예제 #1
0
파일: nova_300.py 프로젝트: dm0-/packstack
def create_vncproxy_manifest(config, messages):
    if config["CONFIG_HORIZON_SSL"] == 'y':
        if config["CONFIG_VNC_SSL_CERT"]:
            ssl_cert_file = config["CONFIG_VNC_SSL_CERT"]
            ssl_key_file = config["CONFIG_VNC_SSL_KEY"]
            if not os.path.exists(ssl_cert_file):
                raise exceptions.ParamValidationError(
                    "The file %s doesn't exist" % ssl_cert_file)

            if not os.path.exists(ssl_key_file):
                raise exceptions.ParamValidationError(
                    "The file %s doesn't exist" % ssl_key_file)

            final_cert = open(ssl_cert_file, 'rt').read()
            final_key = open(ssl_key_file, 'rt').read()
            deliver_ssl_file(final_cert, ssl_cert_file, config['CONFIG_CONTROLLER_HOST'])
            deliver_ssl_file(final_key, ssl_key_file, config['CONFIG_CONTROLLER_HOST'])

        else:
            config["CONFIG_VNC_SSL_CERT"] = '/etc/pki/tls/certs/ssl_vnc.crt'
            config["CONFIG_VNC_SSL_KEY"] = '/etc/pki/tls/private/ssl_vnc.key'
            ssl_key_file = config["CONFIG_VNC_SSL_KEY"]
            ssl_cert_file = config["CONFIG_VNC_SSL_CERT"]
            ssl_host = config['CONFIG_CONTROLLER_HOST']
            service = 'vnc'
            generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                              ssl_cert_file)
예제 #2
0
def create_manifest(config, messages):
    if config["CONFIG_UNSUPPORTED"] != "y":
        config["CONFIG_STORAGE_HOST"] = config["CONFIG_CONTROLLER_HOST"]

    if config["CONFIG_AMQP_ENABLE_SSL"] == "y":
        ssl_host = config["CONFIG_STORAGE_HOST"]
        ssl_cert_file = config["CONFIG_MANILA_SSL_CERT"] = "/etc/pki/tls/certs/ssl_amqp_manila.crt"
        ssl_key_file = config["CONFIG_MANILA_SSL_KEY"] = "/etc/pki/tls/private/ssl_amqp_manila.key"
        service = "manila"
        generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file)

    # Change these from text to Boolean values
    boolean_keys = ["CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS", "CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS"]
    for key in [k for k in boolean_keys if k in config]:
        if config[key].lower() == "true":
            config[key] = True

        elif config[key].lower() == "false":
            config[key] = False

    # manila API should be open for everyone
    fw_details = dict()
    key = "manila_api"
    fw_details.setdefault(key, {})
    fw_details[key]["host"] = "ALL"
    fw_details[key]["service_name"] = "manila-api"
    fw_details[key]["chain"] = "INPUT"
    fw_details[key]["ports"] = ["8786"]
    fw_details[key]["proto"] = "tcp"
    config["FIREWALL_MANILA_API_RULES"] = fw_details
예제 #3
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_TROVE_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_trove.crt'
        )
        ssl_key_file = config['CONFIG_TROVE_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_trove.key'
        )
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        service = 'trove'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    if (config['CONFIG_TROVE_NOVA_USER'] == 'trove' and
            config['CONFIG_TROVE_NOVA_PW'] == ''):
        config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_TROVE_KS_PW']

    manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"]
    manifestdata = getManifestTemplate(get_mq(config, "trove"))
    manifestdata += getManifestTemplate('trove.pp')

    fw_details = dict()
    key = "trove"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "trove api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8779']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_TROVE_API_RULES'] = fw_details

    manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES')
    appendManifestFile(manifestfile, manifestdata, marker='trove')
예제 #4
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        ssl_cert_file = config['CONFIG_IRONIC_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_ironic.crt'
        )
        ssl_key_file = config['CONFIG_IRONIC_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_ironic.key'
        )
        service = 'ironic'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "ironic"))
    manifestdata += getManifestTemplate("ironic.pp")

    fw_details = dict()
    key = "ironic-api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "ironic-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['6385']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_IRONIC_API_RULES'] = fw_details

    manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES')
    appendManifestFile(manifestfile, manifestdata, 'pre')
예제 #5
0
def create_manifest(config, messages):
    if config['CONFIG_UNSUPPORTED'] != 'y':
        config['CONFIG_SAHARA_HOST'] = config['CONFIG_CONTROLLER_HOST']

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_SAHARA_HOST']
        ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_sahara.crt'
        )
        ssl_key_file = config['CONFIG_SAHARA_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_sahara.key'
        )
        service = 'sahara'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "sahara-api"
    fw_details.setdefault(key, {})
    fw_details[key]["host"] = "ALL"
    fw_details[key]["service_name"] = "sahara api"
    fw_details[key]["chain"] = "INPUT"
    fw_details[key]["ports"] = ["8386"]
    fw_details[key]["proto"] = "tcp"
    config["FIREWALL_SAHARA_CFN_RULES"] = fw_details
예제 #6
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_TROVE_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_trove.crt'
        )
        ssl_key_file = config['CONFIG_TROVE_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_trove.key'
        )
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        service = 'trove'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    if (config['CONFIG_TROVE_NOVA_USER'] == 'trove' and
            config['CONFIG_TROVE_NOVA_PW'] == ''):
        config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_TROVE_KS_PW']

    fw_details = dict()
    key = "trove"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "trove api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8779']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_TROVE_API_RULES'] = fw_details
예제 #7
0
def create_common_manifest(config, messages):
    global compute_hosts, network_hosts

    network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and 'neutron'
                    or 'nova')
    network_multi = len(network_hosts) > 1
    dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
    dbacces_hosts |= network_hosts

    for manifestfile, marker in manifestfiles.getFiles():
        pw_in_sqlconn = False
        if manifestfile.endswith("_nova.pp"):
            host, manifest = manifestfile.split('_', 1)
            host = host.strip()

            if host in compute_hosts and host not in dbacces_hosts:
                # we should omit password in case we are installing only
                # nova-compute to the host
                perms = "nova"
                pw_in_sqlconn = False
            else:
                perms = "nova:%s" % config['CONFIG_NOVA_DB_PW']
                pw_in_sqlconn = True

            mariadb_host_url = config['CONFIG_MARIADB_HOST_URL']
            sqlconn = "mysql+pymysql://%s@%s/nova" % (perms, mariadb_host_url)
            if pw_in_sqlconn:
                config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn
            else:
                config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn

            # for nova-network in multihost mode each compute host is metadata
            # host otherwise we use api host
            if (network_type == 'nova' and network_multi
                    and host in compute_hosts):
                metadata = host
            else:
                metadata = config['CONFIG_CONTROLLER_HOST']
            config['CONFIG_NOVA_METADATA_HOST'] = metadata

            data = getManifestTemplate(get_mq(config, "nova_common"))
            if pw_in_sqlconn:
                data += getManifestTemplate("nova_common_pw")
            else:
                data += getManifestTemplate("nova_common_nopw")
            # We need to have class nova before class nova::api, so prepend
            # instead of append
            prependManifestFile(os.path.split(manifestfile)[1], data)

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        nova_hosts = compute_hosts
        nova_hosts |= set([config.get('CONFIG_CONTROLLER_HOST')])
        ssl_cert_file = config['CONFIG_NOVA_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_nova.crt')
        ssl_key_file = config['CONFIG_NOVA_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_nova.key')
        service = 'nova'
        for host in nova_hosts:
            generate_ssl_cert(config, host, service, ssl_key_file,
                              ssl_cert_file)
예제 #8
0
def create_manifest(config, messages):
    manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "aodh"))
    manifestdata += getManifestTemplate("aodh")
    manifestdata += getManifestTemplate("apache_ports")

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_aodh.crt')
        ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_aodh.key')
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        service = 'aodh'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "aodh_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "aodh-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8042']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_AODH_RULES'] = fw_details
    manifestdata += createFirewallResources('FIREWALL_AODH_RULES')
    appendManifestFile(manifestfile, manifestdata, 'aodh')
예제 #9
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_heat.crt'
        )
        ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_heat.key'
        )
        service = 'heat'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "heat"))
    manifestdata += getManifestTemplate("heat")
    manifestdata += getManifestTemplate("keystone_heat")

    fw_details = dict()
    key = "heat"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "heat"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8004']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_HEAT_RULES'] = fw_details

    manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
    appendManifestFile(manifestfile, manifestdata, marker='heat')
예제 #10
0
def create_manifest(config, messages):
    if config["CONFIG_AMQP_ENABLE_SSL"] == "y":
        ssl_host = config["CONFIG_CONTROLLER_HOST"]
        ssl_cert_file = config["CONFIG_HEAT_SSL_CERT"] = "/etc/pki/tls/certs/ssl_amqp_heat.crt"
        ssl_key_file = config["CONFIG_HEAT_SSL_KEY"] = "/etc/pki/tls/private/ssl_amqp_heat.key"
        service = "heat"
        generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file)

    manifestfile = "%s_heat.pp" % config["CONFIG_CONTROLLER_HOST"]
    manifestdata = getManifestTemplate(get_mq(config, "heat"))
    manifestdata += getManifestTemplate("heat")
    manifestdata += getManifestTemplate("keystone_heat")

    fw_details = dict()
    key = "heat"
    fw_details.setdefault(key, {})
    fw_details[key]["host"] = "ALL"
    fw_details[key]["service_name"] = "heat"
    fw_details[key]["chain"] = "INPUT"
    fw_details[key]["ports"] = ["8004"]
    fw_details[key]["proto"] = "tcp"
    config["FIREWALL_HEAT_RULES"] = fw_details

    manifestdata += createFirewallResources("FIREWALL_HEAT_RULES")
    appendManifestFile(manifestfile, manifestdata, marker="heat")
예제 #11
0
def create_vncproxy_manifest(config, messages):
    if config["CONFIG_HORIZON_SSL"] == 'y':
        if config["CONFIG_VNC_SSL_CERT"]:
            ssl_cert_file = config["CONFIG_VNC_SSL_CERT"]
            ssl_key_file = config["CONFIG_VNC_SSL_KEY"]
            if not os.path.exists(ssl_cert_file):
                raise exceptions.ParamValidationError(
                    "The file %s doesn't exist" % ssl_cert_file)

            if not os.path.exists(ssl_key_file):
                raise exceptions.ParamValidationError(
                    "The file %s doesn't exist" % ssl_key_file)

            final_cert = open(ssl_cert_file, 'rt').read()
            final_key = open(ssl_key_file, 'rt').read()
            deliver_ssl_file(final_cert, ssl_cert_file, config['CONFIG_CONTROLLER_HOST'])
            deliver_ssl_file(final_key, ssl_key_file, config['CONFIG_CONTROLLER_HOST'])

        else:
            config["CONFIG_VNC_SSL_CERT"] = '/etc/pki/tls/certs/ssl_vnc.crt'
            config["CONFIG_VNC_SSL_KEY"] = '/etc/pki/tls/private/ssl_vnc.key'
            ssl_key_file = config["CONFIG_VNC_SSL_KEY"]
            ssl_cert_file = config["CONFIG_VNC_SSL_CERT"]
            ssl_host = config['CONFIG_CONTROLLER_HOST']
            service = 'vnc'
            generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                              ssl_cert_file)
예제 #12
0
def create_manifest(config, messages):
    manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "aodh"))
    manifestdata += getManifestTemplate("aodh")

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_aodh.crt'
        )
        ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_aodh.key'
        )
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        service = 'aodh'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "aodh_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "aodh-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8042']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_AODH_RULES'] = fw_details
    manifestdata += createFirewallResources('FIREWALL_AODH_RULES')
    appendManifestFile(manifestfile, manifestdata, 'aodh')
예제 #13
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_SAHARA_HOST']
        ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_sahara.crt'
        )
        ssl_key_file = config['CONFIG_SAHARA_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_sahara.key'
        )
        service = 'sahara'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "sahara"))
    manifestdata += getManifestTemplate("sahara.pp")
    if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
        manifestdata += getManifestTemplate('sahara_ceilometer')

    fw_details = dict()
    key = "sahara-api"
    fw_details.setdefault(key, {})
    fw_details[key]["host"] = "ALL"
    fw_details[key]["service_name"] = "sahara api"
    fw_details[key]["chain"] = "INPUT"
    fw_details[key]["ports"] = ["8386"]
    fw_details[key]["proto"] = "tcp"
    config["FIREWALL_SAHARA_CFN_RULES"] = fw_details

    manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES")
    appendManifestFile(manifestfile, manifestdata, marker='sahara')
예제 #14
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_STORAGE_HOST']
        ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_glance.crt'
        )
        ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_glance.key'
        )
        service = 'glance'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
    manifestdata = getManifestTemplate("glance")
    if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
        mq_template = get_mq(config, "glance_ceilometer")
        manifestdata += getManifestTemplate(mq_template)

    fw_details = dict()
    key = "glance_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "glance"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['9292']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_GLANCE_RULES'] = fw_details

    manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
    appendManifestFile(manifestfile, manifestdata)
예제 #15
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_heat.crt')
        ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_heat.key')
        service = 'heat'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "heat"))
    manifestdata += getManifestTemplate("heat")
    manifestdata += getManifestTemplate("keystone_heat")

    fw_details = dict()
    key = "heat"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "heat"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8004']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_HEAT_RULES'] = fw_details

    manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
    appendManifestFile(manifestfile, manifestdata, marker='heat')
예제 #16
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_STORAGE_HOST']
        ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_glance.crt')
        ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_glance.key')
        service = 'glance'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
    manifestdata = getManifestTemplate("glance")
    if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
        mq_template = get_mq(config, "glance_ceilometer")
        manifestdata += getManifestTemplate(mq_template)

    fw_details = dict()
    key = "glance_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "glance"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['9292']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_GLANCE_RULES'] = fw_details

    manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
    appendManifestFile(manifestfile, manifestdata)
예제 #17
0
def create_common_manifest(config, messages):
    global compute_hosts, network_hosts
    network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and
                    'neutron' or 'nova')
    network_multi = len(network_hosts) > 1
    dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
    dbacces_hosts |= network_hosts

    for manifestfile, marker in manifestfiles.getFiles():
        pw_in_sqlconn = False
        if manifestfile.endswith("_nova.pp"):
            host, manifest = manifestfile.split('_', 1)
            host = host.strip()

            if host in compute_hosts and host not in dbacces_hosts:
                # we should omit password in case we are installing only
                # nova-compute to the host
                perms = "nova"
                pw_in_sqlconn = False
            else:
                perms = "nova:%s" % config['CONFIG_NOVA_DB_PW']
                pw_in_sqlconn = True

            mariadb_host_url = config['CONFIG_MARIADB_HOST_URL']
            sqlconn = "mysql://%s@%s/nova" % (perms, mariadb_host_url)
            if pw_in_sqlconn:
                config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn
            else:
                config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn

            # for nova-network in multihost mode each compute host is metadata
            # host otherwise we use api host
            if (network_type == 'nova' and network_multi and
                    host in compute_hosts):
                metadata = host
            else:
                metadata = config['CONFIG_CONTROLLER_HOST']
            config['CONFIG_NOVA_METADATA_HOST'] = metadata

            data = getManifestTemplate(get_mq(config, "nova_common"))
            if pw_in_sqlconn:
                data += getManifestTemplate("nova_common_pw")
            else:
                data += getManifestTemplate("nova_common_nopw")
            appendManifestFile(os.path.split(manifestfile)[1], data)

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        nova_hosts = compute_hosts
        nova_hosts |= set([config.get('CONFIG_CONTROLLER_HOST')])
        ssl_cert_file = config['CONFIG_NOVA_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_nova.crt'
        )
        ssl_key_file = config['CONFIG_NOVA_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_nova.key'
        )
        service = 'nova'
        for host in nova_hosts:
            generate_ssl_cert(config, host, service,
                              ssl_key_file, ssl_cert_file)
예제 #18
0
def create_manifest(config, messages):
    manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
    manifestdata += getManifestTemplate("ceilometer")

    if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
        # Determine if we need to configure multiple sentinel hosts as
        # fallbacks for use in coordination url.
        sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])
        sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT']
        sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
        if config['CONFIG_IP_VERSION'] == 'ipv6':
            config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % (
                sentinel_host)
        else:
            config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host

        sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
        if len(sentinel_hosts) > 1:
            sentinel_format = 'sentinel_fallback=%s:%s'
            if config['CONFIG_IP_VERSION'] == 'ipv6':
                sentinel_format = 'sentinel_fallback=[%s]:%s'

            sentinel_fallbacks = '&'.join([sentinel_format %
                                          (host, sentinel_port)
                                          for host in sentinel_hosts
                                          if host != sentinel_contact])
        else:
            sentinel_fallbacks = ''
        config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
        )
        ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_ceilometer.key'
        )
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        service = 'ceilometer'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "ceilometer_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "ceilometer-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8777']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_CEILOMETER_RULES'] = fw_details
    manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')

    # Add a template that creates a group for nova because the ceilometer
    # class needs it
    if config['CONFIG_NOVA_INSTALL'] == 'n':
        manifestdata += getManifestTemplate("ceilometer_nova_disabled")
    appendManifestFile(manifestfile, manifestdata, 'ceilometer')
예제 #19
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_STORAGE_HOST']
        ssl_cert_file = config['CONFIG_CINDER_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_cinder.crt'
        )
        ssl_key_file = config['CONFIG_CINDER_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_cinder.key'
        )
        service = 'cinder'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    manifestdata = getManifestTemplate(get_mq(config, "cinder"))
    manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
    manifestdata += getManifestTemplate("cinder")

    for backend in config['CONFIG_CINDER_BACKEND']:
        manifestdata += getManifestTemplate('cinder_%s' % backend)

    if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
        manifestdata += getManifestTemplate('cinder_ceilometer')
    if config['CONFIG_SWIFT_INSTALL'] == 'y':
        manifestdata += getManifestTemplate('cinder_backup')

    fw_details = dict()
    for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
        if (config['CONFIG_NOVA_INSTALL'] == 'y' and
                config['CONFIG_VMWARE_BACKEND'] == 'n'):
            key = "cinder_%s" % host
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "%s" % host
        else:
            key = "cinder_all"
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "ALL"

        fw_details[key]['service_name'] = "cinder"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['3260']
        fw_details[key]['proto'] = "tcp"

    config['FIREWALL_CINDER_RULES'] = fw_details
    manifestdata += createFirewallResources('FIREWALL_CINDER_RULES')

    # cinder API should be open for everyone
    fw_details = dict()
    key = "cinder_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "cinder-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8776']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_CINDER_API_RULES'] = fw_details
    manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES')

    appendManifestFile(manifestfile, manifestdata)
예제 #20
0
def create_manifest(config, messages):
    manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
    manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
    manifestdata += getManifestTemplate("ceilometer")

    if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
        # Determine if we need to configure multiple sentinel hosts as
        # fallbacks for use in coordination url.
        sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])
        sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT']
        sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
        if config['CONFIG_IP_VERSION'] == 'ipv6':
            config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % (
                sentinel_host)
        else:
            config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host

        sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
        if len(sentinel_hosts) > 1:
            sentinel_format = 'sentinel_fallback=%s:%s'
            if config['CONFIG_IP_VERSION'] == 'ipv6':
                sentinel_format = 'sentinel_fallback=[%s]:%s'

            sentinel_fallbacks = '&'.join([
                sentinel_format % (host, sentinel_port)
                for host in sentinel_hosts if host != sentinel_contact
            ])
        else:
            sentinel_fallbacks = ''
        config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt')
        ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_ceilometer.key')
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        service = 'ceilometer'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "ceilometer_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "ceilometer-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8777']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_CEILOMETER_RULES'] = fw_details
    manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')

    # Add a template that creates a group for nova because the ceilometer
    # class needs it
    if config['CONFIG_NOVA_INSTALL'] == 'n':
        manifestdata += getManifestTemplate("ceilometer_nova_disabled")
    appendManifestFile(manifestfile, manifestdata, 'ceilometer')
예제 #21
0
def create_common_manifest(config, messages):
    global compute_hosts, network_hosts

    network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and
                    'neutron' or 'nova')
    network_multi = len(network_hosts) > 1
    dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
    dbacces_hosts |= network_hosts

    for host in filtered_hosts(config):
        pw_in_sqlconn = False
        host = host.strip()

        if host in compute_hosts and host not in dbacces_hosts:
            # we should omit password in case we are installing only
            # nova-compute to the host
            perms = "nova"
            pw_in_sqlconn = False
        else:
            perms = "nova:%s" % config['CONFIG_NOVA_DB_PW']
            pw_in_sqlconn = True

        mariadb_host_url = config['CONFIG_MARIADB_HOST_URL']
        sqlconn = "mysql+pymysql://%s@%s/nova" % (perms, mariadb_host_url)
        if pw_in_sqlconn:
            config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn
        else:
            config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn

        # for nova-network in multihost mode each compute host is metadata
        # host otherwise we use api host
        if (network_type == 'nova' and network_multi and
                host in compute_hosts):
            metadata = host
        else:
            metadata = config['CONFIG_CONTROLLER_HOST']
        config['CONFIG_NOVA_METADATA_HOST'] = metadata

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        nova_hosts = compute_hosts
        nova_hosts |= set([config.get('CONFIG_CONTROLLER_HOST')])
        ssl_cert_file = config['CONFIG_NOVA_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_nova.crt'
        )
        ssl_key_file = config['CONFIG_NOVA_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_nova.key'
        )
        service = 'nova'
        for host in nova_hosts:
            generate_ssl_cert(config, host, service,
                              ssl_key_file, ssl_cert_file)
예제 #22
0
def create_manifest(config, messages):
    if config['CONFIG_UNSUPPORTED'] != 'y':
        config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_STORAGE_HOST']
        ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_manila.crt'
        )
        ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_manila.key'
        )
        service = 'manila'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    # Change these from text to Boolean values
    boolean_keys = ['CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS',
                    'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS']
    for key in [k for k in boolean_keys if k in config]:
        if config[key].lower() == "true":
            config[key] = True

        elif config[key].lower() == "false":
            config[key] = False

    manifestdata = getManifestTemplate(get_mq(config, "manila"))
    manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST']
    manifestdata += getManifestTemplate("manila.pp")
    manifestdata += getManifestTemplate("manila_network.pp")

    backends = config['CONFIG_MANILA_BACKEND']
    for backend in backends:
        manifestdata += getManifestTemplate('manila_%s.pp' % backend)

    # manila API should be open for everyone
    fw_details = dict()
    key = "manila_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "manila-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8786']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_MANILA_API_RULES'] = fw_details
    manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES')

    appendManifestFile(manifestfile, manifestdata, marker='manila')
예제 #23
0
def create_manifest(config, messages):
    if config['CONFIG_UNSUPPORTED'] != 'y':
        config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_STORAGE_HOST']
        ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_manila.crt')
        ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_manila.key')
        service = 'manila'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    # Change these from text to Boolean values
    boolean_keys = [
        'CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS',
        'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS'
    ]
    for key in [k for k in boolean_keys if k in config]:
        if config[key].lower() == "true":
            config[key] = True

        elif config[key].lower() == "false":
            config[key] = False

    manifestdata = getManifestTemplate(get_mq(config, "manila"))
    manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST']
    manifestdata += getManifestTemplate("manila.pp")
    manifestdata += getManifestTemplate("manila_network.pp")

    backends = config['CONFIG_MANILA_BACKEND']
    for backend in backends:
        manifestdata += getManifestTemplate('manila_%s.pp' % backend)

    # manila API should be open for everyone
    fw_details = dict()
    key = "manila_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "manila-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8786']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_MANILA_API_RULES'] = fw_details
    manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES')

    appendManifestFile(manifestfile, manifestdata, marker='manila')
예제 #24
0
def create_manifest(config, messages):
    server = utils.ScriptRunner(config['CONFIG_AMQP_HOST'])
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        config['CONFIG_AMQP_SSL_ENABLED'] = True
        config['CONFIG_AMQP_PROTOCOL'] = 'ssl'
        config['CONFIG_AMQP_CLIENTS_PORT'] = "5671"
        amqp_host = config['CONFIG_AMQP_HOST']
        service = 'AMQP'
        ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key'
        ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt'
        cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = (
            config['CONFIG_SSL_CACERT']
        )
        generate_ssl_cert(config, amqp_host, service, ssl_key_file,
                          ssl_cert_file)
    else:
        # Set default values
        config['CONFIG_AMQP_CLIENTS_PORT'] = "5672"
        config['CONFIG_AMQP_SSL_ENABLED'] = False
        config['CONFIG_AMQP_PROTOCOL'] = 'tcp'

    if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n':
        config['CONFIG_AMQP_AUTH_PASSWORD'] = '******'
        config['CONFIG_AMQP_AUTH_USER'] = '******'

    manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST']
    manifestdata = getManifestTemplate('amqp')

    if config['CONFIG_IP_VERSION'] == 'ipv6':
        config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST']
    else:
        config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST']

    fw_details = dict()
    # All hosts should be able to talk to amqp
    for host in filtered_hosts(config, exclude=False):
        key = "amqp_%s" % host
        fw_details.setdefault(key, {})
        fw_details[key]['host'] = "%s" % host
        fw_details[key]['service_name'] = "amqp"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['5671', '5672']
        fw_details[key]['proto'] = "tcp"
    config['FIREWALL_AMQP_RULES'] = fw_details

    manifestdata += createFirewallResources('FIREWALL_AMQP_RULES')
    appendManifestFile(manifestfile, manifestdata, 'pre')
예제 #25
0
def create_manifest(config, messages):
    server = utils.ScriptRunner(config['CONFIG_AMQP_HOST'])
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        config['CONFIG_AMQP_SSL_ENABLED'] = True
        config['CONFIG_AMQP_PROTOCOL'] = 'ssl'
        config['CONFIG_AMQP_CLIENTS_PORT'] = "5671"
        amqp_host = config['CONFIG_AMQP_HOST']
        service = 'AMQP'
        ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key'
        ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt'
        cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = (
            config['CONFIG_SSL_CACERT'])
        generate_ssl_cert(config, amqp_host, service, ssl_key_file,
                          ssl_cert_file)
    else:
        # Set default values
        config['CONFIG_AMQP_CLIENTS_PORT'] = "5672"
        config['CONFIG_AMQP_SSL_ENABLED'] = False
        config['CONFIG_AMQP_PROTOCOL'] = 'tcp'

    if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n':
        config['CONFIG_AMQP_AUTH_PASSWORD'] = '******'
        config['CONFIG_AMQP_AUTH_USER'] = '******'

    manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST']
    manifestdata = getManifestTemplate('amqp')

    if config['CONFIG_IP_VERSION'] == 'ipv6':
        config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST']
    else:
        config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST']

    fw_details = dict()
    # All hosts should be able to talk to amqp
    for host in filtered_hosts(config, exclude=False):
        key = "amqp_%s" % host
        fw_details.setdefault(key, {})
        fw_details[key]['host'] = "%s" % host
        fw_details[key]['service_name'] = "amqp"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['5671', '5672']
        fw_details[key]['proto'] = "tcp"
    config['FIREWALL_AMQP_RULES'] = fw_details

    manifestdata += createFirewallResources('FIREWALL_AMQP_RULES')
    appendManifestFile(manifestfile, manifestdata, 'pre')
예제 #26
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_STORAGE_HOST']
        ssl_cert_file = config['CONFIG_CINDER_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_cinder.crt'
        )
        ssl_key_file = config['CONFIG_CINDER_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_cinder.key'
        )
        service = 'cinder'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
        if (config['CONFIG_NOVA_INSTALL'] == 'y' and
                config['CONFIG_VMWARE_BACKEND'] == 'n'):
            key = "cinder_%s" % host
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "%s" % host
        else:
            key = "cinder_all"
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "ALL"

        fw_details[key]['service_name'] = "cinder"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['3260']
        fw_details[key]['proto'] = "tcp"

    config['FIREWALL_CINDER_RULES'] = fw_details

    # cinder API should be open for everyone
    fw_details = dict()
    key = "cinder_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "cinder-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8776']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_CINDER_API_RULES'] = fw_details
예제 #27
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_STORAGE_HOST']
        ssl_cert_file = config['CONFIG_CINDER_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_cinder.crt'
        )
        ssl_key_file = config['CONFIG_CINDER_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_cinder.key'
        )
        service = 'cinder'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
        if (config['CONFIG_NOVA_INSTALL'] == 'y' and
                config['CONFIG_VMWARE_BACKEND'] == 'n'):
            key = "cinder_%s" % host
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "%s" % host
        else:
            key = "cinder_all"
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "ALL"

        fw_details[key]['service_name'] = "cinder"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['3260']
        fw_details[key]['proto'] = "tcp"

    config['FIREWALL_CINDER_RULES'] = fw_details

    # cinder API should be open for everyone
    fw_details = dict()
    key = "cinder_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "cinder-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8776']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_CINDER_API_RULES'] = fw_details
예제 #28
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        ssl_cert_file = config['CONFIG_IRONIC_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_ironic.crt')
        ssl_key_file = config['CONFIG_IRONIC_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_ironic.key')
        service = 'ironic'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "ironic-api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "ironic-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['6385']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_IRONIC_API_RULES'] = fw_details
예제 #29
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt')
        ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_ceilometer.key')
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        service = 'ceilometer'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "ceilometer_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "ceilometer-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8777']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_CEILOMETER_RULES'] = fw_details
예제 #30
0
def create_all_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_MAGNUM_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_magnum.crt'
        )
        ssl_key_file = config['CONFIG_MAGNUM_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_magnum.key'
        )
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        service = 'magnum'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "magnum"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "magnum api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['9511']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_MAGNUM_API_RULES'] = fw_details
예제 #31
0
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_STORAGE_HOST']
        ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_glance.crt'
        )
        ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_glance.key'
        )
        service = 'glance'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "glance_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "glance"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['9292']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_GLANCE_RULES'] = fw_details
예제 #32
0
파일: heat_650.py 프로젝트: dm0-/packstack
def create_manifest(config, messages):
    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_CONTROLLER_HOST']
        ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_heat.crt'
        )
        ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_heat.key'
        )
        service = 'heat'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "heat"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "heat"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8004']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_HEAT_RULES'] = fw_details
예제 #33
0
def create_manifest(config, messages):
    if config['CONFIG_UNSUPPORTED'] != 'y':
        config['CONFIG_SAHARA_HOST'] = config['CONFIG_CONTROLLER_HOST']

