Juju Charms Collection
nova-cloud-controller package

Merge lp:~gandelman-a/charms/precise/nova-cloud-controller/openstack-charmers-merge into lp:~openstack-charmers/charms/precise/nova-cloud-controller/ha-support

Proposed by Adam Gandelman on 2013-01-18

Status:	Merged
Merged at revision:	53
Proposed branch:	lp:~gandelman-a/charms/precise/nova-cloud-controller/openstack-charmers-merge
Merge into:	lp:~openstack-charmers/charms/precise/nova-cloud-controller/ha-support
Diff against target:	817 lines (+492/-84) 8 files modified config.yaml (+0/-4) hooks/lib/nova/essex (+2/-2) hooks/lib/nova/folsom (+3/-5) hooks/lib/nova/grizzly (+80/-0) hooks/lib/nova/nova-common (+27/-2) hooks/lib/openstack-common (+136/-22) hooks/nova-cloud-controller-common (+190/-35) hooks/nova-cloud-controller-relations (+54/-14)
To merge this branch:	bzr merge lp:~gandelman-a/charms/precise/nova-cloud-controller/openstack-charmers-merge
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
OpenStack Charmers		2013-01-18	Pending
Review via email: mp+143801@code.launchpad.net

Description of the change

Adds ssh key distribution required for nova migration support.

Revision history for this message

Adam Gandelman (gandelman-a) wrote on 2013-01-18:

Note, this MP is a redirect of work originally targeted at the upstream branch but still under review, to help consolidate the number of in-flight charm branches we have right now. Rebased it against the rest of our HA work so it should be a clean merge atm. Original MP @ https://code.launchpad.net/~gandelman-a/charms/precise/nova-cloud-controller/live_migration/+merge/142431

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Adam Gandelman

Andreas Hasenack

Nobuto Murata

OpenStack Charmers

 === modified file 'config.yaml'
 --- config.yaml	2013-01-09 09:55:00 +0000
 +++ config.yaml	2013-01-18 00:30:31 +0000
@@ -14,10 +14,6 @@
        Note that updating this setting to a source that is known to
        provide a later version of OpenStack will trigger a software
        upgrade.
--  nova-config:
--    default: /etc/nova/nova.conf
--    type: string
--    description: Full path to nova.conf
    rabbit-user:
      default: nova
      type: string
 === modified file 'hooks/lib/nova/essex'
 --- hooks/lib/nova/essex	2012-10-03 00:37:57 +0000
 +++ hooks/lib/nova/essex	2013-01-18 00:30:31 +0000
@@ -12,7 +12,7 @@
    local nova_conf=${NOVA_CONF:-/etc/nova/nova.conf}
    local api_conf=${API_CONF:-/etc/nova/api-paste.ini}
--
++  local libvirtd_conf=${LIBVIRTD_CONF:-/etc/libvirt/libvirtd.conf}
    [[ -z $key ]] && juju-log "$CHARM set_or_update: value $value missing key" && exit 1
    [[ -z $value ]] && juju-log "$CHARM set_or_update: key $key missing value" && exit 1
    [[ -z "$conf_file" ]] && conf_file=$nova_conf
@@ -22,7 +22,7 @@
                    pattern="--$key="
                    out=$pattern
                    ;;
--    "$api_conf") match="^$key = "
++    "$api_conf"|"$libvirtd_conf") match="^$key = "
                   pattern="$match"
                   out="$key = "
                   ;;
 === modified file 'hooks/lib/nova/folsom'
 --- hooks/lib/nova/folsom	2012-11-29 16:38:54 +0000
 +++ hooks/lib/nova/folsom	2013-01-18 00:30:31 +0000
@@ -15,6 +15,7 @@
    local quantum_conf=${QUANTUM_CONF:-/etc/quantum/quantum.conf}
    local quantum_api_conf=${QUANTUM_API_CONF:-/etc/quantum/api-paste.ini}
    local quantum_plugin_conf=${QUANTUM_PLUGIN_CONF:-/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini}
++  local libvirtd_conf=${LIBVIRTD_CONF:-/etc/libvirt/libvirtd.conf}
    [[ -z $key ]] && juju-log "$CHARM: set_or_update: value $value missing key" && exit 1
    [[ -z $value ]] && juju-log "$CHARM: set_or_update: key $key missing value" && exit 1
@@ -27,11 +28,8 @@
                    pattern="$key="
                    out=$pattern
                    ;;
--    "$api_conf") match="^$key = "
--                 pattern="$match"
--                 out="$key = "
--                 ;;
--    "$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf")
++    "$api_conf"|"$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf"| \
++    "$libvirtd_conf")
                   match="^$key = "
                   pattern="$match"
                   out="$key = "
 === added file 'hooks/lib/nova/grizzly'
 --- hooks/lib/nova/grizzly	1970-01-01 00:00:00 +0000
 +++ hooks/lib/nova/grizzly	2013-01-18 00:30:31 +0000
@@ -0,0 +1,80 @@
++#!/bin/bash -e
++
++# Folsom-specific functions
++
++nova_set_or_update() {
++  # TODO: This needs to be shared among folsom, grizzly and beyond.
++  # Set a config option in nova.conf or api-paste.ini, depending
++  # Defaults to updating nova.conf
++  local key="$1"
++  local value="$2"
++  local conf_file="$3"
++  local section="${4:-DEFAULT}"
++
++  local nova_conf=${NOVA_CONF:-/etc/nova/nova.conf}
++  local api_conf=${API_CONF:-/etc/nova/api-paste.ini}
++  local quantum_conf=${QUANTUM_CONF:-/etc/quantum/quantum.conf}
++  local quantum_api_conf=${QUANTUM_API_CONF:-/etc/quantum/api-paste.ini}
++  local quantum_plugin_conf=${QUANTUM_PLUGIN_CONF:-/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini}
++  local libvirtd_conf=${LIBVIRTD_CONF:-/etc/libvirt/libvirtd.conf}
++
++  [[ -z $key ]] && juju-log "$CHARM: set_or_update: value $value missing key" && exit 1
++  [[ -z $value ]] && juju-log "$CHARM: set_or_update: key $key missing value" && exit 1
++
++  [[ -z "$conf_file" ]] && conf_file=$nova_conf
++
++  local pattern=""
++  case "$conf_file" in
++    "$nova_conf") match="^$key="
++                  pattern="$key="
++                  out=$pattern
++                  ;;
++    "$api_conf"|"$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf"| \
++    "$libvirtd_conf")
++                 match="^$key = "
++                 pattern="$match"
++                 out="$key = "
++                 ;;
++    *) juju-log "$CHARM ERROR: set_or_update: Invalid conf_file ($conf_file)"
++  esac
++
++  cat $conf_file | grep "$match$value" >/dev/null &&
++    juju-log "$CHARM: $key=$value already in set in $conf_file" \
++      && return 0
++
++  case $conf_file in
++    "$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf")
++        python -c "
++import ConfigParser
++config = ConfigParser.RawConfigParser()
++config.read('$conf_file')
++config.set('$section','$key','$value')
++with open('$conf_file', 'wb') as configfile:
++    config.write(configfile)
++"
++      ;;
++    *)
++      if cat $conf_file | grep "$match" >/dev/null ; then
++        juju-log "$CHARM: Updating $conf_file, $key=$value"
++        sed -i "s|\($pattern\).*|\1$value|" $conf_file
++      else
++        juju-log "$CHARM: Setting new option $key=$value in $conf_file"
++        echo "$out$value" >>$conf_file
++      fi
++      ;;
++  esac
++}
++
++# Upgrade Helpers
++nova_pre_upgrade() {
++  # Pre-upgrade helper.  Caller should pass the version of OpenStack we are
++  # upgrading from.
++  return 0 # Nothing to do here, yet.
++}
++
++nova_post_upgrade() {
++  # Post-upgrade helper.  Caller should pass the version of OpenStack we are
++  # upgrading from.
++  juju-log "$CHARM: Running post-upgrade hook: $upgrade_from -> folsom."
++  # nothing to do here yet.
++}
 === removed symlink 'hooks/lib/nova/grizzly'
 === target was u'folsom'
 === modified file 'hooks/lib/nova/nova-common'
 --- hooks/lib/nova/nova-common	2012-12-06 21:32:44 +0000
 +++ hooks/lib/nova/nova-common	2013-01-18 00:30:31 +0000
@@ -32,9 +32,15 @@
  configure_volume_service() {
    local svc="$1"
++  local cur_vers="$(get_os_codename_package "nova-common")"
    case "$svc" in
--    "cinder") set_or_update "volume_api_class" "nova.volume.cinder.API" ;;
--    "nova-volume") set_or_update "volume_api_class" "nova.volume.api.API" ;;
++    "cinder")
++      set_or_update "volume_api_class" "nova.volume.cinder.API" ;;
++    "nova-volume")
++      # nova-volume only supported before grizzly.
++      [[ "$cur_vers" == "essex" ]] || [[ "$cur_vers" == "folsom" ]] &&
++        set_or_update "volume_api_class" "nova.volume.api.API"
++      ;;
      *) juju-log "$CHARM ERROR - configure_volume_service: Invalid service $svc"
         return 1 ;;
    esac
@@ -49,6 +55,25 @@
        ;;
      "FlatDHCPManager")
        set_or_update "network_manager" "nova.network.manager.FlatDHCPManager"
++
++      if [[ "$CHARM" == "nova-compute" ]] ; then
++        local flat_interface=$(config-get flat-interface)
++        local ec2_host=$(relation-get ec2_host)
++        set_or_update flat_inteface "$flat_interface"
++        set_or_update ec2_dmz_host "$ec2_host"
++
++        # Ensure flat_interface has link.
++        if ip link show $flat_interface >/dev/null 2>&1 ; then
++          ip link set $flat_interface up
++        fi
++
++        # work around (LP: #1035172)
++        if [[ -e /dev/vhost-net ]] ; then
++          iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM \
++            --checksum-fill
++        fi
++      fi
++
        ;;
      "Quantum")
        local local_ip=$(get_ip `unit-get private-address`)
 === modified file 'hooks/lib/openstack-common'
 --- hooks/lib/openstack-common	2013-01-09 09:55:00 +0000
 +++ hooks/lib/openstack-common	2013-01-18 00:30:31 +0000
@@ -70,46 +70,62 @@
        # gpg key id tagged to end of url folloed by a |
        url=$(echo $src | cut -d'|' -f1)
        key=$(echo $src | cut -d'|' -f2)
--      if [[ -n "$key" ]] ; then
--        juju-log "$CHARM: Importing repository key: $key"
--        apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$key" || \
--          juju-log "$CHARM WARN: Could not import key from keyserver: $key"
--      else
--        juju-log "$CHARM No repository key specified"
--        url="$src"
--      fi
--      echo $url > /etc/apt/sources.list.d/juju_deb.list
++      juju-log "$CHARM: Importing repository key: $key"
++      apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$key" || \
++        juju-log "$CHARM WARN: Could not import key from keyserver: $key"
++    else
++      juju-log "$CHARM No repository key specified."
++      url="$src"
      fi
++    echo "$url" > /etc/apt/sources.list.d/juju_deb.list
      return 0
    fi
    # Cloud Archive
    if [[ "${src:0:6}" == "cloud:" ]] ; then
--    local archive_key="5EDB1B62EC4926EA"
--    local rel=$(echo $src | cut -d: -f2)
--    local u_rel=$(echo $rel | cut -d- -f1)
--    local ca_rel=$(echo $rel | cut -d- -f2)
++
++    # current os releases supported by the UCA.
++    local cloud_archive_versions="folsom grizzly"
++
++    local ca_rel=$(echo $src | cut -d: -f2)
++    local u_rel=$(echo $ca_rel | cut -d- -f1)
++    local os_rel=$(echo $ca_rel | cut -d- -f2 | cut -d/ -f1)
      [[ "$u_rel" != "$DISTRIB_CODENAME" ]] &&
        error_out "Cannot install from Cloud Archive pocket $src " \
                  "on this Ubuntu version ($DISTRIB_CODENAME)!"
--    if [[ "$ca_rel" == "folsom/staging" ]] ; then
--      # cloud archive staging is just a regular PPA.
--      add-apt-repository -y ppa:ubuntu-cloud-archive/folsom-staging
++    valid_release=""
++    for rel in $cloud_archive_versions ; do
++      if [[ "$os_rel" == "$rel" ]] ; then
++        valid_release=1
++        juju-log "Installing OpenStack ($os_rel) from the Ubuntu Cloud Archive."
++      fi
++    done
++    if [[ -z "$valid_release" ]] ; then
++      error_out "OpenStack release ($os_rel) not supported by "\
++                "the Ubuntu Cloud Archive."
++    fi
++
++    # CA staging repos are standard PPAs.
++    if echo $ca_rel | grep -q "staging" ; then
++      add-apt-repository -y ppa:ubuntu-cloud-archive/${os_rel}-staging
        return 0
      fi
++    # the others are LP-external deb repos.
      case "$ca_rel" in
--      "folsom"|"folsom/updates") pocket="precise-updates/folsom" ;;
--      "folsom/proposed") pocket="precise-proposed/folsom" ;;
++      "$u_rel-$os_rel"|"$u_rel-$os_rel/updates") pocket="$u_rel-updates/$os_rel" ;;
++      "$u_rel-$os_rel/proposed") pocket="$u_rel-proposed/$os_rel" ;;
++      "$u_rel-$os_rel"|"$os_rel/updates") pocket="$u_rel-updates/$os_rel" ;;
++      "$u_rel-$os_rel/proposed") pocket="$u_rel-proposed/$os_rel" ;;
        *) error_out "Invalid Cloud Archive repo specified: $src"
      esac
++    apt-get -y install ubuntu-cloud-keyring
      entry="deb http://ubuntu-cloud.archive.canonical.com/ubuntu $pocket main"
      echo "$entry" \
        >/etc/apt/sources.list.d/ubuntu-cloud-archive-$DISTRIB_CODENAME.list
--    apt-key  adv --keyserver keyserver.ubuntu.com --recv-keys $archive_key
      return 0
    fi
@@ -142,8 +158,8 @@
        case "$ca_rel" in
          "folsom"|"folsom/updates"|"folsom/proposed"|"folsom/staging")
            codename="folsom" ;;
--        "grizzly"|"grizzly/updates"|"grizzly/proposed"|"grizzy/staging")
--          codename="grizly" ;;
++        "grizzly"|"grizzly/updates"|"grizzly/proposed"|"grizzly/staging")
++          codename="grizzly" ;;
        esac
      fi
    fi
@@ -161,7 +177,7 @@
+ }
  get_os_codename_package() {
--  local pkg_vers=$(dpkg -l | grep "$1" | awk '{ print $3 }')
++  local pkg_vers=$(dpkg -l | grep "$1" | awk '{ print $3 }') || echo "none"
    case "${pkg_vers:0:6}" in
      "2011.2") echo "diablo" ;;
      "2012.1") echo "essex" ;;
@@ -201,6 +217,104 @@
+ "
+ }
++# Common storage routines used by cinder, nova-volume and swift-storage.
++clean_storage() {
++  # if configured to overwrite existing storage, we unmount the block-dev
++  # if mounted and clear any previous pv signatures
++  local block_dev="$1"
++  juju-log "Cleaining storage '$block_dev'"
++  if grep -q "^$block_dev" /proc/mounts ; then
++    mp=$(grep "^$block_dev" /proc/mounts   | awk '{ print $2 }')
++    juju-log "Unmounting $block_dev from $mp"
++    umount "$mp" || error_out "ERROR: Could not unmount storage from $mp"
++  fi
++  if pvdisplay "$block_dev" >/dev/null 2>&1 ; then
++    juju-log "Removing existing LVM PV signatures from $block_dev"
++
++    # deactivate any volgroups that may be built on this dev
++    vg=$(pvdisplay $block_dev | grep "VG Name" | awk '{ print $3 }')
++    if [[ -n "$vg" ]] ; then
++      juju-log "Deactivating existing volume group: $vg"
++      vgchange -an "$vg" ||
++        error_out "ERROR: Could not deactivate volgroup $vg.  Is it in use?"
++    fi
++    echo "yes" | pvremove -ff "$block_dev" ||
++      error_out "Could not pvremove $block_dev"
++  else
++    juju-log "Zapping disk of all GPT and MBR structures"
++    sgdisk --zap-all $block_dev ||
++      error_out "Unable to zap $block_dev"
++  fi
++}
++
++function get_block_device() {
++  # given a string, return full path to the block device for that
++  # if input is not a block device, find a loopback device
++  local input="$1"
++
++  case "$input" in
++    /dev/*) [[ ! -b "$input" ]] && error_out "$input does not exist."
++            echo "$input"; return 0;;
++    /*) :;;
++    *)  [[ ! -b "/dev/$input" ]] && error_out "/dev/$input does not exist."
++        echo "/dev/$input"; return 0;;
++  esac
++
++  # this represents a file
++  # support "/path/to/file|5G"
++  local fpath size oifs="$IFS"
++  if [ "${input#*|}" != "${input}" ]; then
++    size=${input##*|}
++    fpath=${input%|*}
++  else
++    fpath=${input}
++    size=5G
++  fi
++
++  ## loop devices are not namespaced.  This is bad for containers.
++  ## it means that the output of 'losetup' may have the given $fpath
++  ## in it, but that may not represent this containers $fpath, but
++  ## another containers.  To address that, we really need to
++  ## allow some uniq container-id to be expanded within path.
++  ## TODO: find a unique container-id that will be consistent for
++  ##       this container throughout its lifetime and expand it
++  ##       in the fpath.
++  # fpath=${fpath//%{id}/$THAT_ID}
++
++  local found=""
++  # parse through 'losetup -a' output, looking for this file
++  # output is expected to look like:
++  #   /dev/loop0: [0807]:961814 (/tmp/my.img)
++  found=$(losetup -a |
++    awk 'BEGIN { found=0; }
++         $3 == f { sub(/:$/,"",$1); print $1; found=found+1; }
++         END { if( found == 0 || found == 1 ) { exit(0); }; exit(1); }' \
++         f="($fpath)")
++
++  if [ $? -ne 0 ]; then
++    echo "multiple devices found for $fpath: $found" 1>&2
++    return 1;
++  fi
++
++  [ -n "$found" -a -b "$found" ] && { echo "$found"; return 1; }
++
++  if [ -n "$found" ]; then
++    echo "confused, $found is not a block device for $fpath";
++    return 1;
++  fi
++
++  # no existing device was found, create one
++  mkdir -p "${fpath%/*}"
++  truncate --size "$size" "$fpath" ||
++    { echo "failed to create $fpath of size $size"; return 1; }
++
++  found=$(losetup --find --show "$fpath") ||
++    { echo "failed to setup loop device for $fpath" 1>&2; return 1; }
++
++  echo "$found"
++  return 0
++}
++
  HAPROXY_CFG=/etc/haproxy/haproxy.cfg
  HAPROXY_DEFAULT=/etc/default/haproxy
 === modified file 'hooks/nova-cloud-controller-common'
 --- hooks/nova-cloud-controller-common	2013-01-09 09:55:00 +0000
 +++ hooks/nova-cloud-controller-common	2013-01-18 00:30:31 +0000
@@ -3,52 +3,97 @@
  CHARM="nova-cloud-controller"
  CONF_DIR="/etc/nova"
--SERVICES="nova-api-ec2 nova-api-os-compute nova-objectstore nova-cert nova-scheduler"
--
--# If we have a relation to nova-volume-service, we'll also manage its API
--# endpoint here.
--n_vol=$(relation-ids nova-volume-service)
--if [[ -n "$n_vol" ]] ; then
--  SERVICES="$SERVICES nova-api-os-volume"
--  dpkg -l | grep -q nova-api-os-volume || apt-get -y install nova-api-os-volume
--fi
--
--PACKAGES="$SERVICES python-mysqldb python-keystone uuid haproxy"
--
--NET_MANAGER=$(config-get network-manager)
--if [ "$NET_MANAGER" == "Quantum" ]; then
--    SERVICES="$SERVICES quantum-server"
--    PACKAGES="$PACKAGES quantum-server"
--    QUANTUM_PLUGIN=$(config-get quantum-plugin)
--    case $QUANTUM_PLUGIN in
--        "ovs")
--            PACKAGES="$PACKAGES quantum-plugin-openvswitch"
--            QUANTUM_CORE_PLUGIN="quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2"
--            QUANTUM_PLUGIN_CONF="/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini"
--            ;;
--        "nvp")
--            PACKAGES="$PACKAGES quantum-plugin-nicira"
--            QUANTUM_CORE_PLUGIN="quantum.plugins.nicira.nicira_nvp_plugin.QuantumPlugin.NvpPluginV2"
--            QUANTUM_PLUGIN_CONF="/etc/quantum/plugins/nicira/nvp.ini"
--            ;;
--        *)
--            juju-log "Unrecognised plugin for quantum: $QUANTUM_PLUGIN" && exit 1
--            ;;
--    esac
--fi
--
--NOVA_CONF=$(config-get nova-config)
++NOVA_CONF="/etc/nova/nova.conf"
  API_CONF="/etc/nova/api-paste.ini"
  QUANTUM_CONF="/etc/quantum/quantum.conf"
  QUANTUM_API_CONF="/etc/quantum/api-paste.ini"
++NET_MANAGER=$(config-get network-manager)
++
  if [[ -e $CHARM_DIR/lib/nova/nova-common ]] ; then
    . $CHARM_DIR/lib/nova/nova-common
  else
    juju-log "Couldn't load $CHARM_DIR/lib/nova/nova-common" && exit 1
  fi
++function determine_services {
++  # Sets the global $SERVICES which contains a list of all services
++  # managed by the charm.  This changes based on OpenStack release.
++  # Currently, the services also determines what ends up in $PACKAGES.
++
++  # base c-c services supported across all os releases since essex.
++  SERVICES="nova-api-ec2 nova-api-os-compute nova-objectstore nova-cert nova-scheduler"
++
++  # determine additional services, dependent on what version of OS.
++  local install_src="$(config-get openstack-origin)"
++  install_src=$(get_os_codename_install_source "$install_src")
++  local os_vers=$(get_os_codename_package "nova-common")
++  if [[ "$os_vers" == "none" ]] ; then
++    [[ "$install_src" == "unknown" ]] && echo "$SERVICES" && return 0
++  fi
++
++  os_vers="$install_src"
++  if [[ "$os_vers" != "essex" ]] && [[ "$os_vers" != "folsom" ]] ; then
++    # nova-conductor was introduced in grizzly.
++    SERVICES="$SERVICES nova-conductor"
++  else
++      local n_vol=$(relation-ids nova-volume-service)
++      if [[ -n "$n_vol" ]] ; then
++        # nova-volume was dropped in G but may still be deployed for E + F,
++        # but should only be managed when a relation to nova-volume exists.
++        SERVICES="$SERVICES nova-api-os-volume"
++        # need to also ensure the package gets installed here.  if the relation
++        # is introduced during another hook, a call to 'service_ctl all' will
++        # require it to be there.
++        dpkg -l | grep -q nova-api-os-volume ||
++          apt-get -y install nova-api-os-volume
++      fi
++  fi
++
++  # quantum is really only supported for folsom and beyond.
++  if [[ "$NET_MANAGER" == "Quantum" ]] ; then
++    [[ "$os_vers" == "essex" ]] &&
++      error_out "Quantum network manager only supported for Folsom + beyond."
++    SERVICES="$SERVICES quantum-server"
++  fi
++}
++
++function determine_packages {
++  # Derive a list of packages based on what our service needs are.  This changes
++  # depending on several factors.
++  determine_services
++  PACKAGES="$SERVICES python-mysqldb python-keystone uuid charm-helper-sh haproxy"
++
++  if echo $PACKAGES | grep -q "quantum-server" ; then
++    case "$(config-get quantum-plugin)" in
++      "ovs") PACKAGES="$PACKAGES quantum-plugin-openvswitch" ;;
++      "nvp") PACKAGES="$PACKAGES quantum-plugin-nicira" ;;
++    esac
++  fi
++  juju-log "$CHARM: Determined required packages: $PACKAGES."
++}
++
++function determine_quantum_config {
++  # Set QUANTUM_PLUGIN and point QUANTUM_CORE_PLUGIN and QUANTUM_PLUGIN_CONF
++  # to the correct files based on configuration.
++  QUANTUM_PLUGIN=${QUANTUM_PLUGIN:-$(config-get quantum-plugin)}
++  case "$QUANTUM_PLUGIN" in
++    "ovs")
++      QUANTUM_CORE_PLUGIN="quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2"
++      QUANTUM_PLUGIN_CONF="/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini"
++      ;;
++    "nvp")
++      QUANTUM_CORE_PLUGIN="quantum.plugins.nicira.nicira_nvp_plugin.QuantumPlugin.NvpPluginV2"
++      QUANTUM_PLUGIN_CONF="/etc/quantum/plugins/nicira/nvp.ini"
++      ;;
++  *)
++    juju-log "Unrecognised plugin for quantum: $QUANTUM_PLUGIN" && exit 1
++    ;;
++  esac
++}
++
  function configure_quantum_networking {
++  determine_quantum_config
    if [ "$(config-get conf-ext-net)" != "no" ] &&
       [ "$QUANTUM_PLUGIN" == "ovs" ] &&
       [ -f /etc/quantum/novarc ] &&
@@ -63,3 +108,113 @@
                      $(config-get ext-net-name)
    fi
+ }
++
++function ssh_authorized_keys {
++  local key="$1"
++  local action="$2"
++  local exists=""
++
++  local sunit=$(echo $JUJU_REMOTE_UNIT | cut -d/ -f1)
++  mkdir -p /etc/nova/compute_ssh/$sunit
++  local authorized_keys="/etc/nova/compute_ssh/$sunit/authorized_keys"
++
++  [[ -e "$authorized_keys" ]] &&
++    grep -q "^$key" $authorized_keys && exists="true"
++
++  if [[ "$action" == "add" ]] ; then
++    [[ -n "$exists" ]] &&
++      juju-log "$CHARM: SSH key already authorized for $JUJU_REMOTE_UNIT." &&
++        return 0
++
++    echo "$key" >>$authorized_keys
++    juju-log "$CHARM: Authorized new SSH key for $JUJU_REMOTE_UNIT."
++    return 0
++  elif [[ "$action" == "remove" ]] ; then
++    # we have no way of getting to the relation state during a departed hook.
++    # we only have the peer's unit name, so remove an authorized key based on
++    # its comment, which should can be derived from the remote unit name and
++    # gets passed in here from caller as key/$1
++    local key_ln=$(sed -n "\, ${key}$,=" $authorized_keys)
++    [[ -z "$key_ln" ]] &&
++      juju-log "$CHARM: Cannot remove SSH key for $key, not authorized?" &&
++        return 0
++
++    for ln in $key_ln ; do
++      sed -i "${ln}d" $authorized_keys
++      juju-log "$CHARM: Removed existing SSH key ($key) from authorized_keys."
++    done
++    return 0
++  else
++    error_out "$CHARM: ssh_authorize_keys() invalid action specified: $action."
++  fi
++}
++
++function ssh_known_hosts {
++  # Keeps the system-wide SSH known hosts file up to date with compute
++  # nodes host keys.
++  local host="$1"
++  local sunit=$(echo $JUJU_REMOTE_UNIT | cut -d/ -f1)
++  mkdir -p /etc/nova/compute_ssh/$sunit
++  local known_hosts="/etc/nova/compute_ssh/$sunit/known_hosts"
++  juju-log "$CHARM: Ensuring host is included and up to date in $known_hosts."
++
++  [[ ! -e $known_hosts ]] && touch $known_hosts
++
++  local remote_key=""
++  remote_key=$(ssh-keyscan -H -t rsa $host) ||
++    error_out "$CHARM: Couldn't obtain SSH host key from $host."
++  local existing=$(ssh-keygen -f $known_hosts -H -F $host | tail -n1)
++  if [[ -n "$existing" ]] ; then
++    juju-log "$CHARM: Found existing SSH known host key for $host."
++    [[ "$existing" == "$remote_key" ]] && echo "HI"
++    remote=$(echo $remote_key | awk '{ print $2" "$3 }')
++    existing=$(echo $existing | awk '{ print $2" "$3 }')
++    if [[ "$remote" == "$existing" ]] ; then
++      juju-log "$CHARM: SSH known host key for $host is up to date."
++      return 0
++    fi
++    juju-log "$CHARM: Removing outdated SSH host key for $host."
++    ssh-keygen -f $known_hosts -R $host
++  else
++    juju-log "$CHARM: No known hosts entry for $host."
++  fi
++  juju-log "$CHARM: Adding new SSH known hosts entry for $host."
++  echo $remote_key >>$known_hosts
++
++}
++
++function ssh_compute {
++  if [[ "$1" == "add" ]] ; then
++    local ssh_key=$(relation-get ssh_public_key)
++    [[ -z "$ssh_key" ]] &&
++      juju-log "$CHARM: ssh_compute peer not ready." && exit 0
++
++    ssh_authorized_keys "$ssh_key" "add"
++
++    # need to ensure known hosts entries for all possible addresses
++    . /usr/share/charm-helper/sh/net.sh
++    local known_hosts=""
++    local private_address=$(relation-get private-address)
++    known_hosts="$private_address"
++    if ! ch_is_ip "$private_address" ; then
++      known_hosts="$known_hosts $(get_ip $private_address)"
++      known_hosts="$known_hosts $(echo $private_address | cut -d. -f1)"
++    fi
++    for host in $known_hosts ; do
++      ssh_known_hosts "$host"
++    done
++  elif [[ "$1" == "remove" ]] ; then
++    # remove key by referencing remote unit, not entire key.
++    local remote_unit=$(echo $JUJU_REMOTE_UNIT | sed -e 's,/,-,g')
++    ssh_authorized_keys "$remote_unit" remove
++  else
++    error_out "ssh_compute: Invalid parameter: $1."
++  fi
++
++  local sunit=$(echo $JUJU_REMOTE_UNIT | cut -d/ -f1)
++
++  # base64 encodings should trigger new relation events as needed.
++  relation-set \
++    known_hosts="$(base64 /etc/nova/compute_ssh/$sunit/known_hosts)" \
++    authorized_keys="$(base64 /etc/nova/compute_ssh/$sunit/authorized_keys)"
++}
 === modified file 'hooks/nova-cloud-controller-relations'
 --- hooks/nova-cloud-controller-relations	2013-01-16 20:43:56 +0000
 +++ hooks/nova-cloud-controller-relations	2013-01-18 00:30:31 +0000
@@ -15,9 +15,13 @@
    configure_install_source "$(config-get openstack-origin)"
    apt-get update || exit 1
++  determine_packages
    DEBIAN_FRONTEND=noninteractive apt-get -y \
      install --no-install-recommends $PACKAGES || exit 1
++  if [[ "$NET_MANAGER" == "Quantum" ]] ; then
++    determine_quantum_config
++  fi
    configure_network_manager $NET_MANAGER
    # Configure any flags specified in deployment config
@@ -59,6 +63,7 @@
    if dpkg --compare-versions $(get_os_version_codename "$cur") lt \
                               $(get_os_version_codename "$available") ; then
      juju-log "$CHARM: Upgrading OpenStack release: $cur -> $available."
++    determine_packages
      do_openstack_upgrade "$install_src" $PACKAGES
    fi
@@ -70,6 +75,7 @@
      configure_quantum_networking
    fi
++  determine_services
    service_ctl all restart
+ }
@@ -124,7 +130,7 @@
      set_or_update rabbit_virtual_host "$rabbit_vhost" "$QUANTUM_CONF"
    fi
--  service_ctl all restart
++  determine_services && service_ctl all restart
+ }
  function db_joined {
@@ -158,9 +164,11 @@
    if [ "$NET_MANAGER" == "Quantum" ]; then
      local quantum_db_password=`relation-get quantum_password`
++    determine_quantum_config
      set_or_update sql_connection "mysql://quantum:$quantum_db_password@$db_host/quantum?charset=utf8" \
        $QUANTUM_PLUGIN_CONF "DATABASE"
    fi
++  determine_services
    service_ctl all stop
    /usr/bin/nova-manage db sync
    service_ctl all start
@@ -176,7 +184,7 @@
      juju-log "$CHARM - image-service_changed: Peer not ready?" && exit 0
    set_or_update glance_api_servers $api_server
    set_or_update image_service "nova.image.glance.GlanceImageService"
--  service_ctl all restart
++  determine_services && service_ctl all restart
+ }
  function keystone_joined {
@@ -305,8 +313,8 @@
  EOF
    fi
--  service_ctl all restart
--
++  determine_services && service_ctl all restart
++
    if [ "$NET_MANAGER" == "Quantum" ]; then
      configure_quantum_networking
      # ripple out changes to identity to connected services
@@ -333,8 +341,16 @@
      *) svc="nova-volume" ;;
    esac
++  local cur_vers=$(get_os_codename_package "nova-common")
++  if [[ "$cur_vers" != "essex" ]] && [[ "$cur_vers" != "folsom" ]] &&
++     [[ "$svc" == "nova-volume" ]] ; then
++    juju-log "$CHARM: WARNING nova-volume is only supported on Essex "\
++             "and Folsom.  Ignoring new relation to nova-volume service."
++    exit 0
++  fi
++
    configure_volume_service "$svc"
--  service_ctl all restart
++  deteremine_services && service_ctl all restart
    # The nova-volume API can be hosted here alongside the other
    # nova API services, but there needs to be a new endpoint
@@ -388,13 +404,35 @@
      relation-set quantum_plugin=$(config-get quantum-plugin)
    fi
--  # Compute's volume driver is dependent on volume service deployed.
--  local r_ids=$(relation-ids cinder-volume-service)
--  if [[ -n "$r_ids" ]] ; then
--    relation-set volume_service="cinder"
--  else
--    relation-set volume_service="nova-volume"
--  fi
++  # volume driver is dependent on os version, or presence
++  # of cinder (on folsom, at least)
++  local cur_vers=$(get_os_codename_package "nova-common")
++  local vol_drv="cinder"
++  case "$cur_vers" in
++    "essex")
++      vol_drv="nova-volume"
++      ;;
++    "folsom")
++      local r_ids=$(relation-get cinder-volume-service)
++      [[ -z "$r_ids" ]] && vol_drv="nova-volume"
++      ;;
++  esac
++  relation-set volume_service="$vol_drv"
++}
++
++compute_changed() {
++  local migration_auth="$(relation-get migration_auth_type)"
++  [[ -z "$migration_auth" ]] &&
++    juju-log "$CHARM: compute_changed - Peer not ready or "\
++             "no migration auth. configured." && exit 0
++
++  case "$migration_auth" in
++    "ssh") ssh_compute add ;;
++  esac
++}
++
++compute_departed() {
++  ssh_compute remove
+ }
  function quantum_joined() {
@@ -499,10 +537,10 @@
  arg0=$(basename $0)
  case $arg0 in
--  "start"|"stop") service_ctl all $arg0 ;;
++  "start"|"stop") determine_services ; service_ctl all $arg0 ;;
    "install") install_hook ;;
    "config-changed") config_changed ;;
--  "upgrade-charm") upgrade_charm ;;
++  "upgrade-charm") upgrade_charm ;;
    "amqp-relation-joined") amqp_joined ;;
    "amqp-relation-changed") amqp_changed ;;
    "shared-db-relation-joined") db_joined ;;
@@ -514,6 +552,8 @@
    "cinder-volume-service-relation-joined") volume_joined ;;
    "nova-volume-service-relation-joined") volume_joined ;;
    "cloud-compute-relation-joined") compute_joined ;;
++  "cloud-compute-relation-changed") compute_changed ;;
++  "cloud-compute-relation-departed") compute_departed ;;
    "quantum-network-service-relation-joined") quantum_joined ;;
    "cluster-relation-changed") cluster_changed ;;
    "cluster-relation-departed") cluster_changed ;;

Juju Charms Collectionnova-cloud-controller package

Merge lp:~gandelman-a/charms/precise/nova-cloud-controller/openstack-charmers-merge into lp:~openstack-charmers/charms/precise/nova-cloud-controller/ha-support

Commit message

Description of the change

Preview Diff

Subscribers

Juju Charms Collection
nova-cloud-controller package