="$PREFIX" --enable-xz --disable-manpages --sysconfdir=/etc - --localstatedir=/var --libdir="$PREFIX/lib" --libexecdir="$PREFIX/libexec" --with-rootprefix= - --with-rootlibdir=/lib +# KILL added because it picks up /usr/bin/kill, which is not installed on +# all systems +- | + KILL=/bin/kill ./configure --prefix="$PREFIX" --enable-xz --disable-manpages \ + --disable-tests --sysconfdir=/etc --localstatedir=/var \ + --libdir="$PREFIX/lib" --libexecdir="$PREFIX/libexec" \ + --with-rootprefix= --with-rootlibdir=/lib install-commands: - make DESTDIR="$DESTDIR" install - mkdir -p "$DESTDIR"/sbin @@ -25,3 +37,10 @@ post-install-commands: [Network] DHCP=yes EOF +# Use the pam config systemd provides +- cp -a "$DESTDIR/$PREFIX"/share/factory/etc/pam.d/* "$DESTDIR/etc/pam.d" + +# Add pam_deny.so to the default systemd-auth pam.d config file. Without +# it, if shadow is configured to use PAM, it would be possible to login +# to a system with the wrong password. +- echo 'auth requisite pam_deny.so' >> "$DESTDIR"/etc/pam.d/system-auth diff --git a/strata/gitlab.morph b/strata/gitlab.morph deleted file mode 100644 index ab77e7bb..00000000 --- a/strata/gitlab.morph +++ /dev/null @@ -1,21 +0,0 @@ -name: gitlab -kind: stratum -description: gitlab components for server, ci etc -build-depends: -- morph: strata/ruby.morph -chunks: -- name: gitlab-ce - morph: strata/gitlab/gitlab-ce.morph - repo: upstream:gitlab/gitlab-ce - ref: 53d98a77d34cbfddaef9eb25cf5f651a78550425 - unpetrify-ref: baserock/v7.0.0 -- name: gitlab-ci - morph: strata/gitlab/gitlab-ci.morph - repo: upstream:gitlab/gitlab-ci - ref: c74044d65dec2ba8311e242c84e07a67abd52d37 - unpetrify-ref: baserock/morph -- name: gitlab-shell - morph: strata/gitlab/gitlab-shell.morph - repo: upstream:gitlab/gitlab-shell - ref: 0b4106d57223c666d9360339fd3790174aa43800 - unpetrify-ref: baserock/morph diff --git a/strata/gitlab/gitlab-ce.morph b/strata/gitlab/gitlab-ce.morph deleted file mode 100644 index 571881f8..00000000 --- a/strata/gitlab/gitlab-ce.morph +++ /dev/null @@ -1,6 +0,0 @@ -name: gitlab-ce -kind: chunk -install-commands: -- mkdir -p "$DESTDIR/$PREFIX/share/gitlab-ce" -- cp -R * "$DESTDIR/$PREFIX/share/gitlab-ce" -- chmod -R a+rX,g+w "$DESTDIR/$PREFIX/share/gitlab-ce" diff --git a/strata/gitlab/gitlab-ci.morph b/strata/gitlab/gitlab-ci.morph deleted file mode 100644 index 99d01367..00000000 --- a/strata/gitlab/gitlab-ci.morph +++ /dev/null @@ -1,6 +0,0 @@ -name: gitlab-ci -kind: chunk -install-commands: -- mkdir -p "$DESTDIR/$PREFIX/share/gitlab-ci" -- cp -R * "$DESTDIR/$PREFIX/share/gitlab-ci" -- chmod -R a+rX,g+w "$DESTDIR/$PREFIX/share/gitlab-ci" diff --git a/strata/gitlab/gitlab-shell.morph b/strata/gitlab/gitlab-shell.morph deleted file mode 100644 index 069c6c41..00000000 --- a/strata/gitlab/gitlab-shell.morph +++ /dev/null @@ -1,6 +0,0 @@ -name: gitlab-shell -kind: chunk -install-commands: -- mkdir -p "$DESTDIR/$PREFIX/share/gitlab-shell" -- cp -R * "$DESTDIR/$PREFIX/share/gitlab-shell" -- chmod -R a+rX,g+w "$DESTDIR/$PREFIX/share/gitlab-shell" diff --git a/strata/graphics-common.morph b/strata/graphics-common.morph index d885ff72..c23ec829 100644 --- a/strata/graphics-common.morph +++ b/strata/graphics-common.morph @@ -26,8 +26,8 @@ chunks: unpetrify-ref: baserock/morph - name: libpng repo: upstream:libpng - ref: 259fb7761d747655c607efcec7a12ff1f3c24561 - unpetrify-ref: libpng-1.6.13-signed + ref: 88dd30b232362b65cca374dda39096888163dd6b + unpetrify-ref: libpng-1.6.16-signed - name: libjpeg repo: upstream:libjpeg ref: f57ac58ac664ede6bc6e8cd9d88e0edaa366e21a diff --git a/strata/gtk-deps.morph b/strata/gtk-deps.morph index 0493245f..750ad8c2 100644 --- a/strata/gtk-deps.morph +++ b/strata/gtk-deps.morph @@ -7,6 +7,7 @@ build-depends: - morph: strata/x-common.morph chunks: - name: pango + morph: strata/gtk-deps/pango.morph repo: upstream:pango ref: e0a21abf52a0b7588b1aa3357818948816ed9103 unpetrify-ref: 1.36.8 @@ -15,10 +16,6 @@ chunks: repo: upstream:shared-mime-info ref: c136fc2578aa8f7c0e098008da18d324033eb991 unpetrify-ref: Release-1-4 -- name: gnome-common - repo: upstream:gnome-common - ref: d213283fcb5228d05eb2c796579f18240e8467e8 - unpetrify-ref: 3.12.0 - name: gdk-pixbuf morph: strata/gtk-deps/gdk-pixbuf.morph repo: upstream:gdk-pixbuf @@ -26,10 +23,8 @@ chunks: unpetrify-ref: 2.30.8 - name: atk repo: upstream:atk - ref: 2fb9411c3f32adb7ee421b59e36d2e0aa2f30253 - unpetrify-ref: ATK_2_15_4 - build-depends: - - gnome-common + ref: 3f9e43b94364053fd16eb53391667d161d0dae12 + unpetrify-ref: ATK_2_16_0 - name: at-spi2-core repo: upstream:at-spi2-core ref: 96c2842088008670e72739ea7921d654487a57fb diff --git a/strata/gtk-deps/pango.morph b/strata/gtk-deps/pango.morph new file mode 100644 index 00000000..82b00ee3 --- /dev/null +++ b/strata/gtk-deps/pango.morph @@ -0,0 +1,8 @@ +name: pango +kind: chunk +build-system: autotools +system-integration: + pango-misc: + 01-setup-modules: + - mkdir -p /usr/etc/pango/ + - /usr/bin/pango-querymodules > /usr/etc/pango/pango.modules diff --git a/strata/gtk2.morph b/strata/gtk2.morph index 4a19606a..dd2f30fa 100644 --- a/strata/gtk2.morph +++ b/strata/gtk2.morph @@ -8,4 +8,5 @@ chunks: - name: gtk+ morph: strata/gtk2/gtk+.morph repo: upstream:gtk+ - ref: fbf38d16bcc26630f0f721d266509f5bc292f606 + ref: e6333a1a374591fef456f7fe73942226b5b8b388 + unpetrify-ref: 2.24.27 diff --git a/strata/gtk3.morph b/strata/gtk3.morph index 826555a0..f03417a2 100644 --- a/strata/gtk3.morph +++ b/strata/gtk3.morph @@ -12,7 +12,7 @@ chunks: - name: gtk3 morph: strata/gtk3/gtk3.morph repo: upstream:gtk+ - ref: da163469f9d344190f69bfc163517154af0e2dab - unpetrify-ref: 3.15.4 + ref: a816ccd4968f1e221b92bfd1e2b2dc27703d6db5 + unpetrify-ref: 3.16.0 build-depends: - libepoxy diff --git a/strata/initramfs-utils.morph b/strata/initramfs-utils.morph index 35bc78cd..6df77c96 100644 --- a/strata/initramfs-utils.morph +++ b/strata/initramfs-utils.morph @@ -7,5 +7,5 @@ chunks: - name: initramfs-scripts morph: strata/initramfs-utils/initramfs-scripts.morph repo: baserock:baserock/initramfs-scripts - ref: a97dea93d28ba272613029e46a8a0b1f699729d8 + ref: 062c5d3aece2e308aa7fc03acab1b3b6dd4270b2 unpetrify-ref: master diff --git a/strata/installer-utils.morph b/strata/installer-utils.morph index fe6c65fe..ddc714b6 100644 --- a/strata/installer-utils.morph +++ b/strata/installer-utils.morph @@ -7,5 +7,5 @@ chunks: - name: installer-scripts morph: strata/installer-utils/installer-scripts.morph repo: baserock:baserock/installer-scripts - ref: master + ref: a1629ded9eb499b55b547cd8caa0ade8233b32f4 unpetrify-ref: master diff --git a/strata/libdrm-common.morph b/strata/libdrm-common.morph index 0efac1e3..16ef2375 100644 --- a/strata/libdrm-common.morph +++ b/strata/libdrm-common.morph @@ -10,7 +10,7 @@ chunks: - name: drm repo: upstream:drm morph: strata/libdrm-common/drm.morph - ref: d2e0f552467ca11162fe04dfed55de4590280f23 - unpetrify-ref: libdrm-2.4.59 + ref: 5f7b6723e1bed755c230817eea0563bab5b2a8a7 + unpetrify-ref: libdrm-2.4.60 build-depends: - xorg-lib-libpciaccess diff --git a/strata/libdrm-common/drm.morph b/strata/libdrm-common/drm.morph index d1a5381b..a614a831 100644 --- a/strata/libdrm-common/drm.morph +++ b/strata/libdrm-common/drm.morph @@ -1,6 +1,15 @@ name: drm kind: chunk build-system: autotools +pre-configure-commands: + # Tegra requires a new coherent BO attribute, not currently upstream, so + # patch it here + - sed -i '/NOUVEAU_GEM_DOMAIN_MAPPABLE (1 << 3)/a#define NOUVEAU_GEM_DOMAIN_COHERENT (1 << 4)' include/drm/nouveau_drm.h + - | + sed -i '/info->domain |= NOUVEAU_GEM_DOMAIN_MAPPABLE;/a\ + if (bo->flags & NOUVEAU_BO_COHERENT)\ + info->domain |= NOUVEAU_GEM_DOMAIN_COHERENT;' nouveau/abi16.c + - sed -i '/NOUVEAU_BO_NOSNOOP 0x20000000/a#define NOUVEAU_BO_COHERENT 0x10000000' nouveau/nouveau.h configure-commands: - NOCONFIGURE=1 ./autogen.sh - ./configure --prefix="$PREFIX" --enable-tegra-experimental-api --enable-freedreno-experimental-api diff --git a/strata/libsoup-common.morph b/strata/libsoup-common.morph new file mode 100644 index 00000000..ca81b6e0 --- /dev/null +++ b/strata/libsoup-common.morph @@ -0,0 +1,10 @@ +name: libsoup-common +kind: stratum +build-depends: +- morph: strata/core.morph +chunks: +- name: libsoup + morph: strata/libsoup-common/libsoup.morph + repo: upstream:libsoup + ref: ce764489e358bad6b49418f5c8bc7b25a4b1815e + unpetrify-ref: baserock/morph diff --git a/strata/virtualization/libsoup.morph b/strata/libsoup-common/libsoup.morph index 0a5ebef6..0a5ebef6 100644 --- a/strata/virtualization/libsoup.morph +++ b/strata/libsoup-common/libsoup.morph diff --git a/strata/mesa-common-vm.morph b/strata/mesa-common-vm.morph new file mode 100644 index 00000000..47394dea --- /dev/null +++ b/strata/mesa-common-vm.morph @@ -0,0 +1,12 @@ +name: mesa-common-vm +kind: stratum +build-depends: +- morph: strata/llvm-common.morph +- morph: strata/libdrm-common.morph +- morph: strata/wayland-generic.morph +chunks: +- name: mesa@vm + morph: strata/mesa-common/mesa@vm.morph + repo: upstream:mesa + ref: f7d157a4f011fd5ace94f55c8674be4b12d86f95 + unpetrify-ref: baserock/mesa-10.3.7-2-gf7d157a/fstat_fix diff --git a/strata/mesa-common.morph b/strata/mesa-common.morph index 8967446c..ae6567d8 100644 --- a/strata/mesa-common.morph +++ b/strata/mesa-common.morph @@ -4,9 +4,10 @@ build-depends: - morph: strata/llvm-common.morph - morph: strata/libdrm-common.morph - morph: strata/wayland-generic.morph +- morph: strata/python-core.morph chunks: - name: mesa morph: strata/mesa-common/mesa.morph repo: upstream:mesa - ref: 1a9cc5f50db5d27530a3449743b43aac389d781f - unpetrify-ref: mesa-10.3.3 + ref: d4407a29d0c64134999fed83dbbd8707ca449ce7 + unpetrify-ref: baserock/mesa-10.5.4-jetson diff --git a/strata/mesa-common/mesa@vm.morph b/strata/mesa-common/mesa@vm.morph new file mode 100644 index 00000000..517b6ba4 --- /dev/null +++ b/strata/mesa-common/mesa@vm.morph @@ -0,0 +1,12 @@ +name: mesa@vm +kind: chunk +build-system: autotools +configure-commands: +- | + ./autogen.sh --prefix="$PREFIX" \ + --enable-gles2 \ + --disable-glx \ + --with-egl-platforms=drm,wayland \ + --with-gallium-drivers="yes" \ + --with-dri-drivers="yes" \ + --enable-gallium-egl diff --git a/strata/morph-utils.morph b/strata/morph-utils.morph index 62649723..c024ea63 100644 --- a/strata/morph-utils.morph +++ b/strata/morph-utils.morph @@ -2,7 +2,10 @@ name: morph-utils kind: stratum build-depends: - morph: strata/core.morph +- morph: strata/ostree-core.morph - morph: strata/python-cliapp.morph +- morph: strata/python-core.morph +- morph: strata/python-pygobject.morph - morph: strata/python-wsgi.morph chunks: - name: python-ttystatus @@ -10,10 +13,6 @@ chunks: repo: upstream:python-ttystatus ref: 47d871216cea6ce3b9d6efd70e9a0f38ab8604f0 unpetrify-ref: baserock/morph -- name: python-markdown - repo: upstream:python-markdown - ref: a9ca97325e9039de90eae29fb3d8879bc9f367f6 - unpetrify-ref: baserock/morph - name: git-fat morph: strata/tools/git-fat.morph repo: upstream:git-fat @@ -31,14 +30,13 @@ chunks: unpetrify-ref: baserock/morph build-depends: - python-ttystatus - - python-markdown - name: pylru repo: upstream:python-packages/pylru ref: 221dd259f5c34562c835611d1cf62384b9019da4 unpetrify-ref: master - name: morph repo: baserock:baserock/morph - ref: 68395a12c79c22e266b4a06095533e38da6e29d0 + ref: eda5cb29d0200ee55c0ed50d2afe1a17dbd7577a unpetrify-ref: master build-depends: - cmdtest diff --git a/strata/nfs.morph b/strata/nfs.morph index 0d04812b..9b9aa248 100644 --- a/strata/nfs.morph +++ b/strata/nfs.morph @@ -23,7 +23,7 @@ chunks: - name: nfs-utils morph: strata/nfs/nfs-utils.morph repo: upstream:nfs-utils - ref: 08baf3bc2f66a1ca6401191e19380028d2fc2c6d + ref: 0da9f20a22bb32b2da6b587b4e85dafde087c0f7 unpetrify-ref: baserock/master build-depends: - libevent diff --git a/strata/ntpd.morph b/strata/ntpd.morph index e2ccc84a..4c5483e5 100644 --- a/strata/ntpd.morph +++ b/strata/ntpd.morph @@ -1,9 +1,10 @@ name: ntpd kind: stratum build-depends: -- morph: strata/core.morph +- morph: strata/foundation.morph chunks: - name: ntpd + morph: strata/ntpd/ntpd.morph repo: upstream:ntp - ref: d4b7cd9723cce9561fa15f74b90b85a3a61b5ef8 - unpetrify-ref: ntp-dev-4.2.7p482 + ref: b2ccf8dd31d1457ae9f0ae270054117179220370 + unpetrify-ref: ntp-4.2.8p2 diff --git a/strata/ntpd/ntpd.morph b/strata/ntpd/ntpd.morph new file mode 100644 index 00000000..49316c14 --- /dev/null +++ b/strata/ntpd/ntpd.morph @@ -0,0 +1,51 @@ +name: ntpd +kind: chunk +build-system: autotools +configure-commands: + - ./configure --prefix="$PREFIX" --enable-linuxcaps +post-install-commands: +- | + cat > ntpd.service << EOF + [Unit] + Description=Network Time Service + After=network.target nss-lookup.target + Conflicts=systemd-timesyncd.service + + [Service] + Type=forking + ExecStart=/usr/bin/ntpd -u ntp:ntp + PrivateTmp=True + Restart=on-failure + + [Install] + WantedBy=multi-user.target + EOF +- install -D -m 644 ntpd.service "$DESTDIR"/lib/systemd/system/ntpd.service +- mkdir -p "$DESTDIR"/lib/systemd/system/multi-user.target.wants +- ln -s /lib/systemd/system/ntpd.service "$DESTDIR"/lib/systemd/system/multi-user.target.wants/ntpd.service +- | + cat > ntp.conf << EOF + # We use iburst here to reduce the potential initial delay to set the clock + server 0.pool.ntp.org iburst + server 1.pool.ntp.org iburst + server 2.pool.ntp.org iburst + server 3.pool.ntp.org iburst + + # kod - notify client when packets are denied service, + # rather than just dropping the packets + # + # nomodify - deny queries which attempt to modify the state of the server + # + # notrap - decline to provide mode 6 control message trap service to + # matching hosts + # + # see ntp.conf(5) for more details + restrict -4 default kod notrap nomodify + restrict -6 default kod notrap nomodify + EOF +- install -D -m 644 ntp.conf "$DESTDIR"/etc/ntp.conf +system-integration: + ntpd-misc: + 00-add-ntpd-user: + - groupadd -r ntp + - useradd -g ntp -d /home/ntp -s /bin/false -r ntp diff --git a/strata/ocaml-language.morph b/strata/ocaml-language.morph new file mode 100644 index 00000000..3364763d --- /dev/null +++ b/strata/ocaml-language.morph @@ -0,0 +1,11 @@ +name: ocaml-language +kind: stratum +description: | + OCaml +build-depends: +- morph: strata/core.morph +chunks: +- name: ocaml + morph: strata/ocaml/ocaml.morph + repo: upstream:ocaml + ref: fa7961d5fada53056f38a9ae36615df26352028a diff --git a/strata/x-generic/util-keysyms.morph b/strata/ocaml/ocaml.morph index ddae3707..00e36767 100644 --- a/strata/x-generic/util-keysyms.morph +++ b/strata/ocaml/ocaml.morph @@ -1,9 +1,8 @@ -name: util-keysyms +name: ocaml kind: chunk configure-commands: -- git submodule update --init -- ./autogen.sh --prefix=/usr +- ./configure --prefix "$PREFIX" build-commands: -- make +- make world.opt install-commands: - make DESTDIR="$DESTDIR" install diff --git a/strata/openbmc.morph b/strata/openbmc.morph new file mode 100644 index 00000000..b1309a2a --- /dev/null +++ b/strata/openbmc.morph @@ -0,0 +1,22 @@ +name: openbmc +kind: stratum +description: OpenBMC components +build-depends: +- morph: strata/build-essential.morph +- morph: strata/core.morph +chunks: +- name: i2c-tools + morph: strata/openbmc/i2c-tools.morph + repo: upstream:i2c-tools + ref: 187dd637f7789c4cb12dfe2ba13f6e01d2a3c698 + unpetrify-ref: V3-1-1 +- name: lm_sensors + morph: strata/openbmc/lm_sensors.morph + repo: upstream:lm-sensors + ref: d9983967a89382f64c65db67026f85f073ef9b74 + unpetrify-ref: master +- name: isc-dhcp + repo: upstream:isc-dhcp-tarball + morph: strata/openbmc/isc-dhcp.morph + ref: f800382616186a5d30e28d8b2c51e97a9a8360f2 + unpetrify-ref: master diff --git a/strata/openbmc/i2c-tools.morph b/strata/openbmc/i2c-tools.morph new file mode 100644 index 00000000..5fba3b0a --- /dev/null +++ b/strata/openbmc/i2c-tools.morph @@ -0,0 +1,16 @@ +name: i2c-tools +kind: chunk +build-commands: +- make -C eepromer && make +install-commands: +- mkdir -p "$DESTDIR$PREFIX"/bin +- | + i2ctools="i2cdetect i2cdump i2cget i2cset" + for f in ${i2ctools}; do + install -m 755 tools/${f} "$DESTDIR$PREFIX"/bin/${f} + done +- | + eepromtools="eepromer eeprom eeprog" + for f in ${eepromtools}; do + install -m 755 eepromer/${f} "$DESTDIR$PREFIX"/bin/${f} + done diff --git a/strata/openbmc/isc-dhcp.morph b/strata/openbmc/isc-dhcp.morph new file mode 100644 index 00000000..5ee2e66b --- /dev/null +++ b/strata/openbmc/isc-dhcp.morph @@ -0,0 +1,3 @@ +name: isc-dhcp +kind: chunk +build-system: autotools diff --git a/strata/openbmc/lm_sensors.morph b/strata/openbmc/lm_sensors.morph new file mode 100644 index 00000000..27ee10d5 --- /dev/null +++ b/strata/openbmc/lm_sensors.morph @@ -0,0 +1,7 @@ +name: lm_sensors +kind: chunk +build-commands: +- make user PROG_EXTRA="sensors" +install-commands: +- make DESTDIR="$DESTDIR" PREFIX="$PREFIX" install +# TODO: If we need sensord too, we'll need rrdtool as a dependency and install instructions for sensord components diff --git a/strata/openstack-clients.morph b/strata/openstack-clients.morph index 91559113..32e0f356 100644 --- a/strata/openstack-clients.morph +++ b/strata/openstack-clients.morph @@ -96,3 +96,8 @@ chunks: unpetrify-ref: 0.7.6 build-depends: - python-keystoneclient +- name: python-ironicclient + morph: strata/openstack-clients/python-ironicclient.morph + repo: upstream:openstack/python-ironicclient + ref: 4390a21663de3123fac306e9860624ba7deda0e6 + unpetrify-ref: 0.4.1 diff --git a/strata/openstack-clients/python-ironicclient.morph b/strata/openstack-clients/python-ironicclient.morph new file mode 100644 index 00000000..95be0bd8 --- /dev/null +++ b/strata/openstack-clients/python-ironicclient.morph @@ -0,0 +1,3 @@ +name: python-ironicclient +kind: chunk +build-system: python-distutils diff --git a/strata/openstack-common.morph b/strata/openstack-common.morph index f59f6705..78c04ba6 100644 --- a/strata/openstack-common.morph +++ b/strata/openstack-common.morph @@ -96,3 +96,17 @@ chunks: repo: upstream:simplejson ref: 54d5ff15d508c51366986cc4f77f2f287f036582 unpetrify-ref: v3.6.4 +- name: greenlet + ref: 42b65a7b67dfabd180625155cd4fcd8e51917fe2 + unpetrify-ref: 0.4.5 + repo: upstream:python-packages/greenlet +- name: eventlet + ref: 8d2474197de4827a7bca9c33e71a82573b6fc721 + unpetrify-ref: v0.15.2 + repo: upstream:python-packages/eventlet + build-depends: + - greenlet +- name: pastedeploy + repo: upstream:python-packages/pastedeploy + ref: 5ad87be617c2cc1dd31625688172e964db2756dc + unpetrify-ref: 1.5.2 diff --git a/strata/openstack-services.morph b/strata/openstack-services.morph new file mode 100644 index 00000000..773a76f9 --- /dev/null +++ b/strata/openstack-services.morph @@ -0,0 +1,566 @@ +name: openstack-services +kind: stratum +description: Openstack clients and services +build-depends: +- morph: strata/erlang.morph +- morph: strata/django.morph +- morph: strata/xstatic.morph +- morph: strata/openstack-clients.morph +- morph: strata/test-tools.morph +- morph: strata/python-tools.morph +chunks: +- name: rabbitmq-codegen + morph: strata/openstack-services/rabbitmq-codegen.morph + ref: 4dc5ccde2a0b3d638e5754b00abf94196fe9ca32 + unpetrify-ref: rabbitmq_v3_4_1 + repo: upstream:rabbitmq-codegen +- name: rabbitmq-server + morph: strata/openstack-services/rabbitmq-server.morph + ref: 9afcf9b95d2c53f866e9a33ddce46562f8950ded + unpetrify-ref: baserock/master + repo: upstream:rabbitmq-server + build-depends: + - rabbitmq-codegen +- name: oslo-rootwrap + repo: upstream:openstack/oslo-rootwrap + ref: 62d732277de5cf663172eafe6d3a6c149a9cf814 + unpetrify-ref: master +- name: py-amqp + repo: upstream:python-packages/py-amqp + ref: 875b10d1715def640042c7ff2f42c00a6c07eed1 + unpetrify-ref: 1.4.6 +- name: librabbitmq + morph: strata/openstack-services/librabbitmq.morph + repo: upstream:python-packages/librabbitmq + ref: 0087f3c6fa81d4ec4c573319ee2149a5db7018e6 + unpetrify-ref: baserock/v1.6.1 + build-depends: + - py-amqp +- name: anyjson + repo: upstream:python-packages/anyjson + ref: 016506078e94718e1fe750eb5083ab5ba07498c8 + unpetrify-ref: 0.3.3 +- name: kombu + repo: upstream:python-packages/kombu + ref: 6e68e54b3a846faa6f8b7e14a4a7ca51d1967bc2 + unpetrify-ref: v3.0.23 + build-depends: + - anyjson + - py-amqp + - librabbitmq +- name: sqlalchemy + repo: upstream:python-packages/sqlalchemy + ref: ff34c480dfd2b8b7c72339d196f5477980a5124c + unpetrify-ref: rel_0_9_8 +- name: alembic + repo: upstream:python-packages/alembic + ref: 5f952f25caa688d89204d134ee867de7dbad917c + unpetrify-ref: rel_0_7_1 + build-depends: + - sqlalchemy +- name: lockfile + repo: upstream:python-packages/lockfile + ref: 777758cdf4520271370b3338b86b5c66f9b104f0 + unpetrify-ref: master +- name: dogpile-core + repo: upstream:python-packages/dogpile-core + ref: 3e6f0f86b4161b48898e656039154092426e5cc8 + unpetrify-ref: rel_0_4_1 +- name: dogpile-cache + repo: upstream:python-packages/dogpile-cache + ref: 1c753914b335b4391bc5847a87b7c52ca81c2bc6 + unpetrify-ref: rel_0_5_4 + build-depends: + - dogpile-core +- name: pyjwt + repo: upstream:python-packages/pyjwt + ref: 739efeff4c6c1fc30ab5cf5eb0ac337e8ee107d7 + unpetrify-ref: 0.2.3 +- name: creole + repo: upstream:python-packages/creole + ref: 6390231688adb5d8678a71cd33204e9bca555d4a + unpetrify-ref: v1.2.1 +- name: pygments + repo: upstream:python-packages/pygments + ref: f41e8c594e76855611b3b3dfca300894bd29f1c4 + unpetrify-ref: 2.0rc1 +- name: docutils + repo: upstream:python-packages/docutils + ref: 1976ba91eff979abc3e13e5d8cb68324833af6a0 + unpetrify-ref: docutils-0.12 +- name: snowballstemmer + repo: upstream:python-packages/snowballstemmer.git + ref: f0d81ce1606d685029302ea073b59d9437d12569 + unpetrify-ref: master +- name: sphinx + repo: upstream:python-packages/sphinx + ref: e76c9771bad16e68cdb7deb18b4d13de0a718c68 + unpetrify-ref: 1.3b1 + build-depends: + - pygments + - docutils + - snowballstemmer +- name: pystache + repo: upstream:python-packages/pystache.git + ref: 0c5e61a4ccc05bde7f6c6132b4fb6c49a3c093fd + unpetrify-ref: baserock/v0.5.4 +- name: pies + repo: upstream:python-packages/pies.git + ref: 593dcce07fdb3e8d0053a863a7aba7f2ce8a6c9c + unpetrify-ref: 2.6.1 +- name: natsort + repo: upstream:python-packages/natsort.git + ref: ce94d418c3849e891f0508b41f5bccc4ae1d4e4d + unpetrify-ref: 3.5.1 +- name: isort + repo: upstream:python-packages/isort.git + ref: 9d1b03b6e1fd2f87be1c635d6159a76a131f8155 + unpetrify-ref: 3.9.0 + build-depends: + - pies + - natsort +- name: pep8 + repo: upstream:python-packages/pep8.git + ref: 164066c4d85f212f5f4a11699b848942c678b947 + unpetrify-ref: 1.5.7 +- name: pyflakes + repo: upstream:python-packages/pyflakes.git + ref: 71b7b6776856912d50a0b9a85a8ea2a1dc7eb75c + unpetrify-ref: 0.8.1 +- name: smartypants + repo: upstream:python-packages/smartypants.git + ref: e89b6e7e119694edcd414a556c634d5ca85bff76 + unpetrify-ref: v1.8.6 + build-depends: + - isort + - pep8 + - pyflakes +- name: pycco + repo: upstream:python-packages/pycco + ref: 22e157e525760e843dba391ca85fbe9bd35fdc5b + unpetrify-ref: master + build-depends: + - pygments + - pystache + - smartypants +- name: dateutil + repo: upstream:python-packages/dateutil + ref: 8c6026ba09716a4e164f5420120bfe2ebb2d9d82 + unpetrify-ref: trunk +- name: posix-ipc-tarball + repo: upstream:python-packages/posix-ipc-tarball + ref: f3765db04b903b3671733e07cf1541a51966dd14 + unpetrify-ref: posix_ipc-0.9.8 +- name: paste + repo: upstream:python-packages/paste + ref: 4c177fce89fee925f0f4fbfde00ce2e1252562c0 + unpetrify-ref: master +- name: repoze-lru + repo: upstream:python-packages/repoze-lru + ref: 29c8281dee7fe8dae8c66c7c40ce7c058ec2ab0f + unpetrify-ref: 0.6 +- name: routes + repo: upstream:python-packages/routes + ref: 745a9207d9e48e309e292172543bc21075e65e09 + unpetrify-ref: v2.1 + build-depends: + - repoze-lru +- name: passlib + repo: upstream:python-packages/passlib + ref: f407312597727a08440e41bc8e31d3b3b334c66f + unpetrify-ref: 1.6.2 +- name: tempita + repo: upstream:python-packages/tempita + ref: b2b67795a009e9f825cbd855d766b78a00273f10 + unpetrify-ref: 0.5 +- name: numpy + repo: upstream:python-packages/numpy.git + ref: ac07f6d3e45090b224a7da81708e60a762a65f76 + unpetrify-ref: baserock/v1.9.0 + build-depends: + - sphinx +- name: websockify + repo: upstream:python-packages/websockify + ref: e0863aa0c2103069961bc24e618615a0f2bb1487 + unpetrify-ref: baserock/v0.6.0 + build-depends: + - numpy +- name: httplib2 + ref: 058a1f9448d5c27c23772796f83a596caf9188e6 + unpetrify-ref: v0.9 + repo: upstream:python-packages/httplib2 +- name: suds + repo: upstream:python-packages/suds + ref: badd30a87f676d632d7386b05401e6029a5df83c + unpetrify-ref: release-0.3.2 +- name: jsonrpclib + repo: upstream:python-packages/jsonrpclib + ref: 53c8ffcfe4dd1718086cc551dce8ac459e8abc67 + unpetrify-ref: master +- name: rtslib-fb + repo: upstream:python-packages/rtslib-fb + ref: 8ffb4739d596fb1aac5d62d173d1e6f80270af9d + unpetrify-ref: v2.1.fb52 + morph: strata/openstack-services/rtslib-fb.morph +- name: python-pexpect + repo: upstream:python-packages/pexpect + ref: 671417beb41c21f772687c565196fdde444b053b + unpetrify-ref: 3.3 +- name: ply + repo: upstream:python-packages/ply.git + ref: 6513f3537d80f483ec9c7e36d52e87f107a57f23 + unpetrify-ref: master +- name: jsonpath-rw + repo: upstream:python-packages/jsonpath-rw + ref: f4cfe56b8e8370116c5275ddcea970e9a68fd75d + unpetrify-ref: 1.2.3 + build-depends: + - ply +- name: logutils + repo: upstream:python-packages/logutils.git + ref: 095f14efbaaf838b7772bffd36a466abb9668efe + unpetrify-ref: 0.3.3 +- name: pecan + repo: upstream:python-packages/pecan + ref: c7f241fd6bb8a0b10e02b8b43aaf1810c312cfbf + unpetrify-ref: 0.8.0 + build-depends: + - logutils +- name: croniter + repo: upstream:python-packages/croniter + ref: 0c3aeac05791cb4ece9e30da29442e9cd5b22f36 + unpetrify-ref: 0.3.5 + build-depends: + - dateutil +- name: msgpack-python + repo: upstream:python-packages/msgpack-python + ref: 61bac2f586e82313a0e618093bfed2435cd18983 + unpetrify-ref: 0.4.2 +- name: qpid-python + morph: strata/openstack-services/qpid-python.morph + repo: upstream:python-packages/qpid-python + ref: 587b0febaf1996db1e483137ed6addb45580ee9e + unpetrify-ref: 0.30 +- name: simplegeneric-tarball + repo: upstream:python-packages/simplegeneric-tarball + ref: 601fab9b154c557dfd848d531a8969f4697d1aa2 + unpetrify-ref: simplegeneric_0.8.1.orig +- name: ipaddr-py + morph: strata/openstack-services/ipaddr-py.morph + ref: c813f4790d1092b1515ee18fe8270180ed3cc5cb + unpetrify-ref: master + repo: upstream:python-packages/ipaddr-py +- name: wsme + repo: upstream:python-packages/wsme + ref: 99d7668789cc6252398222549599d1363cddb081 + unpetrify-ref: 0.6.1 + build-depends: + - ipaddr-py + - simplegeneric-tarball +- name: pysnmp + repo: upstream:python-packages/pysnmp + ref: 1b377afeaf9ee96ab1d48aeebb2b7a6d65a4ac9d + unpetrify-ref: release_4_2_5_tag +- name: thrift + morph: strata/openstack-services/thrift.morph + repo: upstream:thrift + ref: 591e20f9636c37527a70dc03598218c3468a0eff + unpetrify-ref: 0.9.2 +- name: retrying + repo: upstream:python-packages/retrying + ref: cab083eb5791615fadbc0c98ad77a70d64b77d0d + unpetrify-ref: v1.3.1 +- name: oslo-messaging + repo: upstream:openstack/oslo-messaging + ref: 6ea3b12492e86f9e8d109fc3490cc4d3a0edd8b6 + unpetrify-ref: 1.4.0.0a5 + build-depends: + - kombu +- name: oslo-vmware + repo: upstream:openstack/oslo-vmware + ref: 047d62c4bbd01a951f77a1a4a75fb2b3d8ce23ee + unpetrify-ref: 0.6.0 + build-depends: + - suds +- name: taskflow + repo: upstream:openstack/taskflow + ref: 1caaecc5d6b2aa4cde4a50e31d1d993fce7a66c4 + unpetrify-ref: 0.5.0 +- name: sqlalchemy-migrate + repo: upstream:python-packages/sqlalchemy-migrate + ref: 089663761cc15f8b3cdb874b6a76270ccdd0a412 + unpetrify-ref: 0.9.1 + build-depends: + - sqlalchemy + - tempita +- name: oauthlib + repo: upstream:python-packages/oauthlib + ref: de773eefcb3c1afe54a0c12d5bf9bd214ceaf404 + unpetrify-ref: 0.6.3 + build-depends: + - docutils + - creole + - pycco + - sphinx + - pyjwt +- name: happybase + repo: upstream:python-packages/happybase + ref: 90a4b7ef741f0ecfe5145693f64c6f7180b9ba3d + unpetrify-ref: 0.8 + build-depends: + - thrift +- name: osprofiler + repo: upstream:python-packages/osprofiler + ref: bbe39b517263017c9db56ae1d904d08846eacff7 + unpetrify-ref: 0.3.0 +- name: pycadf + repo: upstream:python-packages/pycadf + ref: 52727bcea3a98e72331e748ce5f9e3a111a64cd1 + unpetrify-ref: 0.6.0 + build-depends: + - oslo-messaging + - posix-ipc-tarball +- name: keystonemiddleware + repo: upstream:openstack/keystonemiddleware + ref: a7beb50b38be5c3dd4c44d68ad79d1bb206dab6b + unpetrify-ref: 1.2.0 +- name: oslo-db + repo: upstream:openstack/oslo-db + ref: 0bb1e236daae53a3f5b4b88761d7b19f7961ed6c + unpetrify-ref: 1.0.2 + build-depends: + - alembic + - sqlalchemy + - sqlalchemy-migrate +- name: glance_store + repo: upstream:openstack/glance_store.git + ref: 54f673d4133c1244e2555e7ceb3344c104a74154 + unpetrify-ref: 0.1.8 +- name: glance + repo: upstream:openstack/glance + ref: 1db07bd8c07bbcde4bd267985c4e3961c22b990e + unpetrify-ref: 2014.2.3 + build-depends: + - sqlalchemy + - anyjson + - routes + - sqlalchemy-migrate + - httplib2 + - kombu + - keystonemiddleware + - wsme + - oslo-vmware + - paste + - oslo-db + - oslo-messaging + - retrying + - osprofiler + - glance_store +- name: sqlparse + repo: upstream:python-packages/sqlparse + ref: 991e7348075accae6d08025212251af21e92e664 + unpetrify-ref: 0.1.13 +- name: keystone + repo: upstream:openstack/keystone + ref: 91a33875385ca296d24f67d4ef9629a2b33bed99 + unpetrify-ref: 2014.2.3 + build-depends: + - paste + - routes + - sqlalchemy + - sqlalchemy-migrate + - passlib + - keystonemiddleware + - oslo-messaging + - oslo-db + - oauthlib + - dogpile-cache + - pycadf + - posix-ipc-tarball + - sqlparse +- name: neutron + morph: strata/openstack-services/neutron.morph + repo: upstream:openstack/neutron + ref: 96b5962646510ee67b322aa82242e02e3edfaa83 + unpetrify-ref: 2014.2.3 + build-depends: + - paste + - routes + - anyjson + - httplib2 + - jsonrpclib + - keystonemiddleware + - sqlalchemy + - alembic + - oslo-db + - oslo-messaging + - oslo-rootwrap +- name: wsgiref + repo: upstream:python-packages/wsgiref.git + ref: e8360785eef259394e13b2062407edc3c2cbc1e0 + unpetrify-ref: baserock/master +- name: rfc3986 + repo: upstream:python-packages/python-rfc3986.git + ref: 9817ec3e47bca8fba9a7cac56d785e9d644f7473 + unpetrify-ref: rfc3986-0.2.0 +- name: urwid + repo: upstream:python-packages/urwid + ref: 838839f7a300a774240d52f943aafd6ff44b2413 + unpetrify-ref: release-1.3.0 +- name: configshell-fb + repo: upstream:python-packages/configshell-fb + ref: 8c151ccdd75956da60b2304417c41a60a2c28231 + unpetrify-ref: v1.1.fb17 +- name: targetcli-fb + repo: upstream:python-packages/targetcli + ref: c62610f3c2da6b4d364028c18bcc7f0d3da54477 + unpetrify-ref: v2.1.fb39 + build-depends: + - configshell-fb + - rtslib-fb +- name: sysfsutils + repo: upstream:sysfsutils + ref: 237bf36e664db92f95b75067bf0f246726993254 + unpetrify-ref: sysfsutils-2_1_0 +- name: open-iscsi + morph: strata/openstack-services/open-iscsi.morph + repo: upstream:open-iscsi + ref: 8da14e6f9eeeb4fd03938d40fe1126fe0d110b68 + unpetrify-ref: master +- name: nova + morph: strata/openstack-services/nova.morph + repo: upstream:openstack/nova + ref: e6452b995023e89bf6f1a1fb14f39216f83c760b + unpetrify-ref: 2014.2.3 + build-depends: + - sqlalchemy + - anyjson + - keystonemiddleware + - kombu + - routes + - paste + - sqlalchemy-migrate + - suds + - posix-ipc-tarball + - websockify + - wsgiref + - oslo-db + - oslo-rootwrap + - pycadf + - oslo-messaging + - lockfile + - rfc3986 + - oslo-vmware +- name: cinder + morph: strata/openstack-services/cinder.morph + repo: upstream:openstack/cinder + ref: 48c792513fd342a5f82122b12e4ed2afd0de2ae7 + unpetrify-ref: 2014.2.3 + build-depends: + - anyjson + - keystonemiddleware + - kombu + - oslo-db + - oslo-messaging + - oslo-rootwrap + - osprofiler + - paste + - routes + - taskflow + - rtslib-fb + - sqlalchemy + - sqlalchemy-migrate + - suds + - wsgiref +- name: pymemcache + repo: upstream:python-packages/pymemcache.git + ref: 3824d3b0bcdea3e8d0c08598bedfce10fd3c79e0 + unpetrify-ref: master +- name: sysv_ipc-tarball + repo: upstream:python-packages/sysv-ipc-tarball.git + ref: a77e3a63f004e6ee789fa05e4a5bbc333b1529f1 + unpetrify-ref: sysv_ipc-0.6.8 +- name: tooz + repo: upstream:python-packages/tooz.git + ref: a90940a506b7c1bf52ef7d2f2ff52204fdcc6221 + unpetrify-ref: 0.7 + build-depends: + - pymemcache + - sysv_ipc-tarball + - msgpack-python + - retrying +- name: ceilometer + repo: upstream:openstack/ceilometer + morph: strata/openstack-services/ceilometer.morph + ref: 720c2b4915caf5decd3da91ea2d6e6291316b940 + unpetrify-ref: 2014.2.3 + build-depends: + - alembic + - anyjson + - croniter + - happybase + - jsonpath-rw + - keystonemiddleware + - lockfile + - msgpack-python + - oslo-db + - oslo-rootwrap + - oslo-vmware + - pecan + - posix-ipc-tarball + - oslo-messaging + - pysnmp + - sqlalchemy + - sqlalchemy-migrate + - tooz + - wsme +- name: django-openstack-auth + repo: upstream:openstack/django_openstack_auth + ref: e676c88a329af57d6c4f13df54f6e1e06c1f8360 + unpetrify-ref: 1.1.8 +- name: horizon + morph: strata/openstack-services/horizon.morph + repo: upstream:openstack/horizon + ref: b37c1f3565e89a7fe3fef5ce76e9c26b22e3e7c4 + unpetrify-ref: 2014.2.3 + build-depends: + - django-openstack-auth + - lockfile +- name: novnc + morph: strata/openstack-services/novnc.morph + repo: upstream:novnc + ref: fc00821eba469641c6c94706726c3d78e46460a2 + unpetrify-ref: v0.5.1 +- name: oauth + repo: upstream:python-packages/oauthlib + ref: fd239fca84644896b1971cf24bc6213d065adb86 + unpetrify-ref: 0.072 +- name: pyserial + repo: upstream:python-packages/pyserial + ref: bcfc1ec2fdb9a8c9c867481d7673e85fe512e667 + unpetrify-ref: release2_7 +- name: tempest + morph: strata/openstack-services/tempest.morph + repo: upstream:openstack/tempest.git + ref: acba5510785258949679304f3e1a55e53b851962 + unpetrify-ref: "2" +- name: tftp-hpa + morph: strata/openstack-services/tftp-hpa.morph + repo: upstream:tftp-hpa + ref: 4faf178a509d8091b7ba1e1fa3d13bc68c5ff55f + unpetrify-ref: tftp-hpa-5.2 +- name: singledispatch + morph: strata/openstack-services/singledispatch.morph + repo: upstream:python-packages/singledispatch + ref: 92175ba65602a03086d2b1f770f45d88af93fc3e + unpetrify-ref: 3.4.0.3 +- name: pysinglefile + morph: strata/openstack-services/pysendfile.morph + repo: upstream:python-packages/pysendfile + ref: 6775b2938ef74255239c8e08458369921297b311 + unpetrify-ref: release-2.0.0 +- name: ironic + morph: strata/openstack-services/ironic.morph + repo: upstream:openstack/ironic + ref: 0f4d454bf2093d3d62460f88aa9288bee3286b38 + unpetrify-ref: stable/juno diff --git a/strata/openstack-services/ceilometer.morph b/strata/openstack-services/ceilometer.morph new file mode 100644 index 00000000..f120ce9e --- /dev/null +++ b/strata/openstack-services/ceilometer.morph @@ -0,0 +1,23 @@ +name: ceilometer +kind: chunk +build-system: python-distutils +post-install-commands: +# Install the configuration files required to +- mkdir -p "$DESTDIR"/etc/ceilometer +- install -D -m 644 etc/ceilometer/*.json "$DESTDIR"/etc/ceilometer +- install -D -m 644 etc/ceilometer/*.yaml "$DESTDIR"/etc/ceilometer +- install -D -m 644 etc/ceilometer/api_paste.ini "$DESTDIR"/etc/ceilometer/api_paste.ini +# Install rootwrap.conf +- install -D -m 640 etc/ceilometer/rootwrap.conf "$DESTDIR"/etc/ceilometer/rootwrap.conf +# Move rootwrap files to a proper location +- mkdir -p "$DESTDIR"/etc/ceilometer/rootwrap.d +- install -D -m 644 etc/ceilometer/rootwrap.d/* "$DESTDIR"/etc/ceilometer/rootwrap.d/ +# Add ceilometer to sudoers controlling which commands will run as a root +# using the openstack rootwrap. +- mkdir -p "$DESTDIR"/etc/sudoers.d +- | + install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/ceilometer-rootwrap + Defaults:ceilometer !requiretty + + ceilometer ALL=(root) NOPASSWD: /usr/bin/ceilometer-rootwrap /etc/ceilometer/rootwrap.conf * + EOF diff --git a/strata/openstack-services/cinder.morph b/strata/openstack-services/cinder.morph new file mode 100644 index 00000000..cd680b09 --- /dev/null +++ b/strata/openstack-services/cinder.morph @@ -0,0 +1,18 @@ +name: cinder +kind: chunk +build-system: python-distutils +post-install-commands: +# Install rootwrap.conf +- install -D -m 640 etc/cinder/rootwrap.conf "$DESTDIR"/etc/cinder/rootwrap.conf +# Move rootwrap files to a proper location +- mkdir -p "$DESTDIR"/etc/cinder/rootwrap.d +- install -D -m 644 etc/cinder/rootwrap.d/* "$DESTDIR"/etc/cinder/rootwrap.d/ +# Add cinder to sudoers controlling which commands will run as a root +# using the openstack rootwrap. +- mkdir -p "$DESTDIR"/etc/sudoers.d +- | + install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/cinder-rootwrap + Defaults:cinder !requiretty + + cinder ALL=(root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf * + EOF diff --git a/strata/openstack-services/horizon.morph b/strata/openstack-services/horizon.morph new file mode 100644 index 00000000..ae6399b1 --- /dev/null +++ b/strata/openstack-services/horizon.morph @@ -0,0 +1,59 @@ +name: horizon +kind: chunk +configure-commands: +# Remove unnecessary .mo files they will be generated +# later during package build. +- find . -name "django*.mo" -exec rm -f '{}' \; +# Set COMPRESS_OFFLINE=True +- | + sed -i 's:COMPRESS_OFFLINE.=.False:COMPRESS_OFFLINE = True:' \ + openstack_dashboard/settings.py +build-commands: +# Compile message strings +- cd horizon && django-admin.py compilemessages && cd .. +- cd openstack_dashboard && django-admin.py compilemessages && cd .. +- python setup.py build +post-build-commands: +# Use the local_settings.py example to compile and compress the css, js, etc files. +# This is a hack to make SECRET_KEY work. +- | + cp openstack_dashboard/local/local_settings.py.example \ + openstack_dashboard/local/local_settings.py +# Collect the static files and compress them. +- python manage.py collectstatic --noinput +- python manage.py compress --force +install-commands: +# Undo hack +- | + cp openstack_dashboard/local/local_settings.py.example \ + openstack_dashboard/local/local_settings.py +# Install horizon +- python setup.py install -O1 --skip-build --prefix "$PREFIX" --root "$DESTDIR" +post-install-commands: +# Remove unnecessary .po files +- find "$DESTDIR" -name django.po -exec rm '{}' \; +- find "$DESTDIR" -name djangojs.po -exec rm '{}' \; +# Link Openstack local_settings where openstack_dashboard is installed. +- mkdir -p "$DESTDIR"/var/lib/horizon/openstack_dashboard/local +- | + ln -sf /etc/horizon/openstack_dashboard/local_settings.py \ + "$DESTDIR$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/local/local_settings.py +# Create the static directory (STATIC_ROOT) used in local_settings.py to keep +# the static objects like css files. +- mkdir -p "$DESTDIR"/var/lib/horizon/openstack_dashboard/static +# Copy the compressed static files to horizon. +- cp -a openstack_dashboard/static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static +- cp -a horizon/static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static +- cp -a static/* "$DESTDIR"/var/lib/horizon/openstack_dashboard/static +# Work around to make django.wsgi working with horizon +# See: https://bugs.launchpad.net/osprofiler/+bug/1361235 +# and: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=41c9a1dfad23f8aee366afb6a0b20a6c57ec8f79 +- | + sed -i "s|'../..'|os.path.realpath('../..')|" \ + "$DESTDIR$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi +# And link this django.wsgi file to the horizon home directory +- | + ln -sf "$PREFIX"/lib/python2.7/site-packages/openstack_dashboard/wsgi/django.wsgi \ + "$DESTDIR"/var/lib/horizon/openstack_dashboard/django.wsgi +# Create the horizon document root for apache configuration +- mkdir -p "$DESTDIR"/var/lib/horizon/.blackhole diff --git a/strata/openstack-services/ipaddr-py.morph b/strata/openstack-services/ipaddr-py.morph new file mode 100644 index 00000000..f6691ab7 --- /dev/null +++ b/strata/openstack-services/ipaddr-py.morph @@ -0,0 +1,6 @@ +name: ipaddr-py +kind: chunk +build-commands: +- cd trunk && python setup.py build +install-commands: +- cd trunk && python setup.py install --prefix "$PREFIX" --root "$DESTDIR" diff --git a/strata/openstack-services/ironic.morph b/strata/openstack-services/ironic.morph new file mode 100644 index 00000000..850399b4 --- /dev/null +++ b/strata/openstack-services/ironic.morph @@ -0,0 +1,17 @@ +name: ironic +kind: chunk +build-system: python-distutils +post-install-commands: +# Install rootwrap.conf +- install -D -m 640 etc/ironic/rootwrap.conf "$DESTDIR"/etc/ironic/rootwrap.conf +# Move rootwrap files to a proper location +- mkdir -p "$DESTDIR"/etc/ironic/rootwrap.d +- install -m 644 etc/ironic/rootwrap.d/* "$DESTDIR"/etc/ironic/rootwrap.d/ +# Add ironic to sudoers controlling which commands will run as a root +# using the openstack rootwrap. +- | + install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/ironic-rootwrap + Defaults:ironic !requiretty + + ironic ALL=(root) NOPASSWD: /usr/bin/ironic-rootwrap /etc/ironic/rootwrap.conf * + EOF diff --git a/strata/openstack-services/librabbitmq.morph b/strata/openstack-services/librabbitmq.morph new file mode 100644 index 00000000..b87ce369 --- /dev/null +++ b/strata/openstack-services/librabbitmq.morph @@ -0,0 +1,10 @@ +name: librabbitmq +kind: chunk +build-system: python-distutils +configure-commands: +- (cd rabbitmq-c; rm -rf codegen; ln -sf ../rabbitmq-codegen ./codegen) +- (cd rabbitmq-c; autoreconf -fvi) +- (cd rabbitmq-c; automake --add-missing) +- (cd rabbitmq-c; ./configure --disable-tools --disable-docs) +- (cd rabbitmq-c; make distdir) +- mv rabbitmq-c/rabbitmq-c-0.5.3 clib diff --git a/strata/openstack-services/neutron.morph b/strata/openstack-services/neutron.morph new file mode 100644 index 00000000..b79a089b --- /dev/null +++ b/strata/openstack-services/neutron.morph @@ -0,0 +1,17 @@ +name: neutron +kind: chunk +build-system: python-distutils +post-install-commands: +# Move rootwrap files to a proper location +- mkdir -p "$DESTDIR"/etc/neutron +- mv "$DESTDIR$PREFIX"/etc/neutron/rootwrap.d "$DESTDIR"/etc/neutron/ +- mv "$DESTDIR$PREFIX"/etc/neutron/rootwrap.conf "$DESTDIR"/etc/neutron/ +# Add neutron to sudoers controlling which commands is running as a root +# using the openstack rootwrap. +- mkdir -p "$DESTDIR"/etc/sudoers.d +- | + install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/neutron-rootwrap + Defaults:neutron !requiretty + + neutron ALL=(root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * + EOF diff --git a/strata/openstack-services/nova.morph b/strata/openstack-services/nova.morph new file mode 100644 index 00000000..bb6dd756 --- /dev/null +++ b/strata/openstack-services/nova.morph @@ -0,0 +1,18 @@ +name: nova +kind: chunk +build-system: python-distutils +post-install-commands: +# Install rootwrap.conf +- install -D -m 640 etc/nova/rootwrap.conf "$DESTDIR"/etc/nova/rootwrap.conf +# Move rootwrap files to a proper location +- mkdir -p "$DESTDIR"/etc/nova/rootwrap.d +- install -D -m 644 etc/nova/rootwrap.d/* "$DESTDIR"/etc/nova/rootwrap.d/ +# Add nova to sudoers controlling which commands will run as a root +# using the openstack rootwrap. +- mkdir -p "$DESTDIR"/etc/sudoers.d +- | + install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/nova-rootwrap + Defaults:nova !requiretty + + nova ALL=(root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf * + EOF diff --git a/strata/openstack-services/novnc.morph b/strata/openstack-services/novnc.morph new file mode 100644 index 00000000..858320a0 --- /dev/null +++ b/strata/openstack-services/novnc.morph @@ -0,0 +1,11 @@ +name: novnc +kind: chunk +install-commands: +- mkdir -p "$DESTDIR$PREFIX"/share/novnc/utils +- install -m 444 *html "$DESTDIR$PREFIX"/share/novnc +- install -m 444 vnc.html "$DESTDIR$PREFIX"/share/novnc/index.html +- mkdir -p "$DESTDIR$PREFIX"/share/novnc/include +- install -m 444 include/*.* "$DESTDIR$PREFIX"/share/novnc/include +- mkdir -p "$DESTDIR$PREFIX"/share/novnc/images +- install -m 444 images/*.* "$DESTDIR$PREFIX"/share/novnc/images +- install -d "$DESTDIR"/etc/sysconfig diff --git a/strata/openstack-services/open-iscsi.morph b/strata/openstack-services/open-iscsi.morph new file mode 100644 index 00000000..9d135ab2 --- /dev/null +++ b/strata/openstack-services/open-iscsi.morph @@ -0,0 +1,45 @@ +name: open-iscsi +kind: chunk +build-commands: +- make +install-commands: +# Rewrite prefix and exec_prefix which are set to "/usr" and "/" respectively +- make prefix="$PREFIX" exec_prefix="$PREFIX" DESTDIR="$DESTDIR" install +# Install iscsistart app which is not listed by default in PROGRAMS +- make prefix="$PREFIX" exec_prefix="$PREFIX" DESTDIR="$DESTDIR" PROGRAMS="usr/iscsistart" install +post-install-commands: +# Configure iscsi daemon +# Point the startup to the installed binary +- | + sed -i -e "s|iscsid.startup = \/sbin\/iscsid|iscsid.startup = "$PREFIX"/sbin/iscsid|" \ + etc/iscsid.conf +# Start up a session automatically +- sed -i -e 's|node.startup = manual|node.startup = automatic|' etc/iscsid.conf +# Install config file +- install -D -m 644 etc/iscsid.conf "$DESTDIR"/etc/iscsi +# Install custom systemd unit file +- | + install -D -m 644 /proc/self/fd/0 << 'EOF' "$DESTDIR$PREFIX"/lib/systemd/system/iscsid.service + [Unit] + Description=Open iSCSI Daemon + After=network.target + + [Service] + Type=forking + ExecStart=/usr/sbin/iscsid + + [Install] + WantedBy=multi-user.target + EOF +# Install iscsi socket unit +- | + install -D -m 644 /proc/self/fd/0 << 'EOF' "$DESTDIR$PREFIX"/lib/systemd/system/iscsid.socket + [Unit] + Description=Open-iSCSI iscsid Socket + + [Socket] + ListenStream=@ISCSIADM_ABSTRACT_NAMESPACE + + [Install] + WantedBy=sockets.target + EOF diff --git a/strata/openstack-services/pies.morph b/strata/openstack-services/pies.morph new file mode 100644 index 00000000..327c1dc9 --- /dev/null +++ b/strata/openstack-services/pies.morph @@ -0,0 +1,11 @@ +name: pies +kind: chunk +configure-commands: +- | + cd pies2override + && python setup.py build + && python setup.py install --prefix "$PREFIX" --root "$DESTDIR" +build-commands: +- python setup.py build +install-commands: +- python setup.py install --prefix "$PREFIX" --root "$DESTDIR" diff --git a/strata/openstack-services/pysendfile.morph b/strata/openstack-services/pysendfile.morph new file mode 100644 index 00000000..2e2f809b --- /dev/null +++ b/strata/openstack-services/pysendfile.morph @@ -0,0 +1,3 @@ +name: pysendfile +kind: chunk +build-system: python-distutils diff --git a/strata/openstack-services/qpid-python.morph b/strata/openstack-services/qpid-python.morph new file mode 100644 index 00000000..203b3db5 --- /dev/null +++ b/strata/openstack-services/qpid-python.morph @@ -0,0 +1,6 @@ +name: qpid-python +kind: chunk +build-commands: +- cd qpid/python && python setup.py build +install-commands: +- cd qpid/python && python setup.py install --prefix "$PREFIX" --root "$DESTDIR" diff --git a/strata/openstack-services/rabbitmq-codegen.morph b/strata/openstack-services/rabbitmq-codegen.morph new file mode 100644 index 00000000..2b06aeb5 --- /dev/null +++ b/strata/openstack-services/rabbitmq-codegen.morph @@ -0,0 +1,7 @@ +name: rabbitmq-codegen +kind: chunk +configure-commands: [] +build-commands: [] +install-commands: +- mkdir -p "$DESTDIR$PREFIX"/lib/rabbitmq-codegen +- cp * "$DESTDIR$PREFIX"/lib/rabbitmq-codegen diff --git a/strata/openstack-services/rabbitmq-server.morph b/strata/openstack-services/rabbitmq-server.morph new file mode 100644 index 00000000..97b8a126 --- /dev/null +++ b/strata/openstack-services/rabbitmq-server.morph @@ -0,0 +1,16 @@ +name: rabbitmq-server +kind: chunk +configure-commands: +- mkdir -p codegen +- cp /usr/lib/rabbitmq-codegen/* codegen +build-commands: +- make +install-commands: +- | + make install_bin TARGET_DIR="$DESTDIR$PREFIX" \ + SBIN_DIR="$DESTDIR$PREFIX"/sbin \ + MAN_DIR="$PREFIX"/share/man \ + DOC_INSTALL_DIR="$PREFIX"/share + +post-install-commands: +- rm "$DESTDIR$PREFIX"/LICENSE* "$DESTDIR$PREFIX"/INSTALL diff --git a/strata/openstack-services/rtslib-fb.morph b/strata/openstack-services/rtslib-fb.morph new file mode 100644 index 00000000..26de3f9b --- /dev/null +++ b/strata/openstack-services/rtslib-fb.morph @@ -0,0 +1,27 @@ +name: rtslib-fb +kind: chunk +build-system: python-distutils +post-install-commands: +- mkdir -p "$DESTDIR$PREFIX"/lib/systemd/system + +# The following systemd unit is from the fedora package see +# http://pkgs.fedoraproject.org/cgit/python-rtslib.git/tree/target.service for +# more information + +- | + install -D -m 0644 /proc/self/fd/0 <<'EOF' "$DESTDIR$PREFIX"/lib/systemd/system/target.service + [Unit] + Description=Restore LIO kernel target configuration + Requires=sys-kernel-config.mount + After=sys-kernel-config.mount network.target local-fs.target + + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStart=/usr/bin/targetctl restore + ExecStop=/usr/bin/targetctl clear + SyslogIdentifier=target + + [Install] + WantedBy=multi-user.target + EOF diff --git a/strata/openstack-services/singledispatch.morph b/strata/openstack-services/singledispatch.morph new file mode 100644 index 00000000..919c7096 --- /dev/null +++ b/strata/openstack-services/singledispatch.morph @@ -0,0 +1,3 @@ +name: singledispatch +kind: chunk +build-system: python-distutils diff --git a/strata/openstack-services/tempest.morph b/strata/openstack-services/tempest.morph new file mode 100644 index 00000000..da42c929 --- /dev/null +++ b/strata/openstack-services/tempest.morph @@ -0,0 +1,11 @@ +name: tempest +kind: chunk +build-system: python-distutils +post-install-commands: +- mkdir -p "$DESTDIR"/etc/tempest + +# Tempest is not supposed to be installed, just cloned and used from the clone, +# that's why we copy all the contents of the repository here, given that we +# don't know yet what things we can avoid copying. +- cp -R * "$DESTDIR"/etc/tempest +- cp .testr.conf "$DESTDIR"/etc/tempest diff --git a/strata/openstack-services/tftp-hpa.morph b/strata/openstack-services/tftp-hpa.morph new file mode 100644 index 00000000..d466d2d4 --- /dev/null +++ b/strata/openstack-services/tftp-hpa.morph @@ -0,0 +1,5 @@ +name: tftp-hpa +build-system: autotools +kind: chunk +install-commands: +- make INSTALLROOT="$DESTDIR" install diff --git a/strata/openstack-services/thrift.morph b/strata/openstack-services/thrift.morph new file mode 100644 index 00000000..39062351 --- /dev/null +++ b/strata/openstack-services/thrift.morph @@ -0,0 +1,6 @@ +name: thrift +kind: chunk +build-system: autotools +max-jobs: 1 +pre-configure-commands: +- ./bootstrap.sh diff --git a/strata/ostree-core.morph b/strata/ostree-core.morph new file mode 100644 index 00000000..5052bf4b --- /dev/null +++ b/strata/ostree-core.morph @@ -0,0 +1,17 @@ +name: ostree-core +kind: stratum +build-depends: +- morph: strata/foundation.morph +- morph: strata/core.morph +- morph: strata/libsoup-common.morph +chunks: +- name: libgsystem + repo: upstream:libgsystem + ref: 8231b8ad4a4ee35e4b11fae5f6e7cddabf1c51ae + unpetrify-ref: master +- name: ostree + repo: upstream:ostree + ref: c9704e9802dfeda9b5a138535c59e98df3dd7196 + unpetrify-ref: baserock/morph + build-depends: + - libgsystem diff --git a/strata/python-cliapp.morph b/strata/python-cliapp.morph index ff6fda3e..495a6a2e 100644 --- a/strata/python-cliapp.morph +++ b/strata/python-cliapp.morph @@ -6,7 +6,7 @@ build-depends: - morph: strata/python-core.morph chunks: - name: python-coveragepy - morph: strata/morph-utils/python-coveragepy.morph + morph: strata/python-cliapp/python-coveragepy.morph repo: upstream:python-coveragepy ref: 77d2e3bfd8fb325092aaed37ba1378054d182d19 unpetrify-ref: baserock/morph diff --git a/strata/python-common.morph b/strata/python-common.morph index 5879febd..d329dc4d 100644 --- a/strata/python-common.morph +++ b/strata/python-common.morph @@ -42,5 +42,33 @@ chunks: - python-json-pointer - name: python-prettytable repo: upstream:python-prettytable - ref: 7a48f1e84049577370cf28632a75d2fd01e4142d + ref: bea6a50e4da00074b35b57232771cea58b89b3e0 + unpetrify-ref: 0.7.2-RELEASE +- name: configobj + repo: upstream:configobj-git + ref: 9d2aab01c77dce600b296ba9da1163cc0bbc14e0 + unpetrify-ref: v5.0.6 +- name: python-mimeparse + repo: upstream:python-packages/python-mimeparse.git + ref: 2d600d3fc4a386af69d20fba433843b4df2b3c92 unpetrify-ref: master +- name: kazoo + repo: upstream:python-packages/kazoo.git + ref: 93a718ea4c20df797766742c3d74de281613c651 + unpretrify-ref: 2.0 +- name: webob + repo: upstream:python-packages/webob + ref: ae0ac90f22f9e1ff351e445f92330efd89195f51 + unpetrify-ref: 1.4 +- name: python-decorator + repo: upstream:python-packages/python-decorator + ref: b02f7a254c3679dfac57a824e08dd02ced850636 + unpetrify-ref: decorator-3.4.0 +- name: networkx + repo: upstream:python-packages/networkx + ref: 8ac796aba866ade1a56b83e30f25ed392ca3512c + unpetrify-ref: networkx-1.9.1 +- name: boto + repo: upstream:boto + ref: 2517f660f8ef9012708d46da3a36ab967993d2f6 + unpetrify-ref: 2.33.0 diff --git a/strata/python-core.morph b/strata/python-core.morph index 342e8c68..0f9d1653 100644 --- a/strata/python-core.morph +++ b/strata/python-core.morph @@ -9,6 +9,12 @@ chunks: repo: upstream:python-setuptools-bitbucket ref: 0aa6a4de5931d02876428388678802db2371fd37 unpetrify-ref: baserock/master +- name: mako + repo: upstream:python-packages/mako.git + ref: 285bc818a50ccc0f9549630f7c4f4c250585c3e7 + unpetrify-ref: rel_1_0_0 + build-depends: + - python-setuptools - name: pip repo: upstream:pip ref: ea680f204fb0e48789710c22c8f597a9bf01bc16 @@ -36,3 +42,11 @@ chunks: unpetrify-ref: baserock/morph build-depends: - python-setuptools +- name: python-lxml + repo: upstream:python-lxml + ref: 14505bc62f5f1fc9fb0ff007955f3e67ab4562bb + unpetrify-ref: lxml-3.4.0 +- name: python-markdown + repo: upstream:python-markdown + ref: f0c5b71acbc02af60a33d67c59558bb513b25e74 + unpetrify-ref: 2.5.1-final diff --git a/strata/python-pygobject.morph b/strata/python-pygobject.morph new file mode 100644 index 00000000..39f74f6d --- /dev/null +++ b/strata/python-pygobject.morph @@ -0,0 +1,12 @@ +name: python-pygobject +kind: stratum +description: | + Python GObject bindings +build-depends: +- morph: strata/core.morph +chunks: +- name: pygobject + morph: strata/python-pygobject/pygobject.morph + repo: upstream:pygobject + ref: 276341d7ddab180020c31e6837bd28fd25784de0 + unpetrify-ref: baserock/morph diff --git a/strata/virtualization/pygobject.morph b/strata/python-pygobject/pygobject.morph index a423537e..a423537e 100644 --- a/strata/virtualization/pygobject.morph +++ b/strata/python-pygobject/pygobject.morph diff --git a/strata/python-tools.morph b/strata/python-tools.morph index 0acc1c0c..a84697af 100644 --- a/strata/python-tools.morph +++ b/strata/python-tools.morph @@ -3,9 +3,23 @@ kind: stratum description: "A stratum for non-essential python tools: useful python tools that we don't want to include in core." build-depends: -- morph: strata/core.morph +- morph: strata/python-core.morph chunks: - name: virtualenv repo: upstream:python-packages/virtualenv ref: 9205ff46a67130e8835f14bb4f802fd59e7dcf2c unpetrify-ref: 12.0.5 + +## Pylint - required in openstack-services.morph +- name: astroid + repo: upstream:python-packages/astroid + ref: 194dc114a33b80b4bfbbeb73f36712848f696025 + unpetrify-ref: astroid-1.3.5 +- name: logilab-common + repo: upstream:python-packages/logilab-common + ref: d1d8f793af6d015d885b9ea67b5741d5a093e2f4 + unpetrify-ref: logilab-common-version-0.62.0 +- name: pylint + repo: upstream:python-packages/pylint + ref: ba998d7a4e5fce0ea3a3e701ff446bbe4ca406b5 + unpetrify-ref: pylint-1.4.2 diff --git a/strata/qt5-tools-qtmultimedia.morph b/strata/qt5-tools-qtmultimedia.morph index 92bfcde9..d30acdcc 100644 --- a/strata/qt5-tools-qtmultimedia.morph +++ b/strata/qt5-tools-qtmultimedia.morph @@ -8,5 +8,5 @@ chunks: - name: qtmultimedia morph: strata/qt5-tools/qtmultimedia-gstreamer.morph repo: upstream:qt5/qtmultimedia - ref: b3c2dca466042cf362ffb8d803bf05c9b8a0f95f - unpetrify-ref: v5.3.2 + ref: 8b1ee1724071cc4bbe8cefe195e375ef583d9d7f + unpetrify-ref: v5.4.0 diff --git a/strata/qt5-tools-qtwebkit.morph b/strata/qt5-tools-qtwebkit.morph index e5338d7a..9511281d 100644 --- a/strata/qt5-tools-qtwebkit.morph +++ b/strata/qt5-tools-qtwebkit.morph @@ -9,26 +9,26 @@ chunks: - name: qtwebkit morph: strata/qt5-tools/qtwebkit.morph repo: upstream:qt5/qtwebkit - ref: 13f80d34ae84c3231118c8013beee55badab8929 - unpetrify-ref: v5.3.2 + ref: f9966f351678351ee6b971d7b6b25a4987407e46 + unpetrify-ref: "5.4" - name: qtwebkit-examples morph: strata/qt5-tools/qtwebkit-examples.morph repo: upstream:qt5/qtwebkit-examples - ref: bce5056b9e16a943357e362455a46685d3f22093 - unpetrify-ref: v5.3.2 + ref: 70bd4d5253f134bf48a30544030bb832f1eba8b3 + unpetrify-ref: v5.4.0 build-depends: - qtwebkit - name: qttools morph: strata/qt5-tools/qttools.morph repo: upstream:qt5/qttools - ref: 8c79a098b8b7da4832ebca1884ee833a2c2078a7 - unpetrify-ref: v5.3.2 - build-depends: + ref: 5060a0ec7dcb26826b19eefbd6063efcbde6101f + unpetrify-ref: v5.4.0 + build-depends: - qtwebkit - name: qttranslations morph: strata/qt5-tools/qttranslations.morph repo: upstream:qt5/qttranslations - ref: cf4d6f7e73bb410ed0aa3d64dffb2b6b242cdfe0 - unpetrify-ref: v5.3.2 - build-depends: + ref: 3aad4ab4718d4bf952275a07e406e93eb6a22eed + unpetrify-ref: v5.4.0 + build-depends: - qttools diff --git a/strata/qt5-tools.morph b/strata/qt5-tools.morph index dbda3a2e..7fb8403e 100644 --- a/strata/qt5-tools.morph +++ b/strata/qt5-tools.morph @@ -13,37 +13,37 @@ chunks: - name: qtbase morph: strata/qt5-tools/qtbase.morph repo: upstream:qt5/qtbase - ref: 05670f586ffe05425b7542a27fcca31bddf231aa - unpetrify-ref: v5.3.2 + ref: 5367fa356233da4c0f28172a8f817791525f5457 + unpetrify-ref: v5.4.0 build-depends: - icu - name: qtsvg morph: strata/qt5-tools/qtsvg.morph repo: upstream:qt5/qtsvg - ref: 35a2f0880831d38c60d2b4820dac808f48f6f3a8 - unpetrify-ref: v5.3.2 + ref: eece19e62638409b479cabcbb985978d61d84307 + unpetrify-ref: v5.4.0 build-depends: - qtbase - name: qtscript morph: strata/qt5-tools/qtscript.morph repo: upstream:qt5/qtscript - ref: 71f6dee8791c95fd862ca3651d7f4b7d6b9f440e - unpetrify-ref: v5.3.2 + ref: 1371263991489f11774250aa609ace0b12415186 + unpetrify-ref: v5.4.0 build-depends: - qtbase - name: qtdeclarative morph: strata/qt5-tools/qtdeclarative.morph repo: upstream:qt5/qtdeclarative - ref: a67aa6abc6a406b00ef58a7e07fd39012bfa3eb1 - unpetrify-ref: v5.3.2 + ref: fdf004803d036583f58ceb832803cfe39c6ba6d8 + unpetrify-ref: v5.4.0 build-depends: - qtbase - qtscript - name: qtquick1 morph: strata/qt5-tools/qtquick1.morph repo: upstream:qt5/qtquick1 - ref: 8e7fa2b5aa2e2e4371c4b73926d0e6ad2ebdbd96 - unpetrify-ref: v5.3.2 + ref: 1f92491bd95abc642dcd882846884a5271c8ba16 + unpetrify-ref: v5.4.0 build-depends: - qtbase - qtscript @@ -59,80 +59,79 @@ chunks: - name: qtquickcontrols morph: strata/qt5-tools/qtquickcontrols.morph repo: upstream:qt5/qtquickcontrols - ref: bc91574cca8b6f24968ab4e1cc11fe1fd10f3061 - unpetrify-ref: v5.3.2 + ref: ea099e341b5f8845be56f81b22e44a8b6cb227a2 + unpetrify-ref: v5.4.0 build-depends: - qtbase - qtdeclarative - name: qtsensors morph: strata/qt5-tools/qtsensors.morph repo: upstream:qt5/qtsensors - ref: fd3e65ef5ab6eb8e4b5bdad380d1f6862799856c - unpetrify-ref: v5.3.2 + ref: 10702cfa8ce803e0911306284c246a879d865f1d + unpetrify-ref: v5.4.0 build-depends: - qtbase - name: qtserialport morph: strata/qt5-tools/qtserialport.morph repo: upstream:qt5/qtserialport - ref: 286d64c202f461cb8ff5a4cc4c2320af8195b8f0 - unpetrify-ref: v5.3.2 + ref: 9aef6c3c8ff97b7998bdd813f7c7f3d845b2a53f + unpetrify-ref: v5.4.0 build-depends: - qtbase - name: qtx11extras morph: strata/qt5-tools/qtx11extras.morph repo: upstream:qt5/qtx11extras - ref: 2d84caf5ef1b5dace0d678df4581db3c955be6ee - unpetrify-ref: v5.3.2 + ref: a21bbb45019e1bbc7b583811ff2e84757082a01a + unpetrify-ref: v5.4.0 build-depends: - qtbase - name: qtxmlpatterns morph: strata/qt5-tools/qtxmlpatterns.morph repo: upstream:qt5/qtxmlpatterns - ref: 78c2367e22d87b529610117f5b6abef6934abdcf - unpetrify-ref: v5.3.2 + ref: 2e8b90b33d1d8dce4acdb6a116a227f2a5d3e044 + unpetrify-ref: v5.4.0 build-depends: - qtbase - name: qtdoc morph: strata/qt5-tools/qtdoc.morph repo: upstream:qt5/qtdoc - ref: 688019893d2cbd9ccdc4d75c550bca4530a46ee4 - unpetrify-ref: v5.3.2 + ref: 251f5eaa2dae740c0d0217893038a3f5bab2bca3 + unpetrify-ref: v5.4.0 build-depends: - qtbase - name: qtgraphicaleffects morph: strata/qt5-tools/qtgraphicaleffects.morph repo: upstream:qt5/qtgraphicaleffects - ref: 82abf6975b6737259ee656564e5ec7f8ad1d0508 - unpetrify-ref: v5.3.2 + ref: 9e9600d92224084f7942a6bd83b926c630a29747 + unpetrify-ref: v5.4.0 build-depends: - qtbase - qtdeclarative - name: qtimageformats morph: strata/qt5-tools/qtimageformats.morph repo: upstream:qt5/qtimageformats - ref: 85e621e3ecf449bb0587bd4da97ca66179b24f31 - unpetrify-ref: v5.3.2 + ref: fdc7026fb7d098abbf135fd5e7d2cf00884f9235 + unpetrify-ref: v5.4.0 build-depends: - qtbase - name: qtconnectivity morph: strata/qt5-tools/qtconnectivity.morph repo: upstream:qt5/qtconnectivity - ref: 8a33a9b43dcc5e7f9a77237a660a3759286e6b86 - unpetrify-ref: v5.3.2 - build-depends: + ref: 5d405d07fb51502d0bfab08f4d74aa5eba365bab + unpetrify-ref: v5.4.0 + build-depends: - qtbase - name: qtlocation morph: strata/qt5-tools/qtlocation.morph repo: upstream:qt5/qtlocation - ref: a36d9e67e3b8168cb4d1eb76eda96ebb8242fd20 - unpetrify-ref: v5.3.2 - build-depends: + ref: 7791dd790d2b15751b703db70a5fceb31d3fd99f + unpetrify-ref: v5.4.0 + build-depends: - qtbase - name: qtwebsockets morph: strata/qt5-tools/qtwebsockets.morph repo: upstream:qt5/qtwebsockets - ref: 00f77bdc5beb62e980216cfee906ab7aa1d1c4f7 - unpetrify-ref: v5.3.2 - build-depends: + ref: d1c9ede19976767393fe5db2f396c0c18d6fbced + unpetrify-ref: v5.4.0 + build-depends: - qtbase - diff --git a/strata/qt5-tools/icu.morph b/strata/qt5-tools/icu.morph index 37dec07e..f9532f04 100644 --- a/strata/qt5-tools/icu.morph +++ b/strata/qt5-tools/icu.morph @@ -1,6 +1,7 @@ name: icu kind: chunk configure-commands: +- sed -e 's/LDFLAGSICUDT/#LDFLAGSICUDT/' -i source/config/mh-linux - cd source; ./runConfigureICU Linux --prefix=/usr build-commands: - cd source; unset TARGET ; make diff --git a/strata/swift.morph b/strata/swift.morph new file mode 100644 index 00000000..22ca8a3a --- /dev/null +++ b/strata/swift.morph @@ -0,0 +1,29 @@ +name: swift +kind: stratum +description: Distributed object storage +build-depends: +# openstack-common is required for simplejson, cffi, greenlet, +# eventlet, pastedeploy +- morph: strata/openstack-common.morph +chunks: +- name: dnspython + repo: upstream:python-packages/dnspython + ref: e1369c62d14f82b80ef11197a490ace5d43bb3f3 + unpetrify-ref: v1.12.0 +- name: netifaces + repo: upstream:python-packages/netifaces + ref: 885b200ba717df87f6e8044ec8c66c677c949bcb + unpetrify-ref: release_0_10_4 +- name: xattr + morph: strata/swift/xattr.morph + repo: upstream:python-packages/xattr + ref: dd10d44e3eb9a1d2303c1f7d5126c099d56e97fc + unpetrify-ref: v0.7.6 +- name: swift + repo: upstream:openstack/swift + ref: 2e8261a4dc0d0af0c4a46478b81e167bcf02220b + unpetrify-ref: 2.2.0 + build-depends: + - dnspython + - netifaces + - xattr diff --git a/strata/swift/xattr.morph b/strata/swift/xattr.morph new file mode 100644 index 00000000..65f47dae --- /dev/null +++ b/strata/swift/xattr.morph @@ -0,0 +1,8 @@ +name: xattr +kind: chunk +configure-commands: +- cp -r /usr/lib/python2.7/site-packages/cffi . +build-commands: +- python setup.py build +install-commands: +- python setup.py install --prefix "$PREFIX" --root "$DESTDIR" diff --git a/strata/test-tools.morph b/strata/test-tools.morph new file mode 100644 index 00000000..6826c963 --- /dev/null +++ b/strata/test-tools.morph @@ -0,0 +1,113 @@ +name: test-tools +kind: stratum +description: Tools and frameworks used for testing +build-depends: +- morph: strata/python-common.morph +chunks: +- name: python-test-extras + repo: upstream:python-packages/python-test-extras.git + ref: cdeb596f01241e9c779332e86f6edcd0c2e8e9f0 + unpetrify-ref: master +- name: check + repo: upstream:check + ref: 8c872aca6675e95fa47e7514e28fbdf25fce6170 + unpetrify-ref: 0.9.8 +- name: cppunit + repo: upstream:cppunit + ref: 8133cf2b977f013216f0a41b6fcb740410d83926 + unpetrify-ref: 1.13.2 +- name: testtools + repo: upstream:python-packages/testtools + ref: ee9946228ce5a03a84cf146027de0a8a9a46c4fe + unpetrify-ref: testools-1.1.0 + build-depends: + - python-test-extras +- name: subunit + morph: strata/test-tools/subunit.morph + repo: upstream:python-packages/subunit + ref: e18ffe65a3229d5c1d91be988405d40219db0887 + unpetrify-ref: 0.0.21 + build-depends: + - python-test-extras + - testtools + - check + - cppunit +- name: fixtures + repo: upstream:python-packages/fixtures + ref: 9f9d89ce718463b24cd3910b9a99efb60b3c9e1b + unpetrify-ref: 0.3.16 + build-depends: + - testtools +- name: testrepository + repo: upstream:python-packages/testrepository + ref: 6419a3dcaabaf09eaf438c6d8d85c90eba7a2b91 + unpetrify-ref: 0.0.19 + build-depends: + - fixtures + - subunit + - testtools +- name: testscenarios + repo: upstream:python-packages/testscenarios + ref: 475857af19a8190c9c0c7f8241b9907b942e19fd + unpetrify-ref: trunk +- name: mox + repo: upstream:python-packages/mox + ref: 160491d0384285698d726b1af21277f336107f51 + unpetrify-ref: master +- name: mock + repo: upstream:python-packages/mock + ref: 35b35f7ad239005a950f870af57b44dbdc99d66b + unpetrify-ref: master +- name: oslotest + repo: upstream:openstack/oslotest + ref: cfdb562a6e07728570ca624a8c4faf3f5b61423b + unpetrify-ref: 1.2.0 + build-depends: + - fixtures + - subunit + - testrepository + - testscenarios + - testtools + - mock + - mox +- name: mox3 + repo: upstream:python-packages/pymox + ref: 444fa40f4edb529efbffa2da8dbd97e9b8564b5c + unpetrify-ref: master +- name: mocker + repo: upstream:python-packages/mocker + ref: f7f87e4ac1c52342162cf2035f5fe3d273f8b07f + unpetrify-ref: master +- name: zake + repo: upstream:python-packages/zake.git + ref: 13b92d9db4ad37d9550ef5c5abd323a2530a1e72 + unpetrify-ref: master + build-depends: + - testtools +- name: nose + repo: upstream:python-packages/nose + ref: 08d134270b035dac3310cd877bb0fe9ab678303a + unpetrify-ref: release_1.3.4 +- name: beautifulsoup4 + repo: upstream:python-packages/beautifulsoup4.git + ref: bcd7af0e9159d97aa511fb2d879424d1c1c5aadf +- name: waitress + repo: upstream:python-packages/waitress.git + ref: b795d573a5a9e6e39b46a6e82da367a6a5db8dbd + unpetrify-ref: 0.8.9 +- name: webtest + repo: upstream:python-packages/webtest.git + ref: 6a24fba456d1c4ac2609b90f1fdc377c595608a4 + unpetrify-ref: 2.0.16 + build-depends: + - waitress + - beautifulsoup4 +- name: testresources + repo: upstream:python-packages/testresources + ref: ef938bcce0e436f9e9ffef932a898dc248a1d6ea + unpetrify-ref: 0.2.7 + build-depends: + - testtools + - fixtures + - check + - cppunit diff --git a/strata/test-tools/subunit.morph b/strata/test-tools/subunit.morph new file mode 100644 index 00000000..b7b43a39 --- /dev/null +++ b/strata/test-tools/subunit.morph @@ -0,0 +1,3 @@ +name: python-subunit +kind: chunk +build-system: autotools diff --git a/strata/tools.morph b/strata/tools.morph index 2bbf7bfa..e6449631 100644 --- a/strata/tools.morph +++ b/strata/tools.morph @@ -38,8 +38,8 @@ chunks: unpetrify-ref: baserock/bootstrap - name: vala repo: upstream:vala - ref: 682eba5880fbd76402dec10118883da913a7b255 - unpetrify-ref: 0.26.2 + ref: 5f6ebe007050be12bdc4aa7c902ae4059f28874a + unpetrify-ref: 0.28.0 build-depends: - vala-bootstrap - name: u-boot @@ -62,10 +62,10 @@ chunks: ref: a4769dc7999b53260325fb89945bef85714fb338 unpetrify-ref: baserock/morph - name: procps-ng + morph: strata/tools/procps-ng.morph repo: upstream:procps-ng ref: 85fff468fa263cdd2ff1c0144579527c32333695 unpetrify-ref: v3.3.9 - prefix: / - name: ipmitool morph: strata/tools/ipmitool.morph repo: upstream:ipmitool @@ -73,3 +73,20 @@ chunks: unpetrify-ref: IPMITOOL_1_8_14 build-depends: - file +- name: libpcap + morph: strata/tools/libpcap.morph + repo: upstream:libpcap + ref: 098a643f817e8a9929c70dfba157e4d399398375 + unpetrify-ref: libpcap-1.7 +- name: tcpdump + morph: strata/tools/tcpdump.morph + repo: upstream:tcpdump + ref: 8aa5edea1b8846740514dee4158b6c707d38fc13 + unpetrify-ref: tcpdump-4.7 + build-depends: + - libpcap +- name: parted + morph: strata/tools/parted.morph + repo: upstream:parted + ref: 0477d5ac971681b36cb2d2a97d1de8afd2a696d3 + unpetrify-ref: baserock/v3.2 diff --git a/strata/tools/libpcap.morph b/strata/tools/libpcap.morph new file mode 100644 index 00000000..7c5ee932 --- /dev/null +++ b/strata/tools/libpcap.morph @@ -0,0 +1,3 @@ +name: libpcap +kind: chunk +build-system: autotools diff --git a/strata/tools/lsof.morph b/strata/tools/lsof.morph index 5fabcd64..38183ae6 100644 --- a/strata/tools/lsof.morph +++ b/strata/tools/lsof.morph @@ -1,7 +1,7 @@ name: lsof kind: chunk configure-commands: -- tar xf lsof_*_src.tar +- tar xf lsof_*_src.tar --no-same-owner - cd lsof_*_src/ && ./Configure -n linux build-commands: - cd lsof_*_src/ && make diff --git a/strata/tools/parted.morph b/strata/tools/parted.morph new file mode 100644 index 00000000..d99c73cd --- /dev/null +++ b/strata/tools/parted.morph @@ -0,0 +1,10 @@ +name: parted +kind: chunk +build-system: autotools +pre-configure-commands: +- ./bootstrap --skip-po --no-git --gnulib-srcdir=gnulib +configure-commands: +# Disable device-mapper as it is not installed on Baserock +- ./configure --prefix="$PREFIX" --disable-device-mapper +build-commands: +- make WERROR_CFLAGS="" diff --git a/strata/tools/procps-ng.morph b/strata/tools/procps-ng.morph new file mode 100644 index 00000000..69df3d4a --- /dev/null +++ b/strata/tools/procps-ng.morph @@ -0,0 +1,27 @@ +name: procps-ng +kind: chunk + +description: | + Process management tools. + + procps-ng is a fork of the original procps project. + +build-system: autotools + +configure-commands: + - NOCONFIGURE=1 ./autogen.sh + # Setting exec-prefix to /usr causes a bunch of stuff to go in /usr/usr/bin + # Setting prefix to / causes files to go in /include and /share + # So don't do either of those things! + - ./configure --prefix="$PREFIX" --exec-prefix=/ + +post-install-commands: +# We need to link the binaries into /bin so that they override the Busybox +# versions of these tools. This will not be necessary once /bin is merged +# into /usr/bin. It's not possible to get the Makefile to install the binaries +# in /bin -- a bunch of them are hardcoded to live in ${exec_prefix}/usr/bin. + - | + usr_binaries="free pidof pmap slabtop top vmstat watch pgrep pkill pwdx tload uptime w" + for file in $usr_binaries; do + ln -sf "$PREFIX"/bin/$file "$DESTDIR"/bin/$file + done diff --git a/strata/tools/tcpdump.morph b/strata/tools/tcpdump.morph new file mode 100644 index 00000000..7a974dab --- /dev/null +++ b/strata/tools/tcpdump.morph @@ -0,0 +1,3 @@ +name: tcpdump +kind: chunk +build-system: autotools diff --git a/strata/trove.morph b/strata/trove.morph index 40588c05..984050b7 100644 --- a/strata/trove.morph +++ b/strata/trove.morph @@ -71,7 +71,7 @@ chunks: - name: trove-setup morph: strata/trove/trove-setup.morph repo: baserock:baserock/trove-setup - ref: 1b89b00ccfed5adf796c2a5180a8cf6b2e2badf2 + ref: 16de74536e0846ba1d2e5101618df9146c785a41 unpetrify-ref: master - name: lua-scrypt morph: strata/trove/lua-scrypt.morph diff --git a/strata/unionfs-fuse-group.morph b/strata/unionfs-fuse-group.morph new file mode 100644 index 00000000..914b18e0 --- /dev/null +++ b/strata/unionfs-fuse-group.morph @@ -0,0 +1,21 @@ +name: unionfs-fuse-group +kind: stratum + +description: + User-space union file system. + + This is used by Morph for systems which are unable to use 'overlayfs'. + It is slower than 'overlayfs', because it runs outside rather than + inside the kernel, but 'overlayfs' is only available in Linux 3.18 and + newer. + +build-depends: +# Depends on foundation for 'fuse', and maybe other stuff. +- morph: strata/foundation.morph + +chunks: + - name: unionfs.fuse + morph: strata/unionfs-fuse-group/unionfs-fuse.morph + repo: upstream:unionfs-fuse + ref: efac5b7aa91ec860f8f430a8d21060fe53a07002 + unpetrify-ref: v0.26 diff --git a/strata/unionfs-fuse-group/unionfs-fuse.morph b/strata/unionfs-fuse-group/unionfs-fuse.morph new file mode 100644 index 00000000..9b8ac2c7 --- /dev/null +++ b/strata/unionfs-fuse-group/unionfs-fuse.morph @@ -0,0 +1,13 @@ +name: unionfs-fuse +kind: chunk + +description: + User-space union file system. + +build-system: manual + +build-commands: +- make PREFIX="$PREFIX" + +install-commands: +- make PREFIX="$PREFIX" DESTDIR="$DESTDIR" install diff --git a/strata/virtualization.morph b/strata/virtualization.morph index 84eefdaf..548019aa 100644 --- a/strata/virtualization.morph +++ b/strata/virtualization.morph @@ -6,8 +6,12 @@ description: | kernel history to check which config are needed for openvswitch, libvirt, or ebtables, for example. build-depends: +- morph: strata/libsoup-common.morph +- morph: strata/python-core.morph +- morph: strata/python-pygobject.morph - morph: strata/connman-common.morph - morph: strata/lvm.morph +- morph: strata/xorg-util-macros-common.morph chunks: - name: yajl morph: strata/virtualization/yajl.morph @@ -29,21 +33,20 @@ chunks: repo: upstream:qemu ref: c5691f7ecb32cbe7a95b491314ce070e211fd97d unpetrify-ref: baserock/v2.2.0 -- name: xorg-util-macros - repo: upstream:xorg-util-macros - ref: c98b41de5596c675c603ef43ae9570133f1a9921 - unpetrify-ref: baserock/morph - name: libpciaccess repo: upstream:libpciaccess ref: b9c068896914b4132a24839c9ef7f9fcd6282d88 unpetrify-ref: master - build-depends: - - xorg-util-macros - name: dmidecode morph: strata/virtualization/dmidecode.morph repo: upstream:dmidecode ref: 47a0aa5d6696a83922ee70279b7253a4e55947d5 unpetrify-ref: master +- name: ebtables + morph: strata/virtualization/ebtables.morph + repo: upstream:ebtables + ref: f4bdc80ae8c1a79b4ab5dcb8431ad85aea618d66 + unpetrify-ref: master - name: libvirt morph: strata/virtualization/libvirt.morph repo: upstream:libvirt @@ -56,6 +59,7 @@ chunks: - xml-catalog - yajl - dmidecode + - ebtables - name: pycurl repo: upstream:pycurl ref: 5ca370827d88817eeca3c56cbb37e4ddccc16c6e @@ -66,50 +70,18 @@ chunks: unpetrify-ref: master build-depends: - pycurl -- name: cython - repo: upstream:cython - ref: 005d38d5921a603d5f4d413aae72f98a6d33192f - unpetrify-ref: master -- name: python-lxml - repo: upstream:python-lxml - ref: 8fc99f8ef3e2f12e74fb407ae62c5db50cfe7b92 - unpetrify-ref: baserock/morph - build-depends: - - cython - name: libvirt-python repo: upstream:libvirt-python ref: 8e09c79a07b097a6ba9af83be4916fb9c9538500 unpetrify-ref: v1.2.10 build-depends: - libvirt - - python-lxml - urlgrabber -- name: gnome-common - repo: upstream:gnome-common - ref: d213283fcb5228d05eb2c796579f18240e8467e8 - unpetrify-ref: 3.12.0 -- name: pygobject - morph: strata/virtualization/pygobject.morph - repo: upstream:pygobject - ref: 276341d7ddab180020c31e6837bd28fd25784de0 - unpetrify-ref: baserock/morph - build-depends: - - gnome-common -- name: libsoup - morph: strata/virtualization/libsoup.morph - repo: upstream:libsoup - ref: ce764489e358bad6b49418f5c8bc7b25a4b1815e - unpetrify-ref: baserock/morph - build-depends: - - gnome-common - name: libosinfo morph: strata/virtualization/libosinfo.morph repo: upstream:libosinfo ref: a86c74c4d3f62bb0e315ab7fc78ec9f7746bdd12 unpetrify-ref: baserock/morph - build-depends: - - libsoup - - pygobject - name: virt-manager repo: upstream:virt-manager ref: 8b7ebd4538ffbd2d246fdeee4f1bb1c452585575 @@ -117,11 +89,6 @@ chunks: build-depends: - libvirt-python - libosinfo -- name: ebtables - morph: strata/virtualization/ebtables.morph - repo: upstream:ebtables - ref: f4bdc80ae8c1a79b4ab5dcb8431ad85aea618d66 - unpetrify-ref: master - name: openvswitch morph: strata/virtualization/openvswitch.morph repo: upstream:openvswitch diff --git a/strata/virtualization/openvswitch.morph b/strata/virtualization/openvswitch.morph index 1b5cdd86..06480827 100644 --- a/strata/virtualization/openvswitch.morph +++ b/strata/virtualization/openvswitch.morph @@ -1,11 +1,11 @@ name: openvswitch kind: chunk -build-system: manual +build-system: autotools pre-configure-commands: - ./boot.sh configure-commands: -- ./configure --enable-ssl -build-commands: -- make -install-commands: -- make install DESTDIR="$DESTDIR" prefix="$PREFIX" +- | + ./configure --prefix="$PREFIX" \ + --localstatedir=/var \ + --sysconfdir=/etc \ + --enable-ssl diff --git a/strata/virtualization/qemu.morph b/strata/virtualization/qemu.morph index 17ffbeb6..89067cd2 100644 --- a/strata/virtualization/qemu.morph +++ b/strata/virtualization/qemu.morph @@ -2,4 +2,4 @@ name: qemu kind: chunk build-system: autotools configure-commands: -- ./configure --prefix="$PREFIX" +- ./configure --prefix="$PREFIX" --disable-werror diff --git a/strata/webtools.morph b/strata/webtools.morph index 68ce80d5..17a1abda 100644 --- a/strata/webtools.morph +++ b/strata/webtools.morph @@ -14,11 +14,6 @@ chunks: repo: upstream:libgit2 ref: 4b0a36e881506a02b43a4ae3c19c93c919b36eeb unpetrify-ref: master -- name: tar - morph: strata/webtools/tar.morph - repo: upstream:tar - ref: 9a58d148c26c220cb1b163c71e7a51a2e41f6b37 - unpetrify-ref: baserock/release_1_28 - name: nginx morph: strata/webtools/nginx.morph repo: upstream:nginx diff --git a/strata/webtools/nginx.morph b/strata/webtools/nginx.morph index 08949ec9..6f7f04ae 100644 --- a/strata/webtools/nginx.morph +++ b/strata/webtools/nginx.morph @@ -6,7 +6,8 @@ configure-commands: --conf-path=/etc/nginx/nginx.conf \ --pid-path=/etc/nginx/nginx.pid \ --error-log-path=/var/log/nginx/error.log \ - --http-log-path=/var/log/nginx/access.log + --http-log-path=/var/log/nginx/access.log \ + --with-http_ssl_module build-commands: - make install-commands: diff --git a/strata/webtools/tar.morph b/strata/webtools/tar.morph deleted file mode 100644 index 9219abeb..00000000 --- a/strata/webtools/tar.morph +++ /dev/null @@ -1,10 +0,0 @@ -name: tar -kind: chunk -configure-commands: -- bash bootstrap --skip-po -- FORCE_UNSAFE_CONFIGURE=1 ./configure --prefix=/usr --bindir=/bin --libexecdir=/usr/sbin - --disable-nls --disable-gcc-warnings -build-commands: -- make -install-commands: -- make DESTDIR="$DESTDIR" install diff --git a/strata/x-common.morph b/strata/x-common.morph index 9836961f..69ffdba3 100644 --- a/strata/x-common.morph +++ b/strata/x-common.morph @@ -119,6 +119,31 @@ chunks: build-depends: - xcb-proto - xorg-lib-libXau +- name: xcb-util + repo: upstream:xcb-util + ref: 4de010f122da40e17b52866d07d1d501a66bf007 + unpetrify-ref: baserock/0.4.0 + build-depends: + - xcb-libxcb +- name: util-wm + repo: upstream:util-wm + ref: fb7afc3f291c8cc072d327cd8d97ab1db3283c21 + unpetrify-ref: baserock/0.4.1 + build-depends: + - xcb-libxcb +- name: util-keysyms + repo: upstream:util-keysyms + ref: edb763a8837d3932690b9d6d77cb7e20a9ab8013 + unpetrify-ref: baserock/0.4.0 + build-depends: + - xcb-libxcb +- name: util-image + repo: upstream:util-image + ref: f20f25a1c017c58d5d7dfffc6e9adc8d31879152 + unpetrify-ref: baserock/0.4.0 + build-depends: + - xcb-libxcb + - xcb-util - name: xorg-lib-libxtrans repo: upstream:xorg-lib-libxtrans ref: 7cbad9fe2e61cd9d5caeaf361826a6f4bd320f03 diff --git a/strata/x-generic.morph b/strata/x-generic.morph index 665d4c5f..27a7c7b6 100644 --- a/strata/x-generic.morph +++ b/strata/x-generic.morph @@ -34,8 +34,8 @@ chunks: - name: xserver morph: strata/x-generic/xserver.morph repo: upstream:xserver - ref: 4393c7f1ba6140a02232f04fbb434a80d663a99d - unpetrify-ref: xorg-server-1.16.2 + ref: 3b0d1ba2266d2780bfc111bab74885b90458eca4 + unpetrify-ref: xorg-server-1.17.1 build-depends: - libepoxy - xorg-font-util @@ -47,22 +47,3 @@ chunks: unpetrify-ref: baserock/morph build-depends: - xorg-lib-libxkbfile -- name: xcb-util - repo: upstream:xcb-util - ref: 45215e6f56bf57efdf5469567c00eba7a991d3a3 - unpetrify-ref: baserock/morph -- name: util-wm - repo: upstream:util-wm - ref: 18bde07dc7cb44617c0d159ccd9ef640804296e3 - unpetrify-ref: baserock/morph -- name: util-keysyms - morph: strata/x-generic/util-keysyms.morph - repo: upstream:util-keysyms - ref: 0be179eff4eadb99ee303891d1c29c4e4dd6fbab - unpetrify-ref: baserock/morph -- name: util-image - repo: upstream:util-image - ref: 66b0caa72eb5011d89d0346424ea40b9e8e93816 - unpetrify-ref: baserock/morph - build-depends: - - xcb-util diff --git a/strata/zookeeper.morph b/strata/zookeeper.morph index 6328d327..2baf6f58 100644 --- a/strata/zookeeper.morph +++ b/strata/zookeeper.morph @@ -4,10 +4,8 @@ description: | This stratum installs zookeeper and its dependencies. build-depends: - morph: strata/core.morph +- morph: strata/test-tools.morph chunks: -- name: cppunit - repo: upstream:cppunit - ref: 77bb121d73c4593d6e3addacacb1bfbd21f53dcf - name: java-binary morph: strata/zookeeper/java-binary.morph repo: github:franred/gerrit-installation-binaries @@ -18,7 +16,6 @@ chunks: repo: upstream:java/ant ref: master build-depends: - - cppunit - java-binary - name: zookeeper morph: strata/zookeeper/zookeeper.morph diff --git a/strata/zuul-ci.morph b/strata/zuul-ci.morph new file mode 100644 index 00000000..13ae0167 --- /dev/null +++ b/strata/zuul-ci.morph @@ -0,0 +1,137 @@ +name: zuul-ci +kind: stratum +description: | + This stratum contains Zuul, turbo-hipster, and their dependencies. + + Zuul is a project gating system which orchestrates testing of patches and + handling merging when certain conditions are met (one of which could be + the tests Zuul organises pass). See http://ci.openstack.org/zuul/ for + full documentation of Zuul. + + turbo-hipster is a Zuul worker which handles the running of tests. + turbo-hipster tells a Zuul instance what tests it can run when it starts, + and then Zuul will request it runs a test on a given patch depending on + Zuul's configuration. See http://turbo-hipster.readthedocs.org/ for full + documentation of turbo-hipster. +build-depends: +- morph: strata/python-common.morph +- morph: strata/morph-utils.morph +- morph: strata/openstack-clients.morph +chunks: +- name: paste + repo: upstream:python-packages/paste + ref: 4c177fce89fee925f0f4fbfde00ce2e1252562c0 + unpetrify-ref: master + build-depends: [] +- name: webob + repo: upstream:python-packages/webob + ref: 48f3cf1f3d9d194d3c6dc2afb1c890cf7cf5f075 + unpetrify-ref: 1.2.3 + build-depends: [] +- name: smmap + repo: upstream:python-packages/smmap + ref: eb40b44ce4a6e646aabf7b7091d876738336c42f + unpetrify-ref: master + build-depends: [] +- name: gitdb + repo: upstream:python-packages/gitdb + ref: ab4520683ab325046f2a9fe6ebf127dbbab60dfe + unpetrify-ref: master + build-depends: + - smmap +- name: gitpython + repo: upstream:python-packages/gitpython + ref: 87756520b17aa0cb79a881d9aba7b4c73bddbcae + unpetrify-ref: baserock/zuul-ci + build-depends: + - gitdb +- name: lockfile + repo: upstream:python-packages/lockfile + ref: 777758cdf4520271370b3338b86b5c66f9b104f0 + unpetrify-ref: master + build-depends: [] +- name: ordereddict + repo: upstream:python-packages/ordereddict-tarball + ref: 332cd0213829089dd827a32e7c5e64c41ce79cbc + unpetrify-ref: master + build-depends: [] +- name: python-daemon + repo: upstream:python-packages/python-daemon + ref: afcc4ea312255a2545f9c67d7c34ffefb00c80c0 + unpetrify-ref: master + build-depends: [] +- name: extras + repo: upstream:python-packages/python-test-extras + ref: cdeb596f01241e9c779332e86f6edcd0c2e8e9f0 + unpetrify-ref: master + build-depends: [] +- name: mock + repo: upstream:python-packages/mock + ref: 35b35f7ad239005a950f870af57b44dbdc99d66b + unpetrify-ref: master + build-depends: [] +- name: nose + repo: upstream:python-packages/nose + ref: 908b2cda43eff9ab7a5045b6f6dfe3a718fb9afd + unpetrify-ref: release_1.2.1 + build-depends: [] +- name: flake8 + repo: upstream:python-packages/flake8 + ref: 32a273fbdb64500cb8d7f0bcae7059078524f86d + unpetrify-ref: 1.7.0 + build-depends: [] +- name: pystatsd + repo: upstream:python-packages/pystatsd + ref: 97cc0e10b0f86a23096c1197aeef74e3be5da75c + unpetrify-ref: v2.1.2 + build-depends: + - mock + - nose + - flake8 +- name: voluptuous + repo: upstream:python-packages/voluptuous + ref: edcdd9a696eb16a565842aeefc3072a713755d84 + unpetrify-ref: 0.8.6 + build-depends: [] +- name: gear + repo: upstream:python-packages/gear + ref: 7bad8c1b9275bfacc47e7d5b8ba5abb6204a0c21 + unpetrify-ref: master + build-depends: [] +- name: apscheduler + repo: upstream:python-packages/apscheduler + ref: 398ec4dee4b6be200cfbc0acedd9d9db454fefed + unpetrify-ref: v2.1.2 + build-depends: [] +- name: python-magic + repo: upstream:python-packages/python-magic + ref: 3664686df1e8e202bc449083d68ff0035ece63ea + unpetrify-ref: master + build-depends: [] +- name: zuul + repo: upstream:openstack/zuul + ref: 2f76173c39d18bdeafd6727ecee92478a6ab9dd6 + unpetrify-ref: master + build-depends: + - paste + - webob + - gitpython + - lockfile + - ordereddict + - python-daemon + - extras + - pystatsd + - voluptuous + - gear + - apscheduler +- name: turbo-hipster + repo: upstream:openstack/turbo-hipster + ref: 479a1010f3066dd15e8e23d7deedebad7db69100 + unpetrify-ref: baserock/allow-external-plugins + build-depends: + - python-magic + - lockfile + - gear + - python-daemon + - extras + - gitpython diff --git a/swift-build-rings.yml b/swift-build-rings.yml new file mode 100644 index 00000000..1ffe9c37 --- /dev/null +++ b/swift-build-rings.yml @@ -0,0 +1,34 @@ +--- +- hosts: localhost + vars: + - rings: + - { name: account, port: 6002 } + - { name: container, port: 6001 } + - { name: object, port: 6000 } + remote_user: root + tasks: + - file: path={{ ansible_env.ROOT }}/etc/swift owner=root group=root state=directory + + - name: Create ring + shell: swift-ring-builder {{ item.name }}.builder create {{ ansible_env.SWIFT_PART_POWER }} + {{ ansible_env.SWIFT_REPLICAS }} {{ ansible_env.SWIFT_MIN_PART_HOURS }} + with_items: rings + + - name: Add each storage node to the ring + shell: swift-ring-builder {{ item[0].name }}.builder + add r1z1-{{ item[1].ip }}:{{ item[0].port }}/{{ item[1].device }} {{ item[1].weight }} + with_nested: + - rings + - ansible_env.SWIFT_STORAGE_DEVICES + + - name: Rebalance the ring + shell: swift-ring-builder {{ item.name }}.builder rebalance {{ ansible_env.SWIFT_REBALANCE_SEED }} + with_items: rings + + - name: Copy ring configuration files into place + copy: src={{ item.name }}.ring.gz dest={{ ansible_env.ROOT }}/etc/swift + with_items: rings + + - name: Copy ring builder files into place + copy: src={{ item.name }}.builder dest={{ ansible_env.ROOT }}/etc/swift + with_items: rings diff --git a/swift-storage-devices-validate.py b/swift-storage-devices-validate.py new file mode 100755 index 00000000..57ab23d0 --- /dev/null +++ b/swift-storage-devices-validate.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# +# Copyright © 2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. +# +# This is used by the openstack-swift.configure extension +# to validate any provided storage device specifiers +# under SWIFT_STORAGE_DEVICES +# + + +''' + This is used by the swift-storage.configure extension + to validate any storage device specifiers specified + in the SWIFT_STORAGE_DEVICES environment variable +''' + +from __future__ import print_function + +import yaml +import sys + +EXAMPLE_DEVSPEC = '{device: sdb1, ip: 127.0.0.1, weight: 100}' +REQUIRED_KEYS = ['ip', 'device', 'weight'] + +def err(msg): + print(msg, file=sys.stderr) + sys.exit(1) + +if len(sys.argv) != 2: + err('usage: %s STRING_TO_BE_VALIDATED' % sys.argv[0]) + +swift_storage_devices = yaml.load(sys.argv[1]) + +if not isinstance(swift_storage_devices, list): + err('Expected list of device specifiers\n' + 'Example: [%s]' % EXAMPLE_DEVSPEC) + +for d in swift_storage_devices: + if not isinstance(d, dict): + err("Invalid device specifier: `%s'\n" + 'Device specifier must be a dictionary\n' + 'Example: %s' % (d, EXAMPLE_DEVSPEC)) + + if set(d.keys()) != set(REQUIRED_KEYS): + err("Invalid device specifier: `%s'\n" + 'Specifier should contain: %s\n' + 'Example: %s' % (d, str(REQUIRED_KEYS)[1:-1], EXAMPLE_DEVSPEC)) diff --git a/swift-storage.configure b/swift-storage.configure new file mode 100644 index 00000000..391b392a --- /dev/null +++ b/swift-storage.configure @@ -0,0 +1,107 @@ +#!/bin/bash +# +# Copyright © 2015 Codethink Limited +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +# The ansible script needs to know where the rootfs is, so we export it here +export ROOT="$1" + +validate_number() { + local name="$1" + local value="$2" + + local pattern='^[0-9]+$' + if ! [[ $value =~ $pattern ]] + then + echo "'$name' must be a number" >&2 + exit 1 + fi +} + +validate_non_empty() { + local name="$1" + local value="$2" + + if [[ $value = None ]] + then + echo "'$name' cannot be empty" >&2 + exit 1 + fi +} + +MANDATORY_OPTIONS="SWIFT_HASH_PATH_PREFIX \ + SWIFT_HASH_PATH_SUFFIX \ + SWIFT_REBALANCE_SEED \ + SWIFT_PART_POWER \ + SWIFT_REPLICAS \ + SWIFT_MIN_PART_HOURS \ + SWIFT_STORAGE_DEVICES \ + CONTROLLER_HOST_ADDRESS \ + MANAGEMENT_INTERFACE_IP_ADDRESS" + +for option in $MANDATORY_OPTIONS +do + if ! [[ -v $option ]] + then + missing_option=True + echo "Required option $option isn't set!" >&2 + fi +done + +if [[ $missing_option = True ]]; then exit 1; fi + +./swift-storage-devices-validate.py "$SWIFT_STORAGE_DEVICES" + +# Validate SWIFT_PART_POWER, SWIFT_REPLICAS, SWIFT_MIN_PART_HOURS +# just make sure they're numbers + +validate_number "SWIFT_PART_POWER" "$SWIFT_PART_POWER" +validate_number "SWIFT_REPLICAS" "$SWIFT_REPLICAS" +validate_number "SWIFT_MIN_PART_HOURS" "$SWIFT_MIN_PART_HOURS" + +# Make sure these aren't empty +validate_non_empty "SWIFT_HASH_PATH_PREFIX" "$SWIFT_HASH_PATH_PREFIX" +validate_non_empty "SWIFT_HASH_PATH_SUFFIX" "$SWIFT_HASH_PATH_SUFFIX" +validate_non_empty "SWIFT_REBALANCE_SEED" "$SWIFT_REBALANCE_SEED" +validate_non_empty "CONTROLLER_HOST_ADDRESS" "$CONTROLLER_HOST_ADDRESS" +validate_non_empty "MANAGEMENT_INTERFACE_IP_ADDRESS" "$MANAGEMENT_INTERFACE_IP_ADDRESS" + +mkdir -p "$ROOT/usr/lib/systemd/system/multi-user.target.wants" # ensure this exists before we make symlinks + +# A swift controller needs the storage setup service +# but does not want any of the other storage services enabled +ln -s "/usr/lib/systemd/system/swift-storage-setup.service" \ + "$ROOT/usr/lib/systemd/system/multi-user.target.wants/swift-storage-setup.service" + +SWIFT_CONTROLLER=${SWIFT_CONTROLLER:-False} + +if [[ $SWIFT_CONTROLLER = False ]] +then + ln -s "/usr/lib/systemd/system/rsync.service" \ + "$ROOT/usr/lib/systemd/system/multi-user.target.wants/rsync.service" + ln -s "/usr/lib/systemd/system/swift-storage.service" \ + "$ROOT/usr/lib/systemd/system/multi-user.target.wants/swift-storage.service" +fi + +# Build swift data structures (the rings) +/usr/bin/ansible-playbook -i hosts swift-build-rings.yml + +cat << EOF > "$ROOT"/usr/share/swift/swift-storage-vars.yml +--- +MANAGEMENT_INTERFACE_IP_ADDRESS: $MANAGEMENT_INTERFACE_IP_ADDRESS +SWIFT_HASH_PATH_PREFIX: $SWIFT_HASH_PATH_PREFIX +SWIFT_HASH_PATH_SUFFIX: $SWIFT_HASH_PATH_SUFFIX +EOF diff --git a/swift/etc/ntp.conf b/swift/etc/ntp.conf new file mode 100644 index 00000000..54522871 --- /dev/null +++ b/swift/etc/ntp.conf @@ -0,0 +1,25 @@ +{% if SWIFT_CONTROLLER is undefined or SWIFT_CONTROLLER == "False" %} +server {{ CONTROLLER_HOST_ADDRESS }} iburst +{% else %} +# We use iburst here to reduce the potential initial delay to set the clock +server 0.pool.ntp.org iburst +server 1.pool.ntp.org iburst +server 2.pool.ntp.org iburst +server 3.pool.ntp.org iburst + +# kod - notify client when packets are denied service, +# rather than just dropping the packets +# +# nomodify - deny queries which attempt to modify the state of the server +# +# notrap - decline to provide mode 6 control message trap service to +# matching hosts +# +# see ntp.conf(5) for more details +restrict -4 default kod notrap nomodify +restrict -6 default kod notrap nomodify +{% endif %} + +# The default rlimit isn't enough in some cases +# so we set a higher limit here +rlimit memlock 256 diff --git a/swift/manifest b/swift/manifest new file mode 100644 index 00000000..7fd76206 --- /dev/null +++ b/swift/manifest @@ -0,0 +1,15 @@ +0040755 0 0 /usr/share +0040755 0 0 /usr/share/swift +0100644 0 0 /usr/share/swift/hosts +0100644 0 0 /usr/share/swift/swift-storage.yml +0040755 0 0 /usr/share/swift/etc +0040755 0 0 /usr/share/swift/etc/swift +0100644 0 0 /usr/share/swift/etc/swift/account-server.j2 +0100644 0 0 /usr/share/swift/etc/swift/swift.j2 +0100644 0 0 /usr/share/swift/etc/swift/object-server.j2 +0100644 0 0 /usr/share/swift/etc/swift/container-server.j2 +0100644 0 0 /usr/share/swift/etc/rsyncd.j2 +0100644 0 0 /usr/lib/systemd/system/swift-storage-setup.service +0100644 0 0 /usr/lib/systemd/system/swift-storage.service +template overwrite 0100644 0 0 /etc/ntp.conf +overwrite 0100644 0 0 /usr/lib/systemd/system/rsync.service diff --git a/swift/usr/lib/systemd/system/rsync.service b/swift/usr/lib/systemd/system/rsync.service new file mode 100644 index 00000000..babcfb46 --- /dev/null +++ b/swift/usr/lib/systemd/system/rsync.service @@ -0,0 +1,11 @@ +[Unit] +Description=fast remote file copy program daemon +After=swift-storage-setup.service +ConditionPathExists=/etc/rsyncd.conf + +[Service] +ExecStart=/usr/bin/rsync --daemon --no-detach +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/swift/usr/lib/systemd/system/swift-storage-setup.service b/swift/usr/lib/systemd/system/swift-storage-setup.service new file mode 100644 index 00000000..3df31163 --- /dev/null +++ b/swift/usr/lib/systemd/system/swift-storage-setup.service @@ -0,0 +1,12 @@ +[Unit] +Description=Run openstack-swift-storage-setup (once) +After=local-fs.target postgres-server-setup.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/ansible-playbook -v -i /usr/share/swift/hosts /usr/share/swift/swift-storage.yml +Restart=no + +[Install] +WantedBy=multi-user.target diff --git a/swift/usr/lib/systemd/system/swift-storage.service b/swift/usr/lib/systemd/system/swift-storage.service new file mode 100644 index 00000000..dc41d3bc --- /dev/null +++ b/swift/usr/lib/systemd/system/swift-storage.service @@ -0,0 +1,12 @@ +[Unit] +Description=OpenStack Swift Storage +After=syslog.target network.target swift-storage-setup.service + +[Service] +Type=forking +Restart=on-failure +ExecStart=/usr/bin/swift-init all start +ExecStop=/usr/bin/swift-init all stop + +[Install] +WantedBy=multi-user.target diff --git a/swift/usr/share/swift/etc/rsyncd.j2 b/swift/usr/share/swift/etc/rsyncd.j2 new file mode 100644 index 00000000..c0657665 --- /dev/null +++ b/swift/usr/share/swift/etc/rsyncd.j2 @@ -0,0 +1,23 @@ +uid = swift +gid = swift +log file = /var/log/rsyncd.log +pid file = /var/run/rsyncd.pid +address = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} + +[account] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/account.lock + +[container] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/container.lock + +[object] +max connections = 2 +path = /srv/node/ +read only = false +lock file = /var/lock/object.lock diff --git a/swift/usr/share/swift/etc/swift/account-server.j2 b/swift/usr/share/swift/etc/swift/account-server.j2 new file mode 100644 index 00000000..d977e295 --- /dev/null +++ b/swift/usr/share/swift/etc/swift/account-server.j2 @@ -0,0 +1,192 @@ +[DEFAULT] +# bind_ip = 0.0.0.0 +bind_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +bind_port = 6002 +# bind_timeout = 30 +# backlog = 4096 +user = swift +swift_dir = /etc/swift +devices = /srv/node +# mount_check = true +# disable_fallocate = false +# +# Use an integer to override the number of pre-forked processes that will +# accept connections. +# workers = auto +# +# Maximum concurrent requests per worker +# max_clients = 1024 +# +# You can specify default log routing here if you want: +# log_name = swift +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# The following caps the length of log lines to the value given; no limit if +# set to 0, the default. +# log_max_line_length = 0 +# +# comma separated list of functions to call to setup custom log handlers. +# functions get passed: conf, name, log_to_console, log_route, fmt, logger, +# adapted_logger +# log_custom_handlers = +# +# If set, log_udp_host will override log_address +# log_udp_host = +# log_udp_port = 514 +# +# You can enable StatsD logging here: +# log_statsd_host = localhost +# log_statsd_port = 8125 +# log_statsd_default_sample_rate = 1.0 +# log_statsd_sample_rate_factor = 1.0 +# log_statsd_metric_prefix = +# +# If you don't mind the extra disk space usage in overhead, you can turn this +# on to preallocate disk space with SQLite databases to decrease fragmentation. +# db_preallocation = off +# +# eventlet_debug = false +# +# You can set fallocate_reserve to the number of bytes you'd like fallocate to +# reserve, whether there is space for the given file size or not. +# fallocate_reserve = 0 + +[pipeline:main] +pipeline = healthcheck recon account-server + +[app:account-server] +use = egg:swift#account +# You can override the default log routing for this app here: +# set log_name = account-server +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_requests = true +# set log_address = /dev/log +# +# auto_create_account_prefix = . +# +# Configure parameter for creating specific server +# To handle all verbs, including replication verbs, do not specify +# "replication_server" (this is the default). To only handle replication, +# set to a True value (e.g. "True" or "1"). To handle only non-replication +# verbs, set to "False". Unless you have a separate replication network, you +# should not specify any value for "replication_server". +# replication_server = false + +[filter:healthcheck] +use = egg:swift#healthcheck +# An optional filesystem path, which if present, will cause the healthcheck +# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE" +# disable_path = + +[filter:recon] +use = egg:swift#recon +recon_cache_path = /var/cache/swift + +[account-replicator] +# You can override the default log routing for this app here (don't use set!): +# log_name = account-replicator +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# vm_test_mode = no +# per_diff = 1000 +# max_diffs = 100 +# concurrency = 8 +# interval = 30 +# +# How long without an error before a node's error count is reset. This will +# also be how long before a node is reenabled after suppression is triggered. +# error_suppression_interval = 60 +# +# How many errors can accumulate before a node is temporarily ignored. +# error_suppression_limit = 10 +# +# node_timeout = 10 +# conn_timeout = 0.5 +# +# The replicator also performs reclamation +# reclaim_age = 604800 +# +# Time in seconds to wait between replication passes +# Note: if the parameter 'interval' is defined then it will be used in place +# of run_pause. +# run_pause = 30 +# +# recon_cache_path = /var/cache/swift + +[account-auditor] +# You can override the default log routing for this app here (don't use set!): +# log_name = account-auditor +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# Will audit each account at most once per interval +# interval = 1800 +# +# log_facility = LOG_LOCAL0 +# log_level = INFO +# accounts_per_second = 200 +# recon_cache_path = /var/cache/swift + +[account-reaper] +# You can override the default log routing for this app here (don't use set!): +# log_name = account-reaper +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# concurrency = 25 +# interval = 3600 +# node_timeout = 10 +# conn_timeout = 0.5 +# +# Normally, the reaper begins deleting account information for deleted accounts +# immediately; you can set this to delay its work however. The value is in +# seconds; 2592000 = 30 days for example. +# delay_reaping = 0 +# +# If the account fails to be be reaped due to a persistent error, the +# account reaper will log a message such as: +# Account <name> has not been reaped since <date> +# You can search logs for this message if space is not being reclaimed +# after you delete account(s). +# Default is 2592000 seconds (30 days). This is in addition to any time +# requested by delay_reaping. +# reap_warn_after = 2592000 + +# Note: Put it at the beginning of the pipeline to profile all middleware. But +# it is safer to put this after healthcheck. +[filter:xprofile] +use = egg:swift#xprofile +# This option enable you to switch profilers which should inherit from python +# standard profiler. Currently the supported value can be 'cProfile', +# 'eventlet.green.profile' etc. +# profile_module = eventlet.green.profile +# +# This prefix will be used to combine process ID and timestamp to name the +# profile data file. Make sure the executing user has permission to write +# into this path (missing path segments will be created, if necessary). +# If you enable profiling in more than one type of daemon, you must override +# it with an unique value like: /var/log/swift/profile/account.profile +# log_filename_prefix = /tmp/log/swift/profile/default.profile +# +# the profile data will be dumped to local disk based on above naming rule +# in this interval. +# dump_interval = 5.0 +# +# Be careful, this option will enable profiler to dump data into the file with +# time stamp which means there will be lots of files piled up in the directory. +# dump_timestamp = false +# +# This is the path of the URL to access the mini web UI. +# path = /__profile__ +# +# Clear the data when the wsgi server shutdown. +# flush_at_shutdown = false +# +# unwind the iterator of applications +# unwind = false diff --git a/swift/usr/share/swift/etc/swift/container-server.j2 b/swift/usr/share/swift/etc/swift/container-server.j2 new file mode 100644 index 00000000..d226d016 --- /dev/null +++ b/swift/usr/share/swift/etc/swift/container-server.j2 @@ -0,0 +1,203 @@ +[DEFAULT] +# bind_ip = 0.0.0.0 +bind_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +bind_port = 6001 +# bind_timeout = 30 +# backlog = 4096 +user = swift +swift_dir = /etc/swift +devices = /srv/node +# mount_check = true +# disable_fallocate = false +# +# Use an integer to override the number of pre-forked processes that will +# accept connections. +# workers = auto +# +# Maximum concurrent requests per worker +# max_clients = 1024 +# +# This is a comma separated list of hosts allowed in the X-Container-Sync-To +# field for containers. This is the old-style of using container sync. It is +# strongly recommended to use the new style of a separate +# container-sync-realms.conf -- see container-sync-realms.conf-sample +# allowed_sync_hosts = 127.0.0.1 +# +# You can specify default log routing here if you want: +# log_name = swift +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# The following caps the length of log lines to the value given; no limit if +# set to 0, the default. +# log_max_line_length = 0 +# +# comma separated list of functions to call to setup custom log handlers. +# functions get passed: conf, name, log_to_console, log_route, fmt, logger, +# adapted_logger +# log_custom_handlers = +# +# If set, log_udp_host will override log_address +# log_udp_host = +# log_udp_port = 514 +# +# You