def glusterswiftSetup():
"""
Configures gluster-swift
Based on the gluster-swift quick start guide:
https://github.com/gluster/gluster-swift/blob/master/doc/markdown/quick_start_guide.md
Assumes GlusterFS packages are installed
"""
msg = 'Install gluster-swift'
runCheck(
msg,
'yum install -y http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/gluster-swift-1.4.8-4.el6.src.rpm'
)
#'yum install -y https://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/openstack-swift-2.2.0-1.el7.centos.noarch.rpm')
#'yum install -y https://launchpad.net/swift/juno/2.2.0/+download/swift-2.2.0.tar.gz')
#'yum install -y https://launchpad.net/swiftonfile/havana/1.10.0-2/+download/glusterfs-openstack-swift-1.10.0-2.5.el6.noarch.rpm')
msg = 'Make sure that gluster-swift is enabled at system startup'
runCheck(
msg, "chkconfig openstack-swift-proxy on\n"
"chkconfig openstack-swift-account on\n"
"chkconfig openstack-swift-container on\n"
"chkconfig openstack-swift-object on")
# Fedora 19 Adjustment - might or might not be necessary for CentOS 7
# Currently gluster-swift requires its processes to be run as root.
# We need to edit the openstack-swift-*.service files in
# /etc/systemd/system/multi-user.target.wants and change the User entry value to root.
services = ['proxy', 'account', 'container', 'object']
for service in services:
confFile = '/etc/systemd/system/multi-user.target.wants/openstack-swift-%s.service' % (
service)
set_parameter(confFile, '', 'User', 'root')
msg = 'Restart services'
runCheck(msg, 'systemctl --system daemon-reload')
# copy the *.conf-gluster files to *.conf files
with cd('/etc/swift/'):
msg = 'copy the *.conf-gluster files to *.conf files'
runCheck(
msg,
'for tmpl in *.conf-gluster ; do cp ${tmpl} ${tmpl%.*}.conf; done')
msg = 'Generate the ring files'
runCheck(msg, 'gluster-swift-gen-builders ' + env_config.swiftVolume)
msg = 'Expose the gluster volume'
runCheck(msg,
'cd /etc/swift; /usr/bin/gluster-swift-gen-builders myvolume')
for service in services:
msg = 'Start service ' + service
runCheck(msg, 'service %s start' % service)
def compute_deploy():
# edit sysctl.conf
# make a backup
backupConfFile(sysctl_conf, backupSuffix)
set_parameter(sysctl_conf, "''", 'net.ipv4.conf.all.rp_filter', '0')
set_parameter(sysctl_conf, "''", 'net.ipv4.conf.default.rp_filter', '0')
msg = "Implement changes on sysctl on compute node " + env.host
runCheck(msg, "sysctl -p")
installPackagesCompute()
# configuration
configure_the_Networking_common_components() # same as networking
configure_ML2_plug_in_compute()
configure_nova_to_use_neutron()
msg = 'Enable Open vSwitch'
runCheck(msg, 'systemctl enable openvswitch.service')
msg = 'Start Open vSwitch'
runCheck(msg, 'systemctl start openvswitch.service')
# finalize installation
# The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini
# pointing to the ML2 plug-in configuration file, /etc/neutron/plugins/ml2/ml2_conf.ini.
# If this symbolic link does not exist, create it
if 'plugin.ini' not in run('ls /etc/neutron'):
msg = 'Create a symbolic link to Open vSwitch\'s conf file'
runCheck(
msg,
'ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini'
)
# Due to a packaging bug, the Open vSwitch agent initialization script explicitly looks for
# the Open vSwitch plug-in configuration file rather than a symbolic link /etc/neutron/plugin.ini pointing to the ML2
# plug-in configuration file. Run the following commands to resolve this issue:
msg = 'Chenge Open vSwitch to look for a symbolic link to to the ML2 conf file'
run("cp /usr/lib/systemd/system/neutron-openvswitch-agent.service " + \
"/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig")
run("sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' " + \
"/usr/lib/systemd/system/neutron-openvswitch-agent.service")
msg = 'Restart Nova service'
runCheck(msg, "systemctl restart openstack-nova-compute.service")
msg = 'Enable Open vSwitch'
runCheck(msg, 'systemctl enable neutron-openvswitch-agent.service')
msg = 'Start Open vSwitch'
runCheck(msg, 'systemctl start neutron-openvswitch-agent.service')
msg = 'Restart Open vSwitch'
runCheck(msg, 'systemctl restart neutron-openvswitch-agent.service')
def configure_block_storage():
block_config_file = '/etc/cinder/cinder.conf'
set_parameter(block_config_file, 'DEFAULT', 'control_exchange', 'cinder')
set_parameter(block_config_file, 'DEFAULT', 'notification_driver',
'messagingv2')
run("systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service"
)
run("systemctl restart openstack-cinder-volume.service")
def glusterswiftSetup():
"""
Configures gluster-swift
Based on the gluster-swift quick start guide:
https://github.com/gluster/gluster-swift/blob/master/doc/markdown/quick_start_guide.md
Assumes GlusterFS packages are installed
"""
msg = 'Install gluster-swift'
runCheck(msg,
'yum install -y http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHS/SRPMS/gluster-swift-1.4.8-4.el6.src.rpm')
#'yum install -y https://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/openstack-swift-2.2.0-1.el7.centos.noarch.rpm')
#'yum install -y https://launchpad.net/swift/juno/2.2.0/+download/swift-2.2.0.tar.gz')
#'yum install -y https://launchpad.net/swiftonfile/havana/1.10.0-2/+download/glusterfs-openstack-swift-1.10.0-2.5.el6.noarch.rpm')
msg = 'Make sure that gluster-swift is enabled at system startup'
runCheck(msg,
"chkconfig openstack-swift-proxy on\n"
"chkconfig openstack-swift-account on\n"
"chkconfig openstack-swift-container on\n"
"chkconfig openstack-swift-object on")
# Fedora 19 Adjustment - might or might not be necessary for CentOS 7
# Currently gluster-swift requires its processes to be run as root.
# We need to edit the openstack-swift-*.service files in
# /etc/systemd/system/multi-user.target.wants and change the User entry value to root.
services = ['proxy','account','container','object']
for service in services:
confFile = '/etc/systemd/system/multi-user.target.wants/openstack-swift-%s.service' % (service)
set_parameter(confFile, '', 'User', 'root')
msg = 'Restart services'
runCheck(msg, 'systemctl --system daemon-reload')
# copy the *.conf-gluster files to *.conf files
with cd('/etc/swift/'):
msg = 'copy the *.conf-gluster files to *.conf files'
runCheck(msg,
'for tmpl in *.conf-gluster ; do cp ${tmpl} ${tmpl%.*}.conf; done')
msg = 'Generate the ring files'
runCheck(msg,
'gluster-swift-gen-builders '+env_config.swiftVolume)
msg = 'Expose the gluster volume'
runCheck(msg,
'cd /etc/swift; /usr/bin/gluster-swift-gen-builders myvolume')
for service in services:
msg = 'Start service ' + service
runCheck(msg, 'service %s start' % service)
def compute_deploy():
# edit sysctl.conf
# make a backup
backupConfFile(sysctl_conf, backupSuffix)
set_parameter(sysctl_conf,"''",'net.ipv4.conf.all.rp_filter','0')
set_parameter(sysctl_conf,"''",'net.ipv4.conf.default.rp_filter','0')
msg = "Implement changes on sysctl on compute node " + env.host
runCheck(msg, "sysctl -p")
installPackagesCompute()
# configuration
configure_the_Networking_common_components() # same as networking
configure_ML2_plug_in_compute()
configure_nova_to_use_neutron()
msg = 'Enable Open vSwitch'
runCheck(msg, 'systemctl enable openvswitch.service')
msg = 'Start Open vSwitch'
runCheck(msg, 'systemctl start openvswitch.service')
