-
Notifications
You must be signed in to change notification settings - Fork 0
/
local_setup_openstack-control.sh
1366 lines (1209 loc) · 75.3 KB
/
local_setup_openstack-control.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/bin/sh
get_debconf_value () {
debconf-get-selections | \
egrep "^${1}[ $(printf '\t')].*${2}[ $(printf '\t')]" | \
sed 's@.*[ \t]@@'
}
ini_unset_value () {
local file="$1"
local value="$2"
sed -i "s@^\(${value}[ \t]\)=.*@#\1 = <None>@" "${file}"
}
get_net_id () {
neutron net-list --format csv --column id --column name --quote none | \
grep "${1}" | \
sed 's@,.*@@'
}
get_subnet_id () {
neutron subnet-list --format csv --column id --column name --quote none | \
grep "${1}" | \
sed 's@,.*@@'
}
if [ ! -e "/root/admin-openrc" ]; then
echo "The /root/admin-openrc file don't exists."
exit 1
else
set +x # Disable showing commands this do (password especially).
. /root/admin-openrc
if [ -z "${OS_AUTH_URL}" ]; then
echo "Something wrong with the admin-openrc!"
exit 1
fi
fi
# Get the last part of the IP - 'ip' set in admin-openrc.
ipnr="$(echo "${ip}" | sed 's@.*\.@@')"
set -xe
# ======================================================================
# Preseed debconf (again - the package install(s) zeros out many of
# the passwords).
curl -s http://${LOCALSERVER}/PXEBoot/debconf_openstack-control.txt | \
sed "s@10\.0\.4\.1@${ip}@" | \
debconf-set-selections
# Get the wrapper to set variables in config files
curl -s http://${LOCALSERVER}/PXEBoot/openstack-configure > \
/usr/local/bin/openstack-configure
chmod +x /usr/local/bin/openstack-configure
# Get the MySQL backup script.
curl -s http://${LOCALSERVER}/PXEBoot/backup_openstack_databases.sh > \
/usr/local/sbin/backup_openstack_databases.sh
chmod +x /usr/local/sbin/backup_openstack_databases.sh
ln -s /usr/local/sbin/backup_openstack_databases.sh /etc/cron.daily/backup_openstack_databases
# Get the script to backup config files.
curl -s http://${LOCALSERVER}/PXEBoot/backup_openstack_config.sh > \
/usr/local/sbin/backup_openstack_configs.sh
chmod +x /usr/local/sbin/backup_openstack_configs.sh
ln -s /usr/local/sbin/backup_openstack_configs.sh /etc/cron.daily/backup_openstack_configs
# Get a script to cleanup old, dead hosts.
curl -s http://${LOCALSERVER}/PXEBoot/clean_dead_hosts.sh > \
/usr/local/sbin/clean_dead_hosts.sh
chmod +x /usr/local/sbin/clean_dead_hosts.sh
ln -s /usr/local/sbin/clean_dead_hosts.sh /etc/cron.daily/clean_dead_hosts
# Get a script to fix max_connections in MySQL.
curl -s http://${LOCALSERVER}/PXEBoot/mysql-increase_max_con.sh > \
/usr/local/sbin/mysql-increase_max_con.sh
chmod +x /usr/local/sbin/mysql-increase_max_con.sh
# Get a wrapper script to restart everything.
curl -s http://${LOCALSERVER}/PXEBoot/openstack-services > \
/etc/init.d/openstack-services
chmod +x /etc/init.d/openstack-services
# Get and unpack the SSL certificates.
curl -s http://${LOCALSERVER}/PXEBoot/$(hostname)_certs.zip > \
/var/tmp/certs.zip
chmod 0600 /var/tmp/certs.zip
cd /etc/ssl/certs
unzip -P "$(get_debconf_value "openstack" "certificates/password")" \
/var/tmp/certs.zip
mv cacert.pem domain.tld.pem
cd /root
set -xe
# ======================================================================
# Get some passwords we'll need to modify configuration with.
neutron_pass="$(get_debconf_value "neutron-common" "/mysql/app-pass")"
rabbit_pass="$(get_debconf_value "designate-common" "/rabbit_password")"
admin_pass="$(get_debconf_value "keystone" "/admin-password")"
aodh_pass="$(get_debconf_value "aodh-common" "/mysql/app-pass")"
glance_pass="$(get_debconf_value "glance-common" "/mysql/app-pass")"
trove_pass="$(get_debconf_value "trove-common" "/mysql/app-pass")"
mongo_ceilodb_pass="$(get_debconf_value "openstack" "mongodb/db_password")"
email="$(get_debconf_value "keystone" "/admin-email")"
ctrlnode="$(get_debconf_value "keystone" "keystone/remote/host")"
if [ -z "${neutron_pass}" -o -z "${rabbit_pass}" -o -z "${admin_pass}" \
-o -z "${aodh_pass}" -o -z "${mongo_ceilodb_pass}" -o -z "${ctrlnode}" ]
then
# Just tripple check.
echo "Can't get necessary passwords!"
exit 1
fi
# ======================================================================
# Setup the bashrc file for Openstack.
cat <<EOF >> /root/.bashrc
# Openstack specials
do_install() {
apt-get -y --no-install-recommends install \$*
}
get_debconf_value () {
debconf-get-selections | \\
egrep "^\${1}[ \$(printf '\t')].*\${2}[ \$(printf '\t')]" | \\
sed 's@.*[ \t]@@'
}
ini_unset_value () {
local file="\$1"
local value="\$2"
sed -i "s@^\(\${value}[ \t]\)=.*@#\1 = <None>@" "\${file}"
}
if [ -f /root/admin-openrc ]; then
. /root/admin-openrc
else
echo "WARNING: No /root/admin-openrc."
fi
EOF
# Get the ssh key for Cinder and Nova.
curl -s http://${LOCALSERVER}/PXEBoot/id_rsa-control > /etc/cinder/sshkey
chown cinder:root /etc/cinder/sshkey ; chmod 0600 /etc/cinder/sshkey
# RabbitMQ is notoriously sucky and unstable and crashes all the effin time!
# So install a script that checks it once a minut and if it's dead, restart
# it.
curl -s http://${LOCALSERVER}/PXEBoot/check_rabbitmq.sh > \
/usr/local/sbin/check_rabbitmq.sh
chmod +x /usr/local/sbin/check_rabbitmq.sh
echo "*/1 * * * * root /usr/local/sbin/check_rabbitmq.sh" > \
/etc/cron.d/rabbitmq
# ======================================================================
# Configure Keystone.
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.orig
openstack-configure set /etc/keystone/keystone.conf database use_db_reconnect true
openstack-configure set /etc/keystone/keystone.conf database db_retry_interval 1
openstack-configure set /etc/keystone/keystone.conf database db_inc_retry_interval true
openstack-configure set /etc/keystone/keystone.conf database db_max_retry_interval 10
openstack-configure set /etc/keystone/keystone.conf database db_max_retries 20
openstack-configure set /etc/keystone/keystone.conf oslo_messaging_rabbit rabbit_host "${ctrlnode}"
openstack-configure set /etc/keystone/keystone.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-configure set /etc/keystone/keystone.conf oslo_messaging_rabbit rabbit_password "${rabbit_pass}"
#openstack-configure set /etc/keystone/keystone.conf ldap url ldap://${LOCALSERVER}
#openstack-configure set /etc/keystone/keystone.conf ldap suffix c=SE
#openstack-configure set /etc/keystone/keystone.conf ldap use_dumb_member true
#openstack-configure set /etc/keystone/keystone.conf ldap dumb_member cn=dumb,dc=nonexistent
#openstack-configure set /etc/keystone/keystone.conf ldap query_scope sub
#openstack-configure set /etc/keystone/keystone.conf ldap user_filter uid=%
#openstack-configure set /etc/keystone/keystone.conf ldap user_objectclass person
#openstack-configure set /etc/keystone/keystone.conf ldap user_id_attribute uid
#openstack-configure set /etc/keystone/keystone.conf ldap user_name_attribute cn
#openstack-configure set /etc/keystone/keystone.conf ldap user_mail_attribute mail
#openstack-configure set /etc/keystone/keystone.conf ldap user_pass_attribute userPassword
#http://docs.openstack.org/admin-guide/keystone_integrate_with_ldap.html
#TODO: [...] and more LDAP stuff..
