Added merlin(federated) horizon.

This reverts commit 7ecc7154a5.

.drone.yml

@@ -0,0 +1,164 @@
+---
+# When the issue below is resolved, we can build the
+# image that was actually changed.
+# https://github.com/drone/drone/issues/1021
+
+pipeline:
+  cinder_controller:
+    image: plugins/docker
+    dockerfile: cinder_controller/Dockerfile
+    context: cinder_controller
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-cinder-controller
+    tag: latest
+    when:
+      branch: master
+  cinder_storage:
+    image: plugins/docker
+    dockerfile: cinder_storage/Dockerfile
+    context: cinder_storage
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-cinder-storage
+    tag: latest
+    when:
+      branch: master
+  glance:
+    image: plugins/docker
+    dockerfile: glance/Dockerfile
+    context: glance
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-glance
+    tag: latest
+    when:
+      branch: master
+  heat:
+    image: plugins/docker
+    dockerfile: heat/Dockerfile
+    context: heat
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-heat
+    tag: latest
+    when:
+      branch: master
+  horizon:
+    image: plugins/docker
+    dockerfile: horizon/Dockerfile
+    context: horizon
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-horizon
+    tag: latest
+    when:
+      branch: master
+  keystone:
+    image: plugins/docker
+    dockerfile: keystone/Dockerfile
+    context: keystone
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-keystone
+    tag: latest
+    when:
+      branch: master
+  neutron_controller:
+    image: plugins/docker
+    dockerfile: neutron_controller/Dockerfile
+    context: neutron_controller
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-neutron-controller
+    tag: latest
+    when:
+      branch: master
+  nova_service:
+    image: plugins/docker
+    dockerfile: nova_service/Dockerfile
+    context: nova_service
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-nova-service
+    tag: latest
+    when:
+      branch: master
+  nova_compute:
+    image: plugins/docker
+    dockerfile: nova_compute/Dockerfile
+    context: nova_compute
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-nova-compute
+    tag: latest
+    when:
+      branch: master
+  horizon_merlin:
+    image: plugins/docker
+    dockerfile: horizon/Dockerfile
+    context: horizon
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-horizon-merlin
+    tag: latest
+    when:
+      branch: merlin
+  neutron_controller_merlin:
+    image: plugins/docker
+    dockerfile: neutron_controller/Dockerfile
+    context: neutron_controller
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-neutron-controller-merlin
+    tag: latest
+    when:
+      branch: merlin
+  cinder_storage_merlin:
+    image: plugins/docker
+    dockerfile: cinder_storage/Dockerfile
+    context: cinder_storage
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-cinder-storage-merlin
+    tag: latest
+    when:
+      branch: merlin
+  nova_compute_merlin:
+    image: plugins/docker
+    dockerfile: nova_compute/Dockerfile
+    context: nova_compute
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-nova-compute-merlin
+    tag: latest
+    when:
+      branch: merlin
+  glance_merlin:
+    image: plugins/docker
+    dockerfile: glance/Dockerfile
+    context: glance
+    secrets: [docker_username, docker_password]
+    registry: registry.webhosting.rug.nl
+    repo: registry.webhosting.rug.nl/hpc/openstack-glance-merlin
+    tag: latest
+    when:
+      branch: merlin
+  notify:
+    image: drillster/drone-email
+    host: smtp.rug.nl
+    port: 25
+    skip_verify: true
+    from: drone@webhosting.rug.nl
+    # recipients: [e.m.a.rijpkema@rug.nl, w.k.nap@rug.nl]
+    recipients: [e.m.a.rijpkema@rug.nl]
+    recipients_only: true
+    when:
+      status: [success, changed, failure]
+#  slack:
+#    image: plugins/slack
+#    webhook:
+#    channel: docker
+#    when:
+#      branch: [master, merlin]
+#      status: [success, failure]

cinder_storage/write_conf.sh

@@ -10,7 +10,7 @@ connection = mysql+pymysql://$CINDER_USER:$CINDER_PASSWORD@$MYSQL_HOST/cinder
 
 [DEFAULT]
 auth_strategy = keystone
-transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
+transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
 my_ip = $MY_IP
 enabled_backends = RBD-backend
 glance_api_servers = http://$GLANCE_HOST:9292

horizon/Dockerfile

@@ -16,20 +16,29 @@ RUN set -x \
                           python-openstackclient \
     && apt-get -y clean
 
