From 40203cb1c4416bffe356c9cb94b08ed1cc04b04a Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 09:17:56 -0700 Subject: [PATCH 01/42] tweaks to cache warming, and better comments --- build_lxc.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index 2ef5c08..e4fda6e 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -10,16 +10,19 @@ NAMESERVER=${NAMESERVER:-192.168.1.1} COPYENV=${COPYENV:-1} WARMCACHE=${WARMCACHE:-0} -# Destroy any existing container +# Shutdown any existing container lxc-stop -n $CONTAINER sleep 1 +# This prevents zombie containers cgdelete -r cpu,net_cls:$CONTAINER sleep 1 +# Destroy the old container lxc-destroy -n $CONTAINER sleep 1 +# Warm the base image on first run or when WARMCACHE=1 CACHEDIR=/var/cache/lxc/natty/rootfs-amd64 -if [ "$WARMCACHE" = "1" ]; then +if [ "$WARMCACHE" = "1" ] || [ ! -d $CACHEDIR ]; then if [ -d $CACHEDIR ]; then # Pre-cache files chroot $CACHEDIR apt-get update @@ -29,17 +32,18 @@ if [ "$WARMCACHE" = "1" ]; then fi # Create network configuration -NET_CONF=/tmp/net.conf -cat > $NET_CONF < $LXC_CONF < Date: Tue, 13 Sep 2011 09:20:58 -0700 Subject: [PATCH 02/42] fix apache logging --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index 647ddbe..3d21df5 100755 --- a/stack.sh +++ b/stack.sh @@ -264,7 +264,7 @@ screen_it n-net "$NOVA_DIR/bin/nova-network" screen_it n-sch "$NOVA_DIR/bin/nova-scheduler" # nova-vncproxy binds a privileged port, and so needs sudo screen_it n-vnc "sudo $NOVA_DIR/bin/nova-vncproxy" -screen_it dash "sudo /etc/init.d/apache2 restart; tail -f /var/log/apache2/error.log" +screen_it dash "sudo /etc/init.d/apache2 restart; sudo tail -f /var/log/apache2/error.log" # Install Images # ============== From bdbe6d98dbb1f1ef8b2e981760134c45499aabe3 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 09:43:46 -0700 Subject: [PATCH 03/42] allow for enabling/disabling of services. separate source dir from opt in lxc --- build_lxc.sh | 4 ++-- stack.sh | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index e4fda6e..628ac85 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -97,8 +97,8 @@ echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers # Install and run stack.sh apt-get update apt-get -y --force-yes install git-core vim-nox sudo -su -c "git clone git://github.com/cloudbuilders/nfs-stack.git /opt/nfs-stack" stack -su -c "cd /opt/nfs-stack && ./stack.sh" stack +su -c "git clone git://github.com/cloudbuilders/nfs-stack.git ~/nfs-stack" stack +su -c "cd ~/nfs-stack && ./stack.sh" stack EOF chmod 700 $INSTALL_SH diff --git a/stack.sh b/stack.sh index 3d21df5..21a66ed 100755 --- a/stack.sh +++ b/stack.sh @@ -34,6 +34,7 @@ KEYSTONE_DIR=$DEST/keystone NOVACLIENT_DIR=$DEST/python-novaclient API_DIR=$DEST/openstackx NOVNC_DIR=$DEST/noVNC +ENABLED_SERVICES=g-api,g-reg,key,n-api,n-cpu,n-net,n-sch,n-vnc,dash # Use the first IP unless an explicit is set by ``HOST_IP`` environment variable if [ ! -n "$HOST_IP" ]; then @@ -248,9 +249,13 @@ rm -f $GLANCE_DIR/glance.sqlite # nova api crashes if we start it with a regular screen command, # so send the start command by forcing text into the window. +ENABLED_SERVICES=g-api,g-reg,key,n-api,n-cpu,n-net,n-sch,n-vnc,dash function screen_it { screen -S nova -X screen -t $1 - screen -S nova -p $1 -X stuff "$2$NL" + # only run the services specified in $ENABLED_SERVICES + if [[ $ENABLED_SERVICES == *$2* ]] then + screen -S nova -p $1 -X stuff "$2$NL" + fi } screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.conf" From 7c3e5ed0552d30f9be052b55d6e6a98b9b45682a Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 09:57:31 -0700 Subject: [PATCH 04/42] more lxc cleanup - better stack user configuration --- build_lxc.sh | 51 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index 628ac85..d3dd7ad 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -12,13 +12,12 @@ WARMCACHE=${WARMCACHE:-0} # Shutdown any existing container lxc-stop -n $CONTAINER -sleep 1 + # This prevents zombie containers cgdelete -r cpu,net_cls:$CONTAINER -sleep 1 + # Destroy the old container lxc-destroy -n $CONTAINER -sleep 1 # Warm the base image on first run or when WARMCACHE=1 CACHEDIR=/var/cache/lxc/natty/rootfs-amd64 @@ -42,13 +41,27 @@ lxc.network.ipv4 = $CONTAINER_CIDR lxc.cgroup.devices.allow = c 10:200 rwm EOF -# Configure the network +# Create the container lxc-create -n $CONTAINER -t natty -f $LXC_CONF -sleep 2 -# Where our container lives +# Specify where our container lives ROOTFS=/var/lib/lxc/$CONTAINER/rootfs/ +# set root password to password +echo root:pass | chroot $ROOTFS chpasswd + +# Create a stack user that is a member of the libvirtd group so that stack +# is able to interact with libvirt. +chroot $ROOTFS groupadd libvirtd +chroot $ROOTFS useradd stack -s /bin/bash -d /opt -G libvirtd + +# a simple password - pass +echo stack:pass | chroot $ROOTFS chpasswd + +# and has sudo ability (in the future this should be limited to only what +# stack requires) +echo "stack ALL=(ALL) NOPASSWD: ALL" >> $ROOTFS/etc/sudoers + # Copy over your ssh keys and env if desired if [ "$COPYENV" = "1" ]; then cp -pr ~/.ssh $ROOTFS/root/.ssh @@ -56,8 +69,17 @@ if [ "$COPYENV" = "1" ]; then cp -pr ~/.gitconfig $ROOTFS/root/.gitconfig cp -pr ~/.vimrc $ROOTFS/root/.vimrc cp -pr ~/.bashrc $ROOTFS/root/.bashrc + + cp -pr ~/.ssh $ROOTFS/opt/.ssh + cp -p ~/.ssh/id_rsa.pub $ROOTFS/opt/.ssh/authorized_keys + cp -pr ~/.gitconfig $ROOTFS/opt/.gitconfig + cp -pr ~/.vimrc $ROOTFS/opt/.vimrc + cp -pr ~/.bashrc $ROOTFS/opt/.bashrc fi +# give stack ownership over /opt so it may do the work needed +chroot $ROOTFS chown -R stack /opt + # Configure instance network INTERFACES=$ROOTFS/etc/network/interfaces cat > $INTERFACES < $INSTALL_SH < /etc/rc.local +# Make sure dns is set up echo "nameserver $NAMESERVER" | resolvconf -a eth0 sleep 1 -# Create a stack user that is a member of the libvirtd group so that stack -# is able to interact with libvirt. -groupadd libvirtd -useradd stack -s /bin/bash -d /opt -G libvirtd - -# a simple password - pass -echo stack:pass | chpasswd - -# give stack ownership over /opt so it may do the work needed -chown -R stack /opt - -# and has sudo ability (in the future this should be limited to only what -# stack requires) - -echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers # Install and run stack.sh apt-get update From 1003952b169472992792226b8ffdca5b92b3ac8e Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 10:05:07 -0700 Subject: [PATCH 05/42] comment tweaks, provide CLEAN option to stack.sh --- build_lxc.sh | 2 +- stack.sh | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index d3dd7ad..5e07b1a 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -77,7 +77,7 @@ if [ "$COPYENV" = "1" ]; then cp -pr ~/.bashrc $ROOTFS/opt/.bashrc fi -# give stack ownership over /opt so it may do the work needed +# Give stack ownership over /opt so it may do the work needed chroot $ROOTFS chown -R stack /opt # Configure instance network diff --git a/stack.sh b/stack.sh index 21a66ed..0fe84ad 100755 --- a/stack.sh +++ b/stack.sh @@ -26,6 +26,13 @@ set -o xtrace DIR=`pwd` DEST=/opt +# Provide option to move aside any old code +if [ "$CLEAN" = "1"]; then + TMPDIR=/tmp/stackbak_`date +%s` + mkdir $TMPDIR + mv $DEST/* $TMPDIR +fi + # Set the destination directories for openstack projects NOVA_DIR=$DEST/nova DASH_DIR=$DEST/dash @@ -249,7 +256,6 @@ rm -f $GLANCE_DIR/glance.sqlite # nova api crashes if we start it with a regular screen command, # so send the start command by forcing text into the window. -ENABLED_SERVICES=g-api,g-reg,key,n-api,n-cpu,n-net,n-sch,n-vnc,dash function screen_it { screen -S nova -X screen -t $1 # only run the services specified in $ENABLED_SERVICES From 9c261ef9386c22b9fbfcac1778b2d32de7600a39 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 10:13:23 -0700 Subject: [PATCH 06/42] simplifications - remove CLEAN option, remove unneccesary lxc code --- build_lxc.sh | 15 --------------- stack.sh | 7 ------- 2 files changed, 22 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index 5e07b1a..1f33a33 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -64,12 +64,6 @@ echo "stack ALL=(ALL) NOPASSWD: ALL" >> $ROOTFS/etc/sudoers # Copy over your ssh keys and env if desired if [ "$COPYENV" = "1" ]; then - cp -pr ~/.ssh $ROOTFS/root/.ssh - cp -p ~/.ssh/id_rsa.pub $ROOTFS/root/.ssh/authorized_keys - cp -pr ~/.gitconfig $ROOTFS/root/.gitconfig - cp -pr ~/.vimrc $ROOTFS/root/.vimrc - cp -pr ~/.bashrc $ROOTFS/root/.bashrc - cp -pr ~/.ssh $ROOTFS/opt/.ssh cp -p ~/.ssh/id_rsa.pub $ROOTFS/opt/.ssh/authorized_keys cp -pr ~/.gitconfig $ROOTFS/opt/.gitconfig @@ -125,12 +119,3 @@ mount none -t cgroup /cgroup # Start our container lxc-start -d -n $CONTAINER - -cat << EOF > /bin/remove_dead_cgroup.shecho -"Removing dead cgroup .$CONTAINER." >> /var/log/cgroup -rmdir /cgroup/$CONTAINER >> /var/log/cgroup 2>&1 -echo "return value was $?" >> /var/log/cgroup -EOF -chmod 755 /bin/remove_dead_cgroup.sh -echo /bin/remove_dead_cgroup.sh > /cgroup/release_agent -echo 1 > /cgroup/notify_on_release diff --git a/stack.sh b/stack.sh index 0fe84ad..c72a3af 100755 --- a/stack.sh +++ b/stack.sh @@ -26,13 +26,6 @@ set -o xtrace DIR=`pwd` DEST=/opt -# Provide option to move aside any old code -if [ "$CLEAN" = "1"]; then - TMPDIR=/tmp/stackbak_`date +%s` - mkdir $TMPDIR - mv $DEST/* $TMPDIR -fi - # Set the destination directories for openstack projects NOVA_DIR=$DEST/nova DASH_DIR=$DEST/dash From b748e69f0bb136e9e9eca54d6d3a68f786eeab3b Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 10:16:13 -0700 Subject: [PATCH 07/42] give container a cooler name --- build_lxc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_lxc.sh b/build_lxc.sh index 1f33a33..4faa2e7 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -1,7 +1,7 @@ #!/bin/bash # Configurable params BRIDGE=${BRIDGE:-br0} -CONTAINER=${CONTAINER:-TESTER} +CONTAINER=${CONTAINER:-STACK} CONTAINER_IP=${CONTAINER_IP:-192.168.1.50} CONTAINER_CIDR=${CONTAINER_CIDR:-$CONTAINER_IP/24} CONTAINER_NETMASK=${CONTAINER_NETMASK:-255.255.255.0} From 6053496ebc8471890c26cc2845dad0c98d2f9832 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 10:40:04 -0700 Subject: [PATCH 08/42] simplify pre-cache procedure --- build_lxc.sh | 44 +++++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index 4faa2e7..ba26f4f 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -8,30 +8,9 @@ CONTAINER_NETMASK=${CONTAINER_NETMASK:-255.255.255.0} CONTAINER_GATEWAY=${CONTAINER_GATEWAY:-192.168.1.1} NAMESERVER=${NAMESERVER:-192.168.1.1} COPYENV=${COPYENV:-1} -WARMCACHE=${WARMCACHE:-0} -# Shutdown any existing container -lxc-stop -n $CONTAINER - -# This prevents zombie containers -cgdelete -r cpu,net_cls:$CONTAINER - -# Destroy the old container -lxc-destroy -n $CONTAINER - -# Warm the base image on first run or when WARMCACHE=1 -CACHEDIR=/var/cache/lxc/natty/rootfs-amd64 -if [ "$WARMCACHE" = "1" ] || [ ! -d $CACHEDIR ]; then - if [ -d $CACHEDIR ]; then - # Pre-cache files - chroot $CACHEDIR apt-get update - chroot $CACHEDIR apt-get install -y `cat apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"` - chroot $CACHEDIR pip install `cat pips/*` - fi -fi - -# Create network configuration -LXC_CONF=/tmp/net.conf +# Create lxc configuration +LXC_CONF=/tmp/$CONTAINER.conf cat > $LXC_CONF < Date: Tue, 13 Sep 2011 10:43:44 -0700 Subject: [PATCH 09/42] no need to set root password --- build_lxc.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index ba26f4f..4b10afc 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -42,12 +42,9 @@ lxc-destroy -n $CONTAINER # Create the container lxc-create -n $CONTAINER -t natty -f $LXC_CONF -# Specify where our container lives +# Specify where our container rootfs lives ROOTFS=/var/lib/lxc/$CONTAINER/rootfs/ -# set root password to password -echo root:pass | chroot $ROOTFS chpasswd - # Create a stack user that is a member of the libvirtd group so that stack # is able to interact with libvirt. chroot $ROOTFS groupadd libvirtd From 17969713a5c2a3e22fd2886f22a14607b3d5c6ea Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 10:57:25 -0700 Subject: [PATCH 10/42] missing semi-colon --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index c72a3af..d1eba98 100755 --- a/stack.sh +++ b/stack.sh @@ -252,7 +252,7 @@ rm -f $GLANCE_DIR/glance.sqlite function screen_it { screen -S nova -X screen -t $1 # only run the services specified in $ENABLED_SERVICES - if [[ $ENABLED_SERVICES == *$2* ]] then + if [[ $ENABLED_SERVICES == *$2* ]]; then screen -S nova -p $1 -X stuff "$2$NL" fi } From 2135cf87c2455d73bf8dbe426c9983453330a883 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 11:07:11 -0700 Subject: [PATCH 11/42] back out service selection --- stack.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/stack.sh b/stack.sh index d1eba98..50a4bcf 100755 --- a/stack.sh +++ b/stack.sh @@ -251,10 +251,7 @@ rm -f $GLANCE_DIR/glance.sqlite # so send the start command by forcing text into the window. function screen_it { screen -S nova -X screen -t $1 - # only run the services specified in $ENABLED_SERVICES - if [[ $ENABLED_SERVICES == *$2* ]]; then - screen -S nova -p $1 -X stuff "$2$NL" - fi + screen -S nova -p $1 -X stuff "$2$NL" } screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.conf" From 292e46d0013be51384225d934423c5f26444ddf4 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 11:28:56 -0700 Subject: [PATCH 12/42] fix service enablement --- stack.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/stack.sh b/stack.sh index 50a4bcf..8e871de 100755 --- a/stack.sh +++ b/stack.sh @@ -250,8 +250,11 @@ rm -f $GLANCE_DIR/glance.sqlite # nova api crashes if we start it with a regular screen command, # so send the start command by forcing text into the window. function screen_it { - screen -S nova -X screen -t $1 - screen -S nova -p $1 -X stuff "$2$NL" + # only run the services specified in $ENABLED_SERVICES + if [[ "$ENABLED_SERVICES" =~ "$1" ]]; then + screen -S nova -X screen -t $1 + screen -S nova -p $1 -X stuff "$2$NL" + fi } screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.conf" From 3a0931273be9d701781d9a02ebe97f1bf4979782 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 19:01:45 +0000 Subject: [PATCH 13/42] make keystone use mysql --- files/keystone.conf | 86 +++++++++++++++++++++++++++++++++++++++++++++ stack.sh | 11 +++--- 2 files changed, 93 insertions(+), 4 deletions(-) create mode 100755 files/keystone.conf diff --git a/files/keystone.conf b/files/keystone.conf new file mode 100755 index 0000000..4e775ab --- /dev/null +++ b/files/keystone.conf @@ -0,0 +1,86 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +verbose = False + +# Show debugging output in logs (sets DEBUG log level output) +debug = False + +# Which backend store should Keystone use by default. +# Default: 'sqlite' +# Available choices are 'sqlite' [future will include LDAP, PAM, etc] +default_store = sqlite + +# Log to this file. Make sure you do not set the same log +# file for both the API and registry servers! +log_file = /opt/keystone/keystone.log + +# List of backends to be configured +backends = keystone.backends.sqlalchemy +#For LDAP support, add: ,keystone.backends.ldap + +# Dictionary Maps every service to a header.Missing services would get header +# X_(SERVICE_NAME) Key => Service Name, Value => Header Name +service-header-mappings = { + 'nova' : 'X-Server-Management-Url', + 'swift' : 'X-Storage-Url', + 'cdn' : 'X-CDN-Management-Url'} + +# Address to bind the API server +# TODO Properties defined within app not available via pipeline. +service_host = 0.0.0.0 + +# Port the bind the API server to +service_port = 5000 + +# Address to bind the Admin API server +admin_host = 0.0.0.0 + +# Port the bind the Admin API server to +admin_port = 5001 + +#Role that allows to perform admin operations. +keystone-admin-role = Admin + +#Role that allows to perform service admin operations. +keystone-service-admin-role = KeystoneServiceAdmin + +[keystone.backends.sqlalchemy] +# SQLAlchemy connection string for the reference implementation registry +# server. Any valid SQLAlchemy connection string is fine. +# See: http://bit.ly/ideIpI +#sql_connection = sqlite:///keystone.db +sql_connection = mysql://root:nova@localhost/keystone +backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant', + 'User', 'Credentials', 'EndpointTemplates', 'Token', + 'Service'] + +# Period in seconds after which SQLAlchemy should reestablish its connection +# to the database. +sql_idle_timeout = 30 + +[pipeline:admin] +pipeline = + urlrewritefilter + admin_api + +[pipeline:keystone-legacy-auth] +pipeline = + urlrewritefilter + legacy_auth + RAX-KEY-extension + service_api + +[app:service_api] +paste.app_factory = keystone.server:service_app_factory + +[app:admin_api] +paste.app_factory = keystone.server:admin_app_factory + +[filter:urlrewritefilter] +paste.filter_factory = keystone.middleware.url:filter_factory + +[filter:legacy_auth] +paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory + +[filter:RAX-KEY-extension] +paste.filter_factory = keystone.contrib.extensions.service.raxkey.frontend:filter_factory diff --git a/stack.sh b/stack.sh index 8e871de..d8ad2b1 100755 --- a/stack.sh +++ b/stack.sh @@ -222,12 +222,15 @@ mkdir -p $NOVA_DIR/networks # (re)create nova database mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE nova;' || true mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE nova;' +mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE keystone;' || true +mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE keystone;' $NOVA_DIR/bin/nova-manage db sync +# FIXME (anthony) keystone should use keystone.conf.example +KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf +cp $DIR/files/keystone.conf $KEYSTONE_CONF + # initialize keystone with default users/endpoints -rm -f /opt/keystone/keystone.db -# FIXME keystone creates a keystone.log wherever you run it from (bugify) -cd /tmp BIN_DIR=$KEYSTONE_DIR/bin bash $DIR/files/keystone_data.sh # create a small network @@ -261,7 +264,7 @@ screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.con screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf" # keystone drops a keystone.log where if it is run, so change the path to # where it can write -screen_it key "cd /tmp; $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_DIR/etc/keystone.conf" +screen_it key "cd /tmp; $KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF" screen_it n-api "$NOVA_DIR/bin/nova-api" screen_it n-cpu "$NOVA_DIR/bin/nova-compute" screen_it n-net "$NOVA_DIR/bin/nova-network" From dfcd2003481a3f312ab0120f9308aa75a8f708c9 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Tue, 13 Sep 2011 13:17:22 -0700 Subject: [PATCH 14/42] update docs --- stack.sh | 61 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 32 insertions(+), 29 deletions(-) diff --git a/stack.sh b/stack.sh index d8ad2b1..0f83fb5 100755 --- a/stack.sh +++ b/stack.sh @@ -124,18 +124,13 @@ sudo usermod -a -G libvirtd `whoami` # if kvm wasn't running before we need to restart libvirt to enable it sudo /etc/init.d/libvirt-bin restart -# FIXME(ja): should LIBVIRT_TYPE be kvm if kvm module is loaded? +## FIXME(ja): should LIBVIRT_TYPE be kvm if kvm module is loaded? -# setup nova instance directory -mkdir -p $NOVA_DIR/instances +# add useful screenrc +cp $DIR/files/screenrc ~/.screenrc + +# TODO: update current user to allow sudo for all commands in files/sudo/* -# if there is a partition labeled nova-instances use it (ext filesystems -# can be labeled via e2label) -# FIXME: if already mounted this blows up... -if [ -L /dev/disk/by-label/nova-instances ]; then - sudo mount -L nova-instances $NOVA_DIR/instances - sudo chown -R `whoami` $NOVA_DIR/instances -fi # Dashboard # --------- @@ -153,36 +148,37 @@ cd $DASH_DIR/openstack-dashboard cp local/local_settings.py.example local/local_settings.py dashboard/manage.py syncdb -# setup apache -# create an empty directory to use as our +# create an empty directory that apache uses as docroot mkdir $DASH_DIR/.blackhole -# FIXME(ja): can't figure out how to make $DASH_DIR work in sed, also install to available/a2e it +## FIXME(ja): can't figure out how to make $DASH_DIR work in sed, also install to available/a2e it cat $DIR/files/000-default.template | sed 's/%DASH_DIR%/\/opt\/dash/g' > /tmp/000-default sudo mv /tmp/000-default /etc/apache2/sites-enabled -# ``python setup.py develop`` left some files owned by root in $DASH_DIR and +# ``python setup.py develop`` left some files owned by root in ``DASH_DIR`` and # others by the original owner. We need to change the owner to apache so # dashboard can run sudo chown -R www-data:www-data $DASH_DIR + # Glance # ------ +# Glance uses ``/var/lib/glance`` and ``/var/log/glance`` by default, so +# we need to insure that our user has permissions to use them. sudo mkdir -p /var/log/glance -sudo chown `whoami` /var/log/glance +sudo chown -R `whoami` /var/log/glance +sudo mkdir -p /var/lib/glance +sudo chown -R `whoami` /var/lib/glance -# add useful screenrc -cp $DIR/files/screenrc ~/.screenrc +# Delete existing images/database as glance will recreate the db on startup +rm -rf /var/lib/glance/images/* +rm -f $GLANCE_DIR/glance.sqlite -# TODO: update current user to allow sudo for all commands in files/sudo/* # Nova # ---- -NL=`echo -ne '\015'` - - function add_nova_flag { echo "$1" >> $NOVA_DIR/bin/nova.conf } @@ -211,6 +207,17 @@ fi screen -d -m -S nova -t nova sleep 1 +# setup nova instance directory +mkdir -p $NOVA_DIR/instances + +# if there is a partition labeled nova-instances use it (ext filesystems +# can be labeled via e2label) +## FIXME: if already mounted this blows up... +if [ -L /dev/disk/by-label/nova-instances ]; then + sudo mount -L nova-instances $NOVA_DIR/instances + sudo chown -R `whoami` $NOVA_DIR/instances +fi + # Clean out the instances directory rm -rf $NOVA_DIR/instances/* @@ -239,21 +246,17 @@ $NOVA_DIR/bin/nova-manage network create private $FIXED_RANGE 1 32 # create some floating ips $NOVA_DIR/bin/nova-manage floating create $FLOATING_RANGE -# delete existing glance images/database. Glance will recreate the db -# when it is ran. -# FIXME: configure glance not to shove files in /var/lib/glance? -sudo mkdir -p /var/lib/glance -sudo chown -R `whoami` /var/lib/glance -rm -rf /var/lib/glance/images/* -rm -f $GLANCE_DIR/glance.sqlite # Launch Services # =============== # nova api crashes if we start it with a regular screen command, # so send the start command by forcing text into the window. +# Only run the services specified in ``ENABLED_SERVICES`` + +NL=`echo -ne '\015'` + function screen_it { - # only run the services specified in $ENABLED_SERVICES if [[ "$ENABLED_SERVICES" =~ "$1" ]]; then screen -S nova -X screen -t $1 screen -S nova -p $1 -X stuff "$2$NL" From e8d9cd8b0951212cfc74b856a7e79a314011c92f Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Tue, 13 Sep 2011 15:16:26 -0700 Subject: [PATCH 15/42] separate out keystone config --- stack.sh | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/stack.sh b/stack.sh index 0f83fb5..0f49965 100755 --- a/stack.sh +++ b/stack.sh @@ -229,9 +229,20 @@ mkdir -p $NOVA_DIR/networks # (re)create nova database mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE nova;' || true mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE nova;' +$NOVA_DIR/bin/nova-manage db sync + +# create a small network +$NOVA_DIR/bin/nova-manage network create private $FIXED_RANGE 1 32 + +# create some floating ips +$NOVA_DIR/bin/nova-manage floating create $FLOATING_RANGE + +# Keystone +# -------- + +# (re)create keystone database mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE keystone;' || true mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE keystone;' -$NOVA_DIR/bin/nova-manage db sync # FIXME (anthony) keystone should use keystone.conf.example KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf @@ -240,12 +251,6 @@ cp $DIR/files/keystone.conf $KEYSTONE_CONF # initialize keystone with default users/endpoints BIN_DIR=$KEYSTONE_DIR/bin bash $DIR/files/keystone_data.sh -# create a small network -$NOVA_DIR/bin/nova-manage network create private $FIXED_RANGE 1 32 - -# create some floating ips -$NOVA_DIR/bin/nova-manage floating create $FLOATING_RANGE - # Launch Services # =============== From 76d5dc77654010bd5411ff21db634829b6f0cc03 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 17:00:00 -0700 Subject: [PATCH 16/42] comments, and fix the sed expression for 000-default --- build_lxc.sh | 1 + stack.sh | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index 4b10afc..e3765db 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -99,6 +99,7 @@ su -c "git clone git://github.com/cloudbuilders/nfs-stack.git ~/nfs-stack" stack su -c "cd ~/nfs-stack && ./stack.sh" stack EOF +# Make the install.sh executable chmod 700 $INSTALL_SH # Make installer run on boot diff --git a/stack.sh b/stack.sh index 0f49965..963bdff 100755 --- a/stack.sh +++ b/stack.sh @@ -151,9 +151,9 @@ dashboard/manage.py syncdb # create an empty directory that apache uses as docroot mkdir $DASH_DIR/.blackhole -## FIXME(ja): can't figure out how to make $DASH_DIR work in sed, also install to available/a2e it -cat $DIR/files/000-default.template | sed 's/%DASH_DIR%/\/opt\/dash/g' > /tmp/000-default -sudo mv /tmp/000-default /etc/apache2/sites-enabled +## Configure apache's 000-default to run dashboard +sudo cp $DIR/files/000-default.template /etc/apache2/sites-enabled/000-default +sudo sed -e "s,%DASH_DIR%,$DASH_DIR,g" -i $/etc/apache2/sites-enabled/000-default # ``python setup.py develop`` left some files owned by root in ``DASH_DIR`` and # others by the original owner. We need to change the owner to apache so From 4da668650728a80d775b2f45650a2b233a323011 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 17:08:12 -0700 Subject: [PATCH 17/42] fix typo in 000-default config --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index 963bdff..7562a62 100755 --- a/stack.sh +++ b/stack.sh @@ -153,7 +153,7 @@ mkdir $DASH_DIR/.blackhole ## Configure apache's 000-default to run dashboard sudo cp $DIR/files/000-default.template /etc/apache2/sites-enabled/000-default -sudo sed -e "s,%DASH_DIR%,$DASH_DIR,g" -i $/etc/apache2/sites-enabled/000-default +sudo sed -e "s,%DASH_DIR%,$DASH_DIR,g" -i /etc/apache2/sites-enabled/000-default # ``python setup.py develop`` left some files owned by root in ``DASH_DIR`` and # others by the original owner. We need to change the owner to apache so From b6838a1cec36568912739a56d655ead2a9765100 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 17:13:32 -0700 Subject: [PATCH 18/42] make glance use mysql --- files/glance-registry.conf | 67 ++++++++++++++++++++++++++++++++++++++ stack.sh | 7 ++-- 2 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 files/glance-registry.conf diff --git a/files/glance-registry.conf b/files/glance-registry.conf new file mode 100644 index 0000000..cefb4d9 --- /dev/null +++ b/files/glance-registry.conf @@ -0,0 +1,67 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +verbose = True + +# Show debugging output in logs (sets DEBUG log level output) +debug = False + +# Address to bind the registry server +bind_host = 0.0.0.0 + +# Port the bind the registry server to +bind_port = 9191 + +# Log to this file. Make sure you do not set the same log +# file for both the API and registry servers! +log_file = /var/log/glance/registry.log + +# Send logs to syslog (/dev/log) instead of to file specified by `log_file` +use_syslog = False + +# SQLAlchemy connection string for the reference implementation +# registry server. Any valid SQLAlchemy connection string is fine. +# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine +sql_connection = mysql://root:nova@localhost/glance + +# Period in seconds after which SQLAlchemy should reestablish its connection +# to the database. +# +# MySQL uses a default `wait_timeout` of 8 hours, after which it will drop +# idle connections. This can result in 'MySQL Gone Away' exceptions. If you +# notice this, you can lower this value to ensure that SQLAlchemy reconnects +# before MySQL can drop the connection. +sql_idle_timeout = 3600 + +# Limit the api to return `param_limit_max` items in a call to a container. If +# a larger `limit` query param is provided, it will be reduced to this value. +api_limit_max = 1000 + +# If a `limit` query param is not provided in an api request, it will +# default to `limit_param_default` +limit_param_default = 25 + +[pipeline:glance-registry] +pipeline = context registryapp +# NOTE: use the following pipeline for keystone +# pipeline = authtoken keystone_shim context registryapp + +[app:registryapp] +paste.app_factory = glance.registry.server:app_factory + +[filter:context] +context_class = glance.registry.context.RequestContext +paste.filter_factory = glance.common.context:filter_factory + +[filter:authtoken] +paste.filter_factory = keystone.middleware.auth_token:filter_factory +service_protocol = http +service_host = 127.0.0.1 +service_port = 5000 +auth_host = 127.0.0.1 +auth_port = 5001 +auth_protocol = http +auth_uri = http://127.0.0.1:5000/ +admin_token = 999888777666 + +[filter:keystone_shim] +paste.filter_factory = keystone.middleware.glance_auth_token:filter_factory diff --git a/stack.sh b/stack.sh index 7562a62..7eadf26 100755 --- a/stack.sh +++ b/stack.sh @@ -173,8 +173,11 @@ sudo chown -R `whoami` /var/lib/glance # Delete existing images/database as glance will recreate the db on startup rm -rf /var/lib/glance/images/* -rm -f $GLANCE_DIR/glance.sqlite - +# (re)create glance database +mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE glance;' || true +mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE glance;' +# Copy over our glance-registry.conf +cp $DIR/files/glance-registry.conf $GLANCE_DIR/etc/glance-registry.conf # Nova # ---- From 5d4843cfebadd57bf86f8291cd9c87a00bf5862b Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 17:22:18 -0700 Subject: [PATCH 19/42] add some sudo's to dashboard setup, so that the script can handle consecutive runs of stack.sh without hitting permisisons issues --- stack.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/stack.sh b/stack.sh index 7eadf26..ded8ed9 100755 --- a/stack.sh +++ b/stack.sh @@ -140,16 +140,16 @@ cp $DIR/files/screenrc ~/.screenrc # Dash currently imports quantum even if you aren't using it. Instead # of installing quantum we can create a simple module that will pass the # initial imports -mkdir $DASH_DIR/openstack-dashboard/quantum || true -touch $DASH_DIR/openstack-dashboard/quantum/__init__.py -touch $DASH_DIR/openstack-dashboard/quantum/client.py +sudo mkdir -p $DASH_DIR/openstack-dashboard/quantum || true +sudo touch $DASH_DIR/openstack-dashboard/quantum/__init__.py +sudo touch $DASH_DIR/openstack-dashboard/quantum/client.py cd $DASH_DIR/openstack-dashboard -cp local/local_settings.py.example local/local_settings.py +sudo cp local/local_settings.py.example local/local_settings.py dashboard/manage.py syncdb # create an empty directory that apache uses as docroot -mkdir $DASH_DIR/.blackhole +sudo mkdir -p $DASH_DIR/.blackhole ## Configure apache's 000-default to run dashboard sudo cp $DIR/files/000-default.template /etc/apache2/sites-enabled/000-default From 963d2eb1c63a33c95a9d2257c07fee37967042e5 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 17:29:02 -0700 Subject: [PATCH 20/42] update usage comment --- stack.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/stack.sh b/stack.sh index ded8ed9..e0250bb 100755 --- a/stack.sh +++ b/stack.sh @@ -12,6 +12,7 @@ # ./stack.sh # # or run on a single line ``MYSQL_PASS=simple ./stack.sh`` +# or simply ``./stack.sh`` # This script exits on an error so that errors don't compound and you see # only the first error that occured. From 79918c54fa28dbc9eb6f5679c46418f6d649f2d7 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 19:43:14 -0700 Subject: [PATCH 21/42] configure mysql password for keystone and glance --- files/glance-registry.conf | 2 +- files/keystone.conf | 2 +- stack.sh | 5 ++++- 3 files changed, 6 insertions(+), 3 deletions(-) mode change 100755 => 100644 files/keystone.conf diff --git a/files/glance-registry.conf b/files/glance-registry.conf index cefb4d9..252702c 100644 --- a/files/glance-registry.conf +++ b/files/glance-registry.conf @@ -21,7 +21,7 @@ use_syslog = False # SQLAlchemy connection string for the reference implementation # registry server. Any valid SQLAlchemy connection string is fine. # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine -sql_connection = mysql://root:nova@localhost/glance +sql_connection = mysql://root:%MYSQL_PASS%@localhost/glance # Period in seconds after which SQLAlchemy should reestablish its connection # to the database. diff --git a/files/keystone.conf b/files/keystone.conf old mode 100755 new mode 100644 index 4e775ab..5923c85 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -49,7 +49,7 @@ keystone-service-admin-role = KeystoneServiceAdmin # server. Any valid SQLAlchemy connection string is fine. # See: http://bit.ly/ideIpI #sql_connection = sqlite:///keystone.db -sql_connection = mysql://root:nova@localhost/keystone +sql_connection = mysql://root:%MYSQL_PASS%@localhost/keystone backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant', 'User', 'Credentials', 'EndpointTemplates', 'Token', 'Service'] diff --git a/stack.sh b/stack.sh index e0250bb..62198b2 100755 --- a/stack.sh +++ b/stack.sh @@ -178,7 +178,9 @@ rm -rf /var/lib/glance/images/* mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE glance;' || true mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE glance;' # Copy over our glance-registry.conf -cp $DIR/files/glance-registry.conf $GLANCE_DIR/etc/glance-registry.conf +$GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf +cp $DIR/files/glance-registry.conf $GLANCE_CONF +sudo sed -e "s,%MYSQL_PASS%,$MYSQL_PASS,g" -i $GLANCE_CONF # Nova # ---- @@ -251,6 +253,7 @@ mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE keystone;' # FIXME (anthony) keystone should use keystone.conf.example KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf cp $DIR/files/keystone.conf $KEYSTONE_CONF +sudo sed -e "s,%MYSQL_PASS%,$MYSQL_PASS,g" -i $KEYSTONE_CONF # initialize keystone with default users/endpoints BIN_DIR=$KEYSTONE_DIR/bin bash $DIR/files/keystone_data.sh From af9de3d56a6e8da0f328a8a76abfe1999e2ca23c Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 19:45:18 -0700 Subject: [PATCH 22/42] xtra $ --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index 62198b2..4d54c3d 100755 --- a/stack.sh +++ b/stack.sh @@ -178,7 +178,7 @@ rm -rf /var/lib/glance/images/* mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE glance;' || true mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE glance;' # Copy over our glance-registry.conf -$GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf +GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf cp $DIR/files/glance-registry.conf $GLANCE_CONF sudo sed -e "s,%MYSQL_PASS%,$MYSQL_PASS,g" -i $GLANCE_CONF From c6da0833a9aea59697e4b52c48bb92b545b0197e Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 19:48:12 -0700 Subject: [PATCH 23/42] remove xtra space --- stack.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/stack.sh b/stack.sh index 4d54c3d..30574d0 100755 --- a/stack.sh +++ b/stack.sh @@ -308,4 +308,3 @@ tar -zxf $DEST/tty.tgz glance add name="tty-kernel" is_public=true container_format=aki disk_format=aki < aki-tty/image glance add name="tty-ramdisk" is_public=true container_format=ari disk_format=ari < ari-tty/image glance add name="tty" is_public=true container_format=ami disk_format=ami kernel_id=1 ramdisk_id=2 < ami-tty/image - From a841644e988415502831f17d1b34b0ad74d4c2c9 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 20:07:44 -0700 Subject: [PATCH 24/42] progress on multi-host stack.sh --- files/glance-registry.conf | 2 +- files/keystone.conf | 2 +- stack.sh | 23 ++++++++++++++++------- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/files/glance-registry.conf b/files/glance-registry.conf index 252702c..ea2cf1d 100644 --- a/files/glance-registry.conf +++ b/files/glance-registry.conf @@ -21,7 +21,7 @@ use_syslog = False # SQLAlchemy connection string for the reference implementation # registry server. Any valid SQLAlchemy connection string is fine. # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine -sql_connection = mysql://root:%MYSQL_PASS%@localhost/glance +sql_connection = %SQL_CONN% # Period in seconds after which SQLAlchemy should reestablish its connection # to the database. diff --git a/files/keystone.conf b/files/keystone.conf index 5923c85..622b87d 100644 --- a/files/keystone.conf +++ b/files/keystone.conf @@ -49,7 +49,7 @@ keystone-service-admin-role = KeystoneServiceAdmin # server. Any valid SQLAlchemy connection string is fine. # See: http://bit.ly/ideIpI #sql_connection = sqlite:///keystone.db -sql_connection = mysql://root:%MYSQL_PASS%@localhost/keystone +sql_connection = %SQL_CONN% backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant', 'User', 'Credentials', 'EndpointTemplates', 'Token', 'Service'] diff --git a/stack.sh b/stack.sh index 30574d0..993cb98 100755 --- a/stack.sh +++ b/stack.sh @@ -35,6 +35,8 @@ KEYSTONE_DIR=$DEST/keystone NOVACLIENT_DIR=$DEST/python-novaclient API_DIR=$DEST/openstackx NOVNC_DIR=$DEST/noVNC + +# Specify which services to launch. These generally correspond to screen tabs ENABLED_SERVICES=g-api,g-reg,key,n-api,n-cpu,n-net,n-sch,n-vnc,dash # Use the first IP unless an explicit is set by ``HOST_IP`` environment variable @@ -47,6 +49,7 @@ INTERFACE=${INTERFACE:-eth0} FLOATING_RANGE=${FLOATING_RANGE:-10.6.0.0/27} FIXED_RANGE=${FIXED_RANGE:-10.0.0.0/24} NET_MAN=${NET_MAN:-VlanManager} +EC2_DMZ_HOST=${EC2_DMZ_HOST:-$HOST_IP} # If you are using FlatDHCP on multiple hosts, set the ``FLAT_INTERFACE`` # variable but make sure that the interface doesn't already have an @@ -56,11 +59,14 @@ NET_MAN=${NET_MAN:-VlanManager} # Nova hypervisor configuration LIBVIRT_TYPE=${LIBVIRT_TYPE:-qemu} - -# TODO: switch to mysql for all services +# Mysql connection info MYSQL_PASS=${MYSQL_PASS:-nova} -SQL_CONN=${SQL_CONN:-mysql://root:$MYSQL_PASS@localhost/nova} -# TODO: set rabbitmq conn string explicitly as well +MYSQL_HOST=${MYSQL_HOST:-localhost} +# don't specify /db in this string, so we can use it for multiple services +BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://root:$MYSQL_PASS@$MYSQL_HOST} + +# Rabbit connection info +RABBIT_HOST=${RABBIT_HOST:-localhost} # Install Packages # ================ @@ -180,7 +186,7 @@ mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE glance;' # Copy over our glance-registry.conf GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf cp $DIR/files/glance-registry.conf $GLANCE_CONF -sudo sed -e "s,%MYSQL_PASS%,$MYSQL_PASS,g" -i $GLANCE_CONF +sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/glance,g" -i $GLANCE_CONF # Nova # ---- @@ -198,13 +204,16 @@ add_nova_flag "--network_manager=nova.network.manager.$NET_MAN" add_nova_flag "--my_ip=$HOST_IP" add_nova_flag "--public_interface=$INTERFACE" add_nova_flag "--vlan_interface=$INTERFACE" -add_nova_flag "--sql_connection=$SQL_CONN" +add_nova_flag "--sql_connection=$BASE_SQL_CONN/nova" add_nova_flag "--libvirt_type=$LIBVIRT_TYPE" add_nova_flag "--osapi_extensions_path=$API_DIR/extensions" add_nova_flag "--vncproxy_url=http://$HOST_IP:6080" add_nova_flag "--vncproxy_wwwroot=$NOVNC_DIR/" add_nova_flag "--api_paste_config=$KEYSTONE_DIR/examples/paste/nova-api-paste.ini" add_nova_flag "--image_service=nova.image.glance.GlanceImageService" +add_nova_flag "--image_service=nova.image.glance.GlanceImageService" +add_nova_flag "--ec2_dmz_host=$EC2_DMZ_HOST" +add_nova_flag "--rabbit_host=$RABBIT_HOST" if [ -n "$FLAT_INTERFACE" ]; then add_nova_flag "--flat_interface=$FLAT_INTERFACE" fi @@ -253,7 +262,7 @@ mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE keystone;' # FIXME (anthony) keystone should use keystone.conf.example KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf cp $DIR/files/keystone.conf $KEYSTONE_CONF -sudo sed -e "s,%MYSQL_PASS%,$MYSQL_PASS,g" -i $KEYSTONE_CONF +sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/keystone,g" -i $KEYSTONE_CONF # initialize keystone with default users/endpoints BIN_DIR=$KEYSTONE_DIR/bin bash $DIR/files/keystone_data.sh From fdaf21a5e6da9e0e6b61598301c02551793ab79d Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 20:11:42 -0700 Subject: [PATCH 25/42] configurable mysql user --- stack.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/stack.sh b/stack.sh index 993cb98..64c97da 100755 --- a/stack.sh +++ b/stack.sh @@ -61,9 +61,10 @@ LIBVIRT_TYPE=${LIBVIRT_TYPE:-qemu} # Mysql connection info MYSQL_PASS=${MYSQL_PASS:-nova} +MYSQL_USER=${MYSQL_USER:-root} MYSQL_HOST=${MYSQL_HOST:-localhost} # don't specify /db in this string, so we can use it for multiple services -BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://root:$MYSQL_PASS@$MYSQL_HOST} +BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASS@$MYSQL_HOST} # Rabbit connection info RABBIT_HOST=${RABBIT_HOST:-localhost} @@ -181,8 +182,8 @@ sudo chown -R `whoami` /var/lib/glance # Delete existing images/database as glance will recreate the db on startup rm -rf /var/lib/glance/images/* # (re)create glance database -mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE glance;' || true -mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE glance;' +mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE glance;' || true +mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE glance;' # Copy over our glance-registry.conf GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf cp $DIR/files/glance-registry.conf $GLANCE_CONF @@ -242,8 +243,8 @@ rm -rf $NOVA_DIR/networks mkdir -p $NOVA_DIR/networks # (re)create nova database -mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE nova;' || true -mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE nova;' +mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE nova;' || true +mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE nova;' $NOVA_DIR/bin/nova-manage db sync # create a small network @@ -256,8 +257,8 @@ $NOVA_DIR/bin/nova-manage floating create $FLOATING_RANGE # -------- # (re)create keystone database -mysql -uroot -p$MYSQL_PASS -e 'DROP DATABASE keystone;' || true -mysql -uroot -p$MYSQL_PASS -e 'CREATE DATABASE keystone;' +mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE keystone;' || true +mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE keystone;' # FIXME (anthony) keystone should use keystone.conf.example KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf From 1c36464615fd4b12ec6b3141d3d0173eac64bf75 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 20:21:42 -0700 Subject: [PATCH 26/42] allow role configuration for multi-host lxc --- build_lxc.sh | 13 ++++++++----- stack.sh | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index e3765db..97dd594 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -9,6 +9,9 @@ CONTAINER_GATEWAY=${CONTAINER_GATEWAY:-192.168.1.1} NAMESERVER=${NAMESERVER:-192.168.1.1} COPYENV=${COPYENV:-1} +# Param string to pass to stack.sh. Like "EC2_DMZ_HOST=192.168.1.1 MYSQL_USER=nova" +STACKSH_PARAMS=${STACKSH_PARAMS:-} + # Create lxc configuration LXC_CONF=/tmp/$CONTAINER.conf cat > $LXC_CONF < $INSTALL_SH < /etc/rc.local # Make sure dns is set up echo "nameserver $NAMESERVER" | resolvconf -a eth0 sleep 1 @@ -95,8 +96,10 @@ sleep 1 # Install and run stack.sh apt-get update apt-get -y --force-yes install git-core vim-nox sudo -su -c "git clone git://github.com/cloudbuilders/nfs-stack.git ~/nfs-stack" stack -su -c "cd ~/nfs-stack && ./stack.sh" stack +if [ ! -d "~/nfs-stack" ] + su -c "git clone git://github.com/cloudbuilders/nfs-stack.git ~/nfs-stack" stack +fi +su -c "cd ~/nfs-stack && $STACKSH_PARAMS ./stack.sh" stack EOF # Make the install.sh executable diff --git a/stack.sh b/stack.sh index 64c97da..0f6ea96 100755 --- a/stack.sh +++ b/stack.sh @@ -60,8 +60,8 @@ EC2_DMZ_HOST=${EC2_DMZ_HOST:-$HOST_IP} LIBVIRT_TYPE=${LIBVIRT_TYPE:-qemu} # Mysql connection info -MYSQL_PASS=${MYSQL_PASS:-nova} MYSQL_USER=${MYSQL_USER:-root} +MYSQL_PASS=${MYSQL_PASS:-nova} MYSQL_HOST=${MYSQL_HOST:-localhost} # don't specify /db in this string, so we can use it for multiple services BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASS@$MYSQL_HOST} From 4f27922342ca274799a0f150fc28d4e0a59541b3 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 21:51:28 -0700 Subject: [PATCH 27/42] cleanup output --- build_lxc.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index 97dd594..a81aa2d 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Configurable params BRIDGE=${BRIDGE:-br0} CONTAINER=${CONTAINER:-STACK} @@ -12,6 +12,11 @@ COPYENV=${COPYENV:-1} # Param string to pass to stack.sh. Like "EC2_DMZ_HOST=192.168.1.1 MYSQL_USER=nova" STACKSH_PARAMS=${STACKSH_PARAMS:-} +# Install cgroup-bin if we don't have it yet +if ! which cgdelete | grep -q cgdelete; then + apt-get install cgroup-bin +fi + # Create lxc configuration LXC_CONF=/tmp/$CONTAINER.conf cat > $LXC_CONF < $RC_LOCAL < Date: Tue, 13 Sep 2011 22:09:36 -0700 Subject: [PATCH 28/42] make a cp_it cp wrapper --- build_lxc.sh | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index a81aa2d..f7536d4 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -67,13 +67,19 @@ echo stack:pass | chroot $ROOTFS chpasswd # stack requires) echo "stack ALL=(ALL) NOPASSWD: ALL" >> $ROOTFS/etc/sudoers +function cp_it { + if [ -e $1 ] || [ -d $1 ]; then + cp -pr $1 $2 + fi +} + # Copy over your ssh keys and env if desired if [ "$COPYENV" = "1" ]; then - cp -pr ~/.ssh $ROOTFS/opt/.ssh - cp -p ~/.ssh/id_rsa.pub $ROOTFS/opt/.ssh/authorized_keys - cp -pr ~/.gitconfig $ROOTFS/opt/.gitconfig - cp -pr ~/.vimrc $ROOTFS/opt/.vimrc - cp -pr ~/.bashrc $ROOTFS/opt/.bashrc + cp_it ~/.ssh $ROOTFS/opt/.ssh + cp_it ~/.ssh/id_rsa.pub $ROOTFS/opt/.ssh/authorized_keys + cp_it ~/.gitconfig $ROOTFS/opt/.gitconfig + cp_it ~/.vimrc $ROOTFS/opt/.vimrc + cp_it ~/.bashrc $ROOTFS/opt/.bashrc fi # Give stack ownership over /opt so it may do the work needed @@ -93,8 +99,8 @@ iface eth0 inet static EOF # Configure the runner -INSTALL_SH=$ROOTFS/root/install.sh -cat > $INSTALL_SH < $RUN_SH < $RC_LOCAL < Date: Tue, 13 Sep 2011 22:14:37 -0700 Subject: [PATCH 29/42] add comment --- build_lxc.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/build_lxc.sh b/build_lxc.sh index f7536d4..657dd8a 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -67,6 +67,7 @@ echo stack:pass | chroot $ROOTFS chpasswd # stack requires) echo "stack ALL=(ALL) NOPASSWD: ALL" >> $ROOTFS/etc/sudoers +# Gracefully cp only if source file/dir exists function cp_it { if [ -e $1 ] || [ -d $1 ]; then cp -pr $1 $2 From 190321ea45ce9617cee41a54a19a72d092813395 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 23:21:29 -0700 Subject: [PATCH 30/42] install deps --- build_lxc.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index 657dd8a..c019d7e 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -12,9 +12,17 @@ COPYENV=${COPYENV:-1} # Param string to pass to stack.sh. Like "EC2_DMZ_HOST=192.168.1.1 MYSQL_USER=nova" STACKSH_PARAMS=${STACKSH_PARAMS:-} -# Install cgroup-bin if we don't have it yet +# Install deps +apt-get install lxc debootstrap + +# Install cgroup-bin from source, since the packaging is buggy and possibly incompatible with our setup if ! which cgdelete | grep -q cgdelete; then - apt-get install cgroup-bin + apt-get install g++ bison flex libpam0g-dev + wget http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download -O /tmp/libcgroup-0.37.1.tar.bz2 + cd /tmp && bunzip2 libcgroup-0.37.1.tar.bz2 && tar xfv libcgroup-0.37.1.tar + cd libcgroup-0.37.1 + ./configure + make install fi # Create lxc configuration From 936c9280ea8c94a5029382cb693370dcf655fb2c Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 23:36:43 -0700 Subject: [PATCH 31/42] warn users to use natty --- build_lxc.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/build_lxc.sh b/build_lxc.sh index c019d7e..54ee375 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -12,6 +12,11 @@ COPYENV=${COPYENV:-1} # Param string to pass to stack.sh. Like "EC2_DMZ_HOST=192.168.1.1 MYSQL_USER=nova" STACKSH_PARAMS=${STACKSH_PARAMS:-} +# Warn users who aren't on natty +if ! grep -q natty /etc/lsb-release; then + echo "WARNING: this script has only been tested on natty" +fi + # Install deps apt-get install lxc debootstrap From ef7f36b711424d3763aa779abc4228ce6a67595e Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 13 Sep 2011 23:43:09 -0700 Subject: [PATCH 32/42] let the container start on reboot --- build_lxc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_lxc.sh b/build_lxc.sh index 54ee375..c0e33d6 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -123,7 +123,7 @@ sleep 1 # Install and run stack.sh apt-get update apt-get -y --force-yes install git-core vim-nox sudo -if [ ! -d "~/nfs-stack" ] +if [ ! -d "~/nfs-stack" ]; then su -c "git clone git://github.com/cloudbuilders/nfs-stack.git ~/nfs-stack" stack fi su -c "cd ~/nfs-stack && $STACKSH_PARAMS ./stack.sh" stack From 77dbb07959088a84f8c552bf06a56c904f1553ff Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 14 Sep 2011 00:49:39 -0700 Subject: [PATCH 33/42] default nameserver to gateway --- build_lxc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_lxc.sh b/build_lxc.sh index c0e33d6..d1f8aff 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -6,7 +6,7 @@ CONTAINER_IP=${CONTAINER_IP:-192.168.1.50} CONTAINER_CIDR=${CONTAINER_CIDR:-$CONTAINER_IP/24} CONTAINER_NETMASK=${CONTAINER_NETMASK:-255.255.255.0} CONTAINER_GATEWAY=${CONTAINER_GATEWAY:-192.168.1.1} -NAMESERVER=${NAMESERVER:-192.168.1.1} +NAMESERVER=${NAMESERVER:-$CONTAINER_GATEWAY} COPYENV=${COPYENV:-1} # Param string to pass to stack.sh. Like "EC2_DMZ_HOST=192.168.1.1 MYSQL_USER=nova" From 17348108b3842a11d4f188459beacce4348ea4c4 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 14 Sep 2011 00:56:18 -0700 Subject: [PATCH 34/42] keep a log for the runner --- build_lxc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_lxc.sh b/build_lxc.sh index d1f8aff..ce9a45e 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -126,7 +126,7 @@ apt-get -y --force-yes install git-core vim-nox sudo if [ ! -d "~/nfs-stack" ]; then su -c "git clone git://github.com/cloudbuilders/nfs-stack.git ~/nfs-stack" stack fi -su -c "cd ~/nfs-stack && $STACKSH_PARAMS ./stack.sh" stack +su -c "cd ~/nfs-stack && $STACKSH_PARAMS ./stack.sh" stack >> /opt/run.sh.log EOF # Make the run.sh executable From 80638e545f8b2990b219ad8be891fe9c0ccfacca Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 14 Sep 2011 01:29:05 -0700 Subject: [PATCH 35/42] progress on multi-host lxc --- build_lxc.sh | 2 +- stack.sh | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/build_lxc.sh b/build_lxc.sh index ce9a45e..63c9e50 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -126,7 +126,7 @@ apt-get -y --force-yes install git-core vim-nox sudo if [ ! -d "~/nfs-stack" ]; then su -c "git clone git://github.com/cloudbuilders/nfs-stack.git ~/nfs-stack" stack fi -su -c "cd ~/nfs-stack && $STACKSH_PARAMS ./stack.sh" stack >> /opt/run.sh.log +nohup su -c "cd ~/nfs-stack && $STACKSH_PARAMS ./stack.sh" stack &> /opt/run.sh.log EOF # Make the run.sh executable diff --git a/stack.sh b/stack.sh index 0f6ea96..62f813a 100755 --- a/stack.sh +++ b/stack.sh @@ -168,6 +168,9 @@ sudo sed -e "s,%DASH_DIR%,$DASH_DIR,g" -i /etc/apache2/sites-enabled/000-default # dashboard can run sudo chown -R www-data:www-data $DASH_DIR +# Edit /etc/mysql/my.cnf to change ‘bind-address’ from localhost (127.0.0.1) to any (0.0.0.0) and restart the mysql service: +sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf +sudo service mysql restart # Glance # ------ From d74d681d3f9eb013838dd1a0935873f46f8b373e Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 14 Sep 2011 01:35:54 -0700 Subject: [PATCH 36/42] fix check for nfs-stack existence --- build_lxc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_lxc.sh b/build_lxc.sh index 63c9e50..9f133fd 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -123,7 +123,7 @@ sleep 1 # Install and run stack.sh apt-get update apt-get -y --force-yes install git-core vim-nox sudo -if [ ! -d "~/nfs-stack" ]; then +if [ ! -d "/opt/nfs-stack" ]; then su -c "git clone git://github.com/cloudbuilders/nfs-stack.git ~/nfs-stack" stack fi nohup su -c "cd ~/nfs-stack && $STACKSH_PARAMS ./stack.sh" stack &> /opt/run.sh.log From 927a656ac2835610349af64e251af9d2bc85c489 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 14 Sep 2011 01:58:01 -0700 Subject: [PATCH 37/42] more work on multi-lxc --- build_lxc.sh | 5 ++++- stack.sh | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index 9f133fd..4987193 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -120,13 +120,16 @@ cat > $RUN_SH < /opt/run.sh.log +su -c "cd ~/nfs-stack && $STACKSH_PARAMS ./stack.sh" stack &> /opt/run.sh.log EOF # Make the run.sh executable diff --git a/stack.sh b/stack.sh index 62f813a..88e779c 100755 --- a/stack.sh +++ b/stack.sh @@ -37,7 +37,7 @@ API_DIR=$DEST/openstackx NOVNC_DIR=$DEST/noVNC # Specify which services to launch. These generally correspond to screen tabs -ENABLED_SERVICES=g-api,g-reg,key,n-api,n-cpu,n-net,n-sch,n-vnc,dash +ENABLED_SERVICES=${ENABLED_SERVICES:-g-api,g-reg,key,n-api,n-cpu,n-net,n-sch,n-vnc,dash} # Use the first IP unless an explicit is set by ``HOST_IP`` environment variable if [ ! -n "$HOST_IP" ]; then From 005abf03c72e35c9b68704b7dbbcbead3b38afd3 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 14 Sep 2011 02:15:48 -0700 Subject: [PATCH 38/42] no need to run in bg --- build_lxc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_lxc.sh b/build_lxc.sh index 4987193..d43d8fd 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -129,7 +129,7 @@ apt-get -y --force-yes install git-core vim-nox sudo if [ ! -d "/opt/nfs-stack" ]; then su -c "git clone git://github.com/cloudbuilders/nfs-stack.git ~/nfs-stack" stack fi -su -c "cd ~/nfs-stack && $STACKSH_PARAMS ./stack.sh" stack &> /opt/run.sh.log +su -c "cd ~/nfs-stack && $STACKSH_PARAMS ./stack.sh" stack > /opt/run.sh.log EOF # Make the run.sh executable From 3859f7376044fa918a2c0621fa60895692a913ea Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 14 Sep 2011 02:33:43 -0700 Subject: [PATCH 39/42] pre-cache git repos, add mysql perms --- build_lxc.sh | 9 ++++++++- stack.sh | 5 ++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index d43d8fd..940fcae 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -51,12 +51,19 @@ fi # Warm the base image on first install CACHEDIR=/var/cache/lxc/natty/rootfs-amd64 -if [ ! -d $CACHEDIR ]; then +if [ -d $CACHEDIR ]; then # trigger the initial debootstrap lxc-create -n $CONTAINER -t natty -f $LXC_CONF chroot $CACHEDIR apt-get update chroot $CACHEDIR apt-get install -y `cat apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"` chroot $CACHEDIR pip install `cat pips/*` + git clone https://github.com/cloudbuilders/nova.git $CACHEDIR/opt/nova + git clone https://github.com/cloudbuilders/openstackx.git $CACHEDIR/opt/openstackx + git clone https://github.com/cloudbuilders/noVNC.git $CACHEDIR/opt/noVNC + git clone https://github.com/cloudbuilders/openstack-dashboard.git $CACHEDIR/opt/dash + git clone https://github.com/cloudbuilders/python-novaclient.git $CACHEDIR/opt/python-novaclient + git clone https://github.com/cloudbuilders/keystone.git $CACHEDIR/opt/keystone + git clone https://github.com/cloudbuilders/glance.git $CACHEDIR/opt/glance fi # Destroy the old container diff --git a/stack.sh b/stack.sh index 88e779c..41bcdf2 100755 --- a/stack.sh +++ b/stack.sh @@ -60,7 +60,7 @@ EC2_DMZ_HOST=${EC2_DMZ_HOST:-$HOST_IP} LIBVIRT_TYPE=${LIBVIRT_TYPE:-qemu} # Mysql connection info -MYSQL_USER=${MYSQL_USER:-root} +MYSQL_USER=${MYSQL_USER:-nova} MYSQL_PASS=${MYSQL_PASS:-nova} MYSQL_HOST=${MYSQL_HOST:-localhost} # don't specify /db in this string, so we can use it for multiple services @@ -168,6 +168,9 @@ sudo sed -e "s,%DASH_DIR%,$DASH_DIR,g" -i /etc/apache2/sites-enabled/000-default # dashboard can run sudo chown -R www-data:www-data $DASH_DIR +# Update the DB to give user ‘$MYSQL_USER’@’%’ full control of the all databases: +sudo mysql -uroot -p$MYSQL_PASS -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' WITH GRANT OPTION;" + # Edit /etc/mysql/my.cnf to change ‘bind-address’ from localhost (127.0.0.1) to any (0.0.0.0) and restart the mysql service: sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf sudo service mysql restart From 320412b24fcd321756795767ae6d05c839c9432e Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 14 Sep 2011 02:39:10 -0700 Subject: [PATCH 40/42] root user for mysql --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index 41bcdf2..9cca50f 100755 --- a/stack.sh +++ b/stack.sh @@ -60,7 +60,7 @@ EC2_DMZ_HOST=${EC2_DMZ_HOST:-$HOST_IP} LIBVIRT_TYPE=${LIBVIRT_TYPE:-qemu} # Mysql connection info -MYSQL_USER=${MYSQL_USER:-nova} +MYSQL_USER=${MYSQL_USER:-root} MYSQL_PASS=${MYSQL_PASS:-nova} MYSQL_HOST=${MYSQL_HOST:-localhost} # don't specify /db in this string, so we can use it for multiple services From 56e6292e1f6d11d5e2901262d30d9dcdf5d5f1ee Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 14 Sep 2011 02:54:27 -0700 Subject: [PATCH 41/42] run entire run script as stack user --- build_lxc.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/build_lxc.sh b/build_lxc.sh index 940fcae..88a7443 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -120,33 +120,33 @@ iface eth0 inet static EOF # Configure the runner -RUN_SH=$ROOTFS/root/run.sh +RUN_SH=$ROOTFS/opt/run.sh cat > $RUN_SH < /opt/run.sh.log +cd /opt/nfs-stack && $STACKSH_PARAMS ./stack.sh > /opt/run.sh.log EOF # Make the run.sh executable -chmod 700 $RUN_SH +chmod 755 $RUN_SH # Make runner launch on boot RC_LOCAL=$ROOTFS/etc/rc.local cat > $RC_LOCAL < Date: Wed, 14 Sep 2011 02:56:41 -0700 Subject: [PATCH 42/42] this command is already run by stack --- build_lxc.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_lxc.sh b/build_lxc.sh index 88a7443..067ecda 100755 --- a/build_lxc.sh +++ b/build_lxc.sh @@ -128,7 +128,7 @@ echo "nameserver $NAMESERVER" | sudo resolvconf -a eth0 sleep 1 # Kill any existing screens -su -c "killall screen" stack +killall screen # Install and run stack.sh sudo apt-get update