Browse code
Merge remote-tracking branch 'origin/master' into xen
Anthony Young authored on 2011/10/28 09:07:32Showing 6 changed files
- exercise.sh
- files/glance-api.conf
- files/glance-registry.conf
- files/sudo/nova
- stack.sh
- tools/build_kvm.sh
| ... | ... |
@@ -82,11 +82,11 @@ nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP |
| 82 | 82 |
# Waiting for boot |
| 83 | 83 |
# ---------------- |
| 84 | 84 |
|
| 85 |
-# let's give it 10 seconds to launch |
|
| 86 |
-sleep 10 |
|
| 87 |
- |
|
| 88 |
-# check that the status is active |
|
| 89 |
-nova show $NAME | grep status | grep -q ACTIVE |
|
| 85 |
+# check that the status is active within 10 seconds |
|
| 86 |
+if ! timeout 10 sh -c "while ! nova show $NAME | grep status | grep -q ACTIVE; do sleep 1; done"; then |
|
| 87 |
+ echo "server didn't become active!" |
|
| 88 |
+ exit 1 |
|
| 89 |
+fi |
|
| 90 | 90 |
|
| 91 | 91 |
# get the IP of the server |
| 92 | 92 |
IP=`nova show $NAME | grep "private network" | cut -d"|" -f3` |
| ... | ... |
@@ -94,14 +94,13 @@ IP=`nova show $NAME | grep "private network" | cut -d"|" -f3` |
| 94 | 94 |
# for single node deployments, we can ping private ips |
| 95 | 95 |
MULTI_HOST=${MULTI_HOST:-0}
|
| 96 | 96 |
if [ "$MULTI_HOST" = "0" ]; then |
| 97 |
- # ping it once (timeout of a second) |
|
| 98 |
- ping -c1 -w1 $IP || true |
|
| 99 |
- |
|
| 100 | 97 |
# sometimes the first ping fails (10 seconds isn't enough time for the VM's |
| 101 |
- # network to respond?), so let's wait 5 seconds and really test ping |
|
| 102 |
- sleep 5 |
|
| 103 |
- |
|
| 104 |
- ping -c1 -w1 $IP |
|
| 98 |
+ # network to respond?), so let's ping for 15 seconds with a timeout |
|
| 99 |
+ # of a second. |
|
| 100 |
+ if ! timeout 15 sh -c "while ! ping -c1 -w1 $IP; do sleep 1; done"; then |
|
| 101 |
+ echo "Couldn't ping server" |
|
| 102 |
+ exit 1 |
|
| 103 |
+ fi |
|
| 105 | 104 |
fi |
| 106 | 105 |
|
| 107 | 106 |
# Security Groups & Floating IPs |
| ... | ... |
@@ -122,21 +121,19 @@ FLOATING_IP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed |
| 122 | 122 |
# add floating ip to our server |
| 123 | 123 |
nova add-floating-ip $NAME $FLOATING_IP |
| 124 | 124 |
|
| 125 |
-# sleep for a smidge |
|
| 126 |
-sleep 5 |
|
| 127 |
- |
|
| 128 |
-# ping our floating ip |
|
| 129 |
-ping -c1 -w1 $FLOATING_IP |
|
| 125 |
+# test we can ping our floating ip within 10 seconds |
|
| 126 |
+if ! timeout 10 sh -c "while ! ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then |
|
| 127 |
+ echo "Couldn't ping server with floating ip" |
|
| 128 |
+ exit 1 |
|
| 129 |
+fi |
|
| 130 | 130 |
|
| 131 | 131 |
# dis-allow icmp traffic (ping) |
| 132 | 132 |
nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0 |
| 133 | 133 |
|
| 134 |
-# sleep for a smidge |
|
| 135 |
-sleep 5 |
|
| 136 |
- |
|
| 137 |
-# ping our floating ip |
|
| 138 |
-if ( ping -c1 -w1 $FLOATING_IP ); then |
|
| 134 |
+# test we can aren't able to ping our floating ip within 10 seconds |
|
| 135 |
+if ! timeout 10 sh -c "while ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then |
|
| 139 | 136 |
print "Security group failure - ping should not be allowed!" |
| 137 |
+ echo "Couldn't ping server with floating ip" |
|
| 140 | 138 |
exit 1 |
| 141 | 139 |
fi |
| 142 | 140 |
|
| ... | ... |
@@ -27,7 +27,7 @@ registry_port = 9191 |
| 27 | 27 |
log_file = %DEST%/glance/api.log |
| 28 | 28 |
|
| 29 | 29 |
# Send logs to syslog (/dev/log) instead of to file specified by `log_file` |
| 30 |
-use_syslog = False |
|
| 30 |
+use_syslog = %SYSLOG% |
|
| 31 | 31 |
|
| 32 | 32 |
# ============ Notification System Options ===================== |
| 33 | 33 |
|
| ... | ... |
@@ -19,7 +19,7 @@ log_file = %DEST%/glance/registry.log |
| 19 | 19 |
filesystem_store_datadir = %DEST%/glance/images |
| 20 | 20 |
|
| 21 | 21 |
# Send logs to syslog (/dev/log) instead of to file specified by `log_file` |
| 22 |
-use_syslog = False |
|
| 22 |
+use_syslog = %SYSLOG% |
|
| 23 | 23 |
|
| 24 | 24 |
# SQLAlchemy connection string for the reference implementation |
| 25 | 25 |
# registry server. Any valid SQLAlchemy connection string is fine. |
| ... | ... |
@@ -1 +1,47 @@ |
| 1 |
-socat |
|
| 1 |
+Cmnd_Alias NOVACMDS = /bin/chmod /var/lib/nova/tmp/*/root/.ssh, \ |
|
| 2 |
+ /bin/chown /var/lib/nova/tmp/*/root/.ssh, \ |
|
| 3 |
+ /bin/chown, \ |
|
| 4 |
+ /bin/chmod, \ |
|
| 5 |
+ /bin/dd, \ |
|
| 6 |
+ /sbin/ifconfig, \ |
|
| 7 |
+ /sbin/ip, \ |
|
| 8 |
+ /sbin/route, \ |
|
| 9 |
+ /sbin/iptables, \ |
|
| 10 |
+ /sbin/iptables-save, \ |
|
| 11 |
+ /sbin/iptables-restore, \ |
|
| 12 |
+ /sbin/ip6tables-save, \ |
|
| 13 |
+ /sbin/ip6tables-restore, \ |
|
| 14 |
+ /sbin/kpartx, \ |
|
| 15 |
+ /sbin/losetup, \ |
|
| 16 |
+ /sbin/lvcreate, \ |
|
| 17 |
+ /sbin/lvdisplay, \ |
|
| 18 |
+ /sbin/lvremove, \ |
|
| 19 |
+ /bin/mkdir, \ |
|
| 20 |
+ /bin/mount, \ |
|
| 21 |
+ /sbin/pvcreate, \ |
|
| 22 |
+ /usr/bin/tee, \ |
|
| 23 |
+ /sbin/tune2fs, \ |
|
| 24 |
+ /bin/umount, \ |
|
| 25 |
+ /sbin/vgcreate, \ |
|
| 26 |
+ /usr/bin/virsh, \ |
|
| 27 |
+ /usr/bin/qemu-nbd, \ |
|
| 28 |
+ /usr/sbin/brctl, \ |
|
| 29 |
+ /sbin/brctl, \ |
|
| 30 |
+ /usr/sbin/radvd, \ |
|
| 31 |
+ /usr/sbin/vblade-persist, \ |
|
| 32 |
+ /sbin/pvcreate, \ |
|
| 33 |
+ /sbin/aoe-discover, \ |
|
| 34 |
+ /sbin/vgcreate, \ |
|
| 35 |
+ /bin/aoe-stat, \ |
|
| 36 |
+ /bin/kill, \ |
|
| 37 |
+ /sbin/vconfig, \ |
|
| 38 |
+ /usr/sbin/ietadm, \ |
|
| 39 |
+ /sbin/vgs, \ |
|
| 40 |
+ /sbin/iscsiadm, \ |
|
| 41 |
+ /usr/bin/socat, \ |
|
| 42 |
+ /sbin/parted, \ |
|
| 43 |
+ /usr/sbin/dnsmasq, \ |
|
| 44 |
+ /usr/bin/arping |
|
| 45 |
+ |
|
| 46 |
+%USER% ALL = (root) NOPASSWD: SETENV: NOVACMDS |
|
| 47 |
+ |
| ... | ... |
@@ -78,6 +78,9 @@ source ./stackrc |
| 78 | 78 |
# Destination path for installation ``DEST`` |
| 79 | 79 |
DEST=${DEST:-/opt/stack}
|
| 80 | 80 |
|
| 81 |
+# Configure services to syslog instead of writing to individual log files |
|
| 82 |
+SYSLOG=${SYSLOG:-False}
|
|
| 83 |
+ |
|
| 81 | 84 |
# OpenStack is designed to be run as a regular user (Dashboard will fail to run |
| 82 | 85 |
# as root, since apache refused to startup serve content from root user). If |
| 83 | 86 |
# stack.sh is run as root, it automatically creates a stack user with |
| ... | ... |
@@ -116,6 +119,15 @@ if [[ $EUID -eq 0 ]]; then |
| 116 | 116 |
exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack |
| 117 | 117 |
fi |
| 118 | 118 |
exit 1 |
| 119 |
+else |
|
| 120 |
+ # Our user needs passwordless priviledges for certain commands which nova |
|
| 121 |
+ # uses internally. |
|
| 122 |
+ # Natty uec images sudoers does not have a '#includedir'. add one. |
|
| 123 |
+ sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers || |
|
| 124 |
+ echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers |
|
| 125 |
+ sudo cp $FILES/sudo/nova /etc/sudoers.d/stack_sh_nova |
|
| 126 |
+ sudo sed -e "s,%USER%,$USER,g" -i /etc/sudoers.d/stack_sh_nova |
|
| 127 |
+ sudo chmod 0440 /etc/sudoers.d/stack_sh_nova |
|
| 119 | 128 |
fi |
| 120 | 129 |
|
| 121 | 130 |
# Set the destination directories for openstack projects |
| ... | ... |
@@ -199,7 +211,7 @@ function read_password {
|
| 199 | 199 |
PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-eth0}
|
| 200 | 200 |
FIXED_RANGE=${FIXED_RANGE:-10.0.0.0/24}
|
| 201 | 201 |
FIXED_NETWORK_SIZE=${FIXED_NETWORK_SIZE:-256}
|
| 202 |
-FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.1/28}
|
|
| 202 |
+FLOATING_RANGE=${FLOATING_RANGE:-172.24.4.224/28}
|
|
| 203 | 203 |
NET_MAN=${NET_MAN:-FlatDHCPManager}
|
| 204 | 204 |
EC2_DMZ_HOST=${EC2_DMZ_HOST:-$HOST_IP}
|
| 205 | 205 |
FLAT_NETWORK_BRIDGE=${FLAT_NETWORK_BRIDGE:-br100}
|
| ... | ... |
@@ -365,8 +377,6 @@ cd $DASH_DIR/openstack-dashboard; sudo python setup.py develop |
| 365 | 365 |
# it since we are going to run the services in screen for simple |
| 366 | 366 |
cp $FILES/screenrc ~/.screenrc |
| 367 | 367 |
|
| 368 |
-## TODO: update current user to allow sudo for all commands in files/sudo/* |
|
| 369 |
- |
|
| 370 | 368 |
# Rabbit |
| 371 | 369 |
# --------- |
| 372 | 370 |
|
| ... | ... |
@@ -472,11 +482,13 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then |
| 472 | 472 |
sudo sed -e "s,%SQL_CONN%,$BASE_SQL_CONN/glance,g" -i $GLANCE_CONF |
| 473 | 473 |
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $GLANCE_CONF |
| 474 | 474 |
sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_CONF |
| 475 |
+ sudo sed -e "s,%SYSLOG%,$SYSLOG,g" -i $GLANCE_CONF |
|
| 475 | 476 |
|
| 476 | 477 |
GLANCE_API_CONF=$GLANCE_DIR/etc/glance-api.conf |
| 477 | 478 |
cp $FILES/glance-api.conf $GLANCE_API_CONF |
| 478 | 479 |
sudo sed -e "s,%DEST%,$DEST,g" -i $GLANCE_API_CONF |
| 479 | 480 |
sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $GLANCE_API_CONF |
| 481 |
+ sudo sed -e "s,%SYSLOG%,$SYSLOG,g" -i $GLANCE_API_CONF |
|
| 480 | 482 |
fi |
| 481 | 483 |
|
| 482 | 484 |
# Nova |
| ... | ... |
@@ -617,6 +629,9 @@ if [ -n "$MULTI_HOST" ]; then |
| 617 | 617 |
add_nova_flag "--multi_host=$MULTI_HOST" |
| 618 | 618 |
add_nova_flag "--send_arp_for_ha=1" |
| 619 | 619 |
fi |
| 620 |
+if [ "$SYSLOG" != "False" ]; then |
|
| 621 |
+ add_nova_flag "--use_syslog=1" |
|
| 622 |
+fi |
|
| 620 | 623 |
|
| 621 | 624 |
# XenServer |
| 622 | 625 |
# --------- |
| ... | ... |
@@ -341,7 +341,14 @@ chroot $ROOTFS chown -R stack $DEST |
| 341 | 341 |
# Change boot params so that we get a console log |
| 342 | 342 |
sudo sed -e "s/quiet splash/splash console=ttyS0 console=ttyS1,19200n8/g" -i $ROOTFS/boot/grub/menu.lst |
| 343 | 343 |
sudo sed -e "s/^hiddenmenu//g" -i $ROOTFS/boot/grub/menu.lst |
| 344 |
-#chroot $ROOTFS grub-install /dev/vda |
|
| 344 |
+ |
|
| 345 |
+# Set the hostname |
|
| 346 |
+echo $GUEST_NAME > $ROOTFS/etc/hostname |
|
| 347 |
+ |
|
| 348 |
+# We need the hostname to resolve for rabbit to launch |
|
| 349 |
+if ! grep -q $GUEST_NAME $ROOTFS/etc/hosts; then |
|
| 350 |
+ echo "$GUEST_IP $GUEST_NAME" >> $ROOTFS/etc/hosts |
|
| 351 |
+fi |
|
| 345 | 352 |
|
| 346 | 353 |
# Unmount |
| 347 | 354 |
umount $ROOTFS || echo 'ok' |