openstack deployment script for DEIDtect : modified version of Richards...

openstack deployment script for DEIDtect : modified version of Richards ptcontroller deployment code
parent 8be1cda7
# Author : Li Cai [licai@cs.utah.edu]
# modified : Praveen Kumar Shanmugam [spraveen@cs.utah.edu]
SHELL:=/bin/bash
openstack:
USERNAME=`whoami` ; \
experimentid=`hostname|cut -d '.' -f 2`; \
projectid=`hostname|cut -d '.' -f 3`; \
NODES=(`ssh $$USERNAME@ops.emulab.net "/usr/testbed/bin/node_list -p -e $$projectid,$$experimentid"`); \
nodescount=$${#NODES[@]}; \
computescount=$$(( $$nodescount - 5 )); \
./multi-setup.sh $$experimentid all $$computescount
virt_environment:
USERNAME=`whoami` ; \
experimentid=`hostname|cut -d '.' -f 2`; \
projectid=`hostname|cut -d '.' -f 3`; \
NODES=(`ssh $$USERNAME@ops.emulab.net "/usr/testbed/bin/node_list -p -e $$projectid,$$experimentid"`); \
nodescount=$${#NODES[@]}; \
computescount=$$(( $$nodescount - 5 )); \
./multi-setup.sh $$experimentid virt_environment $$computescount
images_upload:
USERNAME=`whoami` ; \
experimentid=`hostname|cut -d '.' -f 2`; \
projectid=`hostname|cut -d '.' -f 3`; \
NODES=(`ssh $$USERNAME@ops.emulab.net "/usr/testbed/bin/node_list -p -e $$projectid,$$experimentid"`); \
nodescount=$${#NODES[@]}; \
computescount=$$(( $$nodescount - 5 )); \
./multi-setup.sh $$experimentid images_upload $$computescount
images_update:
USERNAME=`whoami` ; \
experimentid=`hostname|cut -d '.' -f 2`; \
projectid=`hostname|cut -d '.' -f 3`; \
NODES=(`ssh $$USERNAME@ops.emulab.net "/usr/testbed/bin/node_list -p -e $$projectid,$$experimentid"`); \
nodescount=$${#NODES[@]}; \
computescount=$$(( $$nodescount - 5 )); \
./multi-setup.sh $$experimentid images_update $$computescount
rejoin_disk:
USERNAME=`whoami` ; \
experimentid=`hostname|cut -d '.' -f 2`; \
projectid=`hostname|cut -d '.' -f 3`; \
NODES=(`ssh $$USERNAME@ops.emulab.net "/usr/testbed/bin/node_list -p -e $$projectid,$$experimentid"`); \
nodescount=$${#NODES[@]}; \
computescount=$$(( $$nodescount - 5 )); \
./multi-setup.sh $$experimentid rejoin_disk $$computescount
ifsetup:
USERNAME=`whoami` ; \
experimentid=`hostname|cut -d '.' -f 2`; \
projectid=`hostname|cut -d '.' -f 3`; \
NODES=(`ssh $$USERNAME@ops.emulab.net "/usr/testbed/bin/node_list -p -e $$projectid,$$experimentid"`); \
nodescount=$${#NODES[@]}; \
computescount=$$(( $$nodescount - 5 )); \
./multi-setup.sh $$experimentid ifsetup $$computescount
all:
openstack
Parent Reposiroty : git@gitlab.flux.utah.edu:licai/ptcontroller.git
Credits : Li Cai [licai@cs.utah.edu]
TO build openstack for DEIDtect
1. Create an experiment on Emulab using the
deidtect/Code/IDS/emulab-ns/openstackDeployment.ns
or
Swap in "TCloud/DEIDtect-LocalTap"
2. log on the **ext node**, after the experiment get ready,
3. cd to "deidtect/Code/OpenStack/build_juno"
4. make & and wait for it to finish! [takes around 45 min]
sudo su -s /bin/sh -c " echo 'deb http://ubuntu-cloud.archive.canonical.com/ubuntu' 'trusty-updates/juno main' > /etc/apt/sources.list.d/cloudarchive-juno.list; " root ;
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=1111
export OS_AUTH_URL=http://controller:35357/v2.0
export LC_ALL=C
#!/usr/bin/expect --
set password [lindex $argv 0];
spawn mysql_secure_installation
expect "Enter current password for root (enter for none):"
send "${password}\r"
expect "Change the root password?"
send "n\r"
expect "Remove anonymous users?"
send "y\r"
expect "Disallow root login remotely?"
send "y\r"
expect "Remove test database and access to it?"
send "y\r"
expect "Reload privilege tables now?"
send "y\r"
puts "Ended expect script.\r"
#!/bin/bash
source $(cd `dirname $0`; pwd)/admin-openrc.sh
declare -x OS_SERVICE_TOKEN=1111; declare -x OS_SERVICE_ENDPOINT=http://controller:35357/v2.0;
if [ "$1" == "id" ]; then
keystone service-list |grep keystone | awk 'BEGIN{FS=" "}{print $2}'
fi
if [ "$1" == "image" ]; then
keystone service-list | awk '/ image / {print $2}'
fi
if [ "$1" == "nova.controller" ]; then
keystone service-list | awk '/ compute / {print $2}'
fi
if [ "$1" == "neutron.controller" ]; then
keystone service-list | awk '/ network / {print $2}'
fi
if [ "$1" == "service_tenant_id" ]; then
keystone tenant-get service|grep id|awk -F' ' '{print $4}'
fi
if [ "$1" == "ext_mac" ]; then
sudo cat /var/emulab/boot/tmcc/ifconfig | grep 192.168.0 | awk -F'MAC=' '{print $2}' | awk '{print $1}';
fi
if [ "$1" == "tunnel_ip" ]; then
sudo cat /var/emulab/boot/tmcc/ifconfig | grep 10.0.1 | awk -F'INET=' '{print $2}' | awk '{print $1}'
fi
if [ "$1" == "experiment_name" ]; then
hostname | awk -F'.' '{print $2}'
fi
if [ "$1" == "my_ip" ]; then
sudo cat /var/emulab/boot/tmcc/ifconfig | grep 10.0.0 | awk -F'INET=' '{print $2}' | awk '{print $1}'
fi
if [ "$1" == "find_disk" ]; then
DISKARR=(`sudo fdisk -l 2>&1 | grep ': 600'| awk -F':' '{print $1}'|awk -F' ' '{print $2}'`)
if [ ${DISKARR[0]} != "" ]; then
sudo fdisk -l|grep 545259520|awk -F' ' '{print $1}'
fi
sudo fdisk -l|grep 230686720|awk -F' ' '{print $1}'
fi
if [ "$1" == "cinder1" ]; then
keystone service-list | awk '/ volume / {print $2}'
fi
if [ "$1" == "cinder2" ]; then
keystone service-list | awk '/ volumev2 / {print $2}'
fi
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volumes_dir = /var/lib/cinder/volumes
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = 1111
my_ip = 10.0.0.11
verbose = True
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = cinder
admin_password = 1111
[database]
connection = mysql://cinder:1111@controller/cinder
[ml2]
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch
# (ListOpt) List of network type driver entrypoints to be loaded from
# the neutron.ml2.type_drivers namespace.
#
# type_drivers = local,flat,vlan,gre,vxlan
# Example: type_drivers = flat,vlan,gre,vxlan
# (ListOpt) Ordered list of network_types to allocate as tenant
# networks. The default value 'local' is useful for single-box testing
# but provides no connectivity between hosts.
#
# tenant_network_types = local
# Example: tenant_network_types = vlan,gre,vxlan
# (ListOpt) Ordered list of networking mechanism driver entrypoints
# to be loaded from the neutron.ml2.mechanism_drivers namespace.
# mechanism_drivers =
# Example: mechanism_drivers = openvswitch,mlnx
# Example: mechanism_drivers = arista
# Example: mechanism_drivers = cisco,logger
# Example: mechanism_drivers = openvswitch,brocade
# Example: mechanism_drivers = linuxbridge,brocade
# (ListOpt) Ordered list of extension driver entrypoints
# to be loaded from the neutron.ml2.extension_drivers namespace.
# extension_drivers =
# Example: extension_drivers = anewextensiondriver
[ml2_type_flat]
# (ListOpt) List of physical_network names with which flat networks
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
# flat_networks =
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
[ml2_type_vlan]
# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples
# specifying physical_network names usable for VLAN provider and
# tenant networks, as well as ranges of VLAN tags on each
# physical_network available for allocation as tenant networks.
#
# network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
[ml2_type_gre]
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
# tunnel_id_ranges =
tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating
# ranges of VXLAN VNI IDs that are available for tenant network allocation.
#
# vni_ranges =
# (StrOpt) Multicast group for the VXLAN interface. When configured, will
# enable sending all broadcast traffic to this multicast group. When left
# unconfigured, will disable multicast VXLAN mode.
#
# vxlan_group =
# Example: vxlan_group = 239.1.1.1
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
# enable_security_group = True
# Use ipset to speed-up the iptables security groups. Enabling ipset support
# requires that ipset is installed on L2 agent node.
# enable_ipset = True
[ovs]
local_ip = LOCAL_IP
enable_tunneling = True
[agent]
tunnel_types = gre
This diff is collapsed.
