def compose(self): super(MariaDB, self).compose() h = self.hosts_with_service('mariadb') self.populate_peer(h, ['cluster']) ci = self.get_cluster_info() servers = [] if len(h) > 1: check = ' check inter 3s on-marked-down shutdown-sessions port 9200' else: check = '' for i in ci: servers.append(' '.join((i['hostname'], i['addr'] + ':' + str(i['port']), 'backup' + check))) balancer = self.get_balancer() if balancer: if util.get_distro()['family'] == 'debian': # the galera packages does not have cluster checker # TODO: support mor mysql variants option = ['tcpka'] else: option = ['tcpka', 'httpchk'] balancer.add_listener('mariadb', { 'bind': '*:13306', 'stick': 'on dst', 'stick-table': 'type ip size 1024', 'option': option, 'timeout': {'client': '128m', 'server': '128m'}, 'server': servers}) # clustercheckuser allowed from localhost only util.bless_with_principal(h, [(self.name, 'clustercheckuser')])
def etc_httpd_conf_d_wsgi_placement_conf(self): srv_name = 'httpd' if util.get_distro( )['family'] == 'redhat' else 'apache2' log_dir = '/var/log/' + srv_name return """ <VirtualHost *:8780> WSGIDaemonProcess placement-api processes=5 threads=1 user=placement display-name=%{GROUP} %VIRTUALENV% WSGIProcessGroup placement-api WSGIScriptAlias / {bin_dir}/placement-api WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%M" </IfVersion> ErrorLog /var/log/%APACHE_NAME%/placement-api.log %SSLENGINE% %SSLCERTFILE% %SSLKEYFILE% </VirtualHost> Alias /placement %PUBLICWSGI% <Location /placement> SetHandler wsgi-script Options +ExecCGI WSGIProcessGroup placement-api WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On </Location> """.format(bin_dir='/usr/local/bin', log_dir=log_dir)
def etc_httpd_conf_d_wsgi_keystone_conf(self): srv_name = 'httpd' if util.get_distro( )['family'] == 'redhat' else 'apache2' log_dir = '/var/log/' + srv_name return """Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{{GROUP}} WSGIProcessGroup keystone-public WSGIScriptAlias / {bin_dir}/keystone-wsgi-public WSGIApplicationGroup %{{GLOBAL}} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{{cu}}t %M" </IfVersion> ErrorLog {log_dir}/keystone-error.log CustomLog {log_dir}/keystone-access.log combined <Directory {bin_dir}> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{{GROUP}} WSGIProcessGroup keystone-admin WSGIScriptAlias / {bin_dir}/keystone-wsgi-admin WSGIApplicationGroup %{{GLOBAL}} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{{cu}}t %M" </IfVersion> ErrorLog {log_dir}/keystone-error.log CustomLog {log_dir}/keystone-access.log combined <Directory {bin_dir}> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> </VirtualHost> """.format(bin_dir='/usr/local/bin', log_dir=log_dir)
def etccfg_content(self): super(MariaDB, self).etccfg_content() self.file_path('/etc/systemd/system/mariadb.service.d') self.file_ini('/etc/systemd/system/mariadb.service.d/limits.conf', self.etc_systemd_system_mariadb_service_d_limits_conf()) if util.get_distro()['family'] != 'debian': self.file_ini('/etc/systemd/system/[email protected]', self.etc_systemd_system_mysqlchk_service()) self.file_ini('/etc/systemd/system/mysqlchk.socket', self.etc_systemd_system_mysqlchk_socket()) self.file_plain('/etc/sysconfig/clustercheck', self.etc_sysconfig_clustercheck(), mode=0o640)
def etccfg_content(self): super(RabbitMQ, self).etccfg_content() # TODO raise the connection backlog, minority stalls .. # self.file_plain('', # rabbit_conf, mode=0o644) self.file_path('/etc/systemd/system/rabbitmq-server.service.d') self.file_ini( '/etc/systemd/system/rabbitmq-server.service.d/limits.conf', self.etc_systemd_system_rabbitmq_server_service_d_limits_conf()) self.file_rabbit('/etc/rabbitmq/rabbitmq.config', self.etc_rabbitmq_rabbitmq_config(), owner='rabbitmq', group='rabbitmq', mode=0o644) if util.get_distro()['family'] == 'suse': self.file_path('/etc/systemd/system/epmd.socket.d/ports.conf') self.file_ini( '/etc/systemd/system/epmd.socket.d/ports.conf', self.etc_systemd_system_rabbitmq_server_service_d_limits_conf)
def do_dummy_netconfig(cname): if util.get_distro()['family'] != 'debian': osrv = 'openvswitch.service' else: osrv = 'openvswitch-switch.service' localsh.run('systemctl start ' + osrv) # TODO switch to os-net-config # wait (no --no-wait) localsh.run('ovs-vsctl --may-exist add-br br-ex') # add ip to external bridge instead of adding a phyisical if localsh.run(""" ifconfig br-ex 192.0.2.1 ip link set br-ex up ROUTE_TO_INTERNET=$(ip route get 8.8.8.8) OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}') iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE tee /proc/sys/net/ipv4/ip_forward <<<1 >/dev/null """)
def etccfg_content(self): super(Keystone, self).etccfg_content() keystone_git_dir = gitutils.component_git_dir(self) usrgrp.group('keystone', 163) usrgrp.user('keystone', 'keystone', home=keystone_git_dir) self.file_path('/etc/keystone', owner='keystone', group='keystone') self.file_ini('/etc/keystone/keystone.conf', self.etc_keystone_keystone_conf(), owner='keystone', group='keystone') distro = util.get_distro()['family'] if distro == 'debian': # switch to simlink cfg_dir = '/etc/apache2/sites-enabled' elif distro == 'suse': cfg_dir = '/etc/apache2/conf.d' else: # redhat familiy and this is expected in more distros cfg_dir = '/etc/httpd/conf.d' self.file_plain(cfg_dir + '/wsgi-keystone.conf', self.etc_httpd_conf_d_wsgi_keystone_conf(), mode=0o644)
def etccfg_content(self): super(Neutron, self).etccfg_content() gconf = conf.get_global_config() global_service_union = gconf['global_service_flags'] usrgrp.group('neutron', 996) usrgrp.user('neutron', 'neutron') util.base_service_dirs('neutron') self.file_path('/etc/neutron/conf.d', owner='neutron', group='neutron') self.file_path('/etc/neutron/conf.d/common', owner='neutron', group='neutron') self.file_ini('/etc/neutron/conf.d/common/agent.conf', self.etc_neutron_conf_d_common_agent_conf(), owner='neutron', group='neutron') neutron_git_dir = gitutils.component_git_dir(self) # consider alternate data paths # var/lib/neutron/dhcp needs to be reachable by the dnsmasq user self.file_path('/var/lib/neutron', owner='neutron', group='neutron', mode=0o755) self.file_path('/var/lib/neutron/lock', owner='neutron', group='neutron') self.file_path('/etc/neutron/plugins', owner='neutron', group='neutron') self.file_path('/etc/neutron/plugins/ml2', owner='neutron', group='neutron') self.file_ini('/etc/neutron/neutron.conf', self.etc_neutron_neutron_conf(), owner='neutron', group='neutron') self.file_sym_link('/etc/neutron/plugin.ini', '/etc/neutron/plugins/ml2/ml2_conf.ini') # move to common ? self.file_ini('/etc/neutron/plugins/ml2/ml2_conf.ini', self.etc_neutron_plugins_ml2_ml2_conf_ini(), owner='neutron', group='neutron') services = self.filter_node_enabled_services(self.services.keys()) if self.deploy_source == 'src': if services.intersection(q_srv - {'neutron-server'}): self.file_plain( '/etc/sudoers.d/neutron', """Defaults:neutron !requiretty neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf neutron ALL = (root) NOPASSWD: /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * neutron ALL = (root) NOPASSWD: /usr/local/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf """) self.file_path('/etc/neutron/rootwrap.d', owner='root') # TODO: exclude stuff based on config for filter_file in [ 'debug.filters', 'dibbler.filters', 'ipset-firewall.filters', 'l3.filters', 'netns-cleanup.filters', 'privsep.filters', 'dhcp.filters', 'ebtables.filters', 'iptables-firewall.filters', 'linuxbridge-plugin.filters', 'openvswitch-plugin.filters' ]: self.file_install('/etc/neutron/rootwrap.d/' + filter_file, '/'.join((neutron_git_dir, 'etc/neutron/rootwrap.d', filter_file)), mode=0o444) self.file_install('/etc/neutron/rootwrap.conf', '/'.join((neutron_git_dir, 'etc/rootwrap.conf')), mode=0o444) self.file_install('/etc/neutron/api-paste.ini', '/'.join((neutron_git_dir, 'etc/api-paste.ini')), mode=0o644, owner='neutron', group='neutron') c_srv = self.services util.unit_file( c_srv['neutron-server']['unit_name']['src'], '/usr/local/bin/neutron-server --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/plugin.ini', 'neutron') util.unit_file( c_srv['neutron-metadata-agent']['unit_name']['src'], '/usr/local/bin/neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/metadata_agent.ini', 'neutron') util.unit_file( c_srv['neutron-l3-agent']['unit_name']['src'], '/usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/l3_agent.ini', 'neutron') util.unit_file( c_srv['neutron-metering-agent']['unit_name']['src'], '/usr/local/bin/neutron-metering-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/metering_agent.ini', 