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_SAHARA_HOST']
        ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_sahara.crt')
        ssl_key_file = config['CONFIG_SAHARA_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_sahara.key')
        service = 'sahara'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    fw_details = dict()
    key = "sahara-api"
    fw_details.setdefault(key, {})
    fw_details[key]["host"] = "ALL"
    fw_details[key]["service_name"] = "sahara api"
    fw_details[key]["chain"] = "INPUT"
    fw_details[key]["ports"] = ["8386"]
    fw_details[key]["proto"] = "tcp"
    config["FIREWALL_SAHARA_CFN_RULES"] = fw_details
예제 #34
0
def create_manifest(config, messages):
    if config['CONFIG_UNSUPPORTED'] != 'y':
        config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_host = config['CONFIG_STORAGE_HOST']
        ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_manila.crt'
        )
        ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_manila.key'
        )
        service = 'manila'
        generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                          ssl_cert_file)

    # Change these from text to Boolean values
    boolean_keys = ['CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS',
                    'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS']
    for key in [k for k in boolean_keys if k in config]:
        if config[key].lower() == "true":
            config[key] = True

        elif config[key].lower() == "false":
            config[key] = False

    # manila API should be open for everyone
    fw_details = dict()
    key = "manila_api"
    fw_details.setdefault(key, {})
    fw_details[key]['host'] = "ALL"
    fw_details[key]['service_name'] = "manila-api"
    fw_details[key]['chain'] = "INPUT"
    fw_details[key]['ports'] = ['8786']
    fw_details[key]['proto'] = "tcp"
    config['FIREWALL_MANILA_API_RULES'] = fw_details
예제 #35
0
def create_manifests(config, messages):
    global q_hosts

    service_plugins = ['qos', 'trunk']
    service_providers = []
    if config['CONFIG_LBAAS_INSTALL'] == 'y':
        lbaas_plugin = ('neutron_lbaas.services.loadbalancer.plugin.'
                        'LoadBalancerPluginv2')
        service_plugins.append(lbaas_plugin)
        lbaas_sp = ('LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.'
                    'plugin_driver.HaproxyOnHostPluginDriver:default')
        service_providers.append(lbaas_sp)

    if use_ml2_with_ovn(config):
        service_plugins.append('ovn-router')
    else:
        # ML2 uses the L3 Router service plugin to implement l3 agent for linuxbridge and ovs
        service_plugins.append('router')

    if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
        service_plugins.append('metering')

    if config['CONFIG_NEUTRON_FWAAS'] == 'y':
        service_plugins.append('firewall_v2')
        fwaas_sp = (
            'FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.'
            'service_drivers.agents.agents.FirewallAgentDriver:default')
        service_providers.append(fwaas_sp)

    if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
        service_plugins.append('vpnaas')
        vpnaas_sp = ('VPN:libreswan:neutron_vpnaas.services.vpn.'
                     'service_drivers.ipsec.IPsecVPNDriver:default')
        service_providers.append(vpnaas_sp)

    config['SERVICE_PLUGINS'] = (service_plugins
                                 if service_plugins else 'undef')

    config['SERVICE_PROVIDERS'] = (service_providers
                                   if service_providers else [])

    config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall."
                                 "OVSHybridIptablesFirewallDriver")

    plugin_manifest = 'neutron_ml2_plugin'

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_neutron.crt')
        ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_neutron.key')
        service = 'neutron'

    for host in q_hosts:
        if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
            generate_ssl_cert(config, host, service, ssl_key_file,
                              ssl_cert_file)

        if host in api_hosts:
            # Firewall
            fw_details = dict()
            key = "neutron_server_%s" % host
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "ALL"
            fw_details[key]['service_name'] = "neutron server"
            fw_details[key]['chain'] = "INPUT"
            fw_details[key]['ports'] = ['9696']
            fw_details[key]['proto'] = "tcp"
            if use_ml2_with_ovn(config):
                key = "ovn_northd_%s" % host
                fw_details.setdefault(key, {})
                fw_details[key]['host'] = "ALL"
                fw_details[key]['service_name'] = "ovn northd"
                fw_details[key]['chain'] = "INPUT"
                fw_details[key]['ports'] = ['6641']
                fw_details[key]['proto'] = "tcp"
                key = "ovn_southd_%s" % host
                fw_details.setdefault(key, {})
                fw_details[key]['host'] = "ALL"
                fw_details[key]['service_name'] = "ovn southd"
                fw_details[key]['chain'] = "INPUT"
                fw_details[key]['ports'] = ['6642']
                fw_details[key]['proto'] = "tcp"
            config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details

        # We also need to open VXLAN/GRE port for agent
        if (use_openvswitch_vxlan(config) or use_openvswitch_gre(config)
                or use_ovn_geneve(config)):
            if config['CONFIG_IP_VERSION'] == 'ipv6':
                msg = output_messages.WARN_IPV6_OVS
                messages.append(utils.color_text(msg % host, 'red'))
            fw_details = dict()
            if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
                tunnel_subnets = map(
                    str.strip,
                    config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(','))
                cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" %
                                host.replace('.', '_'))
                for subnet in tunnel_subnets:
                    tunnel_fw_details(config, host, subnet, fw_details)
                config[cf_fw_nt_key] = fw_details
            else:
                cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" %
                                host.replace('.', '_'))
                for n_host in network_hosts | compute_hosts:
                    if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
                        if config['CONFIG_USE_SUBNETS'] == 'y':
                            iface = common.cidr_to_ifname(
                                config['CONFIG_NEUTRON_OVS_TUNNEL_IF'], n_host,
                                config)
                        else:
                            iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
                        ifip = ("ipaddress_%s" % iface)
                        ifip = re.sub('[\.\-\:]', '_', ifip)
                        try:
                            src_host = config['HOST_DETAILS'][n_host][ifip]
                        except KeyError:
                            raise KeyError('Couldn\'t detect ipaddress of '
                                           'interface %s on node %s' %
                                           (iface, n_host))
                    else:
                        src_host = n_host
                    tunnel_fw_details(config, host, src_host, fw_details)
                config[cf_fw_nt_key] = fw_details
예제 #36
0
def create_compute_manifest(config, messages):
    global compute_hosts, network_hosts

    if config["CONFIG_HORIZON_SSL"] == 'y':
        config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
    else:
        config["CONFIG_VNCPROXY_PROTOCOL"] = "http"

    migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL']
    if migrate_protocol == 'ssh':
        config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
            'qemu+ssh://nova@%s/system?no_verify=1&'
            'keyfile=/etc/nova/ssh/nova_migration_key'
        )
    else:
        config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
            'qemu+tcp://nova@%s/system'
        )

    ssh_keys_details = {}
    for host in compute_hosts:
        try:
            hostname, aliases, addrs = socket.gethostbyaddr(host)
        except socket.herror:
            hostname, aliases, addrs = (host, [], [])

        for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
            hostkey = hostkey.strip()
            if not hostkey:
                continue

            _, host_key_type, host_key_data = hostkey.split()
            key = "%s.%s" % (host_key_type, hostname)
            ssh_keys_details.setdefault(key, {})
            ssh_keys_details[key]['ensure'] = 'present'
            ssh_keys_details[key]['host_aliases'] = aliases + addrs
            ssh_keys_details[key]['key'] = host_key_data
            ssh_keys_details[key]['type'] = host_key_type

    config['SSH_KEYS'] = ssh_keys_details

    if config['CONFIG_VMWARE_BACKEND'] == 'y':
        vcenters = [i.strip() for i in
                    config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',')
                    if i.strip()]
        if not vcenters:
            raise exceptions.ParamValidationError(
                "Please specify at least one VMware vCenter cluster in"
                " CONFIG_VCENTER_CLUSTER_NAMES"
            )
        if len(vcenters) != len(compute_hosts):
            if len(vcenters) > 1:
                raise exceptions.ParamValidationError(
                    "Number of vmware clusters %s is not same"
                    " as number of nova computes %s", (vcenters, compute_hosts)
                )
            else:
                vcenters = len(compute_hosts) * [vcenters[0]]
        vmware_clusters = dict(zip(compute_hosts, vcenters))
        config['CONFIG_VCENTER_CLUSTERS'] = vmware_clusters

    for host in compute_hosts:
        if config['CONFIG_IRONIC_INSTALL'] == 'y':
            cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
            config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm

        fw_details = dict()
        cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
        for c_host in compute_hosts:
            key = "nova_qemu_migration_%s_%s" % (host, c_host)
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "%s" % c_host
            fw_details[key]['service_name'] = "nova qemu migration"
            fw_details[key]['chain'] = "INPUT"
            fw_details[key]['ports'] = ['16509', '49152-49215']
            fw_details[key]['proto'] = "tcp"

        config[cf_fw_qemu_mig_key] = fw_details

        if config['CONFIG_NEUTRON_INSTALL'] != 'y':
            key = 'CONFIG_NOVA_COMPUTE_PRIVIF'
            if not config[key].strip():
                config[key] = dummy_interface(host)
            if config['CONFIG_USE_SUBNETS'] == 'y':
                netface = common.cidr_to_ifname(
                    config[key], host, config
                )
            else:
                netface = config[key]
            check_ifcfg(host, netface)
            try:
                bring_up_ifcfg(host, netface)
            except exceptions.ScriptRuntimeError as ex:
                # just warn user to do it by himself
                messages.append(str(ex))

        if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
            if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
                ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
                    '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
                )
                ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
                    '/etc/pki/tls/private/ssl_amqp_ceilometer.key'
                )
                ssl_host = config['CONFIG_CONTROLLER_HOST']
                service = 'ceilometer'
                generate_ssl_cert(config, host, service, ssl_key_file,
                                  ssl_cert_file)

        fw_details = dict()
        key = "nova_compute"
        fw_details.setdefault(key, {})
        fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
        fw_details[key]['service_name'] = "nova compute"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['5900-5999']
        fw_details[key]['proto'] = "tcp"
        config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
예제 #37
0
파일: nova_300.py 프로젝트: dm0-/packstack
def create_compute_manifest(config, messages):
    global compute_hosts, network_hosts

    if config["CONFIG_HORIZON_SSL"] == 'y':
        config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
    else:
        config["CONFIG_VNCPROXY_PROTOCOL"] = "http"

    migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL']
    if migrate_protocol == 'ssh':
        config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
            'qemu+ssh://nova@%s/system?no_verify=1&'
            'keyfile=/etc/nova/ssh/nova_migration_key'
        )
    else:
        config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
            'qemu+tcp://nova@%s/system'
        )

    ssh_keys_details = {}
    for host in compute_hosts:
        try:
            hostname, aliases, addrs = socket.gethostbyaddr(host)
        except socket.herror:
            hostname, aliases, addrs = (host, [], [])

        for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
            hostkey = hostkey.strip()
            if not hostkey:
                continue

            _, host_key_type, host_key_data = hostkey.split()
            key = "%s.%s" % (host_key_type, hostname)
            ssh_keys_details.setdefault(key, {})
            ssh_keys_details[key]['ensure'] = 'present'
            ssh_keys_details[key]['host_aliases'] = aliases + addrs
            ssh_keys_details[key]['key'] = host_key_data
            ssh_keys_details[key]['type'] = host_key_type

    config['SSH_KEYS'] = ssh_keys_details

    if config['CONFIG_VMWARE_BACKEND'] == 'y':
        vcenters = [i.strip() for i in
                    config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',')
                    if i.strip()]
        if not vcenters:
            raise exceptions.ParamValidationError(
                "Please specify at least one VMware vCenter cluster in"
                " CONFIG_VCENTER_CLUSTER_NAMES"
            )
        if len(vcenters) != len(compute_hosts):
            if len(vcenters) > 1:
                raise exceptions.ParamValidationError(
                    "Number of vmware clusters %s is not same"
                    " as number of nova computes %s", (vcenters, compute_hosts)
                )
            else:
                vcenters = len(compute_hosts) * [vcenters[0]]
        vmware_clusters = dict(zip(compute_hosts, vcenters))
        config['CONFIG_VCENTER_CLUSTERS'] = vmware_clusters

    for host in compute_hosts:
        if config['CONFIG_IRONIC_INSTALL'] == 'y':
            cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
            config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm

        fw_details = dict()
        cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
        for c_host in compute_hosts:
            key = "nova_qemu_migration_%s_%s" % (host, c_host)
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "%s" % c_host
            fw_details[key]['service_name'] = "nova qemu migration"
            fw_details[key]['chain'] = "INPUT"
            fw_details[key]['ports'] = ['16509', '49152-49215']
            fw_details[key]['proto'] = "tcp"

        config[cf_fw_qemu_mig_key] = fw_details

        if config['CONFIG_NEUTRON_INSTALL'] != 'y':
            key = 'CONFIG_NOVA_COMPUTE_PRIVIF'
            if not config[key].strip():
                config[key] = dummy_interface(host)
            if config['CONFIG_USE_SUBNETS'] == 'y':
                netface = common.cidr_to_ifname(
                    config[key], host, config
                )
            else:
                netface = config[key]
            check_ifcfg(host, netface)
            try:
                bring_up_ifcfg(host, netface)
            except exceptions.ScriptRuntimeError as ex:
                # just warn user to do it by himself
                messages.append(str(ex))

        if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
            if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
                ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
                    '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
                )
                ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
                    '/etc/pki/tls/private/ssl_amqp_ceilometer.key'
                )
                ssl_host = config['CONFIG_CONTROLLER_HOST']
                service = 'ceilometer'
                generate_ssl_cert(config, host, service, ssl_key_file,
                                  ssl_cert_file)

        fw_details = dict()
        key = "nova_compute"
        fw_details.setdefault(key, {})
        fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
        fw_details[key]['service_name'] = "nova compute"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['5900-5999']
        fw_details[key]['proto'] = "tcp"
        config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
예제 #38
0
def create_manifest(config, messages):
    horizon_host = config['CONFIG_CONTROLLER_HOST']
    manifestfile = "%s_horizon.pp" % horizon_host

    proto = "http"
    config["CONFIG_HORIZON_PORT"] = 80
    sslmanifestdata = ''
    if config["CONFIG_HORIZON_SSL"] == 'y':
        config["CONFIG_HORIZON_PORT"] = 443
        proto = "https"

        # Are we using the users cert/key files
        if config["CONFIG_HORIZON_SSL_CERT"]:
            ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"]
            ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"]
            ssl_chain_file = config["CONFIG_HORIZON_SSL_CACERT"]

            if not os.path.exists(ssl_cert_file):
                raise exceptions.ParamValidationError(
                    "The file %s doesn't exist" % ssl_cert_file)

            if not os.path.exists(ssl_key_file):
                raise exceptions.ParamValidationError(
                    "The file %s doesn't exist" % ssl_key_file)

            if not os.path.exists(ssl_chain_file):
                raise exceptions.ParamValidationError(
                    "The file %s doesn't exist" % ssl_chain_file)

            final_cert = open(ssl_cert_file, 'rt').read()
            final_key = open(ssl_key_file, 'rt').read()
            final_cacert = open(ssl_chain_file, 'rt').read()
            host = config['CONFIG_CONTROLLER_HOST']
            deliver_ssl_file(final_cacert, ssl_chain_file, host)
            deliver_ssl_file(final_cert, ssl_cert_file, host)
            deliver_ssl_file(final_key, ssl_key_file, host)

        else:
            ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"] = (
                '/etc/pki/tls/certs/ssl_dashboard.crt')
            ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] = (
                '/etc/pki/tls/private/ssl_dashboard.key')
            cacert = config['CONFIG_SSL_CACERT']
            config["CONFIG_HORIZON_SSL_CACERT"] = cacert
            ssl_host = config['CONFIG_CONTROLLER_HOST']
            service = 'dashboard'
            generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                              ssl_cert_file)
            messages.append(
                "%sNOTE%s : A certificate was generated to be used for ssl, "
                "You should change the ssl certificate configured in "
                "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." %
                (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host))

    config["CONFIG_HORIZON_NEUTRON_LB"] = False
    config["CONFIG_HORIZON_NEUTRON_FW"] = False
    config["CONFIG_HORIZON_NEUTRON_VPN"] = False

    if config['CONFIG_NEUTRON_INSTALL'] == 'y':
        if config["CONFIG_LBAAS_INSTALL"] == 'y':
            config["CONFIG_HORIZON_NEUTRON_LB"] = True
        if config["CONFIG_NEUTRON_FWAAS"] == 'y':
            config["CONFIG_HORIZON_NEUTRON_FW"] = True
        if config["CONFIG_NEUTRON_VPNAAS"] == 'y':
            config["CONFIG_HORIZON_NEUTRON_VPN"] = True

    manifestdata = getManifestTemplate("horizon")
    appendManifestFile(manifestfile, manifestdata)

    msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n"
           "Please, find your login credentials stored in the keystonerc_admin"
           " in your home directory." %
           (proto, config['CONFIG_CONTROLLER_HOST']))
    messages.append(msg)
예제 #39
0
def create_compute_manifest(config, messages):
    global compute_hosts, network_hosts

    if config["CONFIG_HORIZON_SSL"] == 'y':
        config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
    else:
        config["CONFIG_VNCPROXY_PROTOCOL"] = "http"

    migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL']
    if migrate_protocol == 'ssh':
        config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
            'qemu+ssh://nova@%s/system?no_verify=1&'
            'keyfile=/etc/nova/ssh/nova_migration_key'
        )
    else:
        config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
            'qemu+tcp://nova@%s/system'
        )

    ssh_hostkeys = ''

    ssh_keys_details = {}
    for host in compute_hosts:
        try:
            hostname, aliases, addrs = socket.gethostbyaddr(host)
        except socket.herror:
            hostname, aliases, addrs = (host, [], [])

        for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
            hostkey = hostkey.strip()
            if not hostkey:
                continue

            _, host_key_type, host_key_data = hostkey.split()
            key = "%s.%s" % (host_key_type, hostname)
            ssh_keys_details.setdefault(key, {})
            ssh_keys_details[key]['ensure'] = 'present'
            ssh_keys_details[key]['host_aliases'] = aliases + addrs
            ssh_keys_details[key]['key'] = host_key_data
            ssh_keys_details[key]['type'] = host_key_type

    config['SSH_KEYS'] = ssh_keys_details
    ssh_hostkeys += getManifestTemplate("sshkey")

    for host in compute_hosts:
        if config['CONFIG_IRONIC_INSTALL'] == 'y':
            cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
            config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm

        manifestdata = getManifestTemplate("nova_compute")

        fw_details = dict()
        cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
        for c_host in compute_hosts:
            key = "nova_qemu_migration_%s_%s" % (host, c_host)
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "%s" % c_host
            fw_details[key]['service_name'] = "nova qemu migration"
            fw_details[key]['chain'] = "INPUT"
            fw_details[key]['ports'] = ['16509', '49152-49215']
            fw_details[key]['proto'] = "tcp"

        config[cf_fw_qemu_mig_key] = fw_details
        manifestdata += createFirewallResources(cf_fw_qemu_mig_key)

        if config['CONFIG_VMWARE_BACKEND'] == 'y':
            manifestdata += getManifestTemplate("nova_compute_vmware.pp")
        elif config['CONFIG_IRONIC_INSTALL'] == 'y':
            manifestdata += getManifestTemplate("nova_compute_ironic.pp")
        else:
            manifestdata += getManifestTemplate("nova_compute_libvirt.pp")

        if (config['CONFIG_VMWARE_BACKEND'] != 'y' and
                config['CONFIG_CINDER_INSTALL'] == 'y' and
                'gluster' in config['CONFIG_CINDER_BACKEND']):
            manifestdata += getManifestTemplate("nova_gluster")
        if (config['CONFIG_VMWARE_BACKEND'] != 'y' and
                config['CONFIG_CINDER_INSTALL'] == 'y' and
                'nfs' in config['CONFIG_CINDER_BACKEND']):
            manifestdata += getManifestTemplate("nova_nfs")
        manifestfile = "%s_nova.pp" % host

        if config['CONFIG_NEUTRON_INSTALL'] != 'y':
            if host not in network_hosts:
                manifestdata += getManifestTemplate('nova_compute_flat')

            if config['CONFIG_USE_SUBNETS'] == 'y':
                netface = common.cidr_to_ifname(
                    config['CONFIG_NOVA_COMPUTE_PRIVIF'], host, config
                )
            else:
                netface = config['CONFIG_NOVA_COMPUTE_PRIVIF']
            check_ifcfg(host, netface)
            try:
                bring_up_ifcfg(host, netface)
            except ScriptRuntimeError as ex:
                # just warn user to do it by himself
                messages.append(str(ex))

        if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
            if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
                ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
                    '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
                )
                ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
                    '/etc/pki/tls/private/ssl_amqp_ceilometer.key'
                )
                ssl_host = config['CONFIG_CONTROLLER_HOST']
                service = 'ceilometer'
                generate_ssl_cert(config, host, service, ssl_key_file,
                                  ssl_cert_file)

            mq_template = get_mq(config, "nova_ceilometer")
            manifestdata += getManifestTemplate(mq_template)
            manifestdata += getManifestTemplate("nova_ceilometer")

        fw_details = dict()
        key = "nova_compute"
        fw_details.setdefault(key, {})
        fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
        fw_details[key]['service_name'] = "nova compute"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['5900-5999']
        fw_details[key]['proto'] = "tcp"
        config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details

        manifestdata += "\n" + createFirewallResources(
            'FIREWALL_NOVA_COMPUTE_RULES'
            )
        manifestdata += "\n" + ssh_hostkeys
        appendManifestFile(manifestfile, manifestdata)
예제 #40
0
def create_compute_manifest(config, messages):
    global compute_hosts, network_hosts

    if config["CONFIG_HORIZON_SSL"] == 'y':
        config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
    else:
        config["CONFIG_VNCPROXY_PROTOCOL"] = "http"

    config["CONFIG_NOVA_ALLOW_RESIZE_TO_SAME"] = len(compute_hosts) == 1

    ssh_keys_details = {}
    for host in compute_hosts:
        try:
            hostname, aliases, addrs = socket.gethostbyaddr(host)
        except socket.herror:
            hostname, aliases, addrs = (host, [], [])

        for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
            hostkey = hostkey.strip()
            if not hostkey:
                continue

            _, host_key_type, host_key_data = hostkey.split()
            key = "%s.%s" % (host_key_type, hostname)
            ssh_keys_details.setdefault(key, {})
            ssh_keys_details[key]['ensure'] = 'present'
            ssh_keys_details[key]['host_aliases'] = [hostname] + aliases + addrs
            ssh_keys_details[key]['key'] = host_key_data
            ssh_keys_details[key]['type'] = host_key_type

    config['SSH_KEYS'] = ssh_keys_details

    if config['CONFIG_VMWARE_BACKEND'] == 'y':
        vcenters = [i.strip() for i in
                    config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',')
                    if i.strip()]
        if not vcenters:
            raise exceptions.ParamValidationError(
                "Please specify at least one VMware vCenter cluster in"
                " CONFIG_VCENTER_CLUSTER_NAMES"
            )
        if len(vcenters) != len(compute_hosts):
            if len(vcenters) > 1:
                raise exceptions.ParamValidationError(
                    "Number of vmware clusters %s is not same"
                    " as number of nova computes %s", (vcenters, compute_hosts)
                )
            else:
                vcenters = len(compute_hosts) * [vcenters[0]]
        vmware_clusters = dict(zip(compute_hosts, vcenters))
        config['CONFIG_VCENTER_CLUSTERS'] = vmware_clusters

    for host in compute_hosts:
        fw_details = dict()
        cf_fw_qemu_mig_key = ("FIREWALL_NOVA_QEMU_MIG_RULES_%s" %
                              host.replace('.', '_'))
        for c_host in compute_hosts:
            key = "nova_qemu_migration_%s_%s" % (host, c_host)
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "%s" % c_host
            fw_details[key]['service_name'] = "nova qemu migration"
            fw_details[key]['chain'] = "INPUT"
            fw_details[key]['ports'] = ['16509', '49152-49215']
            fw_details[key]['proto'] = "tcp"

        config[cf_fw_qemu_mig_key] = fw_details

        if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
            if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
                ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
                    '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
                )
                ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
                    '/etc/pki/tls/private/ssl_amqp_ceilometer.key'
                )
                ssl_host = config['CONFIG_CONTROLLER_HOST']
                service = 'ceilometer'
                generate_ssl_cert(config, host, service, ssl_key_file,
                                  ssl_cert_file)

        fw_details = dict()
        key = "nova_compute"
        fw_details.setdefault(key, {})
        fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
        fw_details[key]['service_name'] = "nova compute"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['5900-5999']
        fw_details[key]['proto'] = "tcp"
        config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
예제 #41
0
def create_manifest(config, messages):
    horizon_host = config['CONFIG_CONTROLLER_HOST']
    manifestfile = "%s_horizon.pp" % horizon_host

    proto = "http"
    config["CONFIG_HORIZON_PORT"] = 80
    sslmanifestdata = ''
    if config["CONFIG_HORIZON_SSL"] == 'y':
        config["CONFIG_HORIZON_PORT"] = 443
        proto = "https"

        # Are we using the users cert/key files
        if config["CONFIG_HORIZON_SSL_CERT"]:
            ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"]
            ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"]
            ssl_chain_file = config["CONFIG_HORIZON_SSL_CACERT"]

            if not os.path.exists(ssl_cert_file):
                raise exceptions.ParamValidationError(
                    "The file %s doesn't exist" % ssl_cert_file)

            if not os.path.exists(ssl_key_file):
                raise exceptions.ParamValidationError(
                    "The file %s doesn't exist" % ssl_key_file)

            if not os.path.exists(ssl_chain_file):
                raise exceptions.ParamValidationError(
                    "The file %s doesn't exist" % ssl_chain_file)

            final_cert = open(ssl_cert_file, 'rt').read()
            final_key = open(ssl_key_file, 'rt').read()
            final_cacert = open(ssl_chain_file, 'rt').read()
            host = config['CONFIG_CONTROLLER_HOST']
            deliver_ssl_file(final_cacert, ssl_chain_file, host)
            deliver_ssl_file(final_cert, ssl_cert_file, host)
            deliver_ssl_file(final_key, ssl_key_file, host)

        else:
            ssl_cert_file = config["CONFIG_HORIZON_SSL_CERT"] = (
                '/etc/pki/tls/certs/ssl_dashboard.crt'
            )
            ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] = (
                '/etc/pki/tls/private/ssl_dashboard.key'
            )
            cacert = config['CONFIG_SSL_CACERT']
            config["CONFIG_HORIZON_SSL_CACERT"] = cacert
            ssl_host = config['CONFIG_CONTROLLER_HOST']
            service = 'dashboard'
            generate_ssl_cert(config, ssl_host, service, ssl_key_file,
                              ssl_cert_file)
            messages.append(
                "%sNOTE%s : A certificate was generated to be used for ssl, "
                "You should change the ssl certificate configured in "
                "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert."
                % (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host))

    config["CONFIG_HORIZON_NEUTRON_LB"] = False
    config["CONFIG_HORIZON_NEUTRON_FW"] = False
    config["CONFIG_HORIZON_NEUTRON_VPN"] = False

    if config['CONFIG_NEUTRON_INSTALL'] == 'y':
        if config["CONFIG_LBAAS_INSTALL"] == 'y':
            config["CONFIG_HORIZON_NEUTRON_LB"] = True
        if config["CONFIG_NEUTRON_FWAAS"] == 'y':
            config["CONFIG_HORIZON_NEUTRON_FW"] = True
        if config["CONFIG_NEUTRON_VPNAAS"] == 'y':
            config["CONFIG_HORIZON_NEUTRON_VPN"] = True

    manifestdata = getManifestTemplate("horizon")
    manifestdata += getManifestTemplate("apache_ports")
    appendManifestFile(manifestfile, manifestdata)

    msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n"
           "Please, find your login credentials stored in the keystonerc_admin"
           " in your home directory."
           % (proto, config['CONFIG_CONTROLLER_HOST']))
    messages.append(msg)
예제 #42
0
def create_manifests(config, messages):
    global q_hosts

    service_plugins = []
    if config['CONFIG_LBAAS_INSTALL'] == 'y':
        service_plugins.append('lbaas')

    # ML2 uses the L3 Router service plugin to implement l3 agent
    service_plugins.append('router')

    if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
        service_plugins.append('metering')

    if config['CONFIG_NEUTRON_FWAAS'] == 'y':
        service_plugins.append('firewall')

    if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
        service_plugins.append('vpnaas')

    config['SERVICE_PLUGINS'] = (service_plugins
                                 if service_plugins else 'undef')

    plugin_manifest = 'neutron_ml2_plugin'

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_neutron.crt')
        ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_neutron.key')
        service = 'neutron'

    for host in q_hosts:
        if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
            generate_ssl_cert(config, host, service, ssl_key_file,
                              ssl_cert_file)

        manifest_file = "%s_neutron.pp" % (host, )
        manifest_data = getManifestTemplate("neutron")
        manifest_data += getManifestTemplate(get_mq(config, "neutron"))
        appendManifestFile(manifest_file, manifest_data, 'neutron')

        if host in api_hosts:
            manifest_file = "%s_neutron.pp" % (host, )
            manifest_data = getManifestTemplate("neutron_api")
            if config['CONFIG_NOVA_INSTALL'] == 'y':
                template_name = "neutron_notifications"
                manifest_data += getManifestTemplate(template_name)

            # Set up any l2 plugin configs we need only on neutron api nodes
            # XXX I am not completely sure about this, but it seems necessary:
            manifest_data += getManifestTemplate(plugin_manifest)

            # Firewall
            fw_details = dict()
            key = "neutron_server_%s" % host
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "ALL"
            fw_details[key]['service_name'] = "neutron server"
            fw_details[key]['chain'] = "INPUT"
            fw_details[key]['ports'] = ['9696']
            fw_details[key]['proto'] = "tcp"
            config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details

            manifest_data += createFirewallResources(
                'FIREWALL_NEUTRON_SERVER_RULES')
            appendManifestFile(manifest_file, manifest_data, 'neutron')

        # We also need to open VXLAN/GRE port for agent
        manifest_data = ""
        if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
            if config['CONFIG_IP_VERSION'] == 'ipv6':
                msg = output_messages.WARN_IPV6_OVS
                messages.append(utils.color_text(msg % host, 'red'))

            if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
                tunnel_subnets = map(
                    str.strip,
                    config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(','))
                for subnet in tunnel_subnets:
                    cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" %
                                    (host, subnet))
                    config[cf_fw_nt_key] = tunnel_fw_details(
                        config, host, subnet)
                    manifest_data += createFirewallResources(cf_fw_nt_key)
            else:
                for n_host in network_hosts | compute_hosts:
                    cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s" %
                                    (host, n_host))
                    if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
                        if config['CONFIG_USE_SUBNETS'] == 'y':
                            iface = common.cidr_to_ifname(
                                config['CONFIG_NEUTRON_OVS_TUNNEL_IF'], n_host,
                                config)
                        else:
                            iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
                        ifip = ("ipaddress_%s" % iface)
                        try:
                            src_host = config['HOST_DETAILS'][n_host][ifip]
                        except KeyError:
                            raise KeyError('Couldn\'t detect ipaddress of '
                                           'interface %s on node %s' %
                                           (iface, n_host))
                    else:
                        src_host = n_host
                    config[cf_fw_nt_key] = tunnel_fw_details(
                        config, host, src_host)
                    manifest_data += createFirewallResources(cf_fw_nt_key)

            appendManifestFile(manifest_file, manifest_data, 'neutron')
예제 #43
0
def create_compute_manifest(config, messages):
    global compute_hosts, network_hosts

    if config["CONFIG_HORIZON_SSL"] == 'y':
        config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
    else:
        config["CONFIG_VNCPROXY_PROTOCOL"] = "http"

    migrate_protocol = config['CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL']
    if migrate_protocol == 'ssh':
        config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
            'qemu+ssh://nova@%s/system?no_verify=1&'
            'keyfile=/etc/nova/ssh/nova_migration_key')
    else:
        config['CONFIG_NOVA_COMPUTE_MIGRATE_URL'] = (
            'qemu+tcp://nova@%s/system')

    ssh_hostkeys = ''

    ssh_keys_details = {}
    for host in compute_hosts:
        try:
            hostname, aliases, addrs = socket.gethostbyaddr(host)
        except socket.herror:
            hostname, aliases, addrs = (host, [], [])

        for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
            hostkey = hostkey.strip()
            if not hostkey:
                continue

            _, host_key_type, host_key_data = hostkey.split()
            key = "%s.%s" % (host_key_type, hostname)
            ssh_keys_details.setdefault(key, {})
            ssh_keys_details[key]['ensure'] = 'present'
            ssh_keys_details[key]['host_aliases'] = aliases + addrs
            ssh_keys_details[key]['key'] = host_key_data
            ssh_keys_details[key]['type'] = host_key_type

    config['SSH_KEYS'] = ssh_keys_details
    ssh_hostkeys += getManifestTemplate("sshkey")

    for host in compute_hosts:
        if config['CONFIG_IRONIC_INSTALL'] == 'y':
            cm = 'ironic.nova.compute.manager.ClusteredComputeManager'
            config['CONFIG_NOVA_COMPUTE_MANAGER'] = cm

        manifestdata = getManifestTemplate("nova_compute")

        fw_details = dict()
        cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
        for c_host in compute_hosts:
            key = "nova_qemu_migration_%s_%s" % (host, c_host)
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "%s" % c_host
            fw_details[key]['service_name'] = "nova qemu migration"
            fw_details[key]['chain'] = "INPUT"
            fw_details[key]['ports'] = ['16509', '49152-49215']
            fw_details[key]['proto'] = "tcp"

        config[cf_fw_qemu_mig_key] = fw_details
        manifestdata += createFirewallResources(cf_fw_qemu_mig_key)

        if config['CONFIG_VMWARE_BACKEND'] == 'y':
            manifestdata += getManifestTemplate("nova_compute_vmware.pp")
        elif config['CONFIG_IRONIC_INSTALL'] == 'y':
            manifestdata += getManifestTemplate("nova_compute_ironic.pp")
        else:
            manifestdata += getManifestTemplate("nova_compute_libvirt.pp")

        if (config['CONFIG_VMWARE_BACKEND'] != 'y'
                and config['CONFIG_CINDER_INSTALL'] == 'y'
                and 'gluster' in config['CONFIG_CINDER_BACKEND']):
            manifestdata += getManifestTemplate("nova_gluster")
        if (config['CONFIG_VMWARE_BACKEND'] != 'y'
                and config['CONFIG_CINDER_INSTALL'] == 'y'
                and 'nfs' in config['CONFIG_CINDER_BACKEND']):
            manifestdata += getManifestTemplate("nova_nfs")
        manifestfile = "%s_nova.pp" % host

        if config['CONFIG_NEUTRON_INSTALL'] != 'y':
            if host not in network_hosts:
                manifestdata += getManifestTemplate('nova_compute_flat')

            if config['CONFIG_USE_SUBNETS'] == 'y':
                netface = common.cidr_to_ifname(
                    config['CONFIG_NOVA_COMPUTE_PRIVIF'], host, config)
            else:
                netface = config['CONFIG_NOVA_COMPUTE_PRIVIF']
            check_ifcfg(host, netface)
            try:
                bring_up_ifcfg(host, netface)
            except ScriptRuntimeError as ex:
                # just warn user to do it by himself
                messages.append(str(ex))

        if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
            if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
                ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
                    '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt')
                ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
                    '/etc/pki/tls/private/ssl_amqp_ceilometer.key')
                ssl_host = config['CONFIG_CONTROLLER_HOST']
                service = 'ceilometer'
                generate_ssl_cert(config, host, service, ssl_key_file,
                                  ssl_cert_file)

            mq_template = get_mq(config, "nova_ceilometer")
            manifestdata += getManifestTemplate(mq_template)
            manifestdata += getManifestTemplate("nova_ceilometer")

        fw_details = dict()
        key = "nova_compute"
        fw_details.setdefault(key, {})
        fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
        fw_details[key]['service_name'] = "nova compute"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['5900-5999']
        fw_details[key]['proto'] = "tcp"
        config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details

        manifestdata += "\n" + createFirewallResources(
            'FIREWALL_NOVA_COMPUTE_RULES')
        manifestdata += "\n" + ssh_hostkeys
        appendManifestFile(manifestfile, manifestdata)
예제 #44
0
def create_manifests(config, messages):
    global q_hosts

    service_plugins = ['qos', 'trunk']
    service_providers = []
    if config['CONFIG_LBAAS_INSTALL'] == 'y':
        lbaas_plugin = ('neutron_lbaas.services.loadbalancer.plugin.'
                        'LoadBalancerPluginv2')
        service_plugins.append(lbaas_plugin)
        lbaas_sp = ('LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.'
                    'plugin_driver.HaproxyOnHostPluginDriver:default')
        service_providers.append(lbaas_sp)

    if use_ml2_with_ovn(config):
        service_plugins.append('ovn-router')
    else:
        # ML2 uses the L3 Router service plugin to implement l3 agent for linuxbridge and ovs
        service_plugins.append('router')

    if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
        service_plugins.append('metering')

    if config['CONFIG_NEUTRON_FWAAS'] == 'y':
        service_plugins.append('firewall')
        fwaas_sp = ('FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.'
                    'OVSHybridIptablesFirewallDriver:default')
        service_providers.append(fwaas_sp)

    if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
        service_plugins.append('vpnaas')
        vpnaas_sp = ('VPN:libreswan:neutron_vpnaas.services.vpn.'
                     'service_drivers.ipsec.IPsecVPNDriver:default')
        service_providers.append(vpnaas_sp)

    config['SERVICE_PLUGINS'] = (service_plugins if service_plugins
                                 else 'undef')

    config['SERVICE_PROVIDERS'] = (service_providers if service_providers
                                   else [])

    config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall."
                                 "OVSHybridIptablesFirewallDriver")

    plugin_manifest = 'neutron_ml2_plugin'

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_neutron.crt'
        )
        ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_neutron.key'
        )
        service = 'neutron'

    for host in q_hosts:
        if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
            generate_ssl_cert(config, host, service, ssl_key_file,
                              ssl_cert_file)

        if host in api_hosts:
            # Firewall
            fw_details = dict()
            key = "neutron_server_%s" % host
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "ALL"
            fw_details[key]['service_name'] = "neutron server"
            fw_details[key]['chain'] = "INPUT"
            fw_details[key]['ports'] = ['9696']
            fw_details[key]['proto'] = "tcp"
            if use_ml2_with_ovn(config):
                key = "ovn_northd_%s" % host
                fw_details.setdefault(key, {})
                fw_details[key]['host'] = "ALL"
                fw_details[key]['service_name'] = "ovn northd"
                fw_details[key]['chain'] = "INPUT"
                fw_details[key]['ports'] = ['6641']
                fw_details[key]['proto'] = "tcp"
                key = "ovn_southd_%s" % host
                fw_details.setdefault(key, {})
                fw_details[key]['host'] = "ALL"
                fw_details[key]['service_name'] = "ovn southd"
                fw_details[key]['chain'] = "INPUT"
                fw_details[key]['ports'] = ['6642']
                fw_details[key]['proto'] = "tcp"
            config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details

        # We also need to open VXLAN/GRE port for agent
        if (use_openvswitch_vxlan(config) or use_openvswitch_gre(config) or
                use_ovn_geneve(config)):
            if config['CONFIG_IP_VERSION'] == 'ipv6':
                msg = output_messages.WARN_IPV6_OVS
                messages.append(utils.color_text(msg % host, 'red'))
            fw_details = dict()
            if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
                tunnel_subnets = map(
                    str.strip,
                    config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(',')
                )
                cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host)
                for subnet in tunnel_subnets:
                    tunnel_fw_details(config, host, subnet, fw_details)
                config[cf_fw_nt_key] = fw_details
            else:
                cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s" % host)
                for n_host in network_hosts | compute_hosts:
                    if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
                        if config['CONFIG_USE_SUBNETS'] == 'y':
                            iface = common.cidr_to_ifname(
                                config['CONFIG_NEUTRON_OVS_TUNNEL_IF'],
                                n_host, config)
                        else:
                            iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
                        ifip = ("ipaddress_%s" % iface)
                        ifip = re.sub('[\.\-\:]', '_', ifip)
                        try:
                            src_host = config['HOST_DETAILS'][n_host][ifip]
                        except KeyError:
                            raise KeyError('Couldn\'t detect ipaddress of '
                                           'interface %s on node %s' %
                                           (iface, n_host))
                    else:
                        src_host = n_host
                    tunnel_fw_details(config, host, src_host, fw_details)
                config[cf_fw_nt_key] = fw_details
예제 #45
0
def create_compute_manifest(config, messages):
    global compute_hosts, network_hosts

    if config["CONFIG_HORIZON_SSL"] == 'y':
        config["CONFIG_VNCPROXY_PROTOCOL"] = "https"
    else:
        config["CONFIG_VNCPROXY_PROTOCOL"] = "http"

    config["CONFIG_NOVA_ALLOW_RESIZE_TO_SAME"] = len(compute_hosts) == 1

    ssh_keys_details = {}
    for host in compute_hosts:
        try:
            hostname, aliases, addrs = socket.gethostbyaddr(host)
        except socket.herror:
            hostname, aliases, addrs = (host, [], [])

        for hostkey in config['HOST_KEYS_%s' % host].split('\n'):
            hostkey = hostkey.strip()
            if not hostkey:
                continue

            _, host_key_type, host_key_data = hostkey.split()
            key = "%s.%s" % (host_key_type, hostname)
            ssh_keys_details.setdefault(key, {})
            ssh_keys_details[key]['ensure'] = 'present'
            ssh_keys_details[key]['host_aliases'] = [hostname] + aliases + addrs
            ssh_keys_details[key]['key'] = host_key_data
            ssh_keys_details[key]['type'] = host_key_type

    config['SSH_KEYS'] = ssh_keys_details

    if config['CONFIG_VMWARE_BACKEND'] == 'y':
        vcenters = [i.strip() for i in
                    config['CONFIG_VCENTER_CLUSTER_NAMES'].split(',')
                    if i.strip()]
        if not vcenters:
            raise exceptions.ParamValidationError(
                "Please specify at least one VMware vCenter cluster in"
                " CONFIG_VCENTER_CLUSTER_NAMES"
            )
        if len(vcenters) != len(compute_hosts):
            if len(vcenters) > 1:
                raise exceptions.ParamValidationError(
                    "Number of vmware clusters %s is not same"
                    " as number of nova computes %s", (vcenters, compute_hosts)
                )
            else:
                vcenters = len(compute_hosts) * [vcenters[0]]
        vmware_clusters = dict(zip(compute_hosts, vcenters))
        config['CONFIG_VCENTER_CLUSTERS'] = vmware_clusters

    for host in compute_hosts:
        fw_details = dict()
        cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host
        for c_host in compute_hosts:
            key = "nova_qemu_migration_%s_%s" % (host, c_host)
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "%s" % c_host
            fw_details[key]['service_name'] = "nova qemu migration"
            fw_details[key]['chain'] = "INPUT"
            fw_details[key]['ports'] = ['16509', '49152-49215']
            fw_details[key]['proto'] = "tcp"

        config[cf_fw_qemu_mig_key] = fw_details

        if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
            if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
                ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
                    '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
                )
                ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
                    '/etc/pki/tls/private/ssl_amqp_ceilometer.key'
                )
                ssl_host = config['CONFIG_CONTROLLER_HOST']
                service = 'ceilometer'
                generate_ssl_cert(config, host, service, ssl_key_file,
                                  ssl_cert_file)

        fw_details = dict()
        key = "nova_compute"
        fw_details.setdefault(key, {})
        fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
        fw_details[key]['service_name'] = "nova compute"
        fw_details[key]['chain'] = "INPUT"
        fw_details[key]['ports'] = ['5900-5999']
        fw_details[key]['proto'] = "tcp"
        config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details
예제 #46
0
def create_manifests(config, messages):
    global q_hosts

    service_plugins = []
    if config['CONFIG_LBAAS_INSTALL'] == 'y':
        service_plugins.append('lbaas')

    # ML2 uses the L3 Router service plugin to implement l3 agent
    service_plugins.append('router')

    if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y':
        service_plugins.append('metering')

    if config['CONFIG_NEUTRON_FWAAS'] == 'y':
        service_plugins.append('firewall')

    if config['CONFIG_NEUTRON_VPNAAS'] == 'y':
        service_plugins.append('vpnaas')

    config['SERVICE_PLUGINS'] = (service_plugins if service_plugins
                                 else 'undef')

    config['FIREWALL_DRIVER'] = ("neutron.agent.linux.iptables_firewall."
                                 "OVSHybridIptablesFirewallDriver")

    plugin_manifest = 'neutron_ml2_plugin'

    if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
        ssl_cert_file = config['CONFIG_NEUTRON_SSL_CERT'] = (
            '/etc/pki/tls/certs/ssl_amqp_neutron.crt'
        )
        ssl_key_file = config['CONFIG_NEUTRON_SSL_KEY'] = (
            '/etc/pki/tls/private/ssl_amqp_neutron.key'
        )
        service = 'neutron'

    for host in q_hosts:
        if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
            generate_ssl_cert(config, host, service, ssl_key_file,
                              ssl_cert_file)

        manifest_file = "%s_neutron.pp" % (host,)
        manifest_data = getManifestTemplate("neutron")
        manifest_data += getManifestTemplate(get_mq(config, "neutron"))
        appendManifestFile(manifest_file, manifest_data, 'neutron')

        if host in api_hosts:
            manifest_file = "%s_neutron.pp" % (host,)
            manifest_data = getManifestTemplate("neutron_api")
            if config['CONFIG_NOVA_INSTALL'] == 'y':
                template_name = "neutron_notifications"
                manifest_data += getManifestTemplate(template_name)

            # Set up any l2 plugin configs we need only on neutron api nodes
            # XXX I am not completely sure about this, but it seems necessary:
            manifest_data += getManifestTemplate(plugin_manifest)

            # Firewall
            fw_details = dict()
            key = "neutron_server_%s" % host
            fw_details.setdefault(key, {})
            fw_details[key]['host'] = "ALL"
            fw_details[key]['service_name'] = "neutron server"
            fw_details[key]['chain'] = "INPUT"
            fw_details[key]['ports'] = ['9696']
            fw_details[key]['proto'] = "tcp"
            config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details

            manifest_data += createFirewallResources(
                'FIREWALL_NEUTRON_SERVER_RULES'
            )
            appendManifestFile(manifest_file, manifest_data, 'neutron')

        # We also need to open VXLAN/GRE port for agent
        manifest_data = ""
        if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
            if config['CONFIG_IP_VERSION'] == 'ipv6':
                msg = output_messages.WARN_IPV6_OVS
                messages.append(utils.color_text(msg % host, 'red'))

            if (config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS']):
                tunnel_subnets = map(
                    str.strip,
                    config['CONFIG_NEUTRON_OVS_TUNNEL_SUBNETS'].split(',')
                )
                for subnet in tunnel_subnets:
                    cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s"
                                    % (host, subnet))
                    config[cf_fw_nt_key] = tunnel_fw_details(config,
                                                             host, subnet)
                    manifest_data += createFirewallResources(cf_fw_nt_key)
            else:
                for n_host in network_hosts | compute_hosts:
                    cf_fw_nt_key = ("FIREWALL_NEUTRON_TUNNEL_RULES_%s_%s"
                                    % (host, n_host))
                    if config['CONFIG_NEUTRON_OVS_TUNNEL_IF']:
                        if config['CONFIG_USE_SUBNETS'] == 'y':
                            iface = common.cidr_to_ifname(
                                config['CONFIG_NEUTRON_OVS_TUNNEL_IF'],
                                n_host, config)
                        else:
                            iface = config['CONFIG_NEUTRON_OVS_TUNNEL_IF']
                        ifip = ("ipaddress_%s" % iface)
                        try:
                            src_host = config['HOST_DETAILS'][n_host][ifip]
                        except KeyError:
                            raise KeyError('Couldn\'t detect ipaddress of '
                                           'interface %s on node %s' %
                                           (iface, n_host))
                    else:
                        src_host = n_host
                    config[cf_fw_nt_key] = tunnel_fw_details(config,
                                                             host, src_host)
                    manifest_data += createFirewallResources(cf_fw_nt_key)

            appendManifestFile(manifest_file, manifest_data, 'neutron')