From ff70dad892a89cc4cb09aebfcf72e2de5ab7d556 Mon Sep 17 00:00:00 2001 From: Jens Rosenboom Date: Wed, 1 Jul 2015 15:22:53 +0200 Subject: [PATCH 0001/2277] Make image_list.sh independent of host IP address We do not need the HOST_IP to be detected in order to be able to list our images. So just set that to some dummy value before sourcing functions. This will allow tools like disk-image-builder to work regardless of whether get_default_host_ip succeeds or not. Change-Id: I9c22d2066e34309e70e56076e3d17c5db6ecee06 --- tools/image_list.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/image_list.sh b/tools/image_list.sh index a27635effd..27b3d4612d 100755 --- a/tools/image_list.sh +++ b/tools/image_list.sh @@ -3,6 +3,12 @@ # Keep track of the DevStack directory TOP_DIR=$(cd $(dirname "$0")/.. && pwd) +# The following "source" implicitly calls get_default_host_ip() in +# stackrc and will die if the selected default IP happens to lie +# in the default ranges for FIXED_RANGE or FLOATING_RANGE. Since we +# do not really need HOST_IP to be properly set in the remainder of +# this script, just set it to some dummy value and make stackrc happy. +HOST_IP=SKIP source $TOP_DIR/functions # Possible virt drivers, if we have more, add them here. Always keep From 59c6377ae51c024c28a6fba72de567bc97edda10 Mon Sep 17 00:00:00 2001 From: Roxana Gherle Date: Wed, 9 Sep 2015 18:22:31 -0700 Subject: [PATCH 0002/2277] Assign admin role for admin user on default domain This patch adds an admin role assignment for the admin user on the default domain as part of the Keystone configuration stage. Closes-Bug: #1494081 Change-Id: I91c88917bd51be4572e4970c94e65d866798df26 --- functions-common | 32 ++++++++++++++++++++++++++++++++ lib/keystone | 1 + 2 files changed, 33 insertions(+) diff --git a/functions-common b/functions-common index 446de5374f..c38a77243e 100644 --- a/functions-common +++ b/functions-common @@ -803,6 +803,38 @@ function get_or_add_user_project_role { echo $user_role_id } +# Gets or adds user role to domain +# Usage: get_or_add_user_domain_role +function get_or_add_user_domain_role { + local user_role_id + # Gets user role id + user_role_id=$(openstack role list \ + --user $2 \ + --os-url=$KEYSTONE_SERVICE_URI_V3 \ + --os-identity-api-version=3 \ + --column "ID" \ + --domain $3 \ + --column "Name" \ + | grep " $1 " | get_field 1) + if [[ -z "$user_role_id" ]]; then + # Adds role to user and get it + openstack role add $1 \ + --user $2 \ + --domain $3 \ + --os-url=$KEYSTONE_SERVICE_URI_V3 \ + --os-identity-api-version=3 + user_role_id=$(openstack role list \ + --user $2 \ + --os-url=$KEYSTONE_SERVICE_URI_V3 \ + --os-identity-api-version=3 \ + --column "ID" \ + --domain $3 \ + --column "Name" \ + | grep " $1 " | get_field 1) + fi + echo $user_role_id +} + # Gets or adds group role to project # Usage: get_or_add_group_project_role function get_or_add_group_project_role { diff --git a/lib/keystone b/lib/keystone index e2448c9068..b15abe1cb5 100644 --- a/lib/keystone +++ b/lib/keystone @@ -364,6 +364,7 @@ function create_keystone_accounts { local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default) local admin_role=$(get_or_create_role "admin") get_or_add_user_project_role $admin_role $admin_user $admin_tenant + get_or_add_user_domain_role $admin_role $admin_user default # Create service project/role get_or_create_project "$SERVICE_TENANT_NAME" default From 8872545a0f98c5681147a08541e119813f0bdc01 Mon Sep 17 00:00:00 2001 From: Kashyap Chamarthy Date: Mon, 14 Sep 2015 13:17:56 +0200 Subject: [PATCH 0003/2277] worlddump: Use SIGUSR2 instead of SIGUSR1 The function guru_meditation_report() currently uses the User-defined signal SIGUSR1 to kill a Nova Compute process so that a Guru Meditation Report is generated. Testing locally, in a DevStack instance, manually attempting to kill a Nova compute process [kill -s USR1 `pgrep nova-compute`] does not result in process being terminated, and no error report generated. It turns out[1] that SIGUSR1 is used by Apache 'mod_wsgi'. Using the signal SIGUSR2 resolves this issue (i.e. 'nova-compute' process is terminated, and the Guru Meditation Report is generated). So, use USR2, instead of USR1. Corresponding oslo.reports related commit[2]. [1] https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIRestrictSignal [2] 45b1c02d113051d147e54ef921ce8e94135542d8 -- guru_meditation_report: Use SIGUSR2 instead of SIGUSR1 [3] Original DevStack commit that brought in this change -- 2ebe993b25462919e8aeeb896c9f91b6be7aa573 Change-Id: I8a7eaf71b83edca3c80074d6bf2d471e3db6142b --- tools/worlddump.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/worlddump.py b/tools/worlddump.py index 1b337a9a83..33d5b8f620 100755 --- a/tools/worlddump.py +++ b/tools/worlddump.py @@ -131,7 +131,7 @@ def guru_meditation_report(): print "Skipping as nova-compute does not appear to be running" return - _dump_cmd("kill -s USR1 `pgrep nova-compute`") + _dump_cmd("kill -s USR2 `pgrep nova-compute`") print "guru meditation report in nova-compute log" From bb4654b869722feb400d65869350465d8ff5439c Mon Sep 17 00:00:00 2001 From: Ihar Hrachyshka Date: Tue, 6 Oct 2015 18:09:07 +0200 Subject: [PATCH 0004/2277] Don't configure neutron metadata agent for neutron API access Metadata agent now talks to neutron-server thru AMQP, so there is no use for API access configuration. Change-Id: I8f81eea91fe3448d5098e77312f64f2eaba68a68 Depends-On: I254c575c66214f50fb93a94c46c4c9caebfc2937 Closes-Bug: #1502947 --- lib/neutron-legacy | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/lib/neutron-legacy b/lib/neutron-legacy index e67bd4ae32..8b964a72c8 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -1050,11 +1050,6 @@ function _configure_neutron_metadata_agent { if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then iniset $Q_META_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND" fi - - # Configures keystone for metadata_agent - # The third argument "True" sets auth_url needed to communicate with keystone - _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True - } function _configure_neutron_ceilometer_notifications { @@ -1212,17 +1207,10 @@ function _neutron_setup_rootwrap { fi } -# Configures keystone integration for neutron service and agents +# Configures keystone integration for neutron service function _neutron_setup_keystone { local conf_file=$1 local section=$2 - local use_auth_url=$3 - - # Configures keystone for metadata_agent - # metadata_agent needs auth_url to communicate with keystone - if [[ "$use_auth_url" == "True" ]]; then - iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0 - fi create_neutron_cache_dir configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section From c49917250f2dc5243d652e59d8c70c1437975dea Mon Sep 17 00:00:00 2001 From: Marian Horban Date: Thu, 22 Oct 2015 04:21:34 -0400 Subject: [PATCH 0005/2277] Removed starting of nova-ec2-api service Since nova-ec2-api service was removed from nova it is not needed in devstack. Change-Id: I91d4be02a1a9c2ca4d18256d9a37a5c2559f53b7 Closes-Bug: #1530798 --- files/apache-nova-ec2-api.template | 25 ----------------- lib/nova | 44 ------------------------------ 2 files changed, 69 deletions(-) delete mode 100644 files/apache-nova-ec2-api.template diff --git a/files/apache-nova-ec2-api.template b/files/apache-nova-ec2-api.template deleted file mode 100644 index 7b1d68b106..0000000000 --- a/files/apache-nova-ec2-api.template +++ /dev/null @@ -1,25 +0,0 @@ -Listen %PUBLICPORT% - - - WSGIDaemonProcess nova-ec2-api processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV% - WSGIProcessGroup nova-ec2-api - WSGIScriptAlias / %PUBLICWSGI% - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%M" - - ErrorLog /var/log/%APACHE_NAME%/nova-ec2-api.log - %SSLENGINE% - %SSLCERTFILE% - %SSLKEYFILE% - - -Alias /ec2 %PUBLICWSGI% - - SetHandler wsgi-script - Options +ExecCGI - WSGIProcessGroup nova-ec2-api - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - diff --git a/lib/nova b/lib/nova index 6337f875ef..c75623f7d6 100644 --- a/lib/nova +++ b/lib/nova @@ -242,7 +242,6 @@ function cleanup_nova { function _cleanup_nova_apache_wsgi { sudo rm -f $NOVA_WSGI_DIR/* sudo rm -f $(apache_site_config_for nova-api) - sudo rm -f $(apache_site_config_for nova-ec2-api) sudo rm -f $(apache_site_config_for nova-metadata) } @@ -252,15 +251,12 @@ function _config_nova_apache_wsgi { local nova_apache_conf nova_apache_conf=$(apache_site_config_for nova-api) - local nova_ec2_apache_conf - nova_ec2_apache_conf=$(apache_site_config_for nova-ec2-api) local nova_metadata_apache_conf nova_metadata_apache_conf=$(apache_site_config_for nova-metadata) local nova_ssl="" local nova_certfile="" local nova_keyfile="" local nova_api_port=$NOVA_SERVICE_PORT - local nova_ec2_api_port=$EC2_SERVICE_PORT local nova_metadata_port=$METADATA_SERVICE_PORT local venv_path="" @@ -275,7 +271,6 @@ function _config_nova_apache_wsgi { # copy proxy vhost and wsgi helper files sudo cp $NOVA_DIR/nova/wsgi/nova-api.py $NOVA_WSGI_DIR/nova-api - sudo cp $NOVA_DIR/nova/wsgi/nova-ec2-api.py $NOVA_WSGI_DIR/nova-ec2-api sudo cp $NOVA_DIR/nova/wsgi/nova-metadata.py $NOVA_WSGI_DIR/nova-metadata sudo cp $FILES/apache-nova-api.template $nova_apache_conf @@ -291,19 +286,6 @@ function _config_nova_apache_wsgi { s|%APIWORKERS%|$API_WORKERS|g " -i $nova_apache_conf - sudo cp $FILES/apache-nova-ec2-api.template $nova_ec2_apache_conf - sudo sed -e " - s|%PUBLICPORT%|$nova_ec2_api_port|g; - s|%APACHE_NAME%|$APACHE_NAME|g; - s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-ec2-api|g; - s|%SSLENGINE%|$nova_ssl|g; - s|%SSLCERTFILE%|$nova_certfile|g; - s|%SSLKEYFILE%|$nova_keyfile|g; - s|%USER%|$STACK_USER|g; - s|%VIRTUALENV%|$venv_path|g - s|%APIWORKERS%|$API_WORKERS|g - " -i $nova_ec2_apache_conf - sudo cp $FILES/apache-nova-metadata.template $nova_metadata_apache_conf sudo sed -e " s|%PUBLICPORT%|$nova_metadata_port|g; @@ -461,22 +443,6 @@ function create_nova_accounts { # swift through the s3 api. get_or_add_user_project_role ResellerAdmin nova $SERVICE_TENANT_NAME fi - - # EC2 - if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then - local nova_ec2_api_url - if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then - nova_ec2_api_url="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:$EC2_SERVICE_PORT/" - else - nova_ec2_api_url="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST/ec2" - fi - get_or_create_service "ec2" "ec2" "EC2 Compatibility Layer" - get_or_create_endpoint "ec2" \ - "$REGION_NAME" \ - "$nova_ec2_api_url" \ - "$nova_ec2_api_url" \ - "$nova_ec2_api_url" - fi fi # S3 @@ -522,7 +488,6 @@ function create_nova_conf { iniset $NOVA_CONF api_database connection `database_connection_url nova_api` iniset $NOVA_CONF DEFAULT instance_name_template "${INSTANCE_NAME_PREFIX}%08x" iniset $NOVA_CONF DEFAULT osapi_compute_listen "$NOVA_SERVICE_LISTEN_ADDRESS" - iniset $NOVA_CONF DEFAULT ec2_listen "$NOVA_SERVICE_LISTEN_ADDRESS" iniset $NOVA_CONF DEFAULT metadata_listen "$NOVA_SERVICE_LISTEN_ADDRESS" iniset $NOVA_CONF DEFAULT s3_listen "$NOVA_SERVICE_LISTEN_ADDRESS" @@ -629,12 +594,10 @@ function create_nova_conf { fi iniset $NOVA_CONF DEFAULT ec2_dmz_host "$EC2_DMZ_HOST" - iniset $NOVA_CONF DEFAULT keystone_ec2_url $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens iniset_rpc_backend nova $NOVA_CONF iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}" iniset $NOVA_CONF DEFAULT osapi_compute_workers "$API_WORKERS" - iniset $NOVA_CONF DEFAULT ec2_workers "$API_WORKERS" iniset $NOVA_CONF DEFAULT metadata_workers "$API_WORKERS" # don't let the conductor get out of control now that we're using a pure python db driver iniset $NOVA_CONF conductor workers "$API_WORKERS" @@ -660,10 +623,6 @@ function create_nova_conf { iniset $NOVA_CONF DEFAULT enabled_ssl_apis "$NOVA_ENABLED_APIS" fi - if is_service_enabled tls-proxy; then - iniset $NOVA_CONF DEFAULT ec2_listen_port $EC2_SERVICE_PORT_INT - fi - if is_service_enabled n-sproxy; then iniset $NOVA_CONF serial_console serialproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS" iniset $NOVA_CONF serial_console enabled True @@ -817,11 +776,9 @@ function start_nova_api { enabled_site_file=$(apache_site_config_for nova-api) if [ -f ${enabled_site_file} ] && [ "$NOVA_USE_MOD_WSGI" == "True" ]; then enable_apache_site nova-api - enable_apache_site nova-ec2-api enable_apache_site nova-metadata restart_apache_server tail_log nova-api /var/log/$APACHE_NAME/nova-api.log - tail_log nova-ec2-api /var/log/$APACHE_NAME/nova-ec2-api.log tail_log nova-metadata /var/log/$APACHE_NAME/nova-metadata.log else run_process n-api "$NOVA_BIN_DIR/nova-api" @@ -937,7 +894,6 @@ function stop_nova_compute { function stop_nova_rest { if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then disable_apache_site nova-api - disable_apache_site nova-ec2-api disable_apache_site nova-metadata restart_apache_server else From 65a028bf1c3685e16fafbc7c44adaeeeb6e9cf58 Mon Sep 17 00:00:00 2001 From: "Chung Chih, Hung" Date: Fri, 13 Nov 2015 11:10:48 +0000 Subject: [PATCH 0006/2277] [ceph] Deploy ceph failed at controller node for multiple node Controller node wouldn't install libvirt package. The package will only been installed at nodes which had enable nova-compute. We only need to configure libvirt secret if it had enable nova-compute. Change-Id: I9cd6baf1820ce9f71c276d7e8b670307833578a5 Closes-Bug: 1515960 --- extras.d/60-ceph.