First commit

(Contains all the master branches of the previous repositories)

docker-cinder-controller/.gitignore

@@ -0,0 +1,8 @@
+# ---> Vim
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+

docker-cinder-controller/Dockerfile

@@ -0,0 +1,32 @@
+FROM ubuntu:16.04
+# install packages
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install ubuntu-cloud-keyring \
+    && apt-get -y update \
+    && apt-get -y install \
+        mysql-client \
+        python-mysqldb \
+        python-openstackclient \
+        python-oslo.cache \
+        cinder-api \
+        cinder-scheduler \
+    && apt-get -y clean
+
+EXPOSE 8776
+
+#file that writes configs
+COPY write_conf.sh /etc/write_conf.sh
+# add bootstrap script and make it executable
+COPY bootstrap.sh /etc/bootstrap.sh
+
+COPY run.sh /etc/run.sh
+
+RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
+RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
+
+CMD ["/etc/run.sh"]

docker-cinder-controller/README.md

@@ -0,0 +1,41 @@
+# How to build
+```
+docker build . -t hpc/openstack-cinder-controller
+```
+
+# Bootstrap
+```
+ docker run --rm
+    -e "MY_IP={{ ansible_default_ipv4.address }}"
+    -e "CINDER_HOST={{ hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
+    -e "CINDER_USER=cinder"
+    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+    -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+    -e "RABBIT_USER=openstack"
+ hpc/openstack-cinder /etc/bootstrap.sh
+
+```
+
+# Run an image
+
+```
+/usr/bin/docker run \
+    -e "MY_IP={{ ansible_default_ipv4.address }}"
+    -e "CINDER_HOST={{ hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
+    -e "CINDER_USER=cinder"
+    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+    -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+    -e "RABBIT_USER=openstack"
+    -p 8776:8776 \
+  hpc/openstack-cinder-controller
+```

docker-cinder-controller/admin-openrc.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+# a admin-openrc.sh file
+export MYSQL_ROOT_PASSWORD="geheim"
+
+# To create the Identity service credentials
+GLANCE_USER_NAME=glance
+GLANCE_PASSWORD=geheim
+export OS_IDENTITY_API_VERSION=3
+export OS_USERNAME=admin
+export OS_PASSWORD=geheim
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2

docker-cinder-controller/bootstrap.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
+cat << EOF > /root/admin-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=${OS_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2
+EOF
+
+source /root/admin-openrc.sh
+
+# Write the config files
+/etc/write_conf.sh
+
+# create database for cinder
+mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
+drop database  if exists cinder;
+create database cinder;
+GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY "$CINDER_PASSWORD";
+GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY "$CINDER_PASSWORD";
+EOF
+
+openstack user create cinder --domain default --password "$CINDER_PASSWORD"
+openstack role add --user cinder --project service admin
+
+openstack service create --name cinderv2 --description "OpenStack Block Service" volumev2
+openstack service create --name cinderv3 --description "OpenStack Block Service" volumev3
+
+openstack endpoint create volumev2 public http://"${CINDER_HOST}":8776/v2/%\(project_id\)s --region RegionOne
+openstack endpoint create volumev2 internal http://"${CINDER_HOST}":8776/v2/%\(project_id\)s --region RegionOne
+openstack endpoint create volumev2 admin http://"${CINDER_HOST}":8776/v2/%\(project_id\)s --region RegionOne
+
+openstack endpoint create volumev3 public http://"${CINDER_HOST}":8776/v3/%\(project_id\)s --region RegionOne
+openstack endpoint create volumev3 internal http://"${CINDER_HOST}":8776/v3/%\(project_id\)s --region RegionOne
+openstack endpoint create volumev3 admin http://"${CINDER_HOST}":8776/v3/%\(project_id\)s --region RegionOne
+
+# sync the database
+cinder-manage db sync
+
+

docker-cinder-controller/run.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Write the config files
+/etc/write_conf.sh
+# start glance service
+cinder-scheduler -d &
+sleep 5
+apachectl -DFOREGROUND &
+
+# If any process fails, kill the rest.
+# This ensures the container stops and systemd will restart it.
+
+wait -n
+pkill -P $$

docker-cinder-controller/write_conf.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+#
+# Generate config files from environments values.
+# These are to be passed to the docker container using -e
+
+cat << EOF > /etc/cinder/cinder.conf
+
+[database]
+connection = mysql+pymysql://$CINDER_USER:$CINDER_PASSWORD@$MYSQL_HOST/cinder
+
+[DEFAULT]
+auth_strategy = keystone
+transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
+my_ip = $MY_IP
+
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = $CINDER_USER
+password = $CINDER_PASSWORD
+
+[oslo_concurrency]
+lock_path = /var/lib/cinder/tmp
+
+EOF

docker-cinder-storage/.gitignore

@@ -0,0 +1,8 @@
+# ---> Vim
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+

docker-cinder-storage/Dockerfile

@@ -0,0 +1,36 @@
+FROM ubuntu:16.04
+# install packages
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install ubuntu-cloud-keyring \
+    && apt-get -y update \
+    && apt-get -y install \
+        cinder-volume \
+        mysql-client \
+        python-mysqldb \
+        python-openstackclient \
+        python-oslo.cache \
+        lvm2 \
+        tgt \
+
+    && apt-get -y clean
+
+EXPOSE 8776
+
+#file that writes configs
+COPY write_conf.sh /etc/write_conf.sh
+# add bootstrap script and make it executable
+COPY bootstrap.sh /etc/bootstrap.sh
+
+COPY run.sh /etc/run.sh
+
+COPY lvm.conf /etc/lvm/lvm.conf
+
+RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
+RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
+
+CMD ["/etc/run.sh"]

docker-cinder-storage/README.md

@@ -0,0 +1,41 @@
+# How to build
+```
+docker build . -t hpc/openstack-cinder-storage
+```
+
+# Bootstrap
+```
+ docker run --rm
+    -e "MY_IP={{ ansible_default_ipv4.address }}"
+    -e "CINDER_HOST={{ hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
+    -e "CINDER_USER=cinder"
+    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+    -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+    -e "RABBIT_USER=openstack"
+ hpc/openstack-cinder /etc/bootstrap.sh
+
+```
+
+# Run an image
+
+```
+/usr/bin/docker run \
+    -e "MY_IP={{ ansible_default_ipv4.address }}"
+    -e "CINDER_HOST={{ hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
+    -e "CINDER_USER=cinder"
+    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
+    -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
+    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+    -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
+    -e "RABBIT_USER=openstack"
+    -p 8776:8776 \
+  hpc/openstack-cinder-storage
+```

docker-cinder-storage/admin-openrc.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+# a admin-openrc.sh file
+export MYSQL_ROOT_PASSWORD="geheim"
+
+# To create the Identity service credentials
+GLANCE_USER_NAME=glance
+GLANCE_PASSWORD=geheim
+export OS_IDENTITY_API_VERSION=3
+export OS_USERNAME=admin
+export OS_PASSWORD=geheim
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2

docker-cinder-storage/bootstrap.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
+cat << EOF > /root/admin-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=${OS_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2
+EOF
+
+source /root/admin-openrc.sh
+
+# Write the config files
+/etc/write_conf.sh
+
+# create a LVM physical volume and volume group.
+# This device should be available tpo the container
+pvcreate /dev/cinder_storage_volume
+vgcreate cinder-volumes /dev/cinder_storage_volume
+

docker-cinder-storage/run.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Write the config files
+/etc/write_conf.sh
+# start cinder processes.
+tgtd
+
+cinder-volume -d &
+
+# If any process fails, kill the rest.
+# This ensures the container stops and systemd will restart it.
+
+wait -n
+pkill -P $$

