def do_fetch_image(cname):
self = facility.get_component(cname)
tempest_git_dir = gitutils.component_git_dir(self)
self.have_content()
image_file = tempest_git_dir + '/etc/cirros.img'
fetch.download_origin_or_mirror(img_url, image_file)
um = _file_md5_sum(image_file)
assert um == img_md5 # TODO: raise real
def etccfg_content(self):
super(Cinder, self).etccfg_content()
c_srv = set(self.services.keys())
usrgrp.group('cinder', 165)
usrgrp.user('cinder', 'cinder')
util.base_service_dirs('cinder')
comp = self
self.file_path('/var/lib/cinder/lock',
owner='cinder', group='cinder')
self.file_ini('/etc/cinder/cinder.conf', self.etc_cinder_cinder_conf(),
owner='cinder', group='cinder')
cinder_git_dir = gitutils.component_git_dir(comp)
self.file_install('/etc/cinder/api-paste.ini',
'/'.join((cinder_git_dir,
'etc/cinder/api-paste.ini')),
mode=0o644, owner='cinder', group='cinder')
self.file_install('/etc/cinder/resource_filters.json',
'/'.join((cinder_git_dir,
'etc/cinder/resource_filters.json')),
mode=0o644,
owner='cinder', group='cinder')
services = self.filter_node_enabled_services(c_srv)
if comp.deploy_source == 'src':
co_srv = comp.services
util.unit_file(co_srv['cinder-scheduler']['unit_name']['src'],
'/usr/local/bin/cinder-scheduler',
'cinder')
util.unit_file(co_srv['cinder-api']['unit_name']['src'],
'/usr/local/bin/cinder-api',
'cinder')
util.unit_file(co_srv['cinder-volume']['unit_name']['src'],
'/usr/local/bin/cinder-volume',
'cinder')
util.unit_file(co_srv['cinder-backup']['unit_name']['src'],
'/usr/local/bin/cinder-backup',
'cinder')
# TODO handle bin dir
if 'cinder-volume' in services or 'cinder-backup' in services:
self.file_plain('/etc/sudoers.d/cinder', """Defaults:cinder !requiretty
cinder ALL = (root) NOPASSWD: /usr/local/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *
cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *
""")
self.file_path('/etc/cinder/rootwrap.d',
owner='cinder', group='cinder')
self.file_install('/etc/cinder/rootwrap.d/volume.filters',
'/'.join((cinder_git_dir,
'etc/cinder/rootwrap.d/volume.filters')),
mode=0o444)
self.file_install('/etc/cinder/rootwrap.conf',
'/'.join((cinder_git_dir,
'etc/cinder/rootwrap.conf')),
mode=0o444)
def etccfg_content(self):
super(Glance, self).etccfg_content()
services = self.filter_node_enabled_services(g_srv)
usrgrp.group('glance', 161)
usrgrp.user('glance', 'glance')
util.base_service_dirs('glance')
self.file_path('/var/lib/glance/images',
owner='glance', group='glance')
self.file_path('/var/lib/glance/image-cache',
owner='glance', group='glance')
if 'glance-api' in services:
self.file_ini('/etc/glance/glance-api.conf',
self.etc_glance_glance_api_conf(),
owner='glance', group='glance')
if 'glance-registry' in services:
self.file_ini('/etc/glance/glance-registry.conf',
self.etc_glance_glance_registry_conf(),
owner='glance', group='glance')
# in case of packages or containers expect it is there already
comp = self
if comp.deploy_source == 'src':
glance_git_dir = gitutils.component_git_dir(comp)
self.file_sym_link('/etc/glance/metadefs', glance_git_dir + '/etc/metadefs')
self.file_install('/etc/glance/glance-api-paste.ini',
'/'.join((glance_git_dir,
'etc/glance-api-paste.ini')),
mode=0o644,
owner='glance', group='glance')
self.file_install('/etc/glance/glance-registry-paste.ini',
'/'.join((glance_git_dir,
'etc/glance-registry-paste.ini')),
mode=0o644,
owner='glance', group='glance')
self.file_install('/etc/glance/policy.json',
'/'.join((glance_git_dir,