can enable StatsD logging here: +# log_statsd_host = localhost +# log_statsd_port = 8125 +# log_statsd_default_sample_rate = 1.0 +# log_statsd_sample_rate_factor = 1.0 +# log_statsd_metric_prefix = +# +# If you don't mind the extra disk space usage in overhead, you can turn this +# on to preallocate disk space with SQLite databases to decrease fragmentation. +# db_preallocation = off +# +# eventlet_debug = false +# +# You can set fallocate_reserve to the number of bytes you'd like fallocate to +# reserve, whether there is space for the given file size or not. +# fallocate_reserve = 0 + +[pipeline:main] +pipeline = healthcheck recon container-server + +[app:container-server] +use = egg:swift#container +# You can override the default log routing for this app here: +# set log_name = container-server +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_requests = true +# set log_address = /dev/log +# +# node_timeout = 3 +# conn_timeout = 0.5 +# allow_versions = false +# auto_create_account_prefix = . +# +# Configure parameter for creating specific server +# To handle all verbs, including replication verbs, do not specify +# "replication_server" (this is the default). To only handle replication, +# set to a True value (e.g. "True" or "1"). To handle only non-replication +# verbs, set to "False". Unless you have a separate replication network, you +# should not specify any value for "replication_server". +# replication_server = false + +[filter:healthcheck] +use = egg:swift#healthcheck +# An optional filesystem path, which if present, will cause the healthcheck +# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE" +# disable_path = + +[filter:recon] +use = egg:swift#recon +recon_cache_path = /var/cache/swift + +[container-replicator] +# You can override the default log routing for this app here (don't use set!): +# log_name = container-replicator +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# vm_test_mode = no +# per_diff = 1000 +# max_diffs = 100 +# concurrency = 8 +# interval = 30 +# node_timeout = 10 +# conn_timeout = 0.5 +# +# The replicator also performs reclamation +# reclaim_age = 604800 +# +# Time in seconds to wait between replication passes +# Note: if the parameter 'interval' is defined then it will be used in place +# of run_pause. +# run_pause = 30 +# +# recon_cache_path = /var/cache/swift + +[container-updater] +# You can override the default log routing for this app here (don't use set!): +# log_name = container-updater +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# interval = 300 +# concurrency = 4 +# node_timeout = 3 +# conn_timeout = 0.5 +# +# slowdown will sleep that amount between containers +# slowdown = 0.01 +# +# Seconds to suppress updating an account that has generated an error +# account_suppression_time = 60 +# +# recon_cache_path = /var/cache/swift + +[container-auditor] +# You can override the default log routing for this app here (don't use set!): +# log_name = container-auditor +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# Will audit each container at most once per interval +# interval = 1800 +# +# containers_per_second = 200 +# recon_cache_path = /var/cache/swift + +[container-sync] +# You can override the default log routing for this app here (don't use set!): +# log_name = container-sync +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# If you need to use an HTTP Proxy, set it here; defaults to no proxy. +# You can also set this to a comma separated list of HTTP Proxies and they will +# be randomly used (simple load balancing). +# sync_proxy = http://10.1.1.1:8888,http://10.1.1.2:8888 +# +# Will sync each container at most once per interval +# interval = 300 +# +# Maximum amount of time to spend syncing each container per pass +# container_time = 60 + +# Note: Put it at the beginning of the pipeline to profile all middleware. But +# it is safer to put this after healthcheck. +[filter:xprofile] +use = egg:swift#xprofile +# This option enable you to switch profilers which should inherit from python +# standard profiler. Currently the supported value can be 'cProfile', +# 'eventlet.green.profile' etc. +# profile_module = eventlet.green.profile +# +# This prefix will be used to combine process ID and timestamp to name the +# profile data file. Make sure the executing user has permission to write +# into this path (missing path segments will be created, if necessary). +# If you enable profiling in more than one type of daemon, you must override +# it with an unique value like: /var/log/swift/profile/container.profile +# log_filename_prefix = /tmp/log/swift/profile/default.profile +# +# the profile data will be dumped to local disk based on above naming rule +# in this interval. +# dump_interval = 5.0 +# +# Be careful, this option will enable profiler to dump data into the file with +# time stamp which means there will be lots of files piled up in the directory. +# dump_timestamp = false +# +# This is the path of the URL to access the mini web UI. +# path = /__profile__ +# +# Clear the data when the wsgi server shutdown. +# flush_at_shutdown = false +# +# unwind the iterator of applications +# unwind = false diff --git a/swift/usr/share/swift/etc/swift/object-server.j2 b/swift/usr/share/swift/etc/swift/object-server.j2 new file mode 100644 index 00000000..66990be9 --- /dev/null +++ b/swift/usr/share/swift/etc/swift/object-server.j2 @@ -0,0 +1,283 @@ +[DEFAULT] +# bind_ip = 0.0.0.0 +bind_ip = {{ MANAGEMENT_INTERFACE_IP_ADDRESS }} +bind_port = 6000 +# bind_timeout = 30 +# backlog = 4096 +user = swift +swift_dir = /etc/swift +devices = /srv/node +# mount_check = true +# disable_fallocate = false +# expiring_objects_container_divisor = 86400 +# expiring_objects_account_name = expiring_objects +# +# Use an integer to override the number of pre-forked processes that will +# accept connections. +# workers = auto +# +# Maximum concurrent requests per worker +# max_clients = 1024 +# +# You can specify default log routing here if you want: +# log_name = swift +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# The following caps the length of log lines to the value given; no limit if +# set to 0, the default. +# log_max_line_length = 0 +# +# comma separated list of functions to call to setup custom log handlers. +# functions get passed: conf, name, log_to_console, log_route, fmt, logger, +# adapted_logger +# log_custom_handlers = +# +# If set, log_udp_host will override log_address +# log_udp_host = +# log_udp_port = 514 +# +# You can enable StatsD logging here: +# log_statsd_host = localhost +# log_statsd_port = 8125 +# log_statsd_default_sample_rate = 1.0 +# log_statsd_sample_rate_factor = 1.0 +# log_statsd_metric_prefix = +# +# eventlet_debug = false +# +# You can set fallocate_reserve to the number of bytes you'd like fallocate to +# reserve, whether there is space for the given file size or not. +# fallocate_reserve = 0 +# +# Time to wait while attempting to connect to another backend node. +# conn_timeout = 0.5 +# Time to wait while sending each chunk of data to another backend node. +# node_timeout = 3 +# Time to wait while receiving each chunk of data from a client or another +# backend node. +# client_timeout = 60 +# +# network_chunk_size = 65536 +# disk_chunk_size = 65536 + +[pipeline:main] +pipeline = healthcheck recon object-server + +[app:object-server] +use = egg:swift#object +# You can override the default log routing for this app here: +# set log_name = object-server +# set log_facility = LOG_LOCAL0 +# set log_level = INFO +# set log_requests = true +# set log_address = /dev/log +# +# max_upload_time = 86400 +# slow = 0 +# +# Objects smaller than this are not evicted from the buffercache once read +# keep_cache_size = 5424880 +# +# If true, objects for authenticated GET requests may be kept in buffer cache +# if small enough +# keep_cache_private = false +# +# on PUTs, sync data every n MB +# mb_per_sync = 512 +# +# Comma separated list of headers that can be set in metadata on an object. +# This list is in addition to X-Object-Meta-* headers and cannot include +# Content-Type, etag, Content-Length, or deleted +# allowed_headers = Content-Disposition, Content-Encoding, X-Delete-At, X-Object-Manifest, X-Static-Large-Object +# +# auto_create_account_prefix = . +# +# A value of 0 means "don't use thread pools". A reasonable starting point is +# 4. +# threads_per_disk = 0 +# +# Configure parameter for creating specific server +# To handle all verbs, including replication verbs, do not specify +# "replication_server" (this is the default). To only handle replication, +# set to a True value (e.g. "True" or "1"). To handle only non-replication +# verbs, set to "False". Unless you have a separate replication network, you +# should not specify any value for "replication_server". +# replication_server = false +# +# Set to restrict the number of concurrent incoming REPLICATION requests +# Set to 0 for unlimited +# Note that REPLICATION is currently an ssync only item +# replication_concurrency = 4 +# +# Restricts incoming REPLICATION requests to one per device, +# replication_currency above allowing. This can help control I/O to each +# device, but you may wish to set this to False to allow multiple REPLICATION +# requests (up to the above replication_concurrency setting) per device. +# replication_one_per_device = True +# +# Number of seconds to wait for an existing replication device lock before +# giving up. +# replication_lock_timeout = 15 +# +# These next two settings control when the REPLICATION subrequest handler will +# abort an incoming REPLICATION attempt. An abort will occur if there are at +# least threshold number of failures and the value of failures / successes +# exceeds the ratio. The defaults of 100 and 1.0 means that at least 100 +# failures have to occur and there have to be more failures than successes for +# an abort to occur. +# replication_failure_threshold = 100 +# replication_failure_ratio = 1.0 +# +# Use splice() for zero-copy object GETs. This requires Linux kernel +# version 3.0 or greater. If you set "splice = yes" but the kernel +# does not support it, error messages will appear in the object server +# logs at startup, but your object servers should continue to function. +# +# splice = no + +[filter:healthcheck] +use = egg:swift#healthcheck +# An optional filesystem path, which if present, will cause the healthcheck +# URL to return "503 Service Unavailable" with a body of "DISABLED BY FILE" +# disable_path = + +[filter:recon] +use = egg:swift#recon +recon_cache_path = /var/cache/swift +#recon_lock_path = /var/lock + +[object-replicator] +# You can override the default log routing for this app here (don't use set!): +# log_name = object-replicator +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# vm_test_mode = no +# daemonize = on +# run_pause = 30 +# concurrency = 1 +# stats_interval = 300 +# +# The sync method to use; default is rsync but you can use ssync to try the +# EXPERIMENTAL all-swift-code-no-rsync-callouts method. Once ssync is verified +# as having performance comparable to, or better than, rsync, we plan to +# deprecate rsync so we can move on with more features for replication. +# sync_method = rsync +# +# max duration of a partition rsync +# rsync_timeout = 900 +# +# bandwidth limit for rsync in kB/s. 0 means unlimited +# rsync_bwlimit = 0 +# +# passed to rsync for io op timeout +# rsync_io_timeout = 30 +# +# node_timeout = <whatever's in the DEFAULT section or 10> +# max duration of an http request; this is for REPLICATE finalization calls and +# so should be longer than node_timeout +# http_timeout = 60 +# +# attempts to kill all workers if nothing replicates for lockup_timeout seconds +# lockup_timeout = 1800 +# +# The replicator also performs reclamation +# reclaim_age = 604800 +# +# ring_check_interval = 15 +# recon_cache_path = /var/cache/swift +# +# limits how long rsync error log lines are +# 0 means to log the entire line +# rsync_error_log_line_length = 0 +# +# handoffs_first and handoff_delete are options for a special case +# such as disk full in the cluster. These two options SHOULD NOT BE +# CHANGED, except for such an extreme situations. (e.g. disks filled up +# or are about to fill up. Anyway, DO NOT let your drives fill up) +# handoffs_first is the flag to replicate handoffs prior to canonical +# partitions. It allows to force syncing and deleting handoffs quickly. +# If set to a True value(e.g. "True" or "1"), partitions +# that are not supposed to be on the node will be replicated first. +# handoffs_first = False +# +# handoff_delete is the number of replicas which are ensured in swift. +# If the number less than the number of replicas is set, object-replicator +# could delete local handoffs even if all replicas are not ensured in the +# cluster. Object-replicator would remove local handoff partition directories +# after syncing partition when the number of successful responses is greater +# than or equal to this number. By default(auto), handoff partitions will be +# removed when it has successfully replicated to all the canonical nodes. +# handoff_delete = auto + +[object-updater] +# You can override the default log routing for this app here (don't use set!): +# log_name = object-updater +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# interval = 300 +# concurrency = 1 +# node_timeout = <whatever's in the DEFAULT section or 10> +# slowdown will sleep that amount between objects +# slowdown = 0.01 +# +# recon_cache_path = /var/cache/swift + +[object-auditor] +# You can override the default log routing for this app here (don't use set!): +# log_name = object-auditor +# log_facility = LOG_LOCAL0 +# log_level = INFO +# log_address = /dev/log +# +# You can set the disk chunk size that the auditor uses making it larger if +# you like for more efficient local auditing of larger objects +# disk_chunk_size = 65536 +# files_per_second = 20 +# concurrency = 1 +# bytes_per_second = 10000000 +# log_time = 3600 +# zero_byte_files_per_second = 50 +# recon_cache_path = /var/cache/swift + +# Takes a comma separated list of ints. If set, the object auditor will +# increment a counter for every object whose size is <= to the given break +# points and report the result after a full scan. +# object_size_stats = + +# Note: Put it at the beginning of the pipleline to profile all middleware. But +# it is safer to put this after healthcheck. +[filter:xprofile] +use = egg:swift#xprofile +# This option enable you to switch profilers which should inherit from python +# standard profiler. Currently the supported value can be 'cProfile', +# 'eventlet.green.profile' etc. +# profile_module = eventlet.green.profile +# +# This prefix will be used to combine process ID and timestamp to name the +# profile data file. Make sure the executing user has permission to write +# into this path (missing path segments will be created, if necessary). +# If you enable profiling in more than one type of daemon, you must override +# it with an unique value like: /var/log/swift/profile/object.profile +# log_filename_prefix = /tmp/log/swift/profile/default.profile +# +# the profile data will be dumped to local disk based on above naming rule +# in this interval. +# dump_interval = 5.0 +# +# Be careful, this option will enable profiler to dump data into the file with +# time stamp which means there will be lots of files piled up in the directory. +# dump_timestamp = false +# +# This is the path of the URL to access the mini web UI. +# path = /__profile__ +# +# Clear the data when the wsgi server shutdown. +# flush_at_shutdown = false +# +# unwind the iterator of applications +# unwind = false diff --git a/swift/usr/share/swift/etc/swift/swift.j2 b/swift/usr/share/swift/etc/swift/swift.j2 new file mode 100644 index 00000000..6d76215a --- /dev/null +++ b/swift/usr/share/swift/etc/swift/swift.j2 @@ -0,0 +1,118 @@ +[swift-hash] + +# swift_hash_path_suffix and swift_hash_path_prefix are used as part of the +# the hashing algorithm when determining data placement in the cluster. +# These values should remain secret and MUST NOT change +# once a cluster has been deployed. + +swift_hash_path_suffix = {{ SWIFT_HASH_PATH_SUFFIX }} +swift_hash_path_prefix = {{ SWIFT_HASH_PATH_PREFIX }} + +# storage policies are defined here and determine various characteristics +# about how objects are stored and treated. Policies are specified by name on +# a per container basis. Names are case-insensitive. The policy index is +# specified in the section header and is used internally. The policy with +# index 0 is always used for legacy containers and can be given a name for use +# in metadata however the ring file name will always be 'object.ring.gz' for +# backwards compatibility. If no policies are defined a policy with index 0 +# will be automatically created for backwards compatibility and given the name +# Policy-0. A default policy is used when creating new containers when no +# policy is specified in the request. If no other policies are defined the +# policy with index 0 will be declared the default. If multiple policies are +# defined you must define a policy with index 0 and you must specify a +# default. It is recommended you always define a section for +# storage-policy:0. +[storage-policy:0] +name = Policy-0 +default = yes + +# the following section would declare a policy called 'silver', the number of +# replicas will be determined by how the ring is built. In this example the +# 'silver' policy could have a lower or higher # of replicas than the +# 'Policy-0' policy above. The ring filename will be 'object-1.ring.gz'. You +# may only specify one storage policy section as the default. If you changed +# this section to specify 'silver' as the default, when a client created a new +# container w/o a policy specified, it will get the 'silver' policy because +# this config has specified it as the default. However if a legacy container +# (one created with a pre-policy version of swift) is accessed, it is known +# implicitly to be assigned to the policy with index 0 as opposed to the +# current default. +#[storage-policy:1] +#name = silver + +# The swift-constraints section sets the basic constraints on data +# saved in the swift cluster. These constraints are automatically +# published by the proxy server in responses to /info requests. + +[swift-constraints] + +# max_file_size is the largest "normal" object that can be saved in +# the cluster. This is also the limit on the size of each segment of +# a "large" object when using the large object manifest support. +# This value is set in bytes. Setting it to lower than 1MiB will cause +# some tests to fail. It is STRONGLY recommended to leave this value at +# the default (5 * 2**30 + 2). + +#max_file_size = 5368709122 + + +# max_meta_name_length is the max number of bytes in the utf8 encoding +# of the name portion of a metadata header. + +#max_meta_name_length = 128 + + +# max_meta_value_length is the max number of bytes in the utf8 encoding +# of a metadata value + +#max_meta_value_length = 256 + + +# max_meta_count is the max number of metadata keys that can be stored +# on a single account, container, or object + +#max_meta_count = 90 + + +# max_meta_overall_size is the max number of bytes in the utf8 encoding +# of the metadata (keys + values) + +#max_meta_overall_size = 4096 + +# max_header_size is the max number of bytes in the utf8 encoding of each +# header. Using 8192 as default because eventlet use 8192 as max size of +# header line. This value may need to be increased when using identity +# v3 API tokens including more than 7 catalog entries. +# See also include_service_catalog in proxy-server.conf-sample +# (documented in overview_auth.rst) + +#max_header_size = 8192 + + +# max_object_name_length is the max number of bytes in the utf8 encoding +# of an object name + +#max_object_name_length = 1024 + + +# container_listing_limit is the default (and max) number of items +# returned for a container listing request + +#container_listing_limit = 10000 + + +# account_listing_limit is the default (and max) number of items returned +# for an account listing request +#account_listing_limit = 10000 + + +# max_account_name_length is the max number of bytes in the utf8 encoding +# of an account name + +#max_account_name_length = 256 + + +# max_container_name_length is the max number of bytes in the utf8 encoding +# of a container name + +#max_container_name_length = 256 diff --git a/swift/usr/share/swift/hosts b/swift/usr/share/swift/hosts new file mode 100644 index 00000000..5b97818d --- /dev/null +++ b/swift/usr/share/swift/hosts @@ -0,0 +1 @@ +localhost ansible_connection=local diff --git a/swift/usr/share/swift/swift-storage.yml b/swift/usr/share/swift/swift-storage.yml new file mode 100644 index 00000000..62a335ed --- /dev/null +++ b/swift/usr/share/swift/swift-storage.yml @@ -0,0 +1,24 @@ +--- +- hosts: localhost + vars_files: + - swift-storage-vars.yml + vars: + remote_user: root + tasks: + - user: name=swift comment="Swift user" + - file: path=/etc/swift owner=swift group=swift state=directory recurse=yes + + - template: src=/usr/share/swift/etc/rsyncd.j2 dest=/etc/rsyncd.conf + mode=0644 owner=swift group=swift + + - template: src=/usr/share/swift/etc/swift/{{ item }}.j2 + dest=/etc/swift/{{ item }}.conf mode=0644 owner=swift group=swift + with_items: + - account-server + - container-server + - object-server + - swift + + - file: path=/srv/node owner=swift group=swift state=directory recurse=yes + - file: path=/var/cache/swift owner=swift group=swift state=directory + recurse=yes diff --git a/systems/armv7lhf-cross-toolchain-system-x86_32.morph b/systems/armv7lhf-cross-toolchain-system-x86_32.morph index 3f66d178..9fe7888a 100644 --- a/systems/armv7lhf-cross-toolchain-system-x86_32.morph +++ b/systems/armv7lhf-cross-toolchain-system-x86_32.morph @@ -16,3 +16,4 @@ configuration-extensions: - simple-network - nfsboot - install-files +- install-essential-files diff --git a/systems/armv7lhf-cross-toolchain-system-x86_64.morph b/systems/armv7lhf-cross-toolchain-system-x86_64.morph index 76197491..c1de199c 100644 --- a/systems/armv7lhf-cross-toolchain-system-x86_64.morph +++ b/systems/armv7lhf-cross-toolchain-system-x86_64.morph @@ -16,3 +16,4 @@ configuration-extensions: - simple-network - nfsboot - install-files +- install-essential-files diff --git a/systems/base-system-armv7-highbank.morph b/systems/base-system-armv7-highbank.morph index 47c69bad..ffc5e188 100644 --- a/systems/base-system-armv7-highbank.morph +++ b/systems/base-system-armv7-highbank.morph @@ -17,3 +17,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/base-system-armv7-versatile.morph b/systems/base-system-armv7-versatile.morph index e5b9d7f5..8de2b35f 100644 --- a/systems/base-system-armv7-versatile.morph +++ b/systems/base-system-armv7-versatile.morph @@ -17,3 +17,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/base-system-armv7b-highbank.morph b/systems/base-system-armv7b-highbank.morph index 169d490e..23bf4dbf 100644 --- a/systems/base-system-armv7b-highbank.morph +++ b/systems/base-system-armv7b-highbank.morph @@ -17,3 +17,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/base-system-armv7b-vexpress-tc2.morph b/systems/base-system-armv7b-vexpress-tc2.morph index 76d5c006..b06ead7b 100644 --- a/systems/base-system-armv7b-vexpress-tc2.morph +++ b/systems/base-system-armv7b-vexpress-tc2.morph @@ -16,3 +16,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/base-system-armv7lhf-highbank.morph b/systems/base-system-armv7lhf-highbank.morph index b889278d..c827f3a2 100644 --- a/systems/base-system-armv7lhf-highbank.morph +++ b/systems/base-system-armv7lhf-highbank.morph @@ -17,3 +17,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/base-system-armv8b64.morph b/systems/base-system-armv8b64.morph new file mode 100644 index 00000000..49e7dac7 --- /dev/null +++ b/systems/base-system-armv8b64.morph @@ -0,0 +1,22 @@ +name: base-system-armv8b64 +kind: system +description: | + The set of strata required to have a minimal + system for big endian 64-bit ARMv8 computers. +arch: armv8b64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: foundation + morph: strata/foundation.morph +- name: bsp-armv8b64-generic + morph: strata/bsp-armv8b64-generic.morph +configuration-extensions: +- set-hostname +- add-config-files +- nfsboot +- install-files +- moonshot-kernel +- install-essential-files diff --git a/systems/base-system-armv8l64.morph b/systems/base-system-armv8l64.morph new file mode 100644 index 00000000..560add69 --- /dev/null +++ b/systems/base-system-armv8l64.morph @@ -0,0 +1,22 @@ +name: base-system-armv8l64 +kind: system +description: | + The set of strata required to have a minimal + system for little endian 64-bit ARMv8 computers. +arch: armv8l64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: foundation + morph: strata/foundation.morph +- name: bsp-armv8l64-generic + morph: strata/bsp-armv8l64-generic.morph +configuration-extensions: +- set-hostname +- add-config-files +- nfsboot +- install-files +- moonshot-kernel +- install-essential-files diff --git a/systems/base-system-ppc64-generic.morph b/systems/base-system-ppc64-generic.morph index 488bf5e4..3763cce5 100644 --- a/systems/base-system-ppc64-generic.morph +++ b/systems/base-system-ppc64-generic.morph @@ -17,3 +17,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/base-system-x86_32-generic.morph b/systems/base-system-x86_32-generic.morph index 40e62cad..7ada4052 100644 --- a/systems/base-system-x86_32-generic.morph +++ b/systems/base-system-x86_32-generic.morph @@ -11,11 +11,9 @@ strata: morph: strata/foundation.morph - name: bsp-x86_32-generic morph: strata/bsp-x86_32-generic.morph -- name: cloudinit-support - morph: strata/cloudinit-support.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files -- cloud-init +- install-essential-files diff --git a/systems/base-system-x86_64-generic.morph b/systems/base-system-x86_64-generic.morph index a3346a44..796c8185 100644 --- a/systems/base-system-x86_64-generic.morph +++ b/systems/base-system-x86_64-generic.morph @@ -12,11 +12,9 @@ strata: morph: strata/foundation.morph - name: bsp-x86_64-generic morph: strata/bsp-x86_64-generic.morph -- name: cloudinit-support - morph: strata/cloudinit-support.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files -- cloud-init +- install-essential-files diff --git a/systems/build-system-armv7lhf-highbank.morph b/systems/build-system-armv7lhf-highbank.morph index b9ee8e79..d43ac935 100644 --- a/systems/build-system-armv7lhf-highbank.morph +++ b/systems/build-system-armv7lhf-highbank.morph @@ -19,6 +19,8 @@ strata: morph: strata/python-cliapp.morph - name: python-wsgi morph: strata/python-wsgi.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: morph-utils morph: strata/morph-utils.morph - name: nfs @@ -35,6 +37,12 @@ strata: morph: strata/openstack-clients.morph - name: devtools morph: strata/devtools.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph +- name: unionfs-fuse-group + morph: strata/unionfs-fuse-group.morph configuration-extensions: - set-hostname - add-config-files @@ -44,3 +52,4 @@ configuration-extensions: - fstab - mason - cloud-init +- install-essential-files diff --git a/systems/build-system-armv7lhf-jetson.morph b/systems/build-system-armv7lhf-jetson.morph index 6c59cb28..fa948037 100644 --- a/systems/build-system-armv7lhf-jetson.morph +++ b/systems/build-system-armv7lhf-jetson.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -35,6 +37,10 @@ strata: morph: strata/openstack-clients.morph - name: devtools morph: strata/devtools.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files @@ -44,3 +50,4 @@ configuration-extensions: - fstab - mason - cloud-init +- install-essential-files diff --git a/systems/build-system-armv8b64.morph b/systems/build-system-armv8b64.morph new file mode 100644 index 00000000..84495016 --- /dev/null +++ b/systems/build-system-armv8b64.morph @@ -0,0 +1,57 @@ +name: build-system-armv8b64 +kind: system +description: +- | + The system that should be used for building all other Baserock systems + for 64-bit ARMv8 computers running in big-endian mode. +arch: armv8b64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: foundation + morph: strata/foundation.morph +- name: bsp-armv8b64-generic + morph: strata/bsp-armv8b64-generic.morph +- name: python-core + morph: strata/python-core.morph +- name: tools + morph: strata/tools.morph +- name: python-cliapp + morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: python-wsgi + morph: strata/python-wsgi.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph +- name: morph-utils + morph: strata/morph-utils.morph +- name: nfs + morph: strata/nfs.morph +- name: python-common + morph: strata/python-common.morph +- name: ansible + morph: strata/ansible.morph +- name: cloudinit-support + morph: strata/cloudinit-support.morph +- name: openstack-common + morph: strata/openstack-common.morph +- name: openstack-clients + morph: strata/openstack-clients.morph +- name: devtools + morph: strata/devtools.morph +configuration-extensions: +- set-hostname +- add-config-files +- nfsboot +- install-files +- distbuild +- fstab +- mason +- cloud-init +- moonshot-kernel +- install-essential-files diff --git a/systems/build-system-armv8l64.morph b/systems/build-system-armv8l64.morph index 63dcb432..f79fb76e 100644 --- a/systems/build-system-armv8l64.morph +++ b/systems/build-system-armv8l64.morph @@ -20,6 +20,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -38,6 +40,10 @@ strata: morph: strata/openstack-clients.morph - name: devtools morph: strata/devtools.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files @@ -48,3 +54,4 @@ configuration-extensions: - mason - cloud-init - moonshot-kernel +- install-essential-files diff --git a/systems/build-system-ppc64.morph b/systems/build-system-ppc64.morph index 600eb683..38f2e9f3 100644 --- a/systems/build-system-ppc64.morph +++ b/systems/build-system-ppc64.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -35,6 +37,10 @@ strata: morph: strata/openstack-clients.morph - name: devtools morph: strata/devtools.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files @@ -44,3 +50,4 @@ configuration-extensions: - fstab - mason - cloud-init +- install-essential-files diff --git a/systems/build-system-x86_32-chroot.morph b/systems/build-system-x86_32-chroot.morph index 61bf4eaf..f193841f 100644 --- a/systems/build-system-x86_32-chroot.morph +++ b/systems/build-system-x86_32-chroot.morph @@ -15,6 +15,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -35,6 +37,10 @@ strata: morph: strata/devtools.morph - name: bsp-x86_both-tools morph: strata/bsp-x86_both-tools.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files @@ -44,3 +50,4 @@ configuration-extensions: - fstab - mason - cloud-init +- install-essential-files diff --git a/systems/build-system-x86_32.morph b/systems/build-system-x86_32.morph index f485287e..a802b64f 100644 --- a/systems/build-system-x86_32.morph +++ b/systems/build-system-x86_32.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -37,6 +39,10 @@ strata: morph: strata/devtools.morph - name: bsp-x86_both-tools morph: strata/bsp-x86_both-tools.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files @@ -46,3 +52,4 @@ configuration-extensions: - fstab - mason - cloud-init +- install-essential-files diff --git a/systems/build-system-x86_64-chroot.morph b/systems/build-system-x86_64-chroot.morph index e8cd7b87..fa54f9d3 100644 --- a/systems/build-system-x86_64-chroot.morph +++ b/systems/build-system-x86_64-chroot.morph @@ -15,6 +15,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -35,6 +37,10 @@ strata: morph: strata/devtools.morph - name: bsp-x86_both-tools morph: strata/bsp-x86_both-tools.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files @@ -44,3 +50,4 @@ configuration-extensions: - fstab - mason - cloud-init +- install-essential-files diff --git a/systems/build-system-x86_64.morph b/systems/build-system-x86_64.morph index b9433409..8fe5f91f 100644 --- a/systems/build-system-x86_64.morph +++ b/systems/build-system-x86_64.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -37,6 +39,10 @@ strata: morph: strata/devtools.morph - name: bsp-x86_both-tools morph: strata/bsp-x86_both-tools.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files @@ -46,3 +52,4 @@ configuration-extensions: - fstab - mason - cloud-init +- install-essential-files diff --git a/systems/ceph-service-x86_64-generic.morph b/systems/ceph-service-x86_64-generic.morph index 95b17dc0..7431e56a 100644 --- a/systems/ceph-service-x86_64-generic.morph +++ b/systems/ceph-service-x86_64-generic.morph @@ -24,8 +24,14 @@ strata: morph: strata/ntpd.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph - name: morph-utils morph: strata/morph-utils.morph - name: openstack-common @@ -55,3 +61,4 @@ configuration-extensions: - install-files - ceph - cloud-init +- install-essential-files diff --git a/systems/cross-bootstrap-system-armv5l-generic.morph b/systems/cross-bootstrap-system-armv5l-generic.morph new file mode 100644 index 00000000..08cc11f6 --- /dev/null +++ b/systems/cross-bootstrap-system-armv5l-generic.morph @@ -0,0 +1,21 @@ +name: cross-bootstrap-system-armv5l-generic +kind: system +description: A system that produces the minimum needed to build a devel system +arch: armv5l +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: python-cliapp + morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph +- name: morph-utils + morph: strata/morph-utils.morph +- name: cross-bootstrap + morph: strata/cross-bootstrap.morph diff --git a/systems/cross-bootstrap-system-armv7lhf-generic.morph b/systems/cross-bootstrap-system-armv7lhf-generic.morph index f0a2780b..e52a0375 100644 --- a/systems/cross-bootstrap-system-armv7lhf-generic.morph +++ b/systems/cross-bootstrap-system-armv7lhf-generic.morph @@ -9,6 +9,12 @@ strata: morph: strata/core.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph - name: morph-utils morph: strata/morph-utils.morph - name: cross-bootstrap diff --git a/systems/cross-bootstrap-system-armv8b64-generic.morph b/systems/cross-bootstrap-system-armv8b64-generic.morph new file mode 100644 index 00000000..adfbd412 --- /dev/null +++ b/systems/cross-bootstrap-system-armv8b64-generic.morph @@ -0,0 +1,21 @@ +name: cross-bootstrap-system-armv8b64-generic +kind: system +description: A system that produces the minimum needed to build a devel system +arch: armv8b64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: python-cliapp + morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph +- name: morph-utils + morph: strata/morph-utils.morph +- name: cross-bootstrap + morph: strata/cross-bootstrap.morph diff --git a/systems/cross-bootstrap-system-armv8l64-generic.morph b/systems/cross-bootstrap-system-armv8l64-generic.morph index 2bf192d3..5cc2f83b 100644 --- a/systems/cross-bootstrap-system-armv8l64-generic.morph +++ b/systems/cross-bootstrap-system-armv8l64-generic.morph @@ -9,6 +9,12 @@ strata: morph: strata/core.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph - name: morph-utils morph: strata/morph-utils.morph - name: cross-bootstrap diff --git a/systems/cross-bootstrap-system-ppc64-generic.morph b/systems/cross-bootstrap-system-ppc64-generic.morph index 9d736f94..35b3f626 100644 --- a/systems/cross-bootstrap-system-ppc64-generic.morph +++ b/systems/cross-bootstrap-system-ppc64-generic.morph @@ -9,6 +9,12 @@ strata: morph: strata/core.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph - name: morph-utils morph: strata/morph-utils.morph - name: cross-bootstrap diff --git a/systems/cross-bootstrap-system-x86_64-generic.morph b/systems/cross-bootstrap-system-x86_64-generic.morph index ac919d66..471bd40d 100644 --- a/systems/cross-bootstrap-system-x86_64-generic.morph +++ b/systems/cross-bootstrap-system-x86_64-generic.morph @@ -9,6 +9,12 @@ strata: morph: strata/core.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph - name: morph-utils morph: strata/morph-utils.morph - name: cross-bootstrap diff --git a/systems/cxmanage-system-x86_64-generic.morph b/systems/cxmanage-system-x86_64-generic.morph index d75fbd14..aaa0fa81 100644 --- a/systems/cxmanage-system-x86_64-generic.morph +++ b/systems/cxmanage-system-x86_64-generic.morph @@ -21,3 +21,4 @@ configuration-extensions: - nfsboot - install-files - fstab +- install-essential-files diff --git a/systems/devel-system-armv7-chroot.morph b/systems/devel-system-armv7-chroot.morph index e32db851..550395d6 100644 --- a/systems/devel-system-armv7-chroot.morph +++ b/systems/devel-system-armv7-chroot.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -43,8 +45,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-armv7-highbank.morph b/systems/devel-system-armv7-highbank.morph index 9ae051d1..dd9e315a 100644 --- a/systems/devel-system-armv7-highbank.morph +++ b/systems/devel-system-armv7-highbank.morph @@ -18,6 +18,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -44,8 +46,18 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph +- name: unionfs-fuse-group + morph: strata/unionfs-fuse-group.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-armv7-versatile.morph b/systems/devel-system-armv7-versatile.morph index 12a2b2b6..720561bf 100644 --- a/systems/devel-system-armv7-versatile.morph +++ b/systems/devel-system-armv7-versatile.morph @@ -18,6 +18,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -44,8 +46,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-armv7-wandboard.morph b/systems/devel-system-armv7-wandboard.morph index ec6fea5e..b7395cee 100644 --- a/systems/devel-system-armv7-wandboard.morph +++ b/systems/devel-system-armv7-wandboard.morph @@ -18,6 +18,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -44,8 +46,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-armv7b-chroot.morph b/systems/devel-system-armv7b-chroot.morph index 2023ac21..e4457246 100644 --- a/systems/devel-system-armv7b-chroot.morph +++ b/systems/devel-system-armv7b-chroot.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -35,8 +37,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-armv7b-highbank.morph b/systems/devel-system-armv7b-highbank.morph index 2c7f8ed2..990aec67 100644 --- a/systems/devel-system-armv7b-highbank.morph +++ b/systems/devel-system-armv7b-highbank.morph @@ -18,6 +18,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -40,8 +42,18 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph +- name: unionfs-fuse-group + morph: strata/unionfs-fuse-group.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-armv7lhf-chroot.morph b/systems/devel-system-armv7lhf-chroot.morph index 1e2a8f8e..340a27ce 100644 --- a/systems/devel-system-armv7lhf-chroot.morph +++ b/systems/devel-system-armv7lhf-chroot.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -43,8 +45,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-armv7lhf-highbank.morph b/systems/devel-system-armv7lhf-highbank.morph index 3ef00c34..a4ba2d92 100644 --- a/systems/devel-system-armv7lhf-highbank.morph +++ b/systems/devel-system-armv7lhf-highbank.morph @@ -19,6 +19,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -47,8 +49,18 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph +- name: unionfs-fuse-group + morph: strata/unionfs-fuse-group.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-armv7lhf-jetson.morph b/systems/devel-system-armv7lhf-jetson.morph index dfc28c45..1adde07b 100644 --- a/systems/devel-system-armv7lhf-jetson.morph +++ b/systems/devel-system-armv7lhf-jetson.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -47,8 +49,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-armv7lhf-wandboard.morph b/systems/devel-system-armv7lhf-wandboard.morph index 631692e7..05648b97 100644 --- a/systems/devel-system-armv7lhf-wandboard.morph +++ b/systems/devel-system-armv7lhf-wandboard.morph @@ -19,6 +19,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -47,8 +49,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-armv8b64.morph b/systems/devel-system-armv8b64.morph new file mode 100644 index 00000000..33ceb5a6 --- /dev/null +++ b/systems/devel-system-armv8b64.morph @@ -0,0 +1,65 @@ +name: devel-system-armv8b64 +kind: system +description: | + A system with useful tools for doing Baserock development. + + For use on 64-bit ARMv8 computers using big-endian word. +arch: armv8b64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: foundation + morph: strata/foundation.morph +- name: bsp-armv8b64-generic + morph: strata/bsp-armv8b64-generic.morph +- name: tools + morph: strata/tools.morph +- name: python-cliapp + morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: python-wsgi + morph: strata/python-wsgi.morph +- name: morph-utils + morph: strata/morph-utils.morph +- name: openstack-common + morph: strata/openstack-common.morph +- name: openstack-clients + morph: strata/openstack-clients.morph +- name: cloudinit-support + morph: strata/cloudinit-support.morph +- name: nodejs + morph: strata/nodejs.morph +- name: ruby + morph: strata/ruby.morph +- name: lorry + morph: strata/lorry.morph +- name: baserock-import + morph: strata/baserock-import.morph +- name: nfs + morph: strata/nfs.morph +- name: python-core + morph: strata/python-core.morph +- name: python-tools + morph: strata/python-tools.morph +- name: python-common + morph: strata/python-common.morph +- name: devtools + morph: strata/devtools.morph +- name: ansible + morph: strata/ansible.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph +configuration-extensions: +- set-hostname +- add-config-files +- simple-network +- nfsboot +- install-files +- cloud-init +- moonshot-kernel +- install-essential-files diff --git a/systems/devel-system-armv8l64.morph b/systems/devel-system-armv8l64.morph index bad6d6a9..b5765cac 100644 --- a/systems/devel-system-armv8l64.morph +++ b/systems/devel-system-armv8l64.morph @@ -18,6 +18,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -46,6 +48,12 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files @@ -54,3 +62,5 @@ configuration-extensions: - install-files - cloud-init - moonshot-kernel +- fstab +- install-essential-files diff --git a/systems/devel-system-ppc64-chroot.morph b/systems/devel-system-ppc64-chroot.morph index 1ec03145..a2baa9e0 100644 --- a/systems/devel-system-ppc64-chroot.morph +++ b/systems/devel-system-ppc64-chroot.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -41,8 +43,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-ppc64-generic.morph b/systems/devel-system-ppc64-generic.morph index bfbf3fbb..dd009bc1 100644 --- a/systems/devel-system-ppc64-generic.morph +++ b/systems/devel-system-ppc64-generic.morph @@ -18,6 +18,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -44,8 +46,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-x86_32-chroot.morph b/systems/devel-system-x86_32-chroot.morph index e83b1a55..f263897e 100644 --- a/systems/devel-system-x86_32-chroot.morph +++ b/systems/devel-system-x86_32-chroot.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -43,8 +45,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-x86_32-generic.morph b/systems/devel-system-x86_32-generic.morph index c707125c..05fa6dcc 100644 --- a/systems/devel-system-x86_32-generic.morph +++ b/systems/devel-system-x86_32-generic.morph @@ -18,6 +18,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -48,9 +50,17 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files - cloud-init +- fstab +- install-essential-files diff --git a/systems/devel-system-x86_64-chroot.morph b/systems/devel-system-x86_64-chroot.morph index 00e72c84..e2f9e20a 100644 --- a/systems/devel-system-x86_64-chroot.morph +++ b/systems/devel-system-x86_64-chroot.morph @@ -17,6 +17,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -45,8 +47,16 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files +- fstab +- install-essential-files diff --git a/systems/devel-system-x86_64-generic.morph b/systems/devel-system-x86_64-generic.morph index e0bb1a21..ac6b52d5 100644 --- a/systems/devel-system-x86_64-generic.morph +++ b/systems/devel-system-x86_64-generic.morph @@ -18,6 +18,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -48,6 +50,12 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files @@ -55,3 +63,5 @@ configuration-extensions: - nfsboot - install-files - cloud-init +- fstab +- install-essential-files diff --git a/systems/devel-system-x86_64-vagrant.morph b/systems/devel-system-x86_64-vagrant.morph index fc40e1f5..a69028c2 100644 --- a/systems/devel-system-x86_64-vagrant.morph +++ b/systems/devel-system-x86_64-vagrant.morph @@ -18,6 +18,8 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph - name: morph-utils @@ -46,9 +48,17 @@ strata: morph: strata/devtools.morph - name: ansible morph: strata/ansible.morph +- name: swift + morph: strata/swift.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph configuration-extensions: - set-hostname - add-config-files - nfsboot - install-files - vagrant +- fstab +- install-essential-files diff --git a/systems/genivi-baseline-system-armv7lhf-jetson.morph b/systems/genivi-baseline-system-armv7lhf-jetson.morph index 512248e2..9306426d 100644 --- a/systems/genivi-baseline-system-armv7lhf-jetson.morph +++ b/systems/genivi-baseline-system-armv7lhf-jetson.morph @@ -44,3 +44,4 @@ configuration-extensions: - install-files - strip-gplv3 - fstab +- install-essential-files diff --git a/systems/genivi-baseline-system-armv7lhf-versatile.morph b/systems/genivi-baseline-system-armv7lhf-versatile.morph index ee089536..698230bb 100644 --- a/systems/genivi-baseline-system-armv7lhf-versatile.morph +++ b/systems/genivi-baseline-system-armv7lhf-versatile.morph @@ -42,3 +42,4 @@ configuration-extensions: - install-files - strip-gplv3 - fstab +- install-essential-files diff --git a/systems/genivi-baseline-system-x86_64-generic.morph b/systems/genivi-baseline-system-x86_64-generic.morph index d50068e9..7b339c43 100644 --- a/systems/genivi-baseline-system-x86_64-generic.morph +++ b/systems/genivi-baseline-system-x86_64-generic.morph @@ -33,8 +33,8 @@ strata: morph: strata/input-common.morph - name: llvm-common morph: strata/llvm-common.morph -- name: mesa-common - morph: strata/mesa-common.morph +- name: mesa-common-vm + morph: strata/mesa-common-vm.morph - name: x-common morph: strata/x-common.morph - name: weston-genivi @@ -45,3 +45,4 @@ configuration-extensions: - nfsboot - install-files - strip-gplv3 +- install-essential-files diff --git a/systems/gitlab-ci-runner.morph b/systems/gitlab-ci-runner.morph deleted file mode 100644 index 8f89ec74..00000000 --- a/systems/gitlab-ci-runner.morph +++ /dev/null @@ -1,58 +0,0 @@ -name: gitlab-ci-runner -kind: system -description: A system to run build tests as part of GitLab CI architecture. -arch: x86_64 -strata: -- name: build-essential - morph: strata/build-essential.morph -- name: core - morph: strata/core.morph -- name: foundation - morph: strata/foundation.morph -- name: bsp-x86_64-generic - morph: strata/bsp-x86_64-generic.morph -- name: connectivity - morph: strata/connectivity.morph -- name: connman-common - morph: strata/connman-common.morph -- name: audio-bluetooth - morph: strata/audio-bluetooth.morph -- name: x-common - morph: strata/x-common.morph -- name: x-generic - morph: strata/x-generic.morph -- name: multimedia-common - morph: strata/multimedia-common.morph -- name: multimedia-gstreamer - morph: strata/multimedia-gstreamer.morph -- name: genivi - morph: strata/genivi.morph -- name: tools - morph: strata/tools.morph -- name: lvm - morph: strata/lvm.morph -- name: python-core - morph: strata/python-core.morph -- name: virtualization - morph: strata/virtualization.morph -- name: openstack-common - morph: strata/openstack-common.morph -- name: openstack-clients - morph: strata/openstack-clients.morph -- name: python-common - morph: strata/python-common.morph -- name: databases - morph: strata/databases.morph -- name: pcre-utils - morph: strata/pcre-utils.morph -- name: webtools - morph: strata/webtools.morph -- name: ruby - morph: strata/ruby.morph -- name: nfs - morph: strata/nfs.morph -configuration-extensions: -- set-hostname -- add-config-files -- nfsboot -- install-files diff --git a/systems/gitlab-server.morph b/systems/gitlab-server.morph deleted file mode 100644 index 83093ac1..00000000 --- a/systems/gitlab-server.morph +++ /dev/null @@ -1,34 +0,0 @@ -name: gitlab-server -kind: system -description: system which hosts a gitlab server -arch: x86_64 -strata: -- name: build-essential - morph: strata/build-essential.morph -- name: bsp-x86_64-generic - morph: strata/bsp-x86_64-generic.morph -- name: foundation - morph: strata/foundation.morph -- name: core - morph: strata/core.morph -- name: tools - morph: strata/tools.morph -- name: nfs - morph: strata/nfs.morph -- name: databases - morph: strata/databases.morph -- name: pcre-utils - morph: strata/pcre-utils.morph -- name: webtools - morph: strata/webtools.morph -- name: ruby - morph: strata/ruby.morph -- name: gitlab - morph: strata/gitlab.morph -configuration-extensions: -- set-hostname -- add-config-files -- nfsboot -- install-files -- gitlab -- fstab diff --git a/systems/installer-system-armv8b64.morph b/systems/installer-system-armv8b64.morph new file mode 100644 index 00000000..726354c9 --- /dev/null +++ b/systems/installer-system-armv8b64.morph @@ -0,0 +1,36 @@ +name: installer-system-armv8b64 +kind: system +description: The system that should be used as an Installer to install other Baserock systems. +arch: armv8b64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: python-core + morph: strata/python-core.morph +- name: foundation + morph: strata/foundation.morph +- name: bsp-armv8b64-generic + morph: strata/bsp-armv8b64-generic.morph +- name: python-cliapp + morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: python-wsgi + morph: strata/python-wsgi.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph +- name: morph-utils + morph: strata/morph-utils.morph +- name: installer-utils + morph: strata/installer-utils.morph +configuration-extensions: +- set-hostname +- install-files +- fstab +- installer +- moonshot-kernel +- install-essential-files diff --git a/systems/installer-system-x86_64.morph b/systems/installer-system-x86_64.morph index cea09c09..3d0ced5d 100644 --- a/systems/installer-system-x86_64.morph +++ b/systems/installer-system-x86_64.morph @@ -15,8 +15,14 @@ strata: morph: strata/bsp-x86_64-generic.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph - name: morph-utils morph: strata/morph-utils.morph - name: installer-utils @@ -26,3 +32,4 @@ configuration-extensions: - install-files - fstab - installer +- install-essential-files diff --git a/systems/mason-system-x86_64-generic.morph b/systems/mason-system-x86_64-generic.morph new file mode 100644 index 00000000..12eae75c --- /dev/null +++ b/systems/mason-system-x86_64-generic.morph @@ -0,0 +1,67 @@ +name: mason-system-x86_64-generic +kind: system +description: | + A system which contains Zuul and turbo-hipster; to set up a CI pipeline. +arch: x86_64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: foundation + morph: strata/foundation.morph +- name: bsp-x86_64-generic + morph: strata/bsp-x86_64-generic.morph +- name: tools + morph: strata/tools.morph +- name: openstack-clients + morph: strata/openstack-clients.morph +- name: openstack-common + morph: strata/openstack-common.morph +- name: cloudinit-support + morph: strata/cloudinit-support.morph +- name: pcre-utils + morph: strata/pcre-utils.morph +- name: lighttpd-server + morph: strata/lighttpd-server.morph +- name: python-core + morph: strata/python-core.morph +- name: python-common + morph: strata/python-common.morph +- name: python-tools + morph: strata/python-tools.morph +- name: python-cliapp + morph: strata/python-cliapp.morph +- name: python-wsgi + morph: strata/python-wsgi.morph +- name: morph-utils + morph: strata/morph-utils.morph +- name: ansible + morph: strata/ansible.morph +- name: zuul-ci + morph: strata/zuul-ci.morph +- name: baserock-ci-tests + morph: strata/baserock-ci-tests.morph + +# TODO: We probably don't need devtools in production Mason systems +- name: devtools + morph: strata/devtools.morph + +# TODO: Figure out why these are here. Maybe for graphite? +- name: webtools + morph: strata/webtools.morph +- name: ruby + morph: strata/ruby.morph +- name: nodejs + morph: strata/nodejs.morph + +configuration-extensions: +- set-hostname +- add-config-files +- simple-network +- nfsboot +- install-files +- distbuild +- fstab +- mason +- cloud-init diff --git a/systems/minimal-system-armv5l-openbmc-aspeed.morph b/systems/minimal-system-armv5l-openbmc-aspeed.morph new file mode 100644 index 00000000..fe596057 --- /dev/null +++ b/systems/minimal-system-armv5l-openbmc-aspeed.morph @@ -0,0 +1,20 @@ +name: minimal-system-armv5l-openbmc-aspeed +kind: system +description: The set of strata required to have a minimal system for armv5l +arch: armv5l +strata: +- name: build-essential + morph: strata/build-essential.morph + artifacts: + - build-essential-minimal +- name: bsp-armv5l-openbmc-aspeed + morph: strata/bsp-armv5l-openbmc-aspeed.morph + artifacts: + - bsp-armv5l-openbmc-aspeed-runtime +configuration-extensions: +- set-hostname +- simple-network +- nfsboot +- install-files +- busybox-init +- install-essential-files diff --git a/systems/minimal-system-x86_32-generic.morph b/systems/minimal-system-x86_32-generic.morph index 6c48361f..785a72a2 100644 --- a/systems/minimal-system-x86_32-generic.morph +++ b/systems/minimal-system-x86_32-generic.morph @@ -18,3 +18,4 @@ configuration-extensions: - nfsboot - install-files - busybox-init +- install-essential-files diff --git a/systems/minimal-system-x86_64-generic.morph b/systems/minimal-system-x86_64-generic.morph index 02fb7deb..9da22ec8 100644 --- a/systems/minimal-system-x86_64-generic.morph +++ b/systems/minimal-system-x86_64-generic.morph @@ -18,3 +18,4 @@ configuration-extensions: - nfsboot - install-files - busybox-init +- install-essential-files diff --git a/systems/nodejs-system-x86_64.morph b/systems/nodejs-system-x86_64.morph index 2692e2fc..d5ebcf30 100644 --- a/systems/nodejs-system-x86_64.morph +++ b/systems/nodejs-system-x86_64.morph @@ -19,3 +19,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/ocaml-system-x86_64.morph b/systems/ocaml-system-x86_64.morph new file mode 100644 index 00000000..1903e4d6 --- /dev/null +++ b/systems/ocaml-system-x86_64.morph @@ -0,0 +1,20 @@ +name: ocaml-system-x86_64 +kind: system +description: OCaml base system +arch: x86_64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: foundation + morph: strata/foundation.morph +- name: bsp-x86_64-generic + morph: strata/bsp-x86_64-generic.morph +- name: ocaml-language + morph: strata/ocaml-language.morph +configuration-extensions: +- set-hostname +- add-config-files +- nfsboot +- install-files diff --git a/systems/openstack-system-x86_64.morph b/systems/openstack-system-x86_64.morph new file mode 100644 index 00000000..8ab38bee --- /dev/null +++ b/systems/openstack-system-x86_64.morph @@ -0,0 +1,85 @@ +name: openstack-system-x86_64 +kind: system +description: Openstack system in baserock for the x86_64 architecture +arch: x86_64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: python-core + morph: strata/python-core.morph +- name: python-pygobject + morph: strata/python-pygobject.morph +- name: python-common + morph: strata/python-common.morph +- name: foundation + morph: strata/foundation.morph +- name: bsp-x86_64-generic + morph: strata/bsp-x86_64-generic.morph +- name: coreutils-common + morph: strata/coreutils-common.morph +- name: devtools + morph: strata/devtools.morph +- name: tools + morph: strata/tools.morph +- name: cloudinit-support + morph: strata/cloudinit-support.morph +- name: lvm + morph: strata/lvm.morph +- name: virtualization + morph: strata/virtualization.morph +- name: connectivity + morph: strata/connectivity.morph +- name: networking-utils + morph: strata/networking-utils.morph +- name: nfs + morph: strata/nfs.morph +- name: databases + morph: strata/databases.morph +- name: erlang + morph: strata/erlang.morph +- name: pcre-utils + morph: strata/pcre-utils.morph +- name: apache-httpd-server + morph: strata/apache-httpd-server.morph +- name: django + morph: strata/django.morph +- name: xstatic + morph: strata/xstatic.morph +- name: openstack-common + morph: strata/openstack-common.morph +- name: openstack-clients + morph: strata/openstack-clients.morph +- name: openstack-services + morph: strata/openstack-services.morph +- name: ansible + morph: strata/ansible.morph +- name: ntpd + morph: strata/ntpd.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: test-tools + morph: strata/test-tools.morph +- name: swift + morph: strata/swift.morph +- name: python-tools + morph: strata/python-tools.morph +configuration-extensions: +- set-hostname +- add-config-files +- simple-network +- nfsboot +- install-files +- cloud-init +- hosts +- openstack-keystone +- openstack-glance +- openstack-cinder +- openstack-nova +- openstack-network +- openstack-neutron +- openstack-ceilometer +- fstab +- openstack-ironic +- install-essential-files diff --git a/systems/qt4-devel-system-x86_64-generic.morph b/systems/qt4-devel-system-x86_64-generic.morph index 0a98f205..15b85f70 100644 --- a/systems/qt4-devel-system-x86_64-generic.morph +++ b/systems/qt4-devel-system-x86_64-generic.morph @@ -41,3 +41,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/qt5-devel-system-x86_64-generic.morph b/systems/qt5-devel-system-x86_64-generic.morph index 0f768536..3cdce60c 100644 --- a/systems/qt5-devel-system-x86_64-generic.morph +++ b/systems/qt5-devel-system-x86_64-generic.morph @@ -43,3 +43,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/swift-system-x86_64.morph b/systems/swift-system-x86_64.morph new file mode 100644 index 00000000..81738558 --- /dev/null +++ b/systems/swift-system-x86_64.morph @@ -0,0 +1,34 @@ +name: swift-system-x86_64 +kind: system +description: A base system for deploying swift nodes +arch: x86_64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: foundation + morph: strata/foundation.morph +- name: bsp-x86_64-generic + morph: strata/bsp-x86_64-generic.morph +- name: swift + morph: strata/swift.morph +- name: ntpd + morph: strata/ntpd.morph +- name: python-core + morph: strata/python-core.morph +- name: python-common + morph: strata/python-common.morph +- name: ansible + morph: strata/ansible.morph +- name: openstack-common + morph: strata/openstack-common.morph +configuration-extensions: +- set-hostname +- add-config-files +- simple-network +- nfsboot +- install-files +- fstab +- swift-storage +- install-essential-files diff --git a/systems/trove-system-x86_64.morph b/systems/trove-system-x86_64.morph index ab50f7f6..0a5692f5 100644 --- a/systems/trove-system-x86_64.morph +++ b/systems/trove-system-x86_64.morph @@ -17,8 +17,14 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph - name: morph-utils morph: strata/morph-utils.morph - name: pcre-utils @@ -48,3 +54,4 @@ configuration-extensions: - fstab - install-files - cloud-init +- install-essential-files diff --git a/systems/web-system-x86_64-generic.morph b/systems/web-system-x86_64-generic.morph index 22aa88c0..0b6e84b1 100644 --- a/systems/web-system-x86_64-generic.morph +++ b/systems/web-system-x86_64-generic.morph @@ -34,3 +34,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/weston-system-armv7lhf-jetson.morph b/systems/weston-system-armv7lhf-jetson.morph index e1979d44..ccb2c3ee 100644 --- a/systems/weston-system-armv7lhf-jetson.morph +++ b/systems/weston-system-armv7lhf-jetson.morph @@ -46,3 +46,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/weston-system-x86_64-generic.morph b/systems/weston-system-x86_64-generic.morph index dfa5c3df..6cef12ff 100644 --- a/systems/weston-system-x86_64-generic.morph +++ b/systems/weston-system-x86_64-generic.morph @@ -31,8 +31,8 @@ strata: morph: strata/input-common.morph - name: llvm-common morph: strata/llvm-common.morph -- name: mesa-common - morph: strata/mesa-common.morph +- name: mesa-common-vm + morph: strata/mesa-common-vm.morph - name: weston-common morph: strata/weston-common.morph - name: x-common @@ -46,3 +46,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/xfce-system.morph b/systems/xfce-system.morph index dad3d3dc..643291d6 100644 --- a/systems/xfce-system.morph +++ b/systems/xfce-system.morph @@ -35,8 +35,14 @@ strata: morph: strata/tools.morph - name: python-cliapp morph: strata/python-cliapp.morph +- name: python-pygobject + morph: strata/python-pygobject.morph - name: python-wsgi morph: strata/python-wsgi.morph +- name: libsoup-common + morph: strata/libsoup-common.morph +- name: ostree-core + morph: strata/ostree-core.morph - name: morph-utils morph: strata/morph-utils.morph - name: xfce @@ -46,3 +52,4 @@ configuration-extensions: - add-config-files - nfsboot - install-files +- install-essential-files diff --git a/systems/zookeeper-client-x86_64.morph b/systems/zookeeper-client-x86_64.morph index a2d64a63..a9b01cd5 100644 --- a/systems/zookeeper-client-x86_64.morph +++ b/systems/zookeeper-client-x86_64.morph @@ -17,9 +17,12 @@ strata: morph: strata/zookeeper.morph - name: zookeeper-client morph: strata/zookeeper-client.morph +- name: test-tools + morph: strata/test-tools.morph configuration-extensions: - set-hostname - add-config-files - simple-network - nfsboot - install-files +- install-essential-files diff --git a/systems/zookeeper-server-x86_64.morph b/systems/zookeeper-server-x86_64.morph index be0a8791..987ba9e1 100644 --- a/systems/zookeeper-server-x86_64.morph +++ b/systems/zookeeper-server-x86_64.morph @@ -17,9 +17,12 @@ strata: morph: strata/zookeeper.morph - name: zookeeper-server morph: strata/zookeeper-server.morph +- name: test-tools + morph: strata/test-tools.morph configuration-extensions: - set-hostname - add-config-files - simple-network - nfsboot - install-files +- install-essential-files |