OpenStack Compute (nova)

Merge lp:~berendt/nova/lp712681 into lp:~hudson-openstack/nova/trunk

  1. lp712681
  2. Merge into trunk
Proposed by Christian Berendt
Status: Merged
Approved by: Devin Carlen
Approved revision: 680
Merged at revision: 715
Proposed branch: lp:~berendt/nova/lp712681
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 2496 lines (+0/-2320)
32 files modified
contrib/puppet/files/etc/default/nova-compute (+0/-1)
contrib/puppet/files/etc/default/nova-volume (+0/-1)
contrib/puppet/files/etc/issue (+0/-5)
contrib/puppet/files/etc/libvirt/qemu.conf (+0/-170)
contrib/puppet/files/etc/lvm/lvm.conf (+0/-463)
contrib/puppet/files/etc/nova.conf (+0/-28)
contrib/puppet/files/production/boto.cfg (+0/-3)
contrib/puppet/files/production/genvpn.sh (+0/-35)
contrib/puppet/files/production/libvirt.qemu.xml.template (+0/-35)
contrib/puppet/files/production/my.cnf (+0/-137)
contrib/puppet/files/production/nova-iptables (+0/-187)
contrib/puppet/files/production/nova-iscsi-dev.sh (+0/-19)
contrib/puppet/files/production/setup_data.sh (+0/-6)
contrib/puppet/files/production/slap.sh (+0/-261)
contrib/puppet/fileserver.conf (+0/-8)
contrib/puppet/manifests/classes/apt.pp (+0/-1)
contrib/puppet/manifests/classes/issue.pp (+0/-14)
contrib/puppet/manifests/classes/kern_module.pp (+0/-34)
contrib/puppet/manifests/classes/loopback.pp (+0/-6)
contrib/puppet/manifests/classes/lvm.pp (+0/-8)
contrib/puppet/manifests/classes/lvmconf.pp (+0/-8)
contrib/puppet/manifests/classes/nova.pp (+0/-464)
contrib/puppet/manifests/classes/swift.pp (+0/-7)
contrib/puppet/manifests/site.pp (+0/-120)
contrib/puppet/manifests/templates.pp (+0/-21)
contrib/puppet/puppet.conf (+0/-11)
contrib/puppet/templates/haproxy.cfg.erb (+0/-39)
contrib/puppet/templates/monitrc-nova-api.erb (+0/-138)
contrib/puppet/templates/nova-iptables.erb (+0/-10)
contrib/puppet/templates/production/nova-common.conf.erb (+0/-55)
contrib/puppet/templates/production/nova-nova.conf.erb (+0/-21)
nova/service.py (+0/-4)
To merge this branch: bzr merge lp:~berendt/nova/lp712681
Reviewer Review Type Date Requested Status
Todd Willey (community) Approve
Devin Carlen (community) Approve
Thierry Carrez (community) Approve
Review via email: mp+49871@code.launchpad.net

Description of the change

At the moment --pidfile is still used in some scripts in contrib/puppet/. I don't use puppet, please check if there are possible side effects.

To post a comment you must log in.
Revision history for this message
Devin Carlen (devcamcar) wrote :

The monit template in puppet/contrib is still making use of pidfile. To be fair, this couldn't work now anyway since pidfile flag doesn't do anything. Here is the bit in question, from contrib/puppet/templates/monitrc-nova-api.erb:

check process nova_api_<%= port %> with pidfile /var/run/nova/nova-api-<%= port %>.pid
   group nova_api
   start program = "/usr/bin/nova-api --flagfile=/etc/nova/nova.conf --pidfile=/var/run/nova/nova-api-<%= port %>.pid --api_listen_port=<%= port %> --lockfile=/var/run/nova/nova-api-<%= port %>.pid.lock start"
       as uid nova

Revision history for this message
Christian Berendt (berendt) wrote :

@Devin: Do you know who is responsible for the puppet stuff? I want to talk to them that they should cleanup the pid file handling...

Revision history for this message
Vish Ishaya (vishvananda) wrote :

Already done. I think we should move puppet scripts out, though. They
were just there as an example

On Sunday, February 20, 2011, Christian Berendt <email address hidden> wrote:
> @Devin: Do you know who is responsible for the puppet stuff? I want to talk to them that they should cleanup the pid file handling...
> --
> https://code.launchpad.net/~berendt/nova/lp712681/+merge/49871
> You are subscribed to branch lp:nova.
>

lp:~berendt/nova/lp712681 updated
680. By Christian Berendt

puppet scripts only there as an example, should be moved to some other place if they are still necessary

Revision history for this message
Christian Berendt (berendt) wrote :

I removed the puppet files in this branch. I think the branch can be merged now or do you think we need a discussion about the removing of contrib/puppet?

Revision history for this message
Todd Willey (xtoddx) wrote :

I think they need to come out, they don't really do anyone any good. It might be worth letting the mailing list know and then waiting until Wednesday or so to see if anyone objects.

Revision history for this message
Christian Berendt (berendt) wrote :

Posted a mail on ML openstack, lazy approval until wednesday (18:00 UTC). I'll post the results here, than we can approve (or disapprove...).

Revision history for this message
Thierry Carrez (ttx) wrote :

Deployment scripts in general should live outside the source tree, unless we can always keep them in sync with the rest of the code. They are usually refined once the code stabilizes and even shortly after release, so their release cycle is slightly off. That's why we pushed the nova deployment tool from NII outside the main source tree, and I don't see the puppet stuff being any different.

review: Approve
Revision history for this message
Devin Carlen (devcamcar) wrote :

lgtm

review: Approve
Revision history for this message
Todd Willey (xtoddx) wrote :

looks good. assuming no push-back on the mailing list we can approve this tomorrow.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== removed directory 'contrib/puppet'
2=== removed directory 'contrib/puppet/files'
3=== removed directory 'contrib/puppet/files/etc'
4=== removed directory 'contrib/puppet/files/etc/default'
5=== removed file 'contrib/puppet/files/etc/default/nova-compute'
6--- contrib/puppet/files/etc/default/nova-compute 2010-11-12 19:07:46 +0000
7+++ contrib/puppet/files/etc/default/nova-compute 1970-01-01 00:00:00 +0000
8@@ -1,1 +0,0 @@
9-ENABLED=true
10
11=== removed file 'contrib/puppet/files/etc/default/nova-volume'
12--- contrib/puppet/files/etc/default/nova-volume 2010-11-12 19:07:46 +0000
13+++ contrib/puppet/files/etc/default/nova-volume 1970-01-01 00:00:00 +0000
14@@ -1,1 +0,0 @@
15-ENABLED=true
16
17=== removed file 'contrib/puppet/files/etc/issue'
18--- contrib/puppet/files/etc/issue 2010-11-12 19:07:46 +0000
19+++ contrib/puppet/files/etc/issue 1970-01-01 00:00:00 +0000
20@@ -1,5 +0,0 @@
21------------------------------------------------
22-
23- Welcome to your OpenStack installation!
24-
25------------------------------------------------
26
27=== removed directory 'contrib/puppet/files/etc/libvirt'
28=== removed file 'contrib/puppet/files/etc/libvirt/qemu.conf'
29--- contrib/puppet/files/etc/libvirt/qemu.conf 2010-11-12 19:07:46 +0000
30+++ contrib/puppet/files/etc/libvirt/qemu.conf 1970-01-01 00:00:00 +0000
31@@ -1,170 +0,0 @@
32-# Master configuration file for the QEMU driver.
33-# All settings described here are optional - if omitted, sensible
34-# defaults are used.
35-
36-# VNC is configured to listen on 127.0.0.1 by default.
37-# To make it listen on all public interfaces, uncomment
38-# this next option.
39-#
40-# NB, strong recommendation to enable TLS + x509 certificate
41-# verification when allowing public access
42-#
43-# vnc_listen = "0.0.0.0"
44-
45-
46-# Enable use of TLS encryption on the VNC server. This requires
47-# a VNC client which supports the VeNCrypt protocol extension.
48-# Examples include vinagre, virt-viewer, virt-manager and vencrypt
49-# itself. UltraVNC, RealVNC, TightVNC do not support this
50-#
51-# It is necessary to setup CA and issue a server certificate
52-# before enabling this.
53-#
54-# vnc_tls = 1
55-
56-
57-# Use of TLS requires that x509 certificates be issued. The
58-# default it to keep them in /etc/pki/libvirt-vnc. This directory
59-# must contain
60-#
61-# ca-cert.pem - the CA master certificate
62-# server-cert.pem - the server certificate signed with ca-cert.pem
63-# server-key.pem - the server private key
64-#
65-# This option allows the certificate directory to be changed
66-#
67-# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
68-
69-
70-# The default TLS configuration only uses certificates for the server
71-# allowing the client to verify the server's identity and establish
72-# and encrypted channel.
73-#
74-# It is possible to use x509 certificates for authentication too, by
75-# issuing a x509 certificate to every client who needs to connect.
76-#
77-# Enabling this option will reject any client who does not have a
78-# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
79-#
80-# vnc_tls_x509_verify = 1
81-
82-
83-# The default VNC password. Only 8 letters are significant for
84-# VNC passwords. This parameter is only used if the per-domain
85-# XML config does not already provide a password. To allow
86-# access without passwords, leave this commented out. An empty
87-# string will still enable passwords, but be rejected by QEMU
88-# effectively preventing any use of VNC. Obviously change this
89-# example here before you set this
90-#
91-# vnc_password = "XYZ12345"
92-
93-
94-# Enable use of SASL encryption on the VNC server. This requires
95-# a VNC client which supports the SASL protocol extension.
96-# Examples include vinagre, virt-viewer and virt-manager
97-# itself. UltraVNC, RealVNC, TightVNC do not support this
98-#
99-# It is necessary to configure /etc/sasl2/qemu.conf to choose
100-# the desired SASL plugin (eg, GSSPI for Kerberos)
101-#
102-# vnc_sasl = 1
103-
104-
105-# The default SASL configuration file is located in /etc/sasl2/
106-# When running libvirtd unprivileged, it may be desirable to
107-# override the configs in this location. Set this parameter to
108-# point to the directory, and create a qemu.conf in that location
109-#
110-# vnc_sasl_dir = "/some/directory/sasl2"
111-
112-
113-
114-
115-# The default security driver is SELinux. If SELinux is disabled
116-# on the host, then the security driver will automatically disable
117-# itself. If you wish to disable QEMU SELinux security driver while
118-# leaving SELinux enabled for the host in general, then set this
119-# to 'none' instead
120-#
121-# security_driver = "selinux"
122-
123-
124-# The user ID for QEMU processes run by the system instance
125-user = "root"
126-
127-# The group ID for QEMU processes run by the system instance
128-group = "root"
129-
130-# Whether libvirt should dynamically change file ownership
131-# to match the configured user/group above. Defaults to 1.
132-# Set to 0 to disable file ownership changes.
133-#dynamic_ownership = 1
134-
135-
136-# What cgroup controllers to make use of with QEMU guests
137-#
138-# - 'cpu' - use for schedular tunables
139-# - 'devices' - use for device whitelisting
140-#
141-# NB, even if configured here, they won't be used unless
142-# the adminsitrator has mounted cgroups. eg
143-#
144-# mkdir /dev/cgroup
145-# mount -t cgroup -o devices,cpu none /dev/cgroup
146-#
147-# They can be mounted anywhere, and different controlers
148-# can be mounted in different locations. libvirt will detect
149-# where they are located.
150-#
151-# cgroup_controllers = [ "cpu", "devices" ]
152-
153-# This is the basic set of devices allowed / required by
154-# all virtual machines.
155-#
156-# As well as this, any configured block backed disks,
157-# all sound device, and all PTY devices are allowed.
158-#
159-# This will only need setting if newer QEMU suddenly
160-# wants some device we don't already know a bout.
161-#
162-#cgroup_device_acl = [
163-# "/dev/null", "/dev/full", "/dev/zero",
164-# "/dev/random", "/dev/urandom",
165-# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
166-# "/dev/rtc", "/dev/hpet", "/dev/net/tun",
167-#]
168-
169-# The default format for Qemu/KVM guest save images is raw; that is, the
170-# memory from the domain is dumped out directly to a file. If you have
171-# guests with a large amount of memory, however, this can take up quite
172-# a bit of space. If you would like to compress the images while they
173-# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
174-# for save_image_format. Note that this means you slow down the process of
175-# saving a domain in order to save disk space; the list above is in descending
176-# order by performance and ascending order by compression ratio.
177-#
178-# save_image_format = "raw"
179-
180-# If provided by the host and a hugetlbfs mount point is configured,
181-# a guest may request huge page backing. When this mount point is
182-# unspecified here, determination of a host mount point in /proc/mounts
183-# will be attempted. Specifying an explicit mount overrides detection
184-# of the same in /proc/mounts. Setting the mount point to "" will
185-# disable guest hugepage backing.
186-#
187-# NB, within this mount point, guests will create memory backing files
188-# in a location of $MOUNTPOINT/libvirt/qemu
189-
190-# hugetlbfs_mount = "/dev/hugepages"
191-
192-# mac_filter enables MAC addressed based filtering on bridge ports.
193-# This currently requires ebtables to be installed.
194-#
195-# mac_filter = 1
196-
197-# By default, PCI devices below non-ACS switch are not allowed to be assigned
198-# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
199-# be assigned to guests.
200-#
201-# relaxed_acs_check = 1
202
203=== removed directory 'contrib/puppet/files/etc/lvm'
204=== removed file 'contrib/puppet/files/etc/lvm/lvm.conf'
205--- contrib/puppet/files/etc/lvm/lvm.conf 2010-11-12 19:07:46 +0000
206+++ contrib/puppet/files/etc/lvm/lvm.conf 1970-01-01 00:00:00 +0000
207@@ -1,463 +0,0 @@
208-# This is an example configuration file for the LVM2 system.
209-# It contains the default settings that would be used if there was no
210-# /etc/lvm/lvm.conf file.
211-#
212-# Refer to 'man lvm.conf' for further information including the file layout.
213-#
214-# To put this file in a different directory and override /etc/lvm set
215-# the environment variable LVM_SYSTEM_DIR before running the tools.
216-
217-
218-# This section allows you to configure which block devices should
219-# be used by the LVM system.
220-devices {
221-
222- # Where do you want your volume groups to appear ?
223- dir = "/dev"
224-
225- # An array of directories that contain the device nodes you wish
226- # to use with LVM2.
227- scan = [ "/dev" ]
228-
229- # If several entries in the scanned directories correspond to the
230- # same block device and the tools need to display a name for device,
231- # all the pathnames are matched against each item in the following
232- # list of regular expressions in turn and the first match is used.
233- preferred_names = [ ]
234-
235- # Try to avoid using undescriptive /dev/dm-N names, if present.
236- # preferred_names = [ "^/dev/mpath/", "^/dev/mapper/mpath", "^/dev/[hs]d" ]
237-
238- # A filter that tells LVM2 to only use a restricted set of devices.
239- # The filter consists of an array of regular expressions. These
240- # expressions can be delimited by a character of your choice, and
241- # prefixed with either an 'a' (for accept) or 'r' (for reject).
242- # The first expression found to match a device name determines if
243- # the device will be accepted or rejected (ignored). Devices that
244- # don't match any patterns are accepted.
245-
246- # Be careful if there there are symbolic links or multiple filesystem
247- # entries for the same device as each name is checked separately against
248- # the list of patterns. The effect is that if any name matches any 'a'
249- # pattern, the device is accepted; otherwise if any name matches any 'r'
250- # pattern it is rejected; otherwise it is accepted.
251-
252- # Don't have more than one filter line active at once: only one gets used.
253-
254- # Run vgscan after you change this parameter to ensure that
255- # the cache file gets regenerated (see below).
256- # If it doesn't do what you expect, check the output of 'vgscan -vvvv'.
257-
258-
259- # By default we accept every block device:
260- filter = [ "r|/dev/etherd/.*|", "r|/dev/block/.*|", "a/.*/" ]
261-
262- # Exclude the cdrom drive
263- # filter = [ "r|/dev/cdrom|" ]
264-
265- # When testing I like to work with just loopback devices:
266- # filter = [ "a/loop/", "r/.*/" ]
267-
268- # Or maybe all loops and ide drives except hdc:
269- # filter =[ "a|loop|", "r|/dev/hdc|", "a|/dev/ide|", "r|.*|" ]
270-
271- # Use anchors if you want to be really specific
272- # filter = [ "a|^/dev/hda8$|", "r/.*/" ]
273-
274- # The results of the filtering are cached on disk to avoid
275- # rescanning dud devices (which can take a very long time).
276- # By default this cache is stored in the /etc/lvm/cache directory
277- # in a file called '.cache'.
278- # It is safe to delete the contents: the tools regenerate it.
279- # (The old setting 'cache' is still respected if neither of
280- # these new ones is present.)
281- cache_dir = "/etc/lvm/cache"
282- cache_file_prefix = ""
283-
284- # You can turn off writing this cache file by setting this to 0.
285- write_cache_state = 1
286-
287- # Advanced settings.
288-
289- # List of pairs of additional acceptable block device types found
290- # in /proc/devices with maximum (non-zero) number of partitions.
291- # types = [ "fd", 16 ]
292-
293- # If sysfs is mounted (2.6 kernels) restrict device scanning to
294- # the block devices it believes are valid.
295- # 1 enables; 0 disables.
296- sysfs_scan = 1
297-
298- # By default, LVM2 will ignore devices used as components of
299- # software RAID (md) devices by looking for md superblocks.
300- # 1 enables; 0 disables.
301- md_component_detection = 1
302-
303- # By default, if a PV is placed directly upon an md device, LVM2
304- # will align its data blocks with the md device's stripe-width.
305- # 1 enables; 0 disables.
306- md_chunk_alignment = 1
307-
308- # By default, the start of a PV's data area will be a multiple of
309- # the 'minimum_io_size' or 'optimal_io_size' exposed in sysfs.
310- # - minimum_io_size - the smallest request the device can perform
311- # w/o incurring a read-modify-write penalty (e.g. MD's chunk size)