# finalize installation
# The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini
# pointing to the ML2 plug-in configuration file, /etc/neutron/plugins/ml2/ml2_conf.ini.
# If this symbolic link does not exist, create it
if 'plugin.ini' not in run('ls /etc/neutron'):
msg = 'Create a symbolic link to Open vSwitch\'s conf file'
runCheck(msg, 'ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini')
# Due to a packaging bug, the Open vSwitch agent initialization script explicitly looks for
# the Open vSwitch plug-in configuration file rather than a symbolic link /etc/neutron/plugin.ini pointing to the ML2
# plug-in configuration file. Run the following commands to resolve this issue:
msg = 'Chenge Open vSwitch to look for a symbolic link to to the ML2 conf file'
run("cp /usr/lib/systemd/system/neutron-openvswitch-agent.service " + \
"/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig")
run("sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' " + \
"/usr/lib/systemd/system/neutron-openvswitch-agent.service")
msg = 'Restart Nova service'
runCheck(msg, "systemctl restart openstack-nova-compute.service")
msg = 'Enable Open vSwitch'
runCheck(msg, 'systemctl enable neutron-openvswitch-agent.service')
msg = 'Start Open vSwitch'
runCheck(msg, 'systemctl start neutron-openvswitch-agent.service')
msg = 'Restart Open vSwitch'
runCheck(msg, 'systemctl restart neutron-openvswitch-agent.service')
def setOVSConf():
confFile = configs['ovs']
backupConfFile(confFile, backupSuffix)
# set bridge mappings
mappings = 'external:br-ex,' + ','.join(
['physnet%d:%s' % (tag, bridge[tag]) for tag in vlans])
set_parameter(confFile, 'ovs', 'bridge_mappings', mappings)
physnets = ','.join(['physnet' + str(tag) for tag in vlans])
set_parameter(confFile, 'ovs', 'network_vlan_ranges', physnets)
def setOVSConf():
confFile = configs['ovs']
backupConfFile(confFile, backupSuffix)
# set bridge mappings
mappings = 'external:br-ex,' + ','.join(
['physnet%d:%s' % (tag, bridge[tag]) for tag in vlans])
set_parameter(confFile, 'ovs', 'bridge_mappings', mappings)
physnets = ','.join(['physnet' + str(tag) for tag in vlans])
set_parameter(confFile, 'ovs', 'network_vlan_ranges', physnets)
def hardware_accel_check():
"""
Determine whether compute node supports hardware acceleration for VMs
"""
with settings(warn_only=True):
output = run("egrep -c '(vmx|svm)' /proc/cpuinfo")
if int(output) < 1:
print blue("Compute node does not support Hardware acceleration for virtual machines")
print blue("Configure libvirt to use QEMU instead of KVM")
set_parameter(etc_nova_config_file, 'libvirt', 'virt_type', 'qemu')
def setL3Conf():
confFile = configs['l3']
backupConfFile(confFile, backupSuffix)
# When external_network_bridge is set, each L3 agent can be associated
# with no more than one external network. This value should be set to the UUID
# of that external network. To allow L3 agent support multiple external
# networks, both the external_network_bridge and gateway_external_network_id
# must be left empty.
set_parameter(confFile, 'DEFAULT', 'external_network_bridge', "''")
set_parameter(confFile, 'DEFAULT', 'gateway_external_network_id', "''")
def setL3Conf():
confFile = configs['l3']
backupConfFile(confFile, backupSuffix)
# When external_network_bridge is set, each L3 agent can be associated
# with no more than one external network. This value should be set to the UUID
# of that external network. To allow L3 agent support multiple external
# networks, both the external_network_bridge and gateway_external_network_id
# must be left empty.
set_parameter(confFile, 'DEFAULT', 'external_network_bridge', "''")
set_parameter(confFile, 'DEFAULT', 'gateway_external_network_id', "''")
def hardware_accel_check():
"""
Determine whether compute node supports hardware acceleration for VMs
"""
with settings(warn_only=True):
output = run("egrep -c '(vmx|svm)' /proc/cpuinfo")
if int(output) < 1:
print blue(
"Compute node does not support Hardware acceleration for virtual machines"
)
print blue("Configure libvirt to use QEMU instead of KVM")
set_parameter(etc_nova_config_file, 'libvirt', 'virt_type', 'qemu')
def configure_metadata_proxy_on_controller():
# to configure the metadata agent, some changes need to be made
# on the controller node
# make a backup
backupConfFile(nova_conf, backupSuffix)
set_parameter(nova_conf, 'neutron', 'service_metadata_proxy', 'True')
set_parameter(nova_conf, 'neutron', 'metadata_proxy_shared_secret',
passwd['METADATA_SECRET'])
msg = "Restart Nova service"
runCheck(msg, "systemctl restart openstack-nova-api.service")
def configure_metadata_proxy_on_controller():
# to configure the metadata agent, some changes need to be made
# on the controller node
# make a backup
backupConfFile(nova_conf, backupSuffix)
set_parameter(nova_conf,'neutron','service_metadata_proxy','True')
set_parameter(nova_conf,'neutron','metadata_proxy_shared_secret',
passwd['METADATA_SECRET'])
msg = "Restart Nova service"
runCheck(msg, "systemctl restart openstack-nova-api.service")
def createOrganizationalUnitsAndDefineLocation():
set_parameter(confFile, 'ldap', 'user_tree_dn',
'ou=Users,dc=example,dc=org')
set_parameter(confFile, 'ldap', 'user_objectclass', 'inetOrgPerson')
set_parameter(confFile, 'ldap', 'group_tree_dn',
'ou=Groups,dc=example,dc=org')
set_parameter(confFile, 'ldap', 'group_objectclass', 'groupOfNames')
def finalizeInstallation():
"""
Final steps of the installation, such as setting swift.conf and restarting services
"""
confFile = '/etc/swift/swift.conf'
localFile = 'swift.conf'
msg = 'Put base config file on node'
out = put(localFile,confFile)
if out.succeeded:
printMessage('good',msg)
else:
printMessage('oops',msg)
# In the [swift-hash] section, configure the hash path prefix and suffix for your environment
set_parameter(confFile,'swift-hash','swift_hash_path_prefix',env_config.hashPathPrefix)
set_parameter(confFile,'swift-hash','swift_hash_path_suffix',env_config.hashPathSuffix)
# In the [storage-policy:0] section, configure the default storage policy
set_parameter(confFile,'storage-policy:0','name','Policy-0')
set_parameter(confFile,'storage-policy:0','default','yes')
msg = 'Change ownership of the configuration directory to swift'
run("chown -R swift:swift /etc/swift")
execute(startServicesController)
execute(startServicesStorage)
def finalizeInstallation():
"""
Final steps of the installation, such as setting swift.conf and restarting services
"""
confFile = '/etc/swift/swift.conf'
localFile = 'swift.conf'
msg = 'Put base config file on node'
out = put(localFile, confFile)
if out.succeeded:
printMessage('good', msg)
else:
printMessage('oops', msg)
# In the [swift-hash] section, configure the hash path prefix and suffix for your environment
set_parameter(confFile, 'swift-hash', 'swift_hash_path_prefix',
env_config.hashPathPrefix)
set_parameter(confFile, 'swift-hash', 'swift_hash_path_suffix',
env_config.hashPathSuffix)
# In the [storage-policy:0] section, configure the default storage policy
set_parameter(confFile, 'storage-policy:0', 'name', 'Policy-0')
set_parameter(confFile, 'storage-policy:0', 'default', 'yes')
msg = 'Change ownership of the configuration directory to swift'
run("chown -R swift:swift /etc/swift")
execute(startServicesController)
execute(startServicesStorage)
def configure_object_storage():
object_config_file = '/etc/swift/proxy-server.conf'
# get admin credentials to run the CLI commands
credentials = env_config.admin_openrc
with prefix(credentials):
# before each creation, we check a list to avoid duplicates
if 'Reseller' in run("keystone role-list"):
print(blue("ResellerAdmin already set"))
else:
runCheck('', 'keystone role-create --name ResellerAdmin')
runCheck('Create and add ResellerAdmin to ',"keystone user-role-add --tenant service --user ceilometer " + \
"--role $(keystone role-list | awk '/ResellerAdmin/ {print $2}')")
set_parameter(object_config_file, 'filter:keystoneauth', 'operator_roles',
'admin,_member_,ResellerAdmin')
set_parameter(
object_config_file, 'pipeline:main', 'pipeline',
