Merge branch 'kilo'
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..4c51a24
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,2 @@
+[ssh_connection]
+ssh_args=-o ControlMaster=no
diff --git a/cloudlab-compute.yml b/cloudlab-compute.yml
index 10713a0..35006b0 100644
--- a/cloudlab-compute.yml
+++ b/cloudlab-compute.yml
@@ -10,12 +10,11 @@
- name: Make sure we're using KVM
shell: juju set nova-compute virt-type=kvm
- - pause: "Wait until services have started"
-
- name: Add nova-compute relations
script: scripts/juju-compute-relations.py
- - pause: "Wait until relations are added"
+ - name: Wait until relations are added
+ script: scripts/wait-for-services.sh
# Play: set up ansible-pull for OpenCloud-specific files on nova-compute nodes
- hosts: cloudlab-compute
@@ -40,14 +39,10 @@
repo_url: git://github.com/andybavier/opencloud-nova-compute-ansible.git
# Branch or tag to checkout
- #repo_version: onlab
+ repo_version: kilo
tasks:
- - name: Set up extra space on CloudLab nodes
- shell: /usr/testbed/bin/mkextrafs /var/lib/libvirt/images
- creates=/var/lib/libvirt/images/lost+found
-
- name: Install ansible
apt: name=ansible state=installed
diff --git a/cloudlab-hosts b/cloudlab-hosts
index 61919c9..68f772d 100644
--- a/cloudlab-hosts
+++ b/cloudlab-hosts
@@ -1,5 +1,5 @@
[cloudlab-head]
-ctl.acb-qv8253.xos-pg0.clemson.cloudlab.us
+ctl.install.xos-pg0.clemson.cloudlab.us
[cloudlab-compute]
-cp-1.acb-qv8253.xos-pg0.clemson.cloudlab.us
+cp-1.install.xos-pg0.clemson.cloudlab.us
diff --git a/cloudlab-setup.yml b/cloudlab-setup.yml
index 227a333..3030556 100644
--- a/cloudlab-setup.yml
+++ b/cloudlab-setup.yml
@@ -5,9 +5,7 @@
sudo: yes
tasks:
- - apt: update_cache=yes
-
- - apt: name={{ item }}
+ - apt: name={{ item }} update_cache=yes
with_items:
- python-pycurl
- software-properties-common
@@ -18,8 +16,8 @@
- name: Add Ansible repository
apt_repository: repo="ppa:ansible/ansible"
- - name: Install older version of Juju due to bug in 1.22
- apt: name=juju-core
+ - name: Update Ansible cache
+ apt: update_cache=yes
- name: Install packages
apt: name={{ item }} state=latest
@@ -28,6 +26,11 @@
- uvtool
- git
- bzr
+ - juju-core
+ - python-novaclient
+ - python-neutronclient
+ - python-keystoneclient
+ - python-glanceclient
- name: Get juju-ansible git repo
git: repo=https://github.com/cmars/juju-ansible.git
@@ -46,22 +49,25 @@
- name: Generate key to use in VMs
user: name={{ ansible_env['SUDO_USER'] }} generate_ssh_key=yes
- - name: Set up extra space on CloudLab nodes
+ - name: (CloudLab) Set up extra disk space
shell: /usr/testbed/bin/mkextrafs /var/lib/uvtool/libvirt/images
creates=/var/lib/uvtool/libvirt/images/lost+found
- name: Add myself to libvirtd group
- shell: usermod -aG libvirtd {{ ansible_env['SUDO_USER'] }}
+ user: name={{ ansible_env['SUDO_USER'] }}
+ groups=libvirtd
+ append=yes
- name: Get trusty image for uvtool
shell: uvt-simplestreams-libvirt sync --source http://cloud-images.ubuntu.com/daily release=trusty arch=amd64
+ - name: Change the subnet of virbr0 to 192.168.100.0/24
+ shell: sed -i 's/192.168.122/192.168.100/g' /etc/libvirt/qemu/networks/default.xml
+
- name: Create VMs to host OpenCloud services
sudo: no
script: scripts/create-vms.sh
-# - pause: prompt="Hit return when all VMs have IP addresses"
-
- include: tasks/vm-ips.yml
- name: Add VMs to /etc/hosts
@@ -119,8 +125,6 @@
shell: juju bootstrap
creates={{ ansible_env['PWD'] }}/.juju/environments/manual.jenv
- # - pause: Break here and try rebooting Juju VM
-
- name: Copy openstack.cfg for Juju
sudo: yes
copy: src=files/openstack.cfg
@@ -135,24 +139,11 @@
- name: Deploy OpenStack services with Juju
script: scripts/juju-setup.py
-# - pause: prompt="Hit return when all services have started successfully"
-
- - name: Set MTU for GRE tunneling
- shell: "juju set quantum-gateway instance-mtu=1400"
-
- - name: Use HTTPS for keystone authentication
- shell: 'juju set keystone use-https=yes'
-
- - name: Use HTTPS for all service endpoints
- shell: 'juju set keystone https-service-endpoints=True'
-
- - name: Use SSL for rabbitmq
- shell: 'juju set rabbitmq-server ssl=on'
-
- name: Add all Juju relations between services
script: scripts/juju-relations.py
- - pause: prompt="Wait for relations to be fully added"
+ - name: Wait for relations to be fully added
+ script: scripts/wait-for-services.sh
# Play: Use libvirt hooks to set up iptables
- hosts: cloudlab-head
@@ -192,6 +183,14 @@
template: src=templates/admin-openrc.sh.j2
dest={{ ansible_env['PWD'] }}/admin-openrc.sh
+ - name: (CloudLab) Make sure that /root/setup exists
+ file: path=/root/setup state=directory
+ sudo: yes
+
+ - name: (CloudLab) Copy credentials to /root/setup
+ shell: scp admin-openrc.sh /root/setup
+ sudo: yes
+
- name: Copy credentials to nova-cloud-controller
shell: "scp admin-openrc.sh ubuntu@nova-cloud-controller:"
@@ -208,15 +207,27 @@
shell: cat {{ ansible_env['PWD'] }}/.ssh/id_rsa.pub
register: sshkey
+ - name: Copy CA certificate
+ shell: sudo juju scp nova-cloud-controller/0:/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt /usr/local/share/ca-certificates
+ creates=/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt
+
+ - name: Update CA ca-certificates
+ shell: update-ca-certificates
+ sudo: yes
+
- hosts: cloudlab-compute
sudo: yes
vars:
control_net: 192.168.122.0/24
- gateway: 130.127.133.105
+ gateway: "{{ hostvars['ctl.install.xos-pg0.clemson.cloudlab.us']['ansible_default_ipv4']['address'] }}"
tasks:
- name: Install package needed by Juju
apt: name=python-yaml state=present
+ - name: Add key
+ authorized_key: user="{{ ansible_env['SUDO_USER'] }}"
+ key="{{ hostvars['ctl.install.xos-pg0.clemson.cloudlab.us']['sshkey']['stdout'] }}"
+
- name: Add route via /etc/rc.local
template: src=templates/etc/rc.local.cloudlab
dest=/etc/rc.local
@@ -224,9 +235,12 @@
notify:
- run /etc/rc.local
- - name: Add key
- authorized_key: user="{{ ansible_env['SUDO_USER'] }}"
- key="{{ hostvars['ctl.acb-qv8253.xos-pg0.clemson.cloudlab.us']['sshkey']['stdout'] }}"
+ - name: Touch ~/.ssh/config
+ file: path=/var/lib/nova state=directory
+
+ - name: (CloudLab) Set up extra disk space
+ shell: /usr/testbed/bin/mkextrafs /var/lib/nova
+ creates=/var/lib/nova/lost+found
handlers:
- name: run /etc/rc.local
diff --git a/files/etc/libvirt/hooks/daemon b/files/etc/libvirt/hooks/daemon
index cff3fb7..8d9102b 100644
--- a/files/etc/libvirt/hooks/daemon
+++ b/files/etc/libvirt/hooks/daemon
@@ -2,7 +2,7 @@
SHELL="/bin/bash"
-NIC=$( route|grep default|awk '{print$8}' )
+NIC=$( route|grep default|awk '{print $NF}' )
NAME="${1}"
OP="${2}"
@@ -13,12 +13,12 @@
DPORT=$1
VM=$2
TOPORT=$3
-
+
VMIP=$( getent ahosts $VM|head -1|awk '{print $1}' )
iptables -t nat -C PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
if [ "$?" -ne 0 ]
then
- iptables -t nat -A PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
+ iptables -t nat -A PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
fi
}
@@ -29,7 +29,7 @@
add_port_fwd_rule 4990 keystone 4990
add_port_fwd_rule 5000 keystone 5000
add_port_fwd_rule 8774 nova-cloud-controller 8774
- add_port_fwd_rule 9696 nova-cloud-controller 9696
+ add_port_fwd_rule 9696 neutron-api 9696
add_port_fwd_rule 9292 glance 9292
add_port_fwd_rule 8080 openstack-dashboard 80
add_port_fwd_rule 3128 nagios 80
@@ -37,4 +37,4 @@
# Also flush the filter table before rules re-added
iptables -F
-fi
+fi
diff --git a/files/etc/libvirt/hooks/qemu b/files/etc/libvirt/hooks/qemu
index 903fced..2b059cb 100644
--- a/files/etc/libvirt/hooks/qemu
+++ b/files/etc/libvirt/hooks/qemu
@@ -2,7 +2,7 @@
SHELL="/bin/bash"
-NIC=$( route|grep default|awk '{print$8}' )
+NIC=$( route|grep default|awk '{print $NF}' )
PORTAL=$( dig +short portal.opencloud.us )
NAME="${1}"
@@ -11,25 +11,29 @@
ARGS="${4}"
add_rule() {
- ARGS=$1
- iptables -C FORWARD $ARGS
+ CHAIN=$1
+ ARGS=$2
+ iptables -C $CHAIN $ARGS
if [ "$?" -ne 0 ]
then
- iptables -I FORWARD 1 $ARGS
+ iptables -I $CHAIN 1 $ARGS
fi
}
add_local_access_rules() {
SUBNET=$( ip addr show $NIC|grep "inet "|awk '{print $2}' )
- add_rule "-s $SUBNET -j ACCEPT"
+ PRIVATENET=$( ip addr show virbr0|grep "inet "|awk '{print $2}' )
+ add_rule "FORWARD" "-s $SUBNET -j ACCEPT"
+ # Don't NAT traffic from service VMs destined to the local subnet
+ add_rule "POSTROUTING" "-t nat -s $PRIVATENET -d $SUBNET -j RETURN"
}
add_portal_access_rules() {
- add_rule "-s $PORTAL -j ACCEPT"
+ add_rule "FORWARD" "-s $PORTAL -j ACCEPT"
}
add_web_access_rules() {
- add_rule "-p tcp --dport 80 -j ACCEPT"
+ add_rule "FORWARD" "-p tcp --dport 80 -j ACCEPT"
}
if [ "$OP" = "start" ]
@@ -37,4 +41,4 @@
add_local_access_rules
add_portal_access_rules
add_web_access_rules
-fi
+fi
diff --git a/files/openstack.cfg b/files/openstack.cfg
index 9503b4d..bbbbad7 100644
--- a/files/openstack.cfg
+++ b/files/openstack.cfg
@@ -1,17 +1,36 @@
glance:
- openstack-origin: "cloud:trusty-icehouse"
+ openstack-origin: "cloud:trusty-kilo"
keystone:
admin-password: ""
- openstack-origin: "cloud:trusty-icehouse"
+ https-service-endpoints: "True"
+ openstack-origin: "cloud:trusty-kilo"
+ use-https: "yes"
nova-cloud-controller:
+ console-access-protocol: "novnc"
network-manager: "Neutron"
- openstack-origin: "cloud:trusty-icehouse"
+ openstack-origin: "cloud:trusty-kilo"
nova-compute:
- config-flags: "firewall_driver=nova.virt.firewall.NoopFirewallDriver"
- openstack-origin: "cloud:trusty-icehouse"
+# config-flags: "firewall_driver=nova.virt.firewall.NoopFirewallDriver"
+ config-flags: "firewall_driver=nova.virt.firewall.NoopFirewallDriver,xos_api_url=http://130.127.133.51:9999"
+ disable-neutron-security-groups: "True"
+ openstack-origin: "cloud:trusty-kilo"
ntp:
- source: "ntp.cs.princeton.edu"
openstack-dashboard:
- openstack-origin: "cloud:trusty-icehouse"
-quantum-gateway:
- openstack-origin: "cloud:trusty-icehouse"
+ openstack-origin: "cloud:trusty-kilo"
+neutron-gateway:
+ bridge-mappings: "physnet1:br-data nat:br-nat"
+ flat-network-providers: "*"
+ instance-mtu: "1400"
+ openstack-origin: "cloud:trusty-kilo"
+ vlan-ranges: "physnet1:1000:2000 nat"
+neutron-api:
+ flat-network-providers: "*"
+ openstack-origin: "cloud:trusty-kilo"
+ vlan-ranges: "physnet1:1000:2000 nat"
+neutron-openvswitch:
+ bridge-mappings: "physnet1:br-data nat:br-nat"
+ disable-security-groups: "True"
+ flat-network-providers: "*"
+ vlan-ranges: "physnet1:1000:2000 nat"
+rabbitmq-server:
+ ssl: "on"
diff --git a/scripts/create-vms.sh b/scripts/create-vms.sh
index d56b043..dba3099 100755
--- a/scripts/create-vms.sh
+++ b/scripts/create-vms.sh
@@ -19,7 +19,8 @@
create-vm keystone 2 4096 40
create-vm glance 2 4096 160
create-vm nova-cloud-controller 2 4096 40
-create-vm quantum-gateway 2 4096 40
+create-vm neutron-gateway 2 4096 40
+create-vm neutron-api 2 4096 40
create-vm openstack-dashboard 1 2048 20
create-vm ceilometer 1 2048 20
create-vm nagios 1 2048 20
diff --git a/scripts/juju-compute-relations.py b/scripts/juju-compute-relations.py
index 49d0cdc..535b5d4 100755
--- a/scripts/juju-compute-relations.py
+++ b/scripts/juju-compute-relations.py
@@ -11,6 +11,7 @@
"nova-compute:amqp rabbitmq-server:amqp",
"nova-compute glance",
"nova-compute nova-cloud-controller",
+ "nova-compute neutron-openvswitch",
"ntp nova-compute",
"nova-compute nagios",
"nova-compute nrpe",
@@ -31,7 +32,7 @@
time.sleep(sleep_interval)
except:
pass
-
+
def destroyrelations():
for relation in relations:
print "Destroying relation %s" % relation
@@ -51,6 +52,6 @@
destroyrelations()
else:
addrelations()
-
+
if __name__ =='__main__':
main()
diff --git a/scripts/juju-compute-setup.py b/scripts/juju-compute-setup.py
index 0c5ea3c..326eaf3 100755
--- a/scripts/juju-compute-setup.py
+++ b/scripts/juju-compute-setup.py
@@ -7,7 +7,8 @@
jujuconfig="/usr/local/src/openstack.cfg"
services = {
- "nova-compute" : "--config=%s cs:~andybavier/trusty/nova-compute" % jujuconfig,
+# "nova-compute" : "--config=%s cs:~andybavier/trusty/nova-compute" % jujuconfig,
+ "nova-compute" : "--config=%s nova-compute" % jujuconfig,
}
def get_free_machines(status):
@@ -28,14 +29,14 @@
free[machine] = mchinfo
return free
-
+
def deploy(status, service, cmd):
# Deploy nova-compute to all free machines
machines = get_free_machines(status)
-
+
for (machine, mchinfo) in machines.iteritems():
- if service in status['services']:
+ if service in status['services']:
print "Adding unit %s on %s" % (service, mchinfo['dns-name'])
subprocess.check_call("juju add-unit --to=%s %s" % (machine, service), shell=True)
else:
diff --git a/scripts/juju-relations.py b/scripts/juju-relations.py
index 1be59ab..9c4b1f7 100755
--- a/scripts/juju-relations.py
+++ b/scripts/juju-relations.py
@@ -13,26 +13,34 @@
"nova-cloud-controller keystone",
"glance mysql",
"glance keystone",
- "quantum-gateway mysql",
- "quantum-gateway rabbitmq-server",
- "quantum-gateway nova-cloud-controller",
+ "neutron-gateway neutron-api",
+ "neutron-gateway:amqp rabbitmq-server:amqp",
+ "neutron-gateway nova-cloud-controller",
+ "neutron-gateway mysql",
+ "neutron-api keystone",
+ "neutron-api neutron-openvswitch",
+ "neutron-api mysql",
+ "neutron-api rabbitmq-server",
+ "neutron-api nova-cloud-controller",
+ "neutron-openvswitch rabbitmq-server",
"openstack-dashboard keystone",
- "ntp nova-cloud-controller",
- "mysql nagios",
- "rabbitmq-server nagios",
- "keystone nagios",
- "glance nagios",
- "nova-cloud-controller nagios",
- "quantum-gateway nagios",
- "openstack-dashboard nagios",
+# "mysql nagios",
+# "rabbitmq-server nagios",
+# "keystone nagios",
+# "glance nagios",
+# "nova-cloud-controller nagios",
+# "neutron-gateway nagios",
+# "openstack-dashboard nagios",
+# "neutron-api nagios",
"nagios nrpe",
- "mysql nrpe",
+ "mysql:juju-info nrpe:general-info",
"rabbitmq-server nrpe",
"keystone nrpe",
"glance nrpe",
"nova-cloud-controller nrpe",
- "quantum-gateway nrpe",
+ "neutron-gateway nrpe",
"openstack-dashboard nrpe",
+ "neutron-api nrpe",
"ceilometer mongodb",
"ceilometer rabbitmq-server",
"ceilometer:identity-service keystone:identity-service",
@@ -55,7 +63,7 @@
time.sleep(sleep_interval)
except:
pass
-
+
def destroyrelations():
for relation in relations:
print "Destroying relation %s" % relation
@@ -75,6 +83,6 @@
destroyrelations()
else:
addrelations()
-
+
if __name__ =='__main__':
main()
diff --git a/scripts/juju-setup.py b/scripts/juju-setup.py
index ca5cbfe..3a75b07 100755
--- a/scripts/juju-setup.py
+++ b/scripts/juju-setup.py
@@ -8,15 +8,19 @@
# Assumption: VMs have same hostname as service that runs inside
machines = ["mysql", "rabbitmq-server", "keystone", "glance", "nova-cloud-controller",
- "quantum-gateway", "openstack-dashboard", "ceilometer", "nagios"]
+ "neutron-gateway", "openstack-dashboard", "ceilometer", "nagios", "neutron-api"]
services = {
"mysql" : "mysql",
"rabbitmq-server" : "rabbitmq-server",
"keystone" : "--config=%s keystone" % jujuconfig,
"glance" : "--config=%s glance" % jujuconfig,
- "nova-cloud-controller" : "--config=%s cs:~andybavier/trusty/nova-cloud-controller" % jujuconfig,
- "quantum-gateway" : "--config=%s cs:~andybavier/trusty/quantum-gateway" % jujuconfig,
+# "nova-cloud-controller" : "--config=%s cs:~andybavier/trusty/nova-cloud-controller" % jujuconfig,
+ "nova-cloud-controller" : "--config=%s nova-cloud-controller" % jujuconfig,
+ "neutron-gateway" : "--config=%s cs:~andybavier/trusty/neutron-gateway" % jujuconfig,
+# "neutron-gateway" : "--config=%s neutron-gateway" % jujuconfig,
+ "neutron-api" : "--config=%s neutron-api" % jujuconfig,
+ "neutron-openvswitch" : "--config=%s neutron-openvswitch" % jujuconfig,
"openstack-dashboard" : "--config=%s openstack-dashboard" % jujuconfig,
"nagios" : "nagios",
"mongodb" : "mongodb", # deploy to ceilometer machine
diff --git a/scripts/network-setup.sh b/scripts/network-setup.sh
index a7f4a06..05e4c12 100755
--- a/scripts/network-setup.sh
+++ b/scripts/network-setup.sh
@@ -19,7 +19,7 @@
neutron subnet-show $NAME-net 2>&1 > /dev/null
if [ "$?" -ne 0 ]
then
- neutron subnet-create $NAME-net --name $NAME-net $CIDR --gateway=$GW --enable-dhcp=false
+ neutron subnet-create $NAME-net --name $NAME-net $CIDR --gateway=$GW --disable-dhcp
fi
}
@@ -30,7 +30,7 @@
neutron subnet-show $NAME-net 2>&1 > /dev/null
if [ "$?" -ne 0 ]
then
- neutron subnet-create $NAME-net --name $NAME-net $CIDR --no-gateway --enable-dhcp=false
+ neutron subnet-create $NAME-net --name $NAME-net $CIDR --no-gateway --disable-dhcp
fi
}
diff --git a/scripts/wait-for-services.sh b/scripts/wait-for-services.sh
new file mode 100755
index 0000000..da4ef1f
--- /dev/null
+++ b/scripts/wait-for-services.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Wait for there to be no services in pending state
+while $( juju status --format=summary|grep -q pending )
+do
+ sleep 10
+done
diff --git a/tasks/vm-ips.yml b/tasks/vm-ips.yml
index 519535f..8406a7a 100644
--- a/tasks/vm-ips.yml
+++ b/tasks/vm-ips.yml
@@ -17,8 +17,8 @@
- shell: uvt-kvm ip nova-cloud-controller
register: novacc_ip
-- shell: uvt-kvm ip quantum-gateway
- register: quantum_ip
+- shell: uvt-kvm ip neutron-gateway
+ register: neutron_ip
- shell: uvt-kvm ip openstack-dashboard
register: horizon_ip
@@ -27,4 +27,7 @@
register: nagios_ip
- shell: uvt-kvm ip ceilometer
- register: ceilometer_ip
\ No newline at end of file
+ register: ceilometer_ip
+
+- shell: uvt-kvm ip neutron-api
+ register: neutron_api_ip
diff --git a/templates/etc/ansible/hosts.j2 b/templates/etc/ansible/hosts.j2
index 742a35a..007b456 100644
--- a/templates/etc/ansible/hosts.j2
+++ b/templates/etc/ansible/hosts.j2
@@ -8,7 +8,8 @@
keystone
glance
nova-cloud-controller
-quantum-gateway
+neutron-gateway
openstack-dashboard
ceilometer
nagios
+neutron-api
diff --git a/templates/etc/cron.d/ansible-pull.j2 b/templates/etc/cron.d/ansible-pull.j2
index 12f3f6d..73d3cd4 100644
--- a/templates/etc/cron.d/ansible-pull.j2
+++ b/templates/etc/cron.d/ansible-pull.j2
@@ -1,2 +1,2 @@
# Cron job to git clone/pull a repo and then run locally
-{{ schedule }} {{ cron_user }} ansible-pull -o -d {{ workdir }} -U {{ repo_url }} >>{{ logfile }} 2>&1
+{{ schedule }} {{ cron_user }} ansible-pull -o -d {{ workdir }} -U {{ repo_url }} -C {{ repo_version }} >>{{ logfile }} 2>&1
diff --git a/templates/etc/hosts.j2 b/templates/etc/hosts.j2
index f153b6e..b095c5c 100644
--- a/templates/etc/hosts.j2
+++ b/templates/etc/hosts.j2
@@ -6,10 +6,11 @@
{{ keystone_ip.stdout }} keystone
{{ glance_ip.stdout }} glance
{{ novacc_ip.stdout }} nova-cloud-controller
-{{ quantum_ip.stdout }} quantum-gateway
+{{ neutron_ip.stdout }} neutron-gateway
{{ horizon_ip.stdout }} openstack-dashboard
{{ ceilometer_ip.stdout }} ceilometer
{{ nagios_ip.stdout }} nagios
+{{ neutron_api_ip.stdout}} neutron-api
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback