From 5855a64434cb94e34880e9a84765dd48671fba79 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Wed, 26 Oct 2011 15:44:27 -0400 Subject: [PATCH 01/10] Add syslog option, off by default. Add syslog option to glance and nova. --- files/glance-api.conf | 2 +- files/glance-registry.conf | 2 +- stack.sh | 8 ++++++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/files/glance-api.conf b/files/glance-api.conf index 0358a7a..3499ff7 100644 --- a/files/glance-api.conf +++ b/files/glance-api.conf @@ -27,7 +27,7 @@ registry_port = 9191 log_file = %DEST%/glance/api.log # Send logs to syslog (/dev/log) instead of to file specified by `log_file` -use_syslog = False +use_syslog = %SYSLOG% # ============ Notification System Options ===================== diff --git a/files/glance-registry.conf b/files/glance-registry.conf index c3ca9a7..351b09f 100644 --- a/files/glance-registry.conf +++ b/files/glance-registry.conf @@ -19,7 +19,7 @@ log_file = %DEST%/glance/registry.log filesystem_store_datadir = %DEST%/glance/images # Send logs to syslog (/dev/log) instead of to file specified by `log_file` -use_syslog = False +use_syslog = %SYSLOG% # SQLAlchemy connection string for the reference implementation # registry server. Any valid SQLAlchemy connection string is fine. diff --git a/stack.sh b/stack.sh index 628ce54..02267d2 100755 --- a/stack.sh +++ b/stack.sh @@ -78,6 +78,9 @@ source ./stackrc # Destination path for installation ``DEST`` DEST=${DEST:-/opt/stack} +# Configure services to syslog instead of writing to individual log files +SYSLOG=${SYSLOG:-False} + # OpenStack is designed to be run as a regular user (Dashboard will fail to run # as root, since apache refused to startup serve content from root user). If # stack.sh is run as root, it automatically creates a stack user with @@ -460,11 +463,13 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/glance,g" -i $GLANCE_CONF sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $GLANCE_CONF sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_CONF + sudo sed -e "s,%SYSLOG%,$SYSLOG,g" -i $GLANCE_CONF GLANCE_API_CONF=$GLANCE_DIR/etc/glance-api.conf cp $FILES/glance-api.conf $GLANCE_API_CONF sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_API_CONF sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $GLANCE_API_CONF + sudo sed -e "s,%SYSLOG%,$SYSLOG,g" -i $GLANCE_API_CONF fi # Nova @@ -579,6 +584,9 @@ fi if [ -n "$MULTI_HOST" ]; then add_nova_flag "--multi_host=$MULTI_HOST" fi +if [ "$SYSLOG" != "False" ]; then + add_nova_flag "--use_syslog=1" +fi # Nova Database # ~~~~~~~~~~~~~ From ab8dbce751c3a514b71df89c31acf4c9bbdf7671 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Wed, 26 Oct 2011 21:23:20 -0700 Subject: [PATCH 02/10] play with how ping tests/sleep works in exercise --- exercise.sh | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/exercise.sh b/exercise.sh index 3f2c94e..feecfaf 100755 --- a/exercise.sh +++ b/exercise.sh @@ -82,8 +82,8 @@ nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP # Waiting for boot # ---------------- -# let's give it 10 seconds to launch -sleep 10 +# let's give it 5 seconds to launch +sleep 5 # check that the status is active nova show $NAME | grep status | grep -q ACTIVE @@ -94,14 +94,13 @@ IP=`nova show $NAME | grep "private network" | cut -d"|" -f3` # for single node deployments, we can ping private ips MULTI_HOST=${MULTI_HOST:-0} if [ "$MULTI_HOST" = "0" ]; then - # ping it once (timeout of a second) - ping -c1 -w1 $IP || true - # sometimes the first ping fails (10 seconds isn't enough time for the VM's - # network to respond?), so let's wait 5 seconds and really test ping - sleep 5 - - ping -c1 -w1 $IP + # network to respond?), so let's for 15 seconds pinging with a timeout + # of a second. + if ! timeout 15 sh -c "while ! ping -c1 -w1 $IP; do sleep 1; done"; then + echo "Couldn't ping server" + exit 1 + fi fi # Security Groups & Floating IPs From 5a774839d73d4d9193e21acc71137f5397962317 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Wed, 26 Oct 2011 21:30:02 -0700 Subject: [PATCH 03/10] more converting sleep -> timeouts --- exercise.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/exercise.sh b/exercise.sh index feecfaf..b79dc3c 100755 --- a/exercise.sh +++ b/exercise.sh @@ -82,11 +82,11 @@ nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP # Waiting for boot # ---------------- -# let's give it 5 seconds to launch -sleep 5 - -# check that the status is active -nova show $NAME | grep status | grep -q ACTIVE +# check that the status is active within 10 seconds +if ! timeout 10 sh -c "while ! nova show $NAME | grep status | grep -q ACTIVE; do sleep 1; done"; then + echo "server didn't become active!" + exit 1 +fi # get the IP of the server IP=`nova show $NAME | grep "private network" | cut -d"|" -f3` @@ -121,21 +121,21 @@ FLOATING_IP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed # add floating ip to our server nova add-floating-ip $NAME $FLOATING_IP -# sleep for a smidge -sleep 5 +# test we can ping our floating ip within 10 seconds +if ! timeout 10 sh -c "while ! ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then + echo "Couldn't ping server with floating ip" + exit 1 +fi -# ping our floating ip ping -c1 -w1 $FLOATING_IP # dis-allow icmp traffic (ping) nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0 -# sleep for a smidge -sleep 5 - -# ping our floating ip -if ( ping -c1 -w1 $FLOATING_IP ); then +# test we can aren't able to ping our floating ip within 10 seconds +if ! timeout 10 sh -c "while ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then print "Security group failure - ping should not be allowed!" + echo "Couldn't ping server with floating ip" exit 1 fi From ac2e166e895eb52286e47ee51a95f0e3d8491932 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Wed, 26 Oct 2011 21:39:56 -0700 Subject: [PATCH 04/10] grammer --- exercise.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exercise.sh b/exercise.sh index b79dc3c..8feda9f 100755 --- a/exercise.sh +++ b/exercise.sh @@ -95,7 +95,7 @@ IP=`nova show $NAME | grep "private network" | cut -d"|" -f3` MULTI_HOST=${MULTI_HOST:-0} if [ "$MULTI_HOST" = "0" ]; then # sometimes the first ping fails (10 seconds isn't enough time for the VM's - # network to respond?), so let's for 15 seconds pinging with a timeout + # network to respond?), so let's ping for 15 seconds with a timeout # of a second. if ! timeout 15 sh -c "while ! ping -c1 -w1 $IP; do sleep 1; done"; then echo "Couldn't ping server" From 53d4a1db2b27ef8549c42d36cda2255bea6576a5 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Wed, 26 Oct 2011 21:46:47 -0700 Subject: [PATCH 05/10] missed removing this ping --- exercise.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/exercise.sh b/exercise.sh index 8feda9f..f512691 100755 --- a/exercise.sh +++ b/exercise.sh @@ -127,8 +127,6 @@ if ! timeout 10 sh -c "while ! ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; the exit 1 fi -ping -c1 -w1 $FLOATING_IP - # dis-allow icmp traffic (ping) nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0 From 509992fe4c24d81af4a14596531c21b4f4543499 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Thu, 27 Oct 2011 11:18:09 -0700 Subject: [PATCH 06/10] if you are running as a regular user add sudo priveledges --- files/sudo/nova | 48 +++++++++++++++++++++++++++++++++++++++++++++++- stack.sh | 10 ++++++++-- 2 files changed, 55 insertions(+), 3 deletions(-) diff --git a/files/sudo/nova b/files/sudo/nova index 3843416..2ce1aac 100644 --- a/files/sudo/nova +++ b/files/sudo/nova @@ -1 +1,47 @@ -socat +Cmnd_Alias NOVACMDS = /bin/chmod /var/lib/nova/tmp/*/root/.ssh, \ + /bin/chown /var/lib/nova/tmp/*/root/.ssh, \ + /bin/chown, \ + /bin/chmod, \ + /bin/dd, \ + /sbin/ifconfig, \ + /sbin/ip, \ + /sbin/route, \ + /sbin/iptables, \ + /sbin/iptables-save, \ + /sbin/iptables-restore, \ + /sbin/ip6tables-save, \ + /sbin/ip6tables-restore, \ + /sbin/kpartx, \ + /sbin/losetup, \ + /sbin/lvcreate, \ + /sbin/lvdisplay, \ + /sbin/lvremove, \ + /bin/mkdir, \ + /bin/mount, \ + /sbin/pvcreate, \ + /usr/bin/tee, \ + /sbin/tune2fs, \ + /bin/umount, \ + /sbin/vgcreate, \ + /usr/bin/virsh, \ + /usr/bin/qemu-nbd, \ + /usr/sbin/brctl, \ + /sbin/brctl, \ + /usr/sbin/radvd, \ + /usr/sbin/vblade-persist, \ + /sbin/pvcreate, \ + /sbin/aoe-discover, \ + /sbin/vgcreate, \ + /bin/aoe-stat, \ + /bin/kill, \ + /sbin/vconfig, \ + /usr/sbin/ietadm, \ + /sbin/vgs, \ + /sbin/iscsiadm, \ + /usr/bin/socat, \ + /sbin/parted, \ + /usr/sbin/dnsmasq, \ + /usr/bin/arping + +%USER% ALL = (root) NOPASSWD: SETENV: NOVACMDS + diff --git a/stack.sh b/stack.sh index 14bcfb2..5366ae3 100755 --- a/stack.sh +++ b/stack.sh @@ -116,6 +116,14 @@ if [[ $EUID -eq 0 ]]; then exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack fi exit 1 +else + # Our user needs passwordless priviledges for certain commands which nova + # uses internally. + # Natty uec images sudoers does not have a '#includedir'. add one. + sudo grep -q "^#includedir.*/etc/nsudoers.d" /etc/sudoers || + echo "#includedir /etc/nsudoers.d" | sudo tee -a /etc/sudoers + sudo cp $FILES/sudo/nova /etc/sudoers.d/stack_sh_nova + sudo sed -e "s,%USER%,$USER,g" -i /etc/sudoers.d/stack_sh_nova fi # Set the destination directories for openstack projects @@ -364,8 +372,6 @@ cd $DASH_DIR/openstack-dashboard; sudo python setup.py develop # it since we are going to run the services in screen for simple cp $FILES/screenrc ~/.screenrc -## TODO: update current user to allow sudo for all commands in files/sudo/* - # Rabbit # --------- From 84a399b43d618fe0d438694a4f1a9d1e9965a930 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Thu, 27 Oct 2011 11:20:38 -0700 Subject: [PATCH 07/10] typo --- stack.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stack.sh b/stack.sh index 5366ae3..b885e20 100755 --- a/stack.sh +++ b/stack.sh @@ -120,8 +120,8 @@ else # Our user needs passwordless priviledges for certain commands which nova # uses internally. # Natty uec images sudoers does not have a '#includedir'. add one. - sudo grep -q "^#includedir.*/etc/nsudoers.d" /etc/sudoers || - echo "#includedir /etc/nsudoers.d" | sudo tee -a /etc/sudoers + sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers || + echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers sudo cp $FILES/sudo/nova /etc/sudoers.d/stack_sh_nova sudo sed -e "s,%USER%,$USER,g" -i /etc/sudoers.d/stack_sh_nova fi From 47bb211cadbf2383c9e03f02858731e57ee3c4d9 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Thu, 27 Oct 2011 11:29:43 -0700 Subject: [PATCH 08/10] need to chmod 440 for sudoers file --- stack.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/stack.sh b/stack.sh index b885e20..82cc157 100755 --- a/stack.sh +++ b/stack.sh @@ -124,6 +124,7 @@ else echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers sudo cp $FILES/sudo/nova /etc/sudoers.d/stack_sh_nova sudo sed -e "s,%USER%,$USER,g" -i /etc/sudoers.d/stack_sh_nova + sudo chmod 0440 /etc/sudoers.d/stack_sh_nova fi # Set the destination directories for openstack projects From b957a855f944f1dd62622679d16ff98cf84e99eb Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Thu, 27 Oct 2011 13:07:37 -0700 Subject: [PATCH 09/10] fix for #109 - set the hostname to GUEST_NAME --- tools/build_kvm.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/build_kvm.sh b/tools/build_kvm.sh index 36457d5..e6cb3e3 100755 --- a/tools/build_kvm.sh +++ b/tools/build_kvm.sh @@ -341,7 +341,14 @@ chroot $ROOTFS chown -R stack $DEST # Change boot params so that we get a console log sudo sed -e "s/quiet splash/splash console=ttyS0 console=ttyS1,19200n8/g" -i $ROOTFS/boot/grub/menu.lst sudo sed -e "s/^hiddenmenu//g" -i $ROOTFS/boot/grub/menu.lst -#chroot $ROOTFS grub-install /dev/vda + +# Set the hostname +echo $GUEST_NAME > $ROOTFS/etc/hostname + +# We need the hostname to resolve for rabbit to launch +if ! grep -q $GUEST_NAME $ROOTFS/etc/hosts; then + echo "$GUEST_IP $GUEST_NAME" >> $ROOTFS/etc/hosts +fi # Unmount umount $ROOTFS || echo 'ok' From 0e74ecb4ac81832fa8d1340e45a2008825067b91 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Thu, 27 Oct 2011 13:21:52 -0700 Subject: [PATCH 10/10] fix so that our first floating ip doesn't end in .0 --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index 82cc157..c79fb46 100755 --- a/stack.sh +++ b/stack.sh @@ -207,7 +207,7 @@ function read_password { PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-eth0} FIXED_RANGE=${FIXED_RANGE:-10.0.0.0/24} FIXED_NETWORK_SIZE=${FIXED_NETWORK_SIZE:-256} -FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.1/28} +FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.224/28} NET_MAN=${NET_MAN:-FlatDHCPManager} EC2_DMZ_HOST=${EC2_DMZ_HOST:-$HOST_IP} FLAT_NETWORK_BRIDGE=${FLAT_NETWORK_BRIDGE:-br100}