312- # - optimal_io_size - the device's preferred unit of receiving I/O
313- # (e.g. MD's stripe width)
314- # minimum_io_size is used if optimal_io_size is undefined (0).
315- # If md_chunk_alignment is enabled, that detects the optimal_io_size.
316- # This setting takes precedence over md_chunk_alignment.
317- # 1 enables; 0 disables.
318- data_alignment_detection = 1
319-
320- # Alignment (in KB) of start of data area when creating a new PV.
321- # If a PV is placed directly upon an md device and md_chunk_alignment or
322- # data_alignment_detection is enabled this parameter is ignored.
323- # Set to 0 for the default alignment of 64KB or page size, if larger.
324- data_alignment = 0
325-
326- # By default, the start of the PV's aligned data area will be shifted by
327- # the 'alignment_offset' exposed in sysfs. This offset is often 0 but
328- # may be non-zero; e.g.: certain 4KB sector drives that compensate for
329- # windows partitioning will have an alignment_offset of 3584 bytes
330- # (sector 7 is the lowest aligned logical block, the 4KB sectors start
331- # at LBA -1, and consequently sector 63 is aligned on a 4KB boundary).
332- # 1 enables; 0 disables.
333- data_alignment_offset_detection = 1
334-
335- # If, while scanning the system for PVs, LVM2 encounters a device-mapper
336- # device that has its I/O suspended, it waits for it to become accessible.
337- # Set this to 1 to skip such devices. This should only be needed
338- # in recovery situations.
339- ignore_suspended_devices = 0
340-}
341-
342-# This section that allows you to configure the nature of the
343-# information that LVM2 reports.
344-log {
345-
346- # Controls the messages sent to stdout or stderr.
347- # There are three levels of verbosity, 3 being the most verbose.
348- verbose = 0
349-
350- # Should we send log messages through syslog?
351- # 1 is yes; 0 is no.
352- syslog = 1
353-
354- # Should we log error and debug messages to a file?
355- # By default there is no log file.
356- #file = "/var/log/lvm2.log"
357-
358- # Should we overwrite the log file each time the program is run?
359- # By default we append.
360- overwrite = 0
361-
362- # What level of log messages should we send to the log file and/or syslog?
363- # There are 6 syslog-like log levels currently in use - 2 to 7 inclusive.
364- # 7 is the most verbose (LOG_DEBUG).
365- level = 0
366-
367- # Format of output messages
368- # Whether or not (1 or 0) to indent messages according to their severity
369- indent = 1
370-
371- # Whether or not (1 or 0) to display the command name on each line output
372- command_names = 0
373-
374- # A prefix to use before the message text (but after the command name,
375- # if selected). Default is two spaces, so you can see/grep the severity
376- # of each message.
377- prefix = " "
378-
379- # To make the messages look similar to the original LVM tools use:
380- # indent = 0
381- # command_names = 1
382- # prefix = " -- "
383-
384- # Set this if you want log messages during activation.
385- # Don't use this in low memory situations (can deadlock).
386- # activation = 0
387-}
388-
389-# Configuration of metadata backups and archiving. In LVM2 when we
390-# talk about a 'backup' we mean making a copy of the metadata for the
391-# *current* system. The 'archive' contains old metadata configurations.
392-# Backups are stored in a human readeable text format.
393-backup {
394-
395- # Should we maintain a backup of the current metadata configuration ?
396- # Use 1 for Yes; 0 for No.
397- # Think very hard before turning this off!
398- backup = 1
399-
400- # Where shall we keep it ?
401- # Remember to back up this directory regularly!
402- backup_dir = "/etc/lvm/backup"
403-
404- # Should we maintain an archive of old metadata configurations.
405- # Use 1 for Yes; 0 for No.
406- # On by default. Think very hard before turning this off.
407- archive = 1
408-
409- # Where should archived files go ?
410- # Remember to back up this directory regularly!
411- archive_dir = "/etc/lvm/archive"
412-
413- # What is the minimum number of archive files you wish to keep ?
414- retain_min = 10
415-
416- # What is the minimum time you wish to keep an archive file for ?
417- retain_days = 30
418-}
419-
420-# Settings for the running LVM2 in shell (readline) mode.
421-shell {
422-
423- # Number of lines of history to store in ~/.lvm_history
424- history_size = 100
425-}
426-
427-
428-# Miscellaneous global LVM2 settings
429-global {
430-
431- # The file creation mask for any files and directories created.
432- # Interpreted as octal if the first digit is zero.
433- umask = 077
434-
435- # Allow other users to read the files
436- #umask = 022
437-
438- # Enabling test mode means that no changes to the on disk metadata
439- # will be made. Equivalent to having the -t option on every
440- # command. Defaults to off.
441- test = 0
442-
443- # Default value for --units argument
444- units = "h"
445-
446- # Since version 2.02.54, the tools distinguish between powers of
447- # 1024 bytes (e.g. KiB, MiB, GiB) and powers of 1000 bytes (e.g.
448- # KB, MB, GB).
449- # If you have scripts that depend on the old behaviour, set this to 0
450- # temporarily until you update them.
451- si_unit_consistency = 1
452-
453- # Whether or not to communicate with the kernel device-mapper.
454- # Set to 0 if you want to use the tools to manipulate LVM metadata
455- # without activating any logical volumes.
456- # If the device-mapper kernel driver is not present in your kernel
457- # setting this to 0 should suppress the error messages.
458- activation = 1
459-
460- # If we can't communicate with device-mapper, should we try running
461- # the LVM1 tools?
462- # This option only applies to 2.4 kernels and is provided to help you
463- # switch between device-mapper kernels and LVM1 kernels.
464- # The LVM1 tools need to be installed with .lvm1 suffices
465- # e.g. vgscan.lvm1 and they will stop working after you start using
466- # the new lvm2 on-disk metadata format.
467- # The default value is set when the tools are built.
468- # fallback_to_lvm1 = 0
469-
470- # The default metadata format that commands should use - "lvm1" or "lvm2".
471- # The command line override is -M1 or -M2.
472- # Defaults to "lvm2".
473- # format = "lvm2"
474-
475- # Location of proc filesystem
476- proc = "/proc"
477-
478- # Type of locking to use. Defaults to local file-based locking (1).
479- # Turn locking off by setting to 0 (dangerous: risks metadata corruption
480- # if LVM2 commands get run concurrently).
481- # Type 2 uses the external shared library locking_library.
482- # Type 3 uses built-in clustered locking.
483- # Type 4 uses read-only locking which forbids any operations that might
484- # change metadata.
485- locking_type = 1
486-
487- # Set to 0 to fail when a lock request cannot be satisfied immediately.
488- wait_for_locks = 1
489-
490- # If using external locking (type 2) and initialisation fails,
491- # with this set to 1 an attempt will be made to use the built-in
492- # clustered locking.
493- # If you are using a customised locking_library you should set this to 0.
494- fallback_to_clustered_locking = 1
495-
496- # If an attempt to initialise type 2 or type 3 locking failed, perhaps
497- # because cluster components such as clvmd are not running, with this set
498- # to 1 an attempt will be made to use local file-based locking (type 1).
499- # If this succeeds, only commands against local volume groups will proceed.
500- # Volume Groups marked as clustered will be ignored.
501- fallback_to_local_locking = 1
502-
503- # Local non-LV directory that holds file-based locks while commands are
504- # in progress. A directory like /tmp that may get wiped on reboot is OK.
505- locking_dir = "/var/lock/lvm"
506-
507- # Whenever there are competing read-only and read-write access requests for
508- # a volume group's metadata, instead of always granting the read-only
509- # requests immediately, delay them to allow the read-write requests to be
510- # serviced. Without this setting, write access may be stalled by a high
511- # volume of read-only requests.
512- # NB. This option only affects locking_type = 1 viz. local file-based
513- # locking.
514- prioritise_write_locks = 1
515-
516- # Other entries can go here to allow you to load shared libraries
517- # e.g. if support for LVM1 metadata was compiled as a shared library use
518- # format_libraries = "liblvm2format1.so"
519- # Full pathnames can be given.
520-
521- # Search this directory first for shared libraries.
522- # library_dir = "/lib/lvm2"
523-
524- # The external locking library to load if locking_type is set to 2.
525- # locking_library = "liblvm2clusterlock.so"
526-}
527-
528-activation {
529- # Set to 0 to disable udev syncronisation (if compiled into the binaries).
530- # Processes will not wait for notification from udev.
531- # They will continue irrespective of any possible udev processing
532- # in the background. You should only use this if udev is not running
533- # or has rules that ignore the devices LVM2 creates.
534- # The command line argument --nodevsync takes precedence over this setting.
535- # If set to 1 when udev is not running, and there are LVM2 processes
536- # waiting for udev, run 'dmsetup udevcomplete_all' manually to wake them up.
537- udev_sync = 1
538-
539- # How to fill in missing stripes if activating an incomplete volume.
540- # Using "error" will make inaccessible parts of the device return
541- # I/O errors on access. You can instead use a device path, in which
542- # case, that device will be used to in place of missing stripes.
543- # But note that using anything other than "error" with mirrored
544- # or snapshotted volumes is likely to result in data corruption.
545- missing_stripe_filler = "error"
546-
547- # How much stack (in KB) to reserve for use while devices suspended
548- reserved_stack = 256
549-
550- # How much memory (in KB) to reserve for use while devices suspended
551- reserved_memory = 8192
552-
553- # Nice value used while devices suspended
554- process_priority = -18
555-
556- # If volume_list is defined, each LV is only activated if there is a
557- # match against the list.
558- # "vgname" and "vgname/lvname" are matched exactly.
559- # "@tag" matches any tag set in the LV or VG.
560- # "@*" matches if any tag defined on the host is also set in the LV or VG
561- #
562- # volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ]
563-
564- # Size (in KB) of each copy operation when mirroring
565- mirror_region_size = 512
566-
567- # Setting to use when there is no readahead value stored in the metadata.
568- #
569- # "none" - Disable readahead.
570- # "auto" - Use default value chosen by kernel.
571- readahead = "auto"
572-
573- # 'mirror_image_fault_policy' and 'mirror_log_fault_policy' define
574- # how a device failure affecting a mirror is handled.
575- # A mirror is composed of mirror images (copies) and a log.
576- # A disk log ensures that a mirror does not need to be re-synced
577- # (all copies made the same) every time a machine reboots or crashes.
578- #
579- # In the event of a failure, the specified policy will be used to determine
580- # what happens. This applies to automatic repairs (when the mirror is being
581- # monitored by dmeventd) and to manual lvconvert --repair when
582- # --use-policies is given.
583- #
584- # "remove" - Simply remove the faulty device and run without it. If
585- # the log device fails, the mirror would convert to using
586- # an in-memory log. This means the mirror will not
587- # remember its sync status across crashes/reboots and
588- # the entire mirror will be re-synced. If a
589- # mirror image fails, the mirror will convert to a
590- # non-mirrored device if there is only one remaining good
591- # copy.
592- #
593- # "allocate" - Remove the faulty device and try to allocate space on
594- # a new device to be a replacement for the failed device.
595- # Using this policy for the log is fast and maintains the
596- # ability to remember sync state through crashes/reboots.
597- # Using this policy for a mirror device is slow, as it
598- # requires the mirror to resynchronize the devices, but it
599- # will preserve the mirror characteristic of the device.
600- # This policy acts like "remove" if no suitable device and
601- # space can be allocated for the replacement.
602- #
603- # "allocate_anywhere" - Not yet implemented. Useful to place the log device
604- # temporarily on same physical volume as one of the mirror
605- # images. This policy is not recommended for mirror devices
606- # since it would break the redundant nature of the mirror. This
607- # policy acts like "remove" if no suitable device and space can
608- # be allocated for the replacement.
609-
610- mirror_log_fault_policy = "allocate"
611- mirror_device_fault_policy = "remove"
612-}
613-
614-
615-####################
616-# Advanced section #
617-####################
618-
619-# Metadata settings
620-#
621-# metadata {
622- # Default number of copies of metadata to hold on each PV. 0, 1 or 2.
623- # You might want to override it from the command line with 0
624- # when running pvcreate on new PVs which are to be added to large VGs.
625-
626- # pvmetadatacopies = 1
627-
628- # Approximate default size of on-disk metadata areas in sectors.
629- # You should increase this if you have large volume groups or
630- # you want to retain a large on-disk history of your metadata changes.
631-
632- # pvmetadatasize = 255
633-
634- # List of directories holding live copies of text format metadata.
635- # These directories must not be on logical volumes!
636- # It's possible to use LVM2 with a couple of directories here,
637- # preferably on different (non-LV) filesystems, and with no other
638- # on-disk metadata (pvmetadatacopies = 0). Or this can be in
639- # addition to on-disk metadata areas.
640- # The feature was originally added to simplify testing and is not
641- # supported under low memory situations - the machine could lock up.
642- #
643- # Never edit any files in these directories by hand unless you
644- # you are absolutely sure you know what you are doing! Use
645- # the supplied toolset to make changes (e.g. vgcfgrestore).
646-
647- # dirs = [ "/etc/lvm/metadata", "/mnt/disk2/lvm/metadata2" ]
648-#}
649-
650-# Event daemon
651-#
652-dmeventd {
653- # mirror_library is the library used when monitoring a mirror device.
654- #
655- # "libdevmapper-event-lvm2mirror.so" attempts to recover from
656- # failures. It removes failed devices from a volume group and
657- # reconfigures a mirror as necessary. If no mirror library is
658- # provided, mirrors are not monitored through dmeventd.
659-
660- mirror_library = "libdevmapper-event-lvm2mirror.so"
661-
662- # snapshot_library is the library used when monitoring a snapshot device.
663- #
664- # "libdevmapper-event-lvm2snapshot.so" monitors the filling of
665- # snapshots and emits a warning through syslog, when the use of
666- # snapshot exceedes 80%. The warning is repeated when 85%, 90% and
667- # 95% of the snapshot are filled.
668-
669- snapshot_library = "libdevmapper-event-lvm2snapshot.so"
670-}
671
672=== removed file 'contrib/puppet/files/etc/nova.conf'
673--- contrib/puppet/files/etc/nova.conf 2010-11-12 19:07:46 +0000
674+++ contrib/puppet/files/etc/nova.conf 1970-01-01 00:00:00 +0000
675@@ -1,28 +0,0 @@
676---ec2_url=http://192.168.255.1:8773/services/Cloud
677---rabbit_host=192.168.255.1
678---redis_host=192.168.255.1
679---s3_host=192.168.255.1
680---vpn_ip=192.168.255.1
681---datastore_path=/var/lib/nova/keeper
682---networks_path=/var/lib/nova/networks
683---instances_path=/var/lib/nova/instances
684---buckets_path=/var/lib/nova/objectstore/buckets
685---images_path=/var/lib/nova/objectstore/images
686---ca_path=/var/lib/nova/CA
687---keys_path=/var/lib/nova/keys
688---vlan_start=2000
689---vlan_end=3000
690---private_range=192.168.0.0/16
691---public_range=10.0.0.0/24
692---volume_group=vgdata
693---storage_dev=/dev/sdc
694---bridge_dev=eth2
695---aoe_eth_dev=eth2
696---public_interface=vlan0
697---default_kernel=aki-DEFAULT
698---default_ramdisk=ari-DEFAULT
699---vpn_image_id=ami-cloudpipe
700---daemonize
701---verbose
702---syslog
703---prefix=nova
704
705=== removed directory 'contrib/puppet/files/production'
706=== removed file 'contrib/puppet/files/production/boto.cfg'
707--- contrib/puppet/files/production/boto.cfg 2010-11-12 19:07:46 +0000
708+++ contrib/puppet/files/production/boto.cfg 1970-01-01 00:00:00 +0000
709@@ -1,3 +0,0 @@
710-[Boto]
711-debug = 0
712-num_retries = 1
713
714=== removed file 'contrib/puppet/files/production/genvpn.sh'
715--- contrib/puppet/files/production/genvpn.sh 2010-11-12 19:07:46 +0000
716+++ contrib/puppet/files/production/genvpn.sh 1970-01-01 00:00:00 +0000
717@@ -1,35 +0,0 @@
718-#!/bin/bash
719-# vim: tabstop=4 shiftwidth=4 softtabstop=4
720-
721-# Copyright 2010 United States Government as represented by the
722-# Administrator of the National Aeronautics and Space Administration.
723-# All Rights Reserved.
724-#
725-# Licensed under the Apache License, Version 2.0 (the "License"); you may
726-# not use this file except in compliance with the License. You may obtain
727-# a copy of the License at
728-#
729-# http://www.apache.org/licenses/LICENSE-2.0
730-#
731-# Unless required by applicable law or agreed to in writing, software
732-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
733-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
734-# License for the specific language governing permissions and limitations
735-# under the License.
736-
737-# This gets zipped and run on the cloudpipe-managed OpenVPN server
738-NAME=$1
739-SUBJ=$2
740-
741-mkdir -p projects/$NAME
742-cd projects/$NAME
743-
744-# generate a server priv key
745-openssl genrsa -out server.key 2048
746-
747-# generate a server CSR
748-openssl req -new -key server.key -out server.csr -batch -subj "$SUBJ"
749-
750-if [ "`id -u`" != "`grep nova /etc/passwd | cut -d':' -f3`" ]; then
751- sudo chown -R nova:nogroup .
752-fi
753
754=== removed file 'contrib/puppet/files/production/libvirt.qemu.xml.template'
755--- contrib/puppet/files/production/libvirt.qemu.xml.template 2010-11-12 19:07:46 +0000
756+++ contrib/puppet/files/production/libvirt.qemu.xml.template 1970-01-01 00:00:00 +0000
757@@ -1,35 +0,0 @@
758-<domain type='%(type)s'>
759- <name>%(name)s</name>
760- <os>
761- <type>hvm</type>
762- <kernel>%(basepath)s/kernel</kernel>
763- <initrd>%(basepath)s/ramdisk</initrd>
764- <cmdline>root=/dev/vda1 console=ttyS0</cmdline>
765- </os>
766- <features>
767- <acpi/>
768- </features>
769- <memory>%(memory_kb)s</memory>
770- <vcpu>%(vcpus)s</vcpu>
771- <devices>
772- <disk type='file'>
773- <source file='%(basepath)s/disk'/>
774- <target dev='vda' bus='virtio'/>
775- </disk>
776- <interface type='bridge'>
777- <source bridge='%(bridge_name)s'/>
778- <mac address='%(mac_address)s'/>
779- <!-- <model type='virtio'/> CANT RUN virtio network right now -->
780- <!--
781- <filterref filter="nova-instance-%(name)s">
782- <parameter name="IP" value="%(ip_address)s" />
783- <parameter name="DHCPSERVER" value="%(dhcp_server)s" />
784- </filterref>
785- -->
786- </interface>
787- <serial type="file">
788- <source path='%(basepath)s/console.log'/>
789- <target port='1'/>
790- </serial>
791- </devices>
792-</domain>
793
794=== removed file 'contrib/puppet/files/production/my.cnf'
795--- contrib/puppet/files/production/my.cnf 2010-11-12 19:07:46 +0000
796+++ contrib/puppet/files/production/my.cnf 1970-01-01 00:00:00 +0000
797@@ -1,137 +0,0 @@
798-#
799-# The MySQL database server configuration file.
800-#
801-# You can copy this to one of:
802-# - "/etc/mysql/my.cnf" to set global options,
803-# - "~/.my.cnf" to set user-specific options.
804-#
805-# One can use all long options that the program supports.
806-# Run program with --help to get a list of available options and with
807-# --print-defaults to see which it would actually understand and use.
808-#
809-# For explanations see
810-# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
811-
812-# This will be passed to all mysql clients
813-# It has been reported that passwords should be enclosed with ticks/quotes
814-# escpecially if they contain "#" chars...
815-# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
816-[client]
817-port = 3306
818-socket = /var/run/mysqld/mysqld.sock
819-
820-# Here is entries for some specific programs
821-# The following values assume you have at least 32M ram
822-
823-# This was formally known as [safe_mysqld]. Both versions are currently parsed.
824-[mysqld_safe]
825-socket = /var/run/mysqld/mysqld.sock
826-nice = 0
827-
828-[mysqld]
829-#
830-# * Basic Settings
831-#
832-
833-#
834-# * IMPORTANT
835-# If you make changes to these settings and your system uses apparmor, you may
836-# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
837-#
838-
839-user = mysql
840-socket = /var/run/mysqld/mysqld.sock
841-port = 3306
842-basedir = /usr
843-datadir = /var/lib/mysql
844-tmpdir = /tmp
845-skip-external-locking
846-#
847-# Instead of skip-networking the default is now to listen only on
848-# localhost which is more compatible and is not less secure.
849-# bind-address = 127.0.0.1
850-#
851-# * Fine Tuning
852-#
853-innodb_buffer_pool_size = 12G
854-#innodb_log_file_size = 256M
855-innodb_log_buffer_size=4M
856-innodb_flush_log_at_trx_commit=2
857-innodb_thread_concurrency=8
858-innodb_flush_method=O_DIRECT
859-key_buffer = 128M
860-max_allowed_packet = 256M
861-thread_stack = 8196K
862-thread_cache_size = 32
863-# This replaces the startup script and checks MyISAM tables if needed
864-# the first time they are touched
865-myisam-recover = BACKUP
866-max_connections = 1000
867-table_cache = 1024
868-#thread_concurrency = 10
869-#
870-# * Query Cache Configuration
871-#
872-query_cache_limit = 32M
873-query_cache_size = 256M
874-#
875-# * Logging and Replication
876-#
877-# Both location gets rotated by the cronjob.
878-# Be aware that this log type is a performance killer.
879-# As of 5.1 you can enable the log at runtime!
880-#general_log_file = /var/log/mysql/mysql.log
881-#general_log = 1
882-
883-log_error = /var/log/mysql/error.log
884-
885-# Here you can see queries with especially long duration
886-log_slow_queries = /var/log/mysql/mysql-slow.log
887-long_query_time = 2
888-#log-queries-not-using-indexes
889-#
890-# The following can be used as easy to replay backup logs or for replication.
891-# note: if you are setting up a replication slave, see README.Debian about
892-# other settings you may need to change.
893-server-id = 1
894-log_bin = /var/log/mysql/mysql-bin.log
895-expire_logs_days = 10
896-max_binlog_size = 50M
897-#binlog_do_db = include_database_name
898-#binlog_ignore_db = include_database_name
899-#
900-# * InnoDB
901-#
902-sync_binlog=1
903-# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
904-# Read the manual for more InnoDB related options. There are many!
905-#
906-# * Security Features
907-#
908-# Read the manual, too, if you want chroot!
909-# chroot = /var/lib/mysql/
910-#
911-# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
912-#
913-# ssl-ca=/etc/mysql/cacert.pem
914-# ssl-cert=/etc/mysql/server-cert.pem
915-# ssl-key=/etc/mysql/server-key.pem
916-
917-
918-
919-[mysqldump]
920-quick
921-quote-names
922-max_allowed_packet = 256M
923-
924-[mysql]
925-#no-auto-rehash # faster start of mysql but no tab completition
926-
927-[isamchk]
928-key_buffer = 128M
929-
930-#
931-# * IMPORTANT: Additional settings that can override those from this file!
932-# The files must end with '.cnf', otherwise they'll be ignored.
933-#
934-!includedir /etc/mysql/conf.d/
935
936=== removed file 'contrib/puppet/files/production/nova-iptables'
937--- contrib/puppet/files/production/nova-iptables 2010-12-16 11:35:46 +0000
938+++ contrib/puppet/files/production/nova-iptables 1970-01-01 00:00:00 +0000
939@@ -1,187 +0,0 @@
940-#! /bin/sh
941-
942-# vim: tabstop=4 shiftwidth=4 softtabstop=4
943-
944-# Copyright 2010 United States Government as represented by the
945-# Administrator of the National Aeronautics and Space Administration.
946-# All Rights Reserved.
947-#
948-# Licensed under the Apache License, Version 2.0 (the "License"); you may
949-# not use this file except in compliance with the License. You may obtain
950-# a copy of the License at
951-#
952-# http://www.apache.org/licenses/LICENSE-2.0
953-#
954-# Unless required by applicable law or agreed to in writing, software
955-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
956-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
957-# License for the specific language governing permissions and limitations
958-# under the License.
959-
960-# NOTE(vish): This script sets up some reasonable defaults for iptables and
961-# creates nova-specific chains. If you use this script you should
962-# run nova-network and nova-compute with --use_nova_chains=True
963-
964-
965-# NOTE(vish): If you run public nova-api on a different port, make sure to
966-# change the port here
967-
968-if [ -f /etc/default/nova-iptables ] ; then
969- . /etc/default/nova-iptables
970-fi
971-
972-export LC_ALL=C
973-
974-API_PORT=${API_PORT:-"8773"}
975-
976-if [ ! -n "$IP" ]; then
977- # NOTE(vish): IP address is what address the services ALLOW on.
978- # This will just get the first ip in the list, so if you
979- # have more than one eth device set up, this will fail, and
980- # you should explicitly pass in the ip of the instance
981- IP=`ifconfig | grep -m 1 'inet addr:'| cut -d: -f2 | awk '{print $1}'`
982-fi
983-
984-if [ ! -n "$PRIVATE_RANGE" ]; then
985- #NOTE(vish): PRIVATE_RANGE: range is ALLOW to access DHCP
986- PRIVATE_RANGE="192.168.0.0/12"
987-fi
988-
989-if [ ! -n "$MGMT_IP" ]; then
990- # NOTE(vish): Management IP is the ip over which to allow ssh traffic. It
991- # will also allow traffic to nova-api
992- MGMT_IP="$IP"
993-fi
994-
995-if [ ! -n "$DMZ_IP" ]; then
996- # NOTE(vish): DMZ IP is the ip over which to allow api & objectstore access
997- DMZ_IP="$IP"
998-fi
999-
1000-clear_nova_iptables() {
1001- iptables -P INPUT ACCEPT
1002- iptables -P FORWARD ACCEPT
1003- iptables -P OUTPUT ACCEPT
1004- iptables -F
1005- iptables -t nat -F
1006- iptables -F services
1007- iptables -X services
1008- # HACK: re-adding fail2ban rules :(
1009- iptables -N fail2ban-ssh
1010- iptables -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
1011- iptables -A fail2ban-ssh -j RETURN
1012-}
1013-
1014-load_nova_iptables() {
1015-
1016- iptables -P INPUT DROP
1017- iptables -A INPUT -m state --state INVALID -j DROP
1018- iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
1019- # NOTE(ja): allow localhost for everything
1020- iptables -A INPUT -d 127.0.0.1/32 -j ACCEPT
1021- # NOTE(ja): 22 only allowed MGMT_IP before, but we widened it to any
1022- # address, since ssh should be listening only on internal
1023- # before we re-add this rule we will need to add
1024- # flexibility for RSYNC between omega/stingray
1025- iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT
1026- iptables -A INPUT -m udp -p udp --dport 123 -j ACCEPT
1027- iptables -A INPUT -p icmp -j ACCEPT
1028- iptables -N services
1029- iptables -A INPUT -j services
1030- iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
1031- iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
1032-
1033- iptables -P FORWARD DROP
1034- iptables -A FORWARD -m state --state INVALID -j DROP
1035- iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
1036- iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
1037-
1038- # NOTE(vish): DROP on output is too restrictive for now. We need to add
1039- # in a bunch of more specific output rules to use it.
1040- # iptables -P OUTPUT DROP
1041- iptables -A OUTPUT -m state --state INVALID -j DROP
1042- iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
1043-
1044- if [ -n "$GANGLIA" ] || [ -n "$ALL" ]; then
1045- iptables -A services -m tcp -p tcp -d $IP --dport 8649 -j ACCEPT
1046- iptables -A services -m udp -p udp -d $IP --dport 8649 -j ACCEPT
1047- fi
1048-
1049- # if [ -n "$WEB" ] || [ -n "$ALL" ]; then
1050- # # NOTE(vish): This opens up ports for web access, allowing web-based
1051- # # dashboards to work.
1052- # iptables -A services -m tcp -p tcp -d $IP --dport 80 -j ACCEPT
1053- # iptables -A services -m tcp -p tcp -d $IP --dport 443 -j ACCEPT
1054- # fi
1055-
1056- if [ -n "$OBJECTSTORE" ] || [ -n "$ALL" ]; then
1057- # infrastructure
1058- iptables -A services -m tcp -p tcp -d $IP --dport 3333 -j ACCEPT
1059- # clients
1060- iptables -A services -m tcp -p tcp -d $DMZ_IP --dport 3333 -j ACCEPT
1061- fi
1062-
1063- if [ -n "$API" ] || [ -n "$ALL" ]; then
1064- iptables -A services -m tcp -p tcp -d $IP --dport $API_PORT -j ACCEPT
1065- if [ "$IP" != "$DMZ_IP" ]; then
1066- iptables -A services -m tcp -p tcp -d $DMZ_IP --dport $API_PORT -j ACCEPT
1067- fi
1068- if [ "$IP" != "$MGMT_IP" ] && [ "$DMZ_IP" != "$MGMT_IP" ]; then
1069- iptables -A services -m tcp -p tcp -d $MGMT_IP --dport $API_PORT -j ACCEPT
1070- fi
1071- fi
1072-
1073- if [ -n "$REDIS" ] || [ -n "$ALL" ]; then
1074- iptables -A services -m tcp -p tcp -d $IP --dport 6379 -j ACCEPT
1075- fi
1076-
1077- if [ -n "$MYSQL" ] || [ -n "$ALL" ]; then
1078- iptables -A services -m tcp -p tcp -d $IP --dport 3306 -j ACCEPT
1079- fi
1080-
1081- if [ -n "$RABBITMQ" ] || [ -n "$ALL" ]; then
1082- iptables -A services -m tcp -p tcp -d $IP --dport 4369 -j ACCEPT
1083- iptables -A services -m tcp -p tcp -d $IP --dport 5672 -j ACCEPT
1084- iptables -A services -m tcp -p tcp -d $IP --dport 53284 -j ACCEPT
1085- fi
1086-
1087- if [ -n "$DNSMASQ" ] || [ -n "$ALL" ]; then
1088- # NOTE(vish): this could theoretically be setup per network
1089- # for each host, but it seems like overkill
1090- iptables -A services -m tcp -p tcp -s $PRIVATE_RANGE --dport 53 -j ACCEPT
1091- iptables -A services -m udp -p udp -s $PRIVATE_RANGE --dport 53 -j ACCEPT
1092- iptables -A services -m udp -p udp --dport 67 -j ACCEPT
1093- fi
1094-
1095- if [ -n "$LDAP" ] || [ -n "$ALL" ]; then
1096- iptables -A services -m tcp -p tcp -d $IP --dport 389 -j ACCEPT
1097- fi
1098-
1099- if [ -n "$ISCSI" ] || [ -n "$ALL" ]; then
1100- iptables -A services -m tcp -p tcp -d $IP --dport 3260 -j ACCEPT
1101- iptables -A services -m tcp -p tcp -d 127.0.0.0/16 --dport 3260 -j ACCEPT
1102- fi
1103-}
1104-
1105-
1106-case "$1" in
1107- start)
1108- echo "Starting nova-iptables: "
1109- load_nova_iptables
1110- ;;
1111- stop)
1112- echo "Clearing nova-iptables: "
1113- clear_nova_iptables
1114- ;;
1115- restart)
1116- echo "Restarting nova-iptables: "
1117- clear_nova_iptables
1118- load_nova_iptables
1119- ;;
1120- *)
1121- echo "Usage: $NAME {start|stop|restart}" >&2
1122- exit 1
1123- ;;
1124-esac
1125-
1126-exit 0
1127
1128=== removed file 'contrib/puppet/files/production/nova-iscsi-dev.sh'
1129--- contrib/puppet/files/production/nova-iscsi-dev.sh 2010-11-12 19:07:46 +0000
1130+++ contrib/puppet/files/production/nova-iscsi-dev.sh 1970-01-01 00:00:00 +0000
1131@@ -1,19 +0,0 @@
1132-#!/bin/sh
1133-
1134-# FILE: /etc/udev/scripts/iscsidev.sh
1135-
1136-BUS=${1}
1137-HOST=${BUS%%:*}
1138-
1139-[ -e /sys/class/iscsi_host ] || exit 1
1140-
1141-file="/sys/class/iscsi_host/host${HOST}/device/session*/iscsi_session*/session*/targetname"
1142-
1143-target_name=$(cat ${file})
1144-
1145-# This is not an open-scsi drive
1146-if [ -z "${target_name}" ]; then
1147- exit 1
1148-fi
1149-
1150-echo "${target_name##*:}"
1151
1152=== removed file 'contrib/puppet/files/production/setup_data.sh'
1153--- contrib/puppet/files/production/setup_data.sh 2010-11-12 19:07:46 +0000
1154+++ contrib/puppet/files/production/setup_data.sh 1970-01-01 00:00:00 +0000
1155@@ -1,6 +0,0 @@
1156-#!/bin/bash
1157-/root/slap.sh
1158-mysql -e "DROP DATABASE nova"
1159-mysql -e "CREATE DATABASE nova"
1160-mysql -e "GRANT ALL on nova.* to nova@'%' identified by 'TODO:CHANGEME:CMON'"
1161-touch /root/installed
1162
1163=== removed file 'contrib/puppet/files/production/slap.sh'
1164--- contrib/puppet/files/production/slap.sh 2010-11-12 19:07:46 +0000
1165+++ contrib/puppet/files/production/slap.sh 1970-01-01 00:00:00 +0000
1166@@ -1,261 +0,0 @@
1167-#!/usr/bin/env bash
1168-# vim: tabstop=4 shiftwidth=4 softtabstop=4
1169-
1170-# Copyright 2010 United States Government as represented by the
1171-# Administrator of the National Aeronautics and Space Administration.
1172-# All Rights Reserved.
1173-#
1174-# Licensed under the Apache License, Version 2.0 (the "License"); you may
1175-# not use this file except in compliance with the License. You may obtain
1176-# a copy of the License at
1177-#
1178-# http://www.apache.org/licenses/LICENSE-2.0
1179-#
1180-# Unless required by applicable law or agreed to in writing, software
1181-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
1182-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
1183-# License for the specific language governing permissions and limitations
1184-# under the License.
1185-# LDAP INSTALL SCRIPT - SHOULD BE IDEMPOTENT, but it SCRUBS all USERS
1186-
1187-apt-get install -y slapd ldap-utils python-ldap
1188-
1189-cat >/etc/ldap/schema/openssh-lpk_openldap.schema <<LPK_SCHEMA_EOF
1190-#
1191-# LDAP Public Key Patch schema for use with openssh-ldappubkey
1192-# Author: Eric AUGE <eau@phear.org>
1193-#
1194-# Based on the proposal of : Mark Ruijter
1195-#
1196-
1197-
1198-# octetString SYNTAX
1199-attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
1200- DESC 'MANDATORY: OpenSSH Public key'
1201- EQUALITY octetStringMatch
1202- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
1203-
1204-# printableString SYNTAX yes|no
1205-objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
1206- DESC 'MANDATORY: OpenSSH LPK objectclass'
1207- MAY ( sshPublicKey $ uid )
1208- )
1209-LPK_SCHEMA_EOF
1210-
1211-cat >/etc/ldap/schema/nova.schema <<NOVA_SCHEMA_EOF
1212-#
1213-# Person object for Nova
1214-# inetorgperson with extra attributes
1215-# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
1216-#
1217-#
1218-
1219-# using internet experimental oid arc as per BP64 3.1
1220-objectidentifier novaSchema 1.3.6.1.3.1.666.666
1221-objectidentifier novaAttrs novaSchema:3
1222-objectidentifier novaOCs novaSchema:4
1223-
1224-attributetype (
1225- novaAttrs:1
1226- NAME 'accessKey'
1227- DESC 'Key for accessing data'
1228- EQUALITY caseIgnoreMatch
1229- SUBSTR caseIgnoreSubstringsMatch
1230- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
1231- SINGLE-VALUE
1232- )
1233-
1234-attributetype (
1235- novaAttrs:2
1236- NAME 'secretKey'
1237- DESC 'Secret key'
1238- EQUALITY caseIgnoreMatch
1239- SUBSTR caseIgnoreSubstringsMatch
1240- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
1241- SINGLE-VALUE
1242- )
1243-
1244-attributetype (
1245- novaAttrs:3
1246- NAME 'keyFingerprint'
1247- DESC 'Fingerprint of private key'
1248- EQUALITY caseIgnoreMatch
1249- SUBSTR caseIgnoreSubstringsMatch
1250- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
1251- SINGLE-VALUE
1252- )
1253-
1254-attributetype (
1255- novaAttrs:4
1256- NAME 'isAdmin'
1257- DESC 'Is user an administrator?'
1258- EQUALITY booleanMatch
1259- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
1260- SINGLE-VALUE
1261- )
1262-
1263-attributetype (
1264- novaAttrs:5
1265- NAME 'projectManager'
1266- DESC 'Project Managers of a project'
1267- SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
1268- )
1269-
1270-objectClass (
1271- novaOCs:1
1272- NAME 'novaUser'
1273- DESC 'access and secret keys'
1274- AUXILIARY
1275- MUST ( uid )
1276- MAY ( accessKey $ secretKey $ isAdmin )
1277- )
1278-
1279-objectClass (
1280- novaOCs:2
1281- NAME 'novaKeyPair'
1282- DESC 'Key pair for User'
1283- SUP top
1284- STRUCTURAL
1285- MUST ( cn $ sshPublicKey $ keyFingerprint )
1286- )
1287-
1288-objectClass (
1289- novaOCs:3
1290- NAME 'novaProject'
1291- DESC 'Container for project'
1292- SUP groupOfNames
1293- STRUCTURAL
1294- MUST ( cn $ projectManager )
1295- )
1296-
1297-NOVA_SCHEMA_EOF
1298-
1299-mv /etc/ldap/slapd.conf /etc/ldap/slapd.conf.orig
1300-cat >/etc/ldap/slapd.conf <<SLAPD_CONF_EOF
1301-# slapd.conf - Configuration file for LDAP SLAPD
1302-##########
1303-# Basics #
1304-##########
1305-include /etc/ldap/schema/core.schema
1306-include /etc/ldap/schema/cosine.schema
1307-include /etc/ldap/schema/inetorgperson.schema
1308-include /etc/ldap/schema/openssh-lpk_openldap.schema
1309-include /etc/ldap/schema/nova.schema
1310-pidfile /var/run/slapd/slapd.pid
1311-argsfile /var/run/slapd/slapd.args
1312-loglevel none
1313-modulepath /usr/lib/ldap
1314-# modulepath /usr/local/libexec/openldap
1315-moduleload back_hdb
1316-##########################
1317-# Database Configuration #
1318-##########################
1319-database hdb
1320-suffix "dc=example,dc=com"
1321-rootdn "cn=Manager,dc=example,dc=com"
1322-rootpw changeme
1323-directory /var/lib/ldap
1324-# directory /usr/local/var/openldap-data
1325-index objectClass,cn eq
1326-########
1327-# ACLs #
1328-########
1329-access to attrs=userPassword
1330- by anonymous auth
1331- by self write
1332- by * none
1333-access to *
1334- by self write
1335- by * none
1336-SLAPD_CONF_EOF
1337-
1338-mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig
1339-
1340-cat >/etc/ldap/ldap.conf <<LDAP_CONF_EOF
1341-# LDAP Client Settings
1342-URI ldap://localhost
1343-BASE dc=example,dc=com
1344-BINDDN cn=Manager,dc=example,dc=com
1345-SIZELIMIT 0
1346-TIMELIMIT 0
1347-LDAP_CONF_EOF
1348-
1349-cat >/etc/ldap/base.ldif <<BASE_LDIF_EOF
1350-# This is the root of the directory tree
1351-dn: dc=example,dc=com
1352-description: Example.Com, your trusted non-existent corporation.
1353-dc: example
1354-o: Example.Com
1355-objectClass: top
1356-objectClass: dcObject
1357-objectClass: organization
1358-
1359-# Subtree for users
1360-dn: ou=Users,dc=example,dc=com
1361-ou: Users
1362-description: Users
1363-objectClass: organizationalUnit
1364-
1365-# Subtree for groups
1366-dn: ou=Groups,dc=example,dc=com
1367-ou: Groups
1368-description: Groups
1369-objectClass: organizationalUnit
1370-
1371-# Subtree for system accounts
1372-dn: ou=System,dc=example,dc=com
1373-ou: System
1374-description: Special accounts used by software applications.
1375-objectClass: organizationalUnit
1376-
1377-# Special Account for Authentication:
1378-dn: uid=authenticate,ou=System,dc=example,dc=com
1379-uid: authenticate
1380-ou: System
1381-description: Special account for authenticating users
1382-userPassword: {MD5}TODO-000000000000000000000000000==
1383-objectClass: account
1384-objectClass: simpleSecurityObject
1385-
1386-# create the sysadmin entry
1387-
1388-dn: cn=developers,ou=Groups,dc=example,dc=com
1389-objectclass: groupOfNames
1390-cn: developers
1391-description: IT admin group
1392-member: uid=admin,ou=Users,dc=example,dc=com
1393-
1394-dn: cn=sysadmins,ou=Groups,dc=example,dc=com
1395-objectclass: groupOfNames
1396-cn: sysadmins
1397-description: IT admin group
1398-member: uid=admin,ou=Users,dc=example,dc=com
1399-
1400-dn: cn=netadmins,ou=Groups,dc=example,dc=com
1401-objectclass: groupOfNames
1402-cn: netadmins
1403-description: Network admin group
1404-member: uid=admin,ou=Users,dc=example,dc=com
1405-
1406-dn: cn=cloudadmins,ou=Groups,dc=example,dc=com
1407-objectclass: groupOfNames
1408-cn: cloudadmins
1409-description: Cloud admin group
1410-member: uid=admin,ou=Users,dc=example,dc=com
1411-
1412-dn: cn=itsec,ou=Groups,dc=example,dc=com
1413-objectclass: groupOfNames
1414-cn: itsec
1415-description: IT security users group
1416-member: uid=admin,ou=Users,dc=example,dc=com
1417-BASE_LDIF_EOF
1418-
1419-/etc/init.d/slapd stop
1420-rm -rf /var/lib/ldap/*
1421-rm -rf /etc/ldap/slapd.d/*
1422-slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
1423-cp /usr/share/slapd/DB_CONFIG /var/lib/ldap/DB_CONFIG
1424-slapadd -v -l /etc/ldap/base.ldif
1425-chown -R openldap:openldap /etc/ldap/slapd.d
1426-chown -R openldap:openldap /var/lib/ldap
1427-/etc/init.d/slapd start
1428
1429=== removed file 'contrib/puppet/fileserver.conf'
1430--- contrib/puppet/fileserver.conf 2010-11-12 19:07:46 +0000
1431+++ contrib/puppet/fileserver.conf 1970-01-01 00:00:00 +0000
1432@@ -1,8 +0,0 @@
1433-# fileserver.conf
1434-
1435-[files]
1436-path /srv/cloud/puppet/files
1437-allow 10.0.0.0/24
1438-
1439-[plugins]
1440-
1441
1442=== removed directory 'contrib/puppet/manifests'
1443=== removed directory 'contrib/puppet/manifests/classes'
1444=== removed file 'contrib/puppet/manifests/classes/apt.pp'
1445--- contrib/puppet/manifests/classes/apt.pp 2010-11-12 19:07:46 +0000
1446+++ contrib/puppet/manifests/classes/apt.pp 1970-01-01 00:00:00 +0000
1447@@ -1,1 +0,0 @@
1448-exec { "update-apt": command => "/usr/bin/apt-get update" }
1449
1450=== removed file 'contrib/puppet/manifests/classes/issue.pp'
1451--- contrib/puppet/manifests/classes/issue.pp 2010-11-12 19:07:46 +0000
1452+++ contrib/puppet/manifests/classes/issue.pp 1970-01-01 00:00:00 +0000
1453@@ -1,14 +0,0 @@
1454-class issue {
1455- file { "/etc/issue":
1456- owner => "root",
1457- group => "root",
1458- mode => 444,
1459- source => "puppet://${puppet_server}/files/etc/issue",
1460- }
1461- file { "/etc/issue.net":
1462- owner => "root",
1463- group => "root",
1464- mode => 444,
1465- source => "puppet://${puppet_server}/files/etc/issue",
1466- }
1467-}
1468
1469=== removed file 'contrib/puppet/manifests/classes/kern_module.pp'
1470--- contrib/puppet/manifests/classes/kern_module.pp 2010-11-12 19:07:46 +0000
1471+++ contrib/puppet/manifests/classes/kern_module.pp 1970-01-01 00:00:00 +0000
1472@@ -1,34 +0,0 @@
1473-# via http://projects.puppetlabs.com/projects/puppet/wiki/Kernel_Modules_Patterns
1474-
1475-define kern_module ($ensure) {
1476- $modulesfile = $operatingsystem ? { ubuntu => "/etc/modules", redhat => "/etc/rc.modules" }
1477- case $operatingsystem {
1478- redhat: { file { "/etc/rc.modules": ensure => file, mode => 755 } }
1479- }
1480- case $ensure {
1481- present: {
1482- exec { "insert_module_${name}":
1483- command => $operatingsystem ? {
1484- ubuntu => "/bin/echo '${name}' >> '${modulesfile}'",
1485- redhat => "/bin/echo '/sbin/modprobe ${name}' >> '${modulesfile}' "
1486- },
1487- unless => "/bin/grep -qFx '${name}' '${modulesfile}'"
1488- }
1489- exec { "/sbin/modprobe ${name}": unless => "/bin/grep -q '^${name} ' '/proc/modules'" }
1490- }
1491- absent: {
1492- exec { "/sbin/modprobe -r ${name}": onlyif => "/bin/grep -q '^${name} ' '/proc/modules'" }
1493- exec { "remove_module_${name}":
1494- command => $operatingsystem ? {
1495- ubuntu => "/usr/bin/perl -ni -e 'print unless /^\\Q${name}\\E\$/' '${modulesfile}'",
1496- redhat => "/usr/bin/perl -ni -e 'print unless /^\\Q/sbin/modprobe ${name}\\E\$/' '${modulesfile}'"
1497- },
1498- onlyif => $operatingsystem ? {
1499- ubuntu => "/bin/grep -qFx '${name}' '${modulesfile}'",
1500- redhat => "/bin/grep -q '^/sbin/modprobe ${name}' '${modulesfile}'"
1501- }
1502- }
1503- }
1504- default: { err ( "unknown ensure value ${ensure}" ) }
1505- }
1506-}
1507
1508=== removed file 'contrib/puppet/manifests/classes/loopback.pp'
1509--- contrib/puppet/manifests/classes/loopback.pp 2010-11-12 19:07:46 +0000
1510+++ contrib/puppet/manifests/classes/loopback.pp 1970-01-01 00:00:00 +0000
1511@@ -1,6 +0,0 @@
1512-define loopback($num) {
1513- exec { "mknod -m 0660 /dev/loop${num} b 7 ${num}; chown root:disk /dev/loop${num}":
1514- creates => "/dev/loop${num}",
1515- path => ["/usr/bin", "/usr/sbin", "/bin"]
1516- }
1517-}
1518
1519=== removed file 'contrib/puppet/manifests/classes/lvm.pp'
1520--- contrib/puppet/manifests/classes/lvm.pp 2010-11-12 19:07:46 +0000
1521+++ contrib/puppet/manifests/classes/lvm.pp 1970-01-01 00:00:00 +0000
1522@@ -1,8 +0,0 @@
1523-class lvm {
1524- file { "/etc/lvm/lvm.conf":
1525- owner => "root",
1526- group => "root",
1527- mode => 444,
1528- source => "puppet://${puppet_server}/files/etc/lvm.conf",
1529- }
1530-}
1531
1532=== removed file 'contrib/puppet/manifests/classes/lvmconf.pp'
1533--- contrib/puppet/manifests/classes/lvmconf.pp 2010-11-12 19:07:46 +0000
1534+++ contrib/puppet/manifests/classes/lvmconf.pp 1970-01-01 00:00:00 +0000
1535@@ -1,8 +0,0 @@
1536-class lvmconf {
1537- file { "/etc/lvm/lvm.conf":
1538- owner => "root", group => "root", mode => 644,
1539- source => "puppet://${puppet_server}/files/etc/lvm/lvm.conf",
1540- ensure => present
1541- }
1542-}
1543-
1544
1545=== removed file 'contrib/puppet/manifests/classes/nova.pp'
1546--- contrib/puppet/manifests/classes/nova.pp 2010-11-12 19:07:46 +0000
1547+++ contrib/puppet/manifests/classes/nova.pp 1970-01-01 00:00:00 +0000
1548@@ -1,464 +0,0 @@
1549-import "kern_module"
1550-import "apt"
1551-import "loopback"
1552-
1553-#$head_node_ip = "undef"
1554-#$rabbit_ip = "undef"
1555-#$vpn_ip = "undef"
1556-#$public_interface = "undef"
1557-#$vlan_start = "5000"
1558-#$vlan_end = "6000"
1559-#$private_range = "10.0.0.0/16"
1560-#$public_range = "192.168.177.0/24"
1561-
1562-define nova_iptables($services, $ip="", $private_range="", $mgmt_ip="", $dmz_ip="") {
1563- file { "/etc/init.d/nova-iptables":
1564- owner => "root", mode => 755,
1565- source => "puppet://${puppet_server}/files/production/nova-iptables",
1566- }
1567-
1568- file { "/etc/default/nova-iptables":
1569- owner => "root", mode => 644,
1570- content => template("nova-iptables.erb")
1571- }
1572-}
1573-
1574-define nova_conf_pointer($name) {
1575- file { "/etc/nova/nova-${name}.conf":
1576- owner => "nova", mode => 400,
1577- content => "--flagfile=/etc/nova/nova.conf"
1578- }
1579-}
1580-
1581-class novaconf {
1582- file { "/etc/nova/nova.conf":
1583- owner => "nova", mode => 400,
1584- content => template("production/nova-common.conf.erb", "production/nova-${cluster_name}.conf.erb")
1585- }
1586- nova_conf_pointer{'manage': name => 'manage'}
1587-}
1588-
1589-class novadata {
1590- package { "rabbitmq-server": ensure => present }
1591-
1592- file { "/etc/rabbitmq/rabbitmq.conf":
1593- owner => "root", mode => 644,
1594- content => "NODENAME=rabbit@localhost",
1595- }
1596-
1597- service { "rabbitmq-server":
1598- ensure => running,
1599- enable => true,
1600- hasstatus => true,
1601- require => [
1602- File["/etc/rabbitmq/rabbitmq.conf"],
1603- Package["rabbitmq-server"]
1604- ]
1605- }
1606-
1607- package { "mysql-server": ensure => present }
1608-
1609- file { "/etc/mysql/my.cnf":
1610- owner => "root", mode => 644,
1611- source => "puppet://${puppet_server}/files/production/my.cnf",
1612- }
1613-
1614- service { "mysql":
1615- ensure => running,
1616- enable => true,
1617- hasstatus => true,
1618- require => [
1619- File["/etc/mysql/my.cnf"],
1620- Package["mysql-server"]
1621- ]
1622- }
1623-
1624- file { "/root/slap.sh":
1625- owner => "root", mode => 755,
1626- source => "puppet://${puppet_server}/files/production/slap.sh",
1627- }
1628-
1629- file { "/root/setup_data.sh":
1630- owner => "root", mode => 755,
1631- source => "puppet://${puppet_server}/files/production/setup_data.sh",
1632- }
1633-
1634- # setup compute data
1635- exec { "setup_data":
1636- command => "/root/setup_data.sh",
1637- path => "/usr/bin:/bin",
1638- unless => "test -f /root/installed",
1639- require => [
1640- Service["mysql"],
1641- File["/root/slap.sh"],
1642- File["/root/setup_data.sh"]
1643- ]
1644- }
1645-}
1646-
1647-define nscheduler($version) {
1648- package { "nova-scheduler": ensure => $version, require => Exec["update-apt"] }
1649- nova_conf_pointer{'scheduler': name => 'scheduler'}
1650- exec { "update-rc.d -f nova-scheduler remove; update-rc.d nova-scheduler defaults 50":
1651- path => "/usr/bin:/usr/sbin:/bin",
1652- onlyif => "test -f /etc/init.d/nova-scheduler",
1653- unless => "test -f /etc/rc2.d/S50nova-scheduler"
1654- }
1655- service { "nova-scheduler":
1656- ensure => running,
1657- hasstatus => true,
1658- subscribe => [
1659- Package["nova-scheduler"],
1660- File["/etc/nova/nova.conf"],
1661- File["/etc/nova/nova-scheduler.conf"]
1662- ]
1663- }
1664-
1665-}
1666-
1667-define napi($version, $api_servers, $api_base_port) {
1668- file { "/etc/boto.cfg":
1669- owner => "root", mode => 644,
1670- source => "puppet://${puppet_server}/files/production/boto.cfg",
1671- }
1672-
1673- file { "/var/lib/nova/CA/genvpn.sh":
1674- owner => "nova", mode => 755,
1675- source => "puppet://${puppet_server}/files/production/genvpn.sh",
1676- }
1677-
1678- package { "python-greenlet": ensure => present }
1679- package { "nova-api": ensure => $version, require => [Exec["update-apt"], Package["python-greenlet"]] }
1680- nova_conf_pointer{'api': name => 'api'}
1681-
1682- exec { "update-rc.d -f nova-api remove; update-rc.d nova-api defaults 50":
1683- path => "/usr/bin:/usr/sbin:/bin",
1684- onlyif => "test -f /etc/init.d/nova-api",
1685- unless => "test -f /etc/rc2.d/S50nova-api"
1686- }
1687-
1688- service { "nova-netsync":
1689- start => "/usr/bin/nova-netsync --pidfile=/var/run/nova/nova-netsync.pid --lockfile=/var/run/nova/nova-netsync.pid.lock start",
1690- stop => "/usr/bin/nova-netsync --pidfile=/var/run/nova/nova-netsync.pid --lockfile=/var/run/nova/nova-netsync.pid.lock stop",
1691- ensure => running,
1692- hasstatus => false,
1693- pattern => "nova-netsync",
1694- require => Service["nova-api"],
1695- subscribe => File["/etc/nova/nova.conf"]
1696- }
1697- service { "nova-api":
1698- start => "monit start all -g nova_api",
1699- stop => "monit stop all -g nova_api",
1700- restart => "monit restart all -g nova_api",
1701- # ensure => running,
1702- # hasstatus => true,
1703- require => Service["monit"],
1704- subscribe => [
1705- Package["nova-objectstore"],
1706- File["/etc/boto.cfg"],
1707- File["/etc/nova/nova.conf"],
1708- File["/etc/nova/nova-objectstore.conf"]
1709- ]
1710- }
1711-
1712- # the haproxy & monit's template use $api_servers and $api_base_port
1713-
1714- package { "haproxy": ensure => present }
1715- file { "/etc/default/haproxy":
1716- owner => "root", mode => 644,
1717- content => "ENABLED=1",
1718- require => Package['haproxy']
1719- }
1720- file { "/etc/haproxy/haproxy.cfg":
1721- owner => "root", mode => 644,
1722- content => template("/srv/cloud/puppet/templates/haproxy.cfg.erb"),
1723- require => Package['haproxy']
1724- }
1725- service { "haproxy":
1726- ensure => true,
1727- enable => true,
1728- hasstatus => true,
1729- subscribe => [
1730- Package["haproxy"],
1731- File["/etc/default/haproxy"],
1732- File["/etc/haproxy/haproxy.cfg"],
1733- ]
1734- }
1735-
1736- package { "socat": ensure => present }
1737-
1738- file { "/usr/local/bin/gmetric_haproxy.sh":
1739- owner => "root", mode => 755,
1740- source => "puppet://${puppet_server}/files/production/ganglia/gmetric_scripts/gmetric_haproxy.sh",
1741- }
1742-
1743- cron { "gmetric_haproxy":
1744- command => "/usr/local/bin/gmetric_haproxy.sh",
1745- user => root,
1746- minute => "*/3",
1747- }
1748-
1749- package { "monit": ensure => present }
1750-
1751- file { "/etc/default/monit":
1752- owner => "root", mode => 644,
1753- content => "startup=1",
1754- require => Package['monit']
1755- }
1756- file { "/etc/monit/monitrc":
1757- owner => "root", mode => 600,
1758- content => template("/srv/cloud/puppet/templates/monitrc-nova-api.erb"),
1759- require => Package['monit']
1760- }
1761- service { "monit":
1762- ensure => true,
1763- pattern => "sbin/monit",
1764- subscribe => [
1765- Package["monit"],
1766- File["/etc/default/monit"],
1767- File["/etc/monit/monitrc"],
1768- ]
1769- }
1770-
1771-}
1772-
1773-
1774-define nnetwork($version) {
1775- # kill the default network added by the package
1776- exec { "kill-libvirt-default-net":
1777- command => "virsh net-destroy default; rm /etc/libvirt/qemu/networks/autostart/default.xml",
1778- path => "/usr/bin:/bin",
1779- onlyif => "test -f /etc/libvirt/qemu/networks/autostart/default.xml"
1780- }
1781-
1782- # EVIL HACK: custom binary because dnsmasq 2.52 segfaulted accessing dereferenced object
1783- file { "/usr/sbin/dnsmasq":
1784- owner => "root", group => "root",
1785- source => "puppet://${puppet_server}/files/production/dnsmasq",
1786- }
1787-
1788- package { "nova-network": ensure => $version, require => Exec["update-apt"] }
1789- nova_conf_pointer{'dhcpbridge': name => 'dhcpbridge'}
1790- nova_conf_pointer{'network': name => "network" }
1791-
1792- exec { "update-rc.d -f nova-network remove; update-rc.d nova-network defaults 50":
1793- path => "/usr/bin:/usr/sbin:/bin",
1794- onlyif => "test -f /etc/init.d/nova-network",
1795- unless => "test -f /etc/rc2.d/S50nova-network"
1796- }
1797- service { "nova-network":
1798- ensure => running,
1799- hasstatus => true,
1800- subscribe => [
1801- Package["nova-network"],
1802- File["/etc/nova/nova.conf"],
1803- File["/etc/nova/nova-network.conf"]
1804- ]
1805- }
1806-}
1807-
1808-define nobjectstore($version) {
1809- package { "nova-objectstore": ensure => $version, require => Exec["update-apt"] }
1810- nova_conf_pointer{'objectstore': name => 'objectstore'}
1811- exec { "update-rc.d -f nova-objectstore remove; update-rc.d nova-objectstore defaults 50":
1812- path => "/usr/bin:/usr/sbin:/bin",
1813- onlyif => "test -f /etc/init.d/nova-objectstore",
1814- unless => "test -f /etc/rc2.d/S50nova-objectstore"
1815- }
1816- service { "nova-objectstore":
1817- ensure => running,
1818- hasstatus => true,
1819- subscribe => [
1820- Package["nova-objectstore"],
1821- File["/etc/nova/nova.conf"],
1822- File["/etc/nova/nova-objectstore.conf"]
1823- ]
1824- }
1825-}
1826-
1827-define ncompute($version) {
1828- include ganglia-python
1829- include ganglia-compute
1830-
1831- # kill the default network added by the package
1832- exec { "kill-libvirt-default-net":
1833- command => "virsh net-destroy default; rm /etc/libvirt/qemu/networks/autostart/default.xml",
1834- path => "/usr/bin:/bin",
1835- onlyif => "test -f /etc/libvirt/qemu/networks/autostart/default.xml"
1836- }
1837-
1838-
1839- # LIBVIRT has to be restarted when ebtables / gawk is installed
1840- service { "libvirt-bin":
1841- ensure => running,
1842- pattern => "sbin/libvirtd",
1843- subscribe => [
1844- Package["ebtables"],
1845- Kern_module["kvm_intel"]
1846- ],
1847- require => [
1848- Package["libvirt-bin"],
1849- Package["ebtables"],
1850- Package["gawk"],
1851- Kern_module["kvm_intel"],
1852- File["/dev/kvm"]
1853- ]
1854- }
1855-
1856- package { "libvirt-bin": ensure => "0.8.3-1ubuntu14~ppalucid2" }
1857- package { "ebtables": ensure => present }
1858- package { "gawk": ensure => present }
1859-
1860- # ensure proper permissions on /dev/kvm
1861- file { "/dev/kvm":
1862- owner => "root",
1863- group => "kvm",
1864- mode => 660
1865- }
1866-
1867- # require hardware virt
1868- kern_module { "kvm_intel":
1869- ensure => present,
1870- }
1871-
1872- # increase loopback devices
1873- file { "/etc/modprobe.d/loop.conf":
1874- owner => "root", mode => 644,
1875- content => "options loop max_loop=40"
1876- }
1877-
1878- nova_conf_pointer{'compute': name => 'compute'}
1879-
1880- loopback{loop0: num => 0}
1881- loopback{loop1: num => 1}
1882- loopback{loop2: num => 2}
1883- loopback{loop3: num => 3}
1884- loopback{loop4: num => 4}
1885- loopback{loop5: num => 5}
1886- loopback{loop6: num => 6}
1887- loopback{loop7: num => 7}
1888- loopback{loop8: num => 8}
1889- loopback{loop9: num => 9}
1890- loopback{loop10: num => 10}
1891- loopback{loop11: num => 11}
1892- loopback{loop12: num => 12}
1893- loopback{loop13: num => 13}
1894- loopback{loop14: num => 14}
1895- loopback{loop15: num => 15}
1896- loopback{loop16: num => 16}
1897- loopback{loop17: num => 17}
1898- loopback{loop18: num => 18}
1899- loopback{loop19: num => 19}
1900- loopback{loop20: num => 20}
1901- loopback{loop21: num => 21}
1902- loopback{loop22: num => 22}
1903- loopback{loop23: num => 23}
1904- loopback{loop24: num => 24}
1905- loopback{loop25: num => 25}
1906- loopback{loop26: num => 26}
1907- loopback{loop27: num => 27}
1908- loopback{loop28: num => 28}
1909- loopback{loop29: num => 29}
1910- loopback{loop30: num => 30}
1911- loopback{loop31: num => 31}
1912- loopback{loop32: num => 32}
1913- loopback{loop33: num => 33}
1914- loopback{loop34: num => 34}
1915- loopback{loop35: num => 35}
1916- loopback{loop36: num => 36}
1917- loopback{loop37: num => 37}
1918- loopback{loop38: num => 38}
1919- loopback{loop39: num => 39}
1920-
1921- package { "python-libvirt": ensure => "0.8.3-1ubuntu14~ppalucid2" }
1922-
1923- package { "nova-compute":
1924- ensure => "$version",
1925- require => Package["python-libvirt"]
1926- }
1927-
1928- #file { "/usr/share/nova/libvirt.qemu.xml.template":
1929- # owner => "nova", mode => 400,
1930- # source => "puppet://${puppet_server}/files/production/libvirt.qemu.xml.template",
1931- #}
1932-
1933- # fix runlevels: using enable => true adds it as 20, which is too early
1934- exec { "update-rc.d -f nova-compute remove":
1935- path => "/usr/bin:/usr/sbin:/bin",
1936- onlyif => "test -f /etc/rc2.d/S??nova-compute"
1937- }
1938- service { "nova-compute":
1939- ensure => running,
1940- hasstatus => true,
1941- subscribe => [
1942- Package["nova-compute"],
1943- File["/etc/nova/nova.conf"],
1944- File["/etc/nova/nova-compute.conf"],
1945- #File["/usr/share/nova/libvirt.qemu.xml.template"],
1946- Service["libvirt-bin"],
1947- Kern_module["kvm_intel"]
1948- ]
1949- }
1950-}
1951-
1952-define nvolume($version) {
1953-
1954- package { "nova-volume": ensure => $version, require => Exec["update-apt"] }
1955-
1956- nova_conf_pointer{'volume': name => 'volume'}
1957-
1958- # fix runlevels: using enable => true adds it as 20, which is too early
1959- exec { "update-rc.d -f nova-volume remove":
1960- path => "/usr/bin:/usr/sbin:/bin",
1961- onlyif => "test -f /etc/rc2.d/S??nova-volume"
1962- }
1963-
1964- file { "/etc/default/iscsitarget":
1965- owner => "root", mode => 644,
1966- content => "ISCSITARGET_ENABLE=true"
1967- }
1968-
1969- package { "iscsitarget": ensure => present }
1970-
1971- file { "/dev/iscsi": ensure => directory } # FIXME(vish): owner / mode?
1972- file { "/usr/sbin/nova-iscsi-dev.sh":
1973- owner => "root", mode => 755,
1974- source => "puppet://${puppet_server}/files/production/nova-iscsi-dev.sh"
1975- }
1976- file { "/etc/udev/rules.d/55-openiscsi.rules":
1977- owner => "root", mode => 644,
1978- content => 'KERNEL=="sd*", BUS=="scsi", PROGRAM="/usr/sbin/nova-iscsi-dev.sh %b",SYMLINK+="iscsi/%c%n"'
1979- }
1980-
1981- service { "iscsitarget":
1982- ensure => running,
1983- enable => true,
1984- hasstatus => true,
1985- require => [
1986- File["/etc/default/iscsitarget"],
1987- Package["iscsitarget"]
1988- ]
1989- }
1990-
1991- service { "nova-volume":
1992- ensure => running,
1993- hasstatus => true,
1994- subscribe => [
1995- Package["nova-volume"],
1996- File["/etc/nova/nova.conf"],
1997- File["/etc/nova/nova-volume.conf"]
1998- ]
1999- }
2000-}
2001-
2002-class novaspool {
2003- # This isn't in release yet
2004- #cron { logspool:
2005- # command => "/usr/bin/nova-logspool /var/log/nova.log /var/lib/nova/spool",
2006- # user => "nova"
2007- #}
2008- #cron { spoolsentry:
2009- # command => "/usr/bin/nova-spoolsentry ${sentry_url} ${sentry_key} /var/lib/nova/spool",
2010- # user => "nova"
2011- #}
2012-}
2013
2014=== removed file 'contrib/puppet/manifests/classes/swift.pp'
2015--- contrib/puppet/manifests/classes/swift.pp 2010-11-12 19:07:46 +0000
2016+++ contrib/puppet/manifests/classes/swift.pp 1970-01-01 00:00:00 +0000
2017@@ -1,7 +0,0 @@
2018-class swift {
2019- package { "memcached": ensure => present }
2020- service { "memcached": require => Package['memcached'] }
2021-
2022- package { "swift-proxy": ensure => present }
2023-}
2024-
2025
2026=== removed file 'contrib/puppet/manifests/site.pp'
2027--- contrib/puppet/manifests/site.pp 2010-11-12 19:07:46 +0000
2028+++ contrib/puppet/manifests/site.pp 1970-01-01 00:00:00 +0000
2029@@ -1,120 +0,0 @@
2030-# site.pp
2031-
2032-import "templates"
2033-import "classes/*"
2034-
2035-node novabase inherits default {
2036-# $puppet_server = "192.168.0.10"
2037- $cluster_name = "openstack001"
2038- $ganglia_udp_send_channel = "openstack001.example.com"
2039- $syslog = "192.168.0.10"
2040-
2041- # THIS STUFF ISN'T IN RELEASE YET
2042- #$sentry_url = "http://192.168.0.19/sentry/store/"
2043- #$sentry_key = "TODO:SENTRYPASS"
2044-
2045- $local_network = "192.168.0.0/16"
2046- $vpn_ip = "192.168.0.2"
2047- $public_interface = "eth0"
2048- include novanode
2049-# include nova-common
2050- include opsmetrics
2051-
2052-# non-nova stuff such as nova-dash inherit from novanode
2053-# novaspool needs a better home
2054-# include novaspool
2055-}
2056-
2057-# Builder
2058-node "nova000.example.com" inherits novabase {
2059- $syslog = "server"
2060- include ntp
2061- include syslog-server
2062-}
2063-
2064-# Non-Nova nodes
2065-
2066-node
2067- "blog.example.com",
2068- "wiki.example.com"
2069-inherits novabase {
2070- include ganglia-python
2071- include ganglia-apache
2072- include ganglia-mysql
2073-}
2074-
2075-
2076-node "nova001.example.com"
2077-inherits novabase {
2078- include novabase
2079-
2080- nova_iptables { nova:
2081- services => [
2082- "ganglia",
2083- "mysql",
2084- "rabbitmq",
2085- "ldap",
2086- "api",
2087- "objectstore",
2088- "nrpe",
2089- ],
2090- ip => "192.168.0.10",
2091- }
2092-
2093- nobjectstore { nova: version => "0.9.0" }
2094- nscheduler { nova: version => "0.9.0" }
2095- napi { nova:
2096- version => "0.9.0",
2097- api_servers => 10,
2098- api_base_port => 8000
2099- }
2100-}
2101-
2102-node "nova002.example.com"
2103-inherits novabase {
2104- include novaconf
2105-
2106- nova_iptables { nova:
2107- services => [
2108- "ganglia",
2109- "dnsmasq",
2110- "nrpe"
2111- ],
2112- ip => "192.168.4.2",
2113- private_range => "192.168.0.0/16",
2114- }
2115-
2116- nnetwork { nova: version => "0.9.0" }
2117-}
2118-
2119-node
2120- "nova003.example.com",
2121- "nova004.example.com",
2122- "nova005.example.com",
2123- "nova006.example.com",
2124- "nova007.example.com",
2125- "nova008.example.com",
2126- "nova009.example.com",
2127- "nova010.example.com",
2128- "nova011.example.com",
2129- "nova012.example.com",
2130- "nova013.example.com",
2131- "nova014.example.com",
2132- "nova015.example.com",
2133- "nova016.example.com",
2134- "nova017.example.com",
2135- "nova018.example.com",
2136- "nova019.example.com",
2137-inherits novabase {
2138- include novaconf
2139- ncompute { nova: version => "0.9.0" }
2140- nvolume { nova: version => "0.9.0" }
2141-}
2142-
2143-#node
2144-# "nova020.example.com"
2145-# "nova021.example.com"
2146-#inherits novanode {
2147-# include novaconf
2148- #ncompute { nova: version => "0.9.0" }
2149-#}
2150
2151=== removed file 'contrib/puppet/manifests/templates.pp'
2152--- contrib/puppet/manifests/templates.pp 2010-11-12 19:07:46 +0000
2153+++ contrib/puppet/manifests/templates.pp 1970-01-01 00:00:00 +0000
2154@@ -1,21 +0,0 @@
2155-# templates.pp
2156-
2157-import "classes/*"
2158-
2159-class baseclass {
2160-# include dns-client # FIXME: missing resolv.conf.erb??
2161- include issue
2162-}
2163-
2164-node default {
2165- $nova_site = "undef"
2166- $nova_ns1 = "undef"
2167- $nova_ns2 = "undef"
2168-# include baseclass
2169-}
2170-
2171-# novanode handles the system-level requirements for Nova/Swift nodes
2172-class novanode {
2173- include baseclass
2174- include lvmconf
2175-}
2176
2177=== removed file 'contrib/puppet/puppet.conf'
2178--- contrib/puppet/puppet.conf 2010-11-12 19:07:46 +0000
2179+++ contrib/puppet/puppet.conf 1970-01-01 00:00:00 +0000
2180@@ -1,11 +0,0 @@
2181-[main]
2182-logdir=/var/log/puppet
2183-vardir=/var/lib/puppet
2184-ssldir=/var/lib/puppet/ssl
2185-rundir=/var/run/puppet
2186-factpath=$vardir/lib/facter
2187-pluginsync=false
2188-
2189-[puppetmasterd]
2190-templatedir=/var/lib/nova/contrib/puppet/templates
2191-autosign=true
2192
2193=== removed directory 'contrib/puppet/templates'
2194=== removed file 'contrib/puppet/templates/haproxy.cfg.erb'
2195--- contrib/puppet/templates/haproxy.cfg.erb 2010-11-12 19:07:46 +0000
2196+++ contrib/puppet/templates/haproxy.cfg.erb 1970-01-01 00:00:00 +0000
2197@@ -1,39 +0,0 @@
2198-# this config needs haproxy-1.1.28 or haproxy-1.2.1
2199-
2200-global
2201- log 127.0.0.1 local0
2202- log 127.0.0.1 local1 notice
2203- #log loghost local0 info
2204- maxconn 4096
2205- #chroot /usr/share/haproxy
2206- stats socket /var/run/haproxy.sock
2207- user haproxy
2208- group haproxy
2209- daemon
2210- #debug
2211- #quiet
2212-
2213-defaults
2214- log global
2215- mode http
2216- option httplog
2217- option dontlognull
2218- retries 3
2219- option redispatch
2220- stats enable
2221- stats uri /haproxy
2222- maxconn 2000
2223- contimeout 5000
2224- clitimeout 50000
2225- srvtimeout 50000
2226-
2227-
2228-listen nova-api 0.0.0.0:8773
2229- option httpchk GET / HTTP/1.0\r\nHost:\ example.com
2230- option forwardfor
2231- reqidel ^X-Forwarded-For:.*
2232- balance roundrobin
2233-<% api_servers.to_i.times do |offset| %><% port = api_base_port.to_i + offset -%>
2234- server api_<%= port %> 127.0.0.1:<%= port %> maxconn 1 check
2235-<% end -%>
2236- option httpclose # disable keep-alive
2237
2238=== removed file 'contrib/puppet/templates/monitrc-nova-api.erb'
2239--- contrib/puppet/templates/monitrc-nova-api.erb 2010-11-12 19:07:46 +0000
2240+++ contrib/puppet/templates/monitrc-nova-api.erb 1970-01-01 00:00:00 +0000
2241@@ -1,138 +0,0 @@
2242-###############################################################################
2243-## Monit control file
2244-###############################################################################
2245-##
2246-## Comments begin with a '#' and extend through the end of the line. Keywords
2247-## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
2248-##
2249-## Below you will find examples of some frequently used statements. For
2250-## information about the control file, a complete list of statements and
2251-## options please have a look in the monit manual.
2252-##
2253-##
2254-###############################################################################
2255-## Global section
2256-###############################################################################
2257-##
2258-## Start monit in the background (run as a daemon):
2259-#
2260-set daemon 60 # check services at 1-minute intervals
2261- with start delay 30 # optional: delay the first check by half a minute
2262- # (by default check immediately after monit start)
2263-
2264-
2265-## Set syslog logging with the 'daemon' facility. If the FACILITY option is
2266-## omitted, monit will use 'user' facility by default. If you want to log to
2267-## a stand alone log file instead, specify the path to a log file
2268-#
2269-set logfile syslog facility log_daemon
2270-#
2271-#
2272-### Set the location of monit id file which saves the unique id specific for
2273-### given monit. The id is generated and stored on first monit start.
2274-### By default the file is placed in $HOME/.monit.id.
2275-#
2276-# set idfile /var/.monit.id
2277-#
2278-### Set the location of monit state file which saves the monitoring state
2279-### on each cycle. By default the file is placed in $HOME/.monit.state. If
2280-### state file is stored on persistent filesystem, monit will recover the
2281-### monitoring state across reboots. If it is on temporary filesystem, the
2282-### state will be lost on reboot.
2283-#
2284-# set statefile /var/.monit.state
2285-#
2286-## Set the list of mail servers for alert delivery. Multiple servers may be
2287-## specified using comma separator. By default monit uses port 25 - this
2288-## is possible to override with the PORT option.
2289-#
2290-# set mailserver mail.bar.baz, # primary mailserver
2291-# backup.bar.baz port 10025, # backup mailserver on port 10025
2292-# localhost # fallback relay
2293-#
2294-#
2295-## By default monit will drop alert events if no mail servers are available.
2296-## If you want to keep the alerts for a later delivery retry, you can use the
2297-## EVENTQUEUE statement. The base directory where undelivered alerts will be
2298-## stored is specified by the BASEDIR option. You can limit the maximal queue
2299-## size using the SLOTS option (if omitted, the queue is limited by space
2300-## available in the back end filesystem).
2301-#
2302-# set eventqueue
2303-# basedir /var/monit # set the base directory where events will be stored
2304-# slots 100 # optionaly limit the queue size
2305-#
2306-#
2307-## Send status and events to M/Monit (Monit central management: for more
2308-## informations about M/Monit see http://www.tildeslash.com/mmonit).
2309-#
2310-# set mmonit http://monit:monit@192.168.1.10:8080/collector
2311-#
2312-#
2313-## Monit by default uses the following alert mail format:
2314-##
2315-## --8<--
2316-## From: monit@$HOST # sender
2317-## Subject: monit alert -- $EVENT $SERVICE # subject
2318-##
2319-## $EVENT Service $SERVICE #
2320-## #
2321-## Date: $DATE #
2322-## Action: $ACTION #
2323-## Host: $HOST # body
2324-## Description: $DESCRIPTION #
2325-## #
2326-## Your faithful employee, #
2327-## monit #
2328-## --8<--
2329-##
2330-## You can override this message format or parts of it, such as subject
2331-## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
2332-## are expanded at runtime. For example, to override the sender:
2333-#
2334-# set mail-format { from: monit@foo.bar }
2335-#
2336-#
2337-## You can set alert recipients here whom will receive alerts if/when a
2338-## service defined in this file has errors. Alerts may be restricted on
2339-## events by using a filter as in the second example below.
2340-#
2341-# set alert sysadm@foo.bar # receive all alerts
2342-# set alert manager@foo.bar only on { timeout } # receive just service-
2343-# # timeout alert
2344-#
2345-#
2346-## Monit has an embedded web server which can be used to view status of
2347-## services monitored, the current configuration, actual services parameters
2348-## and manage services from a web interface.
2349-#
2350- set httpd port 2812 and
2351- use address localhost # only accept connection from localhost
2352- allow localhost # allow localhost to connect to the server and
2353-# allow admin:monit # require user 'admin' with password 'monit'
2354-# allow @monit # allow users of group 'monit' to connect (rw)
2355-# allow @users readonly # allow users of group 'users' to connect readonly
2356-#
2357-#
2358-###############################################################################
2359-## Services
2360-###############################################################################
2361-
2362-<% api_servers.to_i.times do |offset| %><% port = api_base_port.to_i + offset %>
2363-
2364-check process nova_api_<%= port %> with pidfile /var/run/nova/nova-api-<%= port %>.pid
2365- group nova_api
2366- start program = "/usr/bin/nova-api --flagfile=/etc/nova/nova.conf --pidfile=/var/run/nova/nova-api-<%= port %>.pid --api_listen_port=<%= port %> --lockfile=/var/run/nova/nova-api-<%= port %>.pid.lock start"
2367- as uid nova
2368- stop program = "/usr/bin/nova-api --flagfile=/etc/nova/nova.conf --pidfile=/var/run/nova/nova-api-<%= port %>.pid --api_listen_port=<%= port %> --lockfile=/var/run/nova/nova-api-<%= port %>.pid.lock stop"
2369- as uid nova
2370- if failed port <%= port %> protocol http
2371- with timeout 15 seconds
2372- for 4 cycles
2373- then restart
2374- if totalmem > 300 Mb then restart
2375- if cpu is greater than 60% for 2 cycles then alert
2376- if cpu > 80% for 3 cycles then restart
2377- if 3 restarts within 5 cycles then timeout
2378-
2379-<% end %>
2380
2381=== removed file 'contrib/puppet/templates/nova-iptables.erb'
2382--- contrib/puppet/templates/nova-iptables.erb 2010-11-12 19:07:46 +0000
2383+++ contrib/puppet/templates/nova-iptables.erb 1970-01-01 00:00:00 +0000
2384@@ -1,10 +0,0 @@
2385-<% services.each do |service| -%>
2386-<%= service.upcase %>=1
2387-<% end -%>
2388-<% if ip && ip != "" %>IP="<%=ip%>"<% end %>
2389-<% if private_range && private_range != "" %>PRIVATE_RANGE="<%=private_range%>"<% end %>
2390-<% if mgmt_ip && mgmt_ip != "" %>MGMT_IP="<%=mgmt_ip%>"<% end %>
2391-<% if dmz_ip && dmz_ip != "" %>DMZ_IP="<%=dmz_ip%>"<% end %>
2392-
2393-# warning: this file is auto-generated by puppet
2394-
2395
2396=== removed directory 'contrib/puppet/templates/production'
2397=== removed file 'contrib/puppet/templates/production/nova-common.conf.erb'
2398--- contrib/puppet/templates/production/nova-common.conf.erb 2010-11-23 18:46:07 +0000
2399+++ contrib/puppet/templates/production/nova-common.conf.erb 1970-01-01 00:00:00 +0000
2400@@ -1,55 +0,0 @@
2401-# global
2402---dmz_net=192.168.0.0
2403---dmz_mask=255.255.0.0
2404---dmz_cidr=192.168.0.0/16
2405---ldap_user_dn=cn=Administrators,dc=example,dc=com
2406---ldap_user_unit=Users
2407---ldap_user_subtree=ou=Users,dc=example,dc=com
2408---ldap_project_subtree=ou=Groups,dc=example,dc=com
2409---role_project_subtree=ou=Groups,dc=example,dc=com
2410---ldap_cloudadmin=cn=NovaAdmins,ou=Groups,dc=example,dc=com
2411---ldap_itsec=cn=NovaSecurity,ou=Groups,dc=example,dc=com
2412---ldap_sysadmin=cn=Administrators,ou=Groups,dc=example,dc=com
2413---ldap_netadmin=cn=Administrators,ou=Groups,dc=example,dc=com
2414---ldap_developer=cn=developers,ou=Groups,dc=example,dc=com
2415---verbose
2416---daemonize
2417---syslog
2418---networks_path=/var/lib/nova/networks
2419---instances_path=/var/lib/nova/instances
2420---buckets_path=/var/lib/nova/objectstore/buckets
2421---images_path=/var/lib/nova/objectstore/images
2422---scheduler_driver=nova.scheduler.simple.SimpleScheduler
2423---libvirt_xml_template=/usr/share/nova/libvirt.qemu.xml.template
2424---credentials_template=/usr/share/nova/novarc.template
2425---boot_script_template=/usr/share/nova/bootscript.template
2426---vpn_client_template=/usr/share/nova/client.ovpn.template
2427---max_cores=40
2428---max_gigabytes=2000
2429---ca_path=/var/lib/nova/CA
2430---keys_path=/var/lib/nova/keys
2431---vpn_start=11000
2432---volume_group=vgdata
2433---volume_manager=nova.volume.manager.ISCSIManager
2434---volume_driver=nova.volume.driver.ISCSIDriver
2435---default_kernel=aki-DEFAULT
2436---default_ramdisk=ari-DEFAULT
2437---dhcpbridge=/usr/bin/nova-dhcpbridge
2438---vpn_image_id=ami-cloudpipe
2439---dhcpbridge_flagfile=/etc/nova/nova.conf
2440---credential_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=NOVA/CN=%s-%s
2441---auth_driver=nova.auth.ldapdriver.LdapDriver
2442---quota_cores=17
2443---quota_floating_ips=5
2444---quota_instances=6
2445---quota_volumes=10
2446---quota_gigabytes=100
2447---use_nova_chains=True
2448---input_chain=services
2449---use_project_ca=True
2450---fixed_ip_disassociate_timeout=300
2451---api_max_requests=1
2452---api_listen_ip=127.0.0.1
2453---user_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=Nova/CN=%s-%s-%s
2454---project_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=Nova/CN=project-ca-%s-%s
2455---vpn_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=Nova/CN=project-vpn-%s-%s
2456
2457=== removed file 'contrib/puppet/templates/production/nova-nova.conf.erb'
2458--- contrib/puppet/templates/production/nova-nova.conf.erb 2010-11-12 19:07:46 +0000
2459+++ contrib/puppet/templates/production/nova-nova.conf.erb 1970-01-01 00:00:00 +0000
2460@@ -1,21 +0,0 @@
2461---fixed_range=192.168.0.0/16
2462---iscsi_ip_prefix=192.168.4
2463---floating_range=10.0.0.0/24
2464---rabbit_host=192.168.0.10
2465---s3_host=192.168.0.10
2466---cc_host=192.168.0.10
2467---cc_dmz=192.168.24.10
2468---s3_dmz=192.168.24.10
2469---ec2_url=http://192.168.0.1:8773/services/Cloud
2470---vpn_ip=192.168.0.2
2471---ldap_url=ldap://192.168.0.10
2472---sql_connection=mysql://nova:TODO-MYPASS@192.168.0.10/nova
2473---other_sql_connection=mysql://nova:TODO-MYPASS@192.168.0.10/nova
2474---routing_source_ip=192.168.0.2
2475---bridge_dev=eth1
2476---public_interface=eth0
2477---vlan_start=3100
2478---num_networks=700
2479---rabbit_userid=TODO:RABBIT
2480---rabbit_password=TODO:CHANGEME
2481---ldap_password=TODO:CHANGEME
2482
2483=== modified file 'nova/service.py'
2484--- nova/service.py 2011-01-27 19:52:10 +0000
2485+++ nova/service.py 2011-02-20 19:58:33 +0000
2486@@ -50,10 +50,6 @@
2487 'seconds between running periodic tasks',
2488 lower_bound=1)
2489
2490-flags.DEFINE_string('pidfile', None,
2491- 'pidfile to use for this service')
2492-
2493-
2494 flags.DEFINE_flag(flags.HelpFlag())
2495 flags.DEFINE_flag(flags.HelpshortFlag())
2496 flags.DEFINE_flag(flags.HelpXMLFlag())