Merge lp:~berendt/nova/lp712681 into lp:~hudson-openstack/nova/trunk
- lp712681
- Merge into trunk
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Devin Carlen | ||||
Approved revision: | 680 | ||||
Merged at revision: | 715 | ||||
Proposed branch: | lp:~berendt/nova/lp712681 | ||||
Merge into: | lp:~hudson-openstack/nova/trunk | ||||
Diff against target: |
2496 lines (+0/-2320) 32 files modified
contrib/puppet/files/etc/default/nova-compute (+0/-1) contrib/puppet/files/etc/default/nova-volume (+0/-1) contrib/puppet/files/etc/issue (+0/-5) contrib/puppet/files/etc/libvirt/qemu.conf (+0/-170) contrib/puppet/files/etc/lvm/lvm.conf (+0/-463) contrib/puppet/files/etc/nova.conf (+0/-28) contrib/puppet/files/production/boto.cfg (+0/-3) contrib/puppet/files/production/genvpn.sh (+0/-35) contrib/puppet/files/production/libvirt.qemu.xml.template (+0/-35) contrib/puppet/files/production/my.cnf (+0/-137) contrib/puppet/files/production/nova-iptables (+0/-187) contrib/puppet/files/production/nova-iscsi-dev.sh (+0/-19) contrib/puppet/files/production/setup_data.sh (+0/-6) contrib/puppet/files/production/slap.sh (+0/-261) contrib/puppet/fileserver.conf (+0/-8) contrib/puppet/manifests/classes/apt.pp (+0/-1) contrib/puppet/manifests/classes/issue.pp (+0/-14) contrib/puppet/manifests/classes/kern_module.pp (+0/-34) contrib/puppet/manifests/classes/loopback.pp (+0/-6) contrib/puppet/manifests/classes/lvm.pp (+0/-8) contrib/puppet/manifests/classes/lvmconf.pp (+0/-8) contrib/puppet/manifests/classes/nova.pp (+0/-464) contrib/puppet/manifests/classes/swift.pp (+0/-7) contrib/puppet/manifests/site.pp (+0/-120) contrib/puppet/manifests/templates.pp (+0/-21) contrib/puppet/puppet.conf (+0/-11) contrib/puppet/templates/haproxy.cfg.erb (+0/-39) contrib/puppet/templates/monitrc-nova-api.erb (+0/-138) contrib/puppet/templates/nova-iptables.erb (+0/-10) contrib/puppet/templates/production/nova-common.conf.erb (+0/-55) contrib/puppet/templates/production/nova-nova.conf.erb (+0/-21) nova/service.py (+0/-4) |
||||
To merge this branch: | bzr merge lp:~berendt/nova/lp712681 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Todd Willey (community) | Approve | ||
Devin Carlen (community) | Approve | ||
Thierry Carrez (community) | Approve | ||
Review via email: mp+49871@code.launchpad.net |
Commit message
Description of the change
At the moment --pidfile is still used in some scripts in contrib/puppet/. I don't use puppet, please check if there are possible side effects.
Devin Carlen (devcamcar) wrote : | # |
Christian Berendt (berendt) wrote : | # |
@Devin: Do you know who is responsible for the puppet stuff? I want to talk to them that they should cleanup the pid file handling...
Vish Ishaya (vishvananda) wrote : | # |
Already done. I think we should move puppet scripts out, though. They
were just there as an example
On Sunday, February 20, 2011, Christian Berendt <email address hidden> wrote:
> @Devin: Do you know who is responsible for the puppet stuff? I want to talk to them that they should cleanup the pid file handling...
> --
> https:/
> You are subscribed to branch lp:nova.
>
- 680. By Christian Berendt
-
puppet scripts only there as an example, should be moved to some other place if they are still necessary
Christian Berendt (berendt) wrote : | # |
I removed the puppet files in this branch. I think the branch can be merged now or do you think we need a discussion about the removing of contrib/puppet?
Todd Willey (xtoddx) wrote : | # |
I think they need to come out, they don't really do anyone any good. It might be worth letting the mailing list know and then waiting until Wednesday or so to see if anyone objects.
Christian Berendt (berendt) wrote : | # |
Posted a mail on ML openstack, lazy approval until wednesday (18:00 UTC). I'll post the results here, than we can approve (or disapprove...).
Thierry Carrez (ttx) wrote : | # |
Deployment scripts in general should live outside the source tree, unless we can always keep them in sync with the rest of the code. They are usually refined once the code stabilizes and even shortly after release, so their release cycle is slightly off. That's why we pushed the nova deployment tool from NII outside the main source tree, and I don't see the puppet stuff being any different.
Todd Willey (xtoddx) wrote : | # |
looks good. assuming no push-back on the mailing list we can approve this tomorrow.
