forked from cloudandbigdatalab/OSCAR
-
Notifications
You must be signed in to change notification settings - Fork 0
/
bootstrap-compute.sh
executable file
·182 lines (143 loc) · 5.89 KB
/
bootstrap-compute.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
# This script bootstraps a compute node on UTSA's chameleon cloud.
# It takes all the actions necessary for the deployment of the
# compute node according the the Openstack Ansible Deployment(OSD)
# architecture (https://github.com/openstack/openstack-ansible).
# Auther(s):
# Miguel Alex Cantu (miguel.cantu@rackspace.com)
# Mohan Muppidi (Mohan.muppidi@utsa.edu)
# IN PROGRESS...
set -e -u -x
# The variables for setting Netmask and Gateway
export ETH0_NETMASK="255.255.252.0"
export ETH0_GATEWAY="$(ip r | grep default | awk '{print $3}')"
PUBLIC_INTERFACE="eth0"
# Input the management ip
export MANAGEMENT_IP=$1
export VXLAN_IP=$2
export STORAGE_IP=$3
# If br-mgmt bridge is up already, use that for public address and interface.
if grep "br-mgmt" /proc/net/dev > /dev/null;then
export PUBLIC_INTERFACE="br-mgmt"
export PUBLIC_ADDRESS=${PUBLIC_ADDRESS:-$(ip -o -4 addr show dev ${PUBLIC_INTERFACE} | awk -F '[ /]+' '/global/ {print $4}' | head -n 1)}
else
export PUBLIC_ADDRESS=${PUBLIC_ADDRESS:-$(ip -o -4 addr show dev ${PUBLIC_INTERFACE} | awk -F '[ /]+' '/global/ {print $4}')}
fi
echo PUBLIC_ADDRESS
#export PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-$(ip -o -4 addr show dev ${PUBLIC_INTERFACE} | awk -F '[ /]+' '/global/ {print $4}'p route show | awk '/default/ { print $NF }')}
#export PUBLIC_ADDRESS=${PUBLIC_ADDRESS:-$(ip -o -4 addr show dev ${PUBLIC_INTERFACE} | awk -F '[ /]+' '/global/ {print $4}')}
UBUNTU_RELEASE=$(lsb_release -sc)
UBUNTU_REPO=${UBUNTU_REPO:-$(awk "/^deb .*ubuntu\/? ${UBUNTU_RELEASE} main/ {print \$2; exit}" /etc/apt/sources.list)}
UBUNTU_SEC_REPO=${UBUNTU_SEC_REPO:-$(awk "/^deb .*ubuntu\/? ${UBUNTU_RELEASE}-security main/ {print \$2; exit}" /etc/apt/sources.list)}
# Ensure that the current kernel can support vxlan
if ! modprobe vxlan; then
echo "VXLAN support is required for this to work. And the Kernel module was not found."
echo "This build will not work without it."
exit
fi
# Set base DNS to google, ensuring consistent DNS in different environments
if [ ! "$(grep -e '^nameserver 8.8.8.8' -e '^nameserver 8.8.4.4' /etc/resolv.conf)" ];then
echo -e '\n# Adding google name servers\nnameserver 8.8.8.8\nnameserver 8.8.4.4' | tee -a /etc/resolv.conf
fi
# Ensure that the https apt transport is available before doing anything else
apt-get update && apt-get install -y apt-transport-https < /dev/null
# Set the host repositories to only use the same ones, always, for the sake of consistency.
cat > /etc/apt/sources.list <<EOF
# Base repositories
deb ${UBUNTU_REPO} ${UBUNTU_RELEASE} main restricted universe multiverse
# Updates repositories
deb ${UBUNTU_REPO} ${UBUNTU_RELEASE}-updates main restricted universe multiverse
# Backports repositories
deb ${UBUNTU_REPO} ${UBUNTU_RELEASE}-backports main restricted universe multiverse
# Security repositories
deb ${UBUNTU_SEC_REPO} ${UBUNTU_RELEASE}-security main restricted universe multiverse
EOF
# Update the package cache
apt-get update
# Install required packages
apt-get install -y bridge-utils \
build-essential \
curl \
ethtool \
git-core \
ipython \
linux-image-extra-$(uname -r) \
lvm2 \
python2.7 \
python-dev \
tmux \
vim \
vlan \
xfsprogs < /dev/null
# Flush all the iptables rules.
# Flush all the iptables rules.
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Ensure that sshd permits root login, or ansible won't be able to connect
if grep "^PermitRootLogin" /etc/ssh/sshd_config > /dev/null; then
sed -i 's/^PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
else
echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
fi
# Create /opt if it doesn't already exist
if [ ! -d "/opt" ];then
mkdir /opt
fi
# Remove the pip directory if its found
if [ -d "${HOME}/.pip" ];then
rm -rf "${HOME}/.pip"
fi
# Install pip
# if pip is already installed, don't bother doing anything
if [ ! "$(which pip)" ]; then
# if GET_PIP_URL is set, then just use it
if [ -z "${GET_PIP_URL:-}" ]; then
# Find and use an available get-pip download location.
if curl --silent https://bootstrap.pypa.io/get-pip.py; then
export GET_PIP_URL='https://bootstrap.pypa.io/get-pip.py'
elif curl --silent https://raw.github.com/pypa/pip/master/contrib/get-pip.py; then
export GET_PIP_URL='https://raw.github.com/pypa/pip/master/contrib/get-pip.py'
else
echo "A suitable download location for get-pip.py could not be found."
exit
fi
fi
# Download and install pip
curl ${GET_PIP_URL} > /opt/get-pip.py
python2 /opt/get-pip.py || python /opt/get-pip.py
fi
# Make the system key used for bootstrapping self
if [ ! -d /root/.ssh ];then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
# We don't need a Key pair for the compute node. Public key from controller node will be injected.
# Ensure that the ssh key exists and is an authorized_key
#key_path="${HOME}/.ssh"
#key_file="${key_path}/id_rsa"
# Ensure that the .ssh directory exists and has the right mode
#if [ ! -d ${key_path} ]; then
# mkdir -p ${key_path}
# chmod 700 ${key_path}
#fi
#if [ ! -f "${key_file}" -a ! -f "${key_file}.pub" ]; then
# rm -f ${key_file}*
# ssh-keygen -t rsa -f ${key_file} -N ''
#fi
# Ensure that the public key is included in the authorized_keys
# for the default root directory and the current home directory
#key_content=$(cat "${key_file}.pub")
#if ! grep -q "${key_content}" ${key_path}/authorized_keys; then
# echo "${key_content}" | tee -a ${key_path}/authorized_keys
#fi
# Bring up the new interfaces
for i in $(awk '/^iface/ {print $2}' /etc/network/interfaces.d/compute-interfaces.cfg); do
/sbin/ifup $i || true
done
echo "------DONE!!------"