'neutron') util.unit_file( c_srv['neutron-vpn-agent']['unit_name']['src'], '/usr/local/bin/neutron-vpn-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/vpn_agent.ini', 'neutron') util.unit_file( c_srv['neutron-dhcp-agent']['unit_name']['src'], '/usr/local/bin/neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/dhcp_agent.ini', 'neutron') util.unit_file( c_srv['neutron-lbaasv2-agent']['unit_name']['src'], '/usr/local/bin/neutron-lbaasv2-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/lbaas_agent.ini', 'neutron') if util.get_distro()['family'] != 'debian': osrv = 'openvswitch.service' else: osrv = 'openvswitch-switch.service' util.unit_file( c_srv['neutron-openvswitch-agent']['unit_name']['src'], '/usr/local/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini', 'neutron', requires=osrv, restart='on-failure') if 'neutron-metadata-agent' in services: self.file_ini('/etc/neutron/metadata_agent.ini', self.etc_neutron_metadata_agent_ini(), owner='neutron', group='neutron') if 'neutron-vpn-agent' in services or 'neutron-l3-agent' in services: self.file_ini('/etc/neutron/l3_agent.ini', { 'DEFAULT': { 'interface_driver': 'openvswitch', 'debug': True } }, owner='neutron', group='neutron') if 'neutron-metering-agent' in services: self.file_ini('/etc/neutron/metering_agent.ini', { 'DEFAULT': { 'interface_driver': 'openvswitch', 'debug': True } }, owner='neutron', group='neutron') if 'neutron-vpn-agent' in services: self.file_ini('/etc/neutron/vpn_agent.ini', self.etc_neutron_vpn_agent_ini(), owner='neutron', group='neutron') if 'neutron-dhcp-agent' in services: self.file_ini('/etc/neutron/dhcp_agent.ini', { 'DEFAULT': { 'interface_driver': 'openvswitch', 'dnsmasq_local_resolv': True, 'debug': True } }, owner='neutron', group='neutron') if 'neutron-lbaasv2-agent' in services: self.file_ini('/etc/neutron/lbaas_agent.ini', { 'DEFAULT': { 'interface_driver': 'openvswitch', 'debug': True } }, owner='neutron', group='neutron') if 'neutron-openvswitch-agent' in services: tunnel_ip = self.get_addr_for( self.get_this_inv(), 'tunneling', service=self.services['neutron-openvswitch-agent'], net_attr='tunneling_network') ovs = {'local_ip': tunnel_ip} if 'neutron-l3-agent' in services: ovs['bridge_mappings'] = 'extnet:br-ex' self.file_ini('/etc/neutron/plugins/ml2/openvswitch_agent.ini', { 'securitygroup': { 'firewall_driver': 'iptables_hybrid' }, 'ovs': ovs, 'agent': { 'tunnel_types': 'vxlan' } }, owner='neutron', group='neutron') # the inv version is not transfered, let it be part of the global config # global_service_union = self.get_enabled_services() # NOTE: check these fwass,lbaas, vpaans conditions, # we might want to update them even if they not present if ('neutron-lbaasv2-agent' in services or ('neutron-lbaasv2-agent' in global_service_union and 'neutron-server' in services)): self.file_ini('/etc/neutron/neutron_lbaas.conf', { 'service_providers': { 'service_provider': 'LOADBALANCERV2:Haproxy:' + 'neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver' + ':default' } }, owner='neutron', group='neutron') if ('neutron-vpn-agent' in services or ('neutron-vpn-agent' in global_service_union and 'neutron-server' in services)): self.file_ini('/etc/neutron/neutron_vpnaas.conf', self.etc_neutron_neutron_vpnaas_conf(), owner='neutron', group='neutron') if 'neutron-fwaas' in global_service_union: self.file_ini('/etc/neutron/fwaas_driver.ini', self.etc_neutron_fwaas_driver_ini(), owner='neutron', group='neutron')
def do_httpd_restart(cname): self = facility.get_component(cname) self.have_content() srv_name = 'httpd' if util.get_distro( )['family'] == 'redhat' else 'apache2' localsh.run("systemctl reload-or-restart " + srv_name)
def pkg_mapping(cls, pkgs, distro=None): if distro is None: distro = util.get_distro() return pkg_mapping(pkgs, distro)
def do_mariadb(cname): if util.get_distro()['family'] != 'debian': localsh.run("systemctl enable mysqlchk.socket && systemctl start mysqlchk.socket") localsh.run("systemctl start mariadb") localsh.run("mysql <<<\"SHOW GLOBAL STATUS LIKE 'wsrep_%';\" >/tmp/wsrep_init_state" + cname)
def get_etcconf_d(self): if util.get_distro()['family'] != 'debian': return '/etc/my.cnf.d' else: return '/etc/mysql/mariadb.conf.d'