#ini_unset_value /etc/keystone/keystone.conf admin_token # TODO: ?? Nothing works without this ??
# Configure Designate.
cp /etc/designate/designate.conf /etc/designate/designate.conf.orig
openstack-configure set /etc/designate/designate.conf DEFAULT auth_strategy keystone
openstack-configure set /etc/designate/designate.conf service:api auth_strategy keystone
openstack-configure set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-configure set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_password "${rabbit_pass}"
openstack-configure set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_hosts "${ctrlnode}"
openstack-configure set /etc/designate/designate.conf service:central managed_resource_email "${email}"
openstack-configure set /etc/designate/designate.conf pool_manager_cache:memcache memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/designate/designate.conf network_api:neutron endpoints "europe-london\|http://${ctrlnode}:9696/"
openstack-configure set /etc/designate/designate.conf network_api:neutron admin_username admin
openstack-configure set /etc/designate/designate.conf network_api:neutron admin_password "$(get_debconf_value "openstack" "keystone/password/admin password")"
openstack-configure set /etc/designate/designate.conf network_api:neutron auth_url "http://${ctrlnode}:35357/v2.0"
openstack-configure set /etc/designate/designate.conf network_api:neutron admin_tenant_name service
openstack-configure set /etc/designate/designate.conf network_api:neutron auth_strategy keystone
openstack-configure set /etc/designate/designate.conf service:pool_manager cache_driver memcache
# https://bugs.launchpad.net/designate/+bug/1604043
openstack-configure set /etc/designate/designate.conf service:api enable_api_v2 True
openstack endpoint list --format csv --colum ID --column URL --quote none | \
grep 9001 | \
sed 's@,.*@@' | \
while read endpoint; do
openstack endpoint set --url http://10.0.4.1:9001/ "${endpoint}"
done
# Configure Manila.
cp /etc/manila/manila.conf /etc/manila/manila.conf.orig
openstack-configure set /etc/manila/manila.conf DEFAULT driver_handles_share_servers True
openstack-configure set /etc/manila/manila.conf DEFAULT service_instance_user True
openstack-configure set /etc/manila/manila.conf DEFAULT storage_availability_zone nova
openstack-configure set /etc/manila/manila.conf DEFAULT rpc_backend rabbit
openstack-configure set /etc/manila/manila.conf DEFAULT default_share_type default_share_type
openstack-configure set /etc/manila/manila.conf DEFAULT rootwrap_config /etc/manila/rootwrap.conf
openstack-configure set /etc/manila/manila.conf DEFAULT auth_strategy keystone
openstack-configure set /etc/manila/manila.conf DEFAULT memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/manila/manila.conf DEFAULT my_ip "${ip}"
openstack-configure set /etc/manila/manila.conf DEFAULT enabled_share_backends lvm
openstack-configure set /etc/manila/manila.conf DEFAULT enabled_share_protocols NFS,CIFS
openstack-configure set /etc/manila/manila.conf cinder auth_url "http://${ctrlnode}:8776/v2"
openstack-configure set /etc/manila/manila.conf cinder password "$(get_debconf_value "openstack" "keystone/password/cinder")"
openstack-configure set /etc/manila/manila.conf cinder project_domain_name default
openstack-configure set /etc/manila/manila.conf cinder project_name service
openstack-configure set /etc/manila/manila.conf cinder user_domain_name default
openstack-configure set /etc/manila/manila.conf cinder username cinder
openstack-configure set /etc/manila/manila.conf keystone_authtoken region_name europe-london
openstack-configure set /etc/manila/manila.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/manila/manila.conf keystone_authtoken auth_port 35357
openstack-configure set /etc/manila/manila.conf neutron auth_url "http://${ctrlnode}:9696/"
openstack-configure set /etc/manila/manila.conf neutron password "${neutron_pass}"
openstack-configure set /etc/manila/manila.conf neutron project_domain_name default
openstack-configure set /etc/manila/manila.conf neutron project_name service
openstack-configure set /etc/manila/manila.conf neutron user_domain_name default
openstack-configure set /etc/manila/manila.conf neutron username neutron
openstack-configure set /etc/manila/manila.conf nova auth_url "http://${ctrlnode}:8774/v2"
openstack-configure set /etc/manila/manila.conf nova password "$(get_debconf_value "openstack" "keystone/password/nova")"
openstack-configure set /etc/manila/manila.conf nova project_domain_name default
openstack-configure set /etc/manila/manila.conf nova project_name service
openstack-configure set /etc/manila/manila.conf nova user_domain_name domain
openstack-configure set /etc/manila/manila.conf nova username nova
cat <<EOF >> /etc/manila/manila.conf
# http://docs.openstack.org/mitaka/config-reference/shared-file-systems/drivers/lvm-driver.html
[lvm]
share_backend_name = LVM
share_driver = manila.share.drivers.lvm.LVMShareDriver
driver_handles_share_servers = False
lvm_share_volume_group = blade_center
lvm_share_export_ip = 10.0.4.1
lvm_share_helpers = CIFS=manila.share.drivers.helpers.CIFSHelperUserAccess, NFS=manila.share.drivers.helpers.NFSHelper
EOF
# Configure Nova.
cp /etc/nova/nova.conf /etc/nova/nova.conf.orig
openstack-configure set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-configure set /etc/nova/nova.conf DEFAULT dmz_net 10.99.0.0
openstack-configure set /etc/nova/nova.conf DEFAULT dmz_mask 255.255.255.0
openstack-configure set /etc/nova/nova.conf DEFAULT pybasedir /usr/lib/python2.7/dist-packages
openstack-configure set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-configure set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-configure set /etc/nova/nova.conf DEFAULT memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/nova/nova.conf DEFAULT internal_service_availability_zone internal
openstack-configure set /etc/nova/nova.conf DEFAULT default_availability_zone nova
openstack-configure set /etc/nova/nova.conf DEFAULT default_schedule_zone nova
openstack-configure set /etc/nova/nova.conf DEFAULT block_device_allocate_retries 300
openstack-configure set /etc/nova/nova.conf DEFAULT block_device_allocate_retries_interval 10
openstack-configure set /etc/nova/nova.conf DEFAULT block_device_creation_timeout 300
openstack-configure set /etc/nova/nova.conf DEFAULT scheduler_default_filters RetryFilter,AvailabilityZoneFilter,RamFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
openstack-configure set /etc/nova/nova.conf DEFAULT baremetal_scheduler_default_filters RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ExactRamFilter,ExactDiskFilter,ExactCoreFilter
openstack-configure set /etc/nova/nova.conf DEFAULT my_block_storage_ip \$my_ip
openstack-configure set /etc/nova/nova.conf DEFAULT routing_source_ip \$my_ip
openstack-configure set /etc/nova/nova.conf DEFAULT dhcp_lease_time $(expr 60 \* 60 \* 6)
openstack-configure set /etc/nova/nova.conf DEFAULT use_single_default_gateway true
openstack-configure set /etc/nova/nova.conf DEFAULT linuxnet_ovs_integration_bridge br-provider
# TODO: [...] lots of networking/nat stuff after that option..
openstack-configure set /etc/nova/nova.conf DEFAULT instance_usage_audit True
openstack-configure set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour
openstack-configure set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state
openstack-configure set /etc/nova/nova.conf DEFAULT driver messagingv2
openstack-configure set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-configure set /etc/nova/nova.conf DEFAULT cpu_allocation_ratio 8.0
openstack-configure set /etc/nova/nova.conf DEFAULT ram_allocation_ratio 1.0
openstack-configure set /etc/nova/nova.conf DEFAULT disk_allocation_ratio 3.0
openstack-configure set /etc/nova/nova.conf DEFAULT default_ephemeral_format xfs
openstack-configure set /etc/nova/nova.conf DEFAULT public_interface eth1
openstack-configure set /etc/nova/nova.conf DEFAULT service_neutron_metadata_proxy true
openstack-configure set /etc/nova/nova.conf DEFAULT neutron_metadata_proxy_shared_secret \
"$(get_debconf_value "neutron-metadata-agent" "/metadata_secret")"
openstack-configure set /etc/nova/nova.conf DEFAULT metadata_host \$my_ip
openstack-configure set /etc/nova/nova.conf DEFAULT metadata_listen_port 8775
#openstack-configure set /etc/nova/nova.conf DEFAULT metadata_workers 5
openstack-configure set /etc/nova/nova.conf DEFAULT use_forwarded_for true
openstack-configure set /etc/nova/nova.conf DEFAULT multi_host true
openstack-configure set /etc/nova/nova.conf DEFAULT dhcp_domain openstack.domain.tld
openstack-configure set /etc/nova/nova.conf barbican os_region_name europe-london
openstack-configure set /etc/nova/nova.conf cinder cross_az_attach True
openstack-configure set /etc/nova/nova.conf cinder os_region_name europe-london
#openstack-configure set /etc/nova/nova.conf keystone_authtoken auth_uri "http://${ctrlnode}:5000/v3"
#openstack-configure set /etc/nova/nova.conf keystone_authtoken identity_uri "http://${ctrlnode}:35357/v3"
openstack-configure set /etc/nova/nova.conf keystone_authtoken auth_host "${ctrlnode}"
openstack-configure set /etc/nova/nova.conf keystone_authtoken auth_version 3
openstack-configure set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-configure set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-configure set /etc/nova/nova.conf keystone_authtoken http_connect_timeout 5
openstack-configure set /etc/nova/nova.conf keystone_authtoken http_request_max_retries 3
openstack-configure set /etc/nova/nova.conf keystone_authtoken region_name europe-london
openstack-configure set /etc/nova/nova.conf neutron url "http://${ctrlnode}:9696/"
openstack-configure set /etc/nova/nova.conf neutron username neutron
openstack-configure set /etc/nova/nova.conf neutron password \
"$(get_debconf_value "openstack" "keystone/password/neutron")"
openstack-configure set /etc/nova/nova.conf neutron region_name europe-london
openstack-configure set /etc/nova/nova.conf neutron project_domain_name default
openstack-configure set /etc/nova/nova.conf neutron project_name service
openstack-configure set /etc/nova/nova.conf neutron user_domain_name default
openstack-configure set /etc/nova/nova.conf neutron ovs_bridge br-provider
openstack-configure set /etc/nova/nova.conf neutron tenant_name service
openstack-configure set /etc/nova/nova.conf ironic api_endpoint "http://${ctrlnode}:6385/v1"
openstack-configure set /etc/nova/nova.conf ironic admin_username ironic
openstack-configure set /etc/nova/nova.conf ironic admin_password \
"$(get_debconf_value "openstack" "keystone/password/ironic")"
openstack-configure set /etc/nova/nova.conf ironic admin_tenant_name service
openstack-configure set /etc/nova/nova.conf glance api_servers "http://${ctrlnode}:9292/"
openstack-configure set /etc/nova/nova.conf glance num_retries 5
openstack-configure set /etc/nova/nova.conf rdp html5_proxy_base_url http://127.0.0.1:6083/
openstack-configure set /etc/nova/nova.conf rdp enabled true
openstack-configure set /etc/nova/nova.conf spice html5proxy_host 0.0.0.0
openstack-configure set /etc/nova/nova.conf spice html5proxy_port 6082
openstack-configure set /etc/nova/nova.conf spice html5proxy_base_url "http://${ctrlnode}:6082/spice_auto.html"
openstack-configure set /etc/nova/nova.conf spice html5proxy_base_url "${ctrlnode}"
openstack-configure set /etc/nova/nova.conf spice server_listen 0.0.0.0
openstack-configure set /etc/nova/nova.conf spice enabled true
openstack-configure set /etc/nova/nova.conf spice agent_enabled false
ini_unset_value /etc/nova/nova.conf default_domain_name
ini_unset_value /etc/nova/nova.conf domain_name
# Configure Zaqar.
cp /etc/zaqar/zaqar.conf /etc/zaqar/zaqar.conf.orig
openstack-configure set /etc/zaqar/zaqar.conf DEFAULT unreliable True
openstack-configure set /etc/zaqar/zaqar.conf DEFAULT auth_strategy keystone
openstack-configure set /etc/zaqar/zaqar.conf "drivers:management_store:mongodb" database zaqar
openstack-configure set /etc/zaqar/zaqar.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/zaqar/zaqar.conf drivers:transport:wsgi bind "${ip}"
# Configure Cinder.
cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.orig
openstack-configure set /etc/cinder/cinder.conf DEFAULT my_ip "${ip}"
openstack-configure set /etc/cinder/cinder.conf DEFAULT storage_availability_zone nova
openstack-configure set /etc/cinder/cinder.conf DEFAULT default_availability_zone nova
openstack-configure set /etc/cinder/cinder.conf DEFAULT scheduler_driver cinder.scheduler.filter_scheduler.FilterScheduler
# TODO: !! Not yet - as soon as we get Cinder-ZoL plugin to work. !!
#openstack-configure set /etc/cinder/cinder.conf DEFAULT nas_ip 192.168.69.8
#openstack-configure set /etc/cinder/cinder.conf DEFAULT nas_login root
#openstack-configure set /etc/cinder/cinder.conf DEFAULT nas_private_key /etc/cinder/sshkey
#openstack-configure set /etc/cinder/cinder.conf DEFAULT nas_share_path share/Blade_Center
openstack-configure set /etc/cinder/cinder.conf DEFAULT volume_group blade_center
openstack-configure set /etc/cinder/cinder.conf DEFAULT iscsi_target_prefix iqn.2010-10.org.openstack:
openstack-configure set /etc/cinder/cinder.conf DEFAULT iscsi_port 3260
openstack-configure set /etc/cinder/cinder.conf DEFAULT iscsi_iotype blockio
openstack-configure set /etc/cinder/cinder.conf DEFAULT iscsi_write_cache on
openstack-configure set /etc/cinder/cinder.conf DEFAULT iscsi_ip_address \$my_ip
# Cinder can't handle changed {volume,snapshot,backup}_name_template configuration.
# https://bugs.launchpad.net/cinder/+bug/1602644
#openstack-configure set /etc/cinder/cinder.conf DEFAULT volume_name_template '%s'
#openstack-configure set /etc/cinder/cinder.conf DEFAULT snapshot_name_template '%s.snap'
#openstack-configure set /etc/cinder/cinder.conf DEFAULT backup_name_template '%s.back'
openstack-configure set /etc/cinder/cinder.conf DEFAULT iscsi_helper tgtadm
openstack-configure set /etc/cinder/cinder.conf DEFAULT iscsi_protocol iscsi
openstack-configure set /etc/cinder/cinder.conf DEFAULT volume_dd_blocksize 4M
openstack-configure set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit
openstack-configure set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-configure set /etc/cinder/cinder.conf DEFAULT glance_api_servers "http://${ctrlnode}:9292/"
OLD="$(openstack-configure get /etc/cinder/cinder.conf DEFAULT enabled_backends)"
openstack-configure set /etc/cinder/cinder.conf DEFAULT enabled_backends "${OLD:+${OLD},}nfs"
set -i "s@^\(volume_driver[ \t].*\)@#\1@" /etc/cinder/cinder.conf
openstack-configure set /etc/cinder/cinder.conf DEFAULT nfs_shares_config /etc/cinder/nfs.conf
openstack-configure set /etc/cinder/cinder.conf DEFAULT nfs_sparsed_volumes true
openstack-configure set /etc/cinder/cinder.conf DEFAULT enable_v1_api true
openstack-configure set /etc/cinder/cinder.conf DEFAULT enable_v2_api true
openstack-configure set /etc/cinder/cinder.conf DEFAULT enable_v3_api true
openstack-configure set /etc/cinder/cinder.conf DEFAULT glance_host \$my_ip
openstack-configure set /etc/cinder/cinder.conf DEFAULT glance_port 9292
openstack-configure set /etc/cinder/cinder.conf DEFAULT default_volume_type lvm
openstack-configure set /etc/cinder/cinder.conf DEFAULT os_region_name europe-london
openstack-configure set /etc/cinder/cinder.conf DEFAULT osapi_volume_listen 0.0.0.0
openstack-configure set /etc/cinder/cinder.conf DEFAULT allow_availability_zone_fallback true
openstack-configure set /etc/cinder/cinder.conf DEFAULT image_volume_cache_enabled true
openstack-configure set /etc/cinder/cinder.conf oslo_messaging_notifications driver messagingv2
openstack-configure set /etc/cinder/cinder.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/cinder/cinder.conf keystone_authtoken auth_uri "http://${ctrlnode}:5000/v3"
openstack-configure set /etc/cinder/cinder.conf keystone_authtoken region_name europe-london
openstack-configure set /etc/cinder/cinder.conf lvm volume_group blade_center
openstack-configure set /etc/cinder/cinder.conf database use_db_reconnect true
#TODO: ?? Enable this ??
echo "#*/5 * * * * /usr/bin/cinder-volume-usage-audit --send_actions" > \
/etc/cron.d/cinder-volume-usage-audit
# ======================================================================
# Configure Glance.
cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.orig
openstack-configure set /etc/glance/glance-api.conf DEFAULT rpc_backend rabbit
openstack-configure set /etc/glance/glance-api.conf DEFAULT registry_host "${ip}"
openstack-configure set /etc/glance/glance-api.conf DEFAULT metadata_encryption_key \
"$(get_debconf_value "openstack" "glance/metadata_encryption_key")"
openstack-configure set /etc/glance/glance-api.conf database use_db_reconnect true
# TODO: Put images in Cinder
#openstack-configure set /etc/glance/glance-api.conf glance_store stores cinder,file,http
#openstack-configure set /etc/glance/glance-api.conf glance_store default_store cinder
openstack-configure set /etc/glance/glance-api.conf glance_store cinder_os_region_name europe-london
openstack-configure set /etc/glance/glance-api.conf glance_store cinder_store_auth_address "${ip}"
openstack-configure set /etc/glance/glance-api.conf glance_store cinder_store_user_name cinder
openstack-configure set /etc/glance/glance-api.conf glance_store cinder_store_password \
"$(get_debconf_value "cinder-common" "cinder/admin-password")"
openstack-configure set /etc/glance/glance-api.conf glance_store cinder_store_project_name service
# TODO: Use S3 for image repository
#openstack-configure set /etc/glance/glance-api.conf glance_store s3_store_host ???
#openstack-configure set /etc/glance/glance-api.conf glance_store s3_store_access_key ???
#openstack-configure set /etc/glance/glance-api.conf glance_store s3_store_secret_key ???
#openstack-configure set /etc/glance/glance-api.conf glance_store s3_store_bucket ???
#openstack-configure set /etc/glance/glance-api.conf glance_store s3_store_object_buffer_dir /var/lib/glance/images
#openstack-configure set /etc/glance/glance-api.conf glance_store s3_store_create_bucket_on_put true
openstack-configure set /etc/glance/glance-api.conf oslo_messaging_notifications driver messagingv2
openstack-configure set /etc/glance/glance-api.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
cp /etc/glance/glance-cache.conf /etc/glance/glance-cache.conf.orig
openstack-configure set /etc/glance/glance-cache.conf DEFAULT metadata_encryption_key \
"$(get_debconf_value "openstack" "glance/metadata_encryption_key")"
openstack-configure set /etc/glance/glance-cache.conf DEFAULT digest_algorithm sha512
openstack-configure set /etc/glance/glance-cache.conf DEFAULT image_cache_dir /var/lib/glance/cache
openstack-configure set /etc/glance/glance-cache.conf DEFAULT registry_host "${ip}"
cp /etc/glance/glance-glare.conf /etc/glance/glance-glare.conf.orig
openstack-configure set /etc/glance/glance-glare.conf DEFAULT bind_host "${ip}"
openstack-configure set /etc/glance/glance-glare.conf database connection "mysql+pymysql://glance:${glance_pass}@${ctrlnode}/glance"
openstack-configure set /etc/glance/glance-glare.conf database use_db_reconnect true
# TODO: Put images in Cinder
#openstack-configure set /etc/glance/glance-glare.conf glance_store stores cinder,file,http
#openstack-configure set /etc/glance/glance-glare.conf glance_store default_store cinder
# TODO: Use S3 for image repository
#openstack-configure set /etc/glance/glance-glare.conf glance_store s3_store_host ???
#openstack-configure set /etc/glance/glance-glare.conf glance_store s3_store_access_key ???
#openstack-configure set /etc/glance/glance-glare.conf glance_store s3_store_secret_key ???
#openstack-configure set /etc/glance/glance-glare.conf glance_store s3_store_bucket ???
#openstack-configure set /etc/glance/glance-glare.conf glance_store s3_store_object_buffer_dir /var/lib/glance/images
#openstack-configure set /etc/glance/glance-glare.conf glance_store s3_store_create_bucket_on_put true
openstack-configure set /etc/glance/glance-glare.conf glance_store cinder_os_region_name europe-london
openstack-configure set /etc/glance/glance-glare.conf glance_store cinder_store_auth_address "${ip}"
openstack-configure set /etc/glance/glance-glare.conf glance_store cinder_store_user_name cinder
openstack-configure set /etc/glance/glance-glare.conf glance_store cinder_store_password \
"$(get_debconf_value "cinder-common" "cinder/admin-password")"
openstack-configure set /etc/glance/glance-glare.conf glance_store cinder_store_project_name service
openstack-configure set /etc/glance/glance-glare.conf keystone_authtoken region_name europe-london
openstack-configure set /etc/glance/glance-glare.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/glance/glance-glare.conf keystone_authtoken auth_host "${ip}"
openstack-configure set /etc/glance/glance-glare.conf keystone_authtoken auth_protocol http
openstack-configure set /etc/glance/glance-glare.conf keystone_authtoken admin_user glance
openstack-configure set /etc/glance/glance-glare.conf keystone_authtoken admin_password \
"$(get_debconf_value "glance-common" "glance/admin-password")"
openstack-configure set /etc/glance/glance-glare.conf keystone_authtoken admin_tenant_name service
openstack-configure set /etc/glance/glance-glare.conf database connection "mysql+pymysql://glance:${glance_pass}@${ctrlnode}/glance"
openstack-configure set /etc/glance/glance-glare.conf database use_db_reconnect true
cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.orig
openstack-configure set /etc/glance/glance-registry.conf DEFAULT bind_host "${ip}"
openstack-configure set /etc/glance/glance-registry.conf database use_db_reconnect true
# TODO: Put images in Cinder
#openstack-configure set /etc/glance/glance-registry.conf glance_store stores cinder,file,http
#openstack-configure set /etc/glance/glance-registry.conf glance_store default_store cinder
# TODO: Use S3 for image repository
#openstack-configure set /etc/glance/glance-registry.conf glance_store s3_store_host ???