'authtoken cache healthcheck keystoneauth proxy-logging ceilometer proxy-server'
)
set_parameter(object_config_file, 'filter:ceilometer', 'use',
'egg:ceilometer#swift')
set_parameter(object_config_file, 'filter:ceilometer', 'log_level', 'WARN')
runCheck('add swift to allow access to telemetry config files',
"usermod -a -G ceilometer swift")
runCheckm('restart swift',
"systemctl restart openstack-swift-proxy.service")
def configure_notifications_on_compute():
conf_file = "/etc/nova/nova.conf"
set_parameter(conf_file, 'DEFAULT', 'instance_usage_audit', 'True')
set_parameter(conf_file, 'DEFAULT', 'instance_usage_audit_period', 'hour')
set_parameter(conf_file, 'DEFAULT', 'notify_on_state_change',
'vm_and_task_state')
set_parameter(conf_file, 'DEFAULT', 'notification_driver', 'messagingv2')
def configure_ML2_plug_in_network():
# most of the configuration is the same as the controller
configure_ML2_plugin_general()
# configure the external flat provider network
set_parameter(ml2_conf_file, 'ml2_type_flat', 'flat_networks', 'external')
# configure the external flat provider network
set_parameter(ml2_conf_file, 'ovs', 'enable_tunneling', 'True')
set_parameter(ml2_conf_file, 'ovs', 'bridge_mappings', 'external:br-ex')
local_ip = env_config.nicDictionary[env.host]['tnlIPADDR']
set_parameter(ml2_conf_file, 'ovs', 'local_ip', local_ip)
# enable GRE tunnels
set_parameter(ml2_conf_file, 'agent', 'tunnel_types', 'gre')
def configure_ML2_plug_in_network():
# most of the configuration is the same as the controller
configure_ML2_plugin_general()
# configure the external flat provider network
set_parameter(ml2_conf_file,'ml2_type_flat','flat_networks','external')
# configure the external flat provider network
set_parameter(ml2_conf_file,'ovs','enable_tunneling','True')
set_parameter(ml2_conf_file,'ovs','bridge_mappings','external:br-ex')
local_ip = env_config.nicDictionary[env.host]['tnlIPADDR']
set_parameter(ml2_conf_file,'ovs','local_ip',local_ip)
# enable GRE tunnels
set_parameter(ml2_conf_file,'agent','tunnel_types','gre')
def change_cinder_file_for_gluster():
set_parameter(etc_cinder_config_file, 'DEFAULT', 'volume_driver',
'cinder.volume.drivers.glusterfs.GlusterfsDriver')
set_parameter(etc_cinder_config_file, 'DEFAULT', 'glusterfs_shares_config',
'/etc/cinder/shares.conf')
set_parameter(etc_cinder_config_file, 'DEFAULT', 'state_path',
cinderGlusterDir)
set_parameter(etc_cinder_config_file, 'DEFAULT',
'glusterfs_mount_point_base', "'$state_path'")
def setML2Conf():
confFile = configs['ml2']
backupConfFile(confFile, backupSuffix)
set_parameter(confFile, 'ml2', 'type_drivers', 'local,flat,gre,vxlan')
# physnets = ','.join(['physnet%d' % tag for tag in vlans])
# set_parameter(confFile, 'ml2_type_flat', 'flat_networks', 'external,' + physnets)
run("sed -i '/flat_networks = external/d' %s" % confFile)
run("sed -i '/\[ml2_type_flat\]/a flat_networks = *' %s" % confFile)
# set vlan ranges
# network_vlan_ranges will be set to, e.g.,
# physnet208,physnet209,physnet2131:208:2131
# physnets = ','.join(['physnet%d' % tag for tag in vlans])
# set_parameter(confFile, 'ml2_type_vlan', 'network_vlan_ranges',
# '%s:%s:%s' % (physnets, min(vlans), max(vlans)))
# set_parameter(confFile, 'ovs', 'tenant_network_type', 'gre')
# set bridge mappings
mappings = 'external:br-ex,' + ','.join(
['physnet%d:%s' % (tag, bridge[tag]) for tag in vlans])
set_parameter(confFile, 'ovs', 'bridge_mappings', mappings)
physnets = ','.join(['physnet' + str(tag) for tag in vlans])
set_parameter(confFile, 'ovs', 'network_vlan_ranges', physnets)
def network_deploy():
# edit sysctl.conf
# make a backup
backupConfFile(sysctl_conf, backupSuffix)
set_parameter(sysctl_conf, "''", 'net.ipv4.ip_forward', '1')
set_parameter(sysctl_conf, "''", 'net.ipv4.conf.all.rp_filter', '0')
set_parameter(sysctl_conf, "''", 'net.ipv4.conf.default.rp_filter', '0')
msg = "Implement changes on sysctl"
runCheck(
msg, "sysctl --system"
) # for more info visit: http://www.commandlinefu.com/commands/view/11891/reload-all-sysctl-variables-without-reboot
installPackagesNetwork()
# configuration
configure_the_Networking_common_components()
configure_ML2_plug_in_network()
configure_Layer3_agent()
configure_DHCP_agent()
configure_metadata_agent()
configure_Open_vSwitch_service()
# finalize installation
# The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini
# pointing to the ML2 plug-in configuration file, /etc/neutron/plugins/ml2/ml2_conf.ini.
# If this symbolic link does not exist, create it
if 'plugin.ini' not in run('ls /etc/neutron'):
msg = "Create symbolic link to ml2 conf file"
runCheck(
msg,
'ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini'
)
# Due to a packaging bug, the Open vSwitch agent initialization script explicitly looks for
# the Open vSwitch plug-in configuration file rather than a symbolic link /etc/neutron/plugin.ini pointing to the ML2
# plug-in configuration file. Run the following commands to resolve this issue:
run("cp /usr/lib/systemd/system/neutron-openvswitch-agent.service " + \
"/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig")
run("sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' " + \
"/usr/lib/systemd/system/neutron-openvswitch-agent.service")
# initialize services
msg = "Enable neutron services"
run("systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service " + \
"neutron-dhcp-agent.service neutron-metadata-agent.service " + \
"neutron-ovs-cleanup.service")
msg = "Start neutron services"
run("systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service " + \
"neutron-dhcp-agent.service neutron-metadata-agent.service")
def setML2Conf():
confFile = configs['ml2']
backupConfFile(confFile, backupSuffix)
set_parameter(confFile, 'ml2', 'type_drivers', 'local,flat,gre,vxlan')
# physnets = ','.join(['physnet%d' % tag for tag in vlans])
# set_parameter(confFile, 'ml2_type_flat', 'flat_networks', 'external,' + physnets)
run("sed -i '/flat_networks = external/d' %s" % confFile)
run("sed -i '/\[ml2_type_flat\]/a flat_networks = *' %s" % confFile)
# set vlan ranges
# network_vlan_ranges will be set to, e.g.,
# physnet208,physnet209,physnet2131:208:2131
# physnets = ','.join(['physnet%d' % tag for tag in vlans])
# set_parameter(confFile, 'ml2_type_vlan', 'network_vlan_ranges',
# '%s:%s:%s' % (physnets, min(vlans), max(vlans)))
# set_parameter(confFile, 'ovs', 'tenant_network_type', 'gre')
# set bridge mappings
mappings = 'external:br-ex,' + ','.join(
['physnet%d:%s' % (tag, bridge[tag]) for tag in vlans])
set_parameter(confFile, 'ovs', 'bridge_mappings', mappings)
physnets = ','.join(['physnet' + str(tag) for tag in vlans])
set_parameter(confFile, 'ovs', 'network_vlan_ranges', physnets)
def configure_image_service():
RABBIT_PASS = passwd['RABBIT_PASS']
image_config_file_names = [
'/etc/glance/glance-api.conf', '/etc/glance/glance-registry.conf'
]
for image_config_file in image_config_file_names:
set_parameter(image_config_file, 'DEFAULT', 'notification_driver',
'messagingv2')
set_parameter(image_config_file, 'DEFAULT', 'rpc_backend', 'rabbit')
set_parameter(image_config_file, 'DEFAULT', 'rabbit_host',
'controller')
set_parameter(image_config_file, 'DEFAULT', 'rabbit_password',
RABBIT_PASS)
run("systemctl restart openstack-glance-api.service openstack-glance-registry.service"
)
def network_deploy():
# edit sysctl.conf
# make a backup
backupConfFile(sysctl_conf, backupSuffix)
set_parameter(sysctl_conf,"''",'net.ipv4.ip_forward','1')
set_parameter(sysctl_conf,"''",'net.ipv4.conf.all.rp_filter','0')
set_parameter(sysctl_conf,"''",'net.ipv4.conf.default.rp_filter','0')
msg = "Implement changes on sysctl"
runCheck(msg, "sysctl --system") # for more info visit: http://www.commandlinefu.com/commands/view/11891/reload-all-sysctl-variables-without-reboot
installPackagesNetwork()
# configuration
configure_the_Networking_common_components()
configure_ML2_plug_in_network()
configure_Layer3_agent()
configure_DHCP_agent()
configure_metadata_agent()
configure_Open_vSwitch_service()
# finalize installation
# The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini
# pointing to the ML2 plug-in configuration file, /etc/neutron/plugins/ml2/ml2_conf.ini.
# If this symbolic link does not exist, create it
if 'plugin.ini' not in run('ls /etc/neutron'):
msg = "Create symbolic link to ml2 conf file"
runCheck(msg, 'ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini')
# Due to a packaging bug, the Open vSwitch agent initialization script explicitly looks for
# the Open vSwitch plug-in configuration file rather than a symbolic link /etc/neutron/plugin.ini pointing to the ML2
# plug-in configuration file. Run the following commands to resolve this issue:
run("cp /usr/lib/systemd/system/neutron-openvswitch-agent.service " + \
"/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig")
run("sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' " + \
"/usr/lib/systemd/system/neutron-openvswitch-agent.service")
# initialize services
msg = "Enable neutron services"
run("systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service " + \
"neutron-dhcp-agent.service neutron-metadata-agent.service " + \
"neutron-ovs-cleanup.service")
msg = "Start neutron services"
run("systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service " + \
"neutron-dhcp-agent.service neutron-metadata-agent.service")
def setOVSConf():
"Set ovs_neutron_plugin.ini"
# This isn't specified in the source (opencloudblog), but the file exists
# and it seems like it should also be setup
confFile = configs['ovs']
backupConfFile(confFile, backupSuffix)
set_parameter(confFile, 'ovs', 'bridge_mappings', 'external:br-vlan')
set_parameter(confFile, 'ovs', 'tenant_network_type', 'vlan')
networkVlanRanges = 'external:%d:%d' % (sorted(vlans)[0], sorted(vlans)[-1])
set_parameter(confFile, 'ovs', 'network_vlan_ranges', networkVlanRanges)
def setOVSConf():
"Set ovs_neutron_plugin.ini"
# This isn't specified in the source (opencloudblog), but the file exists
# and it seems like it should also be setup
confFile = configs['ovs']
backupConfFile(confFile, backupSuffix)
set_parameter(confFile, 'ovs', 'bridge_mappings', 'external:br-vlan')
set_parameter(confFile, 'ovs', 'tenant_network_type', 'vlan')
networkVlanRanges = 'external:%d:%d' % (sorted(vlans)[0],
sorted(vlans)[-1])
set_parameter(confFile, 'ovs', 'network_vlan_ranges', networkVlanRanges)
def configureStorage():
"""
Set the account-, container-, and object-server conf files
"""
serverConfFiles = ['account-server.conf','container-server.conf','object-server.conf']
ip = env_config.nicDictionary['compute1']['mgtIPADDR']
devicepath = swiftGlusterDir
# devicepath = '/srv/node'
# save base files into the host
for fil in serverConfFiles:
remotefile = '/etc/swift/' + fil
out = put(fil,remotefile)
msg = "Save file {} on host {}".format(fil,env.host)
if out.succeeded:
printMessage('good', msg)
else:
printMessage('oops', msg)
# set variables that are the same in all conf files
for confFile in serverConfFiles:
set_parameter('/etc/swift/' + confFile,'DEFAULT','bind_ip',ip)
set_parameter('/etc/swift/' + confFile,'DEFAULT','user','swift')
set_parameter('/etc/swift/' + confFile,'DEFAULT','swift_dir','/etc/swift')
set_parameter('/etc/swift/' + confFile,'DEFAULT','devices',devicepath)
set_parameter('/etc/swift/' + confFile,'filter:recon','recon_cache_path','/var/cache/swift')
# when the device isn't an actual disk,
# we need to set mount_check to false
set_parameter('/etc/swift/' + confFile,'DEFAULT','mount_check','false')
# Edit the account-server.conf file
confFile = '/etc/swift/' + serverConfFiles[0]
set_parameter(confFile,'DEFAULT','bind_port','6002')
set_parameter(confFile,'pipeline:main','pipeline',"'healthcheck recon account-server'")
# Edit the /etc/swift/container-server.conf file
confFile = '/etc/swift/' + serverConfFiles[1]
set_parameter(confFile,'DEFAULT','bind_port','6001')
set_parameter(confFile,'pipeline:main','pipeline',"'healthcheck recon container-server'")
# Edit the /etc/swift/object-server.conf
confFile = '/etc/swift/' + serverConfFiles[2]
set_parameter(confFile,'DEFAULT','bind_port','6000')
set_parameter(confFile,'pipeline:main','pipeline',"'healthcheck recon object-server'")
msg = 'Ensure proper ownership of the mount point directory structure'
runCheck(msg, "chown -R swift:swift {}".format(devicepath))
msg = 'Create the recon directory'
runCheck(msg, "mkdir -p /var/cache/swift")
msg = 'Ensure proper ownership of recon directory'
runCheck(msg, " chown -R swift:swift /var/cache/swift")
def configure_metadata_agent():
# make a backup
backupConfFile(metadata_agent_file, backupSuffix)
set_parameter(metadata_agent_file, 'DEFAULT', 'auth_url',
'http://controller:5000/v2.0')
set_parameter(metadata_agent_file, 'DEFAULT', 'auth_region', 'regionOne')
set_parameter(metadata_agent_file, 'DEFAULT', 'admin_tenant_name',
'service')
set_parameter(metadata_agent_file, 'DEFAULT', 'admin_user', 'neutron')
set_parameter(metadata_agent_file, 'DEFAULT', 'nova_metadata_ip',
'controller')
set_parameter(metadata_agent_file, 'DEFAULT', 'admin_password',
passwd['NEUTRON_PASS'])
set_parameter(metadata_agent_file, 'DEFAULT',
'metadata_proxy_shared_secret', passwd['METADATA_SECRET'])
set_parameter(metadata_agent_file, 'DEFAULT', 'verbose', 'True')
set_parameter(metadata_agent_file, 'DEFAULT', 'debug', 'True')
execute(configure_metadata_proxy_on_controller)
def setMl2Conf():
# Reference: http://www.opencloudblog.com/?p=630
confFile = configs['ml2']
backupConfFile(confFile, backupSuffix)
set_parameter(confFile, 'ml2', 'type_drivers', 'gre,vlan,flat')
set_parameter(confFile, 'ml2', 'mechanism_drivers', 'openvswitch')
# sort the vlan tags to get the smallest and the largest
networkVlanRanges = 'external:%d:%d' % (sorted(vlans)[0], sorted(vlans)[-1])
set_parameter(confFile, 'ml2_type_vlan', 'network_vlan_ranges', networkVlanRanges)
# Crudini doesn't work with the * character
run("sed -i 's/flat_networks = external/flat_networks = */' %s" % confFile)
set_parameter(confFile, 'ovs', 'bridge_mappings', 'external:br-vlan')
set_parameter(confFile, 'ovs', 'integration_bridge' , 'br-int')
# TODO: determine whether this should be vlan, gre, or both:
# tenant_network_type = type of network a tenant can create
# set_parameter(confFile, 'ovs', 'tenant_network_type' , 'vlan')
# set_parameter(confFile, 'ovs', 'tenant_network_type' , 'gre,vlan')
set_parameter(confFile, 'ovs', 'tenant_network_types' , 'gre,vlan')
set_parameter(confFile, 'ovs', 'local_ip' ,
env_config.nicDictionary[env.host]['tnlIPADDR'])
set_parameter(confFile, 'agent', 'l2_population' , 'False')
def setDHCPConf():
# Reference: http://www.opencloudblog.com/?p=630
confFile = configs['dhcp']
backupConfFile(confFile, backupSuffix)
set_parameter(confFile, 'DEFAULT', 'dhcp_delete_namespaces', 'True')
set_parameter(confFile, 'DEFAULT', 'enable_metadata_network', 'False')
set_parameter(confFile, 'DEFAULT', 'enable_isolated_metadata', 'True')
set_parameter(confFile, 'DEFAULT', 'use_namespaces', 'True')
set_parameter(confFile, 'DEFAULT', 'ovs_use_veth', 'False')
set_parameter(confFile, 'DEFAULT', 'dhcp_agent_manager',
'neutron.agent.dhcp_agent.DhcpAgentWithStateReport')
def setL3Conf():
# Reference: http://www.opencloudblog.com/?p=630
confFile = configs['l3']
backupConfFile(confFile, backupSuffix)
# very important - set the two following entries to an empty string
# do not leave the default values
set_parameter(confFile, 'DEFAULT', 'gateway_external_network_id', '')
set_parameter(confFile, 'DEFAULT', 'external_network_bridge', '')
# we use the legacy mode - HA and DVR are broken in Juno and should
# not used in production environments
set_parameter(confFile, 'DEFAULT', 'agent_mode', 'legacy')
# nova metadata is deployed only on the network node(s) and listens on 127.0.0.1 node
set_parameter(confFile, 'DEFAULT', 'metadata_port', '8775')
set_parameter(confFile, 'DEFAULT', 'metadata_ip', '127.0.0.1')
set_parameter(confFile, 'DEFAULT', 'enable_metadata_proxy', 'True')
set_parameter(confFile, 'DEFAULT', 'handle_internal_only_routers', 'True')
set_parameter(confFile, 'DEFAULT', 'router_delete_namespaces', 'True')
# veths should be avoided
set_parameter(confFile, 'DEFAULT', 'ovs_use_veth', 'False')
set_parameter(confFile, 'DEFAULT', 'interface_driver',
'neutron.agent.linux.interface.OVSInterfaceDriver')
set_parameter(confFile, 'DEFAULT', 'use_namespaces', 'True')
# for testing
set_parameter(confFile, 'DEFAULT', 'debug', 'True')
def configure_Layer3_agent():
# make a backup
backupConfFile(l3_agent_file, backupSuffix)
set_parameter(l3_agent_file,"DEFAULT","interface_driver","neutron.agent.linux.interface.OVSInterfaceDriver")
set_parameter(l3_agent_file,"DEFAULT","use_namespaces","True")
set_parameter(l3_agent_file,"DEFAULT","external_network_bridge","br-ex")
set_parameter(l3_agent_file,"DEFAULT","router_delete_namespaces","True")
set_parameter(l3_agent_file,"DEFAULT","verbose","True")
set_parameter(l3_agent_file,"DEFAULT","debug","True")
def setNeutronConf():
# Reference: http://www.opencloudblog.com/?p=630
confFile = configs['neutron']
backupConfFile(confFile, backupSuffix)
section = 'DEFAULT'
set_parameter(confFile, section, 'max_l3_agents_per_router', '2')
set_parameter(confFile, section, 'l3_ha', 'False')
set_parameter(confFile, section, 'allow_automatic_l3agent_failover', 'True')
set_parameter(confFile, section, 'allow_overlapping_ips', 'True')
set_parameter(confFile, section, 'core_plugin', 'ml2')
set_parameter(confFile, section, 'service_plugins', 'router')
# set_parameter(confFile, section, 'service_plugins', 'router,firewall,lbaas,vpnaas,metering')
set_parameter(confFile, section, 'force_gateway_on_subnet', 'True')
set_parameter(confFile, section, 'dhcp_options_enabled', 'False')
set_parameter(confFile, section, 'dhcp_agents_per_network', '1')
set_parameter(confFile, section, 'router_distributed', 'False')
set_parameter(confFile, section, 'router_delete_namespaces', 'True')
set_parameter(confFile, section, 'check_child_processes', 'True')
section = 'securitygroup'
set_parameter(confFile, section, 'firewall_driver',
'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver')
set_parameter(confFile, section, 'enable_ipset', 'True')
set_parameter(confFile, section, 'enable_security_group', 'True')
section = 'agent'
set_parameter(confFile, section, 'enable_distributed_routing', 'False')
set_parameter(confFile, section, 'dont_fragment', 'True')
set_parameter(confFile, section, 'arp_responder', 'False')
# Crudini doesn't work when a variable name is setup more than once, as is service_provider,
# so for this one we use sed
newLine = ['service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default']
run("sed -i \"/\[service_providers\]/a %s\" %s" % (newLine, confFile))
def configure_ML2_plugin_general():
# The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual
# networking framework for instances. However, the controller node does not need the OVS
# components because it does not handle instance network traffic.
# make a backup
backupConfFile(ml2_conf_file, backupSuffix)
# set_parameter(ml2_conf_file,'ml2','type_drivers','flat,gre')
set_parameter(ml2_conf_file,'ml2','type_drivers','flat,gre,vlan')
set_parameter(ml2_conf_file,'ml2','tenant_network_types','gre')
set_parameter(ml2_conf_file,'ml2','mechanism_drivers','openvswitch')
set_parameter(ml2_conf_file,'ml2_type_gre','tunnel_id_ranges','1:1000')
set_parameter(ml2_conf_file,'securitygroup','enable_security_group','True')
set_parameter(ml2_conf_file,'securitygroup','enable_ipset','True')
set_parameter(ml2_conf_file,'securitygroup','firewall_driver',\
'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver')
def configure_the_Networking_common_components():
# make a backup
backupConfFile(neutron_conf, backupSuffix)
# configure RabbitMQ access
set_parameter(neutron_conf,'DEFAULT','rpc_backend','rabbit')
set_parameter(neutron_conf,'DEFAULT','rabbit_host','controller')
set_parameter(neutron_conf,'DEFAULT','rabbit_password',passwd['RABBIT_PASS'])
# configure Identity service access
set_parameter(neutron_conf,'DEFAULT','auth_strategy','keystone')
set_parameter(neutron_conf,'keystone_authtoken','auth_uri','http://controller:5000/v2.0')
set_parameter(neutron_conf,'keystone_authtoken','identity_uri','http://controller:35357')
set_parameter(neutron_conf,'keystone_authtoken','admin_tenant_name','service')
set_parameter(neutron_conf,'keystone_authtoken','admin_user','neutron')
set_parameter(neutron_conf,'keystone_authtoken','admin_password',passwd['NEUTRON_PASS'])
# enable ML2 plugin
set_parameter(neutron_conf,'DEFAULT','core_plugin','ml2')
set_parameter(neutron_conf,'DEFAULT','service_plugins','router')
set_parameter(neutron_conf,'DEFAULT','allow_overlapping_ips','True')
set_parameter(neutron_conf,'DEFAULT','verbose','True')
set_parameter(neutron_conf,'DEFAULT','debug','True')
def setup_nova_config_files_on_compute():
"""
Set up variables on several config files on the compute node
"""
NOVA_PASS = passwd['NOVA_PASS']
NOVA_DBPASS = passwd['NOVA_DBPASS']
RABBIT_PASS = passwd['RABBIT_PASS']
MANAGEMENT_IP = env_config.nicDictionary[env.host]['mgtIPADDR']
set_parameter(etc_nova_config_file, 'DEFAULT', 'rpc_backend', 'rabbit')
set_parameter(etc_nova_config_file, 'DEFAULT', 'rabbit_host', 'controller')
set_parameter(etc_nova_config_file, 'DEFAULT', 'rabbit_password', RABBIT_PASS)
set_parameter(etc_nova_config_file, 'DEFAULT', 'auth_strategy', 'keystone')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'auth_uri', 'http://controller:5000/v2.0')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'identity_uri', 'http://controller:35357')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'admin_tenant_name', 'service')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'admin_user', 'nova')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'admin_password', NOVA_PASS)
set_parameter(etc_nova_config_file, 'DEFAULT', 'my_ip', MANAGEMENT_IP)
set_parameter(etc_nova_config_file, 'DEFAULT', 'vnc_enabled', 'True')
set_parameter(etc_nova_config_file, 'DEFAULT', 'vncserver_listen', '0.0.0.0')
set_parameter(etc_nova_config_file, 'DEFAULT', 'vncserver_proxyclient_address', MANAGEMENT_IP)
set_parameter(etc_nova_config_file, 'DEFAULT', 'novncproxy_base_url', 'http://controller:6080/vnc_auto.html')
set_parameter(etc_nova_config_file, 'glance', 'host', 'controller')
set_parameter(etc_nova_config_file, 'DEFAULT', 'verbose', 'True')
set_parameter(etc_nova_config_file, 'libvirt', 'cpu_mode', 'host-passthrough')
if 'ipmi5' in check_output('echo $HOSTNAME',shell=True):
# set this parameter if we are not in production mode
set_parameter(etc_nova_config_file, 'DEFAULT', 'novncproxy_host', '0.0.0.0')
set_parameter(etc_nova_config_file, 'DEFAULT', 'novncproxy_port', '6080')
set_parameter(etc_nova_config_file, 'DEFAULT', 'novncproxy_base_url', 'http://129.128.208.164:6080/vnc_auto.html')
else:
set_parameter(etc_nova_config_file, 'DEFAULT', 'vncserver_listen', MANAGEMENT_IP)
set_parameter(etc_nova_config_file, 'DEFAULT', 'vncserver_proxyclient_address', MANAGEMENT_IP)
hardware_accel_check()
def setup_nova_config_files_on_controller():
NOVA_PASS = passwd['NOVA_PASS']
NOVA_DBPASS = passwd['NOVA_DBPASS']
RABBIT_PASS = passwd['RABBIT_PASS']
CONTROLLER_MANAGEMENT_IP = env_config.nicDictionary['controller']['mgtIPADDR']
set_parameter(etc_nova_config_file, 'database', 'connection', 'mysql://*****:*****@controller/nova'.format(NOVA_DBPASS))
set_parameter(etc_nova_config_file, 'DEFAULT', 'rpc_backend', 'rabbit')
set_parameter(etc_nova_config_file, 'DEFAULT', 'rabbit_host', 'controller')
set_parameter(etc_nova_config_file, 'DEFAULT', 'rabbit_password', RABBIT_PASS)
set_parameter(etc_nova_config_file, 'DEFAULT', 'auth_strategy', 'keystone')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'auth_uri', 'http://controller:5000/v2.0')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'identity_uri', 'http://controller:35357')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'admin_tenant_name', 'service')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'admin_user', 'nova')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'admin_password', NOVA_PASS)
set_parameter(etc_nova_config_file, 'DEFAULT', 'my_ip', CONTROLLER_MANAGEMENT_IP)
set_parameter(etc_nova_config_file, 'glance', 'host', 'controller')
set_parameter(etc_nova_config_file, 'DEFAULT', 'verbose', 'True')
set_parameter(etc_nova_config_file, 'libvirt', 'cpu_mode', 'host-passthrough')
if 'ipmi5' in check_output('echo $HOSTNAME',shell=True):
# set this parameter if we are not in production mode
set_parameter(etc_nova_config_file, 'DEFAULT', 'novncproxy_host', '0.0.0.0')
set_parameter(etc_nova_config_file, 'DEFAULT', 'novncproxy_port', '6080')
set_parameter(etc_nova_config_file, 'DEFAULT', 'novncproxy_base_url', 'http://129.128.208.164:6080/vnc_auto.html')
else:
set_parameter(etc_nova_config_file, 'DEFAULT', 'vncserver_listen', CONTROLLER_MANAGEMENT_IP)
set_parameter(etc_nova_config_file, 'DEFAULT', 'vncserver_proxyclient_address', CONTROLLER_MANAGEMENT_IP)
def setup_heat_config_files(HEAT_PASS, HEAT_DBPASS, RABBIT_PASS):
msg = 'Install packages'
runCheck(msg, "yum install -y openstack-heat-api openstack-heat-api-cfn openstack-heat-engine python-heatclient")
set_parameter(etc_heat_config_file, 'database', 'connection', 'mysql://*****:*****@controller/heat'.format(HEAT_DBPASS))
set_parameter(etc_heat_config_file, 'DEFAULT', 'rpc_backend', 'rabbit')
set_parameter(etc_heat_config_file, 'DEFAULT', 'rabbit_host', 'controller')
set_parameter(etc_heat_config_file, 'DEFAULT', 'rabbit_password', RABBIT_PASS)
set_parameter(etc_heat_config_file, 'keystone_authtoken', 'auth_uri', 'http://controller:5000/v2.0')
set_parameter(etc_heat_config_file, 'keystone_authtoken', 'identity_uri', 'http://controller:35357')
set_parameter(etc_heat_config_file, 'keystone_authtoken', 'admin_tenant_name', 'service')
set_parameter(etc_heat_config_file, 'keystone_authtoken', 'admin_user', 'heat')
set_parameter(etc_heat_config_file, 'keystone_authtoken', 'admin_password', HEAT_PASS)
set_parameter(etc_heat_config_file, 'ec2authtoken', 'auth_uri', 'http://controller:5000/v2.0')
set_parameter(etc_heat_config_file, 'DEFAULT', 'heat_metadata_server_url', 'http://controller:8000')
set_parameter(etc_heat_config_file, 'DEFAULT', 'heat_waitcondition_server_url', 'http://controller:8000/v1/waitcondition')
set_parameter(etc_heat_config_file, 'DEFAULT', 'verbose', 'True')
def setDHCPConf():
# Reference: http://www.opencloudblog.com/?p=630
confFile = configs['dhcp']
backupConfFile(confFile, backupSuffix)
set_parameter(confFile, 'DEFAULT', 'dhcp_delete_namespaces', 'True')
set_parameter(confFile, 'DEFAULT', 'enable_metadata_network', 'False')
set_parameter(confFile, 'DEFAULT', 'enable_isolated_metadata', 'True')
set_parameter(confFile, 'DEFAULT', 'use_namespaces', 'True')
set_parameter(confFile, 'DEFAULT', 'ovs_use_veth', 'False')
set_parameter(confFile, 'DEFAULT', 'dhcp_agent_manager',
'neutron.agent.dhcp_agent.DhcpAgentWithStateReport')
def setup_nova_conf_file():
set_parameter(etc_nova_config_file, 'glance', 'libvirt_type', 'qemu')
set_parameter(etc_nova_config_file, 'DEFAULT', 'instances_path',
novaGlusterDir)
def setMl2Conf():
# Reference: http://www.opencloudblog.com/?p=630
confFile = configs['ml2']
backupConfFile(confFile, backupSuffix)
set_parameter(confFile, 'ml2', 'type_drivers', 'gre,vlan,flat')
set_parameter(confFile, 'ml2', 'mechanism_drivers', 'openvswitch')
# sort the vlan tags to get the smallest and the largest
networkVlanRanges = 'external:%d:%d' % (sorted(vlans)[0],
sorted(vlans)[-1])
set_parameter(confFile, 'ml2_type_vlan', 'network_vlan_ranges',
networkVlanRanges)
# Crudini doesn't work with the * character
run("sed -i 's/flat_networks = external/flat_networks = */' %s" % confFile)
set_parameter(confFile, 'ovs', 'bridge_mappings', 'external:br-vlan')
set_parameter(confFile, 'ovs', 'integration_bridge', 'br-int')
# TODO: determine whether this should be vlan, gre, or both:
# tenant_network_type = type of network a tenant can create
# set_parameter(confFile, 'ovs', 'tenant_network_type' , 'vlan')
# set_parameter(confFile, 'ovs', 'tenant_network_type' , 'gre,vlan')
set_parameter(confFile, 'ovs', 'tenant_network_types', 'gre,vlan')
set_parameter(confFile, 'ovs', 'local_ip',
env_config.nicDictionary[env.host]['tnlIPADDR'])
set_parameter(confFile, 'agent', 'l2_population', 'False')
def setNeutronConf():
# Reference: http://www.opencloudblog.com/?p=630
confFile = configs['neutron']
backupConfFile(confFile, backupSuffix)
section = 'DEFAULT'
set_parameter(confFile, section, 'max_l3_agents_per_router', '2')
set_parameter(confFile, section, 'l3_ha', 'False')
set_parameter(confFile, section, 'allow_automatic_l3agent_failover',
'True')
set_parameter(confFile, section, 'allow_overlapping_ips', 'True')
set_parameter(confFile, section, 'core_plugin', 'ml2')
set_parameter(confFile, section, 'service_plugins', 'router')
# set_parameter(confFile, section, 'service_plugins', 'router,firewall,lbaas,vpnaas,metering')
set_parameter(confFile, section, 'force_gateway_on_subnet', 'True')
set_parameter(confFile, section, 'dhcp_options_enabled', 'False')
set_parameter(confFile, section, 'dhcp_agents_per_network', '1')
set_parameter(confFile, section, 'router_distributed', 'False')
set_parameter(confFile, section, 'router_delete_namespaces', 'True')
set_parameter(confFile, section, 'check_child_processes', 'True')
section = 'securitygroup'
set_parameter(
confFile, section, 'firewall_driver',
'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
)
set_parameter(confFile, section, 'enable_ipset', 'True')
set_parameter(confFile, section, 'enable_security_group', 'True')
section = 'agent'
set_parameter(confFile, section, 'enable_distributed_routing', 'False')
set_parameter(confFile, section, 'dont_fragment', 'True')
set_parameter(confFile, section, 'arp_responder', 'False')
# Crudini doesn't work when a variable name is setup more than once, as is service_provider,
# so for this one we use sed
newLine = [
'service_provider = FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default'
]
run("sed -i \"/\[service_providers\]/a %s\" %s" % (newLine, confFile))
def createOrganizationalUnitsAndDefineLocation():
set_parameter(confFile, 'ldap', 'user_tree_dn', 'ou=Users,dc=example,dc=org')
set_parameter(confFile, 'ldap', 'user_objectclass', 'inetOrgPerson')
set_parameter(confFile, 'ldap', 'group_tree_dn', 'ou=Groups,dc=example,dc=org')
set_parameter(confFile, 'ldap', 'group_objectclass', 'groupOfNames')
def configure_networking_server_component():
# configure neutron.conf with crudini
# make a backup
backupConfFile(neutron_conf, backupSuffix)
# configure database access
parameter = 'mysql://*****:*****@controller/neutron'.format(
passwd['NEUTRON_DBPASS'])
set_parameter(neutron_conf, 'database', 'connection', parameter)
# configure RabbitMQ access
set_parameter(neutron_conf, 'DEFAULT', 'rpc_backend', 'rabbit')
set_parameter(neutron_conf, 'DEFAULT', 'rabbit_host', 'controller')
set_parameter(neutron_conf, 'DEFAULT', 'rabbit_password',
passwd['RABBIT_PASS'])
# configure Identity service access
set_parameter(neutron_conf, 'DEFAULT', 'auth_strategy', 'keystone')
set_parameter(neutron_conf, 'keystone_authtoken', 'auth_uri',
'http://controller:5000/v2.0')
set_parameter(neutron_conf, 'keystone_authtoken', 'identity_uri',
'http://controller:35357')
set_parameter(neutron_conf, 'keystone_authtoken', 'admin_tenant_name',
'service')
set_parameter(neutron_conf, 'keystone_authtoken', 'admin_user', 'neutron')
set_parameter(neutron_conf, 'keystone_authtoken', 'admin_password',
passwd['NEUTRON_PASS'])
# enable ML2 plugin
set_parameter(neutron_conf, 'DEFAULT', 'core_plugin', 'ml2')
set_parameter(neutron_conf, 'DEFAULT', 'service_plugins', 'router')
set_parameter(neutron_conf, 'DEFAULT', 'allow_overlapping_ips', 'True')
# set Neutron to notify Nova of of topology changes
# get service tenant id
with prefix(env_config.admin_openrc):
nova_admin_tenant_id = run(
'keystone tenant-list | grep service | cut -d\| -f2')
if nova_admin_tenant_id:
# if tenant service doesn't exist, this variable will be empty
set_parameter(neutron_conf, 'DEFAULT', 'nova_admin_tenant_id',
nova_admin_tenant_id)
set_parameter(neutron_conf, 'DEFAULT',
'notify_nova_on_port_status_changes', 'True')
set_parameter(neutron_conf, 'DEFAULT', 'notify_nova_on_port_data_changes',
'True')
set_parameter(neutron_conf, 'DEFAULT', 'nova_url',
'http://controller:8774/v2')
set_parameter(neutron_conf, 'DEFAULT', 'nova_admin_auth_url',
'http://controller:35357/v2.0')
set_parameter(neutron_conf, 'DEFAULT', 'nova_region_name', 'regionOne')
set_parameter(neutron_conf, 'DEFAULT', 'nova_admin_username', 'nova')
set_parameter(neutron_conf, 'DEFAULT', 'nova_admin_password',
passwd['NOVA_PASS'])
# turn on verbose logging
set_parameter(neutron_conf, 'DEFAULT', 'verbose', 'True')
set_parameter(neutron_conf, 'DEFAULT', 'debug', 'True')
def setup_nova_conf_file():
set_parameter(etc_nova_config_file, 'glance', 'libvirt_type', 'qemu')
set_parameter(etc_nova_config_file, 'DEFAULT', 'instances_path',
novaGlusterDir)
def configure_ML2_plugin_general():
# The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual
# networking framework for instances. However, the controller node does not need the OVS
# components because it does not handle instance network traffic.
# make a backup
backupConfFile(ml2_conf_file, backupSuffix)
# set_parameter(ml2_conf_file,'ml2','type_drivers','flat,gre')
set_parameter(ml2_conf_file, 'ml2', 'type_drivers', 'flat,gre,vlan')
set_parameter(ml2_conf_file, 'ml2', 'tenant_network_types', 'gre')
set_parameter(ml2_conf_file, 'ml2', 'mechanism_drivers', 'openvswitch')
set_parameter(ml2_conf_file, 'ml2_type_gre', 'tunnel_id_ranges', '1:1000')
set_parameter(ml2_conf_file, 'securitygroup', 'enable_security_group',
'True')
set_parameter(ml2_conf_file, 'securitygroup', 'enable_ipset', 'True')
set_parameter(ml2_conf_file,'securitygroup','firewall_driver',\
'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver')
def configure_networking_server_component():
# configure neutron.conf with crudini
# make a backup
backupConfFile(neutron_conf, backupSuffix)
# configure database access
parameter = 'mysql://*****:*****@controller/neutron'.format(passwd['NEUTRON_DBPASS'])
set_parameter(neutron_conf,'database','connection',parameter)
# configure RabbitMQ access
set_parameter(neutron_conf,'DEFAULT','rpc_backend','rabbit')
set_parameter(neutron_conf,'DEFAULT','rabbit_host','controller')
set_parameter(neutron_conf,'DEFAULT','rabbit_password',passwd['RABBIT_PASS'])
# configure Identity service access
set_parameter(neutron_conf,'DEFAULT','auth_strategy','keystone')
set_parameter(neutron_conf,'keystone_authtoken','auth_uri','http://controller:5000/v2.0')
set_parameter(neutron_conf,'keystone_authtoken','identity_uri','http://controller:35357')
set_parameter(neutron_conf,'keystone_authtoken','admin_tenant_name','service')
set_parameter(neutron_conf,'keystone_authtoken','admin_user','neutron')
set_parameter(neutron_conf,'keystone_authtoken','admin_password',passwd['NEUTRON_PASS'])
# enable ML2 plugin
set_parameter(neutron_conf,'DEFAULT','core_plugin','ml2')
set_parameter(neutron_conf,'DEFAULT','service_plugins','router')
set_parameter(neutron_conf,'DEFAULT','allow_overlapping_ips','True')
# set Neutron to notify Nova of of topology changes
# get service tenant id
with prefix(env_config.admin_openrc):
nova_admin_tenant_id = run('keystone tenant-list | grep service | cut -d\| -f2')
if nova_admin_tenant_id:
# if tenant service doesn't exist, this variable will be empty
set_parameter(neutron_conf,'DEFAULT','nova_admin_tenant_id',nova_admin_tenant_id)
set_parameter(neutron_conf,'DEFAULT','notify_nova_on_port_status_changes','True')
set_parameter(neutron_conf,'DEFAULT','notify_nova_on_port_data_changes','True')
set_parameter(neutron_conf,'DEFAULT','nova_url','http://controller:8774/v2')
set_parameter(neutron_conf,'DEFAULT','nova_admin_auth_url','http://controller:35357/v2.0')
set_parameter(neutron_conf,'DEFAULT','nova_region_name','regionOne')
set_parameter(neutron_conf,'DEFAULT','nova_admin_username','nova')
set_parameter(neutron_conf,'DEFAULT','nova_admin_password',passwd['NOVA_PASS'])
# turn on verbose logging
set_parameter(neutron_conf,'DEFAULT','verbose','True')
set_parameter(neutron_conf,'DEFAULT','debug','True')
def configure_nova_to_use_neutron():
# make a backup
backupConfFile(nova_conf, backupSuffix)
set_parameter(nova_conf, 'DEFAULT', 'network_api_class',
'nova.network.neutronv2.api.API')
set_parameter(nova_conf, 'DEFAULT', 'security_group_api', 'neutron')
set_parameter(nova_conf, 'DEFAULT', 'linuxnet_interface_driver',
'nova.network.linux_net.LinuxOVSInterfaceDriver')
set_parameter(nova_conf, 'DEFAULT', 'firewall_driver',
'nova.virt.firewall.NoopFirewallDriver')
set_parameter(nova_conf, 'neutron', 'url', 'http://controller:9696')
set_parameter(nova_conf, 'neutron', 'auth_strategy', 'keystone')
set_parameter(nova_conf, 'neutron', 'admin_auth_url',
'http://controller:35357/v2.0')
set_parameter(nova_conf, 'neutron', 'admin_tenant_name', 'service')
set_parameter(nova_conf, 'neutron', 'admin_username', 'neutron')
set_parameter(nova_conf, 'neutron', 'admin_password',
passwd['NEUTRON_PASS'])
def configure_nova_to_use_neutron():
# make a backup
backupConfFile(nova_conf, backupSuffix)
set_parameter(nova_conf,'DEFAULT','network_api_class','nova.network.neutronv2.api.API')
set_parameter(nova_conf,'DEFAULT','security_group_api','neutron')
set_parameter(nova_conf,'DEFAULT','linuxnet_interface_driver','nova.network.linux_net.LinuxOVSInterfaceDriver')
set_parameter(nova_conf,'DEFAULT','firewall_driver','nova.virt.firewall.NoopFirewallDriver')
set_parameter(nova_conf,'neutron','url','http://controller:9696')
set_parameter(nova_conf,'neutron','auth_strategy','keystone')
set_parameter(nova_conf,'neutron','admin_auth_url','http://controller:35357/v2.0')
set_parameter(nova_conf,'neutron','admin_tenant_name','service')
set_parameter(nova_conf,'neutron','admin_username','neutron')
set_parameter(nova_conf,'neutron','admin_password',passwd['NEUTRON_PASS'])
def configure_the_Networking_common_components():
# make a backup
backupConfFile(neutron_conf, backupSuffix)
# configure RabbitMQ access
set_parameter(neutron_conf, 'DEFAULT', 'rpc_backend', 'rabbit')
set_parameter(neutron_conf, 'DEFAULT', 'rabbit_host', 'controller')
set_parameter(neutron_conf, 'DEFAULT', 'rabbit_password',
passwd['RABBIT_PASS'])
# configure Identity service access
set_parameter(neutron_conf, 'DEFAULT', 'auth_strategy', 'keystone')
set_parameter(neutron_conf, 'keystone_authtoken', 'auth_uri',
'http://controller:5000/v2.0')
set_parameter(neutron_conf, 'keystone_authtoken', 'identity_uri',
'http://controller:35357')
set_parameter(neutron_conf, 'keystone_authtoken', 'admin_tenant_name',
'service')
set_parameter(neutron_conf, 'keystone_authtoken', 'admin_user', 'neutron')
set_parameter(neutron_conf, 'keystone_authtoken', 'admin_password',
passwd['NEUTRON_PASS'])
# enable ML2 plugin
set_parameter(neutron_conf, 'DEFAULT', 'core_plugin', 'ml2')
set_parameter(neutron_conf, 'DEFAULT', 'service_plugins', 'router')
set_parameter(neutron_conf, 'DEFAULT', 'allow_overlapping_ips', 'True')
set_parameter(neutron_conf, 'DEFAULT', 'verbose', 'True')
set_parameter(neutron_conf, 'DEFAULT', 'debug', 'True')
def enableLDAPIdentityDriver():
set_parameter(confFile, 'identity', 'driver', 'keystone.identity.backends.ldap.IDENTITY')
def configure_Layer3_agent():
# make a backup
backupConfFile(l3_agent_file, backupSuffix)
set_parameter(l3_agent_file, "DEFAULT", "interface_driver",
"neutron.agent.linux.interface.OVSInterfaceDriver")
set_parameter(l3_agent_file, "DEFAULT", "use_namespaces", "True")
set_parameter(l3_agent_file, "DEFAULT", "external_network_bridge", "br-ex")
set_parameter(l3_agent_file, "DEFAULT", "router_delete_namespaces", "True")
set_parameter(l3_agent_file, "DEFAULT", "verbose", "True")
set_parameter(l3_agent_file, "DEFAULT", "debug", "True")
def configure_DHCP_agent():
# make a backup
backupConfFile(dhcp_agent_file, backupSuffix)
set_parameter(dhcp_agent_file,"DEFAULT","interface_driver",
"neutron.agent.linux.interface.OVSInterfaceDriver")
set_parameter(dhcp_agent_file,"DEFAULT","dhcp_driver",
"neutron.agent.linux.dhcp.Dnsmasq")
set_parameter(dhcp_agent_file,"DEFAULT","use_namespaces","True")
set_parameter(dhcp_agent_file,"DEFAULT","dhcp_delete_namespaces","True")
set_parameter(dhcp_agent_file,"DEFAULT","verbose","True")
set_parameter(dhcp_agent_file,"DEFAULT","debug","True")
def configure_DHCP_agent():
# make a backup
backupConfFile(dhcp_agent_file, backupSuffix)
set_parameter(dhcp_agent_file, "DEFAULT", "interface_driver",
"neutron.agent.linux.interface.OVSInterfaceDriver")
set_parameter(dhcp_agent_file, "DEFAULT", "dhcp_driver",
"neutron.agent.linux.dhcp.Dnsmasq")
set_parameter(dhcp_agent_file, "DEFAULT", "use_namespaces", "True")
set_parameter(dhcp_agent_file, "DEFAULT", "dhcp_delete_namespaces", "True")
set_parameter(dhcp_agent_file, "DEFAULT", "verbose", "True")
set_parameter(dhcp_agent_file, "DEFAULT", "debug", "True")
def configure_metadata_agent():
# make a backup
backupConfFile(metadata_agent_file, backupSuffix)
set_parameter(metadata_agent_file,'DEFAULT','auth_url','http://controller:5000/v2.0')
set_parameter(metadata_agent_file,'DEFAULT','auth_region','regionOne')
set_parameter(metadata_agent_file,'DEFAULT','admin_tenant_name','service')
set_parameter(metadata_agent_file,'DEFAULT','admin_user','neutron')
set_parameter(metadata_agent_file,'DEFAULT','nova_metadata_ip','controller')
set_parameter(metadata_agent_file,'DEFAULT','admin_password',passwd['NEUTRON_PASS'])
set_parameter(metadata_agent_file,'DEFAULT','metadata_proxy_shared_secret',
passwd['METADATA_SECRET'])
set_parameter(metadata_agent_file,'DEFAULT','verbose','True')
set_parameter(metadata_agent_file,'DEFAULT','debug','True')
execute(configure_metadata_proxy_on_controller)
def configureController():
confFile = '/etc/swift/proxy-server.conf'
localFile = 'proxy-server.conf'
# proxyServerConf is a config file made based on this model:
# https://raw.githubusercontent.com/openstack/swift/stable/juno/etc/proxy-server.conf-sample
msg = "Put base {} on controller".format(confFile)
out = put(localFile,confFile)
if out.succeeded:
printMessage('good',msg)
else:
printMessage('oops',msg)
# set parameters
set_parameter(confFile,'DEFAULT','bind_port','8080')
set_parameter(confFile,'DEFAULT','user','swift')
set_parameter(confFile,'DEFAULT','swift_dir','/etc/swift')
set_parameter(confFile,'pipeline:main','pipeline',"'authtoken cache healthcheck keystoneauth proxy-logging proxy-server'")
set_parameter(confFile,'app:proxy-server','allow_account_management','true')
set_parameter(confFile,'app:proxy-server','account_autocreate','true')
set_parameter(confFile,'filter:keystoneauth','use','egg:swift#keystoneauth')
set_parameter(confFile,'filter:keystoneauth','operator_roles','admin,_member_')
set_parameter(confFile,'filter:authtoken','paste.filter_factory','keystonemiddleware.auth_token:filter_factory')
set_parameter(confFile,'filter:authtoken','auth_uri','http://controller:5000/v2.0')
set_parameter(confFile,'filter:authtoken','identity_uri','http://controller:35357')
set_parameter(confFile,'filter:authtoken','admin_tenant_name','service')
set_parameter(confFile,'filter:authtoken','admin_user','swift')
set_parameter(confFile,'filter:authtoken','admin_password',passwd['SWIFT_PASS'])
set_parameter(confFile,'filter:authtoken','delay_auth_decision','true')
set_parameter(confFile,'filter:cache','memcache_servers','127.0.0.1:11211')
def setL3Conf():
# Reference: http://www.opencloudblog.com/?p=630
confFile = configs['l3']
backupConfFile(confFile, backupSuffix)
# very important - set the two following entries to an empty string
# do not leave the default values
set_parameter(confFile, 'DEFAULT', 'gateway_external_network_id', '')
set_parameter(confFile, 'DEFAULT', 'external_network_bridge', '')
# we use the legacy mode - HA and DVR are broken in Juno and should
# not used in production environments
set_parameter(confFile, 'DEFAULT', 'agent_mode', 'legacy')
# nova metadata is deployed only on the network node(s) and listens on 127.0.0.1 node
set_parameter(confFile, 'DEFAULT', 'metadata_port', '8775')
set_parameter(confFile, 'DEFAULT', 'metadata_ip', '127.0.0.1')
set_parameter(confFile, 'DEFAULT', 'enable_metadata_proxy', 'True')
set_parameter(confFile, 'DEFAULT', 'handle_internal_only_routers', 'True')
set_parameter(confFile, 'DEFAULT', 'router_delete_namespaces', 'True')
# veths should be avoided
set_parameter(confFile, 'DEFAULT', 'ovs_use_veth', 'False')
set_parameter(confFile, 'DEFAULT', 'interface_driver',
'neutron.agent.linux.interface.OVSInterfaceDriver')
set_parameter(confFile, 'DEFAULT', 'use_namespaces', 'True')
# for testing
set_parameter(confFile, 'DEFAULT', 'debug', 'True')
def setup_nova_config_files_on_controller():
NOVA_PASS = passwd['NOVA_PASS']
NOVA_DBPASS = passwd['NOVA_DBPASS']
RABBIT_PASS = passwd['RABBIT_PASS']
CONTROLLER_MANAGEMENT_IP = env_config.nicDictionary['controller'][
'mgtIPADDR']
set_parameter(etc_nova_config_file, 'database', 'connection',
'mysql://*****:*****@controller/nova'.format(NOVA_DBPASS))
set_parameter(etc_nova_config_file, 'DEFAULT', 'rpc_backend', 'rabbit')
set_parameter(etc_nova_config_file, 'DEFAULT', 'rabbit_host', 'controller')
set_parameter(etc_nova_config_file, 'DEFAULT', 'rabbit_password',
RABBIT_PASS)
set_parameter(etc_nova_config_file, 'DEFAULT', 'auth_strategy', 'keystone')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'auth_uri',
'http://controller:5000/v2.0')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'identity_uri',
'http://controller:35357')
set_parameter(etc_nova_config_file, 'keystone_authtoken',
'admin_tenant_name', 'service')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'admin_user',
'nova')
set_parameter(etc_nova_config_file, 'keystone_authtoken', 'admin_password',
NOVA_PASS)
set_parameter(etc_nova_config_file, 'DEFAULT', 'my_ip',
CONTROLLER_MANAGEMENT_IP)
set_parameter(etc_nova_config_file, 'glance', 'host', 'controller')
set_parameter(etc_nova_config_file, 'DEFAULT', 'verbose', 'True')
set_parameter(etc_nova_config_file, 'libvirt', 'cpu_mode',
'host-passthrough')
if 'ipmi5' in check_output('echo $HOSTNAME', shell=True):
# set this parameter if we are not in production mode
set_parameter(etc_nova_config_file, 'DEFAULT', 'novncproxy_host',
'0.0.0.0')
set_parameter(etc_nova_config_file, 'DEFAULT', 'novncproxy_port',
'6080')
set_parameter(etc_nova_config_file, 'DEFAULT', 'novncproxy_base_url',
'http://129.128.208.164:6080/vnc_auto.html')
else:
set_parameter(etc_nova_config_file, 'DEFAULT', 'vncserver_listen',
CONTROLLER_MANAGEMENT_IP)
set_parameter(etc_nova_config_file, 'DEFAULT',
'vncserver_proxyclient_address',
CONTROLLER_MANAGEMENT_IP)