def get_addr_for(inv, pourpose, service=None, component=None, net_attr=None):
# TODO: in strict validate mode check is the configured net
# realy ment for the pourpose
fallback_mode = []
# if service:
# if net_attr in service:
# return address_return(pourpose, inv['networks'][service[net_attr]]['addresses'])
# if 'component' in service:
# component = service['component']
# if component: # broken
# if net_attr in component:
# return address_return(pourpose, inv['networks'][component[net_attr]]['addresses'])
glob_net_def = conf.get_global_nets()
addresses = address_with_porpouse(inv, glob_net_def, pourpose)
if addresses:
return address_return(pourpose, addresses)
fallback_mode = conf.get_global_config().get('allow_address_fallback', [])
if fallback_mode and THIS_NODE_INV is not inv:
if 'sshed_address' in fallback_mode:
ssh_address = inv['ssh_address']
if is_ipaddr(ssh_address):
return ssh_address
raise NotImplementedError(
'other mode not implemented for non local usage')
for t in fallback_mode:
try:
address = resolve_pseuodo_local(t)
return address
except Exception as e:
LOG.debug(e)
raise NotImplementedError('No more way to get address')
def src_fetch(self):
if self.deploy_source == 'src':
gconf = conf.get_global_config()
need_git = gconf.get(
'use_git', True) # switch these if you do have good image
if need_git: # TODO: add more repo types
gitutils.process_component_repo(self)
def etc_nova_nova_conf(self):
# NOTE! mariadb.db_url not required on compute when the use_conductur is False
gconf = conf.get_global_config()
pv = conf.get_vip('public')['domain_name']
neutron_section = self.keystone.authtoken_section('neutron_for_nova')
neutron_section.update({
'service_metadata_proxy':
True,
'metadata_proxy_shared_secret':
util.get_keymgr()([self, self.networking], 'neutron_nova_metadata')
}) # add dual suffix
if util.get_keymanager().has_creds(self.keystone.name,
'placement@default'):
placement_section = self.keystone.authtoken_section('placement')
else:
placement_section = {}
# TODO: exclude sql on compute
return {
'DEFAULT': {
'debug': True,
'transport_url': self.messaging.transport_url(),
'compute_driver': 'libvirt.LibvirtDriver',
'use_neutron': True,
'firewall_driver': "nova.virt.firewall.NoopFirewallDriver",
'security_group_api': "neutron",
'log_dir': '/var/log/nova',
'default_floating_pool': "public", # ext net needs to match
'state_path': '/var/lib/nova',
},
'keystone_authtoken': self.keystone.authtoken_section('nova'),
'placement': placement_section,
'database': {
'connection': self.sql.db_url('nova')
},
'api_database': {
'connection': self.sql.db_url('nova_api', 'nova')
},
'glance': {
'api_servers': 'http://' + pv + ':9292'
},
'scheduler': {
'discover_hosts_in_cells_interval': '300'
},
'neutron': neutron_section,
# TODO: create a nova ceph user, with the same privileges
'libvirt': {
'rbd_user': '******',
'rbd_secret_uuid': gconf['cinder_ceph_libvirt_secret_uuid'],
'disk_cachemodes': "network=writeback", # file=unsafe ?
'virt_type': 'qemu', # untile nested is fixed
'images_type': 'rbd',
'images_rbd_pool': 'vms',
'images_rbd_ceph_conf': '/etc/ceph/ceph.conf'
},
'filter_scheduler': {
'enabled_filters':
'RetryFilter,AvailabilityZoneFilter,RamFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter'
} # tempest likes the SameHostFilter,DifferentHostFilter
}
def set_identity():
glb_config = conf.get_global_config()
msg_matrix = {}
for h in ALL_NODES:
msg_matrix[h] = {
'kwargs': {
'node_data': ALL_NODE_DATA[h],
'global_data': glb_config
}
}
do_diff(msg_matrix, do_set_identity)
def etc_glance_glance_api_conf(self):
bind_port = 9292
gconf = conf.get_global_config()
if 'haproxy' in gconf['global_service_flags']:
bind_port = 19292
return {
'DEFAULT': {'debug': True,
'bind_port': bind_port,
'show_image_direct_url': True,
'show_multiple_locations': True,
'enabled_backends': ', '.join(d['sname'] for d in self.backends)},
'glance_store': {'default_backend': self.backends[0]['sname'].split(':')[0]},
'keystone_authtoken': self.keystone.authtoken_section('glance'),
'paste_deploy': {'flavor': 'keystone'},
'database': {'connection': self.sql.db_url('glance')}
}
def get_pkgmgr():
global PKG_MANAGER
if PKG_MANAGER is not None:
return PKG_MANAGER
pkg_mgr = detect_pkg_mgr()
gconf = conf.get_global_config()
if not gconf.get('use_pkg', True):
PKG_MANAGER = NULL
elif pkg_mgr == 'dnf':
PKG_MANAGER = DNF
elif pkg_mgr == 'zypper':
PKG_MANAGER = Zypper
elif pkg_mgr == 'apt-get':
PKG_MANAGER = AptGet
else:
raise Exception('Unable to figure out the package manager: {}'.format(pkg_mgr))
return PKG_MANAGER
def etc_cinder_cinder_conf(self):
gconf = conf.get_global_config()
return {
'DEFAULT': {'debug': True,
'glance_api_version': 2,
'enabled_backends': 'ceph',
'default_volume_type': 'ceph',
'backup_swift_url': 'http://' + conf.get_vip('public')['domain_name'] + ':8080/v1/AUTH_',
'transport_url': self.messaging.transport_url()},
'database': {'connection': self.sql.db_url('cinder')},
'keystone_authtoken': self.keystone.authtoken_section('cinder'),
'oslo_concurrency': {'lock_path': '$state_path/lock'},
'ceph': {'volume_driver': 'cinder.volume.drivers.rbd.RBDDriver',
'rbd_pool': 'volumes',
'rbd_user': '******',
'rbd_ceph_conf': '/etc/ceph/ceph.conf',
'volume_backend_name': 'ceph',
'rbd_secret_uuid': gconf['cinder_ceph_libvirt_secret_uuid']}}
def etc_neutron_neutron_conf(self):
gconf = conf.get_global_config()
service_flags = gconf['global_service_flags']
service_pulugins = [
'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'
]
if 'neutron-fwaas' in service_flags:
service_pulugins.append(
'neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin')
if 'neutron-vpn-agent' in service_flags:
service_pulugins.append(
'neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin')
if 'neutron-lbaasv2-agent' in service_flags:
service_pulugins.append(
'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2'
)
if 'neutron-metering-agent' in service_flags:
service_pulugins.append(
'neutron.services.metering.metering_plugin.MeteringPlugin')
return {
'DEFAULT': {
'debug': 'True',
'core_plugin': 'ml2',
'service_plugins': ','.join(service_pulugins),
'state_path': '/var/lib/neutron',
'allow_overlapping_ips': 'True',
'transport_url': self.messaging.transport_url()
},
'database': {
'connection': self.sql.db_url('neutron')
},
'keystone_authtoken': self.keystone.authtoken_section('neutron'),
'nova': self.keystone.authtoken_section('nova_for_neutron'),
'oslo_concurrency': {
'lock_path': '$state_path/lock'
}
}
def compose(self):
super(Glance, self).compose()
# it can consider the full inventory and config to influnce facility registered
# resources
url_base = "http://" + conf.get_vip('public')['domain_name']
dr = conf.get_default_region()
glance_port = 9292
glance_ha_port = 19292
servers = []
for b in self.get_beckend_list():
servers.append(' '.join((b['hostname'], b['addr'] + ':' + str(glance_ha_port), 'check')))
gconf = conf.get_global_config()
if 'haproxy' in gconf['global_service_flags']:
self.haproxy.add_listener('glance', {
'bind': '*:' + str(glance_port),
'mode': 'http',
'http-request': ['set-header X-Forwarded-Proto https if { ssl_fc }',
'set-header X-Forwarded-Proto http if !{ ssl_fc }'],
'server': servers})
self.keystone.register_endpoint_tri(region=dr,
name='glance',
etype='image',
description='OpenStack Image Service',
url_base=url_base + ':' + str(glance_port))
# just auth or admin user ?
self.keystone.register_service_admin_user('glance')
glances = self.hosts_with_any_service(g_srv)
self.sql.register_user_with_schemas('glance', ['glance'])
self.sql.populate_peer(glances, ['client'])
util.bless_with_principal(glances,
[(self.keystone.name, 'glance@default'),
(self.sql.name, 'glance'),
(self.messaging.name, 'openstack')])
def src_install(self):
gconf = conf.get_global_config()
need_pip = gconf.get('use_pip', True)
if need_pip:
piputils.setup_develop(self)
def etccfg_content(self):
super(Neutron, self).etccfg_content()
gconf = conf.get_global_config()
global_service_union = gconf['global_service_flags']
usrgrp.group('neutron', 996)
usrgrp.user('neutron', 'neutron')
util.base_service_dirs('neutron')
self.file_path('/etc/neutron/conf.d', owner='neutron', group='neutron')
self.file_path('/etc/neutron/conf.d/common',
owner='neutron',
group='neutron')
self.file_ini('/etc/neutron/conf.d/common/agent.conf',
self.etc_neutron_conf_d_common_agent_conf(),
owner='neutron',
group='neutron')
neutron_git_dir = gitutils.component_git_dir(self)
# consider alternate data paths
# var/lib/neutron/dhcp needs to be reachable by the dnsmasq user
self.file_path('/var/lib/neutron',
owner='neutron',
group='neutron',
mode=0o755)
self.file_path('/var/lib/neutron/lock',
owner='neutron',
group='neutron')
self.file_path('/etc/neutron/plugins',
owner='neutron',
group='neutron')
self.file_path('/etc/neutron/plugins/ml2',
owner='neutron',
group='neutron')
self.file_ini('/etc/neutron/neutron.conf',
self.etc_neutron_neutron_conf(),
owner='neutron',
group='neutron')
self.file_sym_link('/etc/neutron/plugin.ini',
'/etc/neutron/plugins/ml2/ml2_conf.ini')
# move to common ?
self.file_ini('/etc/neutron/plugins/ml2/ml2_conf.ini',
self.etc_neutron_plugins_ml2_ml2_conf_ini(),
owner='neutron',
group='neutron')
services = self.filter_node_enabled_services(self.services.keys())
if self.deploy_source == 'src':
if services.intersection(q_srv - {'neutron-server'}):
self.file_plain(
'/etc/sudoers.d/neutron', """Defaults:neutron !requiretty
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
neutron ALL = (root) NOPASSWD: /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
neutron ALL = (root) NOPASSWD: /usr/local/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
""")
self.file_path('/etc/neutron/rootwrap.d', owner='root')
# TODO: exclude stuff based on config
for filter_file in [
'debug.filters', 'dibbler.filters',
'ipset-firewall.filters', 'l3.filters',
'netns-cleanup.filters', 'privsep.filters',
'dhcp.filters', 'ebtables.filters',
'iptables-firewall.filters',
'linuxbridge-plugin.filters',
'openvswitch-plugin.filters'
]:
self.file_install('/etc/neutron/rootwrap.d/' + filter_file,
'/'.join((neutron_git_dir,
'etc/neutron/rootwrap.d',
filter_file)),
mode=0o444)
self.file_install('/etc/neutron/rootwrap.conf',
'/'.join((neutron_git_dir, 'etc/rootwrap.conf')),
mode=0o444)
self.file_install('/etc/neutron/api-paste.ini',
'/'.join((neutron_git_dir, 'etc/api-paste.ini')),
mode=0o644,
owner='neutron',
group='neutron')
c_srv = self.services
util.unit_file(
c_srv['neutron-server']['unit_name']['src'],
'/usr/local/bin/neutron-server --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/plugin.ini',
'neutron')
util.unit_file(
c_srv['neutron-metadata-agent']['unit_name']['src'],
'/usr/local/bin/neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/metadata_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-l3-agent']['unit_name']['src'],
'/usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/l3_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-metering-agent']['unit_name']['src'],
'/usr/local/bin/neutron-metering-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/metering_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-vpn-agent']['unit_name']['src'],
'/usr/local/bin/neutron-vpn-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/vpn_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-dhcp-agent']['unit_name']['src'],
'/usr/local/bin/neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/dhcp_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-lbaasv2-agent']['unit_name']['src'],
'/usr/local/bin/neutron-lbaasv2-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/lbaas_agent.ini',
'neutron')
if util.get_distro()['family'] != 'debian':
osrv = 'openvswitch.service'
else:
osrv = 'openvswitch-switch.service'
util.unit_file(
c_srv['neutron-openvswitch-agent']['unit_name']['src'],
'/usr/local/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini',
'neutron',
requires=osrv,
restart='on-failure')
if 'neutron-metadata-agent' in services:
self.file_ini('/etc/neutron/metadata_agent.ini',
self.etc_neutron_metadata_agent_ini(),
owner='neutron',
group='neutron')
if 'neutron-vpn-agent' in services or 'neutron-l3-agent' in services:
self.file_ini('/etc/neutron/l3_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-metering-agent' in services:
self.file_ini('/etc/neutron/metering_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-vpn-agent' in services:
self.file_ini('/etc/neutron/vpn_agent.ini',
self.etc_neutron_vpn_agent_ini(),
owner='neutron',
group='neutron')
if 'neutron-dhcp-agent' in services:
self.file_ini('/etc/neutron/dhcp_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'dnsmasq_local_resolv': True,
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-lbaasv2-agent' in services:
self.file_ini('/etc/neutron/lbaas_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-openvswitch-agent' in services:
tunnel_ip = self.get_addr_for(
self.get_this_inv(),
'tunneling',
service=self.services['neutron-openvswitch-agent'],
net_attr='tunneling_network')
ovs = {'local_ip': tunnel_ip}
if 'neutron-l3-agent' in services:
ovs['bridge_mappings'] = 'extnet:br-ex'
self.file_ini('/etc/neutron/plugins/ml2/openvswitch_agent.ini', {
'securitygroup': {
'firewall_driver': 'iptables_hybrid'
},
'ovs': ovs,
'agent': {
'tunnel_types': 'vxlan'
}
},
owner='neutron',
group='neutron')
# the inv version is not transfered, let it be part of the global config
# global_service_union = self.get_enabled_services()
# NOTE: check these fwass,lbaas, vpaans conditions,
# we might want to update them even if they not present
if ('neutron-lbaasv2-agent' in services
or ('neutron-lbaasv2-agent' in global_service_union
and 'neutron-server' in services)):
self.file_ini('/etc/neutron/neutron_lbaas.conf', {
'service_providers': {
'service_provider':
'LOADBALANCERV2:Haproxy:' +
'neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver'
+ ':default'
}
},
owner='neutron',
group='neutron')
if ('neutron-vpn-agent' in services
or ('neutron-vpn-agent' in global_service_union
and 'neutron-server' in services)):
self.file_ini('/etc/neutron/neutron_vpnaas.conf',
self.etc_neutron_neutron_vpnaas_conf(),
owner='neutron',
group='neutron')
if 'neutron-fwaas' in global_service_union:
self.file_ini('/etc/neutron/fwaas_driver.ini',
self.etc_neutron_fwaas_driver_ini(),
owner='neutron',
group='neutron')
def gen_tempest_conf(self,
image_ref,
image_ref_alt,
public_network_id,
min_compute_nodes=1):
pwd = util.get_keymgr()(self.keystone.name, 'admin@default')
auth_url = ''.join(
('http://', conf.get_vip('public')['domain_name'], ':35357/v3'))
gconf = conf.get_global_config()
service_flags = gconf['global_service_flags']
return {
'DEFAULT': {
'debug': True,
'log_file': 'tempest.log'
},
'auth': {
'tempest_roles': 'user',
'admin_username': '******',
'admin_project_name': 'admin',
'admin_domain_name': 'Default',
'admin_password': pwd
},
'compute': {
'flavor_ref': 42,
'flavor_ref_alt': 84,
'image_ref': image_ref,
'image_ref_alt': image_ref_alt,
'min_compute_nodes': min_compute_nodes,
'max_microversion': 'latest'
},
'compute-feature-enabled': {
'attach_encrypted_volume': False
},
'network': {
'floating_network_name': 'public',
'public_network_id': public_network_id
},
'scenario': {
'img_dir': 'etc',
'img_file': 'cirros.img'
},
'validation': {
'image_ssh_user': '******'
},
'object-storage': {
'reseller_admin_role': 'admin',
'operator_role': 'user'
},
'oslo-concurrency': {
'lock_path': '/tmp'
},
'image': {
'image_path': img_url,
'http_image': img_url
},
'identity': {
'uri': auth_url,
'uri_v3': auth_url
},
'volume': {
'storage_protocol': 'ceph',
'max_microversion': 'latest'
},
'service_available': {
'horizon': True if 'horizon' in service_flags else False,
'cinder': True if 'cinder-api' in service_flags else False,
'nova': True if 'nova-api' in service_flags else False,
'neutron':
True if 'neutron-server' in service_flags else False,
'glance': True if 'glance-api' in service_flags else False,
'heat': True if 'heat-api' in service_flags else False,
'ironic': True if 'ironic-api' in service_flags else False,
'zaqar': True if 'zaqar' in service_flags else False,
'swift': True if 'swift-proxy' in service_flags else False
}
}