Commit 0dd7c424 authored by David Johnson's avatar David Johnson

Add Liberty support and configurable Keystone API version support.

Add Liberty support.

Add keystone v3 support.  Now you can choose which version of keystone
to run... all combinations tested exception Juno with v3.

Make node type and link speed configurable.

Make token and session timeouts much longer by default (so people don't
get logged out so quickly), but also configurable.

Keystone is now served by WSGI through Apache on Kilo and Liberty.

Memcached keystone token caching is disabled for now; it causes
intermittent problems; so using SQL for now.

Add localhost to /etc/hosts file.  This doesn't cause problems anymore,
if it ever did.

We now use the `openstack' CLI command for >= Kilo, instead of the
per-service client CLI tools.

Stick with ovs agent even in Liberty -- even though the default is now
linuxbridge, it seems.

In general, get rid of nearly all the rest of the cat <<EOF ... EOF
stuff and replace it with crudini --set/--del.  A touch slower, but much
cleaner.

Also in general, improve the Kilo support so that it more closely
matches the docs.
parent 1ae89f65
--- /usr/lib/python2.7/dist-packages/neutron/agent/common/ovs_lib.py~ 2015-07-29 15:12:40.000000000 -0600
+++ /usr/lib/python2.7/dist-packages/neutron/agent/common/ovs_lib.py 2015-10-06 12:01:54.713134417 -0600
@@ -219,6 +219,23 @@
def remove_all_flows(self):
self.run_ofctl("del-flows", [])
+ system_def_flows_file = "/etc/neutron/ovs-default-flows/%s" % (self.br_name,)
+ import os.path
+ if os.path.exists(system_def_flows_file):
+ try:
+ f = file(system_def_flows_file)
+ lines = f.readlines()
+ for line in lines:
+ line = line.rstrip('\n')
+ self.run_ofctl("add-flow",[line,])
+ LOG.debug("added system default flow on %s: %s" % (self.br_name,line))
+ pass
+ pass
+ except:
+ LOG.error("Could not reinstall system default flows on bridge %s from file %s:\n%s\n" % (self.br_name,system_def_flows_file,traceback.format_exc(),))
+ pass
+ pass
+ pass
@_ofport_retry
def _get_port_ofport(self, port_name):
--- /usr/lib/python2.7/dist-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
+++ /usr/lib/python2.7/dist-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py~
@@ -354,11 +354,17 @@ class OVSNeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin,
net_uuid = local_vlan_map.get('net_uuid')
if (net_uuid and net_uuid not in self.local_vlan_map
and local_vlan != DEAD_VLAN_TAG):
+ segmentation_id = local_vlan_map.get('segmentation_id')
+ if segmentation_id == 'None':
+ # Backward compatible check when we used to store the
+ # string 'None' in OVS
+ segmentation_id = None
+ if segmentation_id is not None:
+ segmentation_id = int(segmentation_id)
self.provision_local_vlan(local_vlan_map['net_uuid'],
local_vlan_map['network_type'],
local_vlan_map['physical_network'],
- int(local_vlan_map[
- 'segmentation_id']),
+ segmentation_id,
local_vlan)
def setup_rpc(self):
@@ -803,8 +809,9 @@ class OVSNeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin,
vlan_mapping = {'net_uuid': net_uuid,
'network_type': network_type,
- 'physical_network': physical_network,
- 'segmentation_id': segmentation_id}
+ 'physical_network': physical_network}
+ if segmentation_id is not None:
+ vlan_mapping['segmentation_id'] = segmentation_id
port_other_config.update(vlan_mapping)
self.int_br.set_db_attribute("Port", port.port_name, "other_config",
port_other_config)
This diff is collapsed.
