First commit
(Contains all the master branches of the previous repositories)
This commit is contained in:
commit
b6c6533824
8
docker-cinder-controller/.gitignore
vendored
Normal file
8
docker-cinder-controller/.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
# ---> Vim
|
||||
[._]*.s[a-w][a-z]
|
||||
[._]s[a-w][a-z]
|
||||
*.un~
|
||||
Session.vim
|
||||
.netrwhist
|
||||
*~
|
||||
|
32
docker-cinder-controller/Dockerfile
Normal file
32
docker-cinder-controller/Dockerfile
Normal file
@ -0,0 +1,32 @@
|
||||
FROM ubuntu:16.04
|
||||
# install packages
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install ubuntu-cloud-keyring \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
mysql-client \
|
||||
python-mysqldb \
|
||||
python-openstackclient \
|
||||
python-oslo.cache \
|
||||
cinder-api \
|
||||
cinder-scheduler \
|
||||
&& apt-get -y clean
|
||||
|
||||
EXPOSE 8776
|
||||
|
||||
#file that writes configs
|
||||
COPY write_conf.sh /etc/write_conf.sh
|
||||
# add bootstrap script and make it executable
|
||||
COPY bootstrap.sh /etc/bootstrap.sh
|
||||
|
||||
COPY run.sh /etc/run.sh
|
||||
|
||||
RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
|
||||
RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
|
||||
|
||||
CMD ["/etc/run.sh"]
|
41
docker-cinder-controller/README.md
Normal file
41
docker-cinder-controller/README.md
Normal file
@ -0,0 +1,41 @@
|
||||
# How to build
|
||||
```
|
||||
docker build . -t hpc/openstack-cinder-controller
|
||||
```
|
||||
|
||||
# Bootstrap
|
||||
```
|
||||
docker run --rm
|
||||
-e "MY_IP={{ ansible_default_ipv4.address }}"
|
||||
-e "CINDER_HOST={{ hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
|
||||
-e "CINDER_USER=cinder"
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||
-e "RABBIT_USER=openstack"
|
||||
hpc/openstack-cinder /etc/bootstrap.sh
|
||||
|
||||
```
|
||||
|
||||
# Run an image
|
||||
|
||||
```
|
||||
/usr/bin/docker run \
|
||||
-e "MY_IP={{ ansible_default_ipv4.address }}"
|
||||
-e "CINDER_HOST={{ hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
|
||||
-e "CINDER_USER=cinder"
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||
-e "RABBIT_USER=openstack"
|
||||
-p 8776:8776 \
|
||||
hpc/openstack-cinder-controller
|
||||
```
|
17
docker-cinder-controller/admin-openrc.sh
Normal file
17
docker-cinder-controller/admin-openrc.sh
Normal file
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
# a admin-openrc.sh file
|
||||
export MYSQL_ROOT_PASSWORD="geheim"
|
||||
|
||||
# To create the Identity service credentials
|
||||
GLANCE_USER_NAME=glance
|
||||
GLANCE_PASSWORD=geheim
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=geheim
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
48
docker-cinder-controller/bootstrap.sh
Executable file
48
docker-cinder-controller/bootstrap.sh
Executable file
@ -0,0 +1,48 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
|
||||
cat << EOF > /root/admin-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=${OS_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
||||
EOF
|
||||
|
||||
source /root/admin-openrc.sh
|
||||
|
||||
# Write the config files
|
||||
/etc/write_conf.sh
|
||||
|
||||
# create database for cinder
|
||||
mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
|
||||
drop database if exists cinder;
|
||||
create database cinder;
|
||||
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY "$CINDER_PASSWORD";
|
||||
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY "$CINDER_PASSWORD";
|
||||
EOF
|
||||
|
||||
openstack user create cinder --domain default --password "$CINDER_PASSWORD"
|
||||
openstack role add --user cinder --project service admin
|
||||
|
||||
openstack service create --name cinderv2 --description "OpenStack Block Service" volumev2
|
||||
openstack service create --name cinderv3 --description "OpenStack Block Service" volumev3
|
||||
|
||||
openstack endpoint create volumev2 public http://"${CINDER_HOST}":8776/v2/%\(project_id\)s --region RegionOne
|
||||
openstack endpoint create volumev2 internal http://"${CINDER_HOST}":8776/v2/%\(project_id\)s --region RegionOne
|
||||
openstack endpoint create volumev2 admin http://"${CINDER_HOST}":8776/v2/%\(project_id\)s --region RegionOne
|
||||
|
||||
openstack endpoint create volumev3 public http://"${CINDER_HOST}":8776/v3/%\(project_id\)s --region RegionOne
|
||||
openstack endpoint create volumev3 internal http://"${CINDER_HOST}":8776/v3/%\(project_id\)s --region RegionOne
|
||||
openstack endpoint create volumev3 admin http://"${CINDER_HOST}":8776/v3/%\(project_id\)s --region RegionOne
|
||||
|
||||
# sync the database
|
||||
cinder-manage db sync
|
||||
|
||||
|
14
docker-cinder-controller/run.sh
Executable file
14
docker-cinder-controller/run.sh
Executable file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Write the config files
|
||||
/etc/write_conf.sh
|
||||
# start glance service
|
||||
cinder-scheduler -d &
|
||||
sleep 5
|
||||
apachectl -DFOREGROUND &
|
||||
|
||||
# If any process fails, kill the rest.
|
||||
# This ensures the container stops and systemd will restart it.
|
||||
|
||||
wait -n
|
||||
pkill -P $$
|
30
docker-cinder-controller/write_conf.sh
Executable file
30
docker-cinder-controller/write_conf.sh
Executable file
@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Generate config files from environments values.
|
||||
# These are to be passed to the docker container using -e
|
||||
|
||||
cat << EOF > /etc/cinder/cinder.conf
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://$CINDER_USER:$CINDER_PASSWORD@$MYSQL_HOST/cinder
|
||||
|
||||
[DEFAULT]
|
||||
auth_strategy = keystone
|
||||
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
|
||||
my_ip = $MY_IP
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://$KEYSTONE_HOST:5000
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
memcached_servers = $MEMCACHED_HOST:11211
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
project_name = service
|
||||
username = $CINDER_USER
|
||||
password = $CINDER_PASSWORD
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/cinder/tmp
|
||||
|
||||
EOF
|
8
docker-cinder-storage/.gitignore
vendored
Normal file
8
docker-cinder-storage/.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
# ---> Vim
|
||||
[._]*.s[a-w][a-z]
|
||||
[._]s[a-w][a-z]
|
||||
*.un~
|
||||
Session.vim
|
||||
.netrwhist
|
||||
*~
|
||||
|
36
docker-cinder-storage/Dockerfile
Normal file
36
docker-cinder-storage/Dockerfile
Normal file
@ -0,0 +1,36 @@
|
||||
FROM ubuntu:16.04
|
||||
# install packages
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install ubuntu-cloud-keyring \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
cinder-volume \
|
||||
mysql-client \
|
||||
python-mysqldb \
|
||||
python-openstackclient \
|
||||
python-oslo.cache \
|
||||
lvm2 \
|
||||
tgt \
|
||||
|
||||
&& apt-get -y clean
|
||||
|
||||
EXPOSE 8776
|
||||
|
||||
#file that writes configs
|
||||
COPY write_conf.sh /etc/write_conf.sh
|
||||
# add bootstrap script and make it executable
|
||||
COPY bootstrap.sh /etc/bootstrap.sh
|
||||
|
||||
COPY run.sh /etc/run.sh
|
||||
|
||||
COPY lvm.conf /etc/lvm/lvm.conf
|
||||
|
||||
RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
|
||||
RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
|
||||
|
||||
CMD ["/etc/run.sh"]
|
41
docker-cinder-storage/README.md
Normal file
41
docker-cinder-storage/README.md
Normal file
@ -0,0 +1,41 @@
|
||||
# How to build
|
||||
```
|
||||
docker build . -t hpc/openstack-cinder-storage
|
||||
```
|
||||
|
||||
# Bootstrap
|
||||
```
|
||||
docker run --rm
|
||||
-e "MY_IP={{ ansible_default_ipv4.address }}"
|
||||
-e "CINDER_HOST={{ hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
|
||||
-e "CINDER_USER=cinder"
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||
-e "RABBIT_USER=openstack"
|
||||
hpc/openstack-cinder /etc/bootstrap.sh
|
||||
|
||||
```
|
||||
|
||||
# Run an image
|
||||
|
||||
```
|
||||
/usr/bin/docker run \
|
||||
-e "MY_IP={{ ansible_default_ipv4.address }}"
|
||||
-e "CINDER_HOST={{ hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
|
||||
-e "CINDER_USER=cinder"
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
||||
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
|
||||
-e "RABBIT_USER=openstack"
|
||||
-p 8776:8776 \
|
||||
hpc/openstack-cinder-storage
|
||||
```
|
17
docker-cinder-storage/admin-openrc.sh
Normal file
17
docker-cinder-storage/admin-openrc.sh
Normal file
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
# a admin-openrc.sh file
|
||||
export MYSQL_ROOT_PASSWORD="geheim"
|
||||
|
||||
# To create the Identity service credentials
|
||||
GLANCE_USER_NAME=glance
|
||||
GLANCE_PASSWORD=geheim
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=geheim
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
27
docker-cinder-storage/bootstrap.sh
Executable file
27
docker-cinder-storage/bootstrap.sh
Executable file
@ -0,0 +1,27 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
|
||||
cat << EOF > /root/admin-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=${OS_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
||||
EOF
|
||||
|
||||
source /root/admin-openrc.sh
|
||||
|
||||
# Write the config files
|
||||
/etc/write_conf.sh
|
||||
|
||||
# create a LVM physical volume and volume group.
|
||||
# This device should be available tpo the container
|
||||
pvcreate /dev/cinder_storage_volume
|
||||
vgcreate cinder-volumes /dev/cinder_storage_volume
|
||||
|
1887
docker-cinder-storage/lvm.conf
Normal file
1887
docker-cinder-storage/lvm.conf
Normal file
File diff suppressed because it is too large
Load Diff
14
docker-cinder-storage/run.sh
Executable file
14
docker-cinder-storage/run.sh
Executable file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Write the config files
|
||||
/etc/write_conf.sh
|
||||
# start cinder processes.
|
||||
tgtd
|
||||
|
||||
cinder-volume -d &
|
||||
|
||||
# If any process fails, kill the rest.
|
||||
# This ensures the container stops and systemd will restart it.
|
||||
|
||||
wait -n
|
||||
pkill -P $$
|
39
docker-cinder-storage/write_conf.sh
Executable file
39
docker-cinder-storage/write_conf.sh
Executable file
@ -0,0 +1,39 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Generate config files from environments values.