#openstack-configure set /etc/glance/glance-registry.conf glance_store s3_store_access_key ???
#openstack-configure set /etc/glance/glance-registry.conf glance_store s3_store_secret_key ???
#openstack-configure set /etc/glance/glance-registry.conf glance_store s3_store_bucket ???
#openstack-configure set /etc/glance/glance-registry.conf glance_store s3_store_object_buffer_dir /var/lib/glance/images
#openstack-configure set /etc/glance/glance-registry.conf glance_store s3_store_create_bucket_on_put true
openstack-configure set /etc/glance/glance-registry.conf glance_store cinder_os_region_name europe-london
openstack-configure set /etc/glance/glance-registry.conf glance_store cinder_store_auth_address "${ip}"
openstack-configure set /etc/glance/glance-registry.conf glance_store cinder_store_user_name cinder
openstack-configure set /etc/glance/glance-registry.conf glance_store cinder_store_password \
"$(get_debconf_value "cinder-common" "cinder/admin-password")"
openstack-configure set /etc/glance/glance-registry.conf glance_store cinder_store_project_name service
openstack-configure set /etc/glance/glance-registry.conf keystone_authtoken region_name europe-london
openstack-configure set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/glance/glance-registry.conf oslo_messaging_notifications driver messagingv2
openstack-configure set /etc/glance/glance-registry.conf oslo_messaging_rabbit rabbit_host "${ctrlnode}"
openstack-configure set /etc/glance/glance-registry.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-configure set /etc/glance/glance-registry.conf oslo_messaging_rabbit rabbit_password \
"$(get_debconf_value "glance-common" "glance/rabbit_password")"
cp /etc/glance/glance-scrubber.conf /etc/glance/glance-scrubber.conf.orig
openstack-configure set /etc/glance/glance-scrubber.conf DEFAULT digest_algorithm sha512
openstack-configure set /etc/glance/glance-scrubber.conf DEFAULT metadata_encryption_key \
"$(get_debconf_value "openstack" "glance/metadata_encryption_key")"
openstack-configure set /etc/glance/glance-scrubber.conf DEFAULT daemon true
openstack-configure set /etc/glance/glance-scrubber.conf DEFAULT registry_host "${ip}"
openstack-configure set /etc/glance/glance-scrubber.conf database connection "mysql+pymysql://glance:${glance_pass}@${ctrlnode}/glance"
openstack-configure set /etc/glance/glance-scrubber.conf database use_db_reconnect true
# Configure Barbican.
cp /etc/barbican/barbican.conf /etc/barbican/barbican.conf.orig
openstack-configure set /etc/barbican/barbican.conf DEFAULT metadata_encryption_key \
"$(get_debconf_value "openstack" "glance/metadata_encryption_key")"
# Configure Ceilometer.
cp /etc/ceilometer/ceilometer.conf /etc/ceilometer/ceilometer.conf.orig
openstack-configure set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit
openstack-configure set /etc/ceilometer/ceilometer.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/ceilometer/ceilometer.conf database connection "mongodb://ceilometer:${mongo_ceilodb_pass}@${ctrlnode}:27017/ceilometer"
# TODO: 2h?
openstack-configure set /etc/ceilometer/ceilometer.conf database metering_time_to_live 7200
openstack-configure set /etc/ceilometer/ceilometer.conf database event_time_to_live 7200
# Configure Aodh.
cp /etc/aodh/aodh.conf /etc/aodh/aodh.conf.orig
openstack-configure set /etc/aodh/aodh.conf DEFAULT rpc_backend rabbit
openstack-configure set /etc/aodh/aodh.conf oslo_messaging_rabbit rabbit_host "${ctrlnode}"
openstack-configure set /etc/aodh/aodh.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-configure set /etc/aodh/aodh.conf oslo_messaging_rabbit rabbit_password "${rabbit_pass}"
openstack-configure set /etc/aodh/aodh.conf database connection "mysql+pymysql://aodh:${aodh_pass}@${ctrlnode}/aodh"
openstack-configure set /etc/aodh/aodh.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
#openstack-configure set /etc/aodh/aodh.conf keystone_authtoken admin_password "${admin_pass}"
# Configure Neutron.
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.orig
openstack-configure set /etc/neutron/neutron.conf DEFAULT bind_host 0.0.0.0
openstack-configure set /etc/neutron/neutron.conf DEFAULT default_availability_zones nova
openstack-configure set /etc/neutron/neutron.conf DEFAULT availability_zone nova
openstack-configure set /etc/neutron/neutron.conf DEFAULT core_plugin neutron.plugins.ml2.plugin.Ml2Plugin
openstack-configure set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-configure set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-configure set /etc/neutron/neutron.conf DEFAULT interface_driver openvswitch
openstack-configure set /etc/neutron/neutron.conf DEFAULT metadata_proxy_shared_secret \
"$(get_debconf_value "neutron-metadata-agent" "neutron-metadata/metadata_secret")"
OLD="$(openstack-configure get /etc/neutron/neutron.conf DEFAULT service_plugins)"
# NOTE: Using "lbaasv2" gives "Plugin 'lbaasv2' not found".
# TODO: The package is called 'neutron-lbaasv2-agent', not 'neutron-lbaas-agent'!
# TODO: !! Install and enable VPNaaS as soon as it's available !!
openstack-configure set /etc/neutron/neutron.conf DEFAULT service_plugins \
"${OLD:+${OLD},}lbaas,neutron.services.firewall.fwaas_plugin.FirewallPlugin"
openstack-configure set /etc/neutron/neutron.conf DEFAULT dns_domain openstack.domain.tld.
openstack-configure set /etc/neutron/neutron.conf DEFAULT external_dns_driver designate
openstack-configure set /etc/neutron/neutron.conf DEFAULT agent_down_time 120
openstack-configure set /etc/neutron/neutron.conf keystone_authtoken auth_host openstack.domain.tld
openstack-configure set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357
openstack-configure set /etc/neutron/neutron.conf keystone_authtoken http_connect_timeout 5
openstack-configure set /etc/neutron/neutron.conf keystone_authtoken http_request_max_retries 3
openstack-configure set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-configure set /etc/neutron/neutron.conf keystone_authtoken tenant_name neutron
ini_unset_value /etc/neutron/neutron.conf user_domain_id
openstack-configure set /etc/neutron/neutron.conf keystone_authtoken region_name europe-london
# TODO: !! These four don't seem to work !!
#openstack-configure set /etc/neutron/neutron.conf keystone_authtoken auth_uri "http://${ctrlnode}:5000/v3"
#openstack-configure set /etc/neutron/neutron.conf keystone_authtoken identity_uri "http://${ctrlnode}:35357/"
#ini_unset_value /etc/neutron/neutron.conf auth_host
#ini_unset_value /etc/neutron/neutron.conf auth_protocol
openstack-configure set /etc/neutron/neutron.conf nova auth_url "http://${ctrlnode}:5000/v3"
openstack-configure set /etc/neutron/neutron.conf nova project_name service
openstack-configure set /etc/neutron/neutron.conf oslo_messaging_notifications driver \
neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver
openstack-configure set /etc/neutron/neutron.conf agent availability_zone nova
openstack-configure set /etc/neutron/neutron.conf agent report_interval 60
openstack-configure set /etc/neutron/neutron.conf database use_db_reconnect true
ini_unset_value /etc/neutron/neutron.conf domain_name
cat <<EOF >> /etc/neutron/neutron.conf
# http://docs.openstack.org/mitaka/networking-guide/adv-config-dns.html
[designate]
url = http://openstack.domain.tld:9001/v2
admin_auth_url = http://openstack.domain.tld:35357/v3
admin_username = neutron
admin_password = ${neutron_pass}
admin_tenant_name = service
allow_reverse_dns_lookup = False
ipv4_ptr_zone_prefix_size = 24
#ipv6_ptr_zone_prefix_size = 116
EOF
cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.orig
openstack-configure set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
openstack-configure set /etc/neutron/dhcp_agent.ini DEFAULT force_metadata True
openstack-configure set /etc/neutron/dhcp_agent.ini DEFAULT enable_metadata_network False
openstack-configure set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_domain openstack.domain.tld.
openstack-configure set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_dns_servers 10.0.4.${ipnr}
openstack-configure set /etc/neutron/dhcp_agent.ini DEFAULT ovs_integration_bridge br-provider
cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.orig
openstack-configure set /etc/neutron/l3_agent.ini DEFAULT rpc_workers 5
openstack-configure set /etc/neutron/l3_agent.ini DEFAULT rpc_state_report_workers 5
openstack-configure set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge ""
openstack-configure set /etc/neutron/l3_agent.ini DEFAULT ovs_integration_bridge br-provider
cp /etc/neutron/lbaas_agent.ini /etc/neutron/lbaas_agent.ini.orig
# TODO: !! Get LBaaSv2 working !!
openstack-configure set /etc/neutron/lbaas_agent.ini DEFAULT device_driver \
neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
# neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
openstack-configure set /etc/neutron/lbaas_agent.ini DEFAULT ovs_integration_bridge br-provider
openstack-configure set /etc/neutron/lbaas_agent.ini DEFAULT interface_driver \
neutron.agent.linux.interface.OVSInterfaceDriver
openstack-configure set /etc/neutron/lbaas_agent.ini DEFAULT haproxy user_group haproxy
cp /etc/neutron/services_lbaas.conf /etc/neutron/services_lbaas.conf.orig
openstack-configure set /etc/neutron/services_lbaas.conf haproxy interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
# TODO: !! Until the package come with this file, we use "cat" below to create it instead !!
#cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.orig
#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://${ip}:5000/v2.0
#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region europe-london
#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_tenant_name service
#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_user neutron
#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_password "${neutron_pass}"
#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip "${ip}"
#openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret \
# "$(get_debconf_value "neutron-metadata-agent" "neutron-metadata/metadata_secret")"
#
touch /etc/neutron/metadata_agent.ini.orig
cat <<EOF > /etc/neutron/metadata_agent.ini
[DEFAULT]
bind_port = 8775
auth_url = http://${ctrlnode}:5000/v3
auth_region = europe-london
admin_tenant_name = service
admin_user = neutron
admin_password = ${neutron_pass}
nova_metadata_ip = ${ip}
nova_metadata_protocol = http
metadata_port = 8775
metadata_proxy_shared_secret = $(get_debconf_value "neutron-metadata-agent" "neutron-metadata/metadata_secret")
metadata_workers = 16
metadata_backlog = 4096
cache_url = memory://?default_ttl=5
verbose = True
EOF
cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.save
cp /etc/neutron/plugins/ml2/openvswitch_agent.ini /etc/neutron/plugins/ml2/openvswitch_agent.ini.orig
openstack-configure set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings external:br-physical,infrastructure:br-infra
openstack-configure set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs integration_bridge br-provider
openstack-configure set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs tunnel_bridge br-tun
openstack-configure set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs local_ip "${ip}"
cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.orig
openstack-configure set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver iptables_hybrid
OLD="$(openstack-configure get /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers)"
openstack-configure set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers "${OLD:+${OLD},}vlan"
openstack-configure set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security,dns
openstack-configure set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks external,infrastructure
openstack-configure set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan network_vlan_ranges external:90:99,infrastructure:100:101
OLD="$(openstack-configure get /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types)"
openstack-configure set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types "${OLD:+${OLD},}vlan,flat"
cp /etc/neutron/neutron_lbaas.conf /etc/neutron/neutron_lbaas.conf.orig
openstack-configure set /etc/neutron/neutron_lbaas.conf DEFAULT interface_driver openvswitch
openstack-configure set /etc/neutron/neutron_lbaas.conf service_auth auth_url "http://${ctrlnode}:35357/v2.0"
openstack-configure set /etc/neutron/neutron_lbaas.conf service_auth admin_user neutron
openstack-configure set /etc/neutron/neutron_lbaas.conf service_auth admin_password "${neutron_pass}"
openstack-configure set /etc/neutron/neutron_lbaas.conf service_auth admin_tenant_name service
openstack-configure set /etc/neutron/neutron_lbaas.conf service_auth region europe-london
# TODO: !! Get LBaaSv2 working !!
openstack-configure set /etc/neutron/neutron_lbaas.conf service_providers service_provider \
LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
# LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
# ======================================================================
# Setup Ironic
cp /etc/ironic/ironic.conf /etc/ironic/ironic.conf.orig
openstack-configure set /etc/ironic/ironic.conf DEFAULT auth_strategy keystone
openstack-configure set /etc/ironic/ironic.conf DEFAULT my_ip "${ip}"
openstack-configure set /etc/ironic/ironic.conf glance auth_strategy keystone
openstack-configure set /etc/ironic/ironic.conf neutron auth_strategy keystone
openstack-configure set /etc/ironic/ironic.conf amt protocol http
openstack-configure set /etc/ironic/ironic.conf api host_ip "${ip}"
openstack-configure set /etc/ironic/ironic.conf api enable_ssl_api false
openstack-configure set /etc/ironic/ironic.conf database use_db_reconnect true
openstack-configure set /etc/ironic/ironic.conf dhcp dhcp_provider neutron
openstack-configure set /etc/ironic/ironic.conf glance glance_host \$my_ip
openstack-configure set /etc/ironic/ironic.conf glance glance_protocol http
openstack-configure set /etc/ironic/ironic.conf glance glance_api_servers "http://openstack.domain.tld:9292/"
openstack-configure set /etc/ironic/ironic.conf irmc remote_image_share_root /shares
openstack-configure set /etc/ironic/ironic.conf irmc remote_image_server \$my_ip
openstack-configure set /etc/ironic/ironic.conf irmc remote_image_share_type NFS
openstack-configure set /etc/ironic/ironic.conf keystone region_name europe-london
openstack-configure set /etc/ironic/ironic.conf keystone_authtoken auth_host "${ip}"
openstack-configure set /etc/ironic/ironic.conf keystone_authtoken auth_protocol http
openstack-configure set /etc/ironic/ironic.conf keystone_authtoken admin_user ironic
openstack-configure set /etc/ironic/ironic.conf keystone_authtoken admin_password \
"$(get_debconf_value "ironic-common" "ironic/admin-password")"
openstack-configure set /etc/ironic/ironic.conf keystone_authtoken auth_port 35357
openstack-configure set /etc/ironic/ironic.conf keystone_authtoken http_connect_timeout 5
openstack-configure set /etc/ironic/ironic.conf keystone_authtoken http_request_max_retries 3
openstack-configure set /etc/ironic/ironic.conf keystone_authtoken admin_tenant_name service
openstack-configure set /etc/ironic/ironic.conf keystone_authtoken region_name europe-london
openstack-configure set /etc/ironic/ironic.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/ironic/ironic.conf oslo_messaging_rabbit rabbit_host "${ctrlnode}"
openstack-configure set /etc/ironic/ironic.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-configure set /etc/ironic/ironic.conf oslo_messaging_rabbit rabbit_password "${rabbit_pass}"
# ======================================================================
# Setup Trove.
cp /etc/trove/trove.conf /etc/trove/trove.conf.orig
openstack-configure set /etc/trove/trove.conf database connection "mysql+pymysql://trove:${trove_pass}@${ctrlnode}/trove"
openstack-configure set /etc/trove/trove.conf DEFAULT trove_auth_url "http://${ctrlnode}:5000/v2.0"
openstack-configure set /etc/trove/trove.conf DEFAULT nova_compute_url "http://${ctrlnode}:8774/v2"
openstack-configure set /etc/trove/trove.conf DEFAULT cinder_url "http://${ctrlnode}:8776/v1"
openstack-configure set /etc/trove/trove.conf DEFAULT swift_url "http://${ctrlnode}:8080/v1/AUTH_"
openstack-configure set /etc/trove/trove.conf DEFAULT neutron_url "http://${ctrlnode}:9696/"
openstack-configure set /etc/trove/trove.conf DEFAULT dns_auth_url "http://${ctrlnode}:5000/v2.0"
#openstack-configure set /etc/trove/trove.conf DEFAULT dns_username ???
#openstack-configure set /etc/trove/trove.conf DEFAULT dns_passkey ???
openstack-configure set /etc/trove/trove.conf DEFAULT network_label_regex '.\*'
openstack-configure set /etc/trove/trove.conf DEFAULT os_region_name europe-london
openstack-configure set /etc/trove/trove.conf mysql root_on_create True
cp /etc/trove/trove-taskmanager.conf /etc/trove/trove-taskmanager.conf.orig
#openstack-configure set /etc/trove/trove-taskmanager.conf database connection "mysql+pymysql://trove:${trove_pass}@${ctrlnode}/trove"
#openstack-configure set /etc/trove/trove-taskmanager.conf DEFAULT trove_auth_url "http://${ctrlnode}:35357/v2.0"
#openstack-configure set /etc/trove/trove-taskmanager.conf DEFAULT nova_compute_url "http://${ctrlnode}:8774/v2"
#openstack-configure set /etc/trove/trove-taskmanager.conf DEFAULT cinder_url "http://${ctrlnode}:8776/v2"
##openstack-configure set /etc/trove/trove-taskmanager.conf DEFAULT swift_url "http://${ctrlnode}:8080/v1/AUTH_"
#openstack-configure set /etc/trove/trove-taskmanager.conf DEFAULT neutron_url "http://${ctrlnode}:9696/"
#openstack-configure set /etc/trove/trove-taskmanager.conf DEFAULT os_region_name europe-london
#openstack-configure set /etc/trove/trove-taskmanager.conf DEFAULT nova_proxy_admin_pass \
# "$(get_debconf_value "trove-api" "/keystone-admin-password")"
#openstack-configure set /etc/trove/trove-taskmanager.conf DEFAULT use_nova_server_volume True
#openstack-configure set /etc/trove/trove-taskmanager.conf DEFAULT mount_point /var/lib/trove/mysql
# TODO: Until the config file contain all relevant templates, just get the whole thing.
curl -s http://${LOCALSERVER}/PXEBoot/trove-taskmanager.conf > /etc/trove/trove-taskmanager.conf
cp /etc/trove/trove-conductor.conf /etc/trove/trove-conductor.conf.orig
openstack-configure set /etc/trove/trove-conductor.conf DEFAULT trove_auth_url "http://${ctrlnode}:5000/v2.0"
openstack-configure set /etc/trove/trove-conductor.conf database connection "mysql+pymysql://trove:${trove_pass}@${ctrlnode}/trove"
cp /etc/trove/trove-guestagent.conf /etc/trove/trove-guestagent.conf.orig
#openstack-configure set /etc/trove/trove-guestagent.conf DEFAULT os_region_name europe-london
#openstack-configure set /etc/trove/trove-guestagent.conf DEFAULT swift_service_type object-store
#openstack-configure set /etc/trove/trove-guestagent.conf DEFAULT log_file trove.log
# TODO: Until the config file contain all relevant templates, just get the whole thing.
curl -s http://${LOCALSERVER}/PXEBoot/trove-guestagent.conf > /etc/trove/trove-guestagent.conf
touch /etc/trove/cloudinit/mysql.cloudinit.orig
curl -s http://${LOCALSERVER}/PXEBoot/mysql.cloudinit > /etc/trove/cloudinit/mysql.cloudinit
echo "trove ALL = NOPASSWD: ALL" > /etc/sudoers.d/trove
mkdir /var/lib/trove/mysql /var/lib/trove/postgresql
chown trove /var/lib/trove/mysql /var/lib/trove/postgresql
# ======================================================================
# Setup Swift.
cp /etc/swift/account-server.conf /etc/swift/account-server.conf.orig
openstack-configure set /etc/swift/account-server.conf DEFAULT devices /swift
cp /etc/swift/object-server.conf /etc/swift/object-server.conf.orig
openstack-configure set /etc/swift/object-server.conf DEFAULT devices /swift
cp /etc/swift/container-server.conf /etc/swift/container-server.conf.orig
openstack-configure set /etc/swift/container-server.conf DEFAULT devices /swift
# ======================================================================
# Setup Senlin.
cp /etc/senlin/senlin.conf /etc/senlin/senlin.conf.orig
#openstack-configure set /etc/senlin/senlin.conf database use_db_reconnect true
#openstack-configure set /etc/senlin/senlin.conf keystone_authtoken region_name europe-london
#openstack-configure set /etc/senlin/senlin.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
#openstack-configure set /etc/senlin/senlin.conf keystone_authtoken auth_port 35357
#openstack-configure set /etc/senlin/senlin.conf keystone_authtoken auth_type v3password
#openstack-configure set /etc/senlin/senlin.conf keystone_authtoken auth_uri "http://${ctrlnode}:5000/v3"
#openstack-configure set /etc/senlin/senlin.conf keystone_authtoken identity_uri "http://${ctrlnode}:35357"
# TODO: Until the config file contain all relevant templates, just get the whole thing.
curl -s http://${LOCALSERVER}/PXEBoot/senlin.conf > /etc/senlin/senlin.conf
# ======================================================================
# Setup Heat.
cp /etc/heat/heat.conf /etc/heat/heat.conf.orig
openstack-configure set /etc/heat/heat.conf keystone_authtoken auth_version 3
openstack-configure set /etc/heat/heat.conf keystone_authtoken region_name europe-london
openstack-configure set /etc/heat/heat.conf keystone_authtoken memcached_servers "${ctrlnode}:11211"
openstack-configure set /etc/heat/heat.conf keystone_authtoken auth_port 35357
openstack-configure set /etc/heat/heat.conf keystone_authtoken auth_uri "http://${ctrlnode}:5000/v3"
# TODO: Until "heat-api-cfn" does 'the right thing':
#openstack-configure set /etc/heat/heat.conf DEFAULT heat_metadata_server_url "http://${ctrlnode}:8000"
#openstack-configure set /etc/heat/heat.conf DEFAULT heat_waitcondition_server_url http://${ctrlnode}:8000/v1/waitcondition
sed -i "s@^\(\[DEFAULT\]\)@\[DEFAULT\]\\
heat_metadata_server_url = http://${ctrlnode}:8000\\
heat_waitcondition_server_url = http://${ctrlnode}:8000/v1/waitcondition@" \
/etc/heat/heat.conf
REGION_NAME="europe-london"
SERVICE_NAME="heat-cfn"
SERVICE_DESC="Orchestration CloudFormation"
SERVICE_TYPE="cloudformation"
PKG_ENDPOINT_IP="10.0.4.1"
SERVICE_PORT="8000"
SERVICE_URL="/v1"
openstack service create --name=${SERVICE_NAME} --description="${SERVICE_DESC}" ${SERVICE_TYPE}
openstack endpoint create --region "${REGION_NAME}" ${SERVICE_NAME} public http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
openstack endpoint create --region "${REGION_NAME}" ${SERVICE_NAME} internal http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
openstack endpoint create --region "${REGION_NAME}" ${SERVICE_NAME} admin http://${PKG_ENDPOINT_IP}:${SERVICE_PORT}${SERVICE_URL}
sed -i "s@Instance: m1.small@Instance: m1.3small@" AWS_RDS_DBInstance.yaml
sed -i "s@Instance: m1.large@Instance: m1.5large@" AWS_RDS_DBInstance.yaml
sed -i "s@Instance: m1.xlarge@Instance: m1.6xlarge@" AWS_RDS_DBInstance.yaml
sed -i "s@Instance: m2.xlarge@Instance: m2.4large@" AWS_RDS_DBInstance.yaml
sed -i "s@Instance: m2.2xlarge@Instance: m2.5xlarge@" AWS_RDS_DBInstance.yaml
# ======================================================================
# Setup MongoDB.
cp /etc/mongodb.conf /etc/mongodb.conf.orig
sed -i "s@^bind_ip[ \t].*@bind_ip = 0.0.0.0@" /etc/mongodb.conf
/etc/init.d/mongodb restart
echo "Sleeping 10 seconds to give MongoDB time to start."
sleep 10 # Just give it some time..
mongo --host "${ctrlnode}" --eval "
db = db.getSiblingDB(\"ceilometer\");
db.addUser({user: \"ceilometer\",
pwd: \"${mongo_ceilodb_pass}\",
roles: [ \"readWrite\", \"dbAdmin\" ]})"
# ======================================================================
# Create a RNDC key for Designate.
rndc-confgen -a -b 512 -c /etc/designate/rndc.key -k designate-key -u designate
# Make sure 'bind' group can access the key.
chown designate:bind /etc/designate/rndc.key
chmod 640 /etc/designate/rndc.key
chgrp bind /etc/designate
chmod g=rx /etc/designate
# Setup Bind9.
cp /etc/bind/named.conf.options /etc/bind/named.conf.options.orig
cat <<EOF > /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
forwarders {
10.0.0.254;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-new-zones yes;
request-ixfr no;
recursion no;
};
include "/etc/designate/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "designate-key"; };
inet 10.0.4.${ipnr} allow { localhost; } keys { "designate-key"; };
};
EOF
# ======================================================================
# Restart all changed servers
# NOTE: Need to do this before we create networks etc.
/etc/init.d/openstack-services restart
service bind9 restart
# ======================================================================
# Sync/upgrade the database to create the missing tables for LBaaSv2.
neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head
# ======================================================================
# Create services and service users.
debconf-get-selections | \
grep "^openstack[ $(printf '\t')]keystone/password/" | \
while read line; do
set -- $(echo "${line}")
passwd="${4}"
set -- $(echo "${2}" | sed 's@/@ @g')
user="${3}"
# Already created, so skip so we don't error out.
[ "${user}" = "admin" ] && continue
openstack user create --project service --project-domain default \
--password "${passwd}" "${user}"
openstack role add --project service --user "${user}" admin
done
openstack role create compute
openstack project create compute
openstack domain create compute
openstack user create --project compute --domain compute --password omed demo
# ======================================================================
# Create some volume types
openstack volume type create --description "Encrypted volumes" --public encrypted
cinder encryption-type-create --cipher aes-xts-plain64 --key_size 512 \
--control_location front-end encrypted LuksEncryptor
openstack volume type create --description "Local LVM volumes" --public lvm
openstack volume type create --description "Local NFS volumes" --public nfs
openstack volume type set --property volume_backend_name=LVM lvm
openstack volume type set --property volume_backend_name=NFS nfs
# ======================================================================
# Setup Open iSCSI.
iscsiadm -m iface -I eth1 --op=new
iscsiadm -m iface -I eth1 --op=update -n iface.vlan_priority -v 1
# ======================================================================
# Create network(s), routers etc.
# ----------------------------------------------------------------------
# Setup the physical (provider) network.
# NOTE: Setting "provider:physical_network" name must match "bridge_mappings"
# and "network_vlan_ranges" above!
neutron net-create physical --router:external True --shared \
--provider:physical_network external --provider:network_type flat \
--availability-zone-hint nova
neutron subnet-create --name subnet-physical --dns-nameserver 10.0.0.254 \
--disable-dhcp --ip-version 4 --gateway 10.0.0.254 \
--allocation-pool start=10.0.250.1,end=10.0.255.252 \
physical 10.0.0.0/16
# ----------------------------------------------------------------------
# Setup the tenant networks.
for net in 97 98 99; do
neutron net-create "tenant-${net}" --shared --provider:network_type gre \
--availability-zone-hint nova
neutron subnet-create --name "subnet-${net}" --dns-nameserver 10.0.0.254 \
--enable-dhcp --ip-version 4 --gateway "10.${net}.0.1" \
"tenant-${net}" "10.${net}.0.0/24"
done
# ----------------------------------------------------------------------
# Setup network routers.
# TODO: !! Need >1 l3 agents to do HA !!
# ----------------------------------------------------------------------
# Create the router between these.
neutron router-create --distributed False --ha False provider-tenants
# ----------------------------------------------------------------------
# Create router port on the provider networks.
for net in 97 98 99; do
neutron port-create --name "port-tenant${net}" --vnic-type normal \
--fixed-ip ip_address="10.${net}.0.1" "tenant-${net}"
neutron router-interface-add provider-tenants port="port-tenant${net}"
done
# ----------------------------------------------------------------------
# Set the routers default route to external gateway.
# NOTE: Ths also creates a port on the router.
neutron router-gateway-set --fixed-ip subnet_id=subnet-physical,ip_address=10.0.0.253 \
provider-tenants physical
set -- $(neutron port-list -c id -c fixed_ips | grep -w 10.0.0.253)
[ -n "${2}" ] && neutron port-update --name port-external "${2}"
# ----------------------------------------------------------------------
# Create the second physical network - Infrastructure.
neutron net-create infrastructure --router:external True --shared \
--provider:physical_network infrastructure --provider:network_type flat \
--availability-zone-hint nova
neutron subnet-create --name subnet-infrastructure --dns-nameserver 10.0.0.254 \
--enable-dhcp --ip-version 4 --gateway 192.168.96.1 \
--allocation-pool start=192.168.96.2,end=192.168.96.253 \
infrastructure 192.168.96.0/24
neutron router-create --distributed False --ha False infrastructure
neutron router-gateway-set --fixed-ip subnet_id=subnet-infrastructure,ip_address=192.168.96.254 \
infrastructure infrastructure
set -- $(neutron port-list -c id -c fixed_ips | grep -w 192.168.96.1)
[ -n "${2}" ] && neutron port-update --name port-infrastructure "${2}"
# ----------------------------------------------------------------------
# Create a load balancer for each of the subnets.
neutron lb-pool-create --lb-method LEAST_CONNECTIONS --name hapool-97 \
--protocol TCP --subnet-id subnet-97 --provider haproxy
neutron lb-pool-create --lb-method LEAST_CONNECTIONS --name hapool-98 \
--protocol TCP --subnet-id subnet-98 --provider haproxy
neutron lb-pool-create --lb-method LEAST_CONNECTIONS --name hapool-99 \
--protocol TCP --subnet-id subnet-99 --provider haproxy
# ----------------------------------------------------------------------
# Create a load balancer monitor.
neutron lb-healthmonitor-create --type PING --timeout 15 --delay 15 \
--max-retries 5
# ----------------------------------------------------------------------
# Create a VIP port on the loadbalancers
# NOTE: Can't load balance ssh: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED