def create_vncproxy_manifest(config, messages): if config["CONFIG_HORIZON_SSL"] == 'y': if config["CONFIG_VNC_SSL_CERT"]: ssl_cert_file = config["CONFIG_VNC_SSL_CERT"] ssl_key_file = config["CONFIG_VNC_SSL_KEY"] if not os.path.exists(ssl_cert_file): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_cert_file) if not os.path.exists(ssl_key_file): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_key_file) final_cert = open(ssl_cert_file, 'rt').read() final_key = open(ssl_key_file, 'rt').read() deliver_ssl_file(final_cert, ssl_cert_file, config['CONFIG_CONTROLLER_HOST']) deliver_ssl_file(final_key, ssl_key_file, config['CONFIG_CONTROLLER_HOST']) else: config["CONFIG_VNC_SSL_CERT"] = '/etc/pki/tls/certs/ssl_vnc.crt' config["CONFIG_VNC_SSL_KEY"] = '/etc/pki/tls/private/ssl_vnc.key' ssl_key_file = config["CONFIG_VNC_SSL_KEY"] ssl_cert_file = config["CONFIG_VNC_SSL_CERT"] ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'vnc' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file)
def check_cinder_vg(config, messages): cinders_volume = config["CONFIG_CINDER_VOLUME_NAME"] # Do we have a cinder-volumes vg? have_cinders_volume = False server = utils.ScriptRunner(config['CONFIG_STORAGE_HOST']) server.append('vgdisplay %s' % cinders_volume) try: server.execute() have_cinders_volume = True except exceptions.ScriptRuntimeError: pass if config["CONFIG_CINDER_VOLUMES_CREATE"] == "n": if not have_cinders_volume: raise exceptions.MissingRequirements("The cinder server should " "contain a volume group") match = re.match(r'^(?P<size>\d+)G$', config['CONFIG_CINDER_VOLUMES_SIZE'].strip()) if not match: msg = 'Invalid Cinder volumes VG size.' raise exceptions.ParamValidationError(msg) cinders_volume_size = int(match.group('size')) * 1024 cinders_reserve = int(cinders_volume_size * 0.03) cinders_volume_size = cinders_volume_size + cinders_reserve config['CONFIG_CINDER_VOLUMES_SIZE'] = '%sM' % cinders_volume_size
def create_manifest(config, messages): config["CONFIG_HORIZON_SECRET_KEY"] = uuid.uuid4().hex horizon_host = config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_horizon.pp" % horizon_host proto = "http" config["CONFIG_HORIZON_PORT"] = "'80'" sslmanifestdata = '' if config["CONFIG_HORIZON_SSL"] == 'y': config["CONFIG_HORIZON_PORT"] = "'443'" proto = "https" sslmanifestdata += getManifestTemplate("https.pp") # Are we using the users cert/key files if config["CONFIG_SSL_CERT"]: ssl_cert = config["CONFIG_SSL_CERT"] ssl_key = config["CONFIG_SSL_KEY"] if not os.path.exists(ssl_cert): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_cert) if ssl_key and not os.path.exists(ssl_key): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_key) resources = config.setdefault('RESOURCES', {}) host_resources = resources.setdefault(horizon_host, []) host_resources.append((ssl_cert, 'ssl_ps_server.crt')) if ssl_key: host_resources.append(ssl_key, 'ssl_ps_server.key') else: messages.append( "%sNOTE%s : A certificate was generated to be used for ssl, " "You should change the ssl certificate configured in " "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." % (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host)) manifestdata = getManifestTemplate("horizon.pp") manifestdata += sslmanifestdata appendManifestFile(manifestfile, manifestdata) msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n" "Please, find your login credentials stored in the keystonerc_admin" " in your home directory." % (proto, config['CONFIG_CONTROLLER_HOST'])) messages.append(msg)
def createmanifest(config): controller.CONF["CONFIG_HORIZON_SECRET_KEY"] = uuid.uuid4().hex horizon_host = controller.CONF['CONFIG_HORIZON_HOST'] manifestfile = "%s_horizon.pp" % horizon_host proto = "http" controller.CONF["CONFIG_HORIZON_PORT"] = "'80'" sslmanifestdata = '' if controller.CONF["CONFIG_HORIZON_SSL"] == 'y': controller.CONF["CONFIG_HORIZON_PORT"] = "'443'" proto = "https" sslmanifestdata += getManifestTemplate("https.pp") # Are we using the users cert/key files if controller.CONF["CONFIG_SSL_CERT"]: ssl_cert = controller.CONF["CONFIG_SSL_CERT"] ssl_key = controller.CONF["CONFIG_SSL_KEY"] if not os.path.exists(ssl_cert): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_cert) if ssl_key and not os.path.exists(ssl_key): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_key) controller.addResource(horizon_host, ssl_cert, 'ssl_ps_server.crt') if ssl_key: controller.addResource( horizon_host, ssl_key, 'ssl_ps_server.key' ) else: controller.MESSAGES.append( "%sNOTE%s : A certificate was generated to be used for ssl, " "You should change the ssl certificate configured in " "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." % (basedefs.RED, basedefs.NO_COLOR, horizon_host)) manifestdata = getManifestTemplate("horizon.pp") manifestdata += sslmanifestdata appendManifestFile(manifestfile, manifestdata) msg = "To use the console, browse to %s://%s/dashboard" % \ (proto, controller.CONF['CONFIG_HORIZON_HOST']) controller.MESSAGES.append(msg)
def check_cinder_vg(config, messages): cinders_volume = 'cinder-volumes' if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] if config["CONFIG_CINDER_VOLUMES_CREATE"] != "y": if not have_cinders_volume: raise exceptions.MissingRequirements("The cinder server should " "contain a cinder-volumes " "volume group") match = re.match('^(?P<size>\d+)G$', config['CONFIG_CINDER_VOLUMES_SIZE'].strip()) if not match: msg = 'Invalid Cinder volumes VG size.' raise exceptions.ParamValidationError(msg) cinders_volume_size = int(match.group('size')) * 1024 cinders_reserve = int(cinders_volume_size * 0.03) cinders_volume_size = cinders_volume_size + cinders_reserve config['CONFIG_CINDER_VOLUMES_SIZE'] = 'sM' % cinders_volume_size
def check_cinder_vg(config, messages): cinders_volume = 'cinder-volumes' # Do we have a cinder-volumes vg? have_cinders_volume = False server = utils.ScriptRunner(config['CONFIG_CONTROLLER_HOST']) server.append('vgdisplay %s' % cinders_volume) try: server.execute() have_cinders_volume = True except exceptions.ScriptRuntimeError: pass # Configure system LVM settings (snapshot_autoextend) server = utils.ScriptRunner(config['CONFIG_CONTROLLER_HOST']) server.append('sed -i -r "s/^ *snapshot_autoextend_threshold +=.*/' ' snapshot_autoextend_threshold = 80/" ' '/etc/lvm/lvm.conf') server.append('sed -i -r "s/^ *snapshot_autoextend_percent +=.*/' ' snapshot_autoextend_percent = 20/" ' '/etc/lvm/lvm.conf') try: server.execute() except exceptions.ScriptRuntimeError: logging.info("Warning: Unable to set system LVM settings.") if config["CONFIG_CINDER_VOLUMES_CREATE"] != "y": if not have_cinders_volume: raise exceptions.MissingRequirements("The cinder server should " "contain a cinder-volumes " "volume group") else: if have_cinders_volume: messages.append(output_messages.INFO_CINDER_VOLUMES_EXISTS) return server = utils.ScriptRunner(config['CONFIG_CONTROLLER_HOST']) server.append('systemctl') try: server.execute() rst_cmd = 'systemctl restart openstack-cinder-volume.service' except exceptions.ScriptRuntimeError: rst_cmd = 'service openstack-cinder-volume restart' server.clear() logging.info("A new cinder volumes group will be created") cinders_volume_path = '/var/lib/cinder' server.append('mkdir -p %s' % cinders_volume_path) logging.debug("Volume's path: %s" % cinders_volume_path) match = re.match('^(?P<size>\d+)G$', config['CONFIG_CINDER_VOLUMES_SIZE'].strip()) if not match: msg = 'Invalid Cinder volumes VG size.' raise exceptions.ParamValidationError(msg) cinders_volume_size = int(match.group('size')) * 1024 cinders_reserve = int(cinders_volume_size * 0.03) cinders_volume_size = cinders_volume_size + cinders_reserve cinders_volume_path = os.path.join(cinders_volume_path, cinders_volume) server.append('dd if=/dev/zero of=%s bs=1 count=0 seek=%sM' % (cinders_volume_path, cinders_volume_size)) server.append('LOFI=$(losetup --show -f %s)' % cinders_volume_path) server.append('pvcreate $LOFI') server.append('vgcreate %s $LOFI' % cinders_volume) # Add the loop device on boot server.append( 'grep %(volume)s /etc/rc.d/rc.local || ' 'echo "losetup -f %(path)s && ' 'vgchange -a y %(volume)s && ' '%(restart_cmd)s" ' '>> /etc/rc.d/rc.local' % { 'volume': cinders_volume, 'restart_cmd': rst_cmd, 'path': cinders_volume_path }) server.append('grep "#!" /etc/rc.d/rc.local || ' 'sed -i \'1i#!/bin/sh\' /etc/rc.d/rc.local') server.append('chmod +x /etc/rc.d/rc.local') # Let's make sure it exists server.append('vgdisplay %s' % cinders_volume) try: server.execute() except exceptions.ScriptRuntimeError: # Release loop device if cinder's volume creation # fails. try: logging.debug("Release loop device, volume creation failed") server = utils.ScriptRunner(config['CONFIG_CONTROLLER_HOST']) server.append('losetup -d $(losetup -j %s | cut -d : -f 1)' % cinders_volume_path) server.execute() except: pass raise exceptions.MissingRequirements("Cinder's volume group '%s' " "could not be created" % cinders_volume)
def create_compute_manifest(config, messages): global compute_hosts, network_hosts if config["CONFIG_HORIZON_SSL"] == 'y': config["CONFIG_VNCPROXY_PROTOCOL"] = "https" else: config["CONFIG_VNCPROXY_PROTOCOL"] = "http" config["CONFIG_NOVA_ALLOW_RESIZE_TO_SAME"] = len(compute_hosts) == 1 ssh_keys_details = {} for host in compute_hosts: try: hostname, aliases, addrs = socket.gethostbyaddr(host) except socket.herror: hostname, aliases, addrs = (host, [], []) for hostkey in config['HOST_KEYS_%s' % host].split('\n'): hostkey = hostkey.strip() if not hostkey: continue _, host_key_type, host_key_data = hostkey.split() key = "%s.%s" % (host_key_type, hostname) ssh_keys_details.setdefault(key, {}) ssh_keys_details[key]['ensure'] = 'present' ssh_keys_details[key]['host_aliases'] = [hostname] + aliases + addrs ssh_keys_details[key]['key'] = host_key_data ssh_keys_details[key]['type'] = host_key_type config['SSH_KEYS'] = ssh_keys_details if config['CONFIG_VMWARE_BACKEND'] == 'y': vcenters = [i.strip() for i in config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',') if i.strip()] if not vcenters: raise exceptions.ParamValidationError( "Please specify at least one VMware vCenter cluster in" " CONFIG_VCENTER_CLUSTER_NAMES" ) if len(vcenters) != len(compute_hosts): if len(vcenters) > 1: raise exceptions.ParamValidationError( "Number of vmware clusters %s is not same" " as number of nova computes %s", (vcenters, compute_hosts) ) else: vcenters = len(compute_hosts) * [vcenters[0]] vmware_clusters = dict(zip(compute_hosts, vcenters)) config['CONFIG_VCENTER_CLUSTERS'] = vmware_clusters for host in compute_hosts: fw_details = dict() cf_fw_qemu_mig_key = ("FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host.replace('.', '_')) for c_host in compute_hosts: key = "nova_qemu_migration_%s_%s" % (host, c_host) fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % c_host fw_details[key]['service_name'] = "nova qemu migration" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['16509', '49152-49215'] fw_details[key]['proto'] = "tcp" config[cf_fw_qemu_mig_key] = fw_details if config['CONFIG_CEILOMETER_INSTALL'] == 'y': if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt' ) ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_ceilometer.key' ) ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'ceilometer' generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "nova_compute" fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST'] fw_details[key]['service_name'] = "nova compute" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['5900-5999'] fw_details[key]['proto'] = "tcp" config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
def create_manifest(config, messages): horizon_host = config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_horizon.pp" % horizon_host proto = "http" config["CONFIG_HORIZON_PORT"] = 80 sslmanifestdata = '' if config["CONFIG_HORIZON_SSL"] == 'y': config["CONFIG_HORIZON_PORT"] = 443 proto = "https" # Are we using the users cert/key files if config["CONFIG_HORIZON_SSL_CERT"]: ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"] ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] ssl_chain_file = config["CONFIG_HORIZON_SSL_CACERT"] if not os.path.exists(ssl_cert_file): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_cert_file) if not os.path.exists(ssl_key_file): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_key_file) if not os.path.exists(ssl_chain_file): raise exceptions.ParamValidationError( "The file %s doesn't exist" % ssl_chain_file) final_cert = open(ssl_cert_file, 'rt').read() final_key = open(ssl_key_file, 'rt').read() final_cacert = open(ssl_chain_file, 'rt').read() host = config['CONFIG_CONTROLLER_HOST'] deliver_ssl_file(final_cacert, ssl_chain_file, host) deliver_ssl_file(final_cert, ssl_cert_file, host) deliver_ssl_file(final_key, ssl_key_file, host) else: ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"] = ( '/etc/pki/tls/certs/ssl_dashboard.crt') ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] = ( '/etc/pki/tls/private/ssl_dashboard.key') cacert = config['CONFIG_SSL_CACERT'] config["CONFIG_HORIZON_SSL_CACERT"] = cacert ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'dashboard' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) messages.append( "%sNOTE%s : A certificate was generated to be used for ssl, " "You should change the ssl certificate configured in " "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." % (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host)) config["CONFIG_HORIZON_NEUTRON_LB"] = False config["CONFIG_HORIZON_NEUTRON_FW"] = False config["CONFIG_HORIZON_NEUTRON_VPN"] = False if config['CONFIG_NEUTRON_INSTALL'] == 'y': if config["CONFIG_LBAAS_INSTALL"] == 'y': config["CONFIG_HORIZON_NEUTRON_LB"] = True if config["CONFIG_NEUTRON_FWAAS"] == 'y': config["CONFIG_HORIZON_NEUTRON_FW"] = True if config["CONFIG_NEUTRON_VPNAAS"] == 'y': config["CONFIG_HORIZON_NEUTRON_VPN"] = True manifestdata = getManifestTemplate("horizon") appendManifestFile(manifestfile, manifestdata) msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n" "Please, find your login credentials stored in the keystonerc_admin" " in your home directory." % (proto, config['CONFIG_CONTROLLER_HOST'])) messages.append(msg)
def create_compute_manifest(config, messages): global compute_hosts, network_hosts if config["CONFIG_HORIZON_SSL"] == 'y': config["CONFIG_VNCPROXY_PROTOCOL"] = "https" else: config["CONFIG_VNCPROXY_PROTOCOL"] = "http" migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL'] if migrate_protocol == 'ssh': config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = ( 'qemu+ssh://nova@%s/system?no_verify=1&' 'keyfile=/etc/nova/ssh/nova_migration_key') else: config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = ( 'qemu+tcp://nova@%s/system') ssh_hostkeys = '' ssh_keys_details = {} for host in compute_hosts: try: hostname, aliases, addrs = socket.gethostbyaddr(host) except socket.herror: hostname, aliases, addrs = (host, [], []) for hostkey in config['HOST_KEYS_%s' % host].split('\n'): hostkey = hostkey.strip() if not hostkey: continue _, host_key_type, host_key_data = hostkey.split() key = "%s.%s" % (host_key_type, hostname) ssh_keys_details.setdefault(key, {}) ssh_keys_details[key]['ensure'] = 'present' ssh_keys_details[key]['host_aliases'] = aliases + addrs ssh_keys_details[key]['key'] = host_key_data ssh_keys_details[key]['type'] = host_key_type config['SSH_KEYS'] = ssh_keys_details ssh_hostkeys += getManifestTemplate("sshkey") if config['CONFIG_VMWARE_BACKEND'] == 'y': vcenters = [ i.strip() for i in config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',') if i.strip() ] if not vcenters: raise exceptions.ParamValidationError( "Please specify at least one VMware vCenter cluster in" " CONFIG_VCENTER_CLUSTER_NAMES") if len(vcenters) != len(compute_hosts): if len(vcenters) > 1: raise exceptions.ParamValidationError( "Number of vmware clusters %s is not same" " as number of nova computes %s", (vcenters, compute_hosts)) else: vcenters = len(compute_hosts) * [vcenters[0]] vmware_clusters = dict(zip(compute_hosts, vcenters)) for host in compute_hosts: if config['CONFIG_IRONIC_INSTALL'] == 'y': cm = 'ironic.nova.compute.manager.ClusteredComputeManager' config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm manifestdata = getManifestTemplate("nova_compute") fw_details = dict() cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host for c_host in compute_hosts: key = "nova_qemu_migration_%s_%s" % (host, c_host) fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % c_host fw_details[key]['service_name'] = "nova qemu migration" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['16509', '49152-49215'] fw_details[key]['proto'] = "tcp" config[cf_fw_qemu_mig_key] = fw_details manifestdata += createFirewallResources(cf_fw_qemu_mig_key) if config['CONFIG_VMWARE_BACKEND'] == 'y': manifestdata += ("\n$nova_vcenter_cluster_name = '%s'\n" % vmware_clusters[host]) manifestdata += getManifestTemplate("nova_compute_vmware.pp") elif config['CONFIG_IRONIC_INSTALL'] == 'y': manifestdata += getManifestTemplate("nova_compute_ironic.pp") else: manifestdata += getManifestTemplate("nova_compute_libvirt.pp") if (config['CONFIG_VMWARE_BACKEND'] != 'y' and config['CONFIG_CINDER_INSTALL'] == 'y' and 'gluster' in config['CONFIG_CINDER_BACKEND']): manifestdata += getManifestTemplate("nova_gluster") if (config['CONFIG_VMWARE_BACKEND'] != 'y' and config['CONFIG_CINDER_INSTALL'] == 'y' and 'nfs' in config['CONFIG_CINDER_BACKEND']): manifestdata += getManifestTemplate("nova_nfs") manifestfile = "%s_nova.pp" % host if config['CONFIG_NEUTRON_INSTALL'] != 'y': if host not in network_hosts: manifestdata += getManifestTemplate('nova_compute_flat') key = 'CONFIG_NOVA_COMPUTE_PRIVIF' if not config[key].strip(): config[key] = dummy_interface(host) if config['CONFIG_USE_SUBNETS'] == 'y': netface = common.cidr_to_ifname(config[key], host, config) else: netface = config[key] check_ifcfg(host, netface) try: bring_up_ifcfg(host, netface) except exceptions.ScriptRuntimeError as ex: # just warn user to do it by himself messages.append(str(ex)) if config['CONFIG_CEILOMETER_INSTALL'] == 'y': if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt') ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_ceilometer.key') ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'ceilometer' generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file) mq_template = get_mq(config, "nova_ceilometer") manifestdata += getManifestTemplate(mq_template) manifestdata += getManifestTemplate("nova_ceilometer") fw_details = dict() key = "nova_compute" fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST'] fw_details[key]['service_name'] = "nova compute" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['5900-5999'] fw_details[key]['proto'] = "tcp" config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details manifestdata += "\n" + createFirewallResources( 'FIREWALL_NOVA_COMPUTE_RULES') manifestdata += "\n" + ssh_hostkeys appendManifestFile(manifestfile, manifestdata)