'etc/policy.json')),
mode=0o644,
owner='glance', group='glance')
util.unit_file(comp.services['glance-api']['unit_name']['src'],
'/usr/local/bin/glance-api',
'glance')
util.unit_file(comp.services['glance-registry']['unit_name']['src'],
'/usr/local/bin/glance-registry',
'glance')
util.unit_file(comp.services['glance-scrubber']['unit_name']['src'],
'/usr/local/bin/glance-scrubber',
'glance')
def do_ensure_test_images(cname):
# TODO: Do not duplicate images
self = facility.get_component(cname)
self.have_content()
tempest_git_dir = gitutils.component_git_dir(self)
image_file = tempest_git_dir + '/etc/cirros.img'
admin_snippet = util.userrc_script('admin')
image_uuid = localsh.ret(
admin_snippet +
"openstack image create cirros --public --file {image_file} --disk-format qcow2 | awk '/\\| id/{{print $4}}'"
.format(image_file=image_file))
image_alt_uuid = localsh.ret(
admin_snippet +
"openstack image create cirros_alt --public --file {image_file} --disk-format qcow2 | awk '/\\| id/{{print $4}}'"
.format(image_file=image_file))
return (image_uuid.strip(), image_alt_uuid.strip())
def do_tempest_cfg(cname,
image_ref,
image_ref_alt,
public_network_id,
min_compute_nodes=1):
self = facility.get_component(cname)
tempest_git_dir = gitutils.component_git_dir(self)
self.file_path(tempest_git_dir,
owner='stack',
group='stack',
mode=0o775)
cfg = self.gen_tempest_conf(image_ref, image_ref_alt,
public_network_id, min_compute_nodes)
self.file_ini('/'.join((tempest_git_dir, 'etc', 'tempest.conf')),
cfg,
mode=0o755,
owner='stack',
group='stack')
def etccfg_content(self):
super(Keystone, self).etccfg_content()
keystone_git_dir = gitutils.component_git_dir(self)
usrgrp.group('keystone', 163)
usrgrp.user('keystone', 'keystone', home=keystone_git_dir)
self.file_path('/etc/keystone', owner='keystone', group='keystone')
self.file_ini('/etc/keystone/keystone.conf',
self.etc_keystone_keystone_conf(),
owner='keystone',
group='keystone')
distro = util.get_distro()['family']
if distro == 'debian':
# switch to simlink
cfg_dir = '/etc/apache2/sites-enabled'
elif distro == 'suse':
cfg_dir = '/etc/apache2/conf.d'
else: # redhat familiy and this is expected in more distros
cfg_dir = '/etc/httpd/conf.d'
self.file_plain(cfg_dir + '/wsgi-keystone.conf',
self.etc_httpd_conf_d_wsgi_keystone_conf(),
mode=0o644)
def etccfg_content(self):
super(Neutron, self).etccfg_content()
gconf = conf.get_global_config()
global_service_union = gconf['global_service_flags']
usrgrp.group('neutron', 996)
usrgrp.user('neutron', 'neutron')
util.base_service_dirs('neutron')
self.file_path('/etc/neutron/conf.d', owner='neutron', group='neutron')
self.file_path('/etc/neutron/conf.d/common',
owner='neutron',
group='neutron')
self.file_ini('/etc/neutron/conf.d/common/agent.conf',
self.etc_neutron_conf_d_common_agent_conf(),
owner='neutron',
group='neutron')
neutron_git_dir = gitutils.component_git_dir(self)
# consider alternate data paths
# var/lib/neutron/dhcp needs to be reachable by the dnsmasq user
self.file_path('/var/lib/neutron',
owner='neutron',
group='neutron',
mode=0o755)
self.file_path('/var/lib/neutron/lock',
owner='neutron',
group='neutron')
self.file_path('/etc/neutron/plugins',
owner='neutron',
group='neutron')
self.file_path('/etc/neutron/plugins/ml2',
owner='neutron',
group='neutron')
self.file_ini('/etc/neutron/neutron.conf',
self.etc_neutron_neutron_conf(),
owner='neutron',
group='neutron')
self.file_sym_link('/etc/neutron/plugin.ini',
'/etc/neutron/plugins/ml2/ml2_conf.ini')
# move to common ?
self.file_ini('/etc/neutron/plugins/ml2/ml2_conf.ini',
self.etc_neutron_plugins_ml2_ml2_conf_ini(),
owner='neutron',
group='neutron')
services = self.filter_node_enabled_services(self.services.keys())
if self.deploy_source == 'src':
if services.intersection(q_srv - {'neutron-server'}):
self.file_plain(
'/etc/sudoers.d/neutron', """Defaults:neutron !requiretty
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
neutron ALL = (root) NOPASSWD: /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
neutron ALL = (root) NOPASSWD: /usr/local/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
""")
self.file_path('/etc/neutron/rootwrap.d', owner='root')
# TODO: exclude stuff based on config
for filter_file in [
'debug.filters', 'dibbler.filters',
'ipset-firewall.filters', 'l3.filters',
'netns-cleanup.filters', 'privsep.filters',
'dhcp.filters', 'ebtables.filters',
'iptables-firewall.filters',
'linuxbridge-plugin.filters',
'openvswitch-plugin.filters'
]:
self.file_install('/etc/neutron/rootwrap.d/' + filter_file,
'/'.join((neutron_git_dir,
'etc/neutron/rootwrap.d',
filter_file)),
mode=0o444)
self.file_install('/etc/neutron/rootwrap.conf',
'/'.join((neutron_git_dir, 'etc/rootwrap.conf')),
mode=0o444)
self.file_install('/etc/neutron/api-paste.ini',
'/'.join((neutron_git_dir, 'etc/api-paste.ini')),
mode=0o644,
owner='neutron',
group='neutron')
c_srv = self.services
util.unit_file(
c_srv['neutron-server']['unit_name']['src'],
'/usr/local/bin/neutron-server --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/plugin.ini',
'neutron')
util.unit_file(
c_srv['neutron-metadata-agent']['unit_name']['src'],
'/usr/local/bin/neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/metadata_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-l3-agent']['unit_name']['src'],
'/usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/l3_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-metering-agent']['unit_name']['src'],
'/usr/local/bin/neutron-metering-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/metering_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-vpn-agent']['unit_name']['src'],
'/usr/local/bin/neutron-vpn-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/vpn_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-dhcp-agent']['unit_name']['src'],
'/usr/local/bin/neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/dhcp_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-lbaasv2-agent']['unit_name']['src'],
'/usr/local/bin/neutron-lbaasv2-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/lbaas_agent.ini',
'neutron')
if util.get_distro()['family'] != 'debian':
osrv = 'openvswitch.service'
else:
osrv = 'openvswitch-switch.service'
util.unit_file(
c_srv['neutron-openvswitch-agent']['unit_name']['src'],
'/usr/local/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini',
'neutron',
requires=osrv,
restart='on-failure')
if 'neutron-metadata-agent' in services:
self.file_ini('/etc/neutron/metadata_agent.ini',
self.etc_neutron_metadata_agent_ini(),
owner='neutron',
group='neutron')
if 'neutron-vpn-agent' in services or 'neutron-l3-agent' in services:
self.file_ini('/etc/neutron/l3_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-metering-agent' in services:
self.file_ini('/etc/neutron/metering_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-vpn-agent' in services:
self.file_ini('/etc/neutron/vpn_agent.ini',
self.etc_neutron_vpn_agent_ini(),
owner='neutron',
group='neutron')
if 'neutron-dhcp-agent' in services:
self.file_ini('/etc/neutron/dhcp_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'dnsmasq_local_resolv': True,
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-lbaasv2-agent' in services:
self.file_ini('/etc/neutron/lbaas_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-openvswitch-agent' in services:
tunnel_ip = self.get_addr_for(
self.get_this_inv(),
'tunneling',
service=self.services['neutron-openvswitch-agent'],
net_attr='tunneling_network')
ovs = {'local_ip': tunnel_ip}
if 'neutron-l3-agent' in services:
ovs['bridge_mappings'] = 'extnet:br-ex'
self.file_ini('/etc/neutron/plugins/ml2/openvswitch_agent.ini', {
'securitygroup': {
'firewall_driver': 'iptables_hybrid'
},
'ovs': ovs,
'agent': {
'tunnel_types': 'vxlan'
}
},
owner='neutron',
group='neutron')
# the inv version is not transfered, let it be part of the global config
# global_service_union = self.get_enabled_services()
# NOTE: check these fwass,lbaas, vpaans conditions,
# we might want to update them even if they not present
if ('neutron-lbaasv2-agent' in services
or ('neutron-lbaasv2-agent' in global_service_union
and 'neutron-server' in services)):
self.file_ini('/etc/neutron/neutron_lbaas.conf', {
'service_providers': {
'service_provider':
'LOADBALANCERV2:Haproxy:' +
'neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver'
+ ':default'
}
},
owner='neutron',
group='neutron')
if ('neutron-vpn-agent' in services
or ('neutron-vpn-agent' in global_service_union
and 'neutron-server' in services)):
self.file_ini('/etc/neutron/neutron_vpnaas.conf',
self.etc_neutron_neutron_vpnaas_conf(),
owner='neutron',
group='neutron')
if 'neutron-fwaas' in global_service_union:
self.file_ini('/etc/neutron/fwaas_driver.ini',
self.etc_neutron_fwaas_driver_ini(),
owner='neutron',
group='neutron')
def etccfg_content(self):
super(Nova, self).etccfg_content()
nova_git_dir = gitutils.component_git_dir(self)
usrgrp.group('libvirt')
usrgrp.group('nova', 162)
usrgrp.user('nova', 'nova', ['libvirt'])
util.base_service_dirs('nova')
self.file_path('/etc/nova/rootwrap.d', owner='nova', group='nova')
self.file_path('/var/lib/nova/instances', owner='nova', group='nova')
self.file_ini('/etc/nova/nova.conf',
self.etc_nova_nova_conf(),
owner='nova',
group='nova')
if self.deploy_source == 'src':
self.file_install('/etc/nova/api-paste.ini',
'/'.join(
(nova_git_dir, 'etc/nova/api-paste.ini')),
mode=0o644,
owner='nova',
group='nova')
self.file_install('/etc/nova/rootwrap.conf',
'/'.join(
(nova_git_dir, 'etc/nova/rootwrap.conf')),
mode=0o444)
util.unit_file(self.services['nova-api']['unit_name']['src'],
'/usr/local/bin/nova-api', 'nova')
util.unit_file(self.services['nova-conductor']['unit_name']['src'],
'/usr/local/bin/nova-conductor', 'nova')
util.unit_file(self.services['nova-cells']['unit_name']['src'],
'/usr/local/bin/nova-cells', 'nova')
util.unit_file(self.services['nova-console']['unit_name']['src'],
'/usr/local/bin/nova-console', 'nova')
util.unit_file(
self.services['nova-xvpvncproxy']['unit_name']['src'],
'/usr/local/bin/nova-xvpvncproxy', 'nova')
util.unit_file(self.services['nova-scheduler']['unit_name']['src'],
'/usr/local/bin/nova-scheduler', 'nova')
util.unit_file(
self.services['nova-api-metadata']['unit_name']['src'],
'/usr/local/bin/nova-api-metadata', 'nova')
web = '/usr/share/spice-html5'
if self.spiceweb:
web = self.spiceweb.get_web_dir()
util.unit_file(
self.services['nova-spicehtml5proxy']['unit_name']['src'],
'/usr/local/bin/nova-spicehtml5proxy --web ' + web, # quote
'nova')
web = '/usr/share/novnc'
if self.novncweb:
web = self.novncweb.get_web_dir()
util.unit_file(
self.services['nova-novncproxy']['unit_name']['src'],
'/usr/local/bin/nova-novncproxy --web ' + web, 'nova')
util.unit_file(
self.services['nova-consoleauth']['unit_name']['src'],
'/usr/local/bin/nova-consoleauth', 'nova')
util.unit_file(self.services['nova-compute']['unit_name']['src'],
'/usr/local/bin/nova-compute', 'nova')
services = self.filter_node_enabled_services(self.services.keys())
if 'nova-api' in services or 'nova-metadata' in services:
self.file_install(
'/etc/nova/rootwrap.d/api-metadata.filters',
'/'.join((nova_git_dir,
'etc/nova/rootwrap.d/api-metadata.filters')),
mode=0o444)
# intersect
if 'nova-api' in services or 'nova-metadata' in services or 'nova-compute' in services:
self.file_plain(
'/etc/sudoers.d/nova', """Defaults:nova !requiretty
nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *
nova ALL = (root) NOPASSWD: /usr/local/bin/nova-rootwrap /etc/nova/rootwrap.conf *
nova ALL = (root) NOPASSWD: /usr/bin/privsep-helper *
nova ALL = (root) NOPASSWD: /usr/local/bin/privsep-helper *
""")
if 'nova-compute' in services:
usrgrp.group('nova_migration', 983)
usrgrp.user('nova_migration',
'nova_migration') # TODO: give shell, distribute keys
self.file_path('/etc/nova/migration', owner='nova', group='nova')
self.file_path('/etc/nova/migration/rootwrap.d',
owner='nova',
group='nova')
if self.deploy_source == 'src':
self.file_plain(
'/etc/sudoers.d/nova_migration',
"""Defaults:nova_migration !requiretty
nova_migration ALL = (nova) NOPASSWD: /usr/bin/nc -U /var/run/libvirt/libvirt-sock
nova_migration ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/migration/rootwrap.conf *
""")
self.file_plain(
"/etc/nova/migration/rootwrap.d/cold_migrations.filters",
"""[Filters]
create_file: PathFilter, /usr/bin/touch, nova, /var/lib/nova/instances/
remove_file: PathFilter, /usr/bin/rm, nova, /var/lib/nova/instances/
create_dir: PathFilter, /usr/bin/mkdir, nova, -p, /var/lib/nova/instances/
remove_dir: PathFilter, /usr/bin/rm, nova, -rf, /var/lib/nova/instances/
copy_file_local_to_remote_recursive: PathFilter, /usr/bin/scp, nova, -r, -t, /var/lib/nova/instances/
copy_file_remote_to_local_recursive: PathFilter, /usr/bin/scp, nova, -r, -f, /var/lib/nova/instances/
copy_file_local_to_remote: PathFilter, /usr/bin/scp, nova, -t, /var/lib/nova/instances/
copy_file_remote_to_local: PathFilter, /usr/bin/scp, nova, -f, /var/lib/nova/instances/
""")
self.file_plain(
"/etc/nova/migration/rootwrap.conf", """[DEFAULT]
use_syslog=True
syslog_log_facility=syslog
syslog_log_level=ERROR
filters_path=/etc/nova/migration/rootwrap.d
""")
self.file_install('/etc/nova/rootwrap.d/compute.filters',
'/'.join(
(nova_git_dir,
'etc/nova/rootwrap.d/compute.filters')),
mode=0o444)
# nova-net only ??, try to delete
self.file_install('/etc/nova/rootwrap.d/network.filters',
'/'.join(
(nova_git_dir,
'etc/nova/rootwrap.d/network.filters')),
mode=0o444)
def get_web_dir(self):
if self.deploy_source == 'pkg':
return '/usr/share/novnc'
else:
return gitutils.component_git_dir(self)