Added merlin(federated) horizon.

Merge branch 'feature/federated-login-merlin' into merlin
Changed tab into spaces.
2018-08-09 13:20:02 +02:00 · 2018-08-09 12:09:58 +02:00 · 2018-08-09 12:05:40 +02:00 · 2018-08-09 12:05:40 +02:00 · 2018-08-08 15:43:03 +02:00 · 2018-07-25 11:56:07 +02:00
34 changed files with 1946 additions and 97 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -94,16 +94,6 @@ pipeline:
    tag: latest
    when:
      branch: master
  keystone_merlin:
    image: plugins/docker
    dockerfile: keystone/Dockerfile
    context: keystone
    secrets: [docker_username, docker_password]
    registry: registry.webhosting.rug.nl
    repo: registry.webhosting.rug.nl/hpc/openstack-keystone-merlin
    tag: latest
    when:
      branch: merlin
  horizon_merlin:
    image: plugins/docker
    dockerfile: horizon/Dockerfile
@@ -124,16 +114,6 @@ pipeline:
    tag: latest
    when:
      branch: merlin
  cinder_controller_merlin:
    image: plugins/docker
    dockerfile: cinder_controller/Dockerfile
    context: cinder_controller
    secrets: [docker_username, docker_password]
    registry: registry.webhosting.rug.nl
    repo: registry.webhosting.rug.nl/hpc/openstack-cinder-controller-merlin
    tag: latest
    when:
      branch: mwelin
  cinder_storage_merlin:
    image: plugins/docker
    dockerfile: cinder_storage/Dockerfile
@@ -164,16 +144,6 @@ pipeline:
    tag: latest
    when:
      branch: merlin
  heat_merlin:
    image: plugins/docker
    dockerfile: heat/Dockerfile
    context: heat
    secrets: [docker_username, docker_password]
    registry: registry.webhosting.rug.nl
    repo: registry.webhosting.rug.nl/hpc/openstack-heat-merlin
    tag: latest
    when:
      branch: merlin
  notify:
    image: drillster/drone-email
    host: smtp.rug.nl
--- a/cinder_controller/.gitignore
+++ b/cinder_controller/.gitignore
--- a/cinder_controller/run.sh
+++ b/cinder_controller/run.sh
@@ -7,7 +7,6 @@ cinder-scheduler -d &
 sleep 5
 apachectl -DFOREGROUND &
 tail -f /var/log/apache2/* &
 # If any process fails, kill the rest.
 # This ensures the container stops and systemd will restart it.
--- a/cinder_storage/.gitignore
+++ b/cinder_storage/.gitignore
@@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/cinder_storage/Dockerfile
+++ b/cinder_storage/Dockerfile
@@ -15,7 +15,8 @@ RUN set -x \
        python-openstackclient \
        python-oslo.cache \
        lvm2 \
-        tgt \
+	python-ceph \
        python-rbd \
    && apt-get -y clean
@@ -28,8 +29,6 @@ COPY bootstrap.sh /etc/bootstrap.sh
 COPY run.sh /etc/run.sh
 COPY lvm.conf /etc/lvm/lvm.conf
 RUN chown root.root /etc/bootstrap.sh && chmod a+x /etc/bootstrap.sh
 RUN chown root.root /etc/run.sh && chmod a+x /etc/run.sh
--- a/cinder_storage/bootstrap.sh
+++ b/cinder_storage/bootstrap.sh
@@ -22,6 +22,6 @@ source /root/admin-openrc.sh
 # create a LVM physical volume and volume group.
 # This device should be available tpo the container
-pvcreate $CINDER_STORAGE_VOLUME
+#pvcreate /dev/cinder_storage_volume
-vgcreate cinder-volumes $CINDER_STORAGE_VOLUME
+#vgcreate cinder-volumes /dev/cinder_storage_volume
--- a/cinder_storage/run.sh
+++ b/cinder_storage/run.sh
@@ -3,7 +3,9 @@
 # Write the config files
 /etc/write_conf.sh
 # start cinder processes.
-tgtd
+cinder-volume -d &
 sleep 5
 cinder-volume -d &
--- a/cinder_storage/write_conf.sh
+++ b/cinder_storage/write_conf.sh
@@ -9,11 +9,10 @@ cat << EOF > /etc/cinder/cinder.conf
 connection = mysql+pymysql://$CINDER_USER:$CINDER_PASSWORD@$MYSQL_HOST/cinder
 [DEFAULT]
 storage_availability_zone="$AVAILABILITY_ZONE"
 auth_strategy = keystone
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
 my_ip = $MY_IP
-enabled_backends = lvm
+enabled_backends = RBD-backend
 glance_api_servers = http://$GLANCE_HOST:9292
 [keystone_authtoken]
@@ -30,11 +29,12 @@ password = $CINDER_PASSWORD
 [oslo_concurrency]
 lock_path = /var/lib/cinder/tmp
-[lvm]
+[RBD-backend]
-volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
+volume_backend_name=RBD-backend
-volume_group = cinder-volumes
+rbd_pool=volumes
-iscsi_protocol = iscsi
+rbd_user=volumes
-iscsi_helper = tgtadm
+rbd_secret_uuid=d0db6ba7-a0c9-4da6-b0bc-aa7846325333
-volumes_dir = /var/lib/cinder/volumes
+volume_driver=cinder.volume.drivers.rbd.RBDDriver
 rbd_ceph_conf=/etc/ceph/ceph.conf
 EOF
--- a/glance/.gitignore
+++ b/glance/.gitignore
@@ -0,0 +1 @@
 build.sh
--- a/glance/Dockerfile
+++ b/glance/Dockerfile
@@ -14,6 +14,8 @@ RUN set -x \
        python-mysqldb \
        python-openstackclient \
        python-oslo.cache \
 	python-rbd \
 	python-ceph \
    && apt-get -y clean \
    && rm -f /var/lib/glance/glance.sqlite
--- a/glance/write_conf.sh
+++ b/glance/write_conf.sh
@@ -32,13 +32,14 @@ flavor = keystone
 [glance_store]
-stores = file,http
+stores = glance.store.rbd.Store
-default_store = file
+default_store = rbd
-filesystem_store_datadir = /var/lib/glance/images/
+rbd_store_pool = images
 rbd_store_user = images
 rbd_store_ceph_conf = /etc/ceph/ceph.conf
 EOF
 cat << EOF > /etc/glance/glance-registry.conf
 [DEFAULT]
@@ -49,9 +50,11 @@ rpc_backend = rabbit
 connection = mysql+pymysql://$GLANCE_USER:$GLANCE_PASSWORD@$MYSQL_HOST/glance
 [glance_store]
-stores = file,http
+stores = glance.store.rbd.Store
-default_store = file
+default_store = rbd
-filesystem_store_datadir = /var/lib/glance/images/
+rbd_store_pool = images
 rbd_store_user = images
 rbd_store_ceph_conf = /etc/ceph/ceph.conf
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
--- a/heat/.gitignore
+++ b/heat/.gitignore
@@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/horizon/.gitignore
+++ b/horizon/.gitignore
@@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/horizon/Dockerfile
+++ b/horizon/Dockerfile
@@ -16,20 +16,29 @@ RUN set -x \
                          python-openstackclient \
    && apt-get -y clean
-EXPOSE 80
+
 EXPOSE 80 443
 COPY openstack-dashboard.conf /etc/apache2/conf-available/openstack-dashboard.conf
 COPY local_settings.py /etc/openstack-dashboard/local_settings.py
 # Add a redirect to /keystone instead of the "It works! page"
 COPY 000-default.conf /etc/apache2/sites-available
 COPY run.sh /etc/run.sh
 RUN chown -R www-data: /var/lib/openstack-dashboard/
 RUN touch /var/log/horizon.log
 RUN chown www-data: /var/log/horizon.log
-RUN chown horizon: /var/lib/openstack-dashboard/secret_key
+RUN a2enmod ssl
 RUN a2enmod headers
 RUN a2enmod rewrite
-CMD apachectl -DFOREGROUND
+RUN  chown /var/lib/openstack-dashboard/secret_key horizon
 CMD /etc/run.sh
--- a/horizon/local_settings.py
+++ b/horizon/local_settings.py
@@ -37,7 +37,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 #EMAIL_HOST_PASSWORD = 'top-secret!'
 OPENSTACK_HOST = os.environ['KEYSTONE_HOST']
-OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
+OPENSTACK_KEYSTONE_URL = "https://%s:5000/v3" % OPENSTACK_HOST
 OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
@@ -266,7 +266,6 @@ TIME_ZONE = "UTC"
 #    ('default', 'Default', 'themes/default'),
 #    ('material', 'Material', 'themes/material'),
 #]
 LOGGING = {
    'version': 1,
    # When set to True this will disable all logging except
@@ -288,11 +287,12 @@ LOGGING = {
        },
        'console': {
            # Set the level to "DEBUG" for verbose output logging.
-            'level': 'INFO',
+            'level': 'DEBUG',
-            'class': 'logging.StreamHandler',
+            'class': 'logging.FileHandler',
            'filename': '/var/log/horizon.log',
        },
        'operation': {
-            'level': 'INFO',
+            'level': 'DEBUG',
            'class': 'logging.StreamHandler',
            'formatter': 'operation',
        },
@@ -516,3 +516,12 @@ ALLOWED_HOSTS = '*'
 COMPRESS_OFFLINE = True
 ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
 WEBSSO_ENABLED = True
 WEBSSO_CHOICES = (
      ("credentials", _("Keystone Credentials")),
      ("mapped", _("Security Assertion Markup Language"))
    )
 WEBSSO_INITIAL_CHOICE = "mapped"
--- a/horizon/openstack-dashboard.conf
+++ b/horizon/openstack-dashboard.conf
@@ -0,0 +1,35 @@
 <VirtualHost *:80>
    RedirectMatch    "^/$"  "/horizon"
    ServerName oscloudtest01.hpc.rug.nl
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 </VirtualHost>
 <VirtualHost *:443>
    RedirectMatch    "^/$"  "/horizon"
    ServerName oscloudtest01.hpc.rug.nl
    SSLEngine On
    SSLCertificateFile "/certs/oscloudtest01.hpc.rug.nl.crt"
    SSLCertificateKeyFile "/certs/oscloudtest01.hpc.rug.nl.key"
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    # HTTP Strict Transport Security (HSTS) enforces that all communications
    # with a server go over SSL. This mitigates the threat from attacks such
    # as SSL-Strip which replaces links on the wire, stripping away https prefixes
    # and potentially allowing an attacker to view confidential information on the
    # wire
    Header add Strict-Transport-Security "max-age=15768000"
    Alias /horizon/static /var/lib/openstack-dashboard/static/
    Alias /static /var/lib/openstack-dashboard/static/
    <Directory /var/lib/openstack-dashboard/static>
        Require all granted
    </Directory>
    WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi process-group=horizon
    WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 display-name=%{GROUP}
    WSGIProcessGroup horizon
 </VirtualHost>
--- a/horizon/run.sh
+++ b/horizon/run.sh
@@ -0,0 +1,6 @@
 #!/bin/bash
 #Making the console log console again...
 tail -f /var/log/horizon.log &
 apachectl -DFOREGROUND
--- a/keystone/.gitignore
+++ b/keystone/.gitignore
@@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/neutron_controller/.gitignore
+++ b/neutron_controller/.gitignore
@@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/neutron_controller/run.sh
+++ b/neutron_controller/run.sh
@@ -29,8 +29,15 @@ neutron-metadata-agent \
 --config-dir /etc/neutron/ \
 -v -d &
 sleep 3
 neutron-l3-agent \
 --config-file /etc/neutron/l3_agent.ini \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/metadata_agent.ini \
 --config-dir /etc/neutron/ \
 -v -d &
 # If any process fails, kill the rest.
-# This insures the container stops and systemd will restart it.
+# This ensures the container stops and systemd will restart it.
 wait -n
 pkill -P $$
--- a/neutron_controller/write_conf.sh
+++ b/neutron_controller/write_conf.sh
@@ -4,15 +4,16 @@
 # These are to be passed to the docker container using -e
 cat << EOF > /etc/neutron/neutron.conf
 [DEFAULT]
 core_plugin = ml2
-service_plugins =
+service_plugins = router
 allow_overlapping_ips = True
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
 auth_strategy = keystone
 notify_nova_on_port_status_changes = true
 notify_nova_on_port_data_changes = true
 dhcp_agents_per_network = 2
 global_physnet_mtu = $GLOBAL_PHYSNET_MTU
 [agent]
 root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
@@ -46,11 +47,10 @@ EOF
 cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
 [ml2]
-type_drivers = flat,vlan
+type_drivers = flat,vlan,vxlan
-tenant_network_types =
+tenant_network_types = vxlan
-mechanism_drivers = linuxbridge
+mechanism_drivers = linuxbridge,l2population
 extension_drivers = port_security
 path_mtu = $GLOBAL_PHYSNET_MTU
 [ml2_type_vlan]
 network_vlan_ranges = provider
@@ -58,25 +58,14 @@ network_vlan_ranges = provider
 [ml2_type_flat]
 flat_networks = provider
 [ml2_type_vxlan]
 vni_ranges = 1:1000
 [securitygroup]
 enable_ipset = true
 EOF
 cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 [linux_bridge]
 physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
 [vxlan]
 enable_vxlan = false
 [securitygroup]
 enable_security_group = true
 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
 EOF
 cat << EOF > /etc/neutron/metadata_agent.ini
 [DEFAULT]
@@ -84,3 +73,28 @@ nova_metadata_ip = $MY_IP
 metadata_proxy_shared_secret = $METADATA_SECRET
 EOF
 cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 [linux_bridge]
 physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
 [vxlan]
 enable_vxlan = True
 l2_population = True
 local_ip = $OVERLAY_IP
 [securitygroup]
 enable_security_group = true
 firewall_driver = iptables
 EOF
 cat << EOF > /etc/neutron/l3_agent.ini
 [DEFAULT]
 interface_driver = linuxbridge
 external_network_bridge =
 EOF
--- a/neutron_controller_ovs/Dockerfile
+++ b/neutron_controller_ovs/Dockerfile
@@ -0,0 +1,31 @@
 FROM ubuntu:16.04
 # install packages
 RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
 RUN set -x \
    && echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main" > /etc/apt/sources.list.d/ocata.list \
    && apt-get -y update \
    && apt-get -y install ubuntu-cloud-keyring \
    && apt-get -y update \
    && apt-get -y install \
        mysql-client \
        python-mysqldb \
        python-openstackclient \
        neutron-server \
        neutron-plugin-ml2 \
        neutron-linuxbridge-agent \
        neutron-l3-agent \
        neutron-metadata-agent \
    && apt-get -y clean
 # add bootstrap script and make it executable
 COPY bootstrap.sh /etc/bootstrap.sh
 # Workaround for vlan_transparent parameter set to None.
 COPY db_base_plugin_v2.py /usr/lib/python2.7/dist-packages/neutron/db/db_base_plugin_v2.py
 COPY run.sh /etc/run.sh
 COPY write_conf.sh /etc/write_conf.sh
 CMD ["/etc/run.sh"]
--- a/neutron_controller_ovs/README.md
+++ b/neutron_controller_ovs/README.md
@@ -0,0 +1,21 @@
 # ubuntu 16.04 openstack ocata neutron controler node
 ## How to build the docker image.
 ```
 docker  build . -t="hpc/neutroncontroller"
 ```
 ## How to bootstrap the service.
 Before we can take the container into service we need accounts in keystone.
 We also need an initial database. Both of these tasks are performed by the bootstrap script.
 ```
 docker run --rm --it --add-host="controller:<keystone_ip>" hpc/neutroncontroler /etc/bootstrap.sh
 ```
 ## How to run
 This image needs a lot of environment variables. It should be run via the `hpc-cloud` ansible repository.
 ## Notes
 This image is designed to be deployed from the [hpc-cloud repo](https://git.webhosting.rug.nl/HPC/hpc-cloud)
 The -p option is added to the run command to make the container accessible from (containers on ) other hosts than the container host.
--- a/neutron_controller_ovs/bootstrap.sh
+++ b/neutron_controller_ovs/bootstrap.sh
@@ -0,0 +1,76 @@
 #!/bin/bash
 #
 # This script sets up the openstack users and regions..
 # as well as the database for the nova controller.
 # This guide was used:
 # https://docs.openstack.org/ocata/install-guide-ubuntu/nova-controller-install.
 # Create admin-openrc.sh from secrets that are in the environment during bootstrap.
 cat << EOF > /root/admin-openrc.sh
 #!/bin/bash
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD=${OS_PASSWORD}
 export OS_AUTH_URL=http://${KEYSTONE_HOST}:35357/v3
 export OS_IDENTITY_API_VERSION=3
 export OS_PROJECT_DOMAIN_NAME=default
 export OS_USER_DOMAIN_NAME=default
 export OS_PROJECT_NAME=admin
 export OS_IMAGE_API_VERSION=2
 EOF
 source /root/admin-openrc.sh
 # create database for neutron.
 SQL_SCRIPT=/root/neutron.sql
 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" << EOF
 DROP DATABASE  IF EXISTS neutron;
 CREATE DATABASE neutron;
 GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
    IDENTIFIED BY "${NEUTRON_PASSWORD}";
 GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
    IDENTIFIED BY "${NEUTRON_PASSWORD}";
 EOF
 openstack user create "$NEUTRON_USER" --domain default --password "$NEUTRON_PASSWORD"
 openstack role add --project service --user neutron admin
 openstack service create --name neutron --description "OpenStack Networking" network
 # neutron endpoints
 openstack endpoint create --region RegionOne \
  network public http://$MY_IP:9696
 openstack endpoint create --region RegionOne \
  network internal http://$MY_IP:9696
 openstack endpoint create --region RegionOne \
  network admin http://$MY_IP:9696
 # population of the database requires complete server and plug-in configuration files.
 /etc/write_conf.sh
 # Ugly hacks to prevent the manage command from failing
 sed -i "/    op.drop_column('networks', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/liberty/contract/4ffceebfada_rbac_network.py
 sed -i "/    op.drop_column('subnets', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/liberty/contract/4ffceebfada_rbac_network.py
 sed -i "/    op.drop_column('qos_policies', 'shared')/ s/^#*/#/" /usr/lib/python2.7/dist-packages/neutron/db/migration/alembic_migrations/versions/mitaka/contract/c6c112992c9_rbac_qos_policy.py
 neutron-db-manage --config-file /etc/neutron/neutron.conf \
                  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
 # And now we drop the colums and constraints that the ORM fails to drop.
 mysql -uroot -p"$MYSQL_ROOT_PASSWORD" -h "$MYSQL_HOST" neutron << EOF
 ALTER TABLE networks DROP CONSTRAINT CONSTRAINT_2;
 alter table networks drop column shared;
 ALTER TABLE subnets DROP CONSTRAINT CONSTRAINT_2;
 ALTER TABLE subnets DROP COLUMN shared;
 ALTER TABLE qos_policies DROP CONSTRAINT CONSTRAINT_1;
 ALTER TABLE qos_policies drop column shared
 EOF
--- a/neutron_controller_ovs/db_base_plugin_v2.py
+++ b/neutron_controller_ovs/db_base_plugin_v2.py
--- a/neutron_controller_ovs/run.sh
+++ b/neutron_controller_ovs/run.sh
@@ -0,0 +1,43 @@
 #!/bin/bash
 # start neutron services
 /etc/write_conf.sh
 /usr/bin/neutron-server \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
 --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
 --config-file /etc/neutron/metadata_agent.ini \
 --config-dir /etc/neutron/ \
 -v -d &
 sleep 3
 /usr/bin/neutron-linuxbridge-agent \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
 --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
 --config-file /etc/neutron/metadata_agent.ini \
 --config-dir /etc/neutron/ \
 -v -d &
 sleep 3
 neutron-metadata-agent \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
 --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
 --config-file /etc/neutron/metadata_agent.ini \
 --config-dir /etc/neutron/ \
 -v -d &
 sleep 3
 neutron-l3-agent \
 --config-file /etc/neutron/l3_agent.ini \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/metadata_agent.ini \
 --config-dir /etc/neutron/ \
 -v -d &
 # If any process fails, kill the rest.
 # This ensures the container stops and systemd will restart it.
 wait -n
 pkill -P $$
--- a/neutron_controller_ovs/write_conf.sh
+++ b/neutron_controller_ovs/write_conf.sh
@@ -0,0 +1,100 @@
 #!/bin/bash
 #
 # Generate config files from environments values.
 # These are to be passed to the docker container using -e
 cat << EOF > /etc/neutron/neutron.conf
 [DEFAULT]
 core_plugin = ml2
 service_plugins = router
 allow_overlapping_ips = True
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$MY_IP
 auth_strategy = keystone
 notify_nova_on_port_status_changes = true
 notify_nova_on_port_data_changes = true
 dhcp_agents_per_network = 2
 [agent]
 root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
 [database]
 connection = mysql+pymysql://$NEUTRON_USER:$NEUTRON_PASSWORD@mariadb/neutron
 [keystone_authtoken]
 auth_uri = http://$KEYSTONE_HOST:5000
 auth_url = http://$KEYSTONE_HOST:35357
 memcached_servers = $MEMCACHED_HOST:11211
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 project_name = service
 username = $NEUTRON_USER
 password = $NEUTRON_PASSWORD
 [nova]
 auth_url = http://$KEYSTONE_HOST:35357
 auth_type = password
 project_domain_name = Default
 user_domain_name = Default
 region_name = RegionOne
 project_name = service
 username = $NOVA_USER
 password = $NOVA_PASSWORD
 EOF
 cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
 [ml2]
 type_drivers = flat,vlan,vxlan
 tenant_network_types = vxlan
 mechanism_drivers = linuxbridge,l2population
 extension_drivers = port_security
 [ml2_type_vlan]
 network_vlan_ranges = provider
 [ml2_type_flat]
 flat_networks = provider
 [ml2_type_vxlan]
 vni_ranges = 1:1000
 [securitygroup]
 enable_ipset = true
 EOF
 cat << EOF > /etc/neutron/metadata_agent.ini
 [DEFAULT]
 nova_metadata_ip = $MY_IP
 metadata_proxy_shared_secret = $METADATA_SECRET
 EOF
 cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 [linux_bridge]
 physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
 [vxlan]
 enable_vxlan = True
 l2_population = True
 local_ip = $OVERLAY_IP
 [securitygroup]
 enable_security_group = true
 firewall_driver = iptables
 EOF
 cat << EOF > /etc/neutron/l3_agent.ini
 [DEFAULT]
 interface_driver = linuxbridge
 external_network_bridge =
 EOF
--- a/nova_compute/.drone.yml
+++ b/nova_compute/.drone.yml
@@ -0,0 +1,26 @@
 ---
 pipeline:
  docker:
    image: plugins/docker
    secrets: [docker_username, docker_password]
    registry: registry.webhosting.rug.nl
    repo: registry.webhosting.rug.nl/hpc/openstack-nova-compute
    tag: latest
  notify:
    image: drillster/drone-email
    host: smtp.rug.nl
    port: 25
    skip_verify: true
    from: drone@webhosting.rug.nl
    recipients: [e.m.a.rijpkema@rug.nl]
    recipients: [e.m.a.rijpkema@rug.nl, w.k.nap@rug.nl]
    recipients_only: true
    when:
      status: [success, changed, failure]
 #  slack:
 #    image: plugins/slack
 #    webhook:
 #    channel: docker
 #    when:
 #      branch: [master, merlin]
 #      status: [success, failure]
--- a/nova_compute/Dockerfile
+++ b/nova_compute/Dockerfile
@@ -12,12 +12,16 @@ RUN set -x \
        python-openstackclient \
        nova-compute \
        neutron-linuxbridge-agent \
        neutron-l3-agent \
        neutron-dhcp-agent \
        neutron-metadata-agent \
        python-ceph \
        python-rbd \
        ceph-common \ 
    && apt-get -y clean
 COPY write_conf.sh /etc/write_conf.sh
 COPY run.sh /etc/run.sh
-RUN echo hoi
+
 CMD ["/etc/run.sh"]
--- a/nova_compute/run.sh
+++ b/nova_compute/run.sh
@@ -27,6 +27,7 @@ neutron-metadata-agent \
 --config-dir /etc/neutron/ \
 -v -d &
 # If any process fails, kill the rest.
 # This ensures the container stops and systemd will restart it.
--- a/nova_compute/write_conf.sh
+++ b/nova_compute/write_conf.sh
@@ -36,6 +36,7 @@ firewall_driver = nova.virt.firewall.NoopFirewallDriver
 scheduler_default_filters = AllHostsFilter
 allow_migrate_to_same_host = True
 allow_resize_to_same_host = True
 security_group_api=neutron
 [neutron]
@@ -121,7 +122,12 @@ allow_migrate_to_same_host = True
 allow_resize_to_same_host = True
 [libvirt]
-virt_type=kvm
+virt_type = kvm
 images_type = rbd
 images_rbd_pool = compute
 images_rbd_ceph_conf = /etc/ceph/ceph.conf
 rbd_user = compute
 rbd_secret_uuid = d0db6ba7-a0c9-4da6-b0bc-aa7846325333
 [vnc]
 enabled = True
@@ -189,6 +195,8 @@ EOF
 cat << EOF > /etc/neutron/neutron.conf
 [DEFAULT]
 service_plugins = router
 allow_overlapping_ips = True
 transport_url = rabbit://$RABBIT_USER:$RABBIT_PASSWORD@$RABBIT_HOST
 auth_strategy = keystone
 core_plugin = ml2
@@ -217,17 +225,12 @@ password = $NOVA_PASSWORD
 EOF
 cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
-[linux_bridge]
+cat << EOF > /etc/neutron/l3_agent.ini
 physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
-[vxlan]
+[DEFAULT]
-enable_vxlan = false
+interface_driver = linuxbridge
-
+external_network_bridge =
 [securitygroup]
 enable_security_group = true
 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
 EOF
@@ -251,11 +254,10 @@ EOF
 cat << EOF > /etc/neutron/plugins/ml2/ml2_conf.ini
 [ml2]
-type_drivers = flat,vlan
+type_drivers = flat,vlan,vxlan
-tenant_network_types =
+tenant_network_types = vxlan
-mechanism_drivers = linuxbridge
+mechanism_drivers = linuxbridge,l2population
 extension_drivers = port_security
 path_mtu = $GLOBAL_PHYSNET_MTU
 [ml2_type_vlan]
 network_vlan_ranges = provider
@@ -263,7 +265,52 @@ network_vlan_ranges = provider
 [ml2_type_flat]
 flat_networks = provider
 [ml2_type_vxlan]
 vni_ranges = 1:100
 [securitygroup]
 enable_ipset = true
 EOF
 cat << EOF > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 [linux_bridge]
 physical_interface_mappings = $PHYSICAL_INTERFACE_MAPPINGS
 [securitygroup]
 enable_security_group = true
 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
 [vxlan]
 enable_vxlan = True
 l2_population = True
 local_ip = $OVERLAY_IP
 EOF
 if [ $USE_CEPH = true ]
    then cat << EOF > /etc/ceph/ceph.conf
 [global]
 fsid = $FSID
 mon_initial_members = $MON_INITIAL_MEMBERS
 mon_host = $MON_HOST
 auth_cluster_required = cephx
 auth_service_required = cephx
 auth_client_required = cephx
 # Your network address
 public network = $PUBLIC_NETWORK
 osd pool default size = $OSD_POOL_DEFAULT_SIZE
 [client.compute]
 keyring = /etc/ceph/ceph.client.compute.keyring
 EOF
 cat << EOF > /etc/neutron/l3_agent.ini
 [DEFAULT]
 interface_driver = linuxbridge
 external_network_bridge =
 EOF
--- a/nova_service/.gitignore
+++ b/nova_service/.gitignore
@@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
--- a/nova_service/write_conf.sh
+++ b/nova_service/write_conf.sh
@@ -20,7 +20,7 @@ allow_migrate_to_same_host = True
 allow_resize_to_same_host = True
 firewall_driver = nova.virt.firewall.NoopFirewallDriver
 enabled_apis=osapi_compute,metadata
-cpu_allocation_ratio = 4
+security_group_api=neutron
 [neutron]
 url = http://$NEUTRON_CONTROLLER_HOST:9696
--- a/openstack_client/.gitignore
+++ b/openstack_client/.gitignore
@@ -0,0 +1,8 @@
 # ---> Vim
 [._]*.s[a-w][a-z]
 [._]s[a-w][a-z]
 *.un~
 Session.vim
 .netrwhist
 *~
Author	SHA1	Message	Date
Egon Rijpkema	2e372f3b78	Added merlin(federated) horizon.	2018-08-09 13:20:02 +02:00
Egon Rijpkema	8acb4813a1	Merge branch 'feature/federated-login-merlin' into merlin	2018-08-09 12:09:58 +02:00
Egon Rijpkema	776ce0b2d9	Changed tab into spaces.	2018-08-09 12:05:40 +02:00
Egon Rijpkema	b1de9e17e5	Changes for a federated dashboard.	2018-08-09 12:05:40 +02:00
Wim Nap	149590eb35	some changes to nova-compute docker	2018-08-08 15:43:03 +02:00
Wim Nap	4b13a2863a	change in nova.conf to make changes to default security group	2018-07-25 11:56:07 +02:00
Egon Rijpkema	2133462f17	Enableling router	2018-07-23 15:50:57 +02:00
Egon Rijpkema	5fdccce28b	Took some config from master branch, i whink we need....	2018-07-23 14:28:51 +02:00
Egon Rijpkema	216a954996	Revert "changed vxlan settings neutron-controller nova-compute" This reverts commit `7ecc7154a5`.	2018-07-19 10:32:01 +02:00
Wim Nap	7ecc7154a5	changed vxlan settings neutron-controller nova-compute	2018-07-16 15:42:51 +02:00
Egon Rijpkema	2fc520a2ab	Move the l3 agent to the neutron_controller	2018-07-16 14:16:45 +02:00
Egon Rijpkema	e1c49aca56	make ceph variable	2018-06-20 16:00:13 +02:00
Egon Rijpkema	046e1a59d9	Using cinder user.	2018-05-04 14:06:24 +02:00
Wim Nap	4cce6b0485	add ceph-common to Dockerfile	2018-05-04 14:04:33 +02:00
Wim Nap	95c202133e	changed rbd settings	2018-05-03 17:05:59 +02:00
Wim Nap	5c264bd448	changed rabbitmq host	2018-05-01 14:24:30 +02:00
Egon Rijpkema	f7c3d56cbf	added merlin builds	2018-04-24 09:53:30 +02:00
Egon Rijpkema	94113b8c25	Trying to adhere to python naming convention.	2018-04-23 15:55:16 +02:00
Egon Rijpkema	90a67e531d	Docker in name is no longer needed	2018-04-23 15:35:37 +02:00
Egon Rijpkema	791595dcdf	All changes in the merlin branches.	2018-04-23 15:07:18 +02:00