First commit

(Contains all the master branches of the previous repositories)
2018-04-23 14:57:26 +02:00 · 2018-04-23 14:57:26 +02:00 · b6c6533824
commit b6c6533824
64 changed files with 5729 additions and 0 deletions
--- a/docker-cinder-controller/.gitignore
+++ b/docker-cinder-controller/.gitignore
@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/docker-cinder-controller/Dockerfile
+++ b/docker-cinder-controller/Dockerfile
@ -0,0 +1,32 @@
 FROM ubuntu:16.04
 # install packages
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install ubuntu-cloud-keyring \
    && apt-get -y update \
    && apt-get -y install \
        mysql-client \
        python-mysqldb \
        python-openstackclient \
        python-oslo.cache \
        cinder-api \
        cinder-scheduler \
    && apt-get -y clean
 EXPOSE 8776
 #file that writes configs
 COPY write_conf.sh /etc/write_conf.sh
 # add bootstrap script and make it executable
 COPY bootstrap.sh /etc/bootstrap.sh
 COPY run.sh /etc/run.sh
 RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
 RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
 CMD ["/etc/run.sh"]
--- a/docker-cinder-controller/README.md
+++ b/docker-cinder-controller/README.md
@ -0,0 +1,41 @@
 # How to build
 ```
 docker build . -t hpc/openstack-cinder-controller
 ```
 # Bootstrap
 ```
 docker run --rm
    -e "MY_IP={{ ansible_default_ipv4.address }}"
    -e "CINDER_HOST={{ hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address'] }}"
    -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
    -e "CINDER_USER=cinder"
    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
    -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
    -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
    -e "RABBIT_USER=openstack"
 hpc/openstack-cinder /etc/bootstrap.sh
 ```
 # Run an image
 ```
 /usr/bin/docker run \
    -e "MY_IP={{ ansible_default_ipv4.address }}"
    -e "CINDER_HOST={{ hostvars[groups['cinder-controller'][0]]['ansible_default_ipv4']['address'] }}"
    -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
    -e "CINDER_USER=cinder"
    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
    -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
    -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
    -e "RABBIT_USER=openstack"
    -p 8776:8776 \
  hpc/openstack-cinder-controller
 ```
--- a/docker-cinder-controller/admin-openrc.sh
+++ b/docker-cinder-controller/admin-openrc.sh
@ -0,0 +1,17 @@
 #!/bin/bash
 # a admin-openrc.sh file
 export MYSQL_ROOT_PASSWORD="geheim"
 # To create the Identity service credentials
 GLANCE_USER_NAME=glance
 GLANCE_PASSWORD=geheim
 export OS_IDENTITY_API_VERSION=3
 export OS_USERNAME=admin
 export OS_PASSWORD=geheim
 export OS_TENANT_NAME=admin
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
--- a/docker-cinder-controller/bootstrap.sh
+++ b/docker-cinder-controller/bootstrap.sh
@ -0,0 +1,48 @@
 #!/bin/bash
 # Create admin-openrc.sh from secrets that are in the environment during bootstrap.
 cat << EOF > /root/admin-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=${OS_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
 EOF
 source /root/admin-openrc.sh
 # Write the config files
 /etc/write_conf.sh
 # create database for cinder
 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
 drop database  if exists cinder;
 create database cinder;
 GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY "$CINDER_PASSWORD";
 GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY "$CINDER_PASSWORD";
 EOF
 openstack user create cinder --domain default --password "$CINDER_PASSWORD"
 openstack role add --user cinder --project service admin
 openstack service create --name cinderv2 --description "OpenStack Block Service" volumev2
 openstack service create --name cinderv3 --description "OpenStack Block Service" volumev3
 openstack endpoint create volumev2 public http://"${CINDER_HOST}":8776/v2/%\(project_id\)s --region RegionOne
 openstack endpoint create volumev2 internal http://"${CINDER_HOST}":8776/v2/%\(project_id\)s --region RegionOne
 openstack endpoint create volumev2 admin http://"${CINDER_HOST}":8776/v2/%\(project_id\)s --region RegionOne
 openstack endpoint create volumev3 public http://"${CINDER_HOST}":8776/v3/%\(project_id\)s --region RegionOne
 openstack endpoint create volumev3 internal http://"${CINDER_HOST}":8776/v3/%\(project_id\)s --region RegionOne
 openstack endpoint create volumev3 admin http://"${CINDER_HOST}":8776/v3/%\(project_id\)s --region RegionOne
 # sync the database
 cinder-manage db sync
--- a/docker-cinder-controller/run.sh
+++ b/docker-cinder-controller/run.sh
@ -0,0 +1,14 @@
 #!/bin/bash
 # Write the config files
 /etc/write_conf.sh
 # start glance service
 cinder-scheduler -d &
 sleep 5
 apachectl -DFOREGROUND &
 # If any process fails, kill the rest.
 # This ensures the container stops and systemd will restart it.
 wait -n
 pkill -P $$
--- a/docker-cinder-controller/write_conf.sh
+++ b/docker-cinder-controller/write_conf.sh
@ -0,0 +1,30 @@
 #!/bin/bash
 #
 # Generate config files from environments values.
 # These are to be passed to the docker container using -e
 cat << EOF > /etc/cinder/cinder.conf
 [database]
 connection = mysql+pymysql://$CINDER_USER:$CINDER_PASSWORD@$MYSQL_HOST/cinder
 [DEFAULT]
 auth_strategy = keystone
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
 my_ip = $MY_IP
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = $CINDER_USER
 password = $CINDER_PASSWORD
 [oslo_concurrency]
 lock_path = /var/lib/cinder/tmp
 EOF
--- a/docker-cinder-storage/.gitignore
+++ b/docker-cinder-storage/.gitignore
@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/docker-cinder-storage/Dockerfile
+++ b/docker-cinder-storage/Dockerfile
@ -0,0 +1,36 @@
 FROM ubuntu:16.04
 # install packages
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install ubuntu-cloud-keyring \
    && apt-get -y update \
    && apt-get -y install \
        cinder-volume \
        mysql-client \
        python-mysqldb \
        python-openstackclient \
        python-oslo.cache \
        lvm2 \
        tgt \
    && apt-get -y clean
 EXPOSE 8776
 #file that writes configs
 COPY write_conf.sh /etc/write_conf.sh
 # add bootstrap script and make it executable
 COPY bootstrap.sh /etc/bootstrap.sh
 COPY run.sh /etc/run.sh
 COPY lvm.conf /etc/lvm/lvm.conf
 RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
 RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
 CMD ["/etc/run.sh"]
--- a/docker-cinder-storage/README.md
+++ b/docker-cinder-storage/README.md
@ -0,0 +1,41 @@
 # How to build
 ```
 docker build . -t hpc/openstack-cinder-storage
 ```
 # Bootstrap
 ```
 docker run --rm
    -e "MY_IP={{ ansible_default_ipv4.address }}"
    -e "CINDER_HOST={{ hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address'] }}"
    -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
    -e "CINDER_USER=cinder"
    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
    -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
    -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
    -e "RABBIT_USER=openstack"
 hpc/openstack-cinder /etc/bootstrap.sh
 ```
 # Run an image
 ```
 /usr/bin/docker run \
    -e "MY_IP={{ ansible_default_ipv4.address }}"
    -e "CINDER_HOST={{ hostvars[groups['cinder-storage'][0]]['ansible_default_ipv4']['address'] }}"
    -e "CINDER_PASSWORD={{ secrets['CINDER_PASSWORD'] }}"
    -e "CINDER_USER=cinder"
    -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
    -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
    -e "MYSQL_ROOT_PASSWORD={{ secrets['MYSQL_ROOT_PASSWORD'] }}"
    -e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
    -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
    -e "RABBIT_PASSWORD={{ secrets['RABBIT_PASSWORD'] }}"
    -e "RABBIT_USER=openstack"
    -p 8776:8776 \
  hpc/openstack-cinder-storage
 ```
--- a/docker-cinder-storage/admin-openrc.sh
+++ b/docker-cinder-storage/admin-openrc.sh
@ -0,0 +1,17 @@
 #!/bin/bash
 # a admin-openrc.sh file
 export MYSQL_ROOT_PASSWORD="geheim"
 # To create the Identity service credentials
 GLANCE_USER_NAME=glance
 GLANCE_PASSWORD=geheim
 export OS_IDENTITY_API_VERSION=3
 export OS_USERNAME=admin
 export OS_PASSWORD=geheim
 export OS_TENANT_NAME=admin
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
--- a/docker-cinder-storage/bootstrap.sh
+++ b/docker-cinder-storage/bootstrap.sh
@ -0,0 +1,27 @@
 #!/bin/bash
 # Create admin-openrc.sh from secrets that are in the environment during bootstrap.
 cat << EOF > /root/admin-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=${OS_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
 EOF
 source /root/admin-openrc.sh
 # Write the config files
 /etc/write_conf.sh
 # create a LVM physical volume and volume group.
 # This device should be available tpo the container
 pvcreate /dev/cinder_storage_volume
 vgcreate cinder-volumes /dev/cinder_storage_volume
--- a/docker-cinder-storage/lvm.conf
+++ b/docker-cinder-storage/lvm.conf
--- a/docker-cinder-storage/run.sh
+++ b/docker-cinder-storage/run.sh
@ -0,0 +1,14 @@
 #!/bin/bash
 # Write the config files
 /etc/write_conf.sh
 # start cinder processes.
 tgtd
 cinder-volume -d &
 # If any process fails, kill the rest.
 # This ensures the container stops and systemd will restart it.
 wait -n
 pkill -P $$
--- a/docker-cinder-storage/write_conf.sh
+++ b/docker-cinder-storage/write_conf.sh
@ -0,0 +1,39 @@
 #!/bin/bash
 #
 # Generate config files from environments values.
 # These are to be passed to the docker container using -e
 cat << EOF > /etc/cinder/cinder.conf
 [database]
 connection = mysql+pymysql://$CINDER_USER:$CINDER_PASSWORD@$MYSQL_HOST/cinder
 [DEFAULT]
 auth_strategy = keystone
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
 my_ip = $MY_IP
 enabled_backends = lvm
 glance_api_servers = http://$GLANCE_HOST:9292
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = $CINDER_USER
 password = $CINDER_PASSWORD
 [oslo_concurrency]
 lock_path = /var/lib/cinder/tmp
 [lvm]
 volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
 volume_group = cinder-volumes
 iscsi_protocol = iscsi
 iscsi_helper = tgtadm
 volumes_dir = /var/lib/cinder/volumes
 EOF
--- a/docker-glance/.gitignore
+++ b/docker-glance/.gitignore
@ -0,0 +1 @@
 build.sh
--- a/docker-glance/Dockerfile
+++ b/docker-glance/Dockerfile
@ -0,0 +1,32 @@
 FROM ubuntu:16.04
 # install packages
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install ubuntu-cloud-keyring \
    && apt-get -y update \
    && apt-get -y install \
        mysql-client \
        glance \
        python-mysqldb \
        python-openstackclient \
        python-oslo.cache \
    && apt-get -y clean \
    && rm -f /var/lib/glance/glance.sqlite
 EXPOSE 9292
 #file that writes configs
 COPY write_conf.sh /etc/write_conf.sh
 # add bootstrap script and make it executable
 COPY bootstrap.sh /etc/bootstrap.sh
 COPY run.sh /etc/run.sh
 RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
 RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
 CMD ["/etc/run.sh"]
--- a/docker-glance/README.md
+++ b/docker-glance/README.md
@ -0,0 +1,33 @@
 # How to build
 ```
 docker build . -t hpc/openstack-glance
 ```
 # Bootstrap
 ```
 docker run --rm
 -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}"
 -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}"
 -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}"
 -e "MYSQL_ROOT_PASSWORD=geheim"
 -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
 -e "GLANCE_HOST={{ hostvars[groups['glance'][0]]['ansible_default_ipv4']['address'] }}"
 -e "GLANCE_PASSWORD=geheim"
 hpc/openstack-glance /etc/bootstrap.sh
 ```
 # Run an image
 ```
 /usr/bin/docker run --name %n \
  -e "RABBIT_HOST={{ hostvars[groups['rabbitmq'][0]]['ansible_default_ipv4']['address'] }}" \
  -e "MEMCACHED_HOST={{ hostvars[groups['memcached'][0]]['ansible_default_ipv4']['address'] }}" \
  -e "MYSQL_HOST={{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}" \
  -e "MYSQL_ROOT_PASSWORD=geheim" \
  -e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}" \
  -e "GLANCE_HOST={{ hostvars[groups['glance'][0]]['ansible_default_ipv4']['address'] }}" \
  -e "GLANCE_PASSWORD=geheim" \
  -p 9292:9292 \
  hpc/openstack-glance
 ```
--- a/docker-glance/admin-openrc.sh
+++ b/docker-glance/admin-openrc.sh
@ -0,0 +1,16 @@
 #!/bin/bash
 # a admin-openrc.sh file
 # To create the Identity service credentials
 GLANCE_USER_NAME=glance
 GLANCE_PASSWORD=geheim
 export OS_IDENTITY_API_VERSION=3
 export OS_USERNAME=admin
 export OS_PASSWORD=geheim
 export OS_TENANT_NAME=admin
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
--- a/docker-glance/bootstrap.sh
+++ b/docker-glance/bootstrap.sh
@ -0,0 +1,45 @@
 #!/bin/bash
 # Create admin-openrc.sh from secrets that are in the environment during bootstrap.
 cat << EOF > /root/admin-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=${OS_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 export GLANCE_USER_NAME=glance
 export GLANCE_PASSWORD=${GLANCE_PASSWORD}
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
 EOF
 source /root/admin-openrc.sh
 # Write the config files
 /etc/write_conf.sh
 # create database for glance
 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
 drop database  if exists glance;
 create database glance;
 GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY "$GLANCE_PASSWORD";
 GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY "$GLANCE_PASSWORD";
 EOF
 openstack user create "$GLANCE_USER" --domain default --password "$GLANCE_PASSWORD"
 openstack role add --user glance --project service admin
 openstack service create --name glance --description "OpenStack Image Service" image
 openstack endpoint create glance admin http://"${GLANCE_HOST}":9292 --region RegionOne
 openstack endpoint create glance public http://"${GLANCE_HOST}":9292 --region RegionOne
 openstack endpoint create glance internal http://"${GLANCE_HOST}":9292 --region RegionOne
 # Workaround, see https://bugs.launchpad.net/glance/+bug/1697835
 sed -i "/op.drop_index('ix_images_is_public', 'images')/a \ \ \ \ op.execute(\"\"\"ALTER TABLE images DROP CONSTRAINT CONSTRAINT_1\"\"\")" \
    /usr/lib/python2.7/dist-packages/glance/db/sqlalchemy/alembic_migrations/versions/ocata01_add_visibility_remove_is_public.py
 # sync the database
 su -s /bin/sh -c "glance-manage db_sync" glance
--- a/docker-glance/run.sh
+++ b/docker-glance/run.sh
@ -0,0 +1,14 @@
 #!/bin/bash
 # Write the config files
 /etc/write_conf.sh
 # start glance service
 glance-registry -v -d &
 sleep 5
 glance-api -v -d &
 # If any process fails, kill the rest.
 # This insures the container stops and systemd will restart it.
 wait -n
 pkill -P $$
--- a/docker-glance/write_conf.sh
+++ b/docker-glance/write_conf.sh
@ -0,0 +1,78 @@
 #!/bin/bash
 #
 # Generate config files from environments values.
 # These are to be passed to the docker container using -e
 cat << EOF > /etc/glance/glance-api.conf
 [database]
 connection = mysql+pymysql://$GLANCE_USER:$GLANCE_PASSWORD@$MYSQL_HOST/glance
 [image_format]
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = glance
 password = $GLANCE_PASSWORD
 [oslo_messaging_notifications]
 driver = messagingv2
 [oslo_messaging_rabbit]
 rabbit_host = $RABBIT_HOST
 rabbit_userid = $RABBIT_USER
 rabbit_password = $RABBIT_PASSWORD
 [paste_deploy]
 flavor = keystone
 [glance_store]
 stores = file,http
 default_store = file
 filesystem_store_datadir = /var/lib/glance/images/
 EOF
 cat << EOF > /etc/glance/glance-registry.conf
 [DEFAULT]
 workers = 4
 rpc_backend = rabbit
 [database]
 connection = mysql+pymysql://$GLANCE_USER:$GLANCE_PASSWORD@$MYSQL_HOST/glance
 [glance_store]
 stores = file,http
 default_store = file
 filesystem_store_datadir = /var/lib/glance/images/
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = glance
 password = $GLANCE_PASSWORD
 [oslo_messaging_notifications]
 driver = messagingv2
 [oslo_messaging_rabbit]
 rabbit_host = $RABBIT_HOST
 rabbit_userid = $RABBIT_USER
 rabbit_password = $RABBIT_PASSWORD
 [paste_deploy]
 flavor = keystone
 EOF
--- a/docker-heat/.gitignore
+++ b/docker-heat/.gitignore
@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/docker-heat/Dockerfile
+++ b/docker-heat/Dockerfile
@ -0,0 +1,34 @@
 FROM ubuntu:16.04
 # install packages
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install ubuntu-cloud-keyring \
    && apt-get -y update \
    && apt-get -y install \
        mysql-client \
        python-mysqldb \
        python-openstackclient \
        python-oslo.cache \
        heat-api \
        heat-api-cfn \
        heat-engine \
    && apt-get -y clean
 EXPOSE 8000
 EXPOSE 8004
 #file that writes configs
 COPY write_conf.sh /etc/write_conf.sh
 # add bootstrap script and make it executable
 COPY bootstrap.sh /etc/bootstrap.sh
 COPY run.sh /etc/run.sh
 RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
 RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
 CMD ["/etc/run.sh"]
--- a/docker-heat/README.md
+++ b/docker-heat/README.md
@ -0,0 +1,8 @@
 # Openstack heat
 This docker image provides [Openstack Heat](https://wiki.openstack.org/wiki/Heat). It is meant to be run as part of the [HPC Cloud](https://git.webhosting.rug.nl/HPC/hpc-cloud).
 ## How to build
 ```
 docker build . -t hpc/openstack-heat
 ```
--- a/docker-heat/admin-openrc.sh
+++ b/docker-heat/admin-openrc.sh
@ -0,0 +1,13 @@
 #!/bin/bash
 # To create the Identity service credentials
 export OS_IDENTITY_API_VERSION=3
 export OS_USERNAME=admin
 export OS_PASSWORD=geheim
 export OS_TENANT_NAME=admin
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
--- a/docker-heat/bootstrap.sh
+++ b/docker-heat/bootstrap.sh
@ -0,0 +1,57 @@
 #!/bin/bash
 # Create admin-openrc.sh from secrets that are in the environment during bootstrap.
 cat << EOF > /root/admin-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=${OS_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 export HEAT_USER=heat
 export HEAT_PASSWORD=${HEAT_PASSWORD}
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
 EOF
 source /root/admin-openrc.sh
 # Write the config files
 /etc/write_conf.sh
 # create database for heat
 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
 drop database  if exists heat;
 create database heat;
 GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY "$HEAT_PASSWORD";
 GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY "$HEAT_PASSWORD";
 EOF
 openstack user create "$HEAT_USER" --domain Default --password "$HEAT_PASSWORD"
 openstack role add --project service --user heat admin
 openstack service create --name heat --description "Orchestration" orchestration
 openstack service create --name heat-cfn --description "Orchestration" cloudformation
 openstack endpoint create orchestration public http://"${HEAT_HOST}":8004/v1/%\(tenant_id\)s --region RegionOne
 openstack endpoint create orchestration internal http://"${HEAT_HOST}":8004/v1/%\(tenant_id\)s --region RegionOne
 openstack endpoint create orchestration admin http://"${HEAT_HOST}":8004/v1/%\(tenant_id\)s --region RegionOne
 openstack endpoint create cloudformation public http://"${HEAT_HOST}":8000/v1 --region RegionOne
 openstack endpoint create cloudformation internal http://"${HEAT_HOST}":8000/v1 --region RegionOne
 openstack endpoint create cloudformation admin http://"${HEAT_HOST}":8000/v1 --region RegionOne
 openstack domain create --description "Stack projects and users" heat
 openstack user create --domain heat --password "$HEAT_PASSWORD"  heat_domain_admin
 openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
 openstack role create heat_stack_owner
 openstack role add --project demo --user demo heat_stack_owner
 openstack role create heat_stack_user
 # sync the database
 su -s /bin/sh -c "heat-manage db_sync" heat
--- a/docker-heat/run.sh
+++ b/docker-heat/run.sh
@ -0,0 +1,15 @@
 #!/bin/bash
 # Write the config files
 /etc/write_conf.sh
 heat-api -v -d &
 sleep 5
 heat-api-cfn -v -d &
 sleep 5
 heat-engine -v -d &
 # If any process fails, kill the rest.
 # This insures the container stops and systemd will restart it.
 wait -n
 pkill -P $$
--- a/docker-heat/write_conf.sh
+++ b/docker-heat/write_conf.sh
@ -0,0 +1,35 @@
 #!/bin/bash
 #
 # Generate config files from environments values.
 # These are to be passed to the docker container using -e
 cat << EOF > /etc/heat/heat.conf
 [database]
 connection = mysql+pymysql://heat:$HEAT_PASSWORD@$MYSQL_HOST/heat
 [DEFAULT]
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
 heat_metadata_server_url = http://$HEAT_HOST:8000
 heat_waitcondition_server_url = http://$HEAT_HOST:8000/v1/waitcondition
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = $HEAT_USER
 password = $HEAT_PASSWORD
 [trustee]
 auth_plugin = password
 auth_url = http://$KEYSTONE_HOST:35357
 username = $HEAT_USER
 password = $HEAT_PASSWORD
 user_domain_name = Default
 EOF
--- a/docker-horizon/.gitignore
+++ b/docker-horizon/.gitignore
@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/docker-horizon/000-default.conf
+++ b/docker-horizon/000-default.conf
@ -0,0 +1,11 @@
 <VirtualHost *:80>
        RedirectMatch    "^/$"  "/horizon"
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost>
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- a/docker-horizon/Dockerfile
+++ b/docker-horizon/Dockerfile
@ -0,0 +1,35 @@
 # Build keystone. It needs to be run with
 # --add-host=mariadb:<ip mariadb listens tp>
 # Wen starting with an initialized db,
 # run keystone-manage db_sync from this docker first:
 # $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
 FROM ubuntu:16.04
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install \
    && apt-get -y install openstack-dashboard \
                          python-openstackclient \
    && apt-get -y clean
 EXPOSE 80
 COPY local_settings.py /etc/openstack-dashboard/local_settings.py
 # Add a redirect to /keystone instead of the "It works! page"
 COPY 000-default.conf /etc/apache2/sites-available
 RUN chown -R www-data: /var/lib/openstack-dashboard/
 RUN touch /var/log/horizon.log
 RUN chown www-data: /var/log/horizon.log
 RUN chown horizon: /var/lib/openstack-dashboard/secret_key
 CMD apachectl -DFOREGROUND
--- a/docker-horizon/README.md
+++ b/docker-horizon/README.md
@ -0,0 +1,9 @@
 # docker-horizon
 Docker image to build horizon
 To run, use the following command:
 ```
 docker run -e "MEMCACHED_SERVER=172.23.38.123" -e "OPENSTACK_HOST=172.23.38.123" -it --rm
 ```
--- a/docker-horizon/admin-openrc.sh
+++ b/docker-horizon/admin-openrc.sh
@ -0,0 +1,13 @@
 #!/bin/bash
 # To create the Identity service credentials
 export OS_IDENTITY_API_VERSION=3
 export OS_USERNAME=admin
 export OS_PASSWORD=geheim
 export OS_TENANT_NAME=admin
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
--- a/docker-horizon/local_settings.py
+++ b/docker-horizon/local_settings.py
@ -0,0 +1,518 @@
 # -*- coding: utf-8 -*-
 import os
 from django.utils.translation import ugettext_lazy as _
 from horizon.utils import secret_key
 from openstack_dashboard.settings import HORIZON_CONFIG
 DEBUG = False
 WEBROOT = '/'
 LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
 SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/openstack-dashboard/secret_key')
 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
 MEMCACHED_SERVER = os.environ['MEMCACHED_SERVER']
 CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': '{}:11211'.format(MEMCACHED_SERVER),
    },
 }
 # Send email to the console by default
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 # Configure these for your outgoing email host
 #EMAIL_HOST = 'smtp.my-company.com'
 #EMAIL_PORT = 25
 #EMAIL_HOST_USER = 'djangomail'
 #EMAIL_HOST_PASSWORD = 'top-secret!'
 OPENSTACK_HOST = os.environ['KEYSTONE_HOST']
 OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
 OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
 OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
 }
 # Disable SSL certificate checks (useful for self-signed certificates):
 #OPENSTACK_SSL_NO_VERIFY = True
 # The CA certificate to use to verify SSL connections
 #OPENSTACK_SSL_CACERT = '/path/to/cacert.pem'
 # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
 # capabilities of the auth backend for Keystone.
 # If Keystone has been configured to use LDAP as the auth backend then set
 # can_edit_user to False and name to 'ldap'.
 #
 # TODO(tres): Remove these once Keystone has an API to identify auth backend.
 OPENSTACK_KEYSTONE_BACKEND = {
    'name': 'native',
    'can_edit_user': True,
    'can_edit_group': True,
    'can_edit_project': True,
    'can_edit_domain': True,
    'can_edit_role': True,
 }
 # Setting this to True, will add a new "Retrieve Password" action on instance,
 # allowing Admin session password retrieval/decryption.
 #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
 # Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to
 # determine the experience to enable.  Set them both to true to enable
 # both.
 #LAUNCH_INSTANCE_LEGACY_ENABLED = True
 #LAUNCH_INSTANCE_NG_ENABLED = False
 # The Xen Hypervisor has the ability to set the mount point for volumes
 # attached to instances (other Hypervisors currently do not). Setting
 # can_set_mount_point to True will add the option to set the mount point
 # from the UI.
 OPENSTACK_HYPERVISOR_FEATURES = {
    'can_set_mount_point': False,
    'can_set_password': False,
    'requires_keypair': False,
    'enable_quotas': True
 }
 # The OPENSTACK_CINDER_FEATURES settings can be used to enable optional
 # services provided by cinder that is not exposed by its extension API.
 OPENSTACK_CINDER_FEATURES = {
    'enable_backup': False,
 }
 # The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
 # services provided by neutron. Options currently available are load
 # balancer service, security groups, quotas, VPN service.
 OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_ipv6': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
    # profile_support can be turned on if needed.
    'profile_support': None,
    #'profile_support': 'cisco',
    'supported_vnic_types': ['*'],
 }
 # The OPENSTACK_HEAT_STACK settings can be used to disable password
 # field required while launching the stack.
 OPENSTACK_HEAT_STACK = {
    'enable_user_pass': True,
 }
 #OPENSTACK_IMAGE_BACKEND = {
 #    'image_formats': [
 #        ('', _('Select format')),
 #        ('aki', _('AKI - Amazon Kernel Image')),
 #        ('ami', _('AMI - Amazon Machine Image')),
 #        ('ari', _('ARI - Amazon Ramdisk Image')),
 #        ('docker', _('Docker')),
 #        ('iso', _('ISO - Optical Disk Image')),
 #        ('ova', _('OVA - Open Virtual Appliance')),
 #        ('qcow2', _('QCOW2 - QEMU Emulator')),
 #        ('raw', _('Raw')),
 #        ('vdi', _('VDI - Virtual Disk Image')),
 #        ('vhd', _('VHD - Virtual Hard Disk')),
 #        ('vmdk', _('VMDK - Virtual Machine Disk')),
 #    ],
 #}
 # The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for
 # image custom property attributes that appear on image detail pages.
 IMAGE_CUSTOM_PROPERTY_TITLES = {
    "architecture": _("Architecture"),
    "kernel_id": _("Kernel ID"),
    "ramdisk_id": _("Ramdisk ID"),
    "image_state": _("Euca2ools state"),
    "project_id": _("Project ID"),
    "image_type": _("Image Type"),
 }
 # The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image
 # custom properties should not be displayed in the Image Custom Properties
 # table.
 IMAGE_RESERVED_CUSTOM_PROPERTIES = []
 # Set to 'legacy' or 'direct' to allow users to upload images to glance via
 # Horizon server. When enabled, a file form field will appear on the create
 # image form. If set to 'off', there will be no file form field on the create
 # image form. See documentation for deployment considerations.
 #HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
 # Allow a location to be set when creating or updating Glance images.
 # If using Glance V2, this value should be False unless the Glance
 # configuration and policies allow setting locations.
 #IMAGES_ALLOW_LOCATION = False
 # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
 # in the Keystone service catalog. Use this setting when Horizon is running
 # external to the OpenStack environment. The default is 'publicURL'.
 OPENSTACK_ENDPOINT_TYPE = "publicURL"
 # SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the
 # case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints
 # in the Keystone service catalog. Use this setting when Horizon is running
 # external to the OpenStack environment. The default is None. This
 # value should differ from OPENSTACK_ENDPOINT_TYPE if used.
 #SECONDARY_ENDPOINT_TYPE = None
 # The number of objects (Swift containers/objects or images) to display
 # on a single page before providing a paging element (a "more" link)
 # to paginate results.
 API_RESULT_LIMIT = 1000
 API_RESULT_PAGE_SIZE = 20
 # The size of chunk in bytes for downloading objects from Swift
 SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
 # The default number of lines displayed for instance console log.
 INSTANCE_LOG_LENGTH = 35
 # Specify a maximum number of items to display in a dropdown.
 DROPDOWN_MAX_ITEMS = 30
 # The timezone of the server. This should correspond with the timezone
 # of your entire OpenStack installation, and hopefully be in UTC.
 TIME_ZONE = "UTC"
 # When launching an instance, the menu of available flavors is
 # sorted by RAM usage, ascending. If you would like a different sort order,
 # you can provide another flavor attribute as sorting key. Alternatively, you
 # can provide a custom callback method to use for sorting. You can also provide
 # a flag for reverse sort. For more info, see
 # http://docs.python.org/2/library/functions.html#sorted
 #CREATE_INSTANCE_FLAVOR_SORT = {
 #    'key': 'name',
 #     # or
 #    'key': my_awesome_callback_method,
 #    'reverse': False,
 #}
 # Set this to True to display an 'Admin Password' field on the Change Password
 # form to verify that it is indeed the admin logged-in who wants to change
 # the password.
 #ENFORCE_PASSWORD_CHECK = False
 # Modules that provide /auth routes that can be used to handle different types
 # of user authentication. Add auth plugins that require extra route handling to
 # this list.
 #AUTHENTICATION_URLS = [
 #    'openstack_auth.urls',
 #]
 # The Horizon Policy Enforcement engine uses these values to load per service
 # policy rule files. The content of these files should match the files the
 # OpenStack services are using to determine role based access control in the
 # target installation.
 # Path to directory containing policy.json files
 #POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
 # Map of local copy of service policy files.
 # Please insure that your identity policy file matches the one being used on
 # your keystone servers. There is an alternate policy file that may be used
 # in the Keystone v3 multi-domain case, policy.v3cloudsample.json.
 # This file is not included in the Horizon repository by default but can be
 # found at
 # http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \
 # policy.v3cloudsample.json
 # Having matching policy files on the Horizon and Keystone servers is essential
 # for normal operation. This holds true for all services and their policy files.
 #POLICY_FILES = {
 #    'identity': 'keystone_policy.json',
 #    'compute': 'nova_policy.json',
 #    'volume': 'cinder_policy.json',
 #    'image': 'glance_policy.json',
 #    'orchestration': 'heat_policy.json',
 #    'network': 'neutron_policy.json',
 #}
 # TODO: (david-lyle) remove when plugins support adding settings.
 # Note: Only used when trove-dashboard plugin is configured to be used by
 # Horizon.
 # Trove user and database extension support. By default support for
 # creating users and databases on database instances is turned on.
 # To disable these extensions set the permission here to something
 # unusable such as ["!"].
 #TROVE_ADD_USER_PERMS = []
 #TROVE_ADD_DATABASE_PERMS = []
 # Change this patch to the appropriate list of tuples containing
 # a key, label and static directory containing two files:
 # _variables.scss and _styles.scss
 #AVAILABLE_THEMES = [
 #    ('default', 'Default', 'themes/default'),
 #    ('material', 'Material', 'themes/material'),
 #]
 LOGGING = {
    'version': 1,
    # When set to True this will disable all logging except
    # for loggers specified in this configuration dictionary. Note that
    # if nothing is specified here and disable_existing_loggers is True,
    # django.db.backends will still log unless it is disabled explicitly.
    'disable_existing_loggers': False,
    'formatters': {
        'operation': {
            # The format of "%(message)s" is defined by
            # OPERATION_LOG_OPTIONS['format']
            'format': '%(asctime)s %(message)s'
        },
    },
    'handlers': {
        'null': {
            'level': 'DEBUG',
            'class': 'logging.NullHandler',
        },
        'console': {
            # Set the level to "DEBUG" for verbose output logging.
            'level': 'INFO',
            'class': 'logging.StreamHandler',
        },
        'operation': {
            'level': 'INFO',
            'class': 'logging.StreamHandler',
            'formatter': 'operation',
        },
    },
    'loggers': {
        # Logging from django.db.backends is VERY verbose, send to null
        # by default.
        'django.db.backends': {
            'handlers': ['null'],
            'propagate': False,
        },
        'requests': {
            'handlers': ['null'],
            'propagate': False,
        },
        'horizon': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'horizon.operation_log': {
            'handlers': ['operation'],
            'level': 'INFO',
            'propagate': False,
        },
        'openstack_dashboard': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'novaclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'cinderclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'keystoneclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'keystoneauth': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'glanceclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'neutronclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'heatclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'swiftclient': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'openstack_auth': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'nose.plugins.manager': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'django': {
            'handlers': ['console'],
            'level': 'DEBUG',
            'propagate': False,
        },
        'iso8601': {
            'handlers': ['null'],
            'propagate': False,
        },
        'scss': {
            'handlers': ['null'],
            'propagate': False,
        },
    },
 }
 # 'direction' should not be specified for all_tcp/udp/icmp.
 # It is specified in the form.
 SECURITY_GROUP_RULES = {
    'all_tcp': {
        'name': _('All TCP'),
        'ip_protocol': 'tcp',
        'from_port': '1',
        'to_port': '65535',
    },
    'all_udp': {
        'name': _('All UDP'),
        'ip_protocol': 'udp',
        'from_port': '1',
        'to_port': '65535',
    },
    'all_icmp': {
        'name': _('All ICMP'),
        'ip_protocol': 'icmp',
        'from_port': '-1',
        'to_port': '-1',
    },
    'ssh': {
        'name': 'SSH',
        'ip_protocol': 'tcp',
        'from_port': '22',
        'to_port': '22',
    },
    'smtp': {
        'name': 'SMTP',
        'ip_protocol': 'tcp',
        'from_port': '25',
        'to_port': '25',
    },
    'dns': {
        'name': 'DNS',
        'ip_protocol': 'tcp',
        'from_port': '53',
        'to_port': '53',
    },
    'http': {
        'name': 'HTTP',
        'ip_protocol': 'tcp',
        'from_port': '80',
        'to_port': '80',
    },
    'pop3': {
        'name': 'POP3',
        'ip_protocol': 'tcp',
        'from_port': '110',
        'to_port': '110',
    },
    'imap': {
        'name': 'IMAP',
        'ip_protocol': 'tcp',
        'from_port': '143',
        'to_port': '143',
    },
    'ldap': {
        'name': 'LDAP',
        'ip_protocol': 'tcp',
        'from_port': '389',
        'to_port': '389',
    },
    'https': {
        'name': 'HTTPS',
        'ip_protocol': 'tcp',
        'from_port': '443',
        'to_port': '443',
    },
    'smtps': {
        'name': 'SMTPS',
        'ip_protocol': 'tcp',
        'from_port': '465',
        'to_port': '465',
    },
    'imaps': {
        'name': 'IMAPS',
        'ip_protocol': 'tcp',
        'from_port': '993',
        'to_port': '993',
    },
    'pop3s': {
        'name': 'POP3S',
        'ip_protocol': 'tcp',
        'from_port': '995',
        'to_port': '995',
    },
    'ms_sql': {
        'name': 'MS SQL',
        'ip_protocol': 'tcp',
        'from_port': '1433',
        'to_port': '1433',
    },
    'mysql': {
        'name': 'MYSQL',
        'ip_protocol': 'tcp',
        'from_port': '3306',
        'to_port': '3306',
    },
    'rdp': {
        'name': 'RDP',
        'ip_protocol': 'tcp',
        'from_port': '3389',
        'to_port': '3389',
    },
 }
 REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
                              'LAUNCH_INSTANCE_DEFAULTS',
                              'OPENSTACK_IMAGE_FORMATS',
                              'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN']
 # The default theme if no cookie is present
 DEFAULT_THEME = 'ubuntu'
 # Default Ubuntu apache configuration uses /horizon as the application root.
 WEBROOT='/horizon/'
 # By default, validation of the HTTP Host header is disabled.  Production
 # installations should have this set accordingly.  For more information
 # see https://docs.djangoproject.com/en/dev/ref/settings/.
 ALLOWED_HOSTS = '*'
 # Compress all assets offline as part of packaging installation
 COMPRESS_OFFLINE = True
 ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
--- a/docker-keystone/.gitignore
+++ b/docker-keystone/.gitignore
@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/docker-keystone/Dockerfile
+++ b/docker-keystone/Dockerfile
@ -0,0 +1,28 @@
 # Build keystone. It needs to be run with
 # --add-host=mariadb:<ip mariadb listens tp>
 # Wen starting with an initialized db,
 # run keystone-manage db_sync from this docker first:
 # $ docker run hpc/keystone --add-host=mariadb:<ip mariadb> "keystone-manage db_sync"
 FROM ubuntu:16.04
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install \
    && apt-get -y install keystone python-openstackclient \
    && apt-get -y clean
 # set admin token TODO: make this a secret
 # in volume of met env
 COPY keystone.conf /etc/keystone/keystone.conf
 RUN mkdir /etc/keystone/fernet-keys
 RUN chown keystone: /etc/keystone/fernet-keys
 COPY bootstrap.sh /etc/bootstrap.sh
 CMD apachectl -DFOREGROUND
--- a/docker-keystone/README.md
+++ b/docker-keystone/README.md
@ -0,0 +1,9 @@
 # ubuntu 16.04 openstack ocata keystone
 ## How to build the docker image.
 ```
 docker  build . -t hpc/openstack-keystone
 ```
 ## Notes
 This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
--- a/docker-keystone/bootstrap.sh
+++ b/docker-keystone/bootstrap.sh
@ -0,0 +1,46 @@
 #!/bin/bash
 # Create admin-openrc.sh from secrets that are in the environment during bootstrap.
 cat << EOF > /root/admin-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=${OS_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 EOF
 # Create demo-openrc.sh
 cat << EOF > /root/demo-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=demo
 export OS_USERNAME=demo
 export OS_PASSWORD=${OS_DEMO_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 EOF
 source /root/admin-openrc.sh
 sleep 3
 openstack project create --domain default \
      --description "Service Project" service
 sleep 3
 openstack project create --domain default \
  --description "Demo Project" demo
 sleep 3
 openstack user create --domain default \
  --password "$OS_DEMO_PASSWORD" demo
 sleep 3
 openstack role create user
 sleep 3
 openstack role add --project demo --user demo user
--- a/docker-keystone/keystone.conf
+++ b/docker-keystone/keystone.conf
@ -0,0 +1,12 @@
 [DEFAULT]
 verbose = true
 [database]
 connection = mysql+pymysql://keystone:keystone@mariadb/keystone
 [token]
 provider = fernet
 [identity]
 default_domain_id = default
--- a/docker-keystone/keystone.service
+++ b/docker-keystone/keystone.service
@ -0,0 +1,17 @@
 [Unit]
 Description=Openstack Keystone Container
 After=docker.service
 Requires=docker.service
 [Service]
 TimeoutStartSec=0
 Restart=always
 ExecStartPre=-/usr/bin/docker rm -f %n
 ExecStart=/usr/bin/docker run --name %n \
  --add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }} \
  -p 5000:5000 -p 35357:35357 \
  -v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys \
  hpc/keystone
 [Install]
 WantedBy=multi-user.target
--- a/docker-neutron-controller/.gitignore
+++ b/docker-neutron-controller/.gitignore
@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/docker-neutron-controller/Dockerfile
+++ b/docker-neutron-controller/Dockerfile
@ -0,0 +1,31 @@
 FROM ubuntu:16.04
 # install packages
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install ubuntu-cloud-keyring \
    && apt-get -y update \
    && apt-get -y install \
        mysql-client \
        python-mysqldb \
        python-openstackclient \
        neutron-server \
        neutron-plugin-ml2 \
        neutron-linuxbridge-agent \
        neutron-l3-agent \
        neutron-metadata-agent \
    && apt-get -y clean
 # add bootstrap script and make it executable
 COPY bootstrap.sh /etc/bootstrap.sh
 # Workaround for vlan_transparent parameter set to None.
 COPY db_base_plugin_v2.py /usr/lib/python2.7/dist-packages/neutron/db/db_base_plugin_v2.py
 COPY run.sh /etc/run.sh
 COPY write_conf.sh /etc/write_conf.sh
 CMD ["/etc/run.sh"]
--- a/docker-neutron-controller/README.md
+++ b/docker-neutron-controller/README.md
@ -0,0 +1,21 @@
 # ubuntu 16.04 openstack ocata neutron controler node
 ## How to build the docker image.
 ```
 docker  build . -t="hpc/neutroncontroller"
 ```
 ## How to bootstrap the service.
 Before we can take the container into service we need accounts in keystone.
 We also need an initial database. Both of these tasks are performed by the bootstrap script.
 ```
 docker run --rm --it --add-host="controller:<keystone_ip>" hpc/neutroncontroler /etc/bootstrap.sh
 ```
 ## How to run
 This image needs a lot of environment variables. It should be run via the `hpc-cloud` ansible repository.
 ## Notes
 This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
 The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.
--- a/docker-neutron-controller/bootstrap.sh
+++ b/docker-neutron-controller/bootstrap.sh
@ -0,0 +1,76 @@
 #!/bin/bash
 #
 # This script sets up the openstack users and regions..
 # as well as the database for the nova controller.
 # This guide was used:
 # https://docs.openstack.org/ocata/install-guide-ubuntu/nova-controller-install.
 # Create admin-openrc.sh from secrets that are in the environment during bootstrap.
 cat << EOF > /root/admin-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=${OS_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
 EOF
 source /root/admin-openrc.sh
 # create database for neutron.
 SQL_SCRIPT=/root/neutron.sql
 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
 DROP DATABASE  IF EXISTS neutron;
 CREATE DATABASE neutron;
 GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
    IDENTIFIED BY "${NEUTRON_PASSWORD}";
 GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
    IDENTIFIED BY "${NEUTRON_PASSWORD}";
 EOF
 openstack user create "$NEUTRON_USER" --domain default --password "$NEUTRON_PASSWORD"
 openstack role add --project service --user neutron admin
 openstack service create --name neutron --description "OpenStack Networking" network
 # neutron endpoints
 openstack endpoint create --region RegionOne \
  network public http://$MY_IP:9696
 openstack endpoint create --region RegionOne \
  network internal http://$MY_IP:9696
 openstack endpoint create --region RegionOne \
  network admin http://$MY_IP:9696
 # population of the database requires complete server and plug-in configuration files.
 /etc/write_conf.sh
 # Ugly hacks to prevent the manage command from failing
 sed -i "/    op.drop_column('networks', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/liberty/contract/4ffceebfada_rbac_network.py
 sed -i "/    op.drop_column('subnets', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/liberty/contract/4ffceebfada_rbac_network.py
 sed -i "/    op.drop_column('qos_policies', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/mitaka/contract/c6c112992c9_rbac_qos_policy.py
 neutron-db-manage --config-file /etc/neutron/neutron.conf \
                  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
 # And now we drop the colums and constraints that the ORM fails to drop.
 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" neutron << EOF
 ALTER TABLE networks DROP CONSTRAINT CONSTRAINT_2;
 alter table networks drop column shared;
 ALTER TABLE subnets DROP CONSTRAINT CONSTRAINT_2;
 ALTER TABLE subnets DROP COLUMN shared;
 ALTER TABLE qos_policies DROP CONSTRAINT CONSTRAINT_1;
 ALTER TABLE qos_policies drop column shared
 EOF
--- a/docker-neutron-controller/db_base_plugin_v2.py
+++ b/docker-neutron-controller/db_base_plugin_v2.py
--- a/docker-neutron-controller/run.sh
+++ b/docker-neutron-controller/run.sh
@ -0,0 +1,36 @@
 #!/bin/bash
 # start neutron services
 /etc/write_conf.sh
 /usr/bin/neutron-server \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
 --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
 --config-file /etc/neutron/metadata_agent.ini \
 --config-dir /etc/neutron/ \
 -v -d &
 sleep 3
 /usr/bin/neutron-linuxbridge-agent \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
 --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
 --config-file /etc/neutron/metadata_agent.ini \
 --config-dir /etc/neutron/ \
 -v -d &
 sleep 3
 neutron-metadata-agent \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
 --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
 --config-file /etc/neutron/metadata_agent.ini \
 --config-dir /etc/neutron/ \
 -v -d &
 # If any process fails, kill the rest.
 # This insures the container stops and systemd will restart it.
 wait -n
 pkill -P $$
--- a/docker-neutron-controller/write_conf.sh
+++ b/docker-neutron-controller/write_conf.sh
@ -0,0 +1,86 @@
 #!/bin/bash
 #
 # Generate config files from environments values.
 # These are to be passed to the docker container using -e
 cat << EOF > /etc/neutron/neutron.conf
 [DEFAULT]
 core_plugin = ml2
 service_plugins =
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
 auth_strategy = keystone
 notify_nova_on_port_status_changes = true
 notify_nova_on_port_data_changes = true
 dhcp_agents_per_network = 2
 global_physnet_mtu = $GLOBAL_PHYSNET_MTU
 [agent]
 root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
 [database]
 connection = mysql+pymysql://$NEUTRON_USER:$NEUTRON_PASSWORD@mariadb/neutron
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = $NEUTRON_USER
 password = $NEUTRON_PASSWORD
 [nova]
 auth_url = http://$KEYSTONE_HOST:35357
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 region_name = RegionOne
 project_name = service
 username = $NOVA_USER
 password = $NOVA_PASSWORD
 EOF
 cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
 [ml2]
 type_drivers = flat,vlan
 tenant_network_types =
 mechanism_drivers = linuxbridge
 extension_drivers = port_security
 path_mtu = $GLOBAL_PHYSNET_MTU
 [ml2_type_vlan]
 network_vlan_ranges = provider
 [ml2_type_flat]
 flat_networks = provider
 [securitygroup]
 enable_ipset = true
 EOF
 cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 [linux_bridge]
 physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
 [vxlan]
 enable_vxlan = false
 [securitygroup]
 enable_security_group = true
 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
 EOF
 cat << EOF > /etc/neutron/metadata_agent.ini
 [DEFAULT]
 nova_metadata_ip = $MY_IP
 metadata_proxy_shared_secret = $METADATA_SECRET
 EOF
--- a/docker-nova-compute/.drone.yml
+++ b/docker-nova-compute/.drone.yml
@ -0,0 +1,26 @@
 ---
 pipeline:
  docker:
    image: plugins/docker
    secrets: [docker_username, docker_password]
    registry: registry.webhosting.rug.nl
    repo: registry.webhosting.rug.nl/hpc/openstack-nova-compute
    tag: latest
  notify:
    image: drillster/drone-email
    host: smtp.rug.nl
    port: 25
    skip_verify: true
    from: drone@webhosting.rug.nl
    recipients: [e.m.a.rijpkema@rug.nl]
    recipients: [e.m.a.rijpkema@rug.nl, w.k.nap@rug.nl]
    recipients_only: true
    when:
      status: [success, changed, failure]
 #  slack:
 #    image: plugins/slack
 #    webhook:
 #    channel: docker
 #    when:
 #      branch: [master, merlin]
 #      status: [success, failure]
--- a/docker-nova-compute/Dockerfile
+++ b/docker-nova-compute/Dockerfile
@ -0,0 +1,23 @@
 FROM ubuntu:16.04
 # install packages
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install ubuntu-cloud-keyring \
    && apt-get -y update \
    && apt-get -y install \
        python-openstackclient \
        nova-compute \
        neutron-linuxbridge-agent \
        neutron-dhcp-agent \
        neutron-metadata-agent \
    && apt-get -y clean
 COPY write_conf.sh /etc/write_conf.sh
 COPY run.sh /etc/run.sh
 RUN echo hoi
 CMD ["/etc/run.sh"]
--- a/docker-nova-compute/README.md
+++ b/docker-nova-compute/README.md
@ -0,0 +1,9 @@
 # ubuntu 16.04 openstack ocata nova compute node
 # How to build the docker image.
 ```
 docker  build . -t hpc/novacompute
 ```
 # Notes
 This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
--- a/docker-nova-compute/run.sh
+++ b/docker-nova-compute/run.sh
@ -0,0 +1,34 @@
 #!/bin/bash
 # start nova compute service
 /etc/write_conf.sh
 /usr/bin/neutron-linuxbridge-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini -v -d &
 /usr/bin/nova-compute --config-file=/etc/nova/nova-compute.conf &
 sleep 3
 /usr/bin/neutron-dhcp-agent \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
 --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
 --config-file /etc/neutron/dhcp_agent.ini \
 --config-file /etc/neutron/metadata_agent.ini \
 --config-dir /etc/neutron/ \
 -v -d &
 sleep 3
 neutron-metadata-agent \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
 --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
 --config-file /etc/neutron/dhcp_agent.ini \
 --config-file /etc/neutron/metadata_agent.ini \
 --config-dir /etc/neutron/ \
 -v -d &
 # If any process fails, kill the rest.
 # This ensures the container stops and systemd will restart it.
 wait -n
 pkill -P $$
--- a/docker-nova-compute/write_conf.sh
+++ b/docker-nova-compute/write_conf.sh
@ -0,0 +1,269 @@
 #!/bin/bash
 #
 # Generate config files from environments values.
 # These are to be passed to the docker container using -e
 cat << EOF > /root/admin-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=${OS_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
 EOF
 cat << EOF > /etc/nova/nova.conf
 [DEFAULT]
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
 rabbit_host = $RABBIT_HOST
 dhcpbridge_flagfile=/etc/nova/nova.conf
 dhcpbridge=/usr/bin/nova-dhcpbridge
 force_dhcp_release=true
 state_path=/var/lib/nova
 enabled_apis=osapi_compute,metadata
 service_metadata_proxy = True
 metadata_proxy_shared_secret = $METADATA_SECRET
 my_ip = $MY_IP
 use_neutron = True
 firewall_driver = nova.virt.firewall.NoopFirewallDriver
 scheduler_default_filters = AllHostsFilter
 allow_migrate_to_same_host = True
 allow_resize_to_same_host = True
 [neutron]
 url = http://$NEUTRON_CONTROLLER_HOST:9696
 auth_url = http://$KEYSTONE_HOST:35357
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 region_name = RegionOne
 project_name = service
 username = $NEUTRON_USER
 password = $NEUTRON_PASSWORD
 [vnc]
 enabled = True
 vncserver_listen = 0.0.0.0
 vncserver_proxyclient_address = $MY_IP
 novncproxy_base_url = http://$NOVA_CONTROLLER_HOST:6080/vnc_auto.html
 [glance]
 api_servers = http://$GLANCE_CONTROLLER_HOST:9292
 [oslo_concurrency]
 lock_path = /var/lib/nova/tmp
 [api]
 auth_strategy = keystone
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = $NOVA_USER
 password = $NOVA_PASSWORD
 [api_database]
 connection = mysql+pymysql://$NOVA_COMPUTE_USER:$NOVA_PASSWORD@mariadb/nova_api
 [barbican]
 [cache]
 [cells]
 enable=False
 [placement]
 os_region_name = RegionOne
 project_domain_name = Default
 project_name = service
 auth_type = password
 user_domain_name = Default
 auth_url = http://$KEYSTONE_HOST:35357/v3
 username = $NOVA_PLACEMENT_USER
 password = $NOVA_PLACEMENT_PASSWORD
 [cinder]
 os_region_name = RegionOne
 [wsgi]
 api_paste_config=/etc/nova/api-paste.ini
 EOF
 cat << EOF > /etc/nova/nova-compute.conf
 [DEFAULT]
 compute_driver=libvirt.LibvirtDriver
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
 rabbit_host = $RABBIT_HOST
 dhcpbridge_flagfile=/etc/nova/nova.conf
 dhcpbridge=/usr/bin/nova-dhcpbridge
 force_dhcp_release=true
 state_path=/var/lib/nova
 enabled_apis=osapi_compute,metadata
 my_ip = $MY_IP
 use_neutron = True
 firewall_driver = nova.virt.firewall.NoopFirewallDriver
 scheduler_default_filters = AllHostsFilter
 allow_migrate_to_same_host = True
 allow_resize_to_same_host = True
 [libvirt]
 virt_type=kvm
 [vnc]
 enabled = True
 vncserver_listen = 0.0.0.0
 vncserver_proxyclient_address = $MY_IP
 novncproxy_base_url = http://$NOVA_CONTROLLER_HOST:6080/vnc_auto.html
 [glance]
 api_servers = http://$GLANCE_CONTROLLER_HOST:9292
 [oslo_concurrency]
 lock_path = /var/lib/nova/tmp
 [api]
 auth_strategy = keystone
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = $NOVA_USER
 password = $NOVA_PASSWORD
 [api_database]
 connection = mysql+pymysql://$NOVA_COMPUTE_USER:$NOVA_PASSWORD@mariadb/nova_api
 [barbican]
 [cache]
 [cells]
 enable=False
 [placement]
 os_region_name = RegionOne
 project_domain_name = Default
 project_name = service
 auth_type = password
 user_domain_name = Default
 auth_url = http://$KEYSTONE_HOST:35357/v3
 username = $NOVA_PLACEMENT_USER
 password = $NOVA_PLACEMENT_PASSWORD
 [wsgi]
 api_paste_config=/etc/nova/api-paste.ini
 [neutron]
 url = http://$NEUTRON_CONTROLLER_HOST:9696
 auth_url = http://$KEYSTONE_HOST:35357
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 region_name = RegionOne
 project_name = service
 username = $NEUTRON_USER
 password = $NEUTRON_PASSWORD
 [cinder]
 os_region_name = RegionOne
 EOF
 cat << EOF > /etc/neutron/neutron.conf
 [DEFAULT]
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
 auth_strategy = keystone
 core_plugin = ml2
 global_physnet_mtu = $GLOBAL_PHYSNET_MTU
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = $NEUTRON_USER
 password = $NEUTRON_PASSWORD
 [nova]
 auth_url = http://$KEYSTONE_HOST:35357
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 region_name = RegionOne
 project_name = service
 username = $NOVA_USER
 password = $NOVA_PASSWORD
 EOF
 cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 [linux_bridge]
 physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
 [vxlan]
 enable_vxlan = false
 [securitygroup]
 enable_security_group = true
 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
 EOF
 cat << EOF > /etc/neutron/dhcp_agent.ini
 [DEFAULT]
 interface_driver = linuxbridge
 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
 enable_isolated_metadata = true
 EOF
 cat << EOF > /etc/neutron/metadata_agent.ini
 [DEFAULT]
 nova_metadata_ip = $NEUTRON_CONTROLLER_HOST
 metadata_proxy_shared_secret = $METADATA_SECRET
 EOF
 cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
 [ml2]
 type_drivers = flat,vlan
 tenant_network_types =
 mechanism_drivers = linuxbridge
 extension_drivers = port_security
 path_mtu = $GLOBAL_PHYSNET_MTU
 [ml2_type_vlan]
 network_vlan_ranges = provider
 [ml2_type_flat]
 flat_networks = provider
 [securitygroup]
 enable_ipset = true
 EOF
--- a/docker-nova-service/.gitignore
+++ b/docker-nova-service/.gitignore
@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/docker-nova-service/Dockerfile
+++ b/docker-nova-service/Dockerfile
@ -0,0 +1,32 @@
 FROM ubuntu:16.04
 # install packages
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install ubuntu-cloud-keyring \
    && apt-get -y update \
    && apt-get -y install \
        mysql-client \
        python-mysqldb \
        python-openstackclient \
        python-oslo.cache \
        nova-api \
        nova-conductor \
        nova-consoleauth \
        nova-novncproxy \
        nova-scheduler \
        nova-placement-api \
    && apt-get -y clean
 EXPOSE 8774
 EXPOSE 8778
 # add bootstrap script and make it executable
 COPY bootstrap.sh /etc/bootstrap.sh
 COPY run.sh /etc/run.sh
 COPY write_conf.sh /etc/write_conf.sh
 CMD ["/etc/run.sh"]
--- a/docker-nova-service/README.md
+++ b/docker-nova-service/README.md
@ -0,0 +1,24 @@
 # ubuntu 16.04 openstack ocata nova controler node
 # How to build the docker image.
 ```
 docker  build . -t="hpc/openstack-nova-service"
 ```
 # How to bootstrap the service.
 Before we can take the container into service we need accounts in keystone.
 We also need an initial database. Both of these tasks are performed by the bootstrap script.
 ```
 docker run --rm --it --add-host="controller:<keystone_ip>" hpc/novacontroler /etc/bootstrap.sh
 ```
 # How to run
 ```
 docker run --rm --add-host="controller:<keystone_ip>" --privileged -p 8774:8774 -p 8778:8778 hpc/novacontroler /etc/run.sh
 ```
 Where keystone_ip is the ip of the docker host where our keystone service is running.
 # Notes
 This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
 The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.
--- a/docker-nova-service/bootstrap.sh
+++ b/docker-nova-service/bootstrap.sh
@ -0,0 +1,116 @@
 #!/bin/bash
 #
 # This script sets up the openstack users and regions..
 # as well as the database for the nova controller.
 # This guide was used:
 # https://docs.openstack.org/ocata/install-guide-ubuntu/nova-controller-install.
 # write the configuration files with values from the environment.
 /etc/write_conf.sh
 cat << EOF > /root/admin-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=${OS_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
 EOF
 source /root/admin-openrc.sh
 # create database for nova
 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
 DROP DATABASE  IF EXISTS nova;
 DROP DATABASE  IF EXISTS nova_compute;  -- db for nova compute service
 DROP DATABASE  IF EXISTS nova_api;
 DROP DATABASE  IF EXISTS nova_cell0;
 CREATE DATABASE nova;
 CREATE DATABASE nova_compute;
 CREATE DATABASE nova_api;
 CREATE DATABASE nova_cell0;
 GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
    IDENTIFIED BY "${NOVA_PASSWORD}";
 GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
    IDENTIFIED BY "${NOVA_PASSWORD}";
 GRANT ALL PRIVILEGES ON nova_compute.* TO 'nova_compute'@'localhost' \
    IDENTIFIED BY "${NOVA_PASSWORD}";
 GRANT ALL PRIVILEGES ON nova_compute.* TO 'nova_compute'@'%' \
    IDENTIFIED BY "${NOVA_PASSWORD}";
 GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
    IDENTIFIED BY "${NOVA_PASSWORD}";
 GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
    IDENTIFIED BY "${NOVA_PASSWORD}";
 GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
    IDENTIFIED BY "${NOVA_PASSWORD}";
 GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
    IDENTIFIED BY "${NOVA_PASSWORD}";
 EOF
 openstack user create nova --domain default --password "$NOVA_PASSWORD"
 openstack role add --project service --user nova admin
 openstack service create --name nova --description "OpenStack Compute" compute
 # compute endpoints
 openstack endpoint create --region RegionOne \
    compute public http://"$MY_IP":8774/v2.1
 openstack endpoint create --region RegionOne \
    compute internal http://"$MY_IP":8774/v2.1
 openstack endpoint create --region RegionOne \
    compute admin http://"$MY_IP":8774/v2.1
 openstack user create --domain default --password "$NOVA_PLACEMENT_PASSWORD" placement
 openstack role add --project service --user placement admin
 openstack service create --name placement --description "Placement API" placement
 # placement endpoints
 openstack endpoint create --region RegionOne placement public http://"$MY_IP":8778
 openstack endpoint create --region RegionOne placement internal http://"$MY_IP":8778
 openstack endpoint create --region RegionOne placement admin http://"$MY_IP":8778
 #Populate the nova-api database
 nova-manage api_db sync
 # Register the cell0 database:
 nova-manage cell_v2 map_cell0
 # Create the cel1 cell
 nova-manage cell_v2 create_cell --name=cell1 --verbose
 # sync the database
 nova-manage db sync
 e nova_api;
 # Prevent crashes when nova api server tries to insert None in config_drive
 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
 alter table nova_api.build_requests drop constraint CONSTRAINT_1;
 EOF
 # https://bugs.launchpad.net/packstack/+bug/1673305
 # discover compute hosts.
 nova-manage cell_v2 discover_hosts
 # Verify nova cell0 and cell1 are registered correctly:
 nova-manage cell_v2 list_cells
--- a/docker-nova-service/run.sh
+++ b/docker-nova-service/run.sh
@ -0,0 +1,23 @@
 #!/bin/bash
 # start nova service
 # write the configuration files with values from the environment.
 /etc/write_conf.sh
 nova-api -v -d &
 sleep 3
 nova-consoleauth -v -d &
 sleep 3
 nova-scheduler -v -d &
 sleep 3
 nova-conductor -v -d &
 sleep 3
 nova-novncproxy -v -d &
 # start the placement api
 apachectl -DFOREGROUND &
 # If any process fails, kill the rest.
 # This insures the container stops and systemd will restart it.
 wait -n
 pkill -P $$
--- a/docker-nova-service/write_conf.sh
+++ b/docker-nova-service/write_conf.sh
@ -0,0 +1,75 @@
 #!/bin/bash
 #
 # Generate config files from environments values.
 # These are to be passed to the docker container using -e
 cat << EOF > /etc/nova/nova.conf
 [api_database]
 connection = mysql+pymysql://$NOVA_USER:$NOVA_PASSWORD@mariadb/nova_api
 [database]
 connection = mysql+pymysql://$NOVA_USER:$NOVA_PASSWORD@mariadb/nova
 [DEFAULT]
 use_neutron = True
 my_ip = $MY_IP
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
 scheduler_default_filters = AllHostsFilter
 allow_migrate_to_same_host = True
 allow_resize_to_same_host = True
 firewall_driver = nova.virt.firewall.NoopFirewallDriver
 enabled_apis=osapi_compute,metadata
 [neutron]
 url = http://$NEUTRON_CONTROLLER_HOST:9696
 auth_url = http://$KEYSTONE_HOST:35357
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 region_name = RegionOne
 project_name = service
 username = $NEUTRON_USER
 password = $NEUTRON_PASSWORD
 service_metadata_proxy = True
 metadata_proxy_shared_secret = $METADATA_SECRET
 [api]
 auth_strategy = keystone
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = $NOVA_USER
 password = $NOVA_PASSWORD
 [vnc]
 enabled = true
 vncserver_listen = $MY_IP
 vncserver_proxyclient_address = $MY_IP
 [glance]
 api_servers = http://$GLANCE_CONTROLLER_HOST:9292
 [oslo_concurrency]
 lock_path = /var/lib/nova/tmp
 [placement]
 os_region_name = RegionOne
 project_domain_name = Default
 project_name = service
 auth_type = password
 user_domain_name = Default
 auth_url = http://$KEYSTONE_HOST:35357/v3
 username = $NOVA_PLACEMENT_USER
 password = $NOVA_PLACEMENT_PASSWORD
 [cinder]
 os_region_name = RegionOne
 EOF
--- a/docker-openstack-client/.gitignore
+++ b/docker-openstack-client/.gitignore
@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/docker-openstack-client/Dockerfile
+++ b/docker-openstack-client/Dockerfile
@ -0,0 +1,19 @@
 FROM ubuntu:16.04
 # install packages
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install ubuntu-cloud-keyring \
    && apt-get -y update \
    && apt-get -y install \
        python-openstackclient \
    && apt-get -y clean
 # add bootstrap script and make it executable
 COPY admin-openrc.sh /root/admin-openrc.sh
 COPY demo-openrc.sh /root/demo-openrc.sh
--- a/docker-openstack-client/README.md
+++ b/docker-openstack-client/README.md
@ -0,0 +1,21 @@
 # ubuntu 16.04 openstack ocata neutron controler node
 ## How to build the docker image.
 ```
 docker  build . -t="hpc/neutroncontroller"
 ```
 ## How to bootstrap the service.
 Before we can take the container into service we need accounts in keystone.
 We also need an initial database. Both of these tasks are performed by the bootstrap script.
 ```
 docker run --rm --it --add-host="controller:<keystone_ip>" hpc/neutroncontroler /etc/bootstrap.sh
 ```
 ## How to run
 This image needs a lot of environment variables. It should be run via the `hpc-cloud` ansible repository.
 ## Notes
 This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
 The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.
--- a/docker-openstack-client/bootstrap.sh
+++ b/docker-openstack-client/bootstrap.sh
@ -0,0 +1,21 @@
 #!/bin/bash
 # Create admin-openrc.sh from secrets that are in the environment during bootstrap.
 cat << EOF > /root/admin-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=${OS_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 EOF
 # Create demo-openrc.sh
 cat << EOF > /root/demo-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=demo
 export OS_USERNAME=demo
 export OS_PASSWORD=${OS_DEMO_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 EOF
--- a/docker-openstack-client/demo-openrc.sh
+++ b/docker-openstack-client/demo-openrc.sh
@ -0,0 +1,13 @@
 #!/bin/bash
 # a admin-openrc.sh file
 KEYSTONE_HOST=keystone  # to be set via docker run --host option
 export OS_IDENTITY_API_VERSION=3
 export OS_USERNAME=demo
 export OS_PASSWORD=geheim
 export OS_TENANT_NAME=admin
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:5000/v3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=demo
 export OS_IMAGE_API_VERSION=2