|
||||
# These are to be passed to the docker container using -e
|
||||
|
||||
cat << EOF > /etc/cinder/cinder.conf
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://$CINDER_USER:$CINDER_PASSWORD@$MYSQL_HOST/cinder
|
||||
|
||||
[DEFAULT]
|
||||
auth_strategy = keystone
|
||||
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
|
||||
my_ip = $MY_IP
|
||||
enabled_backends = lvm
|
||||
glance_api_servers = http://$GLANCE_HOST:9292
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://$KEYSTONE_HOST:5000
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
memcached_servers = $MEMCACHED_HOST:11211
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
project_name = service
|
||||
username = $CINDER_USER
|
||||
password = $CINDER_PASSWORD
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/cinder/tmp
|
||||
|
||||
[lvm]
|
||||
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
|
||||
volume_group = cinder-volumes
|
||||
iscsi_protocol = iscsi
|
||||
iscsi_helper = tgtadm
|
||||
volumes_dir = /var/lib/cinder/volumes
|
||||
|
||||
EOF
|
1
docker-glance/.gitignore
vendored
Normal file
1
docker-glance/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
build.sh
|
32
docker-glance/Dockerfile
Normal file
32
docker-glance/Dockerfile
Normal file
@ -0,0 +1,32 @@
|
||||
FROM ubuntu:16.04
|
||||
# install packages
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install ubuntu-cloud-keyring \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
mysql-client \
|
||||
glance \
|
||||
python-mysqldb \
|
||||
python-openstackclient \
|
||||
python-oslo.cache \
|
||||
&& apt-get -y clean \
|
||||
&& rm -f /var/lib/glance/glance.sqlite
|
||||
|
||||
EXPOSE 9292
|
||||
|
||||
#file that writes configs
|
||||
COPY write_conf.sh /etc/write_conf.sh
|
||||
# add bootstrap script and make it executable
|
||||
COPY bootstrap.sh /etc/bootstrap.sh
|
||||
|
||||
COPY run.sh /etc/run.sh
|
||||
|
||||
RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
|
||||
RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
|
||||
|
||||
CMD ["/etc/run.sh"]
|
33
docker-glance/README.md
Normal file
33
docker-glance/README.md
Normal file
@ -0,0 +1,33 @@
|
||||
# How to build
|
||||
```
|
||||
docker build . -t hpc/openstack-glance
|
||||
```
|
||||
|
||||
# Bootstrap
|
||||
```
|
||||
docker run --rm
|
||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "MYSQL_ROOT_PASSWORD=geheim"
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "GLANCE_HOST={{ hostvars[groups['glance'][0]]['ansible_default_ipv4']['address'] }}"
|
||||
-e "GLANCE_PASSWORD=geheim"
|
||||
hpc/openstack-glance /etc/bootstrap.sh
|
||||
|
||||
```
|
||||
|
||||
# Run an image
|
||||
|
||||
```
|
||||
/usr/bin/docker run --name %n \
|
||||
-e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "MYSQL_ROOT_PASSWORD=geheim" \
|
||||
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "GLANCE_HOST={{ hostvars[groups['glance'][0]]['ansible_default_ipv4']['address'] }}" \
|
||||
-e "GLANCE_PASSWORD=geheim" \
|
||||
-p 9292:9292 \
|
||||
hpc/openstack-glance
|
||||
```
|
16
docker-glance/admin-openrc.sh
Normal file
16
docker-glance/admin-openrc.sh
Normal file
@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
# a admin-openrc.sh file
|
||||
|
||||
# To create the Identity service credentials
|
||||
GLANCE_USER_NAME=glance
|
||||
GLANCE_PASSWORD=geheim
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=geheim
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
45
docker-glance/bootstrap.sh
Executable file
45
docker-glance/bootstrap.sh
Executable file
@ -0,0 +1,45 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
|
||||
cat << EOF > /root/admin-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=${OS_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
export GLANCE_USER_NAME=glance
|
||||
export GLANCE_PASSWORD=${GLANCE_PASSWORD}
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
||||
EOF
|
||||
|
||||
source /root/admin-openrc.sh
|
||||
|
||||
# Write the config files
|
||||
/etc/write_conf.sh
|
||||
|
||||
# create database for glance
|
||||
mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
|
||||
drop database if exists glance;
|
||||
create database glance;
|
||||
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY "$GLANCE_PASSWORD";
|
||||
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY "$GLANCE_PASSWORD";
|
||||
EOF
|
||||
|
||||
openstack user create "$GLANCE_USER" --domain default --password "$GLANCE_PASSWORD"
|
||||
openstack role add --user glance --project service admin
|
||||
openstack service create --name glance --description "OpenStack Image Service" image
|
||||
openstack endpoint create glance admin http://"${GLANCE_HOST}":9292 --region RegionOne
|
||||
openstack endpoint create glance public http://"${GLANCE_HOST}":9292 --region RegionOne
|
||||
openstack endpoint create glance internal http://"${GLANCE_HOST}":9292 --region RegionOne
|
||||
|
||||
# Workaround, see https://bugs.launchpad.net/glance/+bug/1697835
|
||||
sed -i "/op.drop_index('ix_images_is_public', 'images')/a \ \ \ \ op.execute(\"\"\"ALTER TABLE images DROP CONSTRAINT CONSTRAINT_1\"\"\")" \
|
||||
/usr/lib/python2.7/dist-packages/glance/db/sqlalchemy/alembic_migrations/versions/ocata01_add_visibility_remove_is_public.py
|
||||
|
||||
# sync the database
|
||||
su -s /bin/sh -c "glance-manage db_sync" glance
|
14
docker-glance/run.sh
Executable file
14
docker-glance/run.sh
Executable file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Write the config files
|
||||
/etc/write_conf.sh
|
||||
# start glance service
|
||||
glance-registry -v -d &
|
||||
sleep 5
|
||||
glance-api -v -d &
|
||||
|
||||
# If any process fails, kill the rest.
|
||||
# This insures the container stops and systemd will restart it.
|
||||
|
||||
wait -n
|
||||
pkill -P $$
|
78
docker-glance/write_conf.sh
Executable file
78
docker-glance/write_conf.sh
Executable file
@ -0,0 +1,78 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Generate config files from environments values.
|
||||
# These are to be passed to the docker container using -e
|
||||
|
||||
cat << EOF > /etc/glance/glance-api.conf
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://$GLANCE_USER:$GLANCE_PASSWORD@$MYSQL_HOST/glance
|
||||
[image_format]
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://$KEYSTONE_HOST:5000
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
memcached_servers = $MEMCACHED_HOST:11211
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
project_name = service
|
||||
username = glance
|
||||
password = $GLANCE_PASSWORD
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
driver = messagingv2
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
rabbit_host = $RABBIT_HOST
|
||||
rabbit_userid = $RABBIT_USER
|
||||
rabbit_password = $RABBIT_PASSWORD
|
||||
|
||||
[paste_deploy]
|
||||
flavor = keystone
|
||||
|
||||
|
||||
[glance_store]
|
||||
stores = file,http
|
||||
default_store = file
|
||||
filesystem_store_datadir = /var/lib/glance/images/
|
||||
|
||||
EOF
|
||||
|
||||
|
||||
cat << EOF > /etc/glance/glance-registry.conf
|
||||
|
||||
[DEFAULT]
|
||||
workers = 4
|
||||
rpc_backend = rabbit
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://$GLANCE_USER:$GLANCE_PASSWORD@$MYSQL_HOST/glance
|
||||
|
||||
[glance_store]
|
||||
stores = file,http
|
||||
default_store = file
|
||||
filesystem_store_datadir = /var/lib/glance/images/
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://$KEYSTONE_HOST:5000
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
memcached_servers = $MEMCACHED_HOST:11211
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
project_name = service
|
||||
username = glance
|
||||
password = $GLANCE_PASSWORD
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
driver = messagingv2
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
rabbit_host = $RABBIT_HOST
|
||||
rabbit_userid = $RABBIT_USER
|
||||
rabbit_password = $RABBIT_PASSWORD
|
||||
|
||||
[paste_deploy]
|
||||
flavor = keystone
|
||||
|
||||
EOF
|
8
docker-heat/.gitignore
vendored
Normal file
8
docker-heat/.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
# ---> Vim
|
||||
[._]*.s[a-w][a-z]
|
||||
[._]s[a-w][a-z]
|
||||
*.un~
|
||||
Session.vim
|
||||
.netrwhist
|
||||
*~
|
||||
|
34
docker-heat/Dockerfile
Normal file
34
docker-heat/Dockerfile
Normal file
@ -0,0 +1,34 @@
|
||||
FROM ubuntu:16.04
|
||||
# install packages
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install ubuntu-cloud-keyring \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
mysql-client \
|
||||
python-mysqldb \
|
||||
python-openstackclient \
|
||||
python-oslo.cache \
|
||||
heat-api \
|
||||
heat-api-cfn \
|
||||
heat-engine \
|
||||
&& apt-get -y clean
|
||||
|
||||
EXPOSE 8000
|
||||
EXPOSE 8004
|
||||
|
||||
#file that writes configs
|
||||
COPY write_conf.sh /etc/write_conf.sh
|
||||
# add bootstrap script and make it executable
|
||||
COPY bootstrap.sh /etc/bootstrap.sh
|
||||
|
||||
COPY run.sh /etc/run.sh
|
||||
|
||||
RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
|
||||
RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
|
||||
|
||||
CMD ["/etc/run.sh"]
|
8
docker-heat/README.md
Normal file
8
docker-heat/README.md
Normal file
@ -0,0 +1,8 @@
|
||||
# Openstack heat
|
||||
This docker image provides [Openstack Heat](https://wiki.openstack.org/wiki/Heat). It is meant to be run as part of the [HPC Cloud](https://git.webhosting.rug.nl/HPC/hpc-cloud).