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
#instances_path=$state_path/instances
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = 1111
my_ip = MY_IP
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = MY_IP
novncproxy_base_url = http://controller.EXPERIMENT_NAME.tcloud.emulab.net:6080/vnc_auto.html
verbose = True
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = 1111
[glance]
host = controller
[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
#instances_path=$state_path/instances
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = 1111
my_ip = MY_IP
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = MY_IP
novncproxy_base_url = http://controller.EXPERIMENT_NAME.tcloud.emulab.net:6080/vnc_auto.html
verbose = True
auth_strategy = keystone
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = 1111
[glance]
host = controller
[neutron]
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = 1111
[ml2]
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch
# (ListOpt) List of network type driver entrypoints to be loaded from
# the neutron.ml2.type_drivers namespace.
#
# type_drivers = local,flat,vlan,gre,vxlan
# Example: type_drivers = flat,vlan,gre,vxlan
# (ListOpt) Ordered list of network_types to allocate as tenant
# networks. The default value 'local' is useful for single-box testing
# but provides no connectivity between hosts.
#
# tenant_network_types = local
# Example: tenant_network_types = vlan,gre,vxlan
# (ListOpt) Ordered list of networking mechanism driver entrypoints
# to be loaded from the neutron.ml2.mechanism_drivers namespace.
# mechanism_drivers =
# Example: mechanism_drivers = openvswitch,mlnx
# Example: mechanism_drivers = arista
# Example: mechanism_drivers = cisco,logger
# Example: mechanism_drivers = openvswitch,brocade
# Example: mechanism_drivers = linuxbridge,brocade
# (ListOpt) Ordered list of extension driver entrypoints
# to be loaded from the neutron.ml2.extension_drivers namespace.
# extension_drivers =
# Example: extension_drivers = anewextensiondriver
[ml2_type_flat]
# (ListOpt) List of physical_network names with which flat networks
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
# flat_networks =
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
[ml2_type_vlan]
# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples
# specifying physical_network names usable for VLAN provider and
# tenant networks, as well as ranges of VLAN tags on each
# physical_network available for allocation as tenant networks.
#
# network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
[ml2_type_gre]
tunnel_id_ranges = 1:1000
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
# tunnel_id_ranges =
[ml2_type_vxlan]
# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating
# ranges of VXLAN VNI IDs that are available for tenant network allocation.
#
# vni_ranges =
# (StrOpt) Multicast group for the VXLAN interface. When configured, will
# enable sending all broadcast traffic to this multicast group. When left
# unconfigured, will disable multicast VXLAN mode.
#
# vxlan_group =
# Example: vxlan_group = 239.1.1.1
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDrive
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
# enable_security_group = True
# Use ipset to speed-up the iptables security groups. Enabling ipset support
# requires that ipset is installed on L2 agent node.
# enable_ipset = True
This diff is collapsed.
[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = 1111
auth_strategy = keystone
verbose = True
my_ip = 10.0.0.11
vncserver_listen = 10.0.0.11
vncserver_proxyclient_address = 10.0.0.11
[glance]
host = controller
[database]
connection = mysql://nova:1111@controller/nova
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = 1111
[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = 1111
auth_strategy = keystone
verbose = True
my_ip = 10.0.0.11
vncserver_listen = 10.0.0.11
vncserver_proxyclient_address = 10.0.0.11
[glance]
host = controller
[database]
connection = mysql://nova:1111@controller/nova
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = 1111
[neutron]
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = 1111
[DEFAULT]
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = 1111
auth_strategy = keystone
verbose = True
my_ip = 10.0.0.11
vncserver_listen = 10.0.0.11
vncserver_proxyclient_address = 10.0.0.11
[glance]
host = controller
[database]
connection = mysql://nova:1111@controller/nova
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = 1111
[neutron]
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = 1111
service_metadata_proxy = True
metadata_proxy_shared_secret = 1111