-EXPOSE 80
+
+EXPOSE 80 443
+
+COPY openstack-dashboard.conf /etc/apache2/conf-available/openstack-dashboard.conf
 
 COPY local_settings.py /etc/openstack-dashboard/local_settings.py
 
 # Add a redirect to /keystone instead of the "It works! page"
 COPY 000-default.conf /etc/apache2/sites-available
 
+COPY run.sh /etc/run.sh
+
 RUN chown -R www-data: /var/lib/openstack-dashboard/
 
 RUN touch /var/log/horizon.log
 
 RUN chown www-data: /var/log/horizon.log
 
-RUN chown horizon: /var/lib/openstack-dashboard/secret_key
+RUN a2enmod ssl
+RUN a2enmod headers
+RUN a2enmod rewrite
 
-CMD apachectl -DFOREGROUND
+RUN  chown /var/lib/openstack-dashboard/secret_key horizon
+
+CMD /etc/run.sh
 

horizon/local_settings.py

@@ -37,7 +37,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 #EMAIL_HOST_PASSWORD = 'top-secret!'
 
 OPENSTACK_HOST = os.environ['KEYSTONE_HOST']
-OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
+OPENSTACK_KEYSTONE_URL = "https://%s:5000/v3" % OPENSTACK_HOST
 OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
 
 
@@ -100,7 +100,7 @@ OPENSTACK_CINDER_FEATURES = {
 # services provided by neutron. Options currently available are load
 # balancer service, security groups, quotas, VPN service.
 OPENSTACK_NEUTRON_NETWORK = {
-    'enable_router': False,
+    'enable_router': True,
     'enable_quotas': False,
     'enable_ipv6': False,
     'enable_distributed_router': False,
@@ -266,7 +266,6 @@ TIME_ZONE = "UTC"
 #    ('default', 'Default', 'themes/default'),
 #    ('material', 'Material', 'themes/material'),
 #]
-
 LOGGING = {
     'version': 1,
     # When set to True this will disable all logging except
@@ -288,11 +287,12 @@ LOGGING = {
         },
         'console': {
             # Set the level to "DEBUG" for verbose output logging.
-            'level': 'INFO',
-            'class': 'logging.StreamHandler',
+            'level': 'DEBUG',
+            'class': 'logging.FileHandler',
+            'filename': '/var/log/horizon.log',
         },
         'operation': {
-            'level': 'INFO',
+            'level': 'DEBUG',
             'class': 'logging.StreamHandler',
             'formatter': 'operation',
         },
@@ -516,3 +516,12 @@ ALLOWED_HOSTS = '*'
 COMPRESS_OFFLINE = True
 
 ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
+
+WEBSSO_ENABLED = True
+
+WEBSSO_CHOICES = (
+      ("credentials", _("Keystone Credentials")),
+      ("mapped", _("Security Assertion Markup Language"))
+    )
+
+WEBSSO_INITIAL_CHOICE = "mapped"

horizon/openstack-dashboard.conf

@@ -0,0 +1,35 @@
+<VirtualHost *:80>
+    RedirectMatch    "^/$"  "/horizon"
+    ServerName oscloudtest01.hpc.rug.nl
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+<VirtualHost *:443>
+    RedirectMatch    "^/$"  "/horizon"
+    ServerName oscloudtest01.hpc.rug.nl
+
+    SSLEngine On
+    SSLCertificateFile "/certs/oscloudtest01.hpc.rug.nl.crt"
+    SSLCertificateKeyFile "/certs/oscloudtest01.hpc.rug.nl.key"
+    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+
+    # HTTP Strict Transport Security (HSTS) enforces that all communications
+    # with a server go over SSL. This mitigates the threat from attacks such
+    # as SSL-Strip which replaces links on the wire, stripping away https prefixes
+    # and potentially allowing an attacker to view confidential information on the
+    # wire
+    Header add Strict-Transport-Security "max-age=15768000"
+
+    Alias /horizon/static /var/lib/openstack-dashboard/static/
+    Alias /static /var/lib/openstack-dashboard/static/
+
+    <Directory /var/lib/openstack-dashboard/static>
+        Require all granted
+    </Directory>
+
+    WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi process-group=horizon
+    WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 display-name=%{GROUP}
+    WSGIProcessGroup horizon
+</VirtualHost>
+

horizon/run.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+#Making the console log console again...
+tail -f /var/log/horizon.log &
+
+apachectl -DFOREGROUND

neutron_controller/run.sh

@@ -29,6 +29,13 @@ neutron-metadata-agent \
 --config-dir /etc/neutron/ \
 -v -d &
 
+sleep 3
+neutron-l3-agent \
+--config-file /etc/neutron/l3_agent.ini \
+--config-file /etc/neutron/neutron.conf \
+--config-file /etc/neutron/metadata_agent.ini \
+--config-dir /etc/neutron/ \
+-v -d &
 # If any process fails, kill the rest.
 # This ensures the container stops and systemd will restart it.
 

neutron_controller/write_conf.sh

@@ -74,13 +74,6 @@ metadata_proxy_shared_secret = $METADATA_SECRET
 
 EOF
 
-cat << EOF > /etc/neutron/l3_agent.ini
-
-[DEFAULT]
-interface_driver = linuxbridge
-external_network_bridge =
-
-EOF
 
 cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 

neutron_controller_ovs/Dockerfile

@@ -0,0 +1,31 @@
+FROM ubuntu:16.04
+# install packages
+
+RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
+
+RUN set -x \
+    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
+    && apt-get -y update \
+    && apt-get -y install ubuntu-cloud-keyring \
+    && apt-get -y update \
+    && apt-get -y install \
+        mysql-client \
+        python-mysqldb \
+        python-openstackclient \
+        neutron-server \
+        neutron-plugin-ml2 \
+        neutron-linuxbridge-agent \
+        neutron-l3-agent \
+        neutron-metadata-agent \
+    && apt-get -y clean
+
+# add bootstrap script and make it executable
+COPY bootstrap.sh /etc/bootstrap.sh
+
+# Workaround for vlan_transparent parameter set to None.
+COPY db_base_plugin_v2.py /usr/lib/python2.7/dist-packages/neutron/db/db_base_plugin_v2.py
+
+COPY run.sh /etc/run.sh
+COPY write_conf.sh /etc/write_conf.sh
+
+CMD ["/etc/run.sh"]

neutron_controller_ovs/bootstrap.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+#
+# This script sets up the openstack users and regions..
+# as well as the database for the nova controller.
+# This guide was used:
+# https://docs.openstack.org/ocata/install-guide-ubuntu/nova-controller-install.
+
+# Create admin-openrc.sh from secrets that are in the environment during bootstrap.
+cat << EOF > /root/admin-openrc.sh
+#!/bin/bash
+export OS_TENANT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=${OS_PASSWORD}
+export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_IMAGE_API_VERSION=2
+
+EOF
+
+source /root/admin-openrc.sh
+
+# create database for neutron.
+SQL_SCRIPT=/root/neutron.sql
+mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
+DROP DATABASE  IF EXISTS neutron;
+CREATE DATABASE neutron;
+
+GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
+    IDENTIFIED BY "${NEUTRON_PASSWORD}";
+
+GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
+    IDENTIFIED BY "${NEUTRON_PASSWORD}";
+EOF
+
+openstack user create "$NEUTRON_USER" --domain default --password "$NEUTRON_PASSWORD"
+openstack role add --project service --user neutron admin
+openstack service create --name neutron --description "OpenStack Networking" network
+
+# neutron endpoints
+openstack endpoint create --region RegionOne \
+  network public http://$MY_IP:9696
+
+openstack endpoint create --region RegionOne \
+  network internal http://$MY_IP:9696
+
+openstack endpoint create --region RegionOne \
+  network admin http://$MY_IP:9696
+
+# population of the database requires complete server and plug-in configuration files.
+/etc/write_conf.sh
+
+# Ugly hacks to prevent the manage command from failing
+sed -i "/    op.drop_column('networks', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/liberty/contract/4ffceebfada_rbac_network.py
+sed -i "/    op.drop_column('subnets', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/liberty/contract/4ffceebfada_rbac_network.py
+sed -i "/    op.drop_column('qos_policies', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/mitaka/contract/c6c112992c9_rbac_qos_policy.py
+
+neutron-db-manage --config-file /etc/neutron/neutron.conf \
+                  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
+
+# And now we drop the colums and constraints that the ORM fails to drop.
+mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" neutron << EOF
+
+ALTER TABLE networks DROP CONSTRAINT CONSTRAINT_2;
+alter table networks drop column shared;
+
+ALTER TABLE subnets DROP CONSTRAINT CONSTRAINT_2;
+ALTER TABLE subnets DROP COLUMN shared;
+
+ALTER TABLE qos_policies DROP CONSTRAINT CONSTRAINT_1;
+ALTER TABLE qos_policies drop column shared
+
+EOF

neutron_controller_ovs/run.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+# start neutron services
+
+/etc/write_conf.sh
+
+/usr/bin/neutron-server \
+--config-file /etc/neutron/neutron.conf \
+--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
+--config-file /etc/neutron/metadata_agent.ini \
+--config-dir /etc/neutron/ \
+-v -d &
+
+sleep 3
+/usr/bin/neutron-linuxbridge-agent \
+--config-file /etc/neutron/neutron.conf \
+--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
+--config-file /etc/neutron/metadata_agent.ini \
+--config-dir /etc/neutron/ \
+-v -d &
+
+sleep 3
+neutron-metadata-agent \
+--config-file /etc/neutron/neutron.conf \
+--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+--config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
+--config-file /etc/neutron/metadata_agent.ini \
+--config-dir /etc/neutron/ \
+-v -d &
+
+sleep 3
+neutron-l3-agent \
+--config-file /etc/neutron/l3_agent.ini \
+--config-file /etc/neutron/neutron.conf \
+--config-file /etc/neutron/metadata_agent.ini \
+--config-dir /etc/neutron/ \
+-v -d &
+# If any process fails, kill the rest.
+# This ensures the container stops and systemd will restart it.
+
+wait -n
+pkill -P $$

neutron_controller_ovs/write_conf.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+#
+# Generate config files from environments values.
+# These are to be passed to the docker container using -e
+
+cat << EOF > /etc/neutron/neutron.conf
+
+[DEFAULT]
+core_plugin = ml2
+service_plugins = router
+allow_overlapping_ips = True
+transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
+auth_strategy = keystone
+notify_nova_on_port_status_changes = true
+notify_nova_on_port_data_changes = true
+dhcp_agents_per_network = 2
+
+[agent]
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+
+[database]
+connection = mysql+pymysql://$NEUTRON_USER:$NEUTRON_PASSWORD@mariadb/neutron
+
+[keystone_authtoken]
+auth_uri = http://$KEYSTONE_HOST:5000
+auth_url = http://$KEYSTONE_HOST:35357
+memcached_servers = $MEMCACHED_HOST:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = $NEUTRON_USER
+password = $NEUTRON_PASSWORD
+
+[nova]
+auth_url = http://$KEYSTONE_HOST:35357
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+region_name = RegionOne
+project_name = service
+username = $NOVA_USER
+password = $NOVA_PASSWORD
+
+EOF
+
+cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
+
+[ml2]
+type_drivers = flat,vlan,vxlan
+tenant_network_types = vxlan
+mechanism_drivers = linuxbridge,l2population
+extension_drivers = port_security
+
+[ml2_type_vlan]
+network_vlan_ranges = provider
+
+[ml2_type_flat]
+flat_networks = provider
+
+[ml2_type_vxlan]
+vni_ranges = 1:1000
+
+[securitygroup]
+enable_ipset = true
+
+EOF
+
+cat << EOF > /etc/neutron/metadata_agent.ini
+
+[DEFAULT]
+nova_metadata_ip = $MY_IP
+metadata_proxy_shared_secret = $METADATA_SECRET
+
+EOF
+
+
+cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
+
+[linux_bridge]
+physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
+
+[vxlan]
+enable_vxlan = True
+l2_population = True
+local_ip = $OVERLAY_IP
+
+[securitygroup]
+enable_security_group = true
+firewall_driver = iptables
+
+EOF
+
+cat << EOF > /etc/neutron/l3_agent.ini
+
+[DEFAULT]
+interface_driver = linuxbridge
+external_network_bridge =
+
+EOF

nova_compute/Dockerfile

@@ -12,11 +12,12 @@ RUN set -x \
         python-openstackclient \
         nova-compute \
         neutron-linuxbridge-agent \
-	neutron-l3-agent \
+        neutron-l3-agent \
         neutron-dhcp-agent \
         neutron-metadata-agent \
         python-ceph \
         python-rbd \
+        ceph-common \ 
     && apt-get -y clean
 
 COPY write_conf.sh /etc/write_conf.sh

nova_compute/run.sh

@@ -27,13 +27,6 @@ neutron-metadata-agent \
 --config-dir /etc/neutron/ \
 -v -d &
 
-sleep 3
-neutron-l3-agent \
---config-file /etc/neutron/l3_agent.ini \
---config-file /etc/neutron/neutron.conf \
---config-file /etc/neutron/metadata_agent.ini \
---config-dir /etc/neutron/ \
--v -d &
 
 # If any process fails, kill the rest.
 # This ensures the container stops and systemd will restart it.

nova_compute/write_conf.sh

@@ -36,6 +36,7 @@ firewall_driver = nova.virt.firewall.NoopFirewallDriver
 scheduler_default_filters = AllHostsFilter
 allow_migrate_to_same_host = True
 allow_resize_to_same_host = True
+security_group_api=neutron
 
 
 [neutron]
@@ -123,10 +124,10 @@ allow_resize_to_same_host = True
 [libvirt]
 virt_type = kvm
 images_type = rbd
-images_rbd_pool = vms
+images_rbd_pool = compute
 images_rbd_ceph_conf = /etc/ceph/ceph.conf
-rbd_user = nova
-rbd_secret_uuid = b5044271-1918-4070-822c-f19ed14d7494
+rbd_user = compute
+rbd_secret_uuid = d0db6ba7-a0c9-4da6-b0bc-aa7846325333
 
 [vnc]
 enabled = True
@@ -199,6 +200,7 @@ allow_overlapping_ips = True
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
 auth_strategy = keystone
 core_plugin = ml2
+global_physnet_mtu = $GLOBAL_PHYSNET_MTU
 
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
@@ -273,9 +275,42 @@ EOF
 
 cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 
+[linux_bridge]
+physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
+
+[securitygroup]
+enable_security_group = true
+firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+
 [vxlan]
 enable_vxlan = True
 l2_population = True
 local_ip = $OVERLAY_IP
 
 EOF
+
+if [ $USE_CEPH = true ]
+    then cat << EOF > /etc/ceph/ceph.conf
+[global]
+fsid = $FSID
+mon_initial_members = $MON_INITIAL_MEMBERS
+mon_host = $MON_HOST
+auth_cluster_required = cephx
+auth_service_required = cephx
+auth_client_required = cephx
+
+# Your network address
+public network = $PUBLIC_NETWORK
+osd pool default size = $OSD_POOL_DEFAULT_SIZE
+
+[client.compute]
+keyring = /etc/ceph/ceph.client.compute.keyring
+EOF
+
+cat << EOF > /etc/neutron/l3_agent.ini
+
+[DEFAULT]
+interface_driver = linuxbridge
+external_network_bridge =
+
+EOF

nova_service/write_conf.sh

@@ -20,6 +20,7 @@ allow_migrate_to_same_host = True
 allow_resize_to_same_host = True
 firewall_driver = nova.virt.firewall.NoopFirewallDriver
 enabled_apis=osapi_compute,metadata
+security_group_api=neutron
 
 [neutron]
 url = http://$NEUTRON_CONTROLLER_HOST:9696

openstack_client/README.md

@@ -0,0 +1,21 @@
+# ubuntu 16.04 openstack ocata neutron controler node
+
+## How to build the docker image.
+```
+docker  build . -t="hpc/neutroncontroller"
+```
+
+## How to bootstrap the service.
+Before we can take the container into service we need accounts in keystone.
+We also need an initial database. Both of these tasks are performed by the bootstrap script.
+```
+docker run --rm --it --add-host="controller:<keystone_ip>" hpc/neutroncontroler /etc/bootstrap.sh
+```
+
+## How to run
+This image needs a lot of environment variables. It should be run via the `hpc-cloud` ansible repository.
+
+
+## Notes
+This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
+The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.