|
||||
|
||||
## How to build
|
||||
```
|
||||
docker build . -t hpc/openstack-heat
|
||||
|
||||
```
|
13
docker-heat/admin-openrc.sh
Normal file
13
docker-heat/admin-openrc.sh
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
|
||||
# To create the Identity service credentials
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=geheim
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
57
docker-heat/bootstrap.sh
Executable file
57
docker-heat/bootstrap.sh
Executable file
@ -0,0 +1,57 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
|
||||
cat << EOF > /root/admin-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=${OS_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
export HEAT_USER=heat
|
||||
export HEAT_PASSWORD=${HEAT_PASSWORD}
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
||||
EOF
|
||||
|
||||
source /root/admin-openrc.sh
|
||||
|
||||
# Write the config files
|
||||
/etc/write_conf.sh
|
||||
|
||||
# create database for heat
|
||||
mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
|
||||
drop database if exists heat;
|
||||
create database heat;
|
||||
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY "$HEAT_PASSWORD";
|
||||
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY "$HEAT_PASSWORD";
|
||||
EOF
|
||||
|
||||
openstack user create "$HEAT_USER" --domain Default --password "$HEAT_PASSWORD"
|
||||
openstack role add --project service --user heat admin
|
||||
|
||||
openstack service create --name heat --description "Orchestration" orchestration
|
||||
openstack service create --name heat-cfn --description "Orchestration" cloudformation
|
||||
|
||||
openstack endpoint create orchestration public http://"${HEAT_HOST}":8004/v1/%\(tenant_id\)s --region RegionOne
|
||||
openstack endpoint create orchestration internal http://"${HEAT_HOST}":8004/v1/%\(tenant_id\)s --region RegionOne
|
||||
openstack endpoint create orchestration admin http://"${HEAT_HOST}":8004/v1/%\(tenant_id\)s --region RegionOne
|
||||
|
||||
openstack endpoint create cloudformation public http://"${HEAT_HOST}":8000/v1 --region RegionOne
|
||||
openstack endpoint create cloudformation internal http://"${HEAT_HOST}":8000/v1 --region RegionOne
|
||||
openstack endpoint create cloudformation admin http://"${HEAT_HOST}":8000/v1 --region RegionOne
|
||||
|
||||
openstack domain create --description "Stack projects and users" heat
|
||||
|
||||
openstack user create --domain heat --password "$HEAT_PASSWORD" heat_domain_admin
|
||||
openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
|
||||
|
||||
openstack role create heat_stack_owner
|
||||
openstack role add --project demo --user demo heat_stack_owner
|
||||
openstack role create heat_stack_user
|
||||
|
||||
# sync the database
|
||||
su -s /bin/sh -c "heat-manage db_sync" heat
|
15
docker-heat/run.sh
Executable file
15
docker-heat/run.sh
Executable file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Write the config files
|
||||
/etc/write_conf.sh
|
||||
|
||||
heat-api -v -d &
|
||||
sleep 5
|
||||
heat-api-cfn -v -d &
|
||||
sleep 5
|
||||
heat-engine -v -d &
|
||||
# If any process fails, kill the rest.
|
||||
# This insures the container stops and systemd will restart it.
|
||||
|
||||
wait -n
|
||||
pkill -P $$
|
35
docker-heat/write_conf.sh
Executable file
35
docker-heat/write_conf.sh
Executable file
@ -0,0 +1,35 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Generate config files from environments values.
|
||||
# These are to be passed to the docker container using -e
|
||||
|
||||
cat << EOF > /etc/heat/heat.conf
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://heat:$HEAT_PASSWORD@$MYSQL_HOST/heat
|
||||
|
||||
[DEFAULT]
|
||||
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
|
||||
heat_metadata_server_url = http://$HEAT_HOST:8000
|
||||
heat_waitcondition_server_url = http://$HEAT_HOST:8000/v1/waitcondition
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://$KEYSTONE_HOST:5000
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
memcached_servers = $MEMCACHED_HOST:11211
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
project_name = service
|
||||
username = $HEAT_USER
|
||||
password = $HEAT_PASSWORD
|
||||
|
||||
[trustee]
|
||||
auth_plugin = password
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
username = $HEAT_USER
|
||||
password = $HEAT_PASSWORD
|
||||
user_domain_name = Default
|
||||
|
||||
EOF
|
8
docker-horizon/.gitignore
vendored
Normal file
8
docker-horizon/.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
# ---> Vim
|
||||
[._]*.s[a-w][a-z]
|
||||
[._]s[a-w][a-z]
|
||||
*.un~
|
||||
Session.vim
|
||||
.netrwhist
|
||||
*~
|
||||
|
11
docker-horizon/000-default.conf
Normal file
11
docker-horizon/000-default.conf
Normal file
@ -0,0 +1,11 @@
|
||||
<VirtualHost *:80>
|
||||
RedirectMatch "^/$" "/horizon"
|
||||
ServerAdmin webmaster@localhost
|
||||
DocumentRoot /var/www/html
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
35
docker-horizon/Dockerfile
Normal file
35
docker-horizon/Dockerfile
Normal file
@ -0,0 +1,35 @@
|
||||
# Build keystone. It needs to be run with
|
||||
# --add-host=mariadb:<ip mariadb listens tp>
|
||||
# Wen starting with an initialized db,
|
||||
# run keystone-manage db_sync from this docker first:
|
||||
# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
|
||||
|
||||
FROM ubuntu:16.04
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
&& apt-get -y install openstack-dashboard \
|
||||
python-openstackclient \
|
||||
&& apt-get -y clean
|
||||
|
||||
EXPOSE 80
|
||||
|
||||
COPY local_settings.py /etc/openstack-dashboard/local_settings.py
|
||||
|
||||
# Add a redirect to /keystone instead of the "It works! page"
|
||||
COPY 000-default.conf /etc/apache2/sites-available
|
||||
|
||||
RUN chown -R www-data: /var/lib/openstack-dashboard/
|
||||
|
||||
RUN touch /var/log/horizon.log
|
||||
|
||||
RUN chown www-data: /var/log/horizon.log
|
||||
|
||||
RUN chown horizon: /var/lib/openstack-dashboard/secret_key
|
||||
|
||||
CMD apachectl -DFOREGROUND
|
||||
|
9
docker-horizon/README.md
Normal file
9
docker-horizon/README.md
Normal file
@ -0,0 +1,9 @@
|
||||
# docker-horizon
|
||||
|
||||
Docker image to build horizon
|
||||
|
||||
To run, use the following command:
|
||||
|
||||
```
|
||||
docker run -e "MEMCACHED_SERVER=172.23.38.123" -e "OPENSTACK_HOST=172.23.38.123" -it --rm
|
||||
```
|
13
docker-horizon/admin-openrc.sh
Normal file
13
docker-horizon/admin-openrc.sh
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
|
||||
# To create the Identity service credentials
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=geheim
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
518
docker-horizon/local_settings.py
Normal file
518
docker-horizon/local_settings.py
Normal file
@ -0,0 +1,518 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import os
|
||||
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
from horizon.utils import secret_key
|
||||
|
||||
from openstack_dashboard.settings import HORIZON_CONFIG
|
||||
|
||||
DEBUG = False
|
||||
|
||||
WEBROOT = '/'
|
||||
|
||||
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
|
||||
|
||||
SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key')
|
||||
|
||||
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
|
||||
|
||||
MEMCACHED_SERVER = os.environ['MEMCACHED_SERVER']
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
|
||||
'LOCATION': '{}:11211'.format(MEMCACHED_SERVER),
|
||||
},
|
||||
}
|
||||
|
||||
# Send email to the console by default
|
||||
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
||||
|
||||
# Configure these for your outgoing email host
|
||||
#EMAIL_HOST = 'smtp.my-company.com'
|
||||
#EMAIL_PORT = 25
|
||||
#EMAIL_HOST_USER = 'djangomail'
|
||||
#EMAIL_HOST_PASSWORD = 'top-secret!'
|
||||
|
||||
OPENSTACK_HOST = os.environ['KEYSTONE_HOST']
|
||||
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
|
||||
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
|
||||
|
||||
|
||||
OPENSTACK_API_VERSIONS = {
|
||||
"identity": 3,
|
||||
"image": 2,
|
||||
"volume": 2,
|
||||
}
|
||||
|
||||
|
||||
# Disable SSL certificate checks (useful for self-signed certificates):
|
||||
#OPENSTACK_SSL_NO_VERIFY = True
|
||||
|
||||
# The CA certificate to use to verify SSL connections
|
||||
#OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
|
||||
|
||||
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
|
||||
# capabilities of the auth backend for Keystone.
|
||||
# If Keystone has been configured to use LDAP as the auth backend then set
|
||||
# can_edit_user to False and name to 'ldap'.
|
||||
#
|
||||
# TODO(tres): Remove these once Keystone has an API to identify auth backend.
|
||||
OPENSTACK_KEYSTONE_BACKEND = {
|
||||
'name': 'native',
|
||||
'can_edit_user': True,
|
||||
'can_edit_group': True,
|
||||
'can_edit_project': True,
|
||||
'can_edit_domain': True,
|
||||
'can_edit_role': True,
|
||||
}
|
||||
|
||||
# Setting this to True, will add a new "Retrieve Password" action on instance,
|
||||
# allowing Admin session password retrieval/decryption.
|
||||
#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
|
||||
|
||||
# Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
|
||||
# determine the experience to enable. Set them both to true to enable
|
||||
# both.
|
||||
#LAUNCH_INSTANCE_LEGACY_ENABLED = True
|
||||
#LAUNCH_INSTANCE_NG_ENABLED = False
|
||||
|
||||
# The Xen Hypervisor has the ability to set the mount point for volumes
|
||||
# attached to instances (other Hypervisors currently do not). Setting
|
||||
# can_set_mount_point to True will add the option to set the mount point
|
||||
# from the UI.
|
||||
OPENSTACK_HYPERVISOR_FEATURES = {
|
||||
'can_set_mount_point': False,
|
||||
'can_set_password': False,
|
||||
'requires_keypair': False,
|
||||
'enable_quotas': True
|
||||
}
|
||||
|
||||
# The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
|
||||
# services provided by cinder that is not exposed by its extension API.
|
||||
OPENSTACK_CINDER_FEATURES = {
|
||||
'enable_backup': False,
|
||||
}
|
||||
|
||||
# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
|
||||
# services provided by neutron. Options currently available are load
|
||||
# balancer service, security groups, quotas, VPN service.
|
||||
OPENSTACK_NEUTRON_NETWORK = {
|
||||
'enable_router': False,
|
||||
'enable_quotas': False,
|
||||
'enable_ipv6': False,
|
||||
'enable_distributed_router': False,
|
||||
'enable_ha_router': False,
|
||||
'enable_lb': False,
|
||||
'enable_firewall': False,
|
||||
'enable_vpn': False,
|
||||
'enable_fip_topology_check': False,
|
||||
|
||||
# profile_support can be turned on if needed.
|
||||
'profile_support': None,
|
||||
#'profile_support': 'cisco',
|
||||
'supported_vnic_types': ['*'],
|
||||
}
|
||||
|
||||
# The OPENSTACK_HEAT_STACK settings can be used to disable password
|
||||
# field required while launching the stack.
|
||||
OPENSTACK_HEAT_STACK = {
|
||||
'enable_user_pass': True,
|
||||
}
|
||||
|
||||
#OPENSTACK_IMAGE_BACKEND = {
|
||||
# 'image_formats': [
|
||||
# ('', _('Select format')),
|
||||
# ('aki', _('AKI - Amazon Kernel Image')),
|
||||
# ('ami', _('AMI - Amazon Machine Image')),
|
||||
# ('ari', _('ARI - Amazon Ramdisk Image')),
|
||||
# ('docker', _('Docker')),
|
||||
# ('iso', _('ISO - Optical Disk Image')),
|
||||
# ('ova', _('OVA - Open Virtual Appliance')),
|
||||
# ('qcow2', _('QCOW2 - QEMU Emulator')),
|
||||
# ('raw', _('Raw')),
|
||||
# ('vdi', _('VDI - Virtual Disk Image')),
|
||||
# ('vhd', _('VHD - Virtual Hard Disk')),
|
||||
# ('vmdk', _('VMDK - Virtual Machine Disk')),
|
||||
# ],
|
||||
#}
|
||||
|
||||
# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
|
||||
# image custom property attributes that appear on image detail pages.
|
||||
IMAGE_CUSTOM_PROPERTY_TITLES = {
|
||||
"architecture": _("Architecture"),
|
||||
"kernel_id": _("Kernel ID"),
|
||||
"ramdisk_id": _("Ramdisk ID"),
|
||||
"image_state": _("Euca2ools state"),
|
||||
"project_id": _("Project ID"),
|
||||
"image_type": _("Image Type"),
|
||||
}
|
||||
|
||||
# The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
|
||||
# custom properties should not be displayed in the Image Custom Properties
|
||||
# table.
|
||||
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
|
||||
|
||||
# Set to 'legacy' or 'direct' to allow users to upload images to glance via
|
||||
# Horizon server. When enabled, a file form field will appear on the create
|
||||
# image form. If set to 'off', there will be no file form field on the create
|
||||
# image form. See documentation for deployment considerations.
|
||||
#HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
|
||||
|
||||
# Allow a location to be set when creating or updating Glance images.
|
||||
# If using Glance V2, this value should be False unless the Glance
|
||||
# configuration and policies allow setting locations.
|
||||
#IMAGES_ALLOW_LOCATION = False
|
||||
|
||||
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
|
||||
# in the Keystone service catalog. Use this setting when Horizon is running
|
||||
# external to the OpenStack environment. The default is 'publicURL'.
|
||||
OPENSTACK_ENDPOINT_TYPE = "publicURL"
|
||||
|
||||
# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
|
||||
# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
|
||||
# in the Keystone service catalog. Use this setting when Horizon is running
|
||||
# external to the OpenStack environment. The default is None. This
|
||||
# value should differ from OPENSTACK_ENDPOINT_TYPE if used.
|
||||
#SECONDARY_ENDPOINT_TYPE = None
|
||||
|
||||
# The number of objects (Swift containers/objects or images) to display
|
||||
# on a single page before providing a paging element (a "more" link)
|
||||
# to paginate results.
|
||||
API_RESULT_LIMIT = 1000
|
||||
API_RESULT_PAGE_SIZE = 20
|
||||
|
||||
# The size of chunk in bytes for downloading objects from Swift
|
||||
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
|
||||
|
||||
# The default number of lines displayed for instance console log.
|
||||
INSTANCE_LOG_LENGTH = 35
|
||||
|
||||
# Specify a maximum number of items to display in a dropdown.
|
||||
DROPDOWN_MAX_ITEMS = 30
|
||||
|
||||
# The timezone of the server. This should correspond with the timezone
|
||||
# of your entire OpenStack installation, and hopefully be in UTC.
|
||||
TIME_ZONE = "UTC"
|
||||
|
||||
# When launching an instance, the menu of available flavors is
|
||||
# sorted by RAM usage, ascending. If you would like a different sort order,
|
||||
# you can provide another flavor attribute as sorting key. Alternatively, you
|
||||
# can provide a custom callback method to use for sorting. You can also provide
|
||||
# a flag for reverse sort. For more info, see
|
||||
# http://docs.python.org/2/library/functions.html#sorted
|
||||
#CREATE_INSTANCE_FLAVOR_SORT = {
|
||||
# 'key': 'name',
|
||||
# # or
|
||||
# 'key': my_awesome_callback_method,
|
||||
# 'reverse': False,
|
||||
#}
|
||||
|
||||
# Set this to True to display an 'Admin Password' field on the Change Password
|
||||
# form to verify that it is indeed the admin logged-in who wants to change
|
||||
# the password.
|
||||
#ENFORCE_PASSWORD_CHECK = False
|
||||
|
||||
# Modules that provide /auth routes that can be used to handle different types
|
||||
# of user authentication. Add auth plugins that require extra route handling to
|
||||
# this list.
|
||||
#AUTHENTICATION_URLS = [
|
||||
# 'openstack_auth.urls',
|
||||
#]
|
||||
|
||||
# The Horizon Policy Enforcement engine uses these values to load per service
|
||||
# policy rule files. The content of these files should match the files the
|
||||
# OpenStack services are using to determine role based access control in the
|
||||
# target installation.
|
||||
|
||||
# Path to directory containing policy.json files
|
||||
#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
|
||||
|
||||
# Map of local copy of service policy files.
|
||||
# Please insure that your identity policy file matches the one being used on
|
||||
# your keystone servers. There is an alternate policy file that may be used
|
||||
# in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
|
||||
# This file is not included in the Horizon repository by default but can be
|
||||
# found at
|
||||
# http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
|
||||
# policy.v3cloudsample.json
|
||||
# Having matching policy files on the Horizon and Keystone servers is essential
|
||||
# for normal operation. This holds true for all services and their policy files.
|
||||
#POLICY_FILES = {
|
||||
# 'identity': 'keystone_policy.json',
|
||||
# 'compute': 'nova_policy.json',
|
||||
# 'volume': 'cinder_policy.json',
|
||||
# 'image': 'glance_policy.json',
|
||||
# 'orchestration': 'heat_policy.json',
|
||||
# 'network': 'neutron_policy.json',
|
||||
#}
|
||||
|
||||
# TODO: (david-lyle) remove when plugins support adding settings.
|
||||
# Note: Only used when trove-dashboard plugin is configured to be used by
|
||||
# Horizon.
|
||||
# Trove user and database extension support. By default support for
|
||||
# creating users and databases on database instances is turned on.
|
||||
# To disable these extensions set the permission here to something
|
||||
# unusable such as ["!"].
|
||||
#TROVE_ADD_USER_PERMS = []
|
||||
#TROVE_ADD_DATABASE_PERMS = []
|
||||
|
||||
# Change this patch to the appropriate list of tuples containing
|
||||
# a key, label and static directory containing two files:
|
||||
# _variables.scss and _styles.scss
|
||||
#AVAILABLE_THEMES = [
|
||||
# ('default', 'Default', 'themes/default'),
|
||||
# ('material', 'Material', 'themes/material'),
|
||||
#]
|
||||
|
||||
LOGGING = {
|
||||
'version': 1,
|
||||
# When set to True this will disable all logging except
|
||||
# for loggers specified in this configuration dictionary. Note that
|
||||
# if nothing is specified here and disable_existing_loggers is True,
|
||||
# django.db.backends will still log unless it is disabled explicitly.
|
||||
'disable_existing_loggers': False,
|
||||
'formatters': {
|
||||
'operation': {
|
||||
# The format of "%(message)s" is defined by
|
||||
# OPERATION_LOG_OPTIONS['format']
|
||||
'format': '%(asctime)s %(message)s'
|
||||
},
|
||||
},
|
||||
'handlers': {
|
||||
'null': {
|
||||
'level': 'DEBUG',
|
||||
'class': 'logging.NullHandler',
|
||||
},
|
||||
'console': {
|
||||
# Set the level to "DEBUG" for verbose output logging.
|
||||
'level': 'INFO',
|
||||
'class': 'logging.StreamHandler',
|
||||
},
|
||||
'operation': {
|
||||
'level': 'INFO',
|
||||
'class': 'logging.StreamHandler',
|
||||
'formatter': 'operation',
|
||||
},
|
||||
},
|
||||
'loggers': {
|
||||
# Logging from django.db.backends is VERY verbose, send to null
|
||||
# by default.
|
||||
'django.db.backends': {
|
||||
'handlers': ['null'],
|
||||
'propagate': False,
|
||||
},
|
||||
'requests': {
|
||||
'handlers': ['null'],
|
||||
'propagate': False,
|
||||
},
|
||||
'horizon': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'horizon.operation_log': {
|
||||
'handlers': ['operation'],
|
||||
'level': 'INFO',
|
||||
'propagate': False,
|
||||
},
|
||||
'openstack_dashboard': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'novaclient': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'cinderclient': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'keystoneclient': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'keystoneauth': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'glanceclient': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'neutronclient': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'heatclient': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'swiftclient': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'openstack_auth': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'nose.plugins.manager': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'django': {
|
||||
'handlers': ['console'],
|
||||
'level': 'DEBUG',
|
||||
'propagate': False,
|
||||
},
|
||||
'iso8601': {
|
||||
'handlers': ['null'],
|
||||
'propagate': False,
|
||||
},
|
||||
'scss': {
|
||||
'handlers': ['null'],
|
||||
'propagate': False,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
# 'direction' should not be specified for all_tcp/udp/icmp.
|
||||
# It is specified in the form.
|
||||
SECURITY_GROUP_RULES = {
|
||||
'all_tcp': {
|
||||
'name': _('All TCP'),
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '1',
|
||||
'to_port': '65535',
|
||||
},
|
||||
'all_udp': {
|
||||
'name': _('All UDP'),
|
||||
'ip_protocol': 'udp',
|
||||
'from_port': '1',
|
||||
'to_port': '65535',
|
||||
},
|
||||
'all_icmp': {
|
||||
'name': _('All ICMP'),
|
||||
'ip_protocol': 'icmp',
|
||||
'from_port': '-1',
|
||||
'to_port': '-1',
|
||||
},
|
||||
'ssh': {
|
||||
'name': 'SSH',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '22',
|
||||
'to_port': '22',
|
||||
},
|
||||
'smtp': {
|
||||
'name': 'SMTP',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '25',
|
||||
'to_port': '25',
|
||||
},
|
||||
'dns': {
|
||||
'name': 'DNS',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '53',
|
||||
'to_port': '53',
|
||||
},
|
||||
'http': {
|
||||
'name': 'HTTP',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '80',
|
||||
'to_port': '80',
|
||||
},
|
||||
'pop3': {
|
||||
'name': 'POP3',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '110',
|
||||
'to_port': '110',
|
||||
},
|
||||
'imap': {
|
||||
'name': 'IMAP',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '143',
|
||||
'to_port': '143',
|
||||
},
|
||||
'ldap': {
|
||||
'name': 'LDAP',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '389',
|
||||
'to_port': '389',
|
||||
},
|
||||
'https': {
|
||||
'name': 'HTTPS',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '443',
|
||||
'to_port': '443',
|
||||
},
|
||||
'smtps': {
|
||||
'name': 'SMTPS',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '465',
|
||||
'to_port': '465',
|
||||
},
|
||||
'imaps': {
|
||||
'name': 'IMAPS',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '993',
|
||||
'to_port': '993',
|
||||
},
|
||||
'pop3s': {
|
||||
'name': 'POP3S',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '995',
|
||||
'to_port': '995',
|
||||
},
|
||||
'ms_sql': {
|
||||
'name': 'MS SQL',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '1433',
|
||||
'to_port': '1433',
|
||||
},
|
||||
'mysql': {
|
||||
'name': 'MYSQL',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '3306',
|
||||
'to_port': '3306',
|
||||
},
|
||||
'rdp': {
|
||||
'name': 'RDP',
|
||||
'ip_protocol': 'tcp',
|
||||
'from_port': '3389',
|
||||
'to_port': '3389',
|
||||
},
|
||||
}
|
||||
|
||||
REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
|
||||
'LAUNCH_INSTANCE_DEFAULTS',
|
||||
'OPENSTACK_IMAGE_FORMATS',
|
||||
'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN']
|
||||
|
||||
# The default theme if no cookie is present
|
||||
DEFAULT_THEME = 'ubuntu'
|
||||
|
||||
# Default Ubuntu apache configuration uses /horizon as the application root.
|
||||
WEBROOT='/horizon/'
|
||||
|
||||
# By default, validation of the HTTP Host header is disabled. Production
|
||||
# installations should have this set accordingly. For more information
|
||||
# see https://docs.djangoproject.com/en/dev/ref/settings/.
|
||||
ALLOWED_HOSTS = '*'
|
||||
|
||||
# Compress all assets offline as part of packaging installation
|
||||
COMPRESS_OFFLINE = True
|
||||
|
||||
ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
|
8
docker-keystone/.gitignore
vendored
Normal file
8
docker-keystone/.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
# ---> Vim
|
||||
[._]*.s[a-w][a-z]
|
||||
[._]s[a-w][a-z]
|
||||
*.un~
|
||||
Session.vim
|
||||
.netrwhist
|
||||
*~
|
||||
|
28
docker-keystone/Dockerfile
Normal file
28
docker-keystone/Dockerfile
Normal file
@ -0,0 +1,28 @@
|
||||
# Build keystone. It needs to be run with
|
||||
# --add-host=mariadb:<ip mariadb listens tp>
|
||||
# Wen starting with an initialized db,
|
||||
# run keystone-manage db_sync from this docker first:
|
||||
# $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
|
||||
|
||||
FROM ubuntu:16.04
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
&& apt-get -y install keystone python-openstackclient \
|
||||
&& apt-get -y clean
|
||||
|
||||
# set admin token TODO: make this a secret
|
||||
# in volume of met env
|
||||
COPY keystone.conf /etc/keystone/keystone.conf
|
||||
|
||||
RUN mkdir /etc/keystone/fernet-keys
|
||||
|
||||
RUN chown keystone: /etc/keystone/fernet-keys
|
||||
|
||||
COPY bootstrap.sh /etc/bootstrap.sh
|
||||
|
||||
CMD apachectl -DFOREGROUND
|
9
docker-keystone/README.md
Normal file
9
docker-keystone/README.md
Normal file
@ -0,0 +1,9 @@
|
||||
# ubuntu 16.04 openstack ocata keystone
|
||||
|
||||
## How to build the docker image.
|
||||
```
|
||||
docker build . -t hpc/openstack-keystone
|
||||
```
|
||||
|
||||
## Notes
|
||||
This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
|
46
docker-keystone/bootstrap.sh
Executable file
46
docker-keystone/bootstrap.sh
Executable file
@ -0,0 +1,46 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
|
||||
cat << EOF > /root/admin-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=${OS_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
EOF
|
||||
|
||||
# Create demo-openrc.sh
|
||||
cat << EOF > /root/demo-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=demo
|
||||
export OS_USERNAME=demo
|
||||
export OS_PASSWORD=${OS_DEMO_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
EOF
|
||||
|
||||
source /root/admin-openrc.sh
|
||||
|
||||
sleep 3
|
||||
|
||||
openstack project create --domain default \
|
||||
--description "Service Project" service
|
||||
|
||||
sleep 3
|
||||
|
||||
openstack project create --domain default \
|
||||
--description "Demo Project" demo
|
||||
|
||||
sleep 3
|
||||
|
||||
openstack user create --domain default \
|
||||
--password "$OS_DEMO_PASSWORD" demo
|
||||
|
||||
sleep 3
|
||||
|
||||
openstack role create user
|
||||
|
||||
sleep 3
|
||||
|
||||
openstack role add --project demo --user demo user
|
12
docker-keystone/keystone.conf
Normal file
12
docker-keystone/keystone.conf
Normal file
@ -0,0 +1,12 @@
|
||||
[DEFAULT]
|
||||
|
||||
verbose = true
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://keystone:keystone@mariadb/keystone
|
||||
|
||||
[token]
|
||||
provider = fernet
|
||||
|
||||
[identity]
|
||||
default_domain_id = default
|
17
docker-keystone/keystone.service
Normal file
17
docker-keystone/keystone.service
Normal file
@ -0,0 +1,17 @@
|
||||
[Unit]
|
||||
Description=Openstack Keystone Container
|
||||
After=docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
TimeoutStartSec=0
|
||||
Restart=always
|
||||
ExecStartPre=-/usr/bin/docker rm -f %n
|
||||
ExecStart=/usr/bin/docker run --name %n \
|
||||
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
|
||||
-p 5000:5000 -p 35357:35357 \
|
||||
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
|
||||
hpc/keystone
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
8
docker-neutron-controller/.gitignore
vendored
Normal file
8
docker-neutron-controller/.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
# ---> Vim
|
||||
[._]*.s[a-w][a-z]
|
||||
[._]s[a-w][a-z]
|
||||
*.un~
|
||||
Session.vim
|
||||
.netrwhist
|
||||
*~
|
||||
|
31
docker-neutron-controller/Dockerfile
Normal file
31
docker-neutron-controller/Dockerfile
Normal file
@ -0,0 +1,31 @@
|
||||
FROM ubuntu:16.04
|
||||
# install packages
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install ubuntu-cloud-keyring \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
mysql-client \
|
||||
python-mysqldb \
|
||||
python-openstackclient \
|
||||
neutron-server \
|
||||
neutron-plugin-ml2 \
|
||||
neutron-linuxbridge-agent \
|
||||
neutron-l3-agent \
|
||||
neutron-metadata-agent \
|
||||
&& apt-get -y clean
|
||||
|
||||
# add bootstrap script and make it executable
|
||||
COPY bootstrap.sh /etc/bootstrap.sh
|
||||
|
||||
# Workaround for vlan_transparent parameter set to None.
|
||||
COPY db_base_plugin_v2.py /usr/lib/python2.7/dist-packages/neutron/db/db_base_plugin_v2.py
|
||||
|
||||
COPY run.sh /etc/run.sh
|
||||
COPY write_conf.sh /etc/write_conf.sh
|
||||
|
||||
CMD ["/etc/run.sh"]
|
21
docker-neutron-controller/README.md
Normal file
21
docker-neutron-controller/README.md
Normal file
@ -0,0 +1,21 @@
|
||||
# ubuntu 16.04 openstack ocata neutron controler node
|
||||
|
||||
## How to build the docker image.
|
||||
```
|
||||
docker build . -t="hpc/neutroncontroller"
|
||||
```
|
||||
|
||||
## How to bootstrap the service.
|
||||
Before we can take the container into service we need accounts in keystone.
|
||||
We also need an initial database. Both of these tasks are performed by the bootstrap script.
|
||||
```
|
||||
docker run --rm --it --add-host="controller:<keystone_ip>" hpc/neutroncontroler /etc/bootstrap.sh
|
||||
```
|
||||
|
||||
## How to run
|
||||
This image needs a lot of environment variables. It should be run via the `hpc-cloud` ansible repository.
|
||||
|
||||
|
||||
## Notes
|
||||
This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
|
||||
The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.
|
76
docker-neutron-controller/bootstrap.sh
Executable file
76
docker-neutron-controller/bootstrap.sh
Executable file
@ -0,0 +1,76 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# This script sets up the openstack users and regions..
