... | ... |
@@ -32,9 +32,16 @@ set +o xtrace |
32 | 32 |
|
33 | 33 |
# Set up default directories |
34 | 34 |
GITDIR["python-novaclient"]=$DEST/python-novaclient |
35 |
+NOVA_DIR=$DEST/nova |
|
35 | 36 |
|
37 |
+# Nova virtual environment |
|
38 |
+if [[ ${USE_VENV} = True ]]; then |
|
39 |
+ PROJECT_VENV["nova"]=${NOVA_DIR}.venv |
|
40 |
+ NOVA_BIN_DIR=${PROJECT_VENV["nova"]}/bin |
|
41 |
+else |
|
42 |
+ NOVA_BIN_DIR=$(get_python_exec_prefix) |
|
43 |
+fi |
|
36 | 44 |
|
37 |
-NOVA_DIR=$DEST/nova |
|
38 | 45 |
NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova} |
39 | 46 |
# INSTANCES_PATH is the previous name for this |
40 | 47 |
NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}} |
... | ... |
@@ -69,16 +76,6 @@ NOVA_SERVICE_PROTOCOL=${NOVA_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} |
69 | 69 |
EC2_SERVICE_PORT=${EC2_SERVICE_PORT:-8773} |
70 | 70 |
EC2_SERVICE_PORT_INT=${EC2_SERVICE_PORT_INT:-18773} |
71 | 71 |
|
72 |
-# Support entry points installation of console scripts |
|
73 |
-if [[ -d $NOVA_DIR/bin ]]; then |
|
74 |
- NOVA_BIN_DIR=$NOVA_DIR/bin |
|
75 |
-else |
|
76 |
- NOVA_BIN_DIR=$(get_python_exec_prefix) |
|
77 |
-fi |
|
78 |
- |
|
79 |
-# Set the paths of certain binaries |
|
80 |
-NOVA_ROOTWRAP=$(get_rootwrap_location nova) |
|
81 |
- |
|
82 | 72 |
# Option to enable/disable config drive |
83 | 73 |
# NOTE: Set FORCE_CONFIG_DRIVE="False" to turn OFF config drive |
84 | 74 |
FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"True"} |
... | ... |
@@ -225,9 +222,11 @@ function cleanup_nova { |
225 | 225 |
#fi |
226 | 226 |
} |
227 | 227 |
|
228 |
+# Deploy new rootwrap filters files and configure sudo |
|
228 | 229 |
# configure_nova_rootwrap() - configure Nova's rootwrap |
229 | 230 |
function configure_nova_rootwrap { |
230 |
- # Deploy new rootwrap filters files (owned by root). |
|
231 |
+ nova_rootwrap=$NOVA_BIN_DIR/nova-rootwrap |
|
232 |
+ |
|
231 | 233 |
# Wipe any existing rootwrap.d files first |
232 | 234 |
if [[ -d $NOVA_CONF_DIR/rootwrap.d ]]; then |
233 | 235 |
sudo rm -rf $NOVA_CONF_DIR/rootwrap.d |
... | ... |
@@ -242,14 +241,21 @@ function configure_nova_rootwrap { |
242 | 242 |
sudo sed -e "s:^filters_path=.*$:filters_path=$NOVA_CONF_DIR/rootwrap.d:" -i $NOVA_CONF_DIR/rootwrap.conf |
243 | 243 |
|
244 | 244 |
# Specify rootwrap.conf as first parameter to nova-rootwrap |
245 |
- local rootwrap_sudoer_cmd="$NOVA_ROOTWRAP $NOVA_CONF_DIR/rootwrap.conf *" |
|
245 |
+ local rootwrap_sudoer_cmd="$nova_rootwrap $NOVA_CONF_DIR/rootwrap.conf *" |
|
246 | 246 |
|
247 | 247 |
# Set up the rootwrap sudoers for nova |
248 | 248 |
local tempfile=`mktemp` |
249 |
- echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudoer_cmd" >$tempfile |
|
249 |
+ echo "Defaults:$STACK_USER secure_path=$NOVA_BIN_DIR:/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >$tempfile |
|
250 |
+ echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudoer_cmd" >>$tempfile |
|
250 | 251 |
chmod 0440 $tempfile |
251 | 252 |
sudo chown root:root $tempfile |
252 | 253 |
sudo mv $tempfile /etc/sudoers.d/nova-rootwrap |
254 |
+ |
|
255 |
+ # So rootwrap and PATH are broken beyond belief. WTF relies on a SECURE operation |
|
256 |
+ # to blindly follow PATH??? We learned that was a bad idea in the 80's! |
|
257 |
+ # So to fix this in a venv, we must exploit the very hole we want to close by dropping |
|
258 |
+ # a copy of the venv rootwrap binary into /usr/local/bin. |
|
259 |
+ #sudo cp -p $nova_rootwrap /usr/local/bin |
|
253 | 260 |
} |
254 | 261 |
|
255 | 262 |
# configure_nova() - Set config files, create data dirs, etc |
... | ... |
@@ -696,6 +702,10 @@ function start_nova_api { |
696 | 696 |
service_protocol="http" |
697 | 697 |
fi |
698 | 698 |
|
699 |
+ # Hack to set the path for rootwrap |
|
700 |
+ local old_path=$PATH |
|
701 |
+ export PATH=$NOVA_BIN_DIR:$PATH |
|
702 |
+ |
|
699 | 703 |
run_process n-api "$NOVA_BIN_DIR/nova-api" |
700 | 704 |
echo "Waiting for nova-api to start..." |
701 | 705 |
if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$SERVICE_HOST:$service_port; then |
... | ... |
@@ -707,10 +717,16 @@ function start_nova_api { |
707 | 707 |
start_tls_proxy '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT & |
708 | 708 |
start_tls_proxy '*' $EC2_SERVICE_PORT $NOVA_SERVICE_HOST $EC2_SERVICE_PORT_INT & |
709 | 709 |
fi |
710 |
+ |
|
711 |
+ export PATH=$old_path |
|
710 | 712 |
} |
711 | 713 |
|
712 | 714 |
# start_nova_compute() - Start the compute process |
713 | 715 |
function start_nova_compute { |
716 |
+ # Hack to set the path for rootwrap |
|
717 |
+ local old_path=$PATH |
|
718 |
+ export PATH=$NOVA_BIN_DIR:$PATH |
|
719 |
+ |
|
714 | 720 |
if is_service_enabled n-cell; then |
715 | 721 |
local compute_cell_conf=$NOVA_CELLS_CONF |
716 | 722 |
else |
... | ... |
@@ -738,10 +754,16 @@ function start_nova_compute { |
738 | 738 |
fi |
739 | 739 |
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" |
740 | 740 |
fi |
741 |
+ |
|
742 |
+ export PATH=$old_path |
|
741 | 743 |
} |
742 | 744 |
|
743 | 745 |
# start_nova() - Start running processes, including screen |
744 | 746 |
function start_nova_rest { |
747 |
+ # Hack to set the path for rootwrap |
|
748 |
+ local old_path=$PATH |
|
749 |
+ export PATH=$NOVA_BIN_DIR:$PATH |
|
750 |
+ |
|
745 | 751 |
local api_cell_conf=$NOVA_CONF |
746 | 752 |
if is_service_enabled n-cell; then |
747 | 753 |
local compute_cell_conf=$NOVA_CELLS_CONF |
... | ... |
@@ -769,6 +791,8 @@ function start_nova_rest { |
769 | 769 |
# Swift will act as s3 objectstore. |
770 | 770 |
is_service_enabled swift3 || \ |
771 | 771 |
run_process n-obj "$NOVA_BIN_DIR/nova-objectstore --config-file $api_cell_conf" |
772 |
+ |
|
773 |
+ export PATH=$old_path |
|
772 | 774 |
} |
773 | 775 |
|
774 | 776 |
function start_nova { |
... | ... |
@@ -21,14 +21,16 @@ DEBUG_LIBVIRT=$(trueorfalse False DEBUG_LIBVIRT) |
21 | 21 |
function install_libvirt { |
22 | 22 |
if is_ubuntu; then |
23 | 23 |
install_package qemu-kvm |
24 |
- install_package libvirt-bin |
|
25 |
- install_package python-libvirt |
|
26 |
- install_package python-guestfs |
|
24 |
+ install_package libvirt-bin libvirt-dev |
|
25 |
+ pip_install libvirt-python |
|
26 |
+ install_package libguestfs0 |
|
27 |
+ #install_package python-guestfs |
|
28 |
+ #pip_install <there-si-no-guestfs-in-pypi> |
|
27 | 29 |
elif is_fedora || is_suse; then |
28 | 30 |
install_package kvm |
29 |
- install_package libvirt |
|
30 |
- install_package libvirt-python |
|
31 |
- install_package python-libguestfs |
|
31 |
+ install_package libvirt libvirt-devel |
|
32 |
+ pip_install libvirt-python |
|
33 |
+ #install_package python-libguestfs |
|
32 | 34 |
fi |
33 | 35 |
|
34 | 36 |
# Restart firewalld after install of libvirt to avoid a problem |