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extras.d/60-ceph.sh b/extras.d/60-ceph.sh index 38b901b767..cc90128176 100644 --- a/extras.d/60-ceph.sh +++ b/extras.d/60-ceph.sh @@ -32,7 +32,7 @@ if is_service_enabled ceph; then echo_summary "Configuring Cinder for Ceph" configure_ceph_cinder fi - if is_service_enabled cinder || is_service_enabled nova; then + if is_service_enabled n-cpu; then # NOTE (leseb): the part below is a requirement to attach Ceph block devices echo_summary "Configuring libvirt secret" import_libvirt_secret_ceph From 95a9ff0587adece32817b4f432588b1ab76a5972 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 12 Nov 2015 14:49:20 +1100 Subject: [PATCH 0007/2277] Add option to skip EPEL & other repo installs Add an option to skip the EPEL & other repo installs for rhel7 based platforms. This option can serve two purposes; firstly as described in I834f20e9ceae151788cec3649385da1274d7ba46 during platform bringup, a publically available EPEL might not be available. This will allow you to pre-configure a hand-built repo, etc. so you can continue testing. The other thing is that in a CI system you might be frequently building images and pre-installing EPEL/RDO etc. In that case this is just extra work. Change-Id: I9809449f4a43fa9b547c6e3ca92722c7f6e66d6a --- stack.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/stack.sh b/stack.sh index 9b811b7b67..e31cd604c5 100755 --- a/stack.sh +++ b/stack.sh @@ -263,9 +263,7 @@ fi # Some distros need to add repos beyond the defaults provided by the vendor # to pick up required packages. -if is_fedora && [[ $DISTRO == "rhel7" ]]; then - # RHEL requires EPEL for many Open Stack dependencies - +function _install_epel_and_rdo { # NOTE: We always remove and install latest -- some environments # use snapshot images, and if EPEL version updates they break # unless we update them to latest version. @@ -295,18 +293,27 @@ EOF sudo yum-config-manager --enable epel-bootstrap yum_install epel-release || \ die $LINENO "Error installing EPEL repo, cannot continue" - # EPEL rpm has installed it's version sudo rm -f /etc/yum.repos.d/epel-bootstrap.repo # ... and also optional to be enabled sudo yum-config-manager --enable rhel-7-server-optional-rpms + # install the lastest RDO sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm if is_oraclelinux; then sudo yum-config-manager --enable ol7_optional_latest ol7_addons ol7_MySQL56 fi +} + +# If you have all the repos installed above already setup (e.g. a CI +# situation where they are on your image) you may choose to skip this +# to speed things up +SKIP_EPEL_INSTALL=$(trueorfalse False SKIP_EPEL_INSTALL) +if is_fedora && [[ $DISTRO == "rhel7" ]] && \ + [[ ${SKIP_EPEL_INSTALL} != True ]]; then + _install_epel_and_rdo fi From cdba7b0e533b07d9ea896ced5085c5ce98ee2aaa Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 26 May 2015 15:33:45 -0400 Subject: [PATCH 0008/2277] Specify HTTPS URLs to fix tls-proxy mode A number of new settings are required for glance, cinder and keystone to be installable when the tls-proxy service is enabled. For cinder a new public_endpoint option was added and this needs to be set to the secure port. Keystone needs the admin_endpoint and public_endpoints defined otherwise during discovery the default, non-secure versions, will be returned. The keystone authtoken identity_uri was set at its default value in the glance registry and API configuration files. Change-Id: Ibb944ad7eb000edc6bccfcded765d1976d4d46d0 Closes-Bug: #1460807 --- lib/cinder | 2 ++ lib/glance | 3 +++ lib/keystone | 3 +++ 3 files changed, 8 insertions(+) diff --git a/lib/cinder b/lib/cinder index 1307c11f7a..cc203ad414 100644 --- a/lib/cinder +++ b/lib/cinder @@ -309,6 +309,8 @@ function configure_cinder { if is_service_enabled tls-proxy; then # Set the service port for a proxy to take the original iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT + + iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT fi if [ "$SYSLOG" != "False" ]; then diff --git a/lib/glance b/lib/glance index 2eb93a46e6..5712943bca 100644 --- a/lib/glance +++ b/lib/glance @@ -167,6 +167,9 @@ function configure_glance { iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT iniset $GLANCE_API_CONF DEFAULT public_endpoint $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT iniset $GLANCE_REGISTRY_CONF DEFAULT bind_port $GLANCE_REGISTRY_PORT_INT + + iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI + iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI fi # Register SSL certificates if provided diff --git a/lib/keystone b/lib/keystone index 5a2afbfe02..c484795c7e 100644 --- a/lib/keystone +++ b/lib/keystone @@ -233,6 +233,9 @@ function configure_keystone { # Set the service ports for a proxy to take the originals iniset $KEYSTONE_CONF eventlet_server public_port $KEYSTONE_SERVICE_PORT_INT iniset $KEYSTONE_CONF eventlet_server admin_port $KEYSTONE_AUTH_PORT_INT + + iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI + iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI fi iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN" From bd4048a3c50e3cd215785e187e9e40b78bd064ae Mon Sep 17 00:00:00 2001 From: Steve Baker Date: Wed, 18 Nov 2015 10:55:22 +1300 Subject: [PATCH 0009/2277] Never uninstall python-pip on fedora Python in f23 and f22 depends on the python-pip package so removing it results in a nonfunctional system. pip on fedora installs to /usr so pip can safely override the system pip for all versions of Fedora. Change-Id: I336c7ffdf00784ca8deba7d6612a08b96a0ad098 Closes-Bug: #1467569 --- tools/install_pip.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/install_pip.sh b/tools/install_pip.sh index ab5efb2e77..1728816890 100755 --- a/tools/install_pip.sh +++ b/tools/install_pip.sh @@ -111,8 +111,10 @@ get_versions # Eradicate any and all system packages -# python in f23 depends on the python-pip package -if ! { is_fedora && [[ $DISTRO == "f23" ]]; }; then +# Python in f23 and f22 depends on the python-pip package so removing it +# results in a nonfunctional system. pip on fedora installs to /usr so pip +# can safely override the system pip for all versions of fedora +if ! is_fedora ; then uninstall_package python-pip fi From 2ba36cda7940d630514a7864132837191d8c561f Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 12 Nov 2015 13:52:36 +1100 Subject: [PATCH 0010/2277] Add vercmp function The existing vercmp_numbers function only handles, as the name says, numbers. I noticed that "sort" has had a version sort for a long time [1] and, rather than re-implement it badly, use this as a version of vercmp that works a bit more naturally. This is intended to be used in an "if" statement as in prog_ver=$(prog_ver --version | grep ...) if vercmp $prog_ver "<" 2.0; then ... fi A test-case is added to test the basic features and some edge-cases. [1] http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=4c9fae4e97d95a9f89d1399a8aeb03051f0fec96 Change-Id: Ie55283acdc40a095b80b2631a55310072883ad0d --- functions | 46 +++++++++++++++++++++++++++++++++++++++++++ tests/test_vercmp.sh | 47 ++++++++++++++++++++++++++++++++++++++++++++ tests/unittest.sh | 45 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+) create mode 100755 tests/test_vercmp.sh diff --git a/functions b/functions index 34da1ba733..e5e3400ff8 100644 --- a/functions +++ b/functions @@ -527,12 +527,58 @@ function vercmp_numbers { typeset v1=$1 v2=$2 sep typeset -a ver1 ver2 + deprecated "vercmp_numbers is deprecated for more generic vercmp" + IFS=. read -ra ver1 <<< "$v1" IFS=. read -ra ver2 <<< "$v2" _vercmp_r "${#ver1[@]}" "${ver1[@]}" "${ver2[@]}" } +# vercmp ver1 op ver2 +# Compare VER1 to VER2 +# - op is one of < <= == >= > +# - returns true if satisified +# e.g. +# if vercmp 1.0 "<" 2.0; then +# ... +# fi +function vercmp { + local v1=$1 + local op=$2 + local v2=$3 + local result + + # sort the two numbers with sort's "-V" argument. Based on if v2 + # swapped places with v1, we can determine ordering. + result=$(echo -e "$v1\n$v2" | sort -V | head -1) + + case $op in + "==") + [ "$v1" = "$v2" ] + return + ;; + ">") + [ "$v1" != "$v2" ] && [ "$result" = "$v2" ] + return + ;; + "<") + [ "$v1" != "$v2" ] && [ "$result" = "$v1" ] + return + ;; + ">=") + [ "$result" = "$v2" ] + return + ;; + "<=") + [ "$result" = "$v1" ] + return + ;; + *) + die $LINENO "unrecognised op: $op" + ;; + esac +} # This function sets log formatting options for colorizing log # output to stdout. It is meant to be called by lib modules. diff --git a/tests/test_vercmp.sh b/tests/test_vercmp.sh new file mode 100755 index 0000000000..c88bf86d7e --- /dev/null +++ b/tests/test_vercmp.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +# Tests for DevStack vercmp functionality + +TOP=$(cd $(dirname "$0")/.. && pwd) + +# Import common functions +source $TOP/functions +source $TOP/tests/unittest.sh + +assert_true "numeric gt" vercmp 2.0 ">" 1.0 +assert_true "numeric gte" vercmp 2.0 ">=" 1.0 +assert_true "numeric gt" vercmp 1.0.1 ">" 1.0 +assert_true "numeric gte" vercmp 1.0.1 ">=" 1.0 +assert_true "alpha gt" vercmp 1.0.1b ">" 1.0.1a +assert_true "alpha gte" vercmp 1.0.1b ">=" 1.0.1a +assert_true "alpha gt" vercmp b ">" a +assert_true "alpha gte" vercmp b ">=" a +assert_true "alpha gt" vercmp 2.0-rc3 ">" 2.0-rc1 +assert_true "alpha gte" vercmp 2.0-rc3 ">=" 2.0-rc1 + +assert_false "numeric gt fail" vercmp 1.0 ">" 1.0 +assert_true "numeric gte" vercmp 1.0 ">=" 1.0 +assert_false "numeric gt fail" vercmp 0.9 ">" 1.0 +assert_false "numeric gte fail" vercmp 0.9 ">=" 1.0 +assert_false "numeric gt fail" vercmp 0.9.9 ">" 1.0 +assert_false "numeric gte fail" vercmp 0.9.9 ">=" 1.0 +assert_false "numeric gt fail" vercmp 0.9a.9 ">" 1.0.1 +assert_false "numeric gte fail" vercmp 0.9a.9 ">=" 1.0.1 + +assert_false "numeric lt" vercmp 1.0 "<" 1.0 +assert_true "numeric lte" vercmp 1.0 "<=" 1.0 +assert_true "numeric lt" vercmp 1.0 "<" 1.0.1 +assert_true "numeric lte" vercmp 1.0 "<=" 1.0.1 +assert_true "alpha lt" vercmp 1.0.1a "<" 1.0.1b +assert_true "alpha lte" vercmp 1.0.1a "<=" 1.0.1b +assert_true "alpha lt" vercmp a "<" b +assert_true "alpha lte" vercmp a "<=" b +assert_true "alpha lt" vercmp 2.0-rc1 "<" 2.0-rc3 +assert_true "alpha lte" vercmp 2.0-rc1 "<=" 2.0-rc3 + +assert_true "eq" vercmp 1.0 "==" 1.0 +assert_true "eq" vercmp 1.0.1 "==" 1.0.1 +assert_false "eq fail" vercmp 1.0.1 "==" 1.0.2 +assert_false "eq fail" vercmp 2.0-rc1 "==" 2.0-rc2 + +report_results diff --git a/tests/unittest.sh b/tests/unittest.sh index 2570319fbf..6c697d7925 100644 --- a/tests/unittest.sh +++ b/tests/unittest.sh @@ -92,6 +92,51 @@ function assert_empty { fi } +# assert the arguments evaluate to true +# assert_true "message" arg1 arg2 +function assert_true { + local lineno + lineno=`caller 0 | awk '{print $1}'` + local function + function=`caller 0 | awk '{print $2}'` + local msg=$1 + shift + + $@ + if [ $? -eq 0 ]; then + PASS=$((PASS+1)) + echo "PASS: $function:L$lineno - $msg" + else + FAILED_FUNCS+="$function:L$lineno\n" + echo "ERROR: test failed in $function:L$lineno!" + echo " $msg" + ERROR=$((ERROR+1)) + fi +} + +# assert the arguments evaluate to false +# assert_false "message" arg1 arg2 +function assert_false { + local lineno + lineno=`caller 0 | awk '{print $1}'` + local function + function=`caller 0 | awk '{print $2}'` + local msg=$1 + shift + + $@ + if [ $? -eq 0 ]; then + FAILED_FUNCS+="$function:L$lineno\n" + echo "ERROR: test failed in $function:L$lineno!" + echo " $msg" + ERROR=$((ERROR+1)) + else + PASS=$((PASS+1)) + echo "PASS: $function:L$lineno - $msg" + fi +} + + # Print a summary of passing and failing tests and exit # (with an error if we have failed tests) # usage: report_results From 255a58fec613b1304c8396cd969c72043073be30 Mon Sep 17 00:00:00 2001 From: Komei Shimamura Date: Fri, 20 Nov 2015 18:36:05 +0900 Subject: [PATCH 0011/2277] Add existing devstack plugins to the devstack plugin list Change-Id: I336a4c652a78e778e39652f1f16ff69be10ab065 --- doc/source/plugin-registry.rst | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index 49b3a7fc02..429f31af2d 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -76,16 +76,30 @@ Alternate Configs Additional Services =================== -+----------------+--------------------------------------------------+------------+ -| Plugin Name | URL | Comments | -| | | | -+----------------+--------------------------------------------------+------------+ -|ec2-api |git://git.openstack.org/openstack/ec2-api |[as1]_ | -+----------------+--------------------------------------------------+------------+ -|ironic-inspector|git://git.openstack.org/openstack/ironic-inspector| | -+----------------+--------------------------------------------------+------------+ -| | | | -+----------------+--------------------------------------------------+------------+ ++-----------------+------------------------------------------------------------+------------+ +| Plugin Name | URL | Comments | +| | | | ++-----------------+------------------------------------------------------------+------------+ +|amqp1 |git://git.openstack.org/openstack/devstack-plugin-amqp1 | | ++-----------------+------------------------------------------------------------+------------+ +|bdd |git://git.openstack.org/openstack/devstack-plugin-bdd | | ++-----------------+------------------------------------------------------------+------------+ +|ec2-api |git://git.openstack.org/openstack/ec2-api |[as1]_ | ++-----------------+------------------------------------------------------------+------------+ +|glusterfs |git://git.openstack.org/openstack/devstack-plugin-glusterfs | | ++-----------------+------------------------------------------------------------+------------+ +|hdfs |git://git.openstack.org/openstack/devstack-plugin-hdfs | | ++-----------------+------------------------------------------------------------+------------+ +|ironic-inspector |git://git.openstack.org/openstack/ironic-inspector | | ++-----------------+------------------------------------------------------------+------------+ +|pika |git://git.openstack.org/openstack/devstack-plugin-pika | | ++-----------------+------------------------------------------------------------+------------+ +|sheepdog |git://git.openstack.org/openstack/devstack-plugin-sheepdog | | ++-----------------+------------------------------------------------------------+------------+ +|zmq |git://git.openstack.org/openstack/devstack-plugin-zmq | | ++-----------------+------------------------------------------------------------+------------+ +| | | | ++-----------------+------------------------------------------------------------+------------+ .. [as1] first functional devstack plugin, hence why used in most of the examples. From af0801de3c1b1c51cf1a995c2939e182d2ef4926 Mon Sep 17 00:00:00 2001 From: Philipp Marek Date: Wed, 9 Dec 2015 13:51:56 +0100 Subject: [PATCH 0012/2277] Make logfile symlinks with relative names. Using absolute names for the symlink breaks in quite a few ways; * when creating a tar file of the logs, * when serving via NFS, or any other case where the directory gets transferred to a different machine. So just create the symlink with relative names, then they'll work in any location. Change-Id: I432a69754985fc71feb0068b7adca01066d7bc1b --- functions-common | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/functions-common b/functions-common index d4099ffcfa..0c5e48cadf 100644 --- a/functions-common +++ b/functions-common @@ -1309,10 +1309,11 @@ function _run_process { exec 3>&- exec 6>&- - local real_logfile="${LOGDIR}/${service}.log.${CURRENT_LOG_TIME}" + local logfile="${service}.log.${CURRENT_LOG_TIME}" + local real_logfile="${LOGDIR}/${logfile}" if [[ -n ${LOGDIR} ]]; then exec 1>&"$real_logfile" 2>&1 - ln -sf "$real_logfile" ${LOGDIR}/${service}.log + bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${service}.log" if [[ -n ${SCREEN_LOGDIR} ]]; then # Drop the backward-compat symlink ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${service}.log @@ -1399,7 +1400,8 @@ function screen_process { screen -S $SCREEN_NAME -X screen -t $name - local real_logfile="${LOGDIR}/${name}.log.${CURRENT_LOG_TIME}" + local logfile="${name}.log.${CURRENT_LOG_TIME}" + local real_logfile="${LOGDIR}/${logfile}" echo "LOGDIR: $LOGDIR" echo "SCREEN_LOGDIR: $SCREEN_LOGDIR" echo "log: $real_logfile" @@ -1410,7 +1412,7 @@ function screen_process { fi # If logging isn't active then avoid a broken symlink touch "$real_logfile" - ln -sf "$real_logfile" ${LOGDIR}/${name}.log + bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${name}.log" if [[ -n ${SCREEN_LOGDIR} ]]; then # Drop the backward-compat symlink ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${1}.log From cf4f76299f84135a03fe29e5eddc97490eba806a Mon Sep 17 00:00:00 2001 From: Mahito OGURA Date: Wed, 12 Aug 2015 10:21:27 +0900 Subject: [PATCH 0013/2277] Update the vnc config options group 'DEFAULT' to 'vnc' n-api log output WARNINGs that vnc config options group 'DEFAULT' is deprecated. New vnc config options group is 'vnc'. This is change of Nova.[1] This patch changes the vnc config options group 'DEFAULT' to 'vnc'. [1] https://bugs.launchpad.net/nova/+bug/1447528 Change-Id: If54f750bac83298e90bdca27b5992fe2e5fbb712 Closes-Bug: 1483583 --- lib/nova | 12 ++++++------ lib/nova_plugins/hypervisor-libvirt | 10 +++++----- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/nova b/lib/nova index 6337f875ef..3e3f0f49ac 100644 --- a/lib/nova +++ b/lib/nova @@ -594,9 +594,9 @@ function create_nova_conf { # These settings don't hurt anything if n-xvnc and n-novnc are disabled if is_service_enabled n-cpu; then NOVNCPROXY_URL=${NOVNCPROXY_URL:-"http://$SERVICE_HOST:6080/vnc_auto.html"} - iniset $NOVA_CONF DEFAULT novncproxy_base_url "$NOVNCPROXY_URL" + iniset $NOVA_CONF vnc novncproxy_base_url "$NOVNCPROXY_URL" XVPVNCPROXY_URL=${XVPVNCPROXY_URL:-"http://$SERVICE_HOST:6081/console"} - iniset $NOVA_CONF DEFAULT xvpvncproxy_base_url "$XVPVNCPROXY_URL" + iniset $NOVA_CONF vnc xvpvncproxy_base_url "$XVPVNCPROXY_URL" SPICEHTML5PROXY_URL=${SPICEHTML5PROXY_URL:-"http://$SERVICE_HOST:6082/spice_auto.html"} iniset $NOVA_CONF spice html5proxy_base_url "$SPICEHTML5PROXY_URL" fi @@ -606,13 +606,13 @@ function create_nova_conf { # For multi-host, this should be the management ip of the compute host. VNCSERVER_LISTEN=${VNCSERVER_LISTEN=$NOVA_SERVICE_LOCAL_HOST} VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=$NOVA_SERVICE_LOCAL_HOST} - iniset $NOVA_CONF DEFAULT vnc_enabled true - iniset $NOVA_CONF DEFAULT vncserver_listen "$VNCSERVER_LISTEN" - iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS" + iniset $NOVA_CONF vnc enabled true + iniset $NOVA_CONF vnc vncserver_listen "$VNCSERVER_LISTEN" + iniset $NOVA_CONF vnc vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS" iniset $NOVA_CONF DEFAULT novncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS" iniset $NOVA_CONF DEFAULT xvpvncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS" else - iniset $NOVA_CONF DEFAULT vnc_enabled false + iniset $NOVA_CONF vnc enabled false fi if is_service_enabled n-spice; then diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt index 8bbaa2133d..1b4f7ae80a 100644 --- a/lib/nova_plugins/hypervisor-libvirt +++ b/lib/nova_plugins/hypervisor-libvirt @@ -48,13 +48,13 @@ function configure_nova_hypervisor { iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER" # Power architecture currently does not support graphical consoles. if is_arch "ppc64"; then - iniset $NOVA_CONF DEFAULT vnc_enabled "false" + iniset $NOVA_CONF vnc enabled "false" fi # arm64-specific configuration if is_arch "aarch64"; then # arm64 architecture currently does not support graphical consoles. - iniset $NOVA_CONF DEFAULT vnc_enabled "false" + iniset $NOVA_CONF vnc enabled "false" fi # File injection is being disabled by default in the near future - @@ -65,9 +65,9 @@ function configure_nova_hypervisor { iniset $NOVA_CONF libvirt connection_uri "parallels+unix:///system" iniset $NOVA_CONF libvirt images_type "ploop" iniset $NOVA_CONF DEFAULT force_raw_images "False" - iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address $HOST_IP - iniset $NOVA_CONF DEFAULT vncserver_listen $HOST_IP - iniset $NOVA_CONF DEFAULT vnc_keymap + iniset $NOVA_CONF vnc vncserver_proxyclient_address $HOST_IP + iniset $NOVA_CONF vnc vncserver_listen $HOST_IP + iniset $NOVA_CONF vnc keymap fi } From 76cbbe37aae5d54542d62a5c6deec428a8cdc75e Mon Sep 17 00:00:00 2001 From: Mark McLoughlin Date: Mon, 7 Dec 2015 05:05:04 -0500 Subject: [PATCH 0014/2277] libvirt: don't repeatedly configure libvirtd logging /etc/libvirt is not world-readable (at least on Fedora and RHEL) so use sudo with the grep that checks whether we have already configured libvirtd logging. Also, change the regex so we don't count commented out logging config. Change-Id: I67484b28aafd0fa828385321fa96d9141cb4cb59 Signed-off-by: Mark McLoughlin --- lib/nova_plugins/functions-libvirt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index dae55c6eba..4f9b239a1e 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -110,10 +110,10 @@ EOF local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:qemu_monitor" fi local log_outputs="1:file:/var/log/libvirt/libvirtd.log" - if ! grep -q "log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then + if ! sudo grep -q "^log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then echo "log_filters=\"$log_filters\"" | sudo tee -a /etc/libvirt/libvirtd.conf fi - if ! grep -q "log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then + if ! sudo grep -q "^log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then echo "log_outputs=\"$log_outputs\"" | sudo tee -a /etc/libvirt/libvirtd.conf fi fi From 97b9e970b27f2303b8404aaa31a9f2e7d51ee787 Mon Sep 17 00:00:00 2001 From: Dave Chen Date: Tue, 15 Dec 2015 03:33:48 +0800 Subject: [PATCH 0015/2277] Remove the support for keystone extensions All keystone extensions have been moved into cores and are enabled by default, there is no need to configure the extension in