......@@ -78,7 +78,11 @@ umount /mnt
echo "*** Importing new image ..."
glance image-create --name trusty-server --is-public True --disk-format qcow2 --container-format bare --progress --file trusty-server-cloudimg-amd64-disk1.img
GLANCEOPTS=""
if [ "$OSCODENAME" = "juno" -o "$OSCODENAME" = "kilo" ]; then
GLANCEOPTS="--is-public True"
fi
glance image-create --name trusty-server ${GLANCEOPTS} --disk-format qcow2 --container-format bare --progress --file trusty-server-cloudimg-amd64-disk1.img
mount /dev/nbd0p1 /mnt/
......@@ -139,7 +143,7 @@ umount /mnt
echo "*** Importing new multi-nic image ..."
glance image-create --name trusty-server-multi-nic --is-public True --disk-format qcow2 --container-format bare --progress --file trusty-server-cloudimg-amd64-disk1.img
glance image-create --name trusty-server-multi-nic ${GLANCEOPTS} --disk-format qcow2 --container-format bare --progress --file trusty-server-cloudimg-amd64-disk1.img
qemu-nbd -d /dev/nbd0
......
......@@ -39,64 +39,94 @@ EOF
sysctl -p
maybe_install_packages neutron-plugin-ml2 neutron-plugin-openvswitch-agent
sed -i -e "s/^\\(.*connection.*=.*\\)$/#\1/" /etc/neutron/neutron.conf
sed -i -e "s/^\\(.*auth_host.*=.*\\)$/#\1/" /etc/neutron/neutron.conf
sed -i -e "s/^\\(.*auth_port.*=.*\\)$/#\1/" /etc/neutron/neutron.conf
sed -i -e "s/^\\(.*auth_protocol.*=.*\\)$/#\1/" /etc/neutron/neutron.conf
# Just slap these in.
cat <<EOF >> /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
rabbit_host = $CONTROLLER
rabbit_userid = ${RABBIT_USER}
rabbit_password = ${RABBIT_PASS}
auth_strategy = keystone
core_plugin = ml2
service_plugins = router,metering
allow_overlapping_ips = True
verbose = ${VERBOSE_LOGGING}
debug = ${DEBUG_LOGGING}
[keystone_authtoken]
auth_uri = http://$CONTROLLER:5000/v2.0
identity_uri = http://$CONTROLLER:35357
admin_tenant_name = service
admin_user = neutron
admin_password = ${NEUTRON_PASS}
EOF
maybe_install_packages neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
conntrack
crudini --del /etc/neutron/neutron.conf database connection
crudini --del /etc/neutron/neutron.conf keystone_authtoken auth_host
crudini --del /etc/neutron/neutron.conf keystone_authtoken auth_port
crudini --del /etc/neutron/neutron.conf keystone_authtoken auth_protocol
crudini --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
crudini --set /etc/neutron/neutron.conf DEFAULT verbose ${VERBOSE_LOGGING}
crudini --set /etc/neutron/neutron.conf DEFAULT debug ${DEBUG_LOGGING}
crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins 'router,metering'
crudini --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
if [ $OSVERSION -lt $OSKILO ]; then
crudini --set /etc/neutron/neutron.conf DEFAULT rabbit_host $CONTROLLER
crudini --set /etc/neutron/neutron.conf DEFAULT rabbit_userid ${RABBIT_USER}
crudini --set /etc/neutron/neutron.conf DEFAULT rabbit_password "${RABBIT_PASS}"
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
auth_uri http://${CONTROLLER}:5000/v2.0
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
identity_uri http://${CONTROLLER}:35357
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
admin_tenant_name service
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
admin_user neutron
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
admin_password "${NEUTRON_PASS}"
else
crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit \
rabbit_host $CONTROLLER
crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit \
rabbit_userid ${RABBIT_USER}
crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit \
rabbit_password "${RABBIT_PASS}"
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
auth_uri http://${CONTROLLER}:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
auth_url http://${CONTROLLER}:35357
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
auth_plugin password
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
project_domain_id default
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
user_domain_id default
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
project_name service
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
username neutron
crudini --set /etc/neutron/neutron.conf keystone_authtoken \
password "${NEUTRON_PASS}"
fi
fwdriver="neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver"
if [ ${DISABLE_SECURITY_GROUPS} -eq 1 ]; then
fwdriver="neutron.agent.firewall.NoopFirewallDriver"
fi
# Just slap these in.
cat <<EOF >> /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = ${network_types}
tenant_network_types = ${network_types}
mechanism_drivers = openvswitch
[ml2_type_flat]
flat_networks = ${flat_networks}
[ml2_type_gre]
tunnel_id_ranges = 1:1000
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
type_drivers ${network_types}
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
tenant_network_types ${network_types}
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
mechanism_drivers openvswitch
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat \
flat_networks ${flat_networks}
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \
tunnel_id_ranges 1:1000
cat <<EOF >>/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2_type_vlan]
${network_vlan_ranges}
[ml2_type_vxlan]
vni_ranges = 1001:2000
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = $fwdriver
EOF
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan \
vni_ranges 3000:4000
#crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan \
# vxlan_group 224.0.0.1
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
enable_security_group True
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
enable_ipset True
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
firewall_driver $fwdriver
cat <<EOF >> /etc/neutron/plugins/ml2/ml2_conf.ini
[ovs]
${gre_local_ip}
${enable_tunneling}
......@@ -106,21 +136,39 @@ ${bridge_mappings}
${tunnel_types}
EOF
cat <<EOF >> /etc/nova/nova.conf
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron]
url = http://$CONTROLLER:9696
auth_strategy = keystone
admin_auth_url = http://$CONTROLLER:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = ${NEUTRON_PASS}
EOF
crudini --set /etc/nova/nova.conf DEFAULT \
network_api_class nova.network.neutronv2.api.API
crudini --set /etc/nova/nova.conf DEFAULT \
security_group_api neutron
crudini --set /etc/nova/nova.conf DEFAULT \
linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
crudini --set /etc/nova/nova.conf DEFAULT \
firewall_driver nova.virt.firewall.NoopFirewallDriver
crudini --set /etc/nova/nova.conf neutron \
url http://$CONTROLLER:9696
crudini --set /etc/nova/nova.conf neutron \
auth_strategy keystone
if [ $OSVERSION -le $OSKILO ]; then
crudini --set /etc/nova/nova.conf neutron \
admin_auth_url http://$CONTROLLER:35357/v2.0
crudini --set /etc/nova/nova.conf neutron \
admin_tenant_name service
crudini --set /etc/nova/nova.conf neutron \
admin_username neutron
crudini --set /etc/nova/nova.conf neutron \
admin_password ${NEUTRON_PASS}
else
crudini --set /etc/nova/nova.conf neutron \
auth_url http://$CONTROLLER:35357
crudini --set /etc/nova/nova.conf neutron auth_plugin password
crudini --set /etc/nova/nova.conf neutron project_domain_id default
crudini --set /etc/nova/nova.conf neutron user_domain_id default
crudini --set /etc/nova/nova.conf neutron region_name $REGION
crudini --set /etc/nova/nova.conf neutron project_name service
crudini --set /etc/nova/nova.conf neutron username neutron
crudini --set /etc/nova/nova.conf neutron password ${NEUTRON_PASS}
fi
#
# Ok, also put our FQDN into the hosts file so that local applications can
......@@ -145,6 +193,19 @@ echo "$MYIP $NFQDN $PFQDN" >> /etc/hosts
#
patch -d / -p0 < $DIRNAME/etc/neutron-${OSCODENAME}-openvswitch-remove-all-flows-except-system-flows.patch
#
# https://git.openstack.org/cgit/openstack/neutron/commit/?id=51f6b2e1c9c2f5f5106b9ae8316e57750f09d7c9
#
if [ $OSVERSION -ge $OSLIBERTY ]; then
patch -d / -p0 < $DIRNAME/etc/neutron-liberty-ovs-agent-segmentation-id-None.patch
fi
#
# Neutron depends on bridge module, but it doesn't autoload it.
#
modprobe bridge
echo bridge >> /etc/modules
service_restart openvswitch-switch
service_enable openvswitch-switch
service_restart nova-compute
......
......@@ -27,72 +27,99 @@ if [ -f $SETTINGS ]; then
. $SETTINGS
fi
maybe_install_packages ceilometer-agent-compute
# Just slap these in.
cat <<EOF >> /etc/nova/nova.conf
[DEFAULT]
instance_usage_audit = True
instance_usage_audit_period = hour
notify_on_state_change = vm_and_task_state
notification_driver = messagingv2
EOF
service nova-compute restart
cat <<EOF >> /etc/ceilometer/ceilometer.conf
[DEFAULT]
rpc_backend = rabbit
rabbit_host = ${CONTROLLER}
rabbit_userid = ${RABBIT_USER}
rabbit_password = ${RABBIT_PASS}
auth_strategy = keystone
verbose = ${VERBOSE_LOGGING}
debug = ${DEBUG_LOGGING}
log_dir = /var/log/ceilometer
[keystone_authtoken]
auth_uri = http://${CONTROLLER}:5000/v2.0
identity_uri = http://${CONTROLLER}:35357
admin_tenant_name = service
admin_user = ceilometer
admin_password = ${CEILOMETER_PASS}
[service_credentials]
os_auth_url = http://${CONTROLLER}:5000/v2.0
os_username = ceilometer
os_tenant_name = service
os_password = ${CEILOMETER_PASS}
os_endpoint_type = internalURL
EOF
if [ "${OSCODENAME}" = "juno" ]; then
cat <<EOF >> /etc/ceilometer/ceilometer.conf
[publisher]
metering_secret = ${CEILOMETER_SECRET}
EOF
crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit
crudini --set /etc/ceilometer/ceilometer.conf DEFAULT auth_strategy keystone
crudini --set /etc/ceilometer/ceilometer.conf glance host $CONTROLLER
crudini --set /etc/ceilometer/ceilometer.conf DEFAULT verbose $VERBOSE_LOGGING
crudini --set /etc/ceilometer/ceilometer.conf DEFAULT debug $DEBUG_LOGGING
crudini --set /etc/ceilometer/ceilometer.conf DEFAULT \
log_dir /var/log/ceilometer
if [ $OSVERSION -lt $OSKILO ]; then
crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rabbit_host $CONTROLLER
crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rabbit_userid ${RABBIT_USER}
crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rabbit_password "${RABBIT_PASS}"
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
auth_uri http://${CONTROLLER}:5000/${KAPISTR}
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
identity_uri http://${CONTROLLER}:35357
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
admin_tenant_name service
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
admin_user ceilometer
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
admin_password "${CEILOMETER_PASS}"
else
cat <<EOF >> /etc/ceilometer/ceilometer.conf
crudini --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit \
rabbit_host $CONTROLLER
crudini --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit \
rabbit_userid ${RABBIT_USER}
crudini --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit \
rabbit_password "${RABBIT_PASS}"
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
auth_uri http://${CONTROLLER}:5000
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
auth_url http://${CONTROLLER}:35357
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
auth_plugin password
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
project_domain_id default
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
user_domain_id default
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
project_name service
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
username ceilometer
crudini --set /etc/ceilometer/ceilometer.conf keystone_authtoken \
password "$CEILOMETER_PASS}"
fi
crudini --set /etc/ceilometer/ceilometer.conf service_credentials \
os_auth_url http://${CONTROLLER}:5000/v2.0
crudini --set /etc/ceilometer/ceilometer.conf service_credentials \
os_username ceilometer
crudini --set /etc/ceilometer/ceilometer.conf service_credentials \
os_tenant_name service
crudini --set /etc/ceilometer/ceilometer.conf service_credentials \
os_password ${CEILOMETER_PASS}
if [ $OSVERSION -ge $OSKILO ]; then
crudini --set /etc/ceilometer/ceilometer.conf service_credentials \
os_endpoint_type internalURL
crudini --set /etc/ceilometer/ceilometer.conf service_credentials \
os_region_name $REGION
fi
[service_credentials]
os_endpoint_type = internalURL
os_region_name = regionOne
crudini --set /etc/ceilometer/ceilometer.conf notification \
store_events true
crudini --set /etc/ceilometer/ceilometer.conf notification \
disable_non_metric_meters false
[publisher]
telemetry_secret = ${CEILOMETER_SECRET}
EOF
if [ $OSVERSION -le $OSJUNO ]; then
crudini --set /etc/ceilometer/ceilometer.conf publisher \
metering_secret ${CEILOMETER_SECRET}
else
crudini --set /etc/ceilometer/ceilometer.conf publisher \
telemetry_secret ${CEILOMETER_SECRET}
fi
#sed -i -e "s/^\\(.*connection.*=.*\\)$/#\1/" /etc/ceilometer/ceilometer.conf
sed -i -e "s/^\\(.*auth_host.*=.*\\)$/#\1/" /etc/ceilometer/ceilometer.conf
sed -i -e "s/^\\(.*auth_port.*=.*\\)$/#\1/" /etc/ceilometer/ceilometer.conf
sed -i -e "s/^\\(.*auth_protocol.*=.*\\)$/#\1/" /etc/ceilometer/ceilometer.conf
crudini --del /etc/ceilometer/ceilometer.conf database connection
crudini --del /etc/ceilometer/ceilometer.conf DEFAULT auth_host
crudini --del /etc/ceilometer/ceilometer.conf DEFAULT auth_port
crudini --del /etc/ceilometer/ceilometer.conf DEFAULT auth_protocol
crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit True
crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour
crudini --set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state
crudini --set /etc/nova/nova.conf DEFAULT notification_driver messagingv2
service_restart ceilometer-agent-compute
service_enable ceilometer-agent-compute
service_restart nova-compute
service_restart ceilometer-agent-compute
touch $OURDIR/setup-compute-telemetry-done
......
