def compose(self):
super(MariaDB, self).compose()
h = self.hosts_with_service('mariadb')
self.populate_peer(h, ['cluster'])
ci = self.get_cluster_info()
servers = []
if len(h) > 1:
check = ' check inter 3s on-marked-down shutdown-sessions port 9200'
else:
check = ''
for i in ci:
servers.append(' '.join((i['hostname'], i['addr'] + ':' + str(i['port']),
'backup' + check)))
balancer = self.get_balancer()
if balancer:
if util.get_distro()['family'] == 'debian':
# the galera packages does not have cluster checker
# TODO: support mor mysql variants
option = ['tcpka']
else:
option = ['tcpka', 'httpchk']
balancer.add_listener('mariadb', {
'bind': '*:13306',
'stick': 'on dst',
'stick-table': 'type ip size 1024',
'option': option,
'timeout': {'client': '128m',
'server': '128m'},
'server': servers})
# clustercheckuser allowed from localhost only
util.bless_with_principal(h, [(self.name, 'clustercheckuser')])
def etc_httpd_conf_d_wsgi_placement_conf(self):
srv_name = 'httpd' if util.get_distro(
)['family'] == 'redhat' else 'apache2'
log_dir = '/var/log/' + srv_name
return """
<VirtualHost *:8780>
WSGIDaemonProcess placement-api processes=5 threads=1 user=placement display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup placement-api
WSGIScriptAlias / {bin_dir}/placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%M"
</IfVersion>
ErrorLog /var/log/%APACHE_NAME%/placement-api.log
%SSLENGINE%
%SSLCERTFILE%
%SSLKEYFILE%
</VirtualHost>
Alias /placement %PUBLICWSGI%
<Location /placement>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
""".format(bin_dir='/usr/local/bin', log_dir=log_dir)
def etc_httpd_conf_d_wsgi_keystone_conf(self):
srv_name = 'httpd' if util.get_distro(
)['family'] == 'redhat' else 'apache2'
log_dir = '/var/log/' + srv_name
return """Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{{GROUP}}
WSGIProcessGroup keystone-public
WSGIScriptAlias / {bin_dir}/keystone-wsgi-public
WSGIApplicationGroup %{{GLOBAL}}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{{cu}}t %M"
</IfVersion>
ErrorLog {log_dir}/keystone-error.log
CustomLog {log_dir}/keystone-access.log combined
<Directory {bin_dir}>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{{GROUP}}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / {bin_dir}/keystone-wsgi-admin
WSGIApplicationGroup %{{GLOBAL}}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{{cu}}t %M"
</IfVersion>
ErrorLog {log_dir}/keystone-error.log
CustomLog {log_dir}/keystone-access.log combined
<Directory {bin_dir}>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
""".format(bin_dir='/usr/local/bin', log_dir=log_dir)
def etccfg_content(self):
super(MariaDB, self).etccfg_content()
self.file_path('/etc/systemd/system/mariadb.service.d')
self.file_ini('/etc/systemd/system/mariadb.service.d/limits.conf',
self.etc_systemd_system_mariadb_service_d_limits_conf())
if util.get_distro()['family'] != 'debian':
self.file_ini('/etc/systemd/system/[email protected]',
self.etc_systemd_system_mysqlchk_service())
self.file_ini('/etc/systemd/system/mysqlchk.socket',
self.etc_systemd_system_mysqlchk_socket())
self.file_plain('/etc/sysconfig/clustercheck',
self.etc_sysconfig_clustercheck(),
mode=0o640)
def etccfg_content(self):
super(RabbitMQ, self).etccfg_content()