devstack but configure it in devstack will block the install process. Change-Id: I7d21b122c641f601295ee7ece3583404b3874dbd Closes-Bug: #1526033 --- lib/keystone | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/lib/keystone b/lib/keystone index 6b4118de0b..336ad12cbb 100644 --- a/lib/keystone +++ b/lib/keystone @@ -52,10 +52,6 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone} KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini} -# Set up additional extensions, such as oauth1, federation -# Example of KEYSTONE_EXTENSIONS=oauth1,federation -KEYSTONE_EXTENSIONS=${KEYSTONE_EXTENSIONS:-} - # Toggle for deploying Keystone under HTTPD + mod_wsgi KEYSTONE_USE_MOD_WSGI=${KEYSTONE_USE_MOD_WSGI:-${ENABLE_HTTPD_MOD_WSGI_SERVICES}} @@ -192,8 +188,6 @@ function configure_keystone { inidelete $KEYSTONE_PASTE_INI composite:admin \\/v2.0 fi - configure_keystone_extensions - # Rewrite stock ``keystone.conf`` if is_service_enabled ldap; then @@ -305,25 +299,6 @@ function configure_keystone { iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/" } -function configure_keystone_extensions { - # Add keystone extension into keystone v3 application pipeline - local extension_value - local api_v3 - local extension - local api_v3_extension - for extension_value in ${KEYSTONE_EXTENSIONS//,/ }; do - if [[ -z "${extension_value}" ]]; then - continue - fi - api_v3=$(iniget $KEYSTONE_PASTE_INI pipeline:api_v3 pipeline) - extension=$(echo $api_v3 | sed -ne "/${extension_value}/ p;" ) - if [[ -z $extension ]]; then - api_v3_extension=$(echo $api_v3 | sed -ne "s/service_v3/${extension_value}_extension service_v3/p;" ) - iniset $KEYSTONE_PASTE_INI pipeline:api_v3 pipeline "$api_v3_extension" - fi - done -} - # create_keystone_accounts() - Sets up common required keystone accounts # Tenant User Roles @@ -468,14 +443,6 @@ function init_keystone { # Initialize keystone database $KEYSTONE_BIN_DIR/keystone-manage db_sync - local extension_value - for extension_value in ${KEYSTONE_EXTENSIONS//,/ }; do - if [[ -z "${extension_value}" ]]; then - continue - fi - $KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}" - done - if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then # Set up certificates rm -rf $KEYSTONE_CONF_DIR/ssl From 43f62c08499de004a964c3a2f90ce400a0f932ad Mon Sep 17 00:00:00 2001 From: Akihiro Motoki Date: Tue, 15 Dec 2015 16:44:41 +0900 Subject: [PATCH 0016/2277] Move horizon config and start to appropriate phase in stack.sh Previously horizon configuration and start are done too early and as a result horizon init and start need to be run twice after horizon plugins are enabled. - horizon config was done before "run_phase stack install" - horizon init and start were done before "run_phase stack post-config" This commit rearrange horizon setup to the appropriate phases defined in the devstack plugin interface. - Configuration of horizon settings is moved to configure_horizon. - horizon config is now called between run_phase stack install and post-config. - horizon init and start are now called between run_phase stack post-config and extra. Change-Id: I8bf2ceaf7734c4f7cec68bc05d7cdbae81ef311e --- lib/horizon | 8 +++++--- stack.sh | 14 ++++++++------ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/lib/horizon b/lib/horizon index 67181fcf29..dca31116e2 100644 --- a/lib/horizon +++ b/lib/horizon @@ -83,10 +83,7 @@ function configure_horizon { # Message catalog compilation is handled by Django admin script, # so compiling them after the installation avoids Django installation twice. (cd $HORIZON_DIR; ./run_tests.sh -N --compilemessages) -} -# init_horizon() - Initialize databases, etc. -function init_horizon { # ``local_settings.py`` is used to override horizon default settings. local local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py cp $HORIZON_SETTINGS $local_settings @@ -113,6 +110,7 @@ function init_horizon { horizon_conf=$(apache_site_config_for horizon) # Configure apache to run horizon + # Set up the django horizon application to serve via apache/wsgi sudo sh -c "sed -e \" s,%USER%,$APACHE_USER,g; s,%GROUP%,$APACHE_GROUP,g; @@ -133,7 +131,10 @@ function init_horizon { exit_distro_not_supported "horizon apache configuration" fi enable_apache_site horizon +} +# init_horizon() - Initialize databases, etc. +function init_horizon { # Remove old log files that could mess with how DevStack detects whether Horizon # has been successfully started (see start_horizon() and functions::screen_it()) # and run_process @@ -147,6 +148,7 @@ function init_horizon { django_admin=django-admin.py fi + # These need to be run after horizon plugins are configured. DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin collectstatic --noinput DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin compress --force diff --git a/stack.sh b/stack.sh index 19d05c904a..e65d22f114 100755 --- a/stack.sh +++ b/stack.sh @@ -840,7 +840,6 @@ if is_service_enabled horizon; then install_django_openstack_auth # dashboard stack_install_service horizon - configure_horizon fi if is_service_enabled heat; then @@ -1060,12 +1059,9 @@ write_clouds_yaml # Horizon # ------- -# Set up the django horizon application to serve via apache/wsgi - if is_service_enabled horizon; then - echo_summary "Configuring and starting Horizon" - init_horizon - start_horizon + echo_summary "Configuring Horizon" + configure_horizon fi @@ -1290,6 +1286,12 @@ if is_service_enabled heat; then fi fi +if is_service_enabled horizon; then + echo_summary "Starting Horizon" + init_horizon + start_horizon +fi + # Create account rc files # ======================= From 2ca8af45a78226f29c3251cbef6449a0a51a4c1f Mon Sep 17 00:00:00 2001 From: Atsushi SAKAI Date: Tue, 8 Dec 2015 15:36:13 +0900 Subject: [PATCH 0017/2277] Add 5 time measurement points run_process process starting time test_with_retry process starting time (for neutron legacy) restart_apache_server Apache HTTPD restart time wait_for_service HTTP server waiting time git_timed git command execution time example ======================== DevStack Components Timed ======================== run_process - 52 secs test_with_retry - 3 secs apt-get-update - 8 secs pip_install - 76 secs restart_apache_server - 9 secs wait_for_service - 11 secs git_timed - 127 secs apt-get - 15 secs Change-Id: I66140726617450cd9fe9b702092cacf053a20065 --- functions | 2 ++ functions-common | 6 ++++++ lib/apache | 2 ++ 3 files changed, 10 insertions(+) diff --git a/functions b/functions index 762fc472c2..9495710e92 100644 --- a/functions +++ b/functions @@ -357,7 +357,9 @@ CURL_GET="${CURL_GET:-curl -g}" function wait_for_service { local timeout=$1 local url=$2 + time_start "wait_for_service" timeout $timeout sh -c "while ! $CURL_GET -k --noproxy '*' -s $url >/dev/null; do sleep 1; done" + time_stop "wait_for_service" } diff --git a/functions-common b/functions-common index 1b01eefaf9..023203d1fc 100644 --- a/functions-common +++ b/functions-common @@ -597,6 +597,7 @@ function git_timed { timeout=${GIT_TIMEOUT} fi + time_start "git_timed" until timeout -s SIGINT ${timeout} git "$@"; do # 124 is timeout(1)'s special return code when it reached the # timeout; otherwise assume fatal failure @@ -611,6 +612,7 @@ function git_timed { fi sleep 5 done + time_stop "git_timed" } # git update using reference as a branch. @@ -1373,6 +1375,7 @@ function run_process { local command="$2" local group=$3 + time_start "run_process" if is_service_enabled $service; then if [[ "$USE_SCREEN" = "True" ]]; then screen_process "$service" "$command" "$group" @@ -1381,6 +1384,7 @@ function run_process { _run_process "$service" "$command" "$group" & fi fi + time_stop "run_process" } # Helper to launch a process in a named screen @@ -2196,9 +2200,11 @@ function test_with_retry { local until=${3:-10} local sleep=${4:-0.5} + time_start "test_with_retry" if ! timeout $until sh -c "while ! $testcmd; do sleep $sleep; done"; then die $LINENO "$failmsg" fi + time_stop "test_with_retry" } # Timing infrastructure - figure out where large blocks of time are diff --git a/lib/apache b/lib/apache index c9e02a2b58..2c84c7a481 100644 --- a/lib/apache +++ b/lib/apache @@ -185,9 +185,11 @@ function restart_apache_server { # Apache can be slow to stop, doing an explicit stop, sleep, start helps # to mitigate issues where apache will claim a port it's listening on is # still in use and fail to start. + time_start "restart_apache_server" stop_service $APACHE_NAME sleep 3 start_service $APACHE_NAME + time_stop "restart_apache_server" } # Restore xtrace From 00b5f4af92a640a2507046cf76ee57caa166310b Mon Sep 17 00:00:00 2001 From: Mike Turek Date: Tue, 15 Dec 2015 18:16:35 +0000 Subject: [PATCH 0018/2277] Replace deprecated baremetal timeouts with new deploy_timeout See review 258670 for more information. The preceeding patch consolidates Ironic timeouts into one blanket timeout. This patch sets the new timeout via the BUILD_TIMEOUT variable and removes the deprecated timeouts. Change-Id: I320461b2b40aa2b68afc38a901a5933e39aac1b6 Related-Bug: #1526863 --- lib/tempest | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/tempest b/lib/tempest index 61351c0628..b9d9e80fc2 100644 --- a/lib/tempest +++ b/lib/tempest @@ -533,8 +533,7 @@ function configure_tempest { # Baremetal if [ "$VIRT_DRIVER" = "ironic" ] ; then iniset $TEMPEST_CONFIG baremetal driver_enabled True - iniset $TEMPEST_CONFIG baremetal unprovision_timeout $BUILD_TIMEOUT - iniset $TEMPEST_CONFIG baremetal active_timeout $BUILD_TIMEOUT + iniset $TEMPEST_CONFIG baremetal deploy_timeout $BUILD_TIMEOUT iniset $TEMPEST_CONFIG baremetal deploy_img_dir $FILES iniset $TEMPEST_CONFIG baremetal node_uuid $IRONIC_NODE_UUID iniset $TEMPEST_CONFIG compute-feature-enabled change_password False From 47367071cdc110c40ec5c92d12f4dbe50cc553d4 Mon Sep 17 00:00:00 2001 From: Jim Rollenhagen Date: Thu, 10 Dec 2015 14:24:00 +0000 Subject: [PATCH 0019/2277] Remove ironic code from tree This removes all of the ironic code from the devstack tree, in favor of the devstack plugin in Ironic's tree. Depends-On: I659e3de5c64df798441798ff48ba5c9c0506585a Depends-On: I2c52bc014f1b0dbc6b0ae22a4deb4132b4c28621 Change-Id: I5125fce295c79600781469c2f48bea80e7600081 --- clean.sh | 1 - doc/source/index.rst | 2 - doc/source/plugin-registry.rst | 2 + extras.d/50-ironic.sh | 50 -- files/apache-ironic.template | 12 - files/debs/ironic | 19 - files/rpms/ironic | 14 - functions-common | 12 +- lib/ironic | 874 ------------------- stackrc | 8 +- tools/ironic/scripts/cleanup-node | 25 - tools/ironic/scripts/configure-vm | 93 -- tools/ironic/scripts/create-node | 79 -- tools/ironic/scripts/setup-network | 28 - tools/ironic/templates/brbm.xml | 6 - tools/ironic/templates/tftpd-xinetd.template | 14 - tools/ironic/templates/vm.xml | 49 -- 17 files changed, 16 insertions(+), 1272 deletions(-) delete mode 100644 extras.d/50-ironic.sh delete mode 100644 files/apache-ironic.template delete mode 100644 files/debs/ironic delete mode 100644 files/rpms/ironic delete mode 100644 lib/ironic delete mode 100755 tools/ironic/scripts/cleanup-node delete mode 100755 tools/ironic/scripts/configure-vm delete mode 100755 tools/ironic/scripts/create-node delete mode 100755 tools/ironic/scripts/setup-network delete mode 100644 tools/ironic/templates/brbm.xml delete mode 100644 tools/ironic/templates/tftpd-xinetd.template delete mode 100644 tools/ironic/templates/vm.xml diff --git a/clean.sh b/clean.sh index ae28aa9ab7..fc6f80dad4 100755 --- a/clean.sh +++ b/clean.sh @@ -50,7 +50,6 @@ source $TOP_DIR/lib/cinder source $TOP_DIR/lib/swift source $TOP_DIR/lib/heat source $TOP_DIR/lib/neutron-legacy -source $TOP_DIR/lib/ironic # Extras Source diff --git a/doc/source/index.rst b/doc/source/index.rst index ec345c9f64..2622436820 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -174,7 +174,6 @@ Scripts * `lib/heat `__ * `lib/horizon `__ * `lib/infra `__ -* `lib/ironic `__ * `lib/keystone `__ * `lib/ldap `__ * `lib/neutron-legacy `__ @@ -189,7 +188,6 @@ Scripts * `clean.sh `__ * `run\_tests.sh `__ -* `extras.d/50-ironic.sh `__ * `extras.d/60-ceph.sh `__ * `extras.d/70-tuskar.sh `__ * `extras.d/80-tempest.sh `__ diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index c68d926822..7682defbed 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -30,6 +30,8 @@ The following are plugins that exist for official OpenStack projects. +------------------+---------------------------------------------+--------------------+ |gnocchi |git://git.openstack.org/openstack/gnocchi | metric | +------------------+---------------------------------------------+--------------------+ +|ironic |git://git.openstack.org/openstack/ironic | baremetal | ++------------------+---------------------------------------------+--------------------+ |magnum |git://git.openstack.org/openstack/magnum | | +------------------+---------------------------------------------+--------------------+ |manila |git://git.openstack.org/openstack/manila | file shares | diff --git a/extras.d/50-ironic.sh b/extras.d/50-ironic.sh deleted file mode 100644 index 0ee6a94758..0000000000 --- a/extras.d/50-ironic.sh +++ /dev/null @@ -1,50 +0,0 @@ -# ironic.sh - Devstack extras script to install ironic - -# NOTE(jroll) this is used for the transition to a devstack plugin in -# the ironic tree. -IRONIC_USING_PLUGIN=$(trueorfalse False IRONIC_USING_PLUGIN) -if [[ "$IRONIC_USING_PLUGIN" == "True" ]] ; then - return 0 -fi - -if is_service_enabled ir-api ir-cond; then - if [[ "$1" == "source" ]]; then - # Initial source - source $TOP_DIR/lib/ironic - elif [[ "$1" == "stack" && "$2" == "install" ]]; then - echo_summary "Installing Ironic" - install_ironic - install_ironicclient - cleanup_ironic - elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then - echo_summary "Configuring Ironic" - configure_ironic - - if is_service_enabled key; then - create_ironic_accounts - fi - - elif [[ "$1" == "stack" && "$2" == "extra" ]]; then - # Initialize ironic - init_ironic - - # Start the ironic API and ironic taskmgr components - echo_summary "Starting Ironic" - start_ironic - - if [[ "$IRONIC_BAREMETAL_BASIC_OPS" = "True" ]]; then - prepare_baremetal_basic_ops - fi - fi - - if [[ "$1" == "unstack" ]]; then - stop_ironic - if [[ "$IRONIC_BAREMETAL_BASIC_OPS" = "True" ]]; then - cleanup_baremetal_basic_ops - fi - fi - - if [[ "$1" == "clean" ]]; then - cleanup_ironic - fi -fi diff --git a/files/apache-ironic.template b/files/apache-ironic.template deleted file mode 100644 index 88641946f6..0000000000 --- a/files/apache-ironic.template +++ /dev/null @@ -1,12 +0,0 @@ -Listen %PUBLICPORT% - - - DocumentRoot "%HTTPROOT%" - - Options Indexes FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all - Require all granted - - diff --git a/files/debs/ironic b/files/debs/ironic deleted file mode 100644 index 4d5a6aa6b7..0000000000 --- a/files/debs/ironic +++ /dev/null @@ -1,19 +0,0 @@ -docker.io -ipmitool -iptables -ipxe -libguestfs0 -libvirt-bin -open-iscsi -openssh-client -openvswitch-datapath-dkms -openvswitch-switch -python-libguestfs -python-libvirt -qemu -qemu-kvm -qemu-utils -sgabios -syslinux -tftpd-hpa -xinetd diff --git a/files/rpms/ironic b/files/rpms/ironic deleted file mode 100644 index 2bf8bb370e..0000000000 --- a/files/rpms/ironic +++ /dev/null @@ -1,14 +0,0 @@ -docker-io -ipmitool -iptables -ipxe-bootimgs -libguestfs -libvirt -libvirt-python -net-tools -openssh-clients -openvswitch -sgabios -syslinux -tftp-server -xinetd diff --git a/functions-common b/functions-common index 1b01eefaf9..c3eef469d3 100644 --- a/functions-common +++ b/functions-common @@ -954,6 +954,15 @@ function get_endpoint_url { -c URL -f value) } +# check if we are using ironic with hardware +# TODO(jroll) this is a kludge left behind when ripping ironic code +# out of tree, as it is used by nova and neutron. +# figure out a way to refactor nova/neutron code to eliminate this +function is_ironic_hardware { + is_service_enabled ironic && [[ -n "${IRONIC_DEPLOY_DRIVER##*_ssh}" ]] && return 0 + return 1 +} + # Package Functions # ================= @@ -1764,7 +1773,7 @@ function run_phase { # white listed elements in tree. We want these to move out # over time as well, but they are in tree, so we need to # manage that. - local exceptions="50-ironic.sh 60-ceph.sh 80-tempest.sh" + local exceptions="60-ceph.sh 80-tempest.sh" local extra extra=$(basename $extra_plugin_file_name) if [[ ! ( $exceptions =~ "$extra" ) ]]; then @@ -1952,7 +1961,6 @@ function is_service_enabled { [[ ${service} == n-cpu-* && ${ENABLED_SERVICES} =~ "n-cpu" ]] && enabled=0 [[ ${service} == "nova" && ${ENABLED_SERVICES} =~ "n-" ]] && enabled=0 [[ ${service} == "glance" && ${ENABLED_SERVICES} =~ "g-" ]] && enabled=0 - [[ ${service} == "ironic" && ${ENABLED_SERVICES} =~ "ir-" ]] && enabled=0 [[ ${service} == "neutron" && ${ENABLED_SERVICES} =~ "q-" ]] && enabled=0 [[ ${service} == "trove" && ${ENABLED_SERVICES} =~ "tr-" ]] && enabled=0 [[ ${service} == "swift" && ${ENABLED_SERVICES} =~ "s-" ]] && enabled=0 diff --git a/lib/ironic b/lib/ironic deleted file mode 100644 index dd4f8bf65f..0000000000 --- a/lib/ironic +++ /dev/null @@ -1,874 +0,0 @@ -#!/bin/bash -# -# lib/ironic -# Functions to control the configuration and operation of the **Ironic** service - -# Dependencies: -# -# - ``functions`` file -# - ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined -# - ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined -# - ``SERVICE_HOST`` -# - ``KEYSTONE_TOKEN_FORMAT`` must be defined - -# ``stack.sh`` calls the entry points in this order: -# -# - install_ironic -# - install_ironicclient -# - init_ironic -# - start_ironic -# - stop_ironic -# - cleanup_ironic - -# Save trace and pipefail settings -_XTRACE_IRONIC=$(set +o | grep xtrace) -_PIPEFAIL_IRONIC=$(set +o | grep pipefail) -set +o xtrace -set +o pipefail - -# NOTE(jroll) this is used for the transition to a devstack plugin in -# the ironic tree. -IRONIC_USING_PLUGIN=$(trueorfalse False IRONIC_USING_PLUGIN) -if [[ "$IRONIC_USING_PLUGIN" == "True" ]] ; then - return 0 -fi - -# Defaults -# -------- - -# Set up default directories -GITDIR["python-ironicclient"]=$DEST/python-ironicclient -GITDIR["ironic-lib"]=$DEST/ironic-lib - -IRONIC_DIR=$DEST/ironic -IRONIC_PYTHON_AGENT_DIR=$DEST/ironic-python-agent -IRONIC_DATA_DIR=$DATA_DIR/ironic -IRONIC_STATE_PATH=/var/lib/ironic -IRONIC_AUTH_CACHE_DIR=${IRONIC_AUTH_CACHE_DIR:-/var/cache/ironic} -IRONIC_CONF_DIR=${IRONIC_CONF_DIR:-/etc/ironic} -IRONIC_CONF_FILE=$IRONIC_CONF_DIR/ironic.conf -IRONIC_ROOTWRAP_CONF=$IRONIC_CONF_DIR/rootwrap.conf -IRONIC_POLICY_JSON=$IRONIC_CONF_DIR/policy.json - -# Deploy callback timeout can be changed from its default (1800), if required. -IRONIC_CALLBACK_TIMEOUT=${IRONIC_CALLBACK_TIMEOUT:-} - -# Deploy to hardware platform -IRONIC_HW_NODE_CPU=${IRONIC_HW_NODE_CPU:-1} -IRONIC_HW_NODE_RAM=${IRONIC_HW_NODE_RAM:-512} -IRONIC_HW_NODE_DISK=${IRONIC_HW_NODE_DISK:-10} -IRONIC_HW_EPHEMERAL_DISK=${IRONIC_HW_EPHEMERAL_DISK:-0} -# The file is composed of multiple lines, each line includes four field -# separated by white space: IPMI address, MAC address, IPMI username -# and IPMI password. -# -# 192.168.110.107 00:1e:67:57:50:4c root otc123 -IRONIC_IPMIINFO_FILE=${IRONIC_IPMIINFO_FILE:-$IRONIC_DATA_DIR/hardware_info} - -# Set up defaults for functional / integration testing -IRONIC_NODE_UUID=${IRONIC_NODE_UUID:-`uuidgen`} -IRONIC_SCRIPTS_DIR=${IRONIC_SCRIPTS_DIR:-$TOP_DIR/tools/ironic/scripts} -IRONIC_TEMPLATES_DIR=${IRONIC_TEMPLATES_DIR:-$TOP_DIR/tools/ironic/templates} -IRONIC_BAREMETAL_BASIC_OPS=$(trueorfalse False IRONIC_BAREMETAL_BASIC_OPS) -IRONIC_ENABLED_DRIVERS=${IRONIC_ENABLED_DRIVERS:-fake,pxe_ssh,pxe_ipmitool} -IRONIC_SSH_USERNAME=${IRONIC_SSH_USERNAME:-`whoami`} -IRONIC_SSH_TIMEOUT=${IRONIC_SSH_TIMEOUT:-15} -IRONIC_SSH_KEY_DIR=${IRONIC_SSH_KEY_DIR:-$IRONIC_DATA_DIR/ssh_keys} -IRONIC_SSH_KEY_FILENAME=${IRONIC_SSH_KEY_FILENAME:-ironic_key} -IRONIC_KEY_FILE=${IRONIC_KEY_FILE:-$IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME} -IRONIC_SSH_VIRT_TYPE=${IRONIC_SSH_VIRT_TYPE:-virsh} -IRONIC_TFTPBOOT_DIR=${IRONIC_TFTPBOOT_DIR:-$IRONIC_DATA_DIR/tftpboot} -IRONIC_TFTPSERVER_IP=${IRONIC_TFTPSERVER_IP:-$HOST_IP} -IRONIC_VM_SSH_PORT=${IRONIC_VM_SSH_PORT:-22} -IRONIC_VM_SSH_ADDRESS=${IRONIC_VM_SSH_ADDRESS:-$HOST_IP} -IRONIC_VM_COUNT=${IRONIC_VM_COUNT:-1} -IRONIC_VM_SPECS_CPU=${IRONIC_VM_SPECS_CPU:-1} -IRONIC_VM_SPECS_RAM=${IRONIC_VM_SPECS_RAM:-512} -IRONIC_VM_SPECS_DISK=${IRONIC_VM_SPECS_DISK:-10} -IRONIC_VM_EPHEMERAL_DISK=${IRONIC_VM_EPHEMERAL_DISK:-0} -IRONIC_VM_EMULATOR=${IRONIC_VM_EMULATOR:-/usr/bin/qemu-system-x86_64} -IRONIC_VM_NETWORK_BRIDGE=${IRONIC_VM_NETWORK_BRIDGE:-brbm} -IRONIC_VM_NETWORK_RANGE=${IRONIC_VM_NETWORK_RANGE:-192.0.2.0/24} -IRONIC_VM_MACS_CSV_FILE=${IRONIC_VM_MACS_CSV_FILE:-$IRONIC_DATA_DIR/ironic_macs.csv} -IRONIC_AUTHORIZED_KEYS_FILE=${IRONIC_AUTHORIZED_KEYS_FILE:-$HOME/.ssh/authorized_keys} - -# By default, baremetal VMs will console output to file. -IRONIC_VM_LOG_CONSOLE=${IRONIC_VM_LOG_CONSOLE:-True} -IRONIC_VM_LOG_DIR=${IRONIC_VM_LOG_DIR:-$IRONIC_DATA_DIR/logs/} - -# Use DIB to create deploy ramdisk and kernel. -IRONIC_BUILD_DEPLOY_RAMDISK=$(trueorfalse True IRONIC_BUILD_DEPLOY_RAMDISK) -# If not use DIB, these files are used as deploy ramdisk/kernel. -# (The value must be an absolute path) -IRONIC_DEPLOY_RAMDISK=${IRONIC_DEPLOY_RAMDISK:-} -IRONIC_DEPLOY_KERNEL=${IRONIC_DEPLOY_KERNEL:-} -IRONIC_DEPLOY_ELEMENT=${IRONIC_DEPLOY_ELEMENT:-deploy-ironic} - -IRONIC_AGENT_KERNEL_URL=${IRONIC_AGENT_KERNEL_URL:-http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe.vmlinuz} -IRONIC_AGENT_RAMDISK_URL=${IRONIC_AGENT_RAMDISK_URL:-http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz} - -# Which deploy driver to use - valid choices right now -# are ``pxe_ssh``, ``pxe_ipmitool``, ``agent_ssh`` and ``agent_ipmitool``. -IRONIC_DEPLOY_DRIVER=${IRONIC_DEPLOY_DRIVER:-pxe_ssh} - -# TODO(agordeev): replace 'ubuntu' with host distro name getting -IRONIC_DEPLOY_FLAVOR=${IRONIC_DEPLOY_FLAVOR:-ubuntu $IRONIC_DEPLOY_ELEMENT} - -# Support entry points installation of console scripts -IRONIC_BIN_DIR=$(get_python_exec_prefix) - -# Ironic connection info. Note the port must be specified. -IRONIC_SERVICE_PROTOCOL=http -IRONIC_SERVICE_PORT=${IRONIC_SERVICE_PORT:-6385} -IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:$IRONIC_SERVICE_PORT} - -# Enable iPXE -IRONIC_IPXE_ENABLED=$(trueorfalse False IRONIC_IPXE_ENABLED) -IRONIC_HTTP_DIR=${IRONIC_HTTP_DIR:-$IRONIC_DATA_DIR/httpboot} -IRONIC_HTTP_SERVER=${IRONIC_HTTP_SERVER:-$HOST_IP} -IRONIC_HTTP_PORT=${IRONIC_HTTP_PORT:-8088} - -# NOTE(lucasagomes): This flag is used to differentiate the nodes that -# uses IPA as their deploy ramdisk from nodes that uses the agent_* drivers -# (which also uses IPA but depends on Swift Temp URLs to work). At present, -# all drivers that uses the iSCSI approach for their deployment supports -# using both, IPA or bash ramdisks for the deployment. In the future we -# want to remove the support for the bash ramdisk in favor of IPA, once -# we get there this flag can be removed, and all conditionals that uses -# it should just run by default. -IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA=$(trueorfalse False IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA) - -# get_pxe_boot_file() - Get the PXE/iPXE boot file path -function get_pxe_boot_file { - local relpath=syslinux/pxelinux.0 - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - relpath=ipxe/undionly.kpxe - fi - - local pxe_boot_file - if is_ubuntu; then - pxe_boot_file=/usr/lib/$relpath - elif is_fedora || is_suse; then - pxe_boot_file=/usr/share/$relpath - fi - - echo $pxe_boot_file -} - -# PXE boot image -IRONIC_PXE_BOOT_IMAGE=${IRONIC_PXE_BOOT_IMAGE:-$(get_pxe_boot_file)} - - -# Functions -# --------- - -# Test if any Ironic services are enabled -# is_ironic_enabled -function is_ironic_enabled { - [[ ,${ENABLED_SERVICES} =~ ,"ir-" ]] && return 0 - return 1 -} - -function is_ironic_hardware { - is_ironic_enabled && [[ -n "${IRONIC_DEPLOY_DRIVER##*_ssh}" ]] && return 0 - return 1 -} - -function is_deployed_by_agent { - [[ -z "${IRONIC_DEPLOY_DRIVER%%agent*}" ]] && return 0 - return 1 -} - -function is_deployed_with_ipa_ramdisk { - is_deployed_by_agent || [[ "$IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA" == "True" ]] && return 0 - return 1 -} - -# install_ironic() - Collect source and prepare -function install_ironic { - # make sure all needed service were enabled - local req_services="key" - if [[ "$VIRT_DRIVER" == "ironic" ]]; then - req_services+=" nova glance neutron" - fi - for srv in $req_services; do - if ! is_service_enabled "$srv"; then - die $LINENO "$srv should be enabled for Ironic." - fi - done - - if use_library_from_git "ironic-lib"; then - git_clone_by_name "ironic-lib" - setup_dev_lib "ironic-lib" - fi - - git_clone $IRONIC_REPO $IRONIC_DIR $IRONIC_BRANCH - setup_develop $IRONIC_DIR - - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - install_apache_wsgi - fi -} - -# install_ironicclient() - Collect sources and prepare -function install_ironicclient { - if use_library_from_git "python-ironicclient"; then - git_clone_by_name "python-ironicclient" - setup_dev_lib "python-ironicclient" - sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-ironicclient"]}/tools/,/etc/bash_completion.d/}ironic.bash_completion - else - # nothing actually "requires" ironicclient, so force instally from pypi - pip_install_gr python-ironicclient - fi -} - -# _cleanup_ironic_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file -function _cleanup_ironic_apache_wsgi { - sudo rm -rf $IRONIC_HTTP_DIR - disable_apache_site ironic - sudo rm -f $(apache_site_config_for ironic) - restart_apache_server -} - -# _config_ironic_apache_wsgi() - Set WSGI config files of Ironic -function _config_ironic_apache_wsgi { - local ironic_apache_conf - ironic_apache_conf=$(apache_site_config_for ironic) - sudo cp $FILES/apache-ironic.template $ironic_apache_conf - sudo sed -e " - s|%PUBLICPORT%|$IRONIC_HTTP_PORT|g; - s|%HTTPROOT%|$IRONIC_HTTP_DIR|g; - " -i $ironic_apache_conf - enable_apache_site ironic -} - -# cleanup_ironic() - Remove residual data files, anything left over from previous -# runs that would need to clean up. -function cleanup_ironic { - sudo rm -rf $IRONIC_AUTH_CACHE_DIR $IRONIC_CONF_DIR -} - -# configure_ironic_dirs() - Create all directories required by Ironic and -# associated services. -function configure_ironic_dirs { - sudo install -d -o $STACK_USER $IRONIC_CONF_DIR $STACK_USER $IRONIC_DATA_DIR \ - $IRONIC_STATE_PATH $IRONIC_TFTPBOOT_DIR $IRONIC_TFTPBOOT_DIR/pxelinux.cfg - sudo chown -R $STACK_USER:$LIBVIRT_GROUP $IRONIC_TFTPBOOT_DIR - - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - sudo install -d -o $STACK_USER -g $LIBVIRT_GROUP $IRONIC_HTTP_DIR - fi - - if [ ! -f $IRONIC_PXE_BOOT_IMAGE ]; then - die $LINENO "PXE boot file $IRONIC_PXE_BOOT_IMAGE not found." - fi - - # Copy PXE binary - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - cp $IRONIC_PXE_BOOT_IMAGE $IRONIC_TFTPBOOT_DIR - else - # Syslinux >= 5.00 pxelinux.0 binary is not "stand-alone" anymore, - # it depends on some c32 modules to work correctly. - # More info: http://www.syslinux.org/wiki/index.php/Library_modules - cp -aR $(dirname $IRONIC_PXE_BOOT_IMAGE)/*.{c32,0} $IRONIC_TFTPBOOT_DIR - fi -} - -# configure_ironic() - Set config files, create data dirs, etc -function configure_ironic { - configure_ironic_dirs - - # Copy over ironic configuration file and configure common parameters. - cp $IRONIC_DIR/etc/ironic/ironic.conf.sample $IRONIC_CONF_FILE - iniset $IRONIC_CONF_FILE DEFAULT debug True - inicomment $IRONIC_CONF_FILE DEFAULT log_file - iniset $IRONIC_CONF_FILE database connection `database_connection_url ironic` - iniset $IRONIC_CONF_FILE DEFAULT state_path $IRONIC_STATE_PATH - iniset $IRONIC_CONF_FILE DEFAULT use_syslog $SYSLOG - # Configure Ironic conductor, if it was enabled. - if is_service_enabled ir-cond; then - configure_ironic_conductor - fi - - # Configure Ironic API, if it was enabled. - if is_service_enabled ir-api; then - configure_ironic_api - fi - - # Format logging - if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then - setup_colorized_logging $IRONIC_CONF_FILE DEFAULT tenant user - fi - - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]]; then - _config_ironic_apache_wsgi - fi -} - -# configure_ironic_api() - Is used by configure_ironic(). Performs -# API specific configuration. -function configure_ironic_api { - iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone - iniset $IRONIC_CONF_FILE oslo_policy policy_file $IRONIC_POLICY_JSON - - # TODO(Yuki Nishiwaki): This is a temporary work-around until Ironic is fixed(bug#1422632). - # These codes need to be changed to use the function of configure_auth_token_middleware - # after Ironic conforms to the new auth plugin. - iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI - iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 - iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic - iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD - iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME - iniset $IRONIC_CONF_FILE keystone_authtoken cafile $SSL_BUNDLE_FILE - iniset $IRONIC_CONF_FILE keystone_authtoken signing_dir $IRONIC_AUTH_CACHE_DIR/api - - iniset_rpc_backend ironic $IRONIC_CONF_FILE - iniset $IRONIC_CONF_FILE api port $IRONIC_SERVICE_PORT - - cp -p $IRONIC_DIR/etc/ironic/policy.json $IRONIC_POLICY_JSON -} - -# configure_ironic_conductor() - Is used by configure_ironic(). -# Sets conductor specific settings. -function configure_ironic_conductor { - cp $IRONIC_DIR/etc/ironic/rootwrap.conf $IRONIC_ROOTWRAP_CONF - cp -r $IRONIC_DIR/etc/ironic/rootwrap.d $IRONIC_CONF_DIR - local ironic_rootwrap - ironic_rootwrap=$(get_rootwrap_location ironic) - local rootwrap_isudoer_cmd="$ironic_rootwrap $IRONIC_CONF_DIR/rootwrap.conf *" - - # Set up the rootwrap sudoers for ironic - local tempfile - tempfile=`mktemp` - echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_isudoer_cmd" >$tempfile - chmod 0440 $tempfile - sudo chown root:root $tempfile - sudo mv $tempfile /etc/sudoers.d/ironic-rootwrap - - iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF - iniset $IRONIC_CONF_FILE DEFAULT enabled_drivers $IRONIC_ENABLED_DRIVERS - iniset $IRONIC_CONF_FILE conductor api_url $IRONIC_SERVICE_PROTOCOL://$HOST_IP:$IRONIC_SERVICE_PORT - if [[ -n "$IRONIC_CALLBACK_TIMEOUT" ]]; then - iniset $IRONIC_CONF_FILE conductor deploy_callback_timeout $IRONIC_CALLBACK_TIMEOUT - fi - iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP - iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR - iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images - - local pxe_params="" - if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then - pxe_params+="nofb nomodeset vga=normal console=ttyS0" - if is_deployed_with_ipa_ramdisk; then - pxe_params+=" systemd.journald.forward_to_console=yes" - fi - fi - # When booting with less than 1GB, we need to switch from default tmpfs - # to ramfs for ramdisks to decompress successfully. - if (is_ironic_hardware && [[ "$IRONIC_HW_NODE_RAM" -lt 1024 ]]) || - (! is_ironic_hardware && [[ "$IRONIC_VM_SPECS_RAM" -lt 1024 ]]); then - pxe_params+=" rootfstype=ramfs" - fi - if [[ -n "$pxe_params" ]]; then - iniset $IRONIC_CONF_FILE pxe pxe_append_params "$pxe_params" - fi - - # Set these options for scenarios in which the agent fetches the image - # directly from glance, and don't set them where the image is pushed - # over iSCSI. - if is_deployed_by_agent; then - if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]] ; then - iniset $IRONIC_CONF_FILE glance swift_temp_url_key $SWIFT_TEMPURL_KEY - else - die $LINENO "SWIFT_ENABLE_TEMPURLS must be True to use agent_ssh driver in Ironic." - fi - iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:${SWIFT_DEFAULT_BIND_PORT:-8080} - iniset $IRONIC_CONF_FILE glance swift_api_version v1 - local tenant_id - tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME default) - iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id} - iniset $IRONIC_CONF_FILE glance swift_container glance - iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600 - iniset $IRONIC_CONF_FILE agent heartbeat_timeout 30 - fi - - # FIXME: this really needs to be tested in the gate. - # For now, any test using the agent ramdisk should skip cleaning - # because it is too slow to run in the gate. - iniset $IRONIC_CONF_FILE agent agent_erase_devices_priority 0 - - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - local pxebin - pxebin=`basename $IRONIC_PXE_BOOT_IMAGE` - iniset $IRONIC_CONF_FILE pxe ipxe_enabled True - iniset $IRONIC_CONF_FILE pxe pxe_config_template '\$pybasedir/drivers/modules/ipxe_config.template' - iniset $IRONIC_CONF_FILE pxe pxe_bootfile_name $pxebin - iniset $IRONIC_CONF_FILE pxe http_root $IRONIC_HTTP_DIR - iniset $IRONIC_CONF_FILE pxe http_url "http://$IRONIC_HTTP_SERVER:$IRONIC_HTTP_PORT" - fi -} - -# create_ironic_cache_dir() - Part of the init_ironic() process -function create_ironic_cache_dir { - # Create cache dir - sudo mkdir -p $IRONIC_AUTH_CACHE_DIR/api - sudo chown $STACK_USER $IRONIC_AUTH_CACHE_DIR/api - rm -f $IRONIC_AUTH_CACHE_DIR/api/* - sudo mkdir -p $IRONIC_AUTH_CACHE_DIR/registry - sudo chown $STACK_USER $IRONIC_AUTH_CACHE_DIR/registry - rm -f $IRONIC_AUTH_CACHE_DIR/registry/* -} - -# create_ironic_accounts() - Set up common required ironic accounts - -# Tenant User Roles -# ------------------------------------------------------------------ -# service ironic admin # if enabled -function create_ironic_accounts { - - # Ironic - if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then - # Get ironic user if exists - - # NOTE(Shrews): This user MUST have admin level privileges! - create_service_user "ironic" "admin" - - if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - - get_or_create_service "ironic" "baremetal" "Ironic baremetal provisioning service" - get_or_create_endpoint "baremetal" \ - "$REGION_NAME" \ - "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \ - "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \ - "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" - fi - fi -} - - -# init_ironic() - Initialize databases, etc. -function init_ironic { - # Save private network as cleaning network - local cleaning_network_uuid - cleaning_network_uuid=$(neutron net-list | grep private | get_field 1) - iniset $IRONIC_CONF_FILE neutron cleaning_network_uuid ${cleaning_network_uuid} - - # (Re)create ironic database - recreate_database ironic - - # Migrate ironic database - $IRONIC_BIN_DIR/ironic-dbsync --config-file=$IRONIC_CONF_FILE - - create_ironic_cache_dir -} - -# _ironic_bm_vm_names() - Generates list of names for baremetal VMs. -function _ironic_bm_vm_names { - local idx - local num_vms - num_vms=$(($IRONIC_VM_COUNT - 1)) - for idx in $(seq 0 $num_vms); do - echo "baremetal${IRONIC_VM_NETWORK_BRIDGE}_${idx}" - done -} - -# start_ironic() - Start running processes, including screen -function start_ironic { - # Start Ironic API server, if enabled. - if is_service_enabled ir-api; then - start_ironic_api - fi - - # Start Ironic conductor, if enabled. - if is_service_enabled ir-cond; then - start_ironic_conductor - fi - - # Start Apache if iPXE is enabled - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - restart_apache_server - fi -} - -# start_ironic_api() - Used by start_ironic(). -# Starts Ironic API server. -function start_ironic_api { - run_process ir-api "$IRONIC_BIN_DIR/ironic-api --config-file=$IRONIC_CONF_FILE" - echo "Waiting for ir-api ($IRONIC_HOSTPORT) to start..." - if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT; do sleep 1; done"; then - die $LINENO "ir-api did not start" - fi -} - -# start_ironic_conductor() - Used by start_ironic(). -# Starts Ironic conductor. -function start_ironic_conductor { - run_process ir-cond "$IRONIC_BIN_DIR/ironic-conductor --config-file=$IRONIC_CONF_FILE" - # TODO(romcheg): Find a way to check whether the conductor has started. -} - -# stop_ironic() - Stop running processes -function stop_ironic { - stop_process ir-api - stop_process ir-cond - - # Cleanup the WSGI files - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - _cleanup_ironic_apache_wsgi - fi -} - -function create_ovs_taps { - local ironic_net_id - ironic_net_id=$(neutron net-list | grep private | get_field 1) - - # Work around: No netns exists on host until a Neutron port is created. We - # need to create one in Neutron to know what netns to tap into prior to the - # first node booting. - local port_id - port_id=$(neutron port-create private | grep " id " | get_field 2) - - # intentional sleep to make sure the tag has been set to port - sleep 10 - - local tapdev - tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-) - local tag_id - tag_id=$(sudo ovs-vsctl show |grep ${tapdev} -A1 -m1 | grep tag | cut -d':' -f2 | cut -b2-) - - # make sure veth pair is not existing, otherwise delete its links - sudo ip link show ovs-tap1 && sudo ip link delete ovs-tap1 - sudo ip link show brbm-tap1 && sudo ip link delete brbm-tap1 - # create veth pair for future interconnection between br-int and brbm - sudo ip link add brbm-tap1 type veth peer name ovs-tap1 - sudo ip link set dev brbm-tap1 up - sudo ip link set dev ovs-tap1 up - - sudo ovs-vsctl -- --if-exists del-port ovs-tap1 -- add-port br-int ovs-tap1 tag=$tag_id - sudo ovs-vsctl -- --if-exists del-port brbm-tap1 -- add-port $IRONIC_VM_NETWORK_BRIDGE brbm-tap1 - - # Remove the port needed only for workaround. - neutron port-delete $port_id - - # Finally, share the fixed tenant network across all tenants. This allows the host - # to serve TFTP to a single network namespace via the tap device created above. - neutron net-update $ironic_net_id --shared true -} - -function create_bridge_and_vms { - # Call libvirt setup scripts in a new shell to ensure any new group membership - sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/setup-network" - if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then - local log_arg="$IRONIC_VM_LOG_DIR" - else - local log_arg="" - fi - local vm_name - for vm_name in $(_ironic_bm_vm_names); do - sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/create-node $vm_name \ - $IRONIC_VM_SPECS_CPU $IRONIC_VM_SPECS_RAM $IRONIC_VM_SPECS_DISK \ - amd64 $IRONIC_VM_NETWORK_BRIDGE $IRONIC_VM_EMULATOR \ - $log_arg" >> $IRONIC_VM_MACS_CSV_FILE - done - create_ovs_taps -} - -function wait_for_nova_resources { - # After nodes have been enrolled, we need to wait for both ironic and - # nova's periodic tasks to populate the resource tracker with available - # nodes and resources. Wait up to 2 minutes for a given resource before - # timing out. - local resource=$1 - local expected_count=$2 - local i - echo_summary "Waiting 2 minutes for Nova resource tracker to pick up $resource >= $expected_count" - for i in $(seq 1 120); do - if [ $(nova hypervisor-stats | grep " $resource " | get_field 2) -ge $expected_count ]; then - return 0 - fi - sleep 1 - done - die $LINENO "Timed out waiting for Nova hypervisor-stats $resource >= $expected_count" -} - -function enroll_nodes { - local chassis_id - chassis_id=$(ironic chassis-create -d "ironic test chassis" | grep " uuid " | get_field 2) - - if ! is_ironic_hardware; then - local ironic_node_cpu=$IRONIC_VM_SPECS_CPU - local ironic_node_ram=$IRONIC_VM_SPECS_RAM - local ironic_node_disk=$IRONIC_VM_SPECS_DISK - local ironic_ephemeral_disk=$IRONIC_VM_EPHEMERAL_DISK - local ironic_hwinfo_file=$IRONIC_VM_MACS_CSV_FILE - local node_options="\ - -i deploy_kernel=$IRONIC_DEPLOY_KERNEL_ID \ - -i deploy_ramdisk=$IRONIC_DEPLOY_RAMDISK_ID \ - -i ssh_virt_type=$IRONIC_SSH_VIRT_TYPE \ - -i ssh_address=$IRONIC_VM_SSH_ADDRESS \ - -i ssh_port=$IRONIC_VM_SSH_PORT \ - -i ssh_username=$IRONIC_SSH_USERNAME \ - -i ssh_key_filename=$IRONIC_KEY_FILE" - else - local ironic_node_cpu=$IRONIC_HW_NODE_CPU - local ironic_node_ram=$IRONIC_HW_NODE_RAM - local ironic_node_disk=$IRONIC_HW_NODE_DISK - local ironic_ephemeral_disk=$IRONIC_HW_EPHEMERAL_DISK - if [[ -z "${IRONIC_DEPLOY_DRIVER##*_ipmitool}" ]]; then - local ironic_hwinfo_file=$IRONIC_IPMIINFO_FILE - fi - fi - - local total_nodes=0 - local total_cpus=0 - while read hardware_info; do - if ! is_ironic_hardware; then - local mac_address=$hardware_info - elif [[ -z "${IRONIC_DEPLOY_DRIVER##*_ipmitool}" ]]; then - local ipmi_address - ipmi_address=$(echo $hardware_info |awk '{print $1}') - local mac_address - mac_address=$(echo $hardware_info |awk '{print $2}') - local ironic_ipmi_username - ironic_ipmi_username=$(echo $hardware_info |awk '{print $3}') - local ironic_ipmi_passwd - ironic_ipmi_passwd=$(echo $hardware_info |awk '{print $4}') - # Currently we require all hardware platform have same CPU/RAM/DISK info - # in future, this can be enhanced to support different type, and then - # we create the bare metal flavor with minimum value - local node_options="-i ipmi_address=$ipmi_address -i ipmi_password=$ironic_ipmi_passwd\ - -i ipmi_username=$ironic_ipmi_username" - node_options+=" -i deploy_kernel=$IRONIC_DEPLOY_KERNEL_ID" - node_options+=" -i deploy_ramdisk=$IRONIC_DEPLOY_RAMDISK_ID" - fi - - # First node created will be used for testing in ironic w/o glance - # scenario, so we need to know its UUID. - local standalone_node_uuid="" - if [ $total_nodes -eq 0 ]; then - standalone_node_uuid="--uuid $IRONIC_NODE_UUID" - fi - - local node_id - node_id=$(ironic node-create $standalone_node_uuid\ - --chassis_uuid $chassis_id \ - --driver $IRONIC_DEPLOY_DRIVER \ - --name node-$total_nodes \ - -p cpus=$ironic_node_cpu\ - -p memory_mb=$ironic_node_ram\ - -p local_gb=$ironic_node_disk\ - -p cpu_arch=x86_64 \ - $node_options \ - | grep " uuid " | get_field 2) - - ironic port-create --address $mac_address --node $node_id - - total_nodes=$((total_nodes+1)) - total_cpus=$((total_cpus+$ironic_node_cpu)) - done < $ironic_hwinfo_file - - local adjusted_disk - adjusted_disk=$(($ironic_node_disk - $ironic_ephemeral_disk)) - nova flavor-create --ephemeral $ironic_ephemeral_disk baremetal auto $ironic_node_ram $adjusted_disk $ironic_node_cpu - - nova flavor-key baremetal set "cpu_arch"="x86_64" - - if [ "$VIRT_DRIVER" == "ironic" ]; then - wait_for_nova_resources "count" $total_nodes - wait_for_nova_resources "vcpus" $total_cpus - fi -} - -function configure_iptables { - # enable tftp natting for allowing connections to HOST_IP's tftp server - sudo modprobe nf_conntrack_tftp - sudo modprobe nf_nat_tftp - # explicitly allow DHCP - packets are occasionally being dropped here - sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true - # nodes boot from TFTP and callback to the API server listening on $HOST_IP - sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true - sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true - if is_deployed_by_agent; then - # agent ramdisk gets instance image from swift - sudo iptables -I INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true - fi - - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_HTTP_PORT -j ACCEPT || true - fi -} - -function configure_tftpd { - # stop tftpd and setup serving via xinetd - stop_service tftpd-hpa || true - [ -f /etc/init/tftpd-hpa.conf ] && echo "manual" | sudo tee /etc/init/tftpd-hpa.override - sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp - sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp - - # setup tftp file mapping to satisfy requests at the root (booting) and - # /tftpboot/ sub-dir (as per deploy-ironic elements) - echo "r ^([^/]) $IRONIC_TFTPBOOT_DIR/\1" >$IRONIC_TFTPBOOT_DIR/map-file - echo "r ^(/tftpboot/) $IRONIC_TFTPBOOT_DIR/\2" >>$IRONIC_TFTPBOOT_DIR/map-file - - chmod -R 0755 $IRONIC_TFTPBOOT_DIR - restart_service xinetd -} - -function configure_ironic_ssh_keypair { - if [[ ! -d $HOME/.ssh ]]; then - mkdir -p $HOME/.ssh - chmod 700 $HOME/.ssh - fi - if [[ ! -e $IRONIC_KEY_FILE ]]; then - if [[ ! -d $(dirname $IRONIC_KEY_FILE) ]]; then - mkdir -p $(dirname $IRONIC_KEY_FILE) - fi - echo -e 'n\n' | ssh-keygen -q -t rsa -P '' -f $IRONIC_KEY_FILE - fi - cat $IRONIC_KEY_FILE.pub | tee -a $IRONIC_AUTHORIZED_KEYS_FILE -} - -function ironic_ssh_check { - local key_file=$1 - local floating_ip=$2 - local port=$3 - local default_instance_user=$4 - local active_timeout=$5 - if ! timeout $active_timeout sh -c "while ! ssh -p $port -o StrictHostKeyChecking=no -i $key_file ${default_instance_user}@$floating_ip echo success; do sleep 1; done"; then - die $LINENO "server didn't become ssh-able!" - fi -} - -function configure_ironic_auxiliary { - configure_ironic_ssh_keypair - ironic_ssh_check $IRONIC_KEY_FILE $IRONIC_VM_SSH_ADDRESS $IRONIC_VM_SSH_PORT $IRONIC_SSH_USERNAME $IRONIC_SSH_TIMEOUT -} - -function build_ipa_coreos_ramdisk { - echo "Building ironic-python-agent deploy ramdisk" - local kernel_path=$1 - local ramdisk_path=$2 - git_clone $IRONIC_PYTHON_AGENT_REPO $IRONIC_PYTHON_AGENT_DIR $IRONIC_PYTHON_AGENT_BRANCH - cd $IRONIC_PYTHON_AGENT_DIR - imagebuild/coreos/build_coreos_image.sh - cp imagebuild/coreos/UPLOAD/coreos_production_pxe_image-oem.cpio.gz $ramdisk_path - cp imagebuild/coreos/UPLOAD/coreos_production_pxe.vmlinuz $kernel_path - sudo rm -rf UPLOAD - cd - -} - -# build deploy kernel+ramdisk, then upload them to glance -# this function sets ``IRONIC_DEPLOY_KERNEL_ID``, ``IRONIC_DEPLOY_RAMDISK_ID`` -function upload_baremetal_ironic_deploy { - declare -g IRONIC_DEPLOY_KERNEL_ID IRONIC_DEPLOY_RAMDISK_ID - echo_summary "Creating and uploading baremetal images for ironic" - - # install diskimage-builder - if [[ $(type -P ramdisk-image-create) == "" ]]; then - pip_install_gr "diskimage-builder" - fi - - if [ -z "$IRONIC_DEPLOY_KERNEL" -o -z "$IRONIC_DEPLOY_RAMDISK" ]; then - local IRONIC_DEPLOY_KERNEL_PATH=$TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER.kernel - local IRONIC_DEPLOY_RAMDISK_PATH=$TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER.initramfs - else - local IRONIC_DEPLOY_KERNEL_PATH=$IRONIC_DEPLOY_KERNEL - local IRONIC_DEPLOY_RAMDISK_PATH=$IRONIC_DEPLOY_RAMDISK - fi - - if [ ! -e "$IRONIC_DEPLOY_RAMDISK_PATH" -o ! -e "$IRONIC_DEPLOY_KERNEL_PATH" ]; then - # files don't exist, need to build them - if [ "$IRONIC_BUILD_DEPLOY_RAMDISK" = "True" ]; then - # we can build them only if we're not offline - if [ "$OFFLINE" != "True" ]; then - if is_deployed_with_ipa_ramdisk; then - build_ipa_coreos_ramdisk $IRONIC_DEPLOY_KERNEL_PATH $IRONIC_DEPLOY_RAMDISK_PATH - else - ramdisk-image-create $IRONIC_DEPLOY_FLAVOR \ - -o $TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER - fi - else - die $LINENO "Deploy kernel+ramdisk files don't exist and cannot be build in OFFLINE mode" - fi - else - if is_deployed_with_ipa_ramdisk; then - # download the agent image tarball - wget "$IRONIC_AGENT_KERNEL_URL" -O $IRONIC_DEPLOY_KERNEL_PATH - wget "$IRONIC_AGENT_RAMDISK_URL" -O $IRONIC_DEPLOY_RAMDISK_PATH - else - die $LINENO "Deploy kernel+ramdisk files don't exist and their building was disabled explicitly by IRONIC_BUILD_DEPLOY_RAMDISK" - fi - fi - fi - - local token - token=$(openstack token issue -c id -f value) - die_if_not_set $LINENO token "Keystone fail to get token" - - # load them into glance - IRONIC_DEPLOY_KERNEL_ID=$(openstack \ - --os-token $token \ - --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \ - image create \ - $(basename $IRONIC_DEPLOY_KERNEL_PATH) \ - --public --disk-format=aki \ - --container-format=aki \ - < $IRONIC_DEPLOY_KERNEL_PATH | grep ' id ' | get_field 2) - IRONIC_DEPLOY_RAMDISK_ID=$(openstack \ - --os-token $token \ - --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \ - image create \ - $(basename $IRONIC_DEPLOY_RAMDISK_PATH) \ - --public --disk-format=ari \ - --container-format=ari \ - < $IRONIC_DEPLOY_RAMDISK_PATH | grep ' id ' | get_field 2) -} - -function prepare_baremetal_basic_ops { - if ! is_ironic_hardware; then - configure_ironic_auxiliary - fi - upload_baremetal_ironic_deploy - if ! is_ironic_hardware; then - create_bridge_and_vms - fi - enroll_nodes - configure_tftpd - configure_iptables -} - -function cleanup_baremetal_basic_ops { - rm -f $IRONIC_VM_MACS_CSV_FILE - if [ -f $IRONIC_KEY_FILE ]; then - local key - key=$(cat $IRONIC_KEY_FILE.pub) - # remove public key from authorized_keys - grep -v "$key" $IRONIC_AUTHORIZED_KEYS_FILE > temp && mv temp $IRONIC_AUTHORIZED_KEYS_FILE - chmod 0600 $IRONIC_AUTHORIZED_KEYS_FILE - fi - sudo rm -rf $IRONIC_DATA_DIR $IRONIC_STATE_PATH - - local vm_name - for vm_name in $(_ironic_bm_vm_names); do - sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/cleanup-node $vm_name $IRONIC_VM_NETWORK_BRIDGE" - done - - sudo rm -rf /etc/xinetd.d/tftp /etc/init/tftpd-hpa.override - restart_service xinetd - sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true - sudo iptables -D INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true - if is_deployed_by_agent; then - # agent ramdisk gets instance image from swift - sudo iptables -D INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true - fi - sudo rmmod nf_conntrack_tftp || true - sudo rmmod nf_nat_tftp || true -} - -# Restore xtrace + pipefail -$_XTRACE_IRONIC -$_PIPEFAIL_IRONIC - -# Tell emacs to use shell-script-mode -## Local variables: -## mode: shell-script -## End: diff --git a/stackrc b/stackrc index f949ccbad9..8e6ea42a00 100644 --- a/stackrc +++ b/stackrc @@ -225,10 +225,6 @@ HEAT_BRANCH=${HEAT_BRANCH:-master} HORIZON_REPO=${HORIZON_REPO:-${GIT_BASE}/openstack/horizon.git} HORIZON_BRANCH=${HORIZON_BRANCH:-master} -# baremetal provisioning service -IRONIC_REPO=${IRONIC_REPO:-${GIT_BASE}/openstack/ironic.git} -IRONIC_BRANCH=${IRONIC_BRANCH:-master} - # unified auth system (manages accounts/tokens) KEYSTONE_REPO=${KEYSTONE_REPO:-${GIT_BASE}/openstack/keystone.git} KEYSTONE_BRANCH=${KEYSTONE_BRANCH:-master} @@ -298,6 +294,8 @@ GITBRANCH["python-heatclient"]=${HEATCLIENT_BRANCH:-master} # ironic client GITREPO["python-ironicclient"]=${IRONICCLIENT_REPO:-${GIT_BASE}/openstack/python-ironicclient.git} GITBRANCH["python-ironicclient"]=${IRONICCLIENT_BRANCH:-master} +# ironic plugin is out of tree, but nova uses it. set GITDIR here. +GITDIR["python-ironicclient"]=$DEST/python-ironicclient # the base authentication plugins that clients use to authenticate GITREPO["keystoneauth"]=${KEYSTONEAUTH_REPO:-${GIT_BASE}/openstack/keystoneauth.git} @@ -484,6 +482,8 @@ GITBRANCH["os-brick"]=${OS_BRICK_BRANCH:-master} # ironic common lib GITREPO["ironic-lib"]=${IRONIC_LIB_REPO:-${GIT_BASE}/openstack/ironic-lib.git} GITBRANCH["ironic-lib"]=${IRONIC_LIB_BRANCH:-master} +# this doesn't exist in a lib file, so set it here +GITDIR["ironic-lib"]=$DEST/ironic-lib ################## diff --git a/tools/ironic/scripts/cleanup-node b/tools/ironic/scripts/cleanup-node deleted file mode 100755 index c4e4e706f4..0000000000 --- a/tools/ironic/scripts/cleanup-node +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env bash - -# **cleanup-nodes** - -# Cleans up baremetal poseur nodes and volumes created during ironic setup -# Assumes calling user has proper libvirt group membership and access. - -set -exu - -LIBVIRT_STORAGE_POOL=${LIBVIRT_STORAGE_POOL:-"default"} -LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"} - -NAME=$1 -NETWORK_BRIDGE=$2 - -export VIRSH_DEFAULT_CONNECT_URI=$LIBVIRT_CONNECT_URI - -VOL_NAME="$NAME.qcow2" -virsh list | grep -q $NAME && virsh destroy $NAME -virsh list --inactive | grep -q $NAME && virsh undefine $NAME - -if virsh pool-list | grep -q $LIBVIRT_STORAGE_POOL ; then - virsh vol-list $LIBVIRT_STORAGE_POOL | grep -q $VOL_NAME && - virsh vol-delete $VOL_NAME --pool $LIBVIRT_STORAGE_POOL -fi diff --git a/tools/ironic/scripts/configure-vm b/tools/ironic/scripts/configure-vm deleted file mode 100755 index 378fcb85ad..0000000000 --- a/tools/ironic/scripts/configure-vm +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/env python - -import argparse -import os.path - -import libvirt - -templatedir = os.path.join(os.path.dirname(os.path.dirname(__file__)), - 'templates') - - -CONSOLE_LOG = """ - - - - - - - - - - - - - - - -""" - - -def main(): - parser = argparse.ArgumentParser( - description="Configure a kvm virtual machine for the seed image.") - parser.add_argument('--name', default='seed', - help='the name to give the machine in libvirt.') - parser.add_argument('--image', - help='Use a custom image file (must be qcow2).') - parser.add_argument('--engine', default='qemu', - help='The virtualization engine to use') - parser.add_argument('--arch', default='i686', - help='The architecture to use') - parser.add_argument('--memory', default='2097152', - help="Maximum memory for the VM in KB.") - parser.add_argument('--cpus', default='1', - help="CPU count for the VM.") - parser.add_argument('--bootdev', default='hd', - help="What boot device to use (hd/network).") - parser.add_argument('--network', default="brbm", - help='The libvirt network name to use') - parser.add_argument('--libvirt-nic-driver', default='e1000', - help='The libvirt network driver to use') - parser.add_argument('--console-log', - help='File to log console') - parser.add_argument('--emulator', default=None, - help='Path to emulator bin for vm template') - args = parser.parse_args() - with file(templatedir + '/vm.xml', 'rb') as f: - source_template = f.read() - params = { - 'name': args.name, - 'imagefile': args.image, - 'engine': args.engine, - 'arch': args.arch, - 'memory': args.memory, - 'cpus': args.cpus, - 'bootdev': args.bootdev, - 'network': args.network, - 'nicdriver': args.libvirt_nic_driver, - 'emulator': args.emulator, - } - - if args.emulator: - params['emulator'] = args.emulator - else: - if os.path.exists("/usr/bin/kvm"): # Debian - params['emulator'] = "/usr/bin/kvm" - elif os.path.exists("/usr/bin/qemu-kvm"): # Redhat - params['emulator'] = "/usr/bin/qemu-kvm" - - if args.console_log: - params['bios_serial'] = "" - params['console_log'] = CONSOLE_LOG % {'console_log': args.console_log} - else: - params['bios_serial'] = '' - params['console_log'] = '' - libvirt_template = source_template % params - conn = libvirt.open("qemu:///system") - - a = conn.defineXML(libvirt_template) - print ("Created machine %s with UUID %s" % (args.name, a.UUIDString())) - -if __name__ == '__main__': - main() diff --git a/tools/ironic/scripts/create-node b/tools/ironic/scripts/create-node deleted file mode 100755 index b018acddc9..0000000000 --- a/tools/ironic/scripts/create-node +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env bash - -# **create-nodes** - -# Creates baremetal poseur nodes for ironic testing purposes - -set -ex - -# Keep track of the DevStack directory -TOP_DIR=$(cd $(dirname "$0")/.. && pwd) - -NAME=$1 -CPU=$2 -MEM=$(( 1024 * $3 )) -# Extra G to allow fuzz for partition table : flavor size and registered size -# need to be different to actual size. -DISK=$(( $4 + 1)) - -case $5 in - i386) ARCH='i686' ;; - amd64) ARCH='x86_64' ;; - *) echo "Unsupported arch $4!" ; exit 1 ;; -esac - -BRIDGE=$6 -EMULATOR=$7 -LOGDIR=$8 - -LIBVIRT_NIC_DRIVER=${LIBVIRT_NIC_DRIVER:-"e1000"} -LIBVIRT_STORAGE_POOL=${LIBVIRT_STORAGE_POOL:-"default"} -LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"} - -export VIRSH_DEFAULT_CONNECT_URI=$LIBVIRT_CONNECT_URI - -if ! virsh pool-list --all | grep -q $LIBVIRT_STORAGE_POOL; then - virsh pool-define-as --name $LIBVIRT_STORAGE_POOL dir --target /var/lib/libvirt/images >&2 - virsh pool-autostart $LIBVIRT_STORAGE_POOL >&2 - virsh pool-start $LIBVIRT_STORAGE_POOL >&2 -fi - -pool_state=$(virsh pool-info $LIBVIRT_STORAGE_POOL | grep State | awk '{ print $2 }') -if [ "$pool_state" != "running" ] ; then - [ ! -d /var/lib/libvirt/images ] && sudo mkdir /var/lib/libvirt/images - virsh pool-start $LIBVIRT_STORAGE_POOL >&2 -fi - -if [ -n "$LOGDIR" ] ; then - mkdir -p "$LOGDIR" -fi - -PREALLOC= -if [ -f /etc/debian_version ]; then - PREALLOC="--prealloc-metadata" -fi - -if [ -n "$LOGDIR" ] ; then - VM_LOGGING="--console-log $LOGDIR/${NAME}_console.log" -else - VM_LOGGING="" -fi -VOL_NAME="${NAME}.qcow2" - -if ! virsh list --all | grep -q $NAME; then - virsh vol-list --pool $LIBVIRT_STORAGE_POOL | grep -q $VOL_NAME && - virsh vol-delete $VOL_NAME --pool $LIBVIRT_STORAGE_POOL >&2 - virsh vol-create-as $LIBVIRT_STORAGE_POOL ${VOL_NAME} ${DISK}G --format qcow2 $PREALLOC >&2 - volume_path=$(virsh vol-path --pool $LIBVIRT_STORAGE_POOL $VOL_NAME) - # Pre-touch the VM to set +C, as it can only be set on empty files. - sudo touch "$volume_path" - sudo chattr +C "$volume_path" || true - $TOP_DIR/scripts/configure-vm \ - --bootdev network --name $NAME --image "$volume_path" \ - --arch $ARCH --cpus $CPU --memory $MEM --libvirt-nic-driver $LIBVIRT_NIC_DRIVER \ - --emulator $EMULATOR --network $BRIDGE $VM_LOGGING >&2 - -fi - -# echo mac -virsh dumpxml $NAME | grep "mac address" | head -1 | cut -d\' -f2 diff --git a/tools/ironic/scripts/setup-network b/tools/ironic/scripts/setup-network deleted file mode 100755 index 83308ed416..0000000000 --- a/tools/ironic/scripts/setup-network +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash - -# **setup-network** - -# Setups openvswitch libvirt network suitable for -# running baremetal poseur nodes for ironic testing purposes - -set -exu - -LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"} - -# Keep track of the DevStack directory -TOP_DIR=$(cd $(dirname "$0")/.. && pwd) -BRIDGE_SUFFIX=${1:-''} -BRIDGE_NAME=brbm$BRIDGE_SUFFIX - -export VIRSH_DEFAULT_CONNECT_URI="$LIBVIRT_CONNECT_URI" - -# Only add bridge if missing -(sudo ovs-vsctl list-br | grep ${BRIDGE_NAME}$) || sudo ovs-vsctl add-br ${BRIDGE_NAME} - -# Remove bridge before replacing it. -(virsh net-list | grep "${BRIDGE_NAME} ") && virsh net-destroy ${BRIDGE_NAME} -(virsh net-list --inactive | grep "${BRIDGE_NAME} ") && virsh net-undefine ${BRIDGE_NAME} - -virsh net-define <(sed s/brbm/$BRIDGE_NAME/ $TOP_DIR/templates/brbm.xml) -virsh net-autostart ${BRIDGE_NAME} -virsh net-start ${BRIDGE_NAME} diff --git a/tools/ironic/templates/brbm.xml b/tools/ironic/templates/brbm.xml deleted file mode 100644 index 0769d3f1d0..0000000000 --- a/tools/ironic/templates/brbm.xml +++ /dev/null @@ -1,6 +0,0 @@ - - brbm - - - - diff --git a/tools/ironic/templates/tftpd-xinetd.template b/tools/ironic/templates/tftpd-xinetd.template deleted file mode 100644 index 5f3d03f3bb..0000000000 --- a/tools/ironic/templates/tftpd-xinetd.template +++ /dev/null @@ -1,14 +0,0 @@ -service tftp -{ - protocol = udp - port = 69 - socket_type = dgram - wait = yes - user = root - server = /usr/sbin/in.tftpd - server_args = -v -v -v -v -v --map-file %TFTPBOOT_DIR%/map-file %TFTPBOOT_DIR% - disable = no - # This is a workaround for Fedora, where TFTP will listen only on - # IPv6 endpoint, if IPv4 flag is not used. - flags = IPv4 -} diff --git a/tools/ironic/templates/vm.xml b/tools/ironic/templates/vm.xml deleted file mode 100644 index ae7d685256..0000000000 --- a/tools/ironic/templates/vm.xml +++ /dev/null @@ -1,49 +0,0 @@ - - %(name)s - %(memory)s - %(cpus)s - - hvm - - - %(bios_serial)s - - - - - - - - destroy - restart - restart - - %(emulator)s - - - - -
- - -
- - - - - -
- - - -