docker-cinder-storage/write_conf.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+#
+# Generate config files from environments values.
+# These are to be passed to the docker container using -e
+
+cat << EOF > /etc/cinder/cinder.conf
+
+[database]
+connection = mysql+pymysql://$CINDER_USER:$CINDER_PASSWORD@$MYSQL_HOST/cinder
+
+[DEFAULT]
+auth_strategy = keystone
+transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
+my_ip = $MY_IP
+enabled_backends = lvm
+glance_api_servers = http://$GLANCE_HOST:9292
+
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = $CINDER_USER
+password = $CINDER_PASSWORD
+
+[oslo_concurrency]
+lock_path = /var/lib/cinder/tmp
+
+[lvm]
+volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
+volume_group = cinder-volumes
+iscsi_protocol = iscsi
+iscsi_helper = tgtadm
+volumes_dir = /var/lib/cinder/volumes
+
+EOF

docker-glance/.gitignore

@@ -0,0 +1 @@
+build.sh

docker-glance/Dockerfile

@@ -0,0 +1,32 @@
+FROM ubuntu:16.04
+# install packages
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install ubuntu-cloud-keyring \
+    && apt-get -y update \
+    && apt-get -y install \
+        mysql-client \
+        glance \
+        python-mysqldb \
+        python-openstackclient \
+        python-oslo.cache \
+    && apt-get -y clean \
+    && rm -f /var/lib/glance/glance.sqlite
+
+EXPOSE 9292
+
+#file that writes configs
+COPY write_conf.sh /etc/write_conf.sh
+# add bootstrap script and make it executable
+COPY bootstrap.sh /etc/bootstrap.sh
+
+COPY run.sh /etc/run.sh
+
+RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
+RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
+
+CMD ["/etc/run.sh"]

docker-glance/README.md

@@ -0,0 +1,33 @@
+# How to build
+```
+docker build . -t hpc/openstack-glance
+```
+
+# Bootstrap
+```
+ docker run --rm
+ -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
+ -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
+ -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
+ -e "MYSQL_ROOT_PASSWORD=geheim"
+ -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
+ -e "GLANCE_HOST={{ hostvars[groups['glance'][0]]['ansible_default_ipv4']['address'] }}"
+ -e "GLANCE_PASSWORD=geheim"
+ hpc/openstack-glance /etc/bootstrap.sh
+
+```
+
+# Run an image
+
+```
+/usr/bin/docker run --name %n \
+  -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
+  -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
+  -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \
+  -e "MYSQL_ROOT_PASSWORD=geheim" \
+  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
+  -e "GLANCE_HOST={{ hostvars[groups['glance'][0]]['ansible_default_ipv4']['address'] }}" \
+  -e "GLANCE_PASSWORD=geheim" \
+  -p 9292:9292 \
+  hpc/openstack-glance
+```

docker-glance/admin-openrc.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+# a admin-openrc.sh file
+
+# To create the Identity service credentials
+GLANCE_USER_NAME=glance
+GLANCE_PASSWORD=geheim
+export OS_IDENTITY_API_VERSION=3
+export OS_USERNAME=admin
+export OS_PASSWORD=geheim
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2

docker-glance/bootstrap.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
+cat << EOF > /root/admin-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=${OS_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+
+export GLANCE_USER_NAME=glance
+export GLANCE_PASSWORD=${GLANCE_PASSWORD}
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2
+EOF
+
+source /root/admin-openrc.sh
+
+# Write the config files
+/etc/write_conf.sh
+
+# create database for glance
+mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
+drop database  if exists glance;
+create database glance;
+GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY "$GLANCE_PASSWORD";
+GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY "$GLANCE_PASSWORD";
+EOF
+
+openstack user create "$GLANCE_USER" --domain default --password "$GLANCE_PASSWORD"
+openstack role add --user glance --project service admin
+openstack service create --name glance --description "OpenStack Image Service" image
+openstack endpoint create glance admin http://"${GLANCE_HOST}":9292 --region RegionOne
+openstack endpoint create glance public http://"${GLANCE_HOST}":9292 --region RegionOne
+openstack endpoint create glance internal http://"${GLANCE_HOST}":9292 --region RegionOne
+
+# Workaround, see https://bugs.launchpad.net/glance/+bug/1697835
+sed -i "/op.drop_index('ix_images_is_public', 'images')/a \ \ \ \ op.execute(\"\"\"ALTER TABLE images DROP CONSTRAINT CONSTRAINT_1\"\"\")" \
+    /usr/lib/python2.7/dist-packages/glance/db/sqlalchemy/alembic_migrations/versions/ocata01_add_visibility_remove_is_public.py
+
+# sync the database
+su -s /bin/sh -c "glance-manage db_sync" glance

docker-glance/run.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Write the config files
+/etc/write_conf.sh
+# start glance service
+glance-registry -v -d &
+sleep 5
+glance-api -v -d &
+
+# If any process fails, kill the rest.
+# This insures the container stops and systemd will restart it.
+
+wait -n
+pkill -P $$

docker-glance/write_conf.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+#
+# Generate config files from environments values.
+# These are to be passed to the docker container using -e
+
+cat << EOF > /etc/glance/glance-api.conf
+
+[database]
+connection = mysql+pymysql://$GLANCE_USER:$GLANCE_PASSWORD@$MYSQL_HOST/glance
+[image_format]
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = glance
+password = $GLANCE_PASSWORD
+
+[oslo_messaging_notifications]
+driver = messagingv2
+
+[oslo_messaging_rabbit]
+rabbit_host = $RABBIT_HOST
+rabbit_userid = $RABBIT_USER
+rabbit_password = $RABBIT_PASSWORD
+
+[paste_deploy]
+flavor = keystone
+
+
+[glance_store]
+stores = file,http
+default_store = file
+filesystem_store_datadir = /var/lib/glance/images/
+
+EOF
+
+
+cat << EOF > /etc/glance/glance-registry.conf
+
+[DEFAULT]
+workers = 4
+rpc_backend = rabbit
+
+[database]
+connection = mysql+pymysql://$GLANCE_USER:$GLANCE_PASSWORD@$MYSQL_HOST/glance
+
+[glance_store]
+stores = file,http
+default_store = file
+filesystem_store_datadir = /var/lib/glance/images/
+
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = glance
+password = $GLANCE_PASSWORD
+
+[oslo_messaging_notifications]
+driver = messagingv2
+
+[oslo_messaging_rabbit]
+rabbit_host = $RABBIT_HOST
+rabbit_userid = $RABBIT_USER
+rabbit_password = $RABBIT_PASSWORD
+
+[paste_deploy]
+flavor = keystone
+
+EOF

docker-heat/.gitignore

@@ -0,0 +1,8 @@
+# ---> Vim
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+

docker-heat/Dockerfile

@@ -0,0 +1,34 @@
+FROM ubuntu:16.04
+# install packages
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install ubuntu-cloud-keyring \
+    && apt-get -y update \
+    && apt-get -y install \
+        mysql-client \
+        python-mysqldb \
+        python-openstackclient \
+        python-oslo.cache \
+        heat-api \
+        heat-api-cfn \
+        heat-engine \
+    && apt-get -y clean
+
+EXPOSE 8000
+EXPOSE 8004
+
+#file that writes configs
+COPY write_conf.sh /etc/write_conf.sh
+# add bootstrap script and make it executable
+COPY bootstrap.sh /etc/bootstrap.sh
+
+COPY run.sh /etc/run.sh
+
+RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
+RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
+
+CMD ["/etc/run.sh"]

docker-heat/README.md

@@ -0,0 +1,8 @@
+# Openstack heat
+This docker image provides [Openstack Heat](https://wiki.openstack.org/wiki/Heat). It is meant to be run as part of the [HPC Cloud](https://git.webhosting.rug.nl/HPC/hpc-cloud).
+
+## How to build
+```
+docker build . -t hpc/openstack-heat
+
+```

docker-heat/admin-openrc.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# To create the Identity service credentials
+export OS_IDENTITY_API_VERSION=3
+export OS_USERNAME=admin
+export OS_PASSWORD=geheim
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2

docker-heat/bootstrap.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
+cat << EOF > /root/admin-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=${OS_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+
+export HEAT_USER=heat
+export HEAT_PASSWORD=${HEAT_PASSWORD}
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2
+EOF
+
+source /root/admin-openrc.sh
+
+# Write the config files
+/etc/write_conf.sh
+
+# create database for heat
+mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
+drop database  if exists heat;
+create database heat;
+GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY "$HEAT_PASSWORD";
+GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY "$HEAT_PASSWORD";
+EOF
+
+openstack user create "$HEAT_USER" --domain Default --password "$HEAT_PASSWORD"
+openstack role add --project service --user heat admin
+
+openstack service create --name heat --description "Orchestration" orchestration
+openstack service create --name heat-cfn --description "Orchestration" cloudformation
+
+openstack endpoint create orchestration public http://"${HEAT_HOST}":8004/v1/%\(tenant_id\)s --region RegionOne
+openstack endpoint create orchestration internal http://"${HEAT_HOST}":8004/v1/%\(tenant_id\)s --region RegionOne
+openstack endpoint create orchestration admin http://"${HEAT_HOST}":8004/v1/%\(tenant_id\)s --region RegionOne
+
+openstack endpoint create cloudformation public http://"${HEAT_HOST}":8000/v1 --region RegionOne
+openstack endpoint create cloudformation internal http://"${HEAT_HOST}":8000/v1 --region RegionOne
+openstack endpoint create cloudformation admin http://"${HEAT_HOST}":8000/v1 --region RegionOne
+
+openstack domain create --description "Stack projects and users" heat
+
+openstack user create --domain heat --password "$HEAT_PASSWORD"  heat_domain_admin
+openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
+
+openstack role create heat_stack_owner
+openstack role add --project demo --user demo heat_stack_owner
+openstack role create heat_stack_user
+
+# sync the database
+su -s /bin/sh -c "heat-manage db_sync" heat

docker-heat/run.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Write the config files
+/etc/write_conf.sh
+
+heat-api -v -d &
+sleep 5
+heat-api-cfn -v -d &
+sleep 5
+heat-engine -v -d &
+# If any process fails, kill the rest.
+# This insures the container stops and systemd will restart it.
+
+wait -n
+pkill -P $$

docker-heat/write_conf.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+#
+# Generate config files from environments values.
+# These are to be passed to the docker container using -e
+
+cat << EOF > /etc/heat/heat.conf
+
+[database]
+connection = mysql+pymysql://heat:$HEAT_PASSWORD@$MYSQL_HOST/heat
+
+[DEFAULT]
+transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
+heat_metadata_server_url = http://$HEAT_HOST:8000
+heat_waitcondition_server_url = http://$HEAT_HOST:8000/v1/waitcondition
+
+
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = $HEAT_USER
+password = $HEAT_PASSWORD
+
+[trustee]
+auth_plugin = password
+auth_url = http://$KEYSTONE_HOST:35357
+username = $HEAT_USER
+password = $HEAT_PASSWORD
+user_domain_name = Default
+
+EOF

docker-horizon/.gitignore

@@ -0,0 +1,8 @@
+# ---> Vim
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+

docker-horizon/000-default.conf

@@ -0,0 +1,11 @@
+<VirtualHost *:80>
+        RedirectMatch    "^/$"  "/horizon"
+        ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

docker-horizon/Dockerfile

@@ -0,0 +1,35 @@
+# Build keystone. It needs to be run with
+# --add-host=mariadb:<ip mariadb listens tp>
+# Wen starting with an initialized db,
+# run keystone-manage db_sync from this docker first:
+# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
+
+FROM ubuntu:16.04
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install \
+    && apt-get -y install openstack-dashboard \
+                          python-openstackclient \
+    && apt-get -y clean
+
+EXPOSE 80
+
+COPY local_settings.py /etc/openstack-dashboard/local_settings.py
+
+# Add a redirect to /keystone instead of the "It works! page"
+COPY 000-default.conf /etc/apache2/sites-available
+
+RUN chown -R www-data: /var/lib/openstack-dashboard/
+
+RUN touch /var/log/horizon.log
+
+RUN chown www-data: /var/log/horizon.log
+
+RUN chown horizon: /var/lib/openstack-dashboard/secret_key
+
+CMD apachectl -DFOREGROUND
+

docker-horizon/README.md

@@ -0,0 +1,9 @@
+# docker-horizon
+
+Docker image to build horizon
+
+To run, use the following command:
+
+```
+docker run -e "MEMCACHED_SERVER=172.23.38.123" -e "OPENSTACK_HOST=172.23.38.123" -it --rm
+```

docker-horizon/admin-openrc.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# To create the Identity service credentials
+export OS_IDENTITY_API_VERSION=3
+export OS_USERNAME=admin
+export OS_PASSWORD=geheim
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2

docker-horizon/local_settings.py

@@ -0,0 +1,518 @@
+# -*- coding: utf-8 -*-
+
+import os
+
+from django.utils.translation import ugettext_lazy as _
+
+from horizon.utils import secret_key
+
+from openstack_dashboard.settings import HORIZON_CONFIG
+
+DEBUG = False
+
+WEBROOT = '/'
+
+LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
+
+SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key')
+
+SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
+
+MEMCACHED_SERVER = os.environ['MEMCACHED_SERVER']
+
+CACHES = {
+    'default': {
+        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+        'LOCATION': '{}:11211'.format(MEMCACHED_SERVER),
+    },
+}
+
+# Send email to the console by default
+EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+# Configure these for your outgoing email host
+#EMAIL_HOST = 'smtp.my-company.com'
+#EMAIL_PORT = 25
+#EMAIL_HOST_USER = 'djangomail'
+#EMAIL_HOST_PASSWORD = 'top-secret!'
+
+OPENSTACK_HOST = os.environ['KEYSTONE_HOST']
+OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
+OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
+
+
+OPENSTACK_API_VERSIONS = {
+    "identity": 3,
+    "image": 2,
+    "volume": 2,
+}
+
+
+# Disable SSL certificate checks (useful for self-signed certificates):
+#OPENSTACK_SSL_NO_VERIFY = True
+
+# The CA certificate to use to verify SSL connections
+#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
+
+# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
+# capabilities of the auth backend for Keystone.
+# If Keystone has been configured to use LDAP as the auth backend then set
+# can_edit_user to False and name to 'ldap'.
+#
+# TODO(tres): Remove these once Keystone has an API to identify auth backend.
+OPENSTACK_KEYSTONE_BACKEND = {
+    'name': 'native',
+    'can_edit_user': True,
+    'can_edit_group': True,
+    'can_edit_project': True,
+    'can_edit_domain': True,
+    'can_edit_role': True,
+}
+
+# Setting this to True, will add a new "Retrieve Password" action on instance,
+# allowing Admin session password retrieval/decryption.
+#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
+
+# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
+# determine the experience to enable.  Set them both to true to enable
+# both.
+#LAUNCH_INSTANCE_LEGACY_ENABLED = True
+#LAUNCH_INSTANCE_NG_ENABLED = False
+
+# The Xen Hypervisor has the ability to set the mount point for volumes
+# attached to instances (other Hypervisors currently do not). Setting
+# can_set_mount_point to True will add the option to set the mount point
+# from the UI.
+OPENSTACK_HYPERVISOR_FEATURES = {
+    'can_set_mount_point': False,
+    'can_set_password': False,
+    'requires_keypair': False,
+    'enable_quotas': True
+}
+
+# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
+# services provided by cinder that is not exposed by its extension API.
+OPENSTACK_CINDER_FEATURES = {
+    'enable_backup': False,
+}
+
+# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
+# services provided by neutron. Options currently available are load
+# balancer service, security groups, quotas, VPN service.
+OPENSTACK_NEUTRON_NETWORK = {
+    'enable_router': False,
+    'enable_quotas': False,
+    'enable_ipv6': False,
+    'enable_distributed_router': False,
+    'enable_ha_router': False,
+    'enable_lb': False,
+    'enable_firewall': False,
+    'enable_vpn': False,
+    'enable_fip_topology_check': False,
+
+    # profile_support can be turned on if needed.
+    'profile_support': None,
+    #'profile_support': 'cisco',
+    'supported_vnic_types': ['*'],
+}
+
+# The OPENSTACK_HEAT_STACK settings can be used to disable password
+# field required while launching the stack.
+OPENSTACK_HEAT_STACK = {
+    'enable_user_pass': True,
+}
+
+#OPENSTACK_IMAGE_BACKEND = {
+#    'image_formats': [
+#        ('', _('Select format')),
+#        ('aki', _('AKI - Amazon Kernel Image')),
+#        ('ami', _('AMI - Amazon Machine Image')),
+#        ('ari', _('ARI - Amazon Ramdisk Image')),
+#        ('docker', _('Docker')),
+#        ('iso', _('ISO - Optical Disk Image')),
+#        ('ova', _('OVA - Open Virtual Appliance')),
+#        ('qcow2', _('QCOW2 - QEMU Emulator')),
+#        ('raw', _('Raw')),
+#        ('vdi', _('VDI - Virtual Disk Image')),
+#        ('vhd', _('VHD - Virtual Hard Disk')),
+#        ('vmdk', _('VMDK - Virtual Machine Disk')),
+#    ],
+#}
+
+# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
+# image custom property attributes that appear on image detail pages.
+IMAGE_CUSTOM_PROPERTY_TITLES = {
+    "architecture": _("Architecture"),
+    "kernel_id": _("Kernel ID"),
+    "ramdisk_id": _("Ramdisk ID"),
+    "image_state": _("Euca2ools state"),
+    "project_id": _("Project ID"),
+    "image_type": _("Image Type"),
+}
+
+# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
+# custom properties should not be displayed in the Image Custom Properties
+# table.
+IMAGE_RESERVED_CUSTOM_PROPERTIES = []
+
+# Set to 'legacy' or 'direct' to allow users to upload images to glance via
+# Horizon server. When enabled, a file form field will appear on the create
+# image form. If set to 'off', there will be no file form field on the create
+# image form. See documentation for deployment considerations.
+#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
+
+# Allow a location to be set when creating or updating Glance images.
+# If using Glance V2, this value should be False unless the Glance
+# configuration and policies allow setting locations.
+#IMAGES_ALLOW_LOCATION = False
+
+# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
+# in the Keystone service catalog. Use this setting when Horizon is running
+# external to the OpenStack environment. The default is 'publicURL'.
+OPENSTACK_ENDPOINT_TYPE = "publicURL"
+
+# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
+# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
+# in the Keystone service catalog. Use this setting when Horizon is running
+# external to the OpenStack environment. The default is None. This
+# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
+#SECONDARY_ENDPOINT_TYPE = None
+
+# The number of objects (Swift containers/objects or images) to display
+# on a single page before providing a paging element (a "more" link)
+# to paginate results.
+API_RESULT_LIMIT = 1000
+API_RESULT_PAGE_SIZE = 20
+
+# The size of chunk in bytes for downloading objects from Swift
+SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
+
+# The default number of lines displayed for instance console log.
+INSTANCE_LOG_LENGTH = 35
+
+# Specify a maximum number of items to display in a dropdown.
+DROPDOWN_MAX_ITEMS = 30
+
+# The timezone of the server. This should correspond with the timezone
+# of your entire OpenStack installation, and hopefully be in UTC.
+TIME_ZONE = "UTC"
+
+# When launching an instance, the menu of available flavors is
+# sorted by RAM usage, ascending. If you would like a different sort order,
+# you can provide another flavor attribute as sorting key. Alternatively, you
+# can provide a custom callback method to use for sorting. You can also provide
+# a flag for reverse sort. For more info, see
+# http://docs.python.org/2/library/functions.html#sorted
+#CREATE_INSTANCE_FLAVOR_SORT = {
+#    'key': 'name',
+#     # or
+#    'key': my_awesome_callback_method,
+#    'reverse': False,
+#}
+
+# Set this to True to display an 'Admin Password' field on the Change Password
+# form to verify that it is indeed the admin logged-in who wants to change
+# the password.
+#ENFORCE_PASSWORD_CHECK = False
+
+# Modules that provide /auth routes that can be used to handle different types
+# of user authentication. Add auth plugins that require extra route handling to
+# this list.
+#AUTHENTICATION_URLS = [
+#    'openstack_auth.urls',
+#]
+
+# The Horizon Policy Enforcement engine uses these values to load per service
+# policy rule files. The content of these files should match the files the
+# OpenStack services are using to determine role based access control in the
+# target installation.
+
+# Path to directory containing policy.json files
+#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
+
+# Map of local copy of service policy files.
+# Please insure that your identity policy file matches the one being used on
+# your keystone servers. There is an alternate policy file that may be used
+# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
+# This file is not included in the Horizon repository by default but can be
+# found at
+# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
+# policy.v3cloudsample.json
+# Having matching policy files on the Horizon and Keystone servers is essential
+# for normal operation. This holds true for all services and their policy files.
+#POLICY_FILES = {
+#    'identity': 'keystone_policy.json',
+#    'compute': 'nova_policy.json',
+#    'volume': 'cinder_policy.json',
+#    'image': 'glance_policy.json',
+#    'orchestration': 'heat_policy.json',
+#    'network': 'neutron_policy.json',
+#}
+
+# TODO: (david-lyle) remove when plugins support adding settings.
+# Note: Only used when trove-dashboard plugin is configured to be used by
+# Horizon.
+# Trove user and database extension support. By default support for
+# creating users and databases on database instances is turned on.
+# To disable these extensions set the permission here to something
+# unusable such as ["!"].
+#TROVE_ADD_USER_PERMS = []
+#TROVE_ADD_DATABASE_PERMS = []
+
+# Change this patch to the appropriate list of tuples containing
+# a key, label and static directory containing two files:
+# _variables.scss and _styles.scss
+#AVAILABLE_THEMES = [
+#    ('default', 'Default', 'themes/default'),
+#    ('material', 'Material', 'themes/material'),
+#]
+
+LOGGING = {
+    'version': 1,
+    # When set to True this will disable all logging except
+    # for loggers specified in this configuration dictionary. Note that
+    # if nothing is specified here and disable_existing_loggers is True,
+    # django.db.backends will still log unless it is disabled explicitly.
+    'disable_existing_loggers': False,
+    'formatters': {
+        'operation': {
+            # The format of "%(message)s" is defined by
+            # OPERATION_LOG_OPTIONS['format']
+            'format': '%(asctime)s %(message)s'
+        },
+    },
+    'handlers': {
+        'null': {
+            'level': 'DEBUG',
+            'class': 'logging.NullHandler',
+        },
+        'console': {
+            # Set the level to "DEBUG" for verbose output logging.
+            'level': 'INFO',
+            'class': 'logging.StreamHandler',
+        },
+        'operation': {
+            'level': 'INFO',
+            'class': 'logging.StreamHandler',
+            'formatter': 'operation',
+        },
+    },
+    'loggers': {
+        # Logging from django.db.backends is VERY verbose, send to null
+        # by default.
+        'django.db.backends': {
+            'handlers': ['null'],
+            'propagate': False,
+        },
+        'requests': {
+            'handlers': ['null'],
+            'propagate': False,
+        },
+        'horizon': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'horizon.operation_log': {
+            'handlers': ['operation'],
+            'level': 'INFO',
+            'propagate': False,
+        },
+        'openstack_dashboard': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'novaclient': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'cinderclient': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'keystoneclient': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'keystoneauth': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'glanceclient': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'neutronclient': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'heatclient': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'swiftclient': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'openstack_auth': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'nose.plugins.manager': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'django': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+        'iso8601': {
+            'handlers': ['null'],
+            'propagate': False,
+        },
+        'scss': {
+            'handlers': ['null'],
+            'propagate': False,
+        },
+    },
+}
+
+# 'direction' should not be specified for all_tcp/udp/icmp.
+# It is specified in the form.
+SECURITY_GROUP_RULES = {
+    'all_tcp': {
+        'name': _('All TCP'),
+        'ip_protocol': 'tcp',
+        'from_port': '1',
+        'to_port': '65535',
+    },
+    'all_udp': {
+        'name': _('All UDP'),
+        'ip_protocol': 'udp',
+        'from_port': '1',
+        'to_port': '65535',
+    },
+    'all_icmp': {
+        'name': _('All ICMP'),
+        'ip_protocol': 'icmp',
+        'from_port': '-1',
+        'to_port': '-1',
+    },
+    'ssh': {
+        'name': 'SSH',
+        'ip_protocol': 'tcp',
+        'from_port': '22',
+        'to_port': '22',
+    },
+    'smtp': {
+        'name': 'SMTP',
+        'ip_protocol': 'tcp',
+        'from_port': '25',
+        'to_port': '25',
+    },
+    'dns': {
+        'name': 'DNS',
+        'ip_protocol': 'tcp',
+        'from_port': '53',
+        'to_port': '53',
+    },
+    'http': {
+        'name': 'HTTP',
+        'ip_protocol': 'tcp',
+        'from_port': '80',
+        'to_port': '80',
+    },
+    'pop3': {
+        'name': 'POP3',
+        'ip_protocol': 'tcp',
+        'from_port': '110',
+        'to_port': '110',
+    },
+    'imap': {
+        'name': 'IMAP',
+        'ip_protocol': 'tcp',
+        'from_port': '143',
+        'to_port': '143',
+    },
+    'ldap': {
+        'name': 'LDAP',
+        'ip_protocol': 'tcp',
+        'from_port': '389',
+        'to_port': '389',
+    },
+    'https': {
+        'name': 'HTTPS',
+        'ip_protocol': 'tcp',
+        'from_port': '443',
+        'to_port': '443',
+    },
+    'smtps': {
+        'name': 'SMTPS',
+        'ip_protocol': 'tcp',
+        'from_port': '465',
+        'to_port': '465',
+    },
+    'imaps': {
+        'name': 'IMAPS',
+        'ip_protocol': 'tcp',
+        'from_port': '993',
+        'to_port': '993',
+    },
+    'pop3s': {
+        'name': 'POP3S',
+        'ip_protocol': 'tcp',
+        'from_port': '995',
+        'to_port': '995',
+    },
+    'ms_sql': {
+        'name': 'MS SQL',
+        'ip_protocol': 'tcp',
+        'from_port': '1433',
+        'to_port': '1433',
+    },
+    'mysql': {
+        'name': 'MYSQL',
+        'ip_protocol': 'tcp',
+        'from_port': '3306',
+        'to_port': '3306',
+    },
+    'rdp': {
+        'name': 'RDP',
+        'ip_protocol': 'tcp',
+        'from_port': '3389',
+        'to_port': '3389',
+    },
+}
+
+REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
+                              'LAUNCH_INSTANCE_DEFAULTS',
+                              'OPENSTACK_IMAGE_FORMATS',
+                              'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN']
+
+ # The default theme if no cookie is present
+DEFAULT_THEME = 'ubuntu'
+
+# Default Ubuntu apache configuration uses /horizon as the application root.
+WEBROOT='/horizon/'
+
+# By default, validation of the HTTP Host header is disabled.  Production
+# installations should have this set accordingly.  For more information
+# see https://docs.djangoproject.com/en/dev/ref/settings/.
+ALLOWED_HOSTS = '*'
+
+# Compress all assets offline as part of packaging installation
+COMPRESS_OFFLINE = True
+
+ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}

docker-keystone/.gitignore

@@ -0,0 +1,8 @@
+# ---> Vim
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+

docker-keystone/Dockerfile

@@ -0,0 +1,28 @@
+# Build keystone. It needs to be run with
+# --add-host=mariadb:<ip mariadb listens tp>
+# Wen starting with an initialized db,
+# run keystone-manage db_sync from this docker first:
+# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
+
+FROM ubuntu:16.04
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install \
+    && apt-get -y install keystone python-openstackclient \
+    && apt-get -y clean
+
+# set admin token TODO: make this a secret
+# in volume of met env
+COPY keystone.conf /etc/keystone/keystone.conf
+
+RUN mkdir /etc/keystone/fernet-keys
+
+RUN chown keystone: /etc/keystone/fernet-keys
+
+COPY bootstrap.sh /etc/bootstrap.sh
+
+CMD apachectl -DFOREGROUND

docker-keystone/README.md

@@ -0,0 +1,9 @@
+# ubuntu 16.04 openstack ocata keystone
+
+## How to build the docker image.
+```
+docker  build . -t hpc/openstack-keystone
+```
+
+## Notes
+This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)

docker-keystone/bootstrap.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
+cat << EOF > /root/admin-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=${OS_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+EOF
+
+# Create demo-openrc.sh
+cat << EOF > /root/demo-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=demo
+export OS_USERNAME=demo
+export OS_PASSWORD=${OS_DEMO_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+EOF
+
+source /root/admin-openrc.sh
+
+sleep 3
+
+openstack project create --domain default \
+      --description "Service Project" service
+
+sleep 3
+
+openstack project create --domain default \
+  --description "Demo Project" demo
+
+sleep 3
+
+openstack user create --domain default \
+  --password "$OS_DEMO_PASSWORD" demo
+
+sleep 3
+
+openstack role create user
+
+sleep 3
+
+openstack role add --project demo --user demo user

docker-keystone/keystone.conf

@@ -0,0 +1,12 @@
+[DEFAULT]
+
+verbose = true
+
+[database]
+connection = mysql+pymysql://keystone:keystone@mariadb/keystone
+
+[token]
+provider = fernet
+
+[identity]
+default_domain_id = default

docker-keystone/keystone.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Openstack Keystone Container
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker rm -f %n
+ExecStart=/usr/bin/docker run --name %n \
+  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
+  -p 5000:5000 -p 35357:35357 \
+  -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
+  hpc/keystone
+
+[Install]
+WantedBy=multi-user.target

docker-neutron-controller/.gitignore

@@ -0,0 +1,8 @@
+# ---> Vim
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+

docker-neutron-controller/Dockerfile

@@ -0,0 +1,31 @@
+FROM ubuntu:16.04
+# install packages
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install ubuntu-cloud-keyring \
+    && apt-get -y update \
+    && apt-get -y install \
+        mysql-client \
+        python-mysqldb \
+        python-openstackclient \
+        neutron-server \
+        neutron-plugin-ml2 \
+        neutron-linuxbridge-agent \
+        neutron-l3-agent \
+        neutron-metadata-agent \
+    && apt-get -y clean
+
+# add bootstrap script and make it executable
+COPY bootstrap.sh /etc/bootstrap.sh
+
+# Workaround for vlan_transparent parameter set to None.
+COPY db_base_plugin_v2.py /usr/lib/python2.7/dist-packages/neutron/db/db_base_plugin_v2.py
+
+COPY run.sh /etc/run.sh
+COPY write_conf.sh /etc/write_conf.sh
+
+CMD ["/etc/run.sh"]

docker-neutron-controller/README.md

@@ -0,0 +1,21 @@
+# ubuntu 16.04 openstack ocata neutron controler node
+
+## How to build the docker image.
+```
+docker  build . -t="hpc/neutroncontroller"
+```
+
+## How to bootstrap the service.
+Before we can take the container into service we need accounts in keystone.
+We also need an initial database. Both of these tasks are performed by the bootstrap script.
+```
+docker run --rm --it --add-host="controller:<keystone_ip>" hpc/neutroncontroler /etc/bootstrap.sh
+```
+
+## How to run
+This image needs a lot of environment variables. It should be run via the `hpc-cloud` ansible repository.
+
+
+## Notes
+This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
+The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.

docker-neutron-controller/bootstrap.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+#
+# This script sets up the openstack users and regions..
+# as well as the database for the nova controller.
+# This guide was used:
+# https://docs.openstack.org/ocata/install-guide-ubuntu/nova-controller-install.
+
+# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
+cat << EOF > /root/admin-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=${OS_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2
+
+EOF
+
+source /root/admin-openrc.sh
+
+# create database for neutron.
+SQL_SCRIPT=/root/neutron.sql
+mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
+DROP DATABASE  IF EXISTS neutron;
+CREATE DATABASE neutron;
+
+GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
+    IDENTIFIED BY "${NEUTRON_PASSWORD}";
+
+GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
+    IDENTIFIED BY "${NEUTRON_PASSWORD}";
+EOF
+
+openstack user create "$NEUTRON_USER" --domain default --password "$NEUTRON_PASSWORD"
+openstack role add --project service --user neutron admin
+openstack service create --name neutron --description "OpenStack Networking" network
+
+# neutron endpoints
+openstack endpoint create --region RegionOne \
+  network public http://$MY_IP:9696
+
+openstack endpoint create --region RegionOne \
+  network internal http://$MY_IP:9696
+
+openstack endpoint create --region RegionOne \
+  network admin http://$MY_IP:9696
+
+# population of the database requires complete server and plug-in configuration files.
+/etc/write_conf.sh
+
+# Ugly hacks to prevent the manage command from failing
+sed -i "/    op.drop_column('networks', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/liberty/contract/4ffceebfada_rbac_network.py
+sed -i "/    op.drop_column('subnets', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/liberty/contract/4ffceebfada_rbac_network.py
+sed -i "/    op.drop_column('qos_policies', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/mitaka/contract/c6c112992c9_rbac_qos_policy.py
+
+neutron-db-manage --config-file /etc/neutron/neutron.conf \
+                  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
+
+# And now we drop the colums and constraints that the ORM fails to drop.
+mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" neutron << EOF
+
+ALTER TABLE networks DROP CONSTRAINT CONSTRAINT_2;
+alter table networks drop column shared;
+
+ALTER TABLE subnets DROP CONSTRAINT CONSTRAINT_2;
+ALTER TABLE subnets DROP COLUMN shared;
+
+ALTER TABLE qos_policies DROP CONSTRAINT CONSTRAINT_1;
+ALTER TABLE qos_policies drop column shared
+
+EOF

docker-neutron-controller/run.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+# start neutron services
+
+/etc/write_conf.sh
+
+/usr/bin/neutron-server \
+--config-file /etc/neutron/neutron.conf \
+--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
+--config-file /etc/neutron/metadata_agent.ini \
+--config-dir /etc/neutron/ \
+-v -d &
+
+sleep 3
+/usr/bin/neutron-linuxbridge-agent \
+--config-file /etc/neutron/neutron.conf \
+--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
+--config-file /etc/neutron/metadata_agent.ini \
+--config-dir /etc/neutron/ \
+-v -d &
+
+sleep 3
+neutron-metadata-agent \
+--config-file /etc/neutron/neutron.conf \
+--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
+--config-file /etc/neutron/metadata_agent.ini \
+--config-dir /etc/neutron/ \
+-v -d &
+
+# If any process fails, kill the rest.
+# This insures the container stops and systemd will restart it.
+
+wait -n
+pkill -P $$

docker-neutron-controller/write_conf.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+#
+# Generate config files from environments values.
+# These are to be passed to the docker container using -e
+
+cat << EOF > /etc/neutron/neutron.conf
+[DEFAULT]
+core_plugin = ml2
+service_plugins =
+transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
+auth_strategy = keystone
+notify_nova_on_port_status_changes = true
+notify_nova_on_port_data_changes = true
+dhcp_agents_per_network = 2
+global_physnet_mtu = $GLOBAL_PHYSNET_MTU
+
+[agent]
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+
+[database]
+connection = mysql+pymysql://$NEUTRON_USER:$NEUTRON_PASSWORD@mariadb/neutron
+
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = $NEUTRON_USER
+password = $NEUTRON_PASSWORD
+
+[nova]
+auth_url = http://$KEYSTONE_HOST:35357
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+region_name = RegionOne
+project_name = service
+username = $NOVA_USER
+password = $NOVA_PASSWORD
+
+EOF
+
+cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
+
+[ml2]
+type_drivers = flat,vlan
+tenant_network_types =
+mechanism_drivers = linuxbridge
+extension_drivers = port_security
+path_mtu = $GLOBAL_PHYSNET_MTU
+
+[ml2_type_vlan]
+network_vlan_ranges = provider
+
+[ml2_type_flat]
+flat_networks = provider
+
+[securitygroup]
+enable_ipset = true
+
+EOF
+
+cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
+
+[linux_bridge]
+physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
+
+[vxlan]
+enable_vxlan = false
+
+[securitygroup]
+enable_security_group = true
+firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+
+EOF
+
+cat << EOF > /etc/neutron/metadata_agent.ini
+
+[DEFAULT]
+nova_metadata_ip = $MY_IP
+metadata_proxy_shared_secret = $METADATA_SECRET
+
+EOF

docker-nova-compute/.drone.yml

@@ -0,0 +1,26 @@
+---
+pipeline:
+  docker:
+    image: plugins/docker
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-nova-compute
+    tag: latest
+  notify:
+    image: drillster/drone-email
+    host: smtp.rug.nl
+    port: 25
+    skip_verify: true
+    from: drone@webhosting.rug.nl
+    recipients: [e.m.a.rijpkema@rug.nl]
+    recipients: [e.m.a.rijpkema@rug.nl, w.k.nap@rug.nl]
+    recipients_only: true
+    when:
+      status: [success, changed, failure]
+#  slack:
+#    image: plugins/slack
+#    webhook:
+#    channel: docker
+#    when:
+#      branch: [master, merlin]
+#      status: [success, failure]

docker-nova-compute/Dockerfile

@@ -0,0 +1,23 @@
+FROM ubuntu:16.04
+# install packages
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install ubuntu-cloud-keyring \
+    && apt-get -y update \
+    && apt-get -y install \
+        python-openstackclient \
+        nova-compute \
+        neutron-linuxbridge-agent \
+        neutron-dhcp-agent \
+        neutron-metadata-agent \
+    && apt-get -y clean
+
+COPY write_conf.sh /etc/write_conf.sh
+
+COPY run.sh /etc/run.sh
+RUN echo hoi
+CMD ["/etc/run.sh"]

docker-nova-compute/README.md

@@ -0,0 +1,9 @@
+# ubuntu 16.04 openstack ocata nova compute node
+
+# How to build the docker image.
+```
+docker  build . -t hpc/novacompute
+```
+
+# Notes
+This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)

docker-nova-compute/run.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+# start nova compute service
+
+/etc/write_conf.sh
+
+/usr/bin/neutron-linuxbridge-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini -v -d &
+
+/usr/bin/nova-compute --config-file=/etc/nova/nova-compute.conf &
+
+sleep 3
+/usr/bin/neutron-dhcp-agent \
+--config-file /etc/neutron/neutron.conf \
+--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
+--config-file /etc/neutron/dhcp_agent.ini \
+--config-file /etc/neutron/metadata_agent.ini \
+--config-dir /etc/neutron/ \
+-v -d &
+
+sleep 3
+neutron-metadata-agent \
+--config-file /etc/neutron/neutron.conf \
+--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
+--config-file /etc/neutron/dhcp_agent.ini \
+--config-file /etc/neutron/metadata_agent.ini \
+--config-dir /etc/neutron/ \
+-v -d &
+
+# If any process fails, kill the rest.
+# This ensures the container stops and systemd will restart it.
+
+wait -n
+pkill -P $$

docker-nova-compute/write_conf.sh

@@ -0,0 +1,269 @@
+#!/bin/bash
+#
+# Generate config files from environments values.
+# These are to be passed to the docker container using -e
+
+cat << EOF > /root/admin-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=${OS_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2
+
+EOF
+
+cat << EOF > /etc/nova/nova.conf
+
+[DEFAULT]
+transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
+rabbit_host = $RABBIT_HOST
+dhcpbridge_flagfile=/etc/nova/nova.conf
+dhcpbridge=/usr/bin/nova-dhcpbridge
+force_dhcp_release=true
+state_path=/var/lib/nova
+enabled_apis=osapi_compute,metadata
+service_metadata_proxy = True
+metadata_proxy_shared_secret = $METADATA_SECRET
+my_ip = $MY_IP
+use_neutron = True
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+scheduler_default_filters = AllHostsFilter
+allow_migrate_to_same_host = True
+allow_resize_to_same_host = True
+
+
+[neutron]
+url = http://$NEUTRON_CONTROLLER_HOST:9696
+auth_url = http://$KEYSTONE_HOST:35357
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+region_name = RegionOne
+project_name = service
+username = $NEUTRON_USER
+password = $NEUTRON_PASSWORD
+
+[vnc]
+enabled = True
+vncserver_listen = 0.0.0.0
+vncserver_proxyclient_address = $MY_IP
+novncproxy_base_url = http://$NOVA_CONTROLLER_HOST:6080/vnc_auto.html
+
+[glance]
+api_servers = http://$GLANCE_CONTROLLER_HOST:9292
+
+[oslo_concurrency]
+lock_path = /var/lib/nova/tmp
+
+[api]
+auth_strategy = keystone
+
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = $NOVA_USER
+password = $NOVA_PASSWORD
+
+[api_database]
+connection = mysql+pymysql://$NOVA_COMPUTE_USER:$NOVA_PASSWORD@mariadb/nova_api
+
+[barbican]
+[cache]
+
+[cells]
+enable=False
+
+[placement]
+os_region_name = RegionOne
+project_domain_name = Default
+project_name = service
+auth_type = password
+user_domain_name = Default
+auth_url = http://$KEYSTONE_HOST:35357/v3
+username = $NOVA_PLACEMENT_USER
+password = $NOVA_PLACEMENT_PASSWORD
+
+[cinder]
+os_region_name = RegionOne
+
+[wsgi]
+api_paste_config=/etc/nova/api-paste.ini
+
+EOF
+
+
+cat << EOF > /etc/nova/nova-compute.conf
+[DEFAULT]
+compute_driver=libvirt.LibvirtDriver
+transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
+rabbit_host = $RABBIT_HOST
+dhcpbridge_flagfile=/etc/nova/nova.conf
+dhcpbridge=/usr/bin/nova-dhcpbridge
+force_dhcp_release=true
+state_path=/var/lib/nova
+enabled_apis=osapi_compute,metadata
+my_ip = $MY_IP
+use_neutron = True
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+scheduler_default_filters = AllHostsFilter
+allow_migrate_to_same_host = True
+allow_resize_to_same_host = True
+
+[libvirt]
+virt_type=kvm
+
+[vnc]
+enabled = True
+vncserver_listen = 0.0.0.0
+vncserver_proxyclient_address = $MY_IP
+novncproxy_base_url = http://$NOVA_CONTROLLER_HOST:6080/vnc_auto.html
+
+[glance]
+api_servers = http://$GLANCE_CONTROLLER_HOST:9292
+
+[oslo_concurrency]
+lock_path = /var/lib/nova/tmp
+
+[api]
+auth_strategy = keystone
+
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = $NOVA_USER
+password = $NOVA_PASSWORD
+
+[api_database]
+connection = mysql+pymysql://$NOVA_COMPUTE_USER:$NOVA_PASSWORD@mariadb/nova_api
+
+[barbican]
+[cache]
+
+[cells]
+enable=False
+
+[placement]
+os_region_name = RegionOne
+project_domain_name = Default
+project_name = service
+auth_type = password
+user_domain_name = Default
+auth_url = http://$KEYSTONE_HOST:35357/v3
+username = $NOVA_PLACEMENT_USER
+password = $NOVA_PLACEMENT_PASSWORD
+
+[wsgi]
+api_paste_config=/etc/nova/api-paste.ini
+
+[neutron]
+url = http://$NEUTRON_CONTROLLER_HOST:9696
+auth_url = http://$KEYSTONE_HOST:35357
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+region_name = RegionOne
+project_name = service
+username = $NEUTRON_USER
+password = $NEUTRON_PASSWORD
+
+[cinder]
+os_region_name = RegionOne
+
+EOF
+
+cat << EOF > /etc/neutron/neutron.conf
+[DEFAULT]
+transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
+auth_strategy = keystone
+core_plugin = ml2
+global_physnet_mtu = $GLOBAL_PHYSNET_MTU
+
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = $NEUTRON_USER
+password = $NEUTRON_PASSWORD
+
+[nova]
+auth_url = http://$KEYSTONE_HOST:35357
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+region_name = RegionOne
+project_name = service
+username = $NOVA_USER
+password = $NOVA_PASSWORD
+
+EOF
+
+cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
+
+[linux_bridge]
+physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
+
+[vxlan]
+enable_vxlan = false
+
+[securitygroup]
+enable_security_group = true
+firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+
+EOF
+
+cat << EOF > /etc/neutron/dhcp_agent.ini
+
+[DEFAULT]
+interface_driver = linuxbridge
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+enable_isolated_metadata = true
+
+EOF
+
+cat << EOF > /etc/neutron/metadata_agent.ini
+
+[DEFAULT]
+nova_metadata_ip = $NEUTRON_CONTROLLER_HOST
+metadata_proxy_shared_secret = $METADATA_SECRET
+
+EOF
+
+cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
+
+[ml2]
+type_drivers = flat,vlan
+tenant_network_types =
+mechanism_drivers = linuxbridge
+extension_drivers = port_security
+path_mtu = $GLOBAL_PHYSNET_MTU
+
+[ml2_type_vlan]
+network_vlan_ranges = provider
+
+[ml2_type_flat]
+flat_networks = provider
+
+[securitygroup]
+enable_ipset = true
+
+EOF

docker-nova-service/.gitignore

@@ -0,0 +1,8 @@
+# ---> Vim
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+

docker-nova-service/Dockerfile

@@ -0,0 +1,32 @@
+FROM ubuntu:16.04
+# install packages
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install ubuntu-cloud-keyring \
+    && apt-get -y update \
+    && apt-get -y install \
+        mysql-client \
+        python-mysqldb \
+        python-openstackclient \
+        python-oslo.cache \
+        nova-api \
+        nova-conductor \
+        nova-consoleauth \
+        nova-novncproxy \
+        nova-scheduler \
+        nova-placement-api \
+    && apt-get -y clean
+
+EXPOSE 8774
+EXPOSE 8778
+
+# add bootstrap script and make it executable
+COPY bootstrap.sh /etc/bootstrap.sh
+COPY run.sh /etc/run.sh
+COPY write_conf.sh /etc/write_conf.sh
+
+CMD ["/etc/run.sh"]

docker-nova-service/README.md

@@ -0,0 +1,24 @@
+# ubuntu 16.04 openstack ocata nova controler node
+
+# How to build the docker image.
+```
+docker  build . -t="hpc/openstack-nova-service"
+```
+
+# How to bootstrap the service.
+Before we can take the container into service we need accounts in keystone.
+We also need an initial database. Both of these tasks are performed by the bootstrap script.
+```
+docker run --rm --it --add-host="controller:<keystone_ip>" hpc/novacontroler /etc/bootstrap.sh
+```
+
+# How to run
+```
+docker run --rm --add-host="controller:<keystone_ip>" --privileged -p 8774:8774 -p 8778:8778 hpc/novacontroler /etc/run.sh
+```
+
+Where keystone_ip is the ip of the docker host where our keystone service is running.
+
+# Notes
+This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
+The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.

docker-nova-service/bootstrap.sh

@@ -0,0 +1,116 @@
+#!/bin/bash
+#
+# This script sets up the openstack users and regions..
+# as well as the database for the nova controller.
+# This guide was used:
+# https://docs.openstack.org/ocata/install-guide-ubuntu/nova-controller-install.
+
+# write the configuration files with values from the environment.
+/etc/write_conf.sh
+
+cat << EOF > /root/admin-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=${OS_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2
+
+EOF
+
+source /root/admin-openrc.sh
+
+# create database for nova
+mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
+
+DROP DATABASE  IF EXISTS nova;
+DROP DATABASE  IF EXISTS nova_compute;  -- db for nova compute service
+DROP DATABASE  IF EXISTS nova_api;
+DROP DATABASE  IF EXISTS nova_cell0;
+CREATE DATABASE nova;
+CREATE DATABASE nova_compute;
+CREATE DATABASE nova_api;
+CREATE DATABASE nova_cell0;
+
+GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
+    IDENTIFIED BY "${NOVA_PASSWORD}";
+
+GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
+    IDENTIFIED BY "${NOVA_PASSWORD}";
+
+GRANT ALL PRIVILEGES ON nova_compute.* TO 'nova_compute'@'localhost' \
+    IDENTIFIED BY "${NOVA_PASSWORD}";
+
+GRANT ALL PRIVILEGES ON nova_compute.* TO 'nova_compute'@'%' \
+    IDENTIFIED BY "${NOVA_PASSWORD}";
+
+GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
+    IDENTIFIED BY "${NOVA_PASSWORD}";
+
+GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
+    IDENTIFIED BY "${NOVA_PASSWORD}";
+
+GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
+    IDENTIFIED BY "${NOVA_PASSWORD}";
+
+GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
+    IDENTIFIED BY "${NOVA_PASSWORD}";
+
+EOF
+
+openstack user create nova --domain default --password "$NOVA_PASSWORD"
+openstack role add --project service --user nova admin
+openstack service create --name nova --description "OpenStack Compute" compute
+
+# compute endpoints
+openstack endpoint create --region RegionOne \
+    compute public http://"$MY_IP":8774/v2.1
+
+openstack endpoint create --region RegionOne \
+    compute internal http://"$MY_IP":8774/v2.1
+
+openstack endpoint create --region RegionOne \
+    compute admin http://"$MY_IP":8774/v2.1
+
+openstack user create --domain default --password "$NOVA_PLACEMENT_PASSWORD" placement
+openstack role add --project service --user placement admin
+
+openstack service create --name placement --description "Placement API" placement
+
+# placement endpoints
+openstack endpoint create --region RegionOne placement public http://"$MY_IP":8778
+openstack endpoint create --region RegionOne placement internal http://"$MY_IP":8778
+openstack endpoint create --region RegionOne placement admin http://"$MY_IP":8778
+
+#Populate the nova-api database
+nova-manage api_db sync
+
+# Register the cell0 database:
+nova-manage cell_v2 map_cell0
+
+# Create the cel1 cell
+nova-manage cell_v2 create_cell --name=cell1 --verbose
+
+# sync the database
+nova-manage db sync
+
+e nova_api;
+
+# Prevent crashes when nova api server tries to insert None in config_drive
+mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
+
+alter table nova_api.build_requests drop constraint CONSTRAINT_1;
+
+EOF
+
+# https://bugs.launchpad.net/packstack/+bug/1673305
+# discover compute hosts.
+nova-manage cell_v2 discover_hosts
+
+# Verify nova cell0 and cell1 are registered correctly:
+nova-manage cell_v2 list_cells

docker-nova-service/run.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+# start nova service
+
+# write the configuration files with values from the environment.
+/etc/write_conf.sh
+
+nova-api -v -d &
+sleep 3
+nova-consoleauth -v -d &
+sleep 3
+nova-scheduler -v -d &
+sleep 3
+nova-conductor -v -d &
+sleep 3
+nova-novncproxy -v -d &
+# start the placement api
+apachectl -DFOREGROUND &
+
+# If any process fails, kill the rest.
+# This insures the container stops and systemd will restart it.
+
+wait -n
+pkill -P $$

docker-nova-service/write_conf.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+#
+# Generate config files from environments values.
+# These are to be passed to the docker container using -e
+
+cat << EOF > /etc/nova/nova.conf
+
+[api_database]
+connection = mysql+pymysql://$NOVA_USER:$NOVA_PASSWORD@mariadb/nova_api
+
+[database]
+connection = mysql+pymysql://$NOVA_USER:$NOVA_PASSWORD@mariadb/nova
+
+[DEFAULT]
+use_neutron = True
+my_ip = $MY_IP
+transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
+scheduler_default_filters = AllHostsFilter
+allow_migrate_to_same_host = True
+allow_resize_to_same_host = True
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+enabled_apis=osapi_compute,metadata
+
+[neutron]
+url = http://$NEUTRON_CONTROLLER_HOST:9696
+auth_url = http://$KEYSTONE_HOST:35357
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+region_name = RegionOne
+project_name = service
+username = $NEUTRON_USER
+password = $NEUTRON_PASSWORD
+service_metadata_proxy = True
+metadata_proxy_shared_secret = $METADATA_SECRET
+
+[api]
+auth_strategy = keystone
+
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = $NOVA_USER
+password = $NOVA_PASSWORD
+
+[vnc]
+enabled = true
+vncserver_listen = $MY_IP
+vncserver_proxyclient_address = $MY_IP
+
+[glance]
+api_servers = http://$GLANCE_CONTROLLER_HOST:9292
+
+[oslo_concurrency]
+lock_path = /var/lib/nova/tmp
+
+[placement]
+os_region_name = RegionOne
+project_domain_name = Default
+project_name = service
+auth_type = password
+user_domain_name = Default
+auth_url = http://$KEYSTONE_HOST:35357/v3
+username = $NOVA_PLACEMENT_USER
+password = $NOVA_PLACEMENT_PASSWORD
+
+[cinder]
+os_region_name = RegionOne
+
+EOF

docker-openstack-client/.gitignore

@@ -0,0 +1,8 @@
+# ---> Vim
+[._]*.s[a-w][a-z]
+[._]s[a-w][a-z]
+*.un~
+Session.vim
+.netrwhist
+*~
+

docker-openstack-client/Dockerfile

@@ -0,0 +1,19 @@
+FROM ubuntu:16.04
+# install packages
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install ubuntu-cloud-keyring \
+    && apt-get -y update \
+    && apt-get -y install \
+        python-openstackclient \
+    && apt-get -y clean
+
+# add bootstrap script and make it executable
+COPY admin-openrc.sh /root/admin-openrc.sh
+
+COPY demo-openrc.sh /root/demo-openrc.sh
+

docker-openstack-client/README.md

@@ -0,0 +1,21 @@
+# ubuntu 16.04 openstack ocata neutron controler node
+
+## How to build the docker image.
+```
+docker  build . -t="hpc/neutroncontroller"
+```
+
+## How to bootstrap the service.
+Before we can take the container into service we need accounts in keystone.
+We also need an initial database. Both of these tasks are performed by the bootstrap script.
+```
+docker run --rm --it --add-host="controller:<keystone_ip>" hpc/neutroncontroler /etc/bootstrap.sh
+```
+
+## How to run
+This image needs a lot of environment variables. It should be run via the `hpc-cloud` ansible repository.
+
+
+## Notes
+This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
+The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.

docker-openstack-client/bootstrap.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
+cat << EOF > /root/admin-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=${OS_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+EOF
+
+# Create demo-openrc.sh
+cat << EOF > /root/demo-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=demo
+export OS_USERNAME=demo
+export OS_PASSWORD=${OS_DEMO_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+EOF

docker-openstack-client/demo-openrc.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# a admin-openrc.sh file
+KEYSTONE_HOST=keystone  # to be set via docker run --host option
+export OS_IDENTITY_API_VERSION=3
+export OS_USERNAME=demo
+export OS_PASSWORD=geheim
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:5000/v3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=demo
+export OS_IMAGE_API_VERSION=2