# TODO raise the connection backlog, minority stalls ..
# self.file_plain('',
# rabbit_conf, mode=0o644)
self.file_path('/etc/systemd/system/rabbitmq-server.service.d')
self.file_ini(
'/etc/systemd/system/rabbitmq-server.service.d/limits.conf',
self.etc_systemd_system_rabbitmq_server_service_d_limits_conf())
self.file_rabbit('/etc/rabbitmq/rabbitmq.config',
self.etc_rabbitmq_rabbitmq_config(),
owner='rabbitmq',
group='rabbitmq',
mode=0o644)
if util.get_distro()['family'] == 'suse':
self.file_path('/etc/systemd/system/epmd.socket.d/ports.conf')
self.file_ini(
'/etc/systemd/system/epmd.socket.d/ports.conf',
self.etc_systemd_system_rabbitmq_server_service_d_limits_conf)
def do_dummy_netconfig(cname):
if util.get_distro()['family'] != 'debian':
osrv = 'openvswitch.service'
else:
osrv = 'openvswitch-switch.service'
localsh.run('systemctl start ' + osrv)
# TODO switch to os-net-config
# wait (no --no-wait)
localsh.run('ovs-vsctl --may-exist add-br br-ex')
# add ip to external bridge instead of adding a phyisical if
localsh.run("""
ifconfig br-ex 192.0.2.1
ip link set br-ex up
ROUTE_TO_INTERNET=$(ip route get 8.8.8.8)
OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}')
iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
tee /proc/sys/net/ipv4/ip_forward <<<1 >/dev/null
""")
def etccfg_content(self):
super(Keystone, self).etccfg_content()
keystone_git_dir = gitutils.component_git_dir(self)
usrgrp.group('keystone', 163)
usrgrp.user('keystone', 'keystone', home=keystone_git_dir)
self.file_path('/etc/keystone', owner='keystone', group='keystone')
self.file_ini('/etc/keystone/keystone.conf',
self.etc_keystone_keystone_conf(),
owner='keystone',
group='keystone')
distro = util.get_distro()['family']
if distro == 'debian':
# switch to simlink
cfg_dir = '/etc/apache2/sites-enabled'
elif distro == 'suse':
cfg_dir = '/etc/apache2/conf.d'
else: # redhat familiy and this is expected in more distros
cfg_dir = '/etc/httpd/conf.d'
self.file_plain(cfg_dir + '/wsgi-keystone.conf',
self.etc_httpd_conf_d_wsgi_keystone_conf(),
mode=0o644)
def etccfg_content(self):
super(Neutron, self).etccfg_content()
gconf = conf.get_global_config()
global_service_union = gconf['global_service_flags']
usrgrp.group('neutron', 996)
usrgrp.user('neutron', 'neutron')
util.base_service_dirs('neutron')
self.file_path('/etc/neutron/conf.d', owner='neutron', group='neutron')
self.file_path('/etc/neutron/conf.d/common',
owner='neutron',
group='neutron')
self.file_ini('/etc/neutron/conf.d/common/agent.conf',
self.etc_neutron_conf_d_common_agent_conf(),
owner='neutron',
group='neutron')
neutron_git_dir = gitutils.component_git_dir(self)
# consider alternate data paths
# var/lib/neutron/dhcp needs to be reachable by the dnsmasq user
self.file_path('/var/lib/neutron',
owner='neutron',
group='neutron',
mode=0o755)
self.file_path('/var/lib/neutron/lock',
owner='neutron',
group='neutron')
self.file_path('/etc/neutron/plugins',
owner='neutron',
group='neutron')
self.file_path('/etc/neutron/plugins/ml2',
owner='neutron',
group='neutron')
self.file_ini('/etc/neutron/neutron.conf',
self.etc_neutron_neutron_conf(),
owner='neutron',
group='neutron')
self.file_sym_link('/etc/neutron/plugin.ini',
'/etc/neutron/plugins/ml2/ml2_conf.ini')
# move to common ?
self.file_ini('/etc/neutron/plugins/ml2/ml2_conf.ini',
self.etc_neutron_plugins_ml2_ml2_conf_ini(),
owner='neutron',
group='neutron')
services = self.filter_node_enabled_services(self.services.keys())
if self.deploy_source == 'src':
if services.intersection(q_srv - {'neutron-server'}):
self.file_plain(
'/etc/sudoers.d/neutron', """Defaults:neutron !requiretty
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
neutron ALL = (root) NOPASSWD: /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
neutron ALL = (root) NOPASSWD: /usr/local/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
""")
self.file_path('/etc/neutron/rootwrap.d', owner='root')
# TODO: exclude stuff based on config
for filter_file in [
'debug.filters', 'dibbler.filters',
'ipset-firewall.filters', 'l3.filters',
'netns-cleanup.filters', 'privsep.filters',
'dhcp.filters', 'ebtables.filters',
'iptables-firewall.filters',
'linuxbridge-plugin.filters',
'openvswitch-plugin.filters'
]:
self.file_install('/etc/neutron/rootwrap.d/' + filter_file,
'/'.join((neutron_git_dir,
'etc/neutron/rootwrap.d',
filter_file)),
mode=0o444)
self.file_install('/etc/neutron/rootwrap.conf',
'/'.join((neutron_git_dir, 'etc/rootwrap.conf')),
mode=0o444)
self.file_install('/etc/neutron/api-paste.ini',
'/'.join((neutron_git_dir, 'etc/api-paste.ini')),
mode=0o644,
owner='neutron',
group='neutron')
c_srv = self.services
util.unit_file(
c_srv['neutron-server']['unit_name']['src'],
'/usr/local/bin/neutron-server --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/plugin.ini',
'neutron')
util.unit_file(
c_srv['neutron-metadata-agent']['unit_name']['src'],
'/usr/local/bin/neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/metadata_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-l3-agent']['unit_name']['src'],
'/usr/local/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/l3_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-metering-agent']['unit_name']['src'],
'/usr/local/bin/neutron-metering-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/metering_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-vpn-agent']['unit_name']['src'],
'/usr/local/bin/neutron-vpn-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/vpn_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-dhcp-agent']['unit_name']['src'],
'/usr/local/bin/neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/dhcp_agent.ini',
'neutron')
util.unit_file(
c_srv['neutron-lbaasv2-agent']['unit_name']['src'],
'/usr/local/bin/neutron-lbaasv2-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/lbaas_agent.ini',
'neutron')
if util.get_distro()['family'] != 'debian':
osrv = 'openvswitch.service'
else:
osrv = 'openvswitch-switch.service'
util.unit_file(
c_srv['neutron-openvswitch-agent']['unit_name']['src'],
'/usr/local/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini',
'neutron',
requires=osrv,
restart='on-failure')
if 'neutron-metadata-agent' in services:
self.file_ini('/etc/neutron/metadata_agent.ini',
self.etc_neutron_metadata_agent_ini(),
owner='neutron',
group='neutron')
if 'neutron-vpn-agent' in services or 'neutron-l3-agent' in services:
self.file_ini('/etc/neutron/l3_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-metering-agent' in services:
self.file_ini('/etc/neutron/metering_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-vpn-agent' in services:
self.file_ini('/etc/neutron/vpn_agent.ini',
self.etc_neutron_vpn_agent_ini(),
owner='neutron',
group='neutron')
if 'neutron-dhcp-agent' in services:
self.file_ini('/etc/neutron/dhcp_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'dnsmasq_local_resolv': True,
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-lbaasv2-agent' in services:
self.file_ini('/etc/neutron/lbaas_agent.ini', {
'DEFAULT': {
'interface_driver': 'openvswitch',
'debug': True
}
},
owner='neutron',
group='neutron')
if 'neutron-openvswitch-agent' in services:
tunnel_ip = self.get_addr_for(
self.get_this_inv(),
'tunneling',
service=self.services['neutron-openvswitch-agent'],
net_attr='tunneling_network')
ovs = {'local_ip': tunnel_ip}
if 'neutron-l3-agent' in services:
ovs['bridge_mappings'] = 'extnet:br-ex'
self.file_ini('/etc/neutron/plugins/ml2/openvswitch_agent.ini', {
'securitygroup': {
'firewall_driver': 'iptables_hybrid'
},
'ovs': ovs,
'agent': {
'tunnel_types': 'vxlan'
}
},
owner='neutron',
group='neutron')
# the inv version is not transfered, let it be part of the global config
# global_service_union = self.get_enabled_services()
# NOTE: check these fwass,lbaas, vpaans conditions,
# we might want to update them even if they not present
if ('neutron-lbaasv2-agent' in services
or ('neutron-lbaasv2-agent' in global_service_union
and 'neutron-server' in services)):
self.file_ini('/etc/neutron/neutron_lbaas.conf', {
'service_providers': {
'service_provider':
'LOADBALANCERV2:Haproxy:' +
'neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver'
+ ':default'
}
},
owner='neutron',
group='neutron')
if ('neutron-vpn-agent' in services
or ('neutron-vpn-agent' in global_service_union
and 'neutron-server' in services)):
self.file_ini('/etc/neutron/neutron_vpnaas.conf',
self.etc_neutron_neutron_vpnaas_conf(),
owner='neutron',
group='neutron')
if 'neutron-fwaas' in global_service_union:
self.file_ini('/etc/neutron/fwaas_driver.ini',
self.etc_neutron_fwaas_driver_ini(),
owner='neutron',
group='neutron')
def do_httpd_restart(cname):
self = facility.get_component(cname)
self.have_content()
srv_name = 'httpd' if util.get_distro(
)['family'] == 'redhat' else 'apache2'
localsh.run("systemctl reload-or-restart " + srv_name)
def pkg_mapping(cls, pkgs, distro=None):
if distro is None:
distro = util.get_distro()
return pkg_mapping(pkgs, distro)
def do_mariadb(cname):
if util.get_distro()['family'] != 'debian':
localsh.run("systemctl enable mysqlchk.socket && systemctl start mysqlchk.socket")
localsh.run("systemctl start mariadb")
localsh.run("mysql <<<\"SHOW GLOBAL STATUS LIKE 'wsrep_%';\" >/tmp/wsrep_init_state" + cname)
def get_etcconf_d(self):
if util.get_distro()['family'] != 'debian':
return '/etc/my.cnf.d'
else:
return '/etc/mysql/mariadb.conf.d'