|
||||
# as well as the database for the nova controller.
|
||||
# This guide was used:
|
||||
# https://docs.openstack.org/ocata/install-guide-ubuntu/nova-controller-install.
|
||||
|
||||
# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
|
||||
cat << EOF > /root/admin-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=${OS_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
||||
|
||||
EOF
|
||||
|
||||
source /root/admin-openrc.sh
|
||||
|
||||
# create database for neutron.
|
||||
SQL_SCRIPT=/root/neutron.sql
|
||||
mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
|
||||
DROP DATABASE IF EXISTS neutron;
|
||||
CREATE DATABASE neutron;
|
||||
|
||||
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
|
||||
IDENTIFIED BY "${NEUTRON_PASSWORD}";
|
||||
|
||||
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
|
||||
IDENTIFIED BY "${NEUTRON_PASSWORD}";
|
||||
EOF
|
||||
|
||||
openstack user create "$NEUTRON_USER" --domain default --password "$NEUTRON_PASSWORD"
|
||||
openstack role add --project service --user neutron admin
|
||||
openstack service create --name neutron --description "OpenStack Networking" network
|
||||
|
||||
# neutron endpoints
|
||||
openstack endpoint create --region RegionOne \
|
||||
network public http://$MY_IP:9696
|
||||
|
||||
openstack endpoint create --region RegionOne \
|
||||
network internal http://$MY_IP:9696
|
||||
|
||||
openstack endpoint create --region RegionOne \
|
||||
network admin http://$MY_IP:9696
|
||||
|
||||
# population of the database requires complete server and plug-in configuration files.
|
||||
/etc/write_conf.sh
|
||||
|
||||
# Ugly hacks to prevent the manage command from failing
|
||||
sed -i "/ op.drop_column('networks', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/liberty/contract/4ffceebfada_rbac_network.py
|
||||
sed -i "/ op.drop_column('subnets', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/liberty/contract/4ffceebfada_rbac_network.py
|
||||
sed -i "/ op.drop_column('qos_policies', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/mitaka/contract/c6c112992c9_rbac_qos_policy.py
|
||||
|
||||
neutron-db-manage --config-file /etc/neutron/neutron.conf \
|
||||
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
|
||||
|
||||
# And now we drop the colums and constraints that the ORM fails to drop.
|
||||
mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" neutron << EOF
|
||||
|
||||
ALTER TABLE networks DROP CONSTRAINT CONSTRAINT_2;
|
||||
alter table networks drop column shared;
|
||||
|
||||
ALTER TABLE subnets DROP CONSTRAINT CONSTRAINT_2;
|
||||
ALTER TABLE subnets DROP COLUMN shared;
|
||||
|
||||
ALTER TABLE qos_policies DROP CONSTRAINT CONSTRAINT_1;
|
||||
ALTER TABLE qos_policies drop column shared
|
||||
|
||||
EOF
|
1388
docker-neutron-controller/db_base_plugin_v2.py
Normal file
1388
docker-neutron-controller/db_base_plugin_v2.py
Normal file
File diff suppressed because it is too large
Load Diff
36
docker-neutron-controller/run.sh
Executable file
36
docker-neutron-controller/run.sh
Executable file
@ -0,0 +1,36 @@
|
||||
#!/bin/bash
|
||||
# start neutron services
|
||||
|
||||
/etc/write_conf.sh
|
||||
|
||||
/usr/bin/neutron-server \
|
||||
--config-file /etc/neutron/neutron.conf \
|
||||
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
|
||||
--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
|
||||
--config-file /etc/neutron/metadata_agent.ini \
|
||||
--config-dir /etc/neutron/ \
|
||||
-v -d &
|
||||
|
||||
sleep 3
|
||||
/usr/bin/neutron-linuxbridge-agent \
|
||||
--config-file /etc/neutron/neutron.conf \
|
||||
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
|
||||
--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
|
||||
--config-file /etc/neutron/metadata_agent.ini \
|
||||
--config-dir /etc/neutron/ \
|
||||
-v -d &
|
||||
|
||||
sleep 3
|
||||
neutron-metadata-agent \
|
||||
--config-file /etc/neutron/neutron.conf \
|
||||
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
|
||||
--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
|
||||
--config-file /etc/neutron/metadata_agent.ini \
|
||||
--config-dir /etc/neutron/ \
|
||||
-v -d &
|
||||
|
||||
# If any process fails, kill the rest.
|
||||
# This insures the container stops and systemd will restart it.
|
||||
|
||||
wait -n
|
||||
pkill -P $$
|
86
docker-neutron-controller/write_conf.sh
Executable file
86
docker-neutron-controller/write_conf.sh
Executable file
@ -0,0 +1,86 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Generate config files from environments values.
|
||||
# These are to be passed to the docker container using -e
|
||||
|
||||
cat << EOF > /etc/neutron/neutron.conf
|
||||
[DEFAULT]
|
||||
core_plugin = ml2
|
||||
service_plugins =
|
||||
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
|
||||
auth_strategy = keystone
|
||||
notify_nova_on_port_status_changes = true
|
||||
notify_nova_on_port_data_changes = true
|
||||
dhcp_agents_per_network = 2
|
||||
global_physnet_mtu = $GLOBAL_PHYSNET_MTU
|
||||
|
||||
[agent]
|
||||
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://$NEUTRON_USER:$NEUTRON_PASSWORD@mariadb/neutron
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://$KEYSTONE_HOST:5000
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
memcached_servers = $MEMCACHED_HOST:11211
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
project_name = service
|
||||
username = $NEUTRON_USER
|
||||
password = $NEUTRON_PASSWORD
|
||||
|
||||
[nova]
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
region_name = RegionOne
|
||||
project_name = service
|
||||
username = $NOVA_USER
|
||||
password = $NOVA_PASSWORD
|
||||
|
||||
EOF
|
||||
|
||||
cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
|
||||
|
||||
[ml2]
|
||||
type_drivers = flat,vlan
|
||||
tenant_network_types =
|
||||
mechanism_drivers = linuxbridge
|
||||
extension_drivers = port_security
|
||||
path_mtu = $GLOBAL_PHYSNET_MTU
|
||||
|
||||
[ml2_type_vlan]
|
||||
network_vlan_ranges = provider
|
||||
|
||||
[ml2_type_flat]
|
||||
flat_networks = provider
|
||||
|
||||
[securitygroup]
|
||||
enable_ipset = true
|
||||
|
||||
EOF
|
||||
|
||||
cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
|
||||
|
||||
[linux_bridge]
|
||||
physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
|
||||
|
||||
[vxlan]
|
||||
enable_vxlan = false
|
||||
|
||||
[securitygroup]
|
||||
enable_security_group = true
|
||||
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
|
||||
|
||||
EOF
|
||||
|
||||
cat << EOF > /etc/neutron/metadata_agent.ini
|
||||
|
||||
[DEFAULT]
|
||||
nova_metadata_ip = $MY_IP
|
||||
metadata_proxy_shared_secret = $METADATA_SECRET
|
||||
|
||||
EOF
|
26
docker-nova-compute/.drone.yml
Normal file
26
docker-nova-compute/.drone.yml
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
pipeline:
|
||||
docker:
|
||||
image: plugins/docker
|
||||
secrets: [docker_username, docker_password]
|
||||
registry: registry.webhosting.rug.nl
|
||||
repo: registry.webhosting.rug.nl/hpc/openstack-nova-compute
|
||||
tag: latest
|
||||
notify:
|
||||
image: drillster/drone-email
|
||||
host: smtp.rug.nl
|
||||
port: 25
|
||||
skip_verify: true
|
||||
from: drone@webhosting.rug.nl
|
||||
recipients: [e.m.a.rijpkema@rug.nl]
|
||||
recipients: [e.m.a.rijpkema@rug.nl, w.k.nap@rug.nl]
|
||||
recipients_only: true
|
||||
when:
|
||||
status: [success, changed, failure]
|
||||
# slack:
|
||||
# image: plugins/slack
|
||||
# webhook:
|
||||
# channel: docker
|
||||
# when:
|
||||
# branch: [master, merlin]
|
||||
# status: [success, failure]
|
23
docker-nova-compute/Dockerfile
Normal file
23
docker-nova-compute/Dockerfile
Normal file
@ -0,0 +1,23 @@
|
||||
FROM ubuntu:16.04
|
||||
# install packages
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install ubuntu-cloud-keyring \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
python-openstackclient \
|
||||
nova-compute \
|
||||
neutron-linuxbridge-agent \
|
||||
neutron-dhcp-agent \
|
||||
neutron-metadata-agent \
|
||||
&& apt-get -y clean
|
||||
|
||||
COPY write_conf.sh /etc/write_conf.sh
|
||||
|
||||
COPY run.sh /etc/run.sh
|
||||
RUN echo hoi
|
||||
CMD ["/etc/run.sh"]
|
9
docker-nova-compute/README.md
Normal file
9
docker-nova-compute/README.md
Normal file
@ -0,0 +1,9 @@
|
||||
# ubuntu 16.04 openstack ocata nova compute node
|
||||
|
||||
# How to build the docker image.
|
||||
```
|
||||
docker build . -t hpc/novacompute
|
||||
```
|
||||
|
||||
# Notes
|
||||
This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
|
34
docker-nova-compute/run.sh
Executable file
34
docker-nova-compute/run.sh
Executable file
@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
# start nova compute service
|
||||
|
||||
/etc/write_conf.sh
|
||||
|
||||
/usr/bin/neutron-linuxbridge-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini -v -d &
|
||||
|
||||
/usr/bin/nova-compute --config-file=/etc/nova/nova-compute.conf &
|
||||
|
||||
sleep 3
|
||||
/usr/bin/neutron-dhcp-agent \
|
||||
--config-file /etc/neutron/neutron.conf \
|
||||
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
|
||||
--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
|
||||
--config-file /etc/neutron/dhcp_agent.ini \
|
||||
--config-file /etc/neutron/metadata_agent.ini \
|
||||
--config-dir /etc/neutron/ \
|
||||
-v -d &
|
||||
|
||||
sleep 3
|
||||
neutron-metadata-agent \
|
||||
--config-file /etc/neutron/neutron.conf \
|
||||
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
|
||||
--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
|
||||
--config-file /etc/neutron/dhcp_agent.ini \
|
||||
--config-file /etc/neutron/metadata_agent.ini \
|
||||
--config-dir /etc/neutron/ \
|
||||
-v -d &
|
||||
|
||||
# If any process fails, kill the rest.
|
||||
# This ensures the container stops and systemd will restart it.
|
||||
|
||||
wait -n
|
||||
pkill -P $$
|
269
docker-nova-compute/write_conf.sh
Executable file
269
docker-nova-compute/write_conf.sh
Executable file
@ -0,0 +1,269 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Generate config files from environments values.
|
||||
# These are to be passed to the docker container using -e
|
||||
|
||||
cat << EOF > /root/admin-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=${OS_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
||||
|
||||
EOF
|
||||
|
||||
cat << EOF > /etc/nova/nova.conf
|
||||
|
||||
[DEFAULT]
|
||||
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
|
||||
rabbit_host = $RABBIT_HOST
|
||||
dhcpbridge_flagfile=/etc/nova/nova.conf
|
||||
dhcpbridge=/usr/bin/nova-dhcpbridge
|
||||
force_dhcp_release=true
|
||||
state_path=/var/lib/nova
|
||||
enabled_apis=osapi_compute,metadata
|
||||
service_metadata_proxy = True
|
||||
metadata_proxy_shared_secret = $METADATA_SECRET
|
||||
my_ip = $MY_IP
|
||||
use_neutron = True
|
||||
firewall_driver = nova.virt.firewall.NoopFirewallDriver
|
||||
scheduler_default_filters = AllHostsFilter
|
||||
allow_migrate_to_same_host = True
|
||||
allow_resize_to_same_host = True
|
||||
|
||||
|
||||
[neutron]
|
||||
url = http://$NEUTRON_CONTROLLER_HOST:9696
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
region_name = RegionOne
|
||||
project_name = service
|
||||
username = $NEUTRON_USER
|
||||
password = $NEUTRON_PASSWORD
|
||||
|
||||
[vnc]
|
||||
enabled = True
|
||||
vncserver_listen = 0.0.0.0
|
||||
vncserver_proxyclient_address = $MY_IP
|
||||
novncproxy_base_url = http://$NOVA_CONTROLLER_HOST:6080/vnc_auto.html
|
||||
|
||||
[glance]
|
||||
api_servers = http://$GLANCE_CONTROLLER_HOST:9292
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/nova/tmp
|
||||
|
||||
[api]
|
||||
auth_strategy = keystone
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://$KEYSTONE_HOST:5000
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
memcached_servers = $MEMCACHED_HOST:11211
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
project_name = service
|
||||
username = $NOVA_USER
|
||||
password = $NOVA_PASSWORD
|
||||
|
||||
[api_database]
|
||||
connection = mysql+pymysql://$NOVA_COMPUTE_USER:$NOVA_PASSWORD@mariadb/nova_api
|
||||
|
||||
[barbican]
|
||||
[cache]
|
||||
|
||||
[cells]
|
||||
enable=False
|
||||
|
||||
[placement]
|
||||
os_region_name = RegionOne
|
||||
project_domain_name = Default
|
||||
project_name = service
|
||||
auth_type = password
|
||||
user_domain_name = Default
|
||||
auth_url = http://$KEYSTONE_HOST:35357/v3
|
||||
username = $NOVA_PLACEMENT_USER
|
||||
password = $NOVA_PLACEMENT_PASSWORD
|
||||
|
||||
[cinder]
|
||||
os_region_name = RegionOne
|
||||
|
||||
[wsgi]
|
||||
api_paste_config=/etc/nova/api-paste.ini
|
||||
|
||||
EOF
|
||||
|
||||
|
||||
cat << EOF > /etc/nova/nova-compute.conf
|
||||
[DEFAULT]
|
||||
compute_driver=libvirt.LibvirtDriver
|
||||
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
|
||||
rabbit_host = $RABBIT_HOST
|
||||
dhcpbridge_flagfile=/etc/nova/nova.conf
|
||||
dhcpbridge=/usr/bin/nova-dhcpbridge
|
||||
force_dhcp_release=true
|
||||
state_path=/var/lib/nova
|
||||
enabled_apis=osapi_compute,metadata
|
||||
my_ip = $MY_IP
|
||||
use_neutron = True
|
||||
firewall_driver = nova.virt.firewall.NoopFirewallDriver
|
||||
scheduler_default_filters = AllHostsFilter
|
||||
allow_migrate_to_same_host = True
|
||||
allow_resize_to_same_host = True
|
||||
|
||||
[libvirt]
|
||||
virt_type=kvm
|
||||
|
||||
[vnc]
|
||||
enabled = True
|
||||
vncserver_listen = 0.0.0.0
|
||||
vncserver_proxyclient_address = $MY_IP
|
||||
novncproxy_base_url = http://$NOVA_CONTROLLER_HOST:6080/vnc_auto.html
|
||||
|
||||
[glance]
|
||||
api_servers = http://$GLANCE_CONTROLLER_HOST:9292
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/nova/tmp
|
||||
|
||||
[api]
|
||||
auth_strategy = keystone
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://$KEYSTONE_HOST:5000
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
memcached_servers = $MEMCACHED_HOST:11211
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
project_name = service
|
||||
username = $NOVA_USER
|
||||
password = $NOVA_PASSWORD
|
||||
|
||||
[api_database]
|
||||
connection = mysql+pymysql://$NOVA_COMPUTE_USER:$NOVA_PASSWORD@mariadb/nova_api
|
||||
|
||||
[barbican]
|
||||
[cache]
|
||||
|
||||
[cells]
|
||||
enable=False
|
||||
|
||||
[placement]
|
||||
os_region_name = RegionOne
|
||||
project_domain_name = Default
|
||||
project_name = service
|
||||
auth_type = password
|
||||
user_domain_name = Default
|
||||
auth_url = http://$KEYSTONE_HOST:35357/v3
|
||||
username = $NOVA_PLACEMENT_USER
|
||||
password = $NOVA_PLACEMENT_PASSWORD
|
||||
|
||||
[wsgi]
|
||||
api_paste_config=/etc/nova/api-paste.ini
|
||||
|
||||
[neutron]
|
||||
url = http://$NEUTRON_CONTROLLER_HOST:9696
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
region_name = RegionOne
|
||||
project_name = service
|
||||
username = $NEUTRON_USER
|
||||
password = $NEUTRON_PASSWORD
|
||||
|
||||
[cinder]
|
||||
os_region_name = RegionOne
|
||||
|
||||
EOF
|
||||
|
||||
cat << EOF > /etc/neutron/neutron.conf
|
||||
[DEFAULT]
|
||||
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
|
||||
auth_strategy = keystone
|
||||
core_plugin = ml2
|
||||
global_physnet_mtu = $GLOBAL_PHYSNET_MTU
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://$KEYSTONE_HOST:5000
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
memcached_servers = $MEMCACHED_HOST:11211
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
project_name = service
|
||||
username = $NEUTRON_USER
|
||||
password = $NEUTRON_PASSWORD
|
||||
|
||||
[nova]
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
region_name = RegionOne
|
||||
project_name = service
|
||||
username = $NOVA_USER
|
||||
password = $NOVA_PASSWORD
|
||||
|
||||
EOF
|
||||
|
||||
cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
|
||||
|
||||
[linux_bridge]
|
||||
physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
|
||||
|
||||
[vxlan]
|
||||
enable_vxlan = false
|
||||
|
||||
[securitygroup]
|
||||
enable_security_group = true
|
||||
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
|
||||
|
||||
EOF
|
||||
|
||||
cat << EOF > /etc/neutron/dhcp_agent.ini
|
||||
|
||||
[DEFAULT]
|
||||
interface_driver = linuxbridge
|
||||
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
|
||||
enable_isolated_metadata = true
|
||||
|
||||
EOF
|
||||
|
||||
cat << EOF > /etc/neutron/metadata_agent.ini
|
||||
|
||||
[DEFAULT]
|
||||
nova_metadata_ip = $NEUTRON_CONTROLLER_HOST
|
||||
metadata_proxy_shared_secret = $METADATA_SECRET
|
||||
|
||||
EOF
|
||||
|
||||
cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
|
||||
|
||||
[ml2]
|
||||
type_drivers = flat,vlan
|
||||
tenant_network_types =
|
||||
mechanism_drivers = linuxbridge
|
||||
extension_drivers = port_security
|
||||
path_mtu = $GLOBAL_PHYSNET_MTU
|
||||
|
||||
[ml2_type_vlan]
|
||||
network_vlan_ranges = provider
|
||||
|
||||
[ml2_type_flat]
|
||||
flat_networks = provider
|
||||
|
||||
[securitygroup]
|
||||
enable_ipset = true
|
||||
|
||||
EOF
|
8
docker-nova-service/.gitignore
vendored
Normal file
8
docker-nova-service/.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
# ---> Vim
|
||||
[._]*.s[a-w][a-z]
|
||||
[._]s[a-w][a-z]
|
||||
*.un~
|
||||
Session.vim
|
||||
.netrwhist
|
||||
*~
|
||||
|
32
docker-nova-service/Dockerfile
Normal file
32
docker-nova-service/Dockerfile
Normal file
@ -0,0 +1,32 @@
|
||||
FROM ubuntu:16.04
|
||||
# install packages
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install ubuntu-cloud-keyring \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
mysql-client \
|
||||
python-mysqldb \
|
||||
python-openstackclient \
|
||||
python-oslo.cache \
|
||||
nova-api \
|
||||
nova-conductor \
|
||||
nova-consoleauth \
|
||||
nova-novncproxy \
|
||||
nova-scheduler \
|
||||
nova-placement-api \
|
||||
&& apt-get -y clean
|
||||
|
||||
EXPOSE 8774
|
||||
EXPOSE 8778
|
||||
|
||||
# add bootstrap script and make it executable
|
||||
COPY bootstrap.sh /etc/bootstrap.sh
|
||||
COPY run.sh /etc/run.sh
|
||||
COPY write_conf.sh /etc/write_conf.sh
|
||||
|
||||
CMD ["/etc/run.sh"]
|
24
docker-nova-service/README.md
Normal file
24
docker-nova-service/README.md
Normal file
@ -0,0 +1,24 @@
|
||||
# ubuntu 16.04 openstack ocata nova controler node
|
||||
|
||||
# How to build the docker image.
|
||||
```
|
||||
docker build . -t="hpc/openstack-nova-service"
|
||||
```
|
||||
|
||||
# How to bootstrap the service.
|
||||
Before we can take the container into service we need accounts in keystone.
|
||||
We also need an initial database. Both of these tasks are performed by the bootstrap script.
|
||||
```
|
||||
docker run --rm --it --add-host="controller:<keystone_ip>" hpc/novacontroler /etc/bootstrap.sh
|
||||
```
|
||||
|
||||
# How to run
|
||||
```
|
||||
docker run --rm --add-host="controller:<keystone_ip>" --privileged -p 8774:8774 -p 8778:8778 hpc/novacontroler /etc/run.sh
|
||||
```
|
||||
|
||||
Where keystone_ip is the ip of the docker host where our keystone service is running.
|
||||
|
||||
# Notes
|
||||
This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
|
||||
The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.
|
116
docker-nova-service/bootstrap.sh
Executable file
116
docker-nova-service/bootstrap.sh
Executable file
@ -0,0 +1,116 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# This script sets up the openstack users and regions..
|
||||
# as well as the database for the nova controller.
|
||||
# This guide was used:
|
||||
# https://docs.openstack.org/ocata/install-guide-ubuntu/nova-controller-install.
|
||||
|
||||
# write the configuration files with values from the environment.
|
||||
/etc/write_conf.sh
|
||||
|
||||
cat << EOF > /root/admin-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=${OS_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_IMAGE_API_VERSION=2
|
||||
|
||||
EOF
|
||||
|
||||
source /root/admin-openrc.sh
|
||||
|
||||
# create database for nova
|
||||
mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
|
||||
|
||||
DROP DATABASE IF EXISTS nova;
|
||||
DROP DATABASE IF EXISTS nova_compute; -- db for nova compute service
|
||||
DROP DATABASE IF EXISTS nova_api;
|
||||
DROP DATABASE IF EXISTS nova_cell0;
|
||||
CREATE DATABASE nova;
|
||||
CREATE DATABASE nova_compute;
|
||||
CREATE DATABASE nova_api;
|
||||
CREATE DATABASE nova_cell0;
|
||||
|
||||
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
|
||||
IDENTIFIED BY "${NOVA_PASSWORD}";
|
||||
|
||||
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
|
||||
IDENTIFIED BY "${NOVA_PASSWORD}";
|
||||
|
||||
GRANT ALL PRIVILEGES ON nova_compute.* TO 'nova_compute'@'localhost' \
|
||||
IDENTIFIED BY "${NOVA_PASSWORD}";
|
||||
|
||||
GRANT ALL PRIVILEGES ON nova_compute.* TO 'nova_compute'@'%' \
|
||||
IDENTIFIED BY "${NOVA_PASSWORD}";
|
||||
|
||||
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
|
||||
IDENTIFIED BY "${NOVA_PASSWORD}";
|
||||
|
||||
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
|
||||
IDENTIFIED BY "${NOVA_PASSWORD}";
|
||||
|
||||
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
|
||||
IDENTIFIED BY "${NOVA_PASSWORD}";
|
||||
|
||||
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
|
||||
IDENTIFIED BY "${NOVA_PASSWORD}";
|
||||
|
||||
EOF
|
||||
|
||||
openstack user create nova --domain default --password "$NOVA_PASSWORD"
|
||||
openstack role add --project service --user nova admin
|
||||
openstack service create --name nova --description "OpenStack Compute" compute
|
||||
|
||||
# compute endpoints
|
||||
openstack endpoint create --region RegionOne \
|
||||
compute public http://"$MY_IP":8774/v2.1
|
||||
|
||||
openstack endpoint create --region RegionOne \
|
||||
compute internal http://"$MY_IP":8774/v2.1
|
||||
|
||||
openstack endpoint create --region RegionOne \
|
||||
compute admin http://"$MY_IP":8774/v2.1
|
||||
|
||||
openstack user create --domain default --password "$NOVA_PLACEMENT_PASSWORD" placement
|
||||
openstack role add --project service --user placement admin
|
||||
|
||||
openstack service create --name placement --description "Placement API" placement
|
||||
|
||||
# placement endpoints
|
||||
openstack endpoint create --region RegionOne placement public http://"$MY_IP":8778
|
||||
openstack endpoint create --region RegionOne placement internal http://"$MY_IP":8778
|
||||
openstack endpoint create --region RegionOne placement admin http://"$MY_IP":8778
|
||||
|
||||
#Populate the nova-api database
|
||||
nova-manage api_db sync
|
||||
|
||||
# Register the cell0 database:
|
||||
nova-manage cell_v2 map_cell0
|
||||
|
||||
# Create the cel1 cell
|
||||
nova-manage cell_v2 create_cell --name=cell1 --verbose
|
||||
|
||||
# sync the database
|
||||
nova-manage db sync
|
||||
|
||||
e nova_api;
|
||||
|
||||
# Prevent crashes when nova api server tries to insert None in config_drive
|
||||
mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
|
||||
|
||||
alter table nova_api.build_requests drop constraint CONSTRAINT_1;
|
||||
|
||||
EOF
|
||||
|
||||
# https://bugs.launchpad.net/packstack/+bug/1673305
|
||||
# discover compute hosts.
|
||||
nova-manage cell_v2 discover_hosts
|
||||
|
||||
# Verify nova cell0 and cell1 are registered correctly:
|
||||
nova-manage cell_v2 list_cells
|
23
docker-nova-service/run.sh
Executable file
23
docker-nova-service/run.sh
Executable file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
# start nova service
|
||||
|
||||
# write the configuration files with values from the environment.
|
||||
/etc/write_conf.sh
|
||||
|
||||
nova-api -v -d &
|
||||
sleep 3
|
||||
nova-consoleauth -v -d &
|
||||
sleep 3
|
||||
nova-scheduler -v -d &
|
||||
sleep 3
|
||||
nova-conductor -v -d &
|
||||
sleep 3
|
||||
nova-novncproxy -v -d &
|
||||
# start the placement api
|
||||
apachectl -DFOREGROUND &
|
||||
|
||||
# If any process fails, kill the rest.
|
||||
# This insures the container stops and systemd will restart it.
|
||||
|
||||
wait -n
|
||||
pkill -P $$
|
75
docker-nova-service/write_conf.sh
Executable file
75
docker-nova-service/write_conf.sh
Executable file
@ -0,0 +1,75 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Generate config files from environments values.
|
||||
# These are to be passed to the docker container using -e
|
||||
|
||||
cat << EOF > /etc/nova/nova.conf
|
||||
|
||||
[api_database]
|
||||
connection = mysql+pymysql://$NOVA_USER:$NOVA_PASSWORD@mariadb/nova_api
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://$NOVA_USER:$NOVA_PASSWORD@mariadb/nova
|
||||
|
||||
[DEFAULT]
|
||||
use_neutron = True
|
||||
my_ip = $MY_IP
|
||||
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
|
||||
scheduler_default_filters = AllHostsFilter
|
||||
allow_migrate_to_same_host = True
|
||||
allow_resize_to_same_host = True
|
||||
firewall_driver = nova.virt.firewall.NoopFirewallDriver
|
||||
enabled_apis=osapi_compute,metadata
|
||||
|
||||
[neutron]
|
||||
url = http://$NEUTRON_CONTROLLER_HOST:9696
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
region_name = RegionOne
|
||||
project_name = service
|
||||
username = $NEUTRON_USER
|
||||
password = $NEUTRON_PASSWORD
|
||||
service_metadata_proxy = True
|
||||
metadata_proxy_shared_secret = $METADATA_SECRET
|
||||
|
||||
[api]
|
||||
auth_strategy = keystone
|
||||
|
||||
[keystone_authtoken]
|
||||
auth_uri = http://$KEYSTONE_HOST:5000
|
||||
auth_url = http://$KEYSTONE_HOST:35357
|
||||
memcached_servers = $MEMCACHED_HOST:11211
|
||||
auth_type = password
|
||||
project_domain_name = Default
|
||||
user_domain_name = Default
|
||||
project_name = service
|
||||
username = $NOVA_USER
|
||||
password = $NOVA_PASSWORD
|
||||
|
||||
[vnc]
|
||||
enabled = true
|
||||
vncserver_listen = $MY_IP
|
||||
vncserver_proxyclient_address = $MY_IP
|
||||
|
||||
[glance]
|
||||
api_servers = http://$GLANCE_CONTROLLER_HOST:9292
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/nova/tmp
|
||||
|
||||
[placement]
|
||||
os_region_name = RegionOne
|
||||
project_domain_name = Default
|
||||
project_name = service
|
||||
auth_type = password
|
||||
user_domain_name = Default
|
||||
auth_url = http://$KEYSTONE_HOST:35357/v3
|
||||
username = $NOVA_PLACEMENT_USER
|
||||
password = $NOVA_PLACEMENT_PASSWORD
|
||||
|
||||
[cinder]
|
||||
os_region_name = RegionOne
|
||||
|
||||
EOF
|
8
docker-openstack-client/.gitignore
vendored
Normal file
8
docker-openstack-client/.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
# ---> Vim
|
||||
[._]*.s[a-w][a-z]
|
||||
[._]s[a-w][a-z]
|
||||
*.un~
|
||||
Session.vim
|
||||
.netrwhist
|
||||
*~
|
||||
|
19
docker-openstack-client/Dockerfile
Normal file
19
docker-openstack-client/Dockerfile
Normal file
@ -0,0 +1,19 @@
|
||||
FROM ubuntu:16.04
|
||||
# install packages
|
||||
|
||||
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
||||
|
||||
RUN set -x \
|
||||
&& echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install ubuntu-cloud-keyring \
|
||||
&& apt-get -y update \
|
||||
&& apt-get -y install \
|
||||
python-openstackclient \
|
||||
&& apt-get -y clean
|
||||
|
||||
# add bootstrap script and make it executable
|
||||
COPY admin-openrc.sh /root/admin-openrc.sh
|
||||
|
||||
COPY demo-openrc.sh /root/demo-openrc.sh
|
||||
|
21
docker-openstack-client/README.md
Normal file
21
docker-openstack-client/README.md
Normal file
@ -0,0 +1,21 @@
|
||||
# ubuntu 16.04 openstack ocata neutron controler node
|
||||
|
||||
## How to build the docker image.
|
||||
```
|
||||
docker build . -t="hpc/neutroncontroller"
|
||||
```
|
||||
|
||||
## How to bootstrap the service.
|
||||
Before we can take the container into service we need accounts in keystone.
|
||||
We also need an initial database. Both of these tasks are performed by the bootstrap script.
|
||||
```
|
||||
docker run --rm --it --add-host="controller:<keystone_ip>" hpc/neutroncontroler /etc/bootstrap.sh
|
||||
```
|
||||
|
||||
## How to run
|
||||
This image needs a lot of environment variables. It should be run via the `hpc-cloud` ansible repository.
|
||||
|
||||
|
||||
## Notes
|
||||
This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
|
||||
The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.
|
21
docker-openstack-client/bootstrap.sh
Executable file
21
docker-openstack-client/bootstrap.sh
Executable file
@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
|
||||
cat << EOF > /root/admin-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=${OS_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
EOF
|
||||
|
||||
# Create demo-openrc.sh
|
||||
cat << EOF > /root/demo-openrc.sh
|
||||
#!/bin/bash
|
||||
export OS_TENANT_NAME=demo
|
||||
export OS_USERNAME=demo
|
||||
export OS_PASSWORD=${OS_DEMO_PASSWORD}
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
EOF
|
13
docker-openstack-client/demo-openrc.sh
Normal file
13
docker-openstack-client/demo-openrc.sh
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
# a admin-openrc.sh file
|
||||
KEYSTONE_HOST=keystone # to be set via docker run --host option
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
export OS_USERNAME=demo
|
||||
export OS_PASSWORD=geheim
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_AUTH_URL=http://${KEYSTONE_HOST}:5000/v3
|
||||
|
||||
export OS_PROJECT_DOMAIN_NAME=default
|
||||
export OS_USER_DOMAIN_NAME=default
|
||||
export OS_PROJECT_NAME=demo
|
||||
export OS_IMAGE_API_VERSION=2
|
Loading…
Reference in New Issue
Block a user