Hello community, here is the log from the commit of package openstack-quickstart for openSUSE:Factory checked in at 2013-04-29 14:10:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openstack-quickstart (Old) and /work/SRC/openSUSE:Factory/.openstack-quickstart.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-quickstart", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/openstack-quickstart/openstack-quickstart.changes 2013-03-25 20:41:44.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openstack-quickstart.new/openstack-quickstart.changes 2013-04-29 14:10:22.000000000 +0200 @@ -2 +2 @@ -Fri Mar 15 11:09:05 UTC 2013 - [email protected] +Sun Mar 17 00:16:08 UTC 2013 - [email protected] @@ -4 +4 @@ -- Update to latest git (96c1d32): +- Update to latest git (cf8af8b): @@ -8 +8 @@ -Mon Mar 11 12:58:48 UTC 2013 - [email protected] +Mon Mar 11 13:05:30 UTC 2013 - [email protected] @@ -10 +10,2 @@ -- Update to latest git (657d782): +- Update to latest git (9b7cd13): + + Run *-manage tools as the respective user for each service @@ -14 +15 @@ -Thu Feb 7 18:38:37 UTC 2013 - [email protected] +Mon Mar 11 10:03:15 UTC 2013 - [email protected] @@ -16,3 +17,3 @@ -- Update to latest git (cb0fbe8): - + Enalbe Cinder and Swift Service endpoints - + Setup Cinder properly +- Update to latest git (073d42e): + + Only install postgresql91-server on SLE11, not on openSUSE + + Fix typo that was breaking the "nova secgroup-*" calls at the end @@ -21 +22 @@ -Wed Jan 30 07:48:46 UTC 2013 - [email protected] +Fri Mar 8 09:09:10 UTC 2013 - [email protected] @@ -23,2 +24,57 @@ -- Update to latest git (95d7088): - + Fill in values in the cinder/api-paste.ini templatae +- Add patterns-OpenStack-clients and + patterns-OpenStack-network-node Suggests as we'll get them + installed with the demosetup script. + +------------------------------------------------------------------- +Tue Mar 5 16:56:53 UTC 2013 - [email protected] + +- Update to latest git (943d412): + + Don't set keystone catalog default driver. + + Don't chown /var/lib/keystone. + + Don't set glance flavour=keystone, done in package + + Use openstack-config for setting lxc libvirt_type. + + Shameless tab-killing spree + +------------------------------------------------------------------- +Thu Feb 14 16:17:16 UTC 2013 - [email protected] + +- Update to latest git (fab4032): + + Don't fix keystone/glance directory ownership errors here + + Set nova.volume.cinder.API as nova's volume_api_class + + Revert "Set nova.volume.cinder.API as nova's volume_api_class" + + less error messages during execution + + use openstack-config to setup values + + cleanup + + also start the quantum server + + also install clients and network node pattern + +------------------------------------------------------------------- +Thu Feb 7 18:05:01 UTC 2013 - [email protected] + +- Update to latest git (1df2290): + + abort if a package couldn't be installed + + Configure Cinder properly + + Enable Cinder, Quantum, Swift and Heat Service endpoints + +------------------------------------------------------------------- +Thu Feb 7 14:53:44 UTC 2013 - [email protected] + +- require openstack-utils for the demosetup + +------------------------------------------------------------------- +Mon Feb 4 14:40:00 UTC 2013 - [email protected] + +- Update to latest git (0b1ec58): + + openstack dashboard moved to /usr/share + + Stop manipulating /etc/sudoers. + +------------------------------------------------------------------- +Wed Jan 23 09:23:10 UTC 2013 - [email protected] + +- Update to latest git (d3a5de9): + + Lotsa fixes + +------------------------------------------------------------------- +Mon Jan 14 15:08:31 UTC 2013 - [email protected] + +- Move to master branch (from stable/folsom) Old: ---- openstack-quickstart-2012.2+git.1363345658.96c1d32.tar.gz New: ---- openstack-quickstart-2013.1+git.1363345119.cf8af8b.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openstack-quickstart.spec ++++++ --- /var/tmp/diff_new_pack.M410hC/_old 2013-04-29 14:10:24.000000000 +0200 +++ /var/tmp/diff_new_pack.M410hC/_new 2013-04-29 14:10:24.000000000 +0200 @@ -16,17 +16,19 @@ # - Name: openstack-quickstart -Version: 2012.2+git.1363345658.96c1d32 +Version: 2013.1+git.1363345119.cf8af8b Release: 0 -License: MIT Summary: OpenStack Quickstart -Url: http://en.opensuse.org/SDB:Cloud_OpenStack_Quickstart +License: MIT Group: System/Management +Url: http://en.opensuse.org/SDB:Cloud_OpenStack_Quickstart Source0: %{name}-%{version}.tar.gz +Suggests: patterns-OpenStack-clients Suggests: patterns-OpenStack-compute-node Suggests: patterns-OpenStack-controller +Suggests: patterns-OpenStack-network-node +Requires: openstack-utils BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch ++++++ _service ++++++ --- /var/tmp/diff_new_pack.M410hC/_old 2013-04-29 14:10:24.000000000 +0200 +++ /var/tmp/diff_new_pack.M410hC/_new 2013-04-29 14:10:24.000000000 +0200 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@+git.%ct.%h</param> - <param name="revision">stable/folsom</param> + <param name="revision">master</param> </service> <service name="recompress" mode="disabled"> ++++++ openstack-quickstart-2012.2+git.1363345658.96c1d32.tar.gz -> openstack-quickstart-2013.1+git.1363345119.cf8af8b.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openstack-quickstart-2012.2+git.1363345658.96c1d32/scripts/openstack-loopback-lvm new/openstack-quickstart-2013.1+git.1363345119.cf8af8b/scripts/openstack-loopback-lvm --- old/openstack-quickstart-2012.2+git.1363345658.96c1d32/scripts/openstack-loopback-lvm 2013-03-15 12:06:42.000000000 +0100 +++ new/openstack-quickstart-2013.1+git.1363345119.cf8af8b/scripts/openstack-loopback-lvm 2013-03-17 01:16:07.000000000 +0100 @@ -1,6 +1,6 @@ #!/bin/sh -f=/var/lib/nova/volumes +f=/var/lib/cinder/volumes loop=/dev/loop0 modprobe loop @@ -15,10 +15,18 @@ vgchange -an cinder-volumes #losetup -d $loop +# cleanup old nova-volumes volume group +if vgscan | grep -q nova-volumes ; then + echo "cleaning up old nova-volumes VG" + vgchange -an nova-volumes + vgremove nova-volumes + losetup -d $loop +fi + if ! test -e $f ; then # calc wanted size - size=$(df -P -k /var/lib/nova/|tail -1| perl -ne 'm/^\S+\s*\d+\s+\d+\s+(\d+)/; print int($1*0.3)') + size=$(df -P -k /var/lib/cinder/|tail -1| perl -ne 'm/^\S+\s*\d+\s+\d+\s+(\d+)/; print int($1*0.3)') if [ $size -le 2000000 ] ; then echo "error detecting free space or FS too small: $size KB" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openstack-quickstart-2012.2+git.1363345658.96c1d32/scripts/openstack-quickstart-demosetup new/openstack-quickstart-2013.1+git.1363345119.cf8af8b/scripts/openstack-quickstart-demosetup --- old/openstack-quickstart-2012.2+git.1363345658.96c1d32/scripts/openstack-quickstart-demosetup 2013-03-15 12:09:05.000000000 +0100 +++ new/openstack-quickstart-2013.1+git.1363345119.cf8af8b/scripts/openstack-quickstart-demosetup 2013-03-17 01:16:08.000000000 +0100 @@ -13,23 +13,39 @@ KEYSTONE_SYSTEM_GROUP=openstack-keystone GLANCE_SYSTEM_USER=openstack-glance GLANCE_SYSTEM_GROUP=openstack-glance +CINDER_SYSTEM_USER=openstack-cinder +CINDER_SYSTEM_GROUP=openstack-cinder +QUANTUM_SYSTEM_USER=openstack-quantum +QUANTUM_SYSTEM_GROUP=openstack-quantum +NOVA_SYSTEM_USER=openstack-nova +NOVA_SYSTEM_GROUP=openstack-nova HORIZON_SYSTEM_USER=openstack-horizon echo "Setting up OpenStack demo controller..." function install_packages () { - test $# -gt 0 || return - rpm -q $* > /dev/null || zypper -n in $* + test $# -gt 0 || return + rpm -q $* > /dev/null || zypper -n in $* || exit 1 } -install_packages patterns-OpenStack-controller patterns-OpenStack-compute-node +function run_as () { + test $# -eq 2 || (echo "Bad usage of run_as function. Arguments: $*"; exit 1) + su - $1 -s /bin/bash -c "$2" +} + +install_packages patterns-OpenStack-controller patterns-OpenStack-compute-node patterns-OpenStack-clients patterns-OpenStack-network-node if [ "$DB" = "postgresql" ] ; then - install_packages postgresql-server python-psycopg2 - /etc/init.d/postgresql restart + grep -q "SUSE Linux Enterprise Server 11" /etc/SuSE-release + if test $? -eq 0; then + install_packages postgresql91-server python-psycopg2 + else + install_packages postgresql-server python-psycopg2 + fi + /etc/init.d/postgresql restart else - # start mysql - /etc/init.d/mysql start + # start mysql + /etc/init.d/mysql start fi @@ -37,14 +53,15 @@ # use lxc or qemu, if kvm is unavailable if rpm -q openstack-nova-compute >/dev/null ; then if [ "$MODE" = lxc ] ; then - sed -i -e 's/\(libvirt_type\).*/\1=lxc/' /etc/nova/nova.conf - install_packages lxc - echo mount -t cgroup none /cgroup >> /etc/init.d/boot.local - mkdir /cgroup - mount -t cgroup none /cgroup + openstack-config --set /etc/nova/nova.conf DEFAULT libvirt_type lxc + install_packages lxc + # not sure what this is good for, cgroups is and should be mounted under /sys/fs/cgroup + #echo mount -t cgroup none /cgroup >> /etc/init.d/boot.local + #mkdir /cgroup + #mount -t cgroup none /cgroup else - modprobe kvm-intel ; modprobe kvm-amd - sed -i -e 's/\(MODULES_LOADED_ON_BOOT="\)/\1kvm-intel kvm-amd\ /' /etc/sysconfig/kernel + modprobe kvm-intel ; modprobe kvm-amd + sed -i -e 's/\(MODULES_LOADED_ON_BOOT="\)/\1kvm-intel kvm-amd\ /' /etc/sysconfig/kernel fi modprobe nbd sed -i -e 's/\(MODULES_LOADED_ON_BOOT="\)/\1nbd\ /' /etc/sysconfig/kernel @@ -57,12 +74,12 @@ # configure bridge if [ ! -e /etc/sysconfig/network/ifcfg-$br ] ; then - echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf - /etc/init.d/network stop - ifdown eth0 # because systemd ignores the above - sed -i -e "s/\(BOOTPROTO\).*/\1='static'/" \ - -e "s|^\(IPADDR\).*|\1='0.0.0.0\\/32'|" /etc/sysconfig/network/ifcfg-eth0 - cat >/etc/sysconfig/network/ifcfg-$br <<EOF + echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf + /etc/init.d/network stop + ifdown eth0 # because systemd ignores the above + sed -i -e "s/\(BOOTPROTO\).*/\1='static'/" \ + -e "s|^\(IPADDR\).*|\1='0.0.0.0\\/32'|" /etc/sysconfig/network/ifcfg-eth0 + cat >/etc/sysconfig/network/ifcfg-$br <<EOF BOOTPROTO='dhcp4' BRIDGE='yes' BRIDGE_FORWARDDELAY='0' @@ -78,49 +95,24 @@ STARTMODE='onboot' USERCONTROL='no' EOF - /etc/init.d/network start + /etc/init.d/network start fi -# configure dashboard/apache -cat >/etc/apache2/conf.d/openstack-dashboard.conf <<EOF -<IfDefine SSL> - RewriteEngine On - RewriteCond %{SERVER_PORT} !^443$ - RewriteRule / https://%{HTTP_HOST}%{REQUEST_URI} [L,R] - - <VirtualHost *:443> - ServerName www.example.com - ServerAdmin [email protected] - - SSLEngine On - SSLCertificateFile /etc/apache2/ssl.crt/openstack-dashboard-server.crt - SSLCertificateKeyFile /etc/apache2/ssl.key/openstack-dashboard-server.key - - DocumentRoot /var/lib/openstack-dashboard/ - - WSGIScriptAlias / /var/lib/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi - <Directory /var/lib/openstack-dashboard/openstack_dashboard/wsgi/> - Order allow,deny - Allow from all - </Directory> - </VirtualHost> -</IfDefine> -EOF +# configure dashboard/apache sample configuration from the package: +install -m 644 /etc/apache2/conf.d/openstack-dashboard.conf{.sample,} a2enmod rewrite a2enmod ssl a2enmod wsgi a2enflag SSL -DASHBOARD_LOCAL_SET=/var/lib/openstack-dashboard/openstack_dashboard/local/local_settings.py -if grep -q "^\s*CACHE_BACKEND" $DASHBOARD_LOCAL_SET -then - sed -i "s|^\s*CACHE_BACKEND.*$|CACHE_BACKEND = 'memcached://127.0.0.1:11211/'|" $DASHBOARD_LOCAL_SET +DASHBOARD_LOCAL_SET=/usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py +if grep -q "^\s*CACHE_BACKEND" $DASHBOARD_LOCAL_SET ; then + sed -i "s|^\s*CACHE_BACKEND.*$|CACHE_BACKEND = 'memcached://127.0.0.1:11211/'|" $DASHBOARD_LOCAL_SET else - echo "CACHE_BACKEND = 'memcached://127.0.0.1:11211/'" >> $DASHBOARD_LOCAL_SET + echo "CACHE_BACKEND = 'memcached://127.0.0.1:11211/'" >> $DASHBOARD_LOCAL_SET fi -if [ "$DB" = "postgresql" ] -then +if [ "$DB" = "postgresql" ] ; then cat >> $DASHBOARD_LOCAL_SET <<EODASHDB DATABASES = { 'default': { @@ -134,9 +126,9 @@ fi if grep -q "^USE_SSL =" $DASHBOARD_LOCAL_SET; then - sed -i -e "s/^USE_SSL =.*/USE_SSL = True/" $DASHBOARD_LOCAL_SET + sed -i -e "s/^USE_SSL =.*/USE_SSL = True/" $DASHBOARD_LOCAL_SET else - echo "USE_SSL = True" >> $DASHBOARD_LOCAL_SET + echo "USE_SSL = True" >> $DASHBOARD_LOCAL_SET fi # Use 'secure' session and CSRF cookies (bnc#753582): cat >> $DASHBOARD_LOCAL_SET <<EOSEC @@ -148,87 +140,74 @@ sed -i -e "s;127.0.0.1;$IP;" /etc/nova/api-paste.ini /etc/glance/glance-api.conf /etc/glance/glance-registry.conf # configure nova -perl -i.bak -pe "s,sql_connection=\w+://\w+:[^\@:]*,sql_connection=$DB://nova:$mpw,; s/<IP>/$IP/g; s/(network_manager).*/\$1=nova.network.manager.FlatDHCPManager/;" /etc/nova/nova.conf -echo "flat_network_bridge=$br" >> /etc/nova/nova.conf -echo "bridge_interface=$br" >> /etc/nova/nova.conf -echo 'connection_type=libvirt' >> /etc/nova/nova.conf -echo 'image_service=nova.image.glance.GlanceImageService' >> /etc/nova/nova.conf -echo "glance_api_servers=$IP:9292" >> /etc/nova/nova.conf -echo "auth_strategy=keystone" >> /etc/nova/nova.conf -echo "novncproxy_base_url=http://$IP:6080/vnc_auto.html"; >> /etc/nova/nova.conf -extensions_path=`ls -d /usr/lib*/python*/site-packages/extensions 2> /dev/null | head -n 1` +perl -i.bak -pe "s,sql_connection=\w+://\w+:[^\@:]*,sql_connection=$DB://nova:$mpw,; s/<IP>/$IP/g;" /etc/nova/nova.conf + +openstack-config --set /etc/nova/nova.conf DEFAULT flat_network_bridge "$br" +openstack-config --set /etc/nova/nova.conf DEFAULT bridge_interface "$br" +openstack-config --set /etc/nova/nova.conf DEFAULT glance_api_servers "$IP:9292" +openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url "http://$IP:6080/vnc_auto.html"; + +extensions_path=$(ls -d /usr/lib*/python*/site-packages/extensions 2> /dev/null | head -n 1) if [ -n "$extensions_path" ]; then - echo "osapi_extensions_path=" >> /etc/nova/nova.conf + openstack-config --set /etc/nova/nova.conf DEFAULT osapi_extensions_path "$extensions_path" fi # configure cinder -sed -i -e "s,#*[ ]*sql_connection=.*,sql_connection=$DB://cinder:${mpw}@${IP}/cinder," /etc/cinder/cinder.conf - -grep -q nova-rootwrap /etc/sudoers || echo "openstack-nova ALL=(ALL) NOPASSWD:/usr/bin/nova-rootwrap" >> /etc/sudoers -grep -q cinder-rootwrap /etc/sudoers || echo "openstack-cinder ALL=(ALL) NOPASSWD:/usr/bin/cinder-rootwrap" >> /etc/sudoers +openstack-config --set /etc/cinder/cinder.conf DEFAULT sql_connection "$DB://cinder:${mpw}@${IP}/cinder" # configure tgt for cinder grep -q "include /var/lib/cinder/volumes" /etc/tgt/targets.conf || echo "include /var/lib/cinder/volumes/*" >> /etc/tgt/targets.conf rctgtd restart perl -i -pe "s/%SERVICE_TOKEN%/$SERVICE_TOKEN/;" /etc/nova/api-paste.ini # obsolete 2012-03-19? -for m in cinder nova glance ; do - sed -i -e 's/%SERVICE_TENANT_NAME%/service/' -e "s/%SERVICE_USER%/$m/" -e "s/%SERVICE_PASSWORD%/$SERVICE_TOKEN\nadmin_token = $SERVICE_TOKEN/" /etc/$m/*.ini /etc/$m/*.conf +for m in cinder nova glance quantum ; do + sed -i -e 's/%SERVICE_TENANT_NAME%/service/' -e "s/%SERVICE_USER%/$m/" -e "s/%SERVICE_PASSWORD%/$SERVICE_TOKEN\nadmin_token = $SERVICE_TOKEN/" /etc/$m/*.ini /etc/$m/*.conf done -# replace pipelines to use keystone -function replace_pipeline() { - sed "/\[pipeline:$1\]/,/\[/s/^pipeline = .*/pipeline = $2/" -i /etc/nova/api-paste.ini -} -replace_pipeline "ec2cloud" "ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer validator ec2executor" -replace_pipeline "ec2admin" "ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor" -replace_pipeline "openstack_compute_api_v2" "faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2" -replace_pipeline "openstack_volume_api_v1" "faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1" - if [ "$DB" = "postgresql" ] ; then - DATADIR=/var/lib/pgsql/data - if ! grep -q ::/0 $DATADIR/pg_hba.conf ; then + DATADIR=/var/lib/pgsql/data + if ! grep -q ::/0 $DATADIR/pg_hba.conf ; then sed -i "s/^\(host .*\) ident\(.*\)/\1 md5 \2/" "$DATADIR/pg_hba.conf" sed -i "s/^\(local \)/local horizon all md5 sameuser\n\1/" "$DATADIR/pg_hba.conf" - # allow remote connections: - echo "listen_addresses = '*'" >> $DATADIR/postgresql.conf - echo "host all all 0.0.0.0/0 md5 sameuser" >> $DATADIR/pg_hba.conf - echo "host all all ::/0 md5 sameuser" >> $DATADIR/pg_hba.conf - if ! rpm -q postgresql | grep -q postgresql-8 ; then - sed -i 's/\s*sameuser$//' $DATADIR/pg_hba.conf # adapt config syntax to postgresql-9 - fi - fi - sudo -u postgres dropdb keystone # needed for keystone_data.sh - for DBNAME in nova cinder keystone glance horizon ; do - # use ALTER if CREATE fails: the role probably already exists - # in that case - sudo -u postgres psql -c "CREATE ROLE $DBNAME PASSWORD '$mpw' LOGIN;" || \ - sudo -u postgres psql -c "ALTER ROLE $DBNAME PASSWORD '$mpw' LOGIN;" - sudo -u postgres createdb -O $DBNAME $DBNAME - done - sudo -u postgres createuser -s root - /etc/init.d/postgresql restart - insserv postgresql + # allow remote connections: + echo "listen_addresses = '*'" >> $DATADIR/postgresql.conf + echo "host all all 0.0.0.0/0 md5 sameuser" >> $DATADIR/pg_hba.conf + echo "host all all ::/0 md5 sameuser" >> $DATADIR/pg_hba.conf + if ! rpm -q postgresql | grep -q postgresql-8 ; then + sed -i 's/\s*sameuser$//' $DATADIR/pg_hba.conf # adapt config syntax to postgresql-9 + fi + fi + sudo -u postgres dropdb keystone || true # needed for keystone_data.sh + for DBNAME in nova cinder keystone glance horizon ; do + # use ALTER if CREATE fails: the role probably already exists + # in that case + sudo -u postgres psql -c "CREATE ROLE $DBNAME PASSWORD '$mpw' LOGIN;" || \ + sudo -u postgres psql -c "ALTER ROLE $DBNAME PASSWORD '$mpw' LOGIN;" + sudo -u postgres createdb -O $DBNAME $DBNAME || true + done + sudo -u postgres createuser -s root + /etc/init.d/postgresql restart + insserv postgresql else - echo | mysql -u root || pwquery=-p - for DBNAME in nova cinder keystone glance horizon ; do - echo " - set global character_set_server=latin1; - set session character_set_server=latin1; - CREATE DATABASE IF NOT EXISTS $DBNAME; - GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBNAME'@localhost IDENTIFIED BY '$mpw'; - GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBNAME'@'%' IDENTIFIED BY '$mpw'; - " | mysql -u root $pwquery - done + echo | mysql -u root || pwquery=-p + for DBNAME in nova cinder keystone glance horizon ; do + echo " + set global character_set_server=latin1; + set session character_set_server=latin1; + CREATE DATABASE IF NOT EXISTS $DBNAME; + GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBNAME'@localhost IDENTIFIED BY '$mpw'; + GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBNAME'@'%' IDENTIFIED BY '$mpw'; + " | mysql -u root $pwquery + done fi # sync dashboard DB "after" the database is created -cd /var/lib/openstack-dashboard && su -s /bin/bash -c "umask 0027; python -m 'manage' syncdb --noinput" wwwrun +run_as wwwrun "cd /usr/share/openstack-dashboard; umask 0027; python -m 'manage' syncdb --noinput" -cinder-manage db sync -nova-manage db sync +run_as $CINDER_SYSTEM_USER "cinder-manage db sync" +run_as $NOVA_SYSTEM_USER "nova-manage db sync" # optional - makes life better with little RAM if [ "$DB" = "postgresql" ] ; then echo " @@ -245,95 +224,48 @@ " | mysql -u root $pwquery fi -#nova-manage network create 10.10.134.32/27 1 32 -nova-manage network create --fixed_range_v4=$testnet --label=testnet +#run_as $NOVA_SYSTEM_USER "nova-manage network create 10.10.134.32/27 1 32" +run_as $NOVA_SYSTEM_USER "nova-manage network create --fixed_range_v4=$testnet --label=testnet" # setup glance -for f in api registry ; do - grep paste_deploy /etc/glance/glance-$f.conf || echo -e "[paste_deploy]\nflavor = keystone" >> /etc/glance/glance-$f.conf -done sed -i "s%sql_connection =.*%sql_connection = $DB://glance:$mpw@$IP/glance%" /etc/glance/glance-registry.conf /etc/glance/glance-api.conf # db_sync is broken for postgresql #sed -i 's%sql_connection =.*%sql_connection = sqlite:////var/lib/glance/glance.sqlite%' /etc/glance/glance-registry.conf -glance-manage db_sync -chown -R $GLANCE_SYSTEM_USER:$GLANCE_SYSTEM_GROUP /var/lib/glance /var/log/glance +run_as $GLANCE_SYSTEM_USER "glance-manage db_sync" # keystone demo setup, based on devstack.sh sed -i -e 's/kvs/sql/' -e "s,^.*connection =.*,connection = $DB://keystone:$mpw@$IP/keystone," /etc/keystone/keystone.conf -#sed -i -e 's/kvs/sql/' -e 's,^connection =.*,connection =sqlite:////var/lib/keystone/keystone.sqlite,' /etc/keystone/keystone.conf rm -f /var/lib/keystone/keystone.sqlite # cleanup DB as devstack's script fails otherwise -sed -i -e "s/^.*admin_token .*/admin_token = $SERVICE_TOKEN/" /etc/keystone/keystone.conf -sed -i -e "s/.*\(driver = keystone.catalog.backends.templated.TemplatedCatalog\)/\1/" /etc/keystone/keystone.conf KEYSTONE_CATALOG=/etc/keystone/default_catalog.templates sed -e "s,%SERVICE_HOST%,$SERVICE_HOST,g" -e "s/%S3_SERVICE_PORT%/8080/" $KEYSTONE_CATALOG.sample > $KEYSTONE_CATALOG -# Upgrade the database to the latest schema -su - $KEYSTONE_SYSTEM_USER -s /bin/bash -c "keystone-manage --config-file=/etc/keystone/keystone.conf db_sync" -# -## Tenants -#keystone-manage tenant add admin -#keystone-manage tenant add demo -# -## Users -#keystone-manage user add admin $pw -#keystone-manage user add demo $pw -# -## Roles -#keystone-manage role add Admin -#keystone-manage role add Member -#keystone-manage role add KeystoneAdmin -#keystone-manage role add KeystoneServiceAdmin -#keystone-manage role grant Admin admin admin -#keystone-manage role grant Member demo demo -#keystone-manage role grant Admin admin demo -#keystone-manage role grant Admin admin -#keystone-manage role grant KeystoneAdmin admin -#keystone-manage role grant KeystoneServiceAdmin admin -# -## Services -#keystone-manage service add nova compute "Nova Compute Service" -#keystone-manage service add glance image "Glance Image Service" -#keystone-manage service add keystone identity "Keystone Identity Service" -# -##endpointTemplates -#keystone-manage endpointTemplates add RegionOne nova http://$IP:8774/v1.1/%tenant_id% http://$IP:8774/v1.1/%tenant_id% http://$IP:8774/v1.1/%tenant_id% 1 1 -#keystone-manage endpointTemplates add RegionOne glance http://$IP:9292/v1.1/%tenant_id% http://$IP:9292/v1.1/%tenant_id% http://$IP:9292/v1.1/%tenant_id% 1 1 -#keystone-manage endpointTemplates add RegionOne keystone http://$IP:5000/v2.0 http://$IP:35357/v2.0 http://$IP:5000/v2.0 1 1 -# -## Tokens -#keystone-manage token add $SERVICE_TOKEN admin admin 2023-02-23T00:42 -# -## EC2 related creds - note we are setting the secret key to ADMIN_PASSWORD -## but keystone doesn't parse them - it is just a blob from keystone's -## point of view -#keystone-manage credentials add admin EC2 'admin' $pw admin || echo "no support for adding credentials" -#keystone-manage credentials add demo EC2 'demo' $pw demo || echo "no support for adding credentials" +openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token "$SERVICE_TOKEN" +# Upgrade the database to the latest schema +run_as $KEYSTONE_SYSTEM_USER "keystone-manage --config-file=/etc/keystone/keystone.conf db_sync" -# 2012-02-28 keystone light setup /etc/init.d/openstack-keystone restart -ENABLED_SERVICES=${ENABLED_SERVICES:-g-api,g-reg,key,n-api,n-cpu,n-net,n-vol,c-api,n-sch,n-novnc,n-xvnc,horizon,swift,mysql,rabbit} +ENABLED_SERVICES=${ENABLED_SERVICES:-g-api,g-reg,key,n-api,n-cpu,n-net,n-vol,c-api,n-sch,n-novnc,n-xvnc,q-svc,heat,horizon,swift,mysql,rabbit} KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST} KEYSTONE_AUTH_PORT=${KEYSTONE_AUTH_PORT:-35357} KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-http} SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0 ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=service SERVICE_PASSWORD=$SERVICE_TOKEN SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=/root ENABLED_SERVICES=$ENABLED_SERVICES bash /usr/lib/devstack/keystone_data.sh -chown $KEYSTONE_SYSTEM_USER:$KEYSTONE_SYSTEM_GROUP -R /var/lib/keystone/ - - rm -f /usr/lib/python*/site-packages/nova-iptables.lock.lock # workaround bug rm -f /var/lock/SuSEfirewall2.booting # workaround openSUSE bug -SuSEfirewall2 stop # interferes with openstack's network/firewall -insserv -r SuSEfirewall2_setup -insserv -r SuSEfirewall2_init +if test -e /sbin/SuSEfirewall2; then + SuSEfirewall2 stop # interferes with openstack's network/firewall + insserv -r SuSEfirewall2_setup + insserv -r SuSEfirewall2_init +fi if which aa-complain >&/dev/null; then aa-complain /etc/apparmor.d/usr.sbin.libvirtd fi if [ -e /etc/init.d/boot.apparmor ]; then - /etc/init.d/boot.apparmor stop # interferes with openstack-nova-network + /etc/init.d/boot.apparmor stop # interferes with openstack-nova-network insserv -r boot.apparmor fi @@ -344,27 +276,27 @@ sed -i -e 's;.*user.*=.*;user = "qemu";' /etc/libvirt/qemu.conf # start services -for s in ntp libvirtd $DB rabbitmq-server iscsitarget open-iscsi tgtd memcached apache2 openstack-nova-api openstack-nova-scheduler openstack-nova-network openstack-nova-compute openstack-nova-vncproxy openstack-glance-api openstack-glance-registry openstack-keystone openstack-nova-consoleauth openstack-novncproxy +for s in ntp libvirtd $DB rabbitmq-server iscsitarget open-iscsi tgtd memcached apache2 openstack-nova-api openstack-nova-conductor openstack-nova-scheduler openstack-nova-network openstack-nova-compute openstack-nova-vncproxy openstack-glance-api openstack-glance-registry openstack-keystone openstack-nova-consoleauth openstack-novncproxy openstack-quantum do - i=/etc/init.d/$s - if [ -x $i ] ; then - insserv $s - $i restart - fi + i=/etc/init.d/$s + if [ -x $i ] ; then + insserv $s + $i restart + fi done /usr/sbin/openstack-loopback-lvm if [ "$?" -ne "0" ]; then - # setup failed, so do not use - for s in api scheduler volume ; do - insserv -r openstack-cinder-$s - done + # setup failed, so do not use + for s in api scheduler volume ; do + insserv -r openstack-cinder-$s + done else - grep -q openstack-loopback-lvm /etc/init.d/boot.local || echo /usr/sbin/openstack-loopback-lvm >> /etc/init.d/boot.local - for s in api scheduler volume ; do - /etc/init.d/openstack-cinder-$s restart - insserv openstack-cinder-$s - done + grep -q openstack-loopback-lvm /etc/init.d/boot.local || echo /usr/sbin/openstack-loopback-lvm >> /etc/init.d/boot.local + for s in api scheduler volume ; do + /etc/init.d/openstack-cinder-$s restart + insserv openstack-cinder-$s + done fi grep -q bash.openstackrc /etc/bash.bashrc.local ||\ @@ -374,10 +306,10 @@ . /etc/bash.bashrc.local for user in demo admin ; do - setcreds $user $pw - nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 # to allow ping - #nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 # to allow only SSH or do - nova secgroup-add-rule default tcp 1 65535 0.0.0.0/0 # to allow all TCP - nova secgroup-add-rule default udp 1 65535 0.0.0.0/0 # and all UDP - nova secgroup-list-rules default # lists the rules + setcreds $user $pw + nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 # to allow ping + #nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 # to allow only SSH or do + nova secgroup-add-rule default tcp 1 65535 0.0.0.0/0 # to allow all TCP + nova secgroup-add-rule default udp 1 65535 0.0.0.0/0 # and all UDP + nova secgroup-list-rules default # lists the rules done -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