......@@ -32,76 +32,107 @@ fi
maybe_install_packages nova-compute sysfsutils
maybe_install_packages libguestfs-tools libguestfs0 python-guestfs
cat <<EOF >> /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
rabbit_host = $CONTROLLER
rabbit_userid = ${RABBIT_USER}
rabbit_password = ${RABBIT_PASS}
auth_strategy = keystone
my_ip = $MGMTIP
verbose = ${VERBOSE_LOGGING}
debug = ${DEBUG_LOGGING}
[keystone_authtoken]
auth_uri = http://$CONTROLLER:5000/v2.0
identity_uri = http://$CONTROLLER:35357
admin_tenant_name = service
admin_user = nova
admin_password = ${NOVA_PASS}
[glance]
host = $CONTROLLER
EOF
crudini --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
crudini --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
crudini --set /etc/nova/nova.conf DEFAULT my_ip ${MGMTIP}
crudini --set /etc/nova/nova.conf glance host $CONTROLLER
crudini --set /etc/nova/nova.conf DEFAULT verbose ${VERBOSE_LOGGING}
crudini --set /etc/nova/nova.conf DEFAULT debug ${DEBUG_LOGGING}
if [ $OSVERSION -lt $OSKILO ]; then
crudini --set /etc/nova/nova.conf DEFAULT rabbit_host $CONTROLLER
crudini --set /etc/nova/nova.conf DEFAULT rabbit_userid ${RABBIT_USER}
crudini --set /etc/nova/nova.conf DEFAULT rabbit_password "${RABBIT_PASS}"
crudini --set /etc/nova/nova.conf keystone_authtoken \
auth_uri http://${CONTROLLER}:5000/v2.0
crudini --set /etc/nova/nova.conf keystone_authtoken \
identity_uri http://${CONTROLLER}:35357
crudini --set /etc/nova/nova.conf keystone_authtoken \
admin_tenant_name service
crudini --set /etc/nova/nova.conf keystone_authtoken \
admin_user nova
crudini --set /etc/nova/nova.conf keystone_authtoken \
admin_password "${NOVA_PASS}"
else
crudini --set /etc/nova/nova.conf oslo_messaging_rabbit \
rabbit_host $CONTROLLER
crudini --set /etc/nova/nova.conf oslo_messaging_rabbit \
rabbit_userid ${RABBIT_USER}
crudini --set /etc/nova/nova.conf oslo_messaging_rabbit \
rabbit_password "${RABBIT_PASS}"
crudini --set /etc/nova/nova.conf keystone_authtoken \
auth_uri http://${CONTROLLER}:5000
crudini --set /etc/nova/nova.conf keystone_authtoken \
auth_url http://${CONTROLLER}:35357
crudini --set /etc/nova/nova.conf keystone_authtoken \
auth_plugin password
crudini --set /etc/nova/nova.conf keystone_authtoken \
project_domain_id default
crudini --set /etc/nova/nova.conf keystone_authtoken \
user_domain_id default
crudini --set /etc/nova/nova.conf keystone_authtoken \
project_name service
crudini --set /etc/nova/nova.conf keystone_authtoken \
username nova
crudini --set /etc/nova/nova.conf keystone_authtoken \
password "${NOVA_PASS}"
fi
if [ $OSVERSION -ge $OSKILO ]; then
crudini --set /etc/nova/nova.conf oslo_concurrency \
lock_path /var/lib/nova/tmp
fi
if [ $OSVERSION -ge $OSLIBERTY ]; then
crudini --set /etc/nova/nova.conf enabled_apis 'osapi_compute,metadata'
crudini --set /etc/nova/nova.conf DEFAULT \
network_api_class nova.network.neutronv2.api.API
crudini --set /etc/nova/nova.conf DEFAULT \
security_group_api neutron
crudini --set /etc/nova/nova.conf DEFAULT \
linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
crudini --set /etc/nova/nova.conf DEFAULT \
firewall_driver nova.virt.firewall.NoopFirewallDriver
fi
VNCSECTION="DEFAULT"
if [ $OSVERSION -ge $OSLIBERTY ]; then
VNCSECTION="vnc"
fi
cname=`getfqdn $CONTROLLER`
crudini --set /etc/nova/nova.conf $VNCSECTION vncserver_listen ${MGMTIP}
crudini --set /etc/nova/nova.conf $VNCSECTION vncserver_proxyclient_address ${MGMTIP}
crudini --set /etc/nova/nova.conf $VNCSECTION \
novncproxy_base_url "http://${cname}:6080/vnc_auto.html"
#
# Change vnc_enabled = True for x86 -- but for aarch64, there is
# no video device, for KVM mode, anyway, it seems.
#
ARCH=`uname -m`
cname=`getfqdn $CONTROLLER`
if [ "$ARCH" = "aarch64" ] ; then
cat <<EOF >> /etc/nova/nova.conf
[DEFAULT]
vnc_enabled = False
vncserver_listen = ${MGMTIP}
vncserver_proxyclient_address = $MGMTIP
novncproxy_base_url = http://${cname}:6080/vnc_auto.html
EOF
crudini --set /etc/nova/nova.conf $VNCSECTION vnc_enabled False
else
cat <<EOF >> /etc/nova/nova.conf
[DEFAULT]
vnc_enabled = True
vncserver_listen = ${MGMTIP}
vncserver_proxyclient_address = $MGMTIP
novncproxy_base_url = http://${cname}:6080/vnc_auto.html
EOF
crudini --set /etc/nova/nova.conf $VNCSECTION vnc_enabled True
fi
if [ ${ENABLE_NEW_SERIAL_SUPPORT} = 1 ]; then
cat <<EOF >> /etc/nova/nova.conf
[serial_console]
enabled = true
listen = $MGMTIP
proxyclient_address = $MGMTIP
base_url=ws://${cname}:6083/
EOF
crudini --set /etc/nova/nova.conf serial_console enabled true
crudini --set /etc/nova/nova.conf serial_console listen $MGMTIP
crudini --set /etc/nova/nova.conf serial_console proxyclient_address $MGMTIP
crudini --set /etc/nova/nova.conf serial_console base_url ws://${cname}:6083/
fi
cat <<EOF >> /etc/nova/nova-compute.conf
[DEFAULT]
compute_driver=libvirt.LibvirtDriver
[libvirt]
virt_type=kvm
EOF
crudini --set /etc/nova/nova-compute.conf DEFAULT \
compute_driver libvirt.LibvirtDriver
crudini --set /etc/nova/nova-compute.conf libvirt virt_type kvm
if [ "$ARCH" = "aarch64" ] ; then
cat <<EOF >> /etc/nova/nova-compute.conf
cpu_mode=custom
cpu_model=host
EOF
crudini --set /etc/nova/nova-compute.conf libvirt cpu_mode custom
crudini --set /etc/nova/nova-compute.conf libvirt cpu_model host
fi
if [ ${OSCODENAME} = "juno" ]; then
......@@ -113,6 +144,8 @@ fi
service_restart nova-compute
service_enable nova-compute
service_restart libvirt-bin
service_enable libvirt-bin
# XXXX ???
# rm -f /var/lib/nova/nova.sqlite
......
......@@ -40,6 +40,7 @@ $SCP $SETTINGS $OURDIR/admin-openrc.* \
$OURDIR/manifests*.xml $OURDIR/topomap* $OURDIR/fqdn.map \
$fqdn:$OURDIR
$SSH $fqdn cp $OURDIR/mgmt-hosts /etc/hosts
$SSH $fqdn 'echo 127.0.0.1 localhost | tee -a /etc/hosts'
#
# Update the management network if necessary
......@@ -76,6 +77,7 @@ do
fqdn=`getfqdn $node`
scp -p -o StrictHostKeyChecking=no $OURDIR/mgmt-hosts $fqdn:$OURDIR
$SSH $fqdn cp -p $OURDIR/mgmt-hosts /etc/hosts
$SSH $fqdn 'echo 127.0.0.1 localhost | tee -a /etc/hosts'
done
##
......@@ -85,6 +87,7 @@ done
#fqdn=`getfqdn $NEWNODE`
#scp -p -o StrictHostKeyChecking=no $OURDIR/mgmt-hosts $fqdn:$OURDIR
#$SSH $fqdn cp -p $OURDIR/mgmt-hosts /etc/hosts
#$SSH $fqdn 'echo 127.0.0.1 localhost | tee -a /etc/hosts'
# Remove our lockfile
rm -f $OURDIR/updating-nodes
......
This diff is collapsed.
......@@ -62,6 +62,7 @@ done
# (These were created one-time in setup-lib.sh)
#
cat $OURDIR/mgmt-hosts > /etc/hosts
echo "127.0.0.1 localhost" >> /etc/hosts
for node in $NODES
do
[ "$node" = "$NETWORKMANAGER" ] && continue
......@@ -73,6 +74,7 @@ do
$OURDIR/data-hosts $OURDIR/data-netmask \
$fqdn:$OURDIR
$SSH $fqdn cp $OURDIR/mgmt-hosts /etc/hosts
$SSH $fqdn 'echo 127.0.0.1 localhost | tee -a /etc/hosts'
done
echo "*** Setting up the Management Network"
......
......@@ -54,6 +54,10 @@ DISABLE_SECURITY_GROUPS=0
DEFAULT_SECGROUP_ENABLE_SSH_ICMP=1
VERBOSE_LOGGING="False"
DEBUG_LOGGING="False"
KEYSTONEAPIVERSION=""
TOKENTIMEOUT=14400
SESSIONTIMEOUT=14400
CEILOMETER_USE_WSGI=0
#
# We have an 'adminapi' user that gets a random password. Then, we have
# the dashboard and instance password, that comes in from geni-lib/rspec as a
......@@ -224,13 +228,47 @@ ARCH=`uname -m`
dpkg-query -S /sbin/init | grep -q systemd
HAVE_SYSTEMD=`expr $? = 0`
#
# Figure out which OS/OpenStack this is.
#
OSJUNO=10
OSKILO=11
OSLIBERTY=12
. /etc/lsb-release
if [ ${DISTRIB_CODENAME} = "vivid" ]; then
if [ ${DISTRIB_CODENAME} = "wily" ]; then
OSCODENAME="liberty"
OSVERSION=$OSLIBERTY
REGION="RegionOne"
elif [ ${DISTRIB_CODENAME} = "vivid" ]; then
OSCODENAME="kilo"
OSVERSION=$OSKILO
REGION="RegionOne"
else
OSCODENAME="juno"
OSVERSION=$OSJUNO
REGION="regionOne"
fi
#
# Figure out if we got told to use keystone v2 or v3, or what our
# default should be if not.
#
if [ "x$KEYSTONEAPIVERSION" = "x3" ]; then
# Let them force v3.
KAPISTR='v3'
elif [ "$KEYSTONEAPIVERSION" != "2" -a $OSVERSION -ge $OSLIBERTY ]; then
# If they didn't force v2 or v3, if we're on Liberty or higher, make
# v3 the default
KAPISTR='v3'
KEYSTONEAPIVERSION=3
else
# Otherwise, use version 2 by default (or choice)
KEYSTONEAPIVERSION=2
KAPISTR='v2.0'
fi
if [ $GENIUSER -eq 1 ]; then
SWAPPER_EMAIL=`geni-get slice_email`
else
......
This diff is collapsed.
......@@ -107,7 +107,9 @@ cat <<EOF >> /etc/default/rsync
RSYNC_ENABLE=true
EOF
service rsync start
service_enable rsync
service_restart rsync
service_start rsync
mkdir -p /var/log/swift
chown -R syslog.adm /var/log/swift
......@@ -116,34 +118,60 @@ maybe_install_packages swift swift-account swift-container swift-object
wget -O /etc/swift/account-server.conf \
"https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/${OSCODENAME}"
if [ ! $? -eq 0 ]; then
# Try the EOL version...
wget -O /etc/swift/account-server.conf \