diff --git a/build_lxc.sh b/build_lxc.sh index 787c4bd..fbdfcd3 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash + # Configurable params BRIDGE=${BRIDGE:-br0} CONTAINER=${CONTAINER:-STACK} @@ -18,11 +19,11 @@ if ! grep -q natty /etc/lsb-release; then fi # Install deps -apt-get install lxc debootstrap +apt-get install -y lxc debootstrap # Install cgroup-bin from source, since the packaging is buggy and possibly incompatible with our setup if ! which cgdelete | grep -q cgdelete; then - apt-get install g++ bison flex libpam0g-dev + apt-get install -y g++ bison flex libpam0g-dev wget http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download -O /tmp/libcgroup-0.37.1.tar.bz2 cd /tmp && bunzip2 libcgroup-0.37.1.tar.bz2 && tar xfv libcgroup-0.37.1.tar cd libcgroup-0.37.1 @@ -49,15 +50,21 @@ if [ -d /cgroup/$CONTAINER ]; then cgdelete -r cpu,net_cls:$CONTAINER fi + # Warm the base image on first install CACHEDIR=/var/cache/lxc/natty/rootfs-amd64 if [ ! -d $CACHEDIR ]; then + # by deleting the container, we force lxc-create to re-bootstrap (lxc is + # lazy and doesn't do anything if a container already exists) + lxc-destroy -n $CONTAINER # trigger the initial debootstrap lxc-create -n $CONTAINER -t natty -f $LXC_CONF chroot $CACHEDIR apt-get update - chroot $CACHEDIR apt-get install -y `cat files/apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"` + chroot $CACHEDIR apt-get install -y --force-yes `cat files/apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"` chroot $CACHEDIR pip install `cat files/pips/*` - git clone https://github.com/cloudbuilders/nova.git $CACHEDIR/opt/nova + # FIXME (anthony) - provide ability to vary source locations + #git clone https://github.com/cloudbuilders/nova.git $CACHEDIR/opt/nova + bzr clone lp:~hudson-openstack/nova/milestone-proposed/ $CACHEDIR/opt/nova git clone https://github.com/cloudbuilders/openstackx.git $CACHEDIR/opt/openstackx git clone https://github.com/cloudbuilders/noVNC.git $CACHEDIR/opt/noVNC git clone https://github.com/cloudbuilders/openstack-dashboard.git $CACHEDIR/opt/dash diff --git a/files/dash_settings.py b/files/dash_settings.py index d467da8..6472f82 100644 --- a/files/dash_settings.py +++ b/files/dash_settings.py @@ -61,14 +61,8 @@ QUANTUM_PORT = '9696' QUANTUM_TENANT = '1234' QUANTUM_CLIENT_VERSION='0.1' -# If you have external monitoring links -EXTERNAL_MONITORING = [ - ['Nagios','http://foo.com'], - ['Ganglia','http://bar.com'], -] - -# If you do not have external monitoring links -# EXTERNAL_MONITORING = [] +# We use nixon to embed instead of external monitoring links +EXTERNAL_MONITORING = [] # Uncomment the following segment to silence most logging # django.db and boto DEBUG logging is extremely verbose. diff --git a/files/glance-api.conf b/files/glance-api.conf new file mode 100644 index 0000000..ac2ee94 --- /dev/null +++ b/files/glance-api.conf @@ -0,0 +1,178 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +verbose = True + +# Show debugging output in logs (sets DEBUG log level output) +debug = True + +# Which backend store should Glance use by default is not specified +# in a request to add a new image to Glance? Default: 'file' +# Available choices are 'file', 'swift', and 's3' +default_store = file + +# Address to bind the API server +bind_host = 0.0.0.0 + +# Port the bind the API server to +bind_port = 9292 + +# Address to find the registry server +registry_host = 0.0.0.0 + +# Port the registry server is listening on +registry_port = 9191 + +# Log to this file. Make sure you do not set the same log +# file for both the API and registry servers! +log_file = /var/log/glance/api.log + +# Send logs to syslog (/dev/log) instead of to file specified by `log_file` +use_syslog = False + +# ============ Notification System Options ===================== + +# Notifications can be sent when images are create, updated or deleted. +# There are three methods of sending notifications, logging (via the +# log_file directive), rabbit (via a rabbitmq queue) or noop (no +# notifications sent, the default) +notifier_strategy = noop + +# Configuration options if sending notifications via rabbitmq (these are +# the defaults) +rabbit_host = localhost +rabbit_port = 5672 +rabbit_use_ssl = false +rabbit_userid = guest +rabbit_password = guest +rabbit_virtual_host = / +rabbit_notification_topic = glance_notifications + +# ============ Filesystem Store Options ======================== + +# Directory that the Filesystem backend store +# writes image data to +filesystem_store_datadir = /var/lib/glance/images/ + +# ============ Swift Store Options ============================= + +# Address where the Swift authentication service lives +swift_store_auth_address = 127.0.0.1:8080/v1.0/ + +# User to authenticate against the Swift authentication service +swift_store_user = jdoe + +# Auth key for the user authenticating against the +# Swift authentication service +swift_store_key = a86850deb2742ec3cb41518e26aa2d89 + +# Container within the account that the account should use +# for storing images in Swift +swift_store_container = glance + +# Do we create the container if it does not exist? +swift_store_create_container_on_put = False + +# What size, in MB, should Glance start chunking image files +# and do a large object manifest in Swift? By default, this is +# the maximum object size in Swift, which is 5GB +swift_store_large_object_size = 5120 + +# When doing a large object manifest, what size, in MB, should +# Glance write chunks to Swift? This amount of data is written +# to a temporary disk buffer during the process of chunking +# the image file, and the default is 200MB +swift_store_large_object_chunk_size = 200 + +# Whether to use ServiceNET to communicate with the Swift storage servers. +# (If you aren't RACKSPACE, leave this False!) +# +# To use ServiceNET for authentication, prefix hostname of +# `swift_store_auth_address` with 'snet-'. +# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ +swift_enable_snet = False + +# ============ S3 Store Options ============================= + +# Address where the S3 authentication service lives +s3_store_host = 127.0.0.1:8080/v1.0/ + +# User to authenticate against the S3 authentication service +s3_store_access_key = <20-char AWS access key> + +# Auth key for the user authenticating against the +# S3 authentication service +s3_store_secret_key = <40-char AWS secret key> + +# Container within the account that the account should use +# for storing images in S3. Note that S3 has a flat namespace, +# so you need a unique bucket name for your glance images. An +# easy way to do this is append your AWS access key to "glance". +# S3 buckets in AWS *must* be lowercased, so remember to lowercase +# your AWS access key if you use it in your bucket name below! +s3_store_bucket = glance + +# Do we create the bucket if it does not exist? +s3_store_create_bucket_on_put = False + +# ============ Image Cache Options ======================== + +image_cache_enabled = False + +# Directory that the Image Cache writes data to +# Make sure this is also set in glance-pruner.conf +image_cache_datadir = /var/lib/glance/image-cache/ + +# Number of seconds after which we should consider an incomplete image to be +# stalled and eligible for reaping +image_cache_stall_timeout = 86400 + +# ============ Delayed Delete Options ============================= + +# Turn on/off delayed delete +delayed_delete = False + +# Delayed delete time in seconds +scrub_time = 43200 + +# Directory that the scrubber will use to remind itself of what to delete +# Make sure this is also set in glance-scrubber.conf +scrubber_datadir = /var/lib/glance/scrubber + +[pipeline:glance-api] +#pipeline = versionnegotiation context apiv1app +# NOTE: use the following pipeline for keystone +pipeline = versionnegotiation authtoken context apiv1app + +# To enable Image Cache Management API replace pipeline with below: +# pipeline = versionnegotiation context imagecache apiv1app +# NOTE: use the following pipeline for keystone auth (with caching) +# pipeline = versionnegotiation authtoken context imagecache apiv1app + +[pipeline:versions] +pipeline = versionsapp + +[app:versionsapp] +paste.app_factory = glance.api.versions:app_factory + +[app:apiv1app] +paste.app_factory = glance.api.v1:app_factory + +[filter:versionnegotiation] +paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory + +[filter:imagecache] +paste.filter_factory = glance.api.middleware.image_cache:filter_factory + +[filter:context] +paste.filter_factory = glance.common.context:filter_factory + +[filter:authtoken] +paste.filter_factory = keystone.middleware.auth_token:filter_factory +service_protocol = http +service_host = 127.0.0.1 +service_port = 5000 +auth_host = 127.0.0.1 +auth_port = 5001 +auth_protocol = http +auth_uri = http://127.0.0.1:5000/ +admin_token = 999888777666 diff --git a/files/glance-registry.conf b/files/glance-registry.conf index ea2cf1d..20a29cd 100644 --- a/files/glance-registry.conf +++ b/files/glance-registry.conf @@ -41,9 +41,9 @@ api_limit_max = 1000 limit_param_default = 25 [pipeline:glance-registry] -pipeline = context registryapp +#pipeline = context registryapp # NOTE: use the following pipeline for keystone -# pipeline = authtoken keystone_shim context registryapp +pipeline = authtoken keystone_shim context registryapp [app:registryapp] paste.app_factory = glance.registry.server:app_factory diff --git a/files/keystone.conf b/files/keystone.conf index 622b87d..11b9f5f 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -42,7 +42,8 @@ admin_port = 5001 keystone-admin-role = Admin #Role that allows to perform service admin operations. -keystone-service-admin-role = KeystoneServiceAdmin +# FIXME: need to separate this into a different role like KeystoneServiceAdmin +keystone-service-admin-role = Admin [keystone.backends.sqlalchemy] # SQLAlchemy connection string for the reference implementation registry diff --git a/files/keystone_data.sh b/files/keystone_data.sh index b028557..38310e2 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -5,8 +5,8 @@ $BIN_DIR/keystone-manage $* tenant add admin $BIN_DIR/keystone-manage $* tenant add demo # Users -$BIN_DIR/keystone-manage $* user add demo secrete demo -$BIN_DIR/keystone-manage $* user add admin secrete admin +$BIN_DIR/keystone-manage $* user add admin secrete 1 +$BIN_DIR/keystone-manage $* user add demo secrete 2 # Roles $BIN_DIR/keystone-manage $* role add Admin @@ -21,21 +21,21 @@ $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne glance http://%HOST_ $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne identity http://%HOST_IP%:5000/v2.0 http://%HOST_IP%:5001/v2.0 http://%HOST_IP%:5000/v2.0 1 1 # Tokens -$BIN_DIR/keystone-manage $* token add 999888777666 admin admin 2015-02-05T00:00 +$BIN_DIR/keystone-manage $* token add 999888777666 1 1 2015-02-05T00:00 #Tenant endpoints -$BIN_DIR/keystone-manage $* endpoint add admin 1 -$BIN_DIR/keystone-manage $* endpoint add admin 2 -$BIN_DIR/keystone-manage $* endpoint add admin 3 -$BIN_DIR/keystone-manage $* endpoint add admin 4 -$BIN_DIR/keystone-manage $* endpoint add admin 5 -$BIN_DIR/keystone-manage $* endpoint add admin 6 +$BIN_DIR/keystone-manage $* endpoint add 1 1 +$BIN_DIR/keystone-manage $* endpoint add 1 2 +$BIN_DIR/keystone-manage $* endpoint add 1 3 +$BIN_DIR/keystone-manage $* endpoint add 1 4 +$BIN_DIR/keystone-manage $* endpoint add 1 5 +$BIN_DIR/keystone-manage $* endpoint add 1 6 -$BIN_DIR/keystone-manage $* endpoint add demo 1 -$BIN_DIR/keystone-manage $* endpoint add demo 2 -$BIN_DIR/keystone-manage $* endpoint add demo 3 -$BIN_DIR/keystone-manage $* endpoint add demo 4 -$BIN_DIR/keystone-manage $* endpoint add demo 5 -$BIN_DIR/keystone-manage $* endpoint add demo 6 +$BIN_DIR/keystone-manage $* endpoint add 2 1 +$BIN_DIR/keystone-manage $* endpoint add 2 2 +$BIN_DIR/keystone-manage $* endpoint add 2 3 +$BIN_DIR/keystone-manage $* endpoint add 2 4 +$BIN_DIR/keystone-manage $* endpoint add 2 5 +$BIN_DIR/keystone-manage $* endpoint add 2 6 $BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials" diff --git a/stack.sh b/stack.sh index 418f37b..6229856 100755 --- a/stack.sh +++ b/stack.sh @@ -281,6 +281,9 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf cp $FILES/glance-registry.conf $GLANCE_CONF sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/glance,g" -i $GLANCE_CONF + + GLANCE_API_CONF=$GLANCE_DIR/etc/glance-api.conf + cp $FILES/glance-api.conf $GLANCE_API_CONF fi # Nova @@ -293,7 +296,7 @@ if [[ "$ENABLED_SERVICES" =~ "n-cpu" ]]; then # qcow images) and kvm (hardware based virtualization). If unable to # load kvm, set the libvirt type to qemu. sudo modprobe nbd || true - if ! sudo modprobe kvm; then + if ! -e /dev/kvm; then LIBVIRT_TYPE=qemu fi # User needs to be member of libvirtd group for nova-compute to use libvirt. @@ -318,7 +321,7 @@ fi if [[ "$ENABLED_SERVICES" =~ "n-net" ]]; then # delete traces of nova networks from prior runs - killall dnsmasq || true + sudo killall dnsmasq || true rm -rf $NOVA_DIR/networks mkdir -p $NOVA_DIR/networks fi @@ -408,10 +411,33 @@ function screen_it { screen -d -m -S nova -t nova sleep 1 -screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.conf" -screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf" -screen_it key "$KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF" -screen_it n-api "$NOVA_DIR/bin/nova-api" +if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then + screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf" +fi + +if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then + screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.conf" + while ! wget -q -O- http://$GLANCE_HOSTPORT; do + echo "Waiting for g-api ($GLANCE_HOSTPORT) to start..." + sleep 1 + done +fi + +if [[ "$ENABLED_SERVICES" =~ "key" ]]; then + screen_it key "$KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF" + while ! wget -q -O- http://127.0.0.1:5000; do + echo "Waiting for keystone to start..." + sleep 1 + done +fi + +if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then + screen_it n-api "$NOVA_DIR/bin/nova-api" + while ! wget -q -O- http://127.0.0.1:8774; do + echo "Waiting for nova-api to start..." + sleep 1 + done +fi # Launching nova-compute should be as simple as running ``nova-compute`` but # have to do a little more than that in our script. Since we add the group # ``libvirtd`` to our user in this script, when nova-compute is run it is @@ -441,9 +467,9 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then # add images to glance # FIXME: kernel/ramdisk is hardcoded - use return result from add - glance add name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image - glance add name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image - glance add name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < $FILES/images/ami-tty/image + glance add -A 999888777666 name="tty-kernel" is_public=true container_format=aki disk_format=aki < $FILES/images/aki-tty/image + glance add -A 999888777666 name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < $FILES/images/ari-tty/image + glance add -A 999888777666 name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < $FILES/images/ami-tty/image fi # Using the cloud