Preview Diff
1 | === removed directory 'contrib/puppet' |
2 | === removed directory 'contrib/puppet/files' |
3 | === removed directory 'contrib/puppet/files/etc' |
4 | === removed directory 'contrib/puppet/files/etc/default' |
5 | === removed file 'contrib/puppet/files/etc/default/nova-compute' |
6 | --- contrib/puppet/files/etc/default/nova-compute 2010-11-12 19:07:46 +0000 |
7 | +++ contrib/puppet/files/etc/default/nova-compute 1970-01-01 00:00:00 +0000 |
8 | @@ -1,1 +0,0 @@ |
9 | -ENABLED=true |
10 | |
11 | === removed file 'contrib/puppet/files/etc/default/nova-volume' |
12 | --- contrib/puppet/files/etc/default/nova-volume 2010-11-12 19:07:46 +0000 |
13 | +++ contrib/puppet/files/etc/default/nova-volume 1970-01-01 00:00:00 +0000 |
14 | @@ -1,1 +0,0 @@ |
15 | -ENABLED=true |
16 | |
17 | === removed file 'contrib/puppet/files/etc/issue' |
18 | --- contrib/puppet/files/etc/issue 2010-11-12 19:07:46 +0000 |
19 | +++ contrib/puppet/files/etc/issue 1970-01-01 00:00:00 +0000 |
20 | @@ -1,5 +0,0 @@ |
21 | ------------------------------------------------ |
22 | - |
23 | - Welcome to your OpenStack installation! |
24 | - |
25 | ------------------------------------------------ |
26 | |
27 | === removed directory 'contrib/puppet/files/etc/libvirt' |
28 | === removed file 'contrib/puppet/files/etc/libvirt/qemu.conf' |
29 | --- contrib/puppet/files/etc/libvirt/qemu.conf 2010-11-12 19:07:46 +0000 |
30 | +++ contrib/puppet/files/etc/libvirt/qemu.conf 1970-01-01 00:00:00 +0000 |
31 | @@ -1,170 +0,0 @@ |
32 | -# Master configuration file for the QEMU driver. |
33 | -# All settings described here are optional - if omitted, sensible |
34 | -# defaults are used. |
35 | - |
36 | -# VNC is configured to listen on 127.0.0.1 by default. |
37 | -# To make it listen on all public interfaces, uncomment |
38 | -# this next option. |
39 | -# |
40 | -# NB, strong recommendation to enable TLS + x509 certificate |
41 | -# verification when allowing public access |
42 | -# |
43 | -# vnc_listen = "0.0.0.0" |
44 | - |
45 | - |
46 | -# Enable use of TLS encryption on the VNC server. This requires |
47 | -# a VNC client which supports the VeNCrypt protocol extension. |
48 | -# Examples include vinagre, virt-viewer, virt-manager and vencrypt |
49 | -# itself. UltraVNC, RealVNC, TightVNC do not support this |
50 | -# |
51 | -# It is necessary to setup CA and issue a server certificate |
52 | -# before enabling this. |
53 | -# |
54 | -# vnc_tls = 1 |
55 | - |
56 | - |
57 | -# Use of TLS requires that x509 certificates be issued. The |
58 | -# default it to keep them in /etc/pki/libvirt-vnc. This directory |
59 | -# must contain |
60 | -# |
61 | -# ca-cert.pem - the CA master certificate |
62 | -# server-cert.pem - the server certificate signed with ca-cert.pem |
63 | -# server-key.pem - the server private key |
64 | -# |
65 | -# This option allows the certificate directory to be changed |
66 | -# |
67 | -# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" |
68 | - |
69 | - |
70 | -# The default TLS configuration only uses certificates for the server |
71 | -# allowing the client to verify the server's identity and establish |
72 | -# and encrypted channel. |
73 | -# |
74 | -# It is possible to use x509 certificates for authentication too, by |
75 | -# issuing a x509 certificate to every client who needs to connect. |
76 | -# |
77 | -# Enabling this option will reject any client who does not have a |
78 | -# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem |
79 | -# |
80 | -# vnc_tls_x509_verify = 1 |
81 | - |
82 | - |
83 | -# The default VNC password. Only 8 letters are significant for |
84 | -# VNC passwords. This parameter is only used if the per-domain |
85 | -# XML config does not already provide a password. To allow |
86 | -# access without passwords, leave this commented out. An empty |
87 | -# string will still enable passwords, but be rejected by QEMU |
88 | -# effectively preventing any use of VNC. Obviously change this |
89 | -# example here before you set this |
90 | -# |
91 | -# vnc_password = "XYZ12345" |
92 | - |
93 | - |
94 | -# Enable use of SASL encryption on the VNC server. This requires |
95 | -# a VNC client which supports the SASL protocol extension. |
96 | -# Examples include vinagre, virt-viewer and virt-manager |
97 | -# itself. UltraVNC, RealVNC, TightVNC do not support this |
98 | -# |
99 | -# It is necessary to configure /etc/sasl2/qemu.conf to choose |
100 | -# the desired SASL plugin (eg, GSSPI for Kerberos) |
101 | -# |
102 | -# vnc_sasl = 1 |
103 | - |
104 | - |
105 | -# The default SASL configuration file is located in /etc/sasl2/ |
106 | -# When running libvirtd unprivileged, it may be desirable to |
107 | -# override the configs in this location. Set this parameter to |
108 | -# point to the directory, and create a qemu.conf in that location |
109 | -# |
110 | -# vnc_sasl_dir = "/some/directory/sasl2" |
111 | - |
112 | - |
113 | - |
114 | - |
115 | -# The default security driver is SELinux. If SELinux is disabled |
116 | -# on the host, then the security driver will automatically disable |
117 | -# itself. If you wish to disable QEMU SELinux security driver while |
118 | -# leaving SELinux enabled for the host in general, then set this |
119 | -# to 'none' instead |
120 | -# |
121 | -# security_driver = "selinux" |
122 | - |
123 | - |
124 | -# The user ID for QEMU processes run by the system instance |
125 | -user = "root" |
126 | - |
127 | -# The group ID for QEMU processes run by the system instance |
128 | -group = "root" |
129 | - |
130 | -# Whether libvirt should dynamically change file ownership |
131 | -# to match the configured user/group above. Defaults to 1. |
132 | -# Set to 0 to disable file ownership changes. |
133 | -#dynamic_ownership = 1 |
134 | - |
135 | - |
136 | -# What cgroup controllers to make use of with QEMU guests |
137 | -# |
138 | -# - 'cpu' - use for schedular tunables |
139 | -# - 'devices' - use for device whitelisting |
140 | -# |
141 | -# NB, even if configured here, they won't be used unless |
142 | -# the adminsitrator has mounted cgroups. eg |
143 | -# |
144 | -# mkdir /dev/cgroup |
145 | -# mount -t cgroup -o devices,cpu none /dev/cgroup |
146 | -# |
147 | -# They can be mounted anywhere, and different controlers |
148 | -# can be mounted in different locations. libvirt will detect |
149 | -# where they are located. |
150 | -# |
151 | -# cgroup_controllers = [ "cpu", "devices" ] |
152 | - |
153 | -# This is the basic set of devices allowed / required by |
154 | -# all virtual machines. |
155 | -# |
156 | -# As well as this, any configured block backed disks, |
157 | -# all sound device, and all PTY devices are allowed. |
158 | -# |
159 | -# This will only need setting if newer QEMU suddenly |
160 | -# wants some device we don't already know a bout. |
161 | -# |
162 | -#cgroup_device_acl = [ |
163 | -# "/dev/null", "/dev/full", "/dev/zero", |
164 | -# "/dev/random", "/dev/urandom", |
165 | -# "/dev/ptmx", "/dev/kvm", "/dev/kqemu", |
166 | -# "/dev/rtc", "/dev/hpet", "/dev/net/tun", |
167 | -#] |
168 | - |
169 | -# The default format for Qemu/KVM guest save images is raw; that is, the |
170 | -# memory from the domain is dumped out directly to a file. If you have |
171 | -# guests with a large amount of memory, however, this can take up quite |
172 | -# a bit of space. If you would like to compress the images while they |
173 | -# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz" |
174 | -# for save_image_format. Note that this means you slow down the process of |
175 | -# saving a domain in order to save disk space; the list above is in descending |
176 | -# order by performance and ascending order by compression ratio. |
177 | -# |
178 | -# save_image_format = "raw" |
179 | - |
180 | -# If provided by the host and a hugetlbfs mount point is configured, |
181 | -# a guest may request huge page backing. When this mount point is |
182 | -# unspecified here, determination of a host mount point in /proc/mounts |
183 | -# will be attempted. Specifying an explicit mount overrides detection |
184 | -# of the same in /proc/mounts. Setting the mount point to "" will |
185 | -# disable guest hugepage backing. |
186 | -# |
187 | -# NB, within this mount point, guests will create memory backing files |
188 | -# in a location of $MOUNTPOINT/libvirt/qemu |
189 | - |
190 | -# hugetlbfs_mount = "/dev/hugepages" |
191 | - |
192 | -# mac_filter enables MAC addressed based filtering on bridge ports. |
193 | -# This currently requires ebtables to be installed. |
194 | -# |
195 | -# mac_filter = 1 |
196 | - |
197 | -# By default, PCI devices below non-ACS switch are not allowed to be assigned |
198 | -# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to |
199 | -# be assigned to guests. |
200 | -# |
201 | -# relaxed_acs_check = 1 |
202 | |
203 | === removed directory 'contrib/puppet/files/etc/lvm' |
204 | === removed file 'contrib/puppet/files/etc/lvm/lvm.conf' |
205 | --- contrib/puppet/files/etc/lvm/lvm.conf 2010-11-12 19:07:46 +0000 |
206 | +++ contrib/puppet/files/etc/lvm/lvm.conf 1970-01-01 00:00:00 +0000 |
207 | @@ -1,463 +0,0 @@ |
208 | -# This is an example configuration file for the LVM2 system. |
209 | -# It contains the default settings that would be used if there was no |
210 | -# /etc/lvm/lvm.conf file. |
211 | -# |
212 | -# Refer to 'man lvm.conf' for further information including the file layout. |
213 | -# |
214 | -# To put this file in a different directory and override /etc/lvm set |
215 | -# the environment variable LVM_SYSTEM_DIR before running the tools. |
216 | - |
217 | - |
218 | -# This section allows you to configure which block devices should |
219 | -# be used by the LVM system. |
220 | -devices { |
221 | - |
222 | - # Where do you want your volume groups to appear ? |
223 | - dir = "/dev" |
224 | - |
225 | - # An array of directories that contain the device nodes you wish |
226 | - # to use with LVM2. |
227 | - scan = [ "/dev" ] |
228 | - |
229 | - # If several entries in the scanned directories correspond to the |
230 | - # same block device and the tools need to display a name for device, |
231 | - # all the pathnames are matched against each item in the following |
232 | - # list of regular expressions in turn and the first match is used. |
233 | - preferred_names = [ ] |
234 | - |
235 | - # Try to avoid using undescriptive /dev/dm-N names, if present. |
236 | - # preferred_names = [ "^/dev/mpath/", "^/dev/mapper/mpath", "^/dev/[hs]d" ] |
237 | - |
238 | - # A filter that tells LVM2 to only use a restricted set of devices. |
239 | - # The filter consists of an array of regular expressions. These |
240 | - # expressions can be delimited by a character of your choice, and |
241 | - # prefixed with either an 'a' (for accept) or 'r' (for reject). |
242 | - # The first expression found to match a device name determines if |
243 | - # the device will be accepted or rejected (ignored). Devices that |
244 | - # don't match any patterns are accepted. |
245 | - |
246 | - # Be careful if there there are symbolic links or multiple filesystem |
247 | - # entries for the same device as each name is checked separately against |
248 | - # the list of patterns. The effect is that if any name matches any 'a' |
249 | - # pattern, the device is accepted; otherwise if any name matches any 'r' |
250 | - # pattern it is rejected; otherwise it is accepted. |
251 | - |
252 | - # Don't have more than one filter line active at once: only one gets used. |
253 | - |
254 | - # Run vgscan after you change this parameter to ensure that |
255 | - # the cache file gets regenerated (see below). |
256 | - # If it doesn't do what you expect, check the output of 'vgscan -vvvv'. |
257 | - |
258 | - |
259 | - # By default we accept every block device: |
260 | - filter = [ "r|/dev/etherd/.*|", "r|/dev/block/.*|", "a/.*/" ] |
261 | - |
262 | - # Exclude the cdrom drive |
263 | - # filter = [ "r|/dev/cdrom|" ] |
264 | - |
265 | - # When testing I like to work with just loopback devices: |
266 | - # filter = [ "a/loop/", "r/.*/" ] |
267 | - |
268 | - # Or maybe all loops and ide drives except hdc: |
269 | - # filter =[ "a|loop|", "r|/dev/hdc|", "a|/dev/ide|", "r|.*|" ] |
270 | - |
271 | - # Use anchors if you want to be really specific |
272 | - # filter = [ "a|^/dev/hda8$|", "r/.*/" ] |
273 | - |
274 | - # The results of the filtering are cached on disk to avoid |
275 | - # rescanning dud devices (which can take a very long time). |
276 | - # By default this cache is stored in the /etc/lvm/cache directory |
277 | - # in a file called '.cache'. |
278 | - # It is safe to delete the contents: the tools regenerate it. |
279 | - # (The old setting 'cache' is still respected if neither of |
280 | - # these new ones is present.) |
281 | - cache_dir = "/etc/lvm/cache" |
282 | - cache_file_prefix = "" |
283 | - |
284 | - # You can turn off writing this cache file by setting this to 0. |
285 | - write_cache_state = 1 |
286 | - |
287 | - # Advanced settings. |
288 | - |