deleted file mode 100644

@@ -1,42 +0,0 @@

-Tool to quickly deploy openstack dev environments.

-

-# Goals

-

-* To quickly build dev openstack environments in clean natty environments

-* To describe working configurations of openstack (which code branches work together?  what do config files look like for those branches?)

-* To make it easier for developers to dive into openstack so that they can productively contribute without having to understand every part of the system at once

-* To make it easy to prototype cross-project features

-

-Be sure to carefully read these scripts before you run them as they install software and may alter your networking configuration.

-

-# To start a dev cloud on your local machine (installing on a dedicated vm is safer!):

-

-    ./stack.sh

-

-If working correctly, you should be able to access openstack endpoints, like:

-

-* Dashboard: http://myhost/

-* Keystone: http://myhost:5000/v2.0/

-

-# To start a dev cloud in an lxc container:

-

-    ./build_lxc.sh

-

-You will need to configure a bridge and network on your host machine (by default br0) before starting build_lxc.sh.  A sample host-only network configuration can be found in lxc_network_hostonlyplusnat.sh.

-

-# Customizing

-

-You can tweak environment variables by creating file name 'localrc' should you need to override defaults.  It is likely that you will need to do this to tweak your networking configuration should you need to access your cloud from a different host.

-

-# Todo

-

-* Add python-novaclient cli support

-* syslog

-* allow rabbit connection to be specified via environment variables with sensible defaults

-* Add volume support

-* Add quantum support

-

-# Future

-

-* idea: move from screen to tmux?

-* idea: create a live-cd / vmware preview image using this?

new file mode 100644

@@ -0,0 +1,43 @@

+Tool to quickly deploy openstack dev environments.

+

+# Goals

+

+* To quickly build dev openstack environments in clean natty environments

+* To describe working configurations of openstack (which code branches work together?  what do config files look like for those branches?)

+* To make it easier for developers to dive into openstack so that they can productively contribute without having to understand every part of the system at once

+* To make it easy to prototype cross-project features

+

+Read more at http://devstack.org (built from the gh-pages branch)

+

+Be sure to carefully read these scripts before you run them as they install software and may alter your networking configuration.

+

+# To start a dev cloud on your local machine (installing on a dedicated vm is safer!):

+

+    ./stack.sh

+

+If working correctly, you should be able to access openstack endpoints, like:

+

+* Dashboard: http://myhost/

+* Keystone: http://myhost:5000/v2.0/

+

+# To start a dev cloud in an lxc container:

+

+    ./build_lxc.sh

+

+You will need to configure a bridge and network on your host machine (by default br0) before starting build_lxc.sh.  A sample host-only network configuration can be found in lxc_network_hostonlyplusnat.sh.

+

+# Customizing

+

+You can tweak environment variables by creating file name 'localrc' should you need to override defaults.  It is likely that you will need to do this to tweak your networking configuration should you need to access your cloud from a different host.

+

+# Todo

+

+* Add python-novaclient cli support

+* syslog

+* Add volume support

+* Add quantum support

+

+# Future

+

+* idea: move from screen to tmux?

+* idea: create a live-cd / vmware preview image using this?

deleted file mode 100755

@@ -1,251 +0,0 @@

-#!/usr/bin/env bash

-

-# Sanity check

-if [ "$EUID" -ne "0" ]; then

-  echo "This script must be run with root privileges."

-  exit 1

-fi

-

-# Warn users who aren't on natty

-if ! grep -q natty /etc/lsb-release; then

-    echo "WARNING: this script has only been tested on natty"

-fi

-

-# Source params

-source ./stackrc

-

-# Store cwd

-CWD=`pwd`

-

-# Configurable params

-BRIDGE=${BRIDGE:-br0}

-CONTAINER=${CONTAINER:-STACK}

-CONTAINER_IP=${CONTAINER_IP:-192.168.1.50}

-CONTAINER_CIDR=${CONTAINER_CIDR:-$CONTAINER_IP/24}

-CONTAINER_NETMASK=${CONTAINER_NETMASK:-255.255.255.0}

-CONTAINER_GATEWAY=${CONTAINER_GATEWAY:-192.168.1.1}

-NAMESERVER=${NAMESERVER:-$CONTAINER_GATEWAY}

-COPYENV=${COPYENV:-1}

-DEST=${DEST:-/opt/stack}

-

-# Param string to pass to stack.sh.  Like "EC2_DMZ_HOST=192.168.1.1 MYSQL_USER=nova"

-STACKSH_PARAMS=${STACKSH_PARAMS:-}

-

-# Option to use the version of devstack on which we are currently working

-USE_CURRENT_DEVSTACK=${USE_CURRENT_DEVSTACK:-1}

-

-

-# Install deps

-apt-get install -y lxc debootstrap

-

-# Install cgroup-bin from source, since the packaging is buggy and possibly incompatible with our setup

-if ! which cgdelete | grep -q cgdelete; then

-    apt-get install -y g++ bison flex libpam0g-dev make

-    wget http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download -O /tmp/libcgroup-0.37.1.tar.bz2

-    cd /tmp && bunzip2 libcgroup-0.37.1.tar.bz2  && tar xfv libcgroup-0.37.1.tar

-    cd libcgroup-0.37.1

-    ./configure

-    make install

-    ldconfig

-fi

-

-# Create lxc configuration

-LXC_CONF=/tmp/$CONTAINER.conf

-cat > $LXC_CONF <<EOF

-lxc.network.type = veth

-lxc.network.link = $BRIDGE

-lxc.network.flags = up

-lxc.network.ipv4 = $CONTAINER_CIDR

-# allow tap/tun devices

-lxc.cgroup.devices.allow = c 10:200 rwm

-EOF

-

-# Shutdown any existing container

-lxc-stop -n $CONTAINER

-

-# This kills zombie containers

-if [ -d /cgroup/$CONTAINER ]; then

-    cgdelete -r cpu,net_cls:$CONTAINER

-fi

-

-# git clone only if directory doesn't exist already.  Since ``DEST`` might not

-# be owned by the installation user, we create the directory and change the

-# ownership to the proper user.

-function git_clone {

-    if [ ! -d $2 ]; then

-        sudo mkdir $2

-        sudo chown `whoami` $2

-        git clone $1 $2

-        cd $2

-        # This checkout syntax works for both branches and tags

-        git checkout $3

-    fi

-}

-

-# Location of the base image directory

-CACHEDIR=/var/cache/lxc/natty/rootfs-amd64

-

-# Provide option to do totally clean install

-if [ "$CLEAR_LXC_CACHE" = "1" ]; then

-    rm -rf $CACHEDIR

-fi

-

-# Warm the base image on first install

-if [ ! -f $CACHEDIR/bootstrapped ]; then

-    # by deleting the container, we force lxc-create to re-bootstrap (lxc is

-    # lazy and doesn't do anything if a container already exists)

-    lxc-destroy -n $CONTAINER

-    # trigger the initial debootstrap

-    lxc-create -n $CONTAINER -t natty -f $LXC_CONF

-    chroot $CACHEDIR apt-get update

-    chroot $CACHEDIR apt-get install -y --force-yes `cat files/apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"`

-    chroot $CACHEDIR pip install `cat files/pips/*`

-    touch $CACHEDIR/bootstrapped

-fi

-

-# Clean out code repos if directed to do so

-if [ "$CLEAN" = "1" ]; then

-    rm -rf $CACHEDIR/$DEST

-fi

-

-# Cache openstack code

-mkdir -p $CACHEDIR/$DEST

-git_clone $NOVA_REPO $CACHEDIR/$DEST/nova $NOVA_BRANCH

-git_clone $GLANCE_REPO $CACHEDIR/$DEST/glance $GLANCE_BRANCH

-git_clone $KEYSTONE_REPO $CACHEDIR/$DESTkeystone $KEYSTONE_BRANCH

-git_clone $NOVNC_REPO $CACHEDIR/$DEST/novnc $NOVNC_BRANCH

-git_clone $DASH_REPO $CACHEDIR/$DEST/dash $DASH_BRANCH $DASH_TAG

-git_clone $NOVACLIENT_REPO $CACHEDIR/$DEST/python-novaclient $NOVACLIENT_BRANCH

-git_clone $OPENSTACKX_REPO $CACHEDIR/$DEST/openstackx $OPENSTACKX_BRANCH

-

-# Use this version of devstack?

-if [ "$USE_CURRENT_DEVSTACK" = "1" ]; then

-    rm -rf $CACHEDIR/$DEST/devstack

-    cp -pr $CWD $CACHEDIR/$DEST/devstack

-fi

-

-# Destroy the old container

-lxc-destroy -n $CONTAINER

-

-# If this call is to TERMINATE the container then exit

-if [ "$TERMINATE" = "1" ]; then

-    exit

-fi

-

-# Create the container

-lxc-create -n $CONTAINER -t natty -f $LXC_CONF

-

-# Specify where our container rootfs lives

-ROOTFS=/var/lib/lxc/$CONTAINER/rootfs/

-

-# Create a stack user that is a member of the libvirtd group so that stack

-# is able to interact with libvirt.

-chroot $ROOTFS groupadd libvirtd

-chroot $ROOTFS useradd stack -s /bin/bash -d $DEST -G libvirtd

-

-# a simple password - pass

-echo stack:pass | chroot $ROOTFS chpasswd

-

-# and has sudo ability (in the future this should be limited to only what

-# stack requires)

-echo "stack ALL=(ALL) NOPASSWD: ALL" >> $ROOTFS/etc/sudoers

-

-# Copy kernel modules

-mkdir -p $ROOTFS/lib/modules/`uname -r`/kernel

-cp -p /lib/modules/`uname -r`/modules.dep $ROOTFS/lib/modules/`uname -r`/

-cp -pR /lib/modules/`uname -r`/kernel/net $ROOTFS/lib/modules/`uname -r`/kernel/

-

-# Gracefully cp only if source file/dir exists

-function cp_it {

-    if [ -e $1 ] || [ -d $1 ]; then

-        cp -pRL $1 $2

-    fi

-}

-

-# Copy over your ssh keys and env if desired

-if [ "$COPYENV" = "1" ]; then

-    cp_it ~/.ssh $ROOTFS/$DEST/.ssh

-    cp_it ~/.ssh/id_rsa.pub $ROOTFS/$DEST/.ssh/authorized_keys

-    cp_it ~/.gitconfig $ROOTFS/$DEST/.gitconfig

-    cp_it ~/.vimrc $ROOTFS/$DEST/.vimrc

-    cp_it ~/.bashrc $ROOTFS/$DEST/.bashrc

-fi

-

-# Make our ip address hostnames look nice at the command prompt

-echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $ROOTFS/$DEST/.bashrc

-echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $ROOTFS/etc/profile

-

-# Give stack ownership over $DEST so it may do the work needed

-chroot $ROOTFS chown -R stack $DEST

-

-# Configure instance network

-INTERFACES=$ROOTFS/etc/network/interfaces

-cat > $INTERFACES <<EOF

-auto lo

-iface lo inet loopback

-

-auto eth0

-iface eth0 inet static

-        address $CONTAINER_IP

-        netmask $CONTAINER_NETMASK

-        gateway $CONTAINER_GATEWAY

-EOF

-

-# Configure the runner

-RUN_SH=$ROOTFS/$DEST/run.sh

-cat > $RUN_SH <<EOF

-#!/usr/bin/env bash

-# Make sure dns is set up

-echo "nameserver $NAMESERVER" | sudo resolvconf -a eth0

-sleep 1

-

-# Kill any existing screens

-killall screen

-

-# Install and run stack.sh

-sudo apt-get update

-sudo apt-get -y --force-yes install git-core vim-nox sudo

-if [ ! -d "$DEST/devstack" ]; then

-    git clone git://github.com/cloudbuilders/devstack.git $DEST/devstack

-fi

-cd $DEST/devstack && $STACKSH_PARAMS ./stack.sh > /$DEST/run.sh.log

-echo >> /$DEST/run.sh.log

-echo >> /$DEST/run.sh.log

-echo "All done! Time to start clicking." >> /$DEST/run.sh.log

-EOF

-

-# Make the run.sh executable

-chmod 755 $RUN_SH

-

-# Make runner launch on boot

-RC_LOCAL=$ROOTFS/etc/rc.local

-cat > $RC_LOCAL <<EOF

-#!/bin/sh -e

-su -c "$DEST/run.sh" stack

-EOF

-

-# Configure cgroup directory

-if ! mount | grep -q cgroup; then

-    mkdir -p /cgroup

-    mount none -t cgroup /cgroup

-fi

-

-# Start our container

-lxc-start -d -n $CONTAINER

-

-# Done creating the container, let's tail the log

-echo

-echo "============================================================="

-echo "                          -- YAY! --"

-echo "============================================================="

-echo

-echo "We're done creating the container, about to start tailing the"

-echo "stack.sh log. It will take a second or two to start."

-echo

-echo "Just CTRL-C at any time to stop tailing."

-

-while [ ! -e "$ROOTFS/$DEST/run.sh.log" ]; do

-  sleep 1

-done

-

-tail -F $ROOTFS/$DEST/run.sh.log

deleted file mode 100755

@@ -1,39 +0,0 @@

-#!/usr/bin/env bash

-# Head node host, which runs glance, api, keystone

-HEAD_HOST=${HEAD_HOST:-192.168.1.52}

-COMPUTE_HOSTS=${COMPUTE_HOSTS:-192.168.1.53,192.168.1.54}

-

-# Networking params

-NAMESERVER=${NAMESERVER:-192.168.1.1}

-GATEWAY=${GATEWAY:-192.168.1.1}

-NETMASK=${NETMASK:-255.255.255.0}

-FLOATING_RANGE=${FLOATING_RANGE:-192.168.1.196/30}

-

-# Setting this to 1 shuts down and destroys our containers without relaunching.

-TERMINATE=${TERMINATE:-0}

-

-# Variables common amongst all hosts in the cluster

-COMMON_VARS="MYSQL_HOST=$HEAD_HOST RABBIT_HOST=$HEAD_HOST GLANCE_HOSTPORT=$HEAD_HOST:9292 NET_MAN=FlatDHCPManager FLAT_INTERFACE=eth0 FLOATING_RANGE=$FLOATING_RANGE MULTI_HOST=1"

-

-# Helper to launch containers

-function run_lxc {

-    # For some reason container names with periods can cause issues :/

-    CONTAINER=$1 CONTAINER_IP=$2 CONTAINER_NETMASK=$NETMASK CONTAINER_GATEWAY=$GATEWAY NAMESERVER=$NAMESERVER TERMINATE=$TERMINATE STACKSH_PARAMS="$COMMON_VARS $3" ./build_lxc.sh

-}

-

-# Launch the head node - headnode uses a non-ip domain name,

-# because rabbit won't launch with an ip addr hostname :(

-run_lxc STACKMASTER $HEAD_HOST "ENABLED_SERVICES=g-api,g-reg,key,n-api,n-sch,n-vnc,dash,mysql,rabbit"

-

-# Wait till the head node is up

-if [ ! "$TERMINATE" = "1" ]; then

-    while ! wget -q -O- http://$HEAD_HOST | grep -q username; do

-        echo "Waiting for head node ($HEAD_HOST) to start..."

-        sleep 5

-    done

-fi

-

-# Launch the compute hosts

-for compute_host in ${COMPUTE_HOSTS//,/ }; do

-    run_lxc $compute_host $compute_host "ENABLED_SERVICES=n-cpu,n-net,n-api"

-done

@@ -52,10 +52,17 @@ export NOVA_VERSION=1.1

 # FIXME - why does this need to be specified?

 export NOVA_REGION_NAME=RegionOne

+# set log level to DEBUG (helps debug issues)

+export NOVACLIENT_DEBUG=1

 # Get a token for clients that don't support service catalog

 # ==========================================================

-SERVICE_TOKEN=`curl -s -d  "{\"auth\":{\"passwordCredentials\": {\"username\": \"$NOVA_PROJECT_ID\", \"password\": \"$NOVA_API_KEY\"}}}" -H "Content-type: application/json" http://$HOST:5000/v2.0/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"`

+

+# manually create a token by querying keystone (sending JSON data).  Keystone 

+# returns a token and catalog of endpoints.  We use python to parse the token

+# and save it.

+

+TOKEN=`curl -s -d  "{\"auth\":{\"passwordCredentials\": {\"username\": \"$NOVA_USERNAME\", \"password\": \"$NOVA_API_KEY\"}}}" -H "Content-type: application/json" http://$HOST:5000/v2.0/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"`

 # Launching a server

 # ==================

@@ -63,9 +70,6 @@ SERVICE_TOKEN=`curl -s -d  "{\"auth\":{\"passwordCredentials\": {\"username\": \

 # List servers for tenant:

 nova list

-# List of flavors:

-nova flavor-list

-

 # Images

 # ------

@@ -73,10 +77,46 @@ nova flavor-list

 nova image-list

 # But we recommend using glance directly

-glance -A $SERVICE_TOKEN index

+glance -A $TOKEN index

+

+# Let's grab the id of the first AMI image to launch

+IMAGE=`glance -A $TOKEN index | egrep ami | cut -d" " -f1`

+

+

+# Flavors

+# -------

+

+# List of flavors:

+nova flavor-list

+

+# and grab the first flavor in the list to launch

+FLAVOR=`nova flavor-list | head -n 4 | tail -n 1 | cut -d"|" -f2`

+

+NAME="firstpost"

+

+nova boot --flavor $FLAVOR --image $IMAGE $NAME

+

+# let's give it 10 seconds to launch

+sleep 10

+

+# check that the status is active

+nova show $NAME | grep status | grep -q ACTIVE

+

+# get the IP of the server

+IP=`nova show $NAME | grep "private network" | cut -d"|" -f3`

+

+# ping it once (timeout of a second)

+ping -c1 -w1 $IP || true

+

+# sometimes the first ping fails (10 seconds isn't enough time for the VM's 

+# network to respond?), so let's wait 5 seconds and really test ping

+sleep 5

+

+ping -c1 -w1 $IP 

+

+# shutdown the server

+nova delete $NAME

+

+# FIXME: validate shutdown within 5 seconds 

+# (nova show $NAME returns 1 or status != ACTIVE)?

-# show details of the active servers::

-#

-#     nova show 1234

-#

-nova list | grep ACTIVE | cut -d \| -f2 | xargs -n1 nova show

deleted file mode 100755

@@ -1,93 +0,0 @@

-#!/bin/bash

-

-# Print some usage info

-function usage {

-  echo "Usage: $0 [OPTION] [host_ip]"

-  echo "Set up temporary networking for LXC"

-  echo ""

-  echo "  -n, --dry-run            Just print the commands that would execute."

-  echo "  -h, --help               Print this usage message."

-  echo ""

-  exit

-}

-

-# Allow passing the ip address on the command line.

-function process_option {

-  case "$1" in

-    -h|--help) usage;;

-    -n|--dry-run) dry_run=1;;

-    *) host_ip="$1"

-  esac

-}

-

-# Set up some defaults

-host_ip=

-dry_run=0

-bridge=br0

-DRIER=

-

-# Process the args

-for arg in "$@"; do

-  process_option $arg

-done

-

-if [ $dry_run ]; then

-  DRIER=echo

-fi

-

-if [ "$UID" -ne "0" ]; then

-  echo "This script must be run with root privileges."

-  exit 1

-fi

-

-# Check for bridge-utils.

-BRCTL=`which brctl`

-if [ ! -x "$BRCTL" ]; then

-  echo "This script requires you to install bridge-utils."

-  echo "Try: sudo apt-get install bridge-utils."

-  exit 1

-fi

-

-# Scare off the nubs.

-echo "====================================================="

-echo

-echo "WARNING"

-echo

-echo "This script will modify your current network setup,"

-echo "this can be a scary thing and it is recommended that"

-echo "you have something equivalent to physical access to"

-echo "this machine before continuing in case your network"

-echo "gets all funky."

-echo

-echo "If you don't want to continue, hit CTRL-C now."

-

-if [ -z "$host_ip" ];

-then

-  echo "Otherwise, please type in your host's ip address and"

-  echo "hit enter."

-  echo

-  echo "====================================================="

-  read host_ip

-else

-  echo "Otherwise hit enter."

-  echo

-  echo "====================================================="

-  read accept

-fi

-

-

-# Add a bridge interface, this will choke if there is already

-# a bridge named $bridge

-$DRIER $BRCTL addbr $bridge

-$DRIER ip addr add 192.168.1.1/24 dev $bridge

-if [ $dry_run ]; then

-  echo "echo 1 > /proc/sys/net/ipv4/ip_forward"

-else

-  echo 1 > /proc/sys/net/ipv4/ip_forward

-fi

-$DRIER ifconfig $bridge up

-

-# Set up the NAT for the instances

-$DRIER iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source $host_ip

-$DRIER iptables -I FORWARD -s 192.168.1.0/24 -j ACCEPT

-

@@ -20,9 +20,6 @@

 # Sanity Check

 # ============

-# Record the start time.  This allows us to print how long this script takes to run.

-START_TIME=`python -c "import time; print time.time()"`

-

 # Warn users who aren't on natty, but allow them to override check and attempt

 # installation with ``FORCE=yes ./stack``

 if ! grep -q natty /etc/lsb-release; then

@@ -43,6 +40,9 @@ if [ ! -d $FILES ]; then

     exit 1

 fi

+# Keep track of the current devstack directory.

+TOP_DIR=$(cd $(dirname "$0") && pwd)

+

 # OpenStack is designed to be run as a regular user (Dashboard will fail to run

 # as root, since apache refused to startup serve content from root user).  If

 # stack.sh is run as root, it automatically creates a stack user with

@@ -50,40 +50,38 @@ fi

 if [[ $EUID -eq 0 ]]; then

     echo "You are running this script as root."

+    echo "In 10 seconds, we will create a user 'stack' and run as that user"

+    sleep 10 

     # since this script runs as a normal user, we need to give that user

     # ability to run sudo

     apt-get update

-    apt-get install -qqy sudo

+    apt-get install -y sudo

-    if ! getent passwd | grep -q stack; then

+    if ! getent passwd stack >/dev/null; then

         echo "Creating a user called stack"

         useradd -U -G sudo -s /bin/bash -m stack

     fi

+

     echo "Giving stack user passwordless sudo priviledges"

-    echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

+    # natty uec images sudoers does not have a '#includedir'. add one.

+    grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||

+        echo "#includedir /etc/sudoers.d" >> /etc/sudoers

+    ( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \

+        > /etc/sudoers.d/50_stack_sh )

     echo "Copying files to stack user"

-    cp -r -f `pwd` /home/stack/

-    THIS_DIR=$(basename $(dirname $(readlink -f $0)))

-    chown -R stack /home/stack/$THIS_DIR

-    echo "Running the script as stack in 3 seconds..."

-    sleep 3

+    STACK_DIR="/home/stack/${PWD##*/}"

+    cp -r -f "$PWD" "$STACK_DIR"

+    chown -R stack "$STACK_DIR"

     if [[ "$SHELL_AFTER_RUN" != "no" ]]; then

-	exec su -c "cd /home/stack/$THIS_DIR/; bash stack.sh; bash" stack

+        exec su -c "set -e; cd $STACK_DIR; bash stack.sh; bash" stack

     else

-	exec su -c "cd /home/stack/$THIS_DIR/; bash stack.sh" stack

+        exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack

     fi

-    exit 0

+    exit 1

 fi

-# So that errors don't compound we exit on any errors so you see only the

-# first error that occured.

-set -o errexit

-

-# Print the commands being run so that we can see the command that triggers

-# an error.  It is also useful for following allowing as the install occurs.

-set -o xtrace

 # Settings

 # ========

@@ -91,14 +89,14 @@ set -o xtrace

 # This script is customizable through setting environment variables.  If you

 # want to override a setting you can either::

 #

-#     export MYSQL_PASS=anothersecret

+#     export MYSQL_PASSWORD=anothersecret

 #     ./stack.sh

 #

-# You can also pass options on a single line ``MYSQL_PASS=simple ./stack.sh``

+# You can also pass options on a single line ``MYSQL_PASSWORD=simple ./stack.sh``

 #

 # Additionally, you can put any local variables into a ``localrc`` file, like::

 #

-#     MYSQL_PASS=anothersecret

+#     MYSQL_PASSWORD=anothersecret

 #     MYSQL_USER=hellaroot

 #

 # We try to have sensible defaults, so you should be able to run ``./stack.sh``

@@ -111,14 +109,12 @@ set -o xtrace

 #

 # If ``localrc`` exists, then ``stackrc`` will load those settings.  This is 

 # useful for changing a branch or repostiory to test other versions.  Also you

-# can store your other settings like **MYSQL_PASS** or **ADMIN_PASSWORD** instead

+# can store your other settings like **MYSQL_PASSWORD** or **ADMIN_PASSWORD** instead

 # of letting devstack generate random ones for you.

 source ./stackrc

 # Destination path for installation ``DEST``

 DEST=${DEST:-/opt/stack}

-sudo mkdir -p $DEST

-sudo chown `whoami` $DEST

 # Set the destination directories for openstack projects

 NOVA_DIR=$DEST/nova

@@ -146,6 +142,43 @@ if [ ! -n "$HOST_IP" ]; then

     HOST_IP=`LC_ALL=C /sbin/ifconfig  | grep -m 1 'inet addr:'| cut -d: -f2 | awk '{print $1}'`

 fi

+# Generic helper to configure passwords

+function read_password {

+    set +o xtrace

+    var=$1; msg=$2

+    pw=${!var}

+

+    localrc=$TOP_DIR/localrc

+

+    # If the password is not defined yet, proceed to prompt user for a password.

+    if [ ! $pw ]; then

+        # If there is no localrc file, create one

+        if [ ! -e $localrc ]; then

+            touch $localrc

+        fi

+

+        # Presumably if we got this far it can only be that our localrc is missing 

+        # the required password.  Prompt user for a password and write to localrc.

+        echo ''

+        echo '################################################################################'

+        echo $msg

+        echo '################################################################################'

+        echo "This value will be written to your localrc file so you don't have to enter it again."

+        echo "It is probably best to avoid spaces and weird characters."

+        echo "If you leave this blank, a random default value will be used."

+        echo "Enter a password now:"

+        read $var

+        pw=${!var}

+        if [ ! $pw ]; then

+            pw=`openssl rand -hex 10`

+        fi

+        eval "$var=$pw"

+        echo "$var=$pw" >> $localrc

+    fi

+    set -o xtrace

+}

+

+

 # Nova Network Configuration

 # --------------------------

@@ -194,32 +227,51 @@ FLAT_INTERFACE=${FLAT_INTERFACE:-eth0}

 # By default this script will install and configure MySQL.  If you want to 

 # use an existing server, you can pass in the user/password/host parameters.

-# You will need to send the same ``MYSQL_PASS`` to every host if you are doing

+# You will need to send the same ``MYSQL_PASSWORD`` to every host if you are doing

 # a multi-node devstack installation.

 MYSQL_USER=${MYSQL_USER:-root}

-MYSQL_PASS=${MYSQL_PASS:-`openssl rand -hex 12`}

+read_password MYSQL_PASSWORD "ENTER A PASSWORD TO USE FOR MYSQL."

 MYSQL_HOST=${MYSQL_HOST:-localhost}

 # don't specify /db in this string, so we can use it for multiple services

-BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASS@$MYSQL_HOST}

+BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASSWORD@$MYSQL_HOST}

 # Rabbit connection info

 RABBIT_HOST=${RABBIT_HOST:-localhost}

 RABBIT_PASSWORD=${RABBIT_PASSWORD:-`openssl rand -hex 12`}

+read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT."

 # Glance connection info.  Note the port must be specified.

 GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292}

+

 # Keystone

 # --------

 # Service Token - Openstack components need to have an admin token

 # to validate user tokens.

-SERVICE_TOKEN=${SERVICE_TOKEN:-`openssl rand -hex 12`}

+read_password SERVICE_TOKEN "ENTER A SERVICE_TOKEN TO USE FOR THE SERVICE ADMIN TOKEN."

 # Dash currently truncates usernames and passwords at 20 characters

-# so use 10 bytes

-ADMIN_PASSWORD=${ADMIN_PASSWORD:-`openssl rand -hex 10`}

+read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR DASH AND KEYSTONE (20 CHARS OR LESS)."

+

+LOGFILE=${LOGFILE:-"$PWD/stack.sh.$$.log"}

+(

+# So that errors don't compound we exit on any errors so you see only the

+# first error that occured.

+trap failed ERR

+failed() {

+    local r=$?

+    set +o xtrace

+    [ -n "$LOGFILE" ] && echo "${0##*/} failed: full log in $LOGFILE"

+    exit $r

+}

+

+# Print the commands being run so that we can see the command that triggers

+# an error.  It is also useful for following along as the install occurs.

+set -o xtrace

+sudo mkdir -p $DEST

+sudo chown `whoami` $DEST

 # Install Packages

 # ================

@@ -228,6 +280,7 @@ ADMIN_PASSWORD=${ADMIN_PASSWORD:-`openssl rand -hex 10`}

 # install apt requirements

+sudo apt-get update

 sudo apt-get install -qqy `cat $FILES/apts/* | cut -d\# -f1 | grep -Ev "mysql-server|rabbitmq-server"`

 # install python requirements

@@ -301,15 +354,28 @@ if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then

     # Seed configuration with mysql password so that apt-get install doesn't

     # prompt us for a password upon install.

     cat <<MYSQL_PRESEED | sudo debconf-set-selections

-mysql-server-5.1 mysql-server/root_password password $MYSQL_PASS

-mysql-server-5.1 mysql-server/root_password_again password $MYSQL_PASS

+mysql-server-5.1 mysql-server/root_password password $MYSQL_PASSWORD

+mysql-server-5.1 mysql-server/root_password_again password $MYSQL_PASSWORD

 mysql-server-5.1 mysql-server/start_on_boot boolean true

 MYSQL_PRESEED

+    # while ``.my.cnf`` is not needed for openstack to function, it is useful

+    # as it allows you to access the mysql databases via ``mysql nova`` instead

+    # of having to specify the username/password each time.

+    if [[ ! -e $HOME/.my.cnf ]]; then

+        cat <<EOF >$HOME/.my.cnf

+[client]

+user=$MYSQL_USER

+password=$MYSQL_PASSWORD

+host=$MYSQL_HOST

+EOF

+        chmod 0600 $HOME/.my.cnf

+    fi

+

     # Install and start mysql-server

     sudo apt-get -y -q install mysql-server

     # Update the DB to give user ‘$MYSQL_USER’@’%’ full control of the all databases:

-    sudo mysql -uroot -p$MYSQL_PASS -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' identified by '$MYSQL_PASS';"

+    sudo mysql -uroot -p$MYSQL_PASSWORD -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' identified by '$MYSQL_PASSWORD';"

     # Edit /etc/mysql/my.cnf to change ‘bind-address’ from localhost (127.0.0.1) to any (0.0.0.0) and restart the mysql service:

     sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf

@@ -360,8 +426,8 @@ if [[ "$ENABLED_SERVICES" =~ "g-reg" ]]; then

     mkdir -p $GLANCE_IMAGE_DIR

     # (re)create glance database

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS glance;'

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE glance;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS glance;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE glance;'

     # Copy over our glance-registry.conf

     GLANCE_CONF=$GLANCE_DIR/etc/glance-registry.conf

     cp $FILES/glance-registry.conf $GLANCE_CONF

@@ -490,8 +556,8 @@ fi

 if [[ "$ENABLED_SERVICES" =~ "mysql" ]]; then

     # (re)create nova database

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS nova;'

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE nova;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS nova;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE nova;'

     # (re)create nova database

     $NOVA_DIR/bin/nova-manage db sync

@@ -509,8 +575,8 @@ fi

 if [[ "$ENABLED_SERVICES" =~ "key" ]]; then

     # (re)create keystone database

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'DROP DATABASE IF EXISTS keystone;'

-    mysql -u$MYSQL_USER -p$MYSQL_PASS -e 'CREATE DATABASE keystone;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'

+    mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone;'

     # FIXME (anthony) keystone should use keystone.conf.example

     KEYSTONE_CONF=$KEYSTONE_DIR/etc/keystone.conf

@@ -584,9 +650,8 @@ fi

 # have to do a little more than that in our script.  Since we add the group

 # ``libvirtd`` to our user in this script, when nova-compute is run it is

 # within the context of our original shell (so our groups won't be updated).

-# We can send the command nova-compute to the ``newgrp`` command to execute

-# in a specific context.

-screen_it n-cpu "cd $NOVA_DIR && echo $NOVA_DIR/bin/nova-compute | newgrp libvirtd"

+# Use 'sg' to execute nova-compute as a member of the libvirtd group.

+screen_it n-cpu "cd $NOVA_DIR && sg libvirtd $NOVA_DIR/bin/nova-compute"

 screen_it n-net "cd $NOVA_DIR && $NOVA_DIR/bin/nova-network"

 screen_it n-sch "cd $NOVA_DIR && $NOVA_DIR/bin/nova-scheduler"

 screen_it n-vnc "cd $NOVNC_DIR && ./utils/nova-wsproxy.py 6080 --web . --flagfile=../nova/bin/nova.conf"

@@ -595,57 +660,53 @@ screen_it dash "cd $DASH_DIR && sudo /etc/init.d/apache2 restart; sudo tail -f /

 # Install Images

 # ==============

-# Upload a couple images to glance.  **TTY** is a simple small image that use the 

-# lets you login to it with username/password of user/password.  TTY is useful 

-# for basic functionality.  We all include an Ubuntu cloud build of **Natty**.

-# Natty uses cloud-init, supporting login via keypair and sending scripts as

-# userdata.  

+# Upload an image to glance.

 #

-# Read more about cloud-init at https://help.ubuntu.com/community/CloudInit

+# The default image is a small ***TTY*** testing image, which lets you login

+# the username/password of root/password.

+#

+# TTY also uses cloud-init, supporting login via keypair and sending scripts as

+# userdata.  See https://help.ubuntu.com/community/CloudInit for more on cloud-init

+#

+# Override IMAGE_URLS if you would to launch a different image(s).  

+# Specify IMAGE_URLS as a comma-separated list of uec urls.  Some other options include: