Commit 8ce599b3 authored by David Johnson's avatar David Johnson

Foundations of an OpenStack-Ansible CloudLab profile.

parents
#! /usr/bin/env python
#
# Copyright (c) 2008-2009, 2015 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
# GENI Public License
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
#
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
#
# }}}
#
#
#
import sys
import pwd
import getopt
import os
import re
import xmlrpclib
from M2Crypto import X509
import os.path
dirname = os.path.abspath(os.path.dirname(sys.argv[0]))
execfile("%s/test-common.py" % (dirname,))
#
# Convert the certificate into a credential.
#
params = {}
rval,response = do_method("", "GetCredential", params)
if rval:
Fatal("Could not get my credential")
pass
mycredential = response["value"]
params["credential"] = mycredential
rval,response = do_method("", "GetManifests", params)
if rval:
Fatal("Could not get manifests")
pass
if len(sys.argv) < 2:
print response["value"]
else:
f = open("%s.xml" % (sys.argv[1],),'w')
value = response["value"]["manifests"]
i = 0
for key in value.keys():
f2 = open("%s.%d.xml" % (sys.argv[1],i,),'w')
f2.write(value[key])
f2.close()
i += 1
f.write(value[key])
pass
f.close()
pass
This diff is collapsed.
##
## Setup extra space. We prefer the LVM route, using all available PVs
## to create a big VG. If that's not available, we fall back to
## mkextrafs.pl to create whatever it can in /storage.
##
set -x
if [ -z "$EUID" ]; then
EUID=`id -u`
fi
if [ $EUID -ne 0 ] ; then
echo "This script must be run as root" 1>&2
exit 1
fi
# Grab our libs
. "`dirname $0`/setup-lib.sh"
if [ -f $OURDIR/disk-space-done ]; then
exit 0
fi
logtstart "disk-space"
if [ -f $SETTINGS ]; then
. $SETTINGS
fi
if [ -f $LOCALSETTINGS ]; then
. $LOCALSETTINGS
fi
STORAGEDIR=/storage
VGNAME="emulab"
ARCH=`uname -m`
maybe_install_packages lvm2 maybe_install_packages thin-provisioning-tools
#
# First try to make LVM volumes; fall back to mkextrafs.pl /storage. We
# use /storage later, so we make the dir either way.
#
mkdir -p ${STORAGEDIR}
echo "STORAGEDIR=${STORAGEDIR}" >> $LOCALSETTINGS
# Check to see if we already have an `emulab` VG. This would occur
# if the user requested a temp dataset. If this happens, we simple
# rename it to the VG name we expect.
vgdisplay emulab
if [ $? -eq 0 ]; then
if [ ! emulab = $VGNAME ]; then
vgrename emulab $VGNAME
sed -i -re "s/^(.*)(\/dev\/emulab)(.*)$/\1\/dev\/$VGNAME\3/" /etc/fstab
fi
LVM=1
echo "VGNAME=${VGNAME}" >> $LOCALSETTINGS
echo "LVM=1" >> $LOCALSETTINGS
elif [ -z "$LVM" ] ; then
LVM=1
DONE=0
#
# Handle unexpected partition layouts (e.g. no 4th partition on boot
# disk), and setup mkextrafs args, even if we're not going to use
# it.
#
MKEXTRAFS_ARGS="-l -v ${VGNAME} -m util -z 1024"
# On Cloudlab ARM machines, there is no second disk nor extra disk space
# Well, now there's a new partition layout; try it.
if [ "$ARCH" = "aarch64" -o "$ARCH" = "ppc64le" ]; then
maybe_install_packages gdisk
sgdisk -i 1 /dev/sda
if [ $? -eq 0 ] ; then
nparts=`sgdisk -p /dev/sda | grep -E '^ +[0-9]+ +.*$' | wc -l`
if [ $nparts -lt 4 ]; then
newpart=`expr $nparts + 1`
sgdisk -N $newpart /dev/sda
partprobe /dev/sda
if [ $? -eq 0 ] ; then
partprobe /dev/sda
# Add the new partition specifically
MKEXTRAFS_ARGS="${MKEXTRAFS_ARGS} -s $newpart"
fi
fi
fi
fi
#
# See if we can try to use an LVM instead of just the 4th partition.
#
lsblk -n -P -b -o NAME,FSTYPE,MOUNTPOINT,PARTTYPE,PARTUUID,TYPE,PKNAME,SIZE | perl -e 'my %devs = (); while (<STDIN>) { $_ =~ s/([A-Z0-9a-z]+=)/;\$$1/g; eval "$_"; if (!($TYPE eq "disk" || $TYPE eq "part")) { next; }; if (exists($devs{$PKNAME})) { delete $devs{$PKNAME}; } if ($FSTYPE eq "" && $MOUNTPOINT eq "" && ($PARTTYPE eq "" || $PARTTYPE eq "0x0") && (int($SIZE) > 3221225472)) { $devs{$NAME} = "/dev/$NAME"; } }; print join(" ",values(%devs))."\n"' > /tmp/devs
DEVS=`cat /tmp/devs`
if [ -n "$DEVS" ]; then
pvcreate $DEVS && vgcreate $VGNAME $DEVS
if [ ! $? -eq 0 ]; then
echo "ERROR: failed to create PV/VG with '$DEVS'; falling back to mkextrafs.pl"
vgremove $VGNAME
pvremove $DEVS
DONE=0
else
DONE=1
fi
fi
if [ $DONE -eq 0 ]; then
/usr/local/etc/emulab/mkextrafs.pl ${MKEXTRAFS_ARGS}
if [ $? -ne 0 ]; then
/usr/local/etc/emulab/mkextrafs.pl ${MKEXTRAFS_ARGS} -f
if [ $? -ne 0 ]; then
/usr/local/etc/emulab/mkextrafs.pl -f ${STORAGEDIR}
LVM=0
fi
fi
fi
# Get integer total space (G) available.
VGTOTAL=`vgs -o vg_size --noheadings --units G $VGNAME | sed -ne 's/ *\([0-9]*\)[0-9\.]*G/\1/p'`
echo "VGNAME=${VGNAME}" >> $LOCALSETTINGS
echo "VGTOTAL=${VGTOTAL}" >> $LOCALSETTINGS
echo "LVM=${LVM}" >> $LOCALSETTINGS
fi
#
# If using LVM, create an LV that is 70% of VGTOTAL.
#
if [ $LVM -eq 1 ]; then
LVNAME=k8s
echo "LVNAME=${LVNAME}" >> $LOCALSETTINGS
vgt=`expr $VGTOTAL - 1`
LV_SIZE=`perl -e "print 0.75 * $vgt;"`
echo "LV_SIZE=${LV_SIZE}" >> $LOCALSETTINGS
#lvcreate -l 75%FREE -n $LVNAME $VGNAME
lvcreate -L ${LV_SIZE}G -n $LVNAME $VGNAME
if [ -f /sbin/mkfs.ext4 ]; then
mkfs.ext4 /dev/$VGNAME/$LVNAME
echo "/dev/$VGNAME/$LVNAME ${STORAGEDIR} ext4 defaults 0 0" \
>> /etc/fstab
else
mkfs.ext3 /dev/$VGNAME/$LVNAME
echo "/dev/$VGNAME/$LVNAME ${STORAGEDIR} ext3 defaults 0 0" \
>> /etc/fstab
fi
mount ${STORAGEDIR}
fi
#
# Redirect some Docker/k8s dirs into our extra storage.
#
for dir in docker kubelet ; do
mkdir -p $STORAGEDIR/$dir /var/lib/$dir
mount -o bind $STORAGEDIR/$dir /var/lib/$dir
echo "$STORAGEDIR/$dir /var/lib/$dir none defaults,bind 0 0" \
>> /etc/fstab
done
logtend "disk-space"
touch $OURDIR/disk-space-done
#!/bin/sh
set -x
if [ -z "$EUID" ]; then
EUID=`id -u`
fi
if [ $EUID -ne 0 ] ; then
echo "This script must be run as root" 1>&2
exit 1
fi
ALLNODESCRIPTS="setup-root-ssh.sh setup-disk-space.sh"
CTLNODESCRIPTS="setup-letsencrypt.sh setup-nginx.sh setup-openstack.sh"
export SRC=`dirname $0`
cd $SRC
. $SRC/setup-lib.sh
# Don't run setup-driver.sh twice
if [ -f $OURDIR/setup-driver-done ]; then
echo "setup-driver already ran; not running again"
exit 0
fi
for script in $ALLNODESCRIPTS ; do
cd $SRC
$SRC/$script | tee - $OURDIR/${script}.log 2>&1
done
cat $NODEID | grep "^${CONTROLLERBASE}-"
if [ $? -eq 0 ]; then
for script in $CTLNODESCRIPTS ; do
cd $SRC
$SRC/$script | tee - $OURDIR/${script}.log 2>&1
done
fi
exit 0
This diff is collapsed.
This diff is collapsed.
#!/bin/sh
#
# For a neutron setup, we have to move the external interface into
# br-ex, and copy its config to br-ex; move the data lan (ethX) into br-int,
# and copy its config to br-int . For now, we assume the default route of
# the machine is associated with eth0/br-ex .
#
set -x
# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
echo "This script must be run as root" 1>&2
exit 1
fi
DIRNAME=`dirname $0`
# Grab our libs
. "$DIRNAME/setup-lib.sh"
if [ "$HOSTNAME" != "$NETWORKMANAGER" ]; then
exit 0;
fi
logtstart "linuxbridge"
maybe_install_packages pssh
PSSH='/usr/bin/parallel-ssh -t 0 -O StrictHostKeyChecking=no '
PHOSTS=""
mkdir -p $OURDIR/pssh.setup-linuxbridge-node.stdout $OURDIR/pssh.setup-linuxbridge-node.stderr
# Do the network manager node first, no ssh
echo "*** Setting up LinuxBridge on $HOSTNAME"
$DIRNAME/setup-linuxbridge-node.sh
for node in $NODES
do
[ "$node" = "$NETWORKMANAGER" ] && continue
fqdn=`getfqdn $node`
PHOSTS="$PHOSTS -H $fqdn"
done
echo "*** Setting up LinuxBridge via pssh: $PHOSTS"
$PSSH -o $OURDIR/pssh.setup-linuxbridge-node.stdout -e $OURDIR/pssh.setup-linuxbridge-node.stderr \
$PHOSTS $DIRNAME/setup-linuxbridge-node.sh
logtend "linuxbridge"
exit 0
This diff is collapsed.
#!/bin/sh
#
# For a neutron setup, we have to move the external interface into
# br-ex, and copy its config to br-ex; move the data lan (ethX) into br-int,
# and copy its config to br-int . For now, we assume the default route of
# the machine is associated with eth0/br-ex .
#
set -x
# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
echo "This script must be run as root" 1>&2
exit 1
fi
DIRNAME=`dirname $0`
# Grab our libs
. "$DIRNAME/setup-lib.sh"
if [ "$HOSTNAME" != "$NETWORKMANAGER" ]; then
exit 0;
fi
logtstart "ovs"
maybe_install_packages pssh
PSSH='/usr/bin/parallel-ssh -t 0 -O StrictHostKeyChecking=no '
PHOSTS=""
mkdir -p $OURDIR/pssh.setup-ovs-node.stdout $OURDIR/pssh.setup-ovs-node.stderr
# Do the network manager node first, no ssh
echo "*** Setting up OpenVSwitch on $HOSTNAME"
$DIRNAME/setup-ovs-node.sh
for node in $NODES
do
[ "$node" = "$NETWORKMANAGER" ] && continue
fqdn=`getfqdn $node`
PHOSTS="$PHOSTS -H $fqdn"
done
echo "*** Setting up OpenVSwitch via pssh: $PHOSTS"
$PSSH -o $OURDIR/pssh.setup-ovs-node.stdout -e $OURDIR/pssh.setup-ovs-node.stderr \
$PHOSTS $DIRNAME/setup-ovs-node.sh
logtend "ovs"
exit 0
#!/bin/sh
##
## Setup a root ssh key on the calling node, and broadcast it to all the
## other nodes' authorized_keys file.
##
set -x
# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
echo "This script must be run as root" 1>&2
exit 1
fi
# Grab our libs
. "`dirname $0`/setup-lib.sh"
logtstart "root-ssh"
sshkeyscan() {
#
# Run ssh-keyscan on all nodes to build known_hosts.
#
ssh-keyscan $NODES >> ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
for node in $NODES ; do
fqdn=`getfqdn $node`
publicip=`dig +noall +answer $fqdn A | sed -ne 's/^.*IN[ \t]*A[ \t]*\([0-9\.]*\)$/\1/p'`
mgmtip=`getnodeip $node $MGMTLAN`
echo "$publicip $fqdn,$publicip"
echo "$mgmtip $node,$node-$MGMTLAN,$mgmtip"
done | ssh-keyscan -4 -f - >> ~/.ssh/known_hosts
}
KEYNAME=id_rsa
# Remove it if it exists...
rm -f /root/.ssh/${KEYNAME} /root/.ssh/${KEYNAME}.pub
##
## Figure out our strategy. Are we using the new geni_certificate and
## geni_key support to generate the same keypair on each host, or not.
##
geni-get key > $OURDIR/$KEYNAME
chmod 600 $OURDIR/${KEYNAME}
if [ -s $OURDIR/${KEYNAME} ] ; then
ssh-keygen -f $OURDIR/${KEYNAME} -y > $OURDIR/${KEYNAME}.pub
chmod 600 $OURDIR/${KEYNAME}.pub
mkdir -p /root/.ssh
chmod 600 /root/.ssh
cp -p $OURDIR/${KEYNAME} $OURDIR/${KEYNAME}.pub /root/.ssh/
ps axwww > $OURDIR/ps.txt
cat $OURDIR/${KEYNAME}.pub >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
sshkeyscan
logtend "root-ssh"
exit 0
fi
##
## If geni calls are not available, make ourself a keypair; this gets copied
## to other roots' authorized_keys.
##
if [ ! -f /root/.ssh/${KEYNAME} ]; then
ssh-keygen -t rsa -f /root/.ssh/${KEYNAME} -N ''
fi
if [ -f $SETTINGS ]; then
. $SETTINGS
fi
if [ $GENIUSER -eq 1 ]; then
SHAREDIR=/proj/$EPID/exp/$EEID/tmp
cp /root/.ssh/${KEYNAME}.pub $SHAREDIR/$HOSTNAME
for node in $NODES ; do
while [ ! -f $SHAREDIR/$node ]; do
sleep 1
done
echo $node is up
cat $SHAREDIR/$node >> /root/.ssh/authorized_keys
done
else
for node in $NODES ; do
if [ "$node" != "$HOSTNAME" ]; then
fqdn=`getfqdn $node`
SUCCESS=1
while [ $SUCCESS -ne 0 ]; do
su -c "$SSH -l $SWAPPER $fqdn sudo tee -a /root/.ssh/authorized_keys" $SWAPPER < /root/.ssh/${KEYNAME}.pub
SUCCESS=$?
sleep 1
done
fi
done
fi
sshkeyscan
logtend "root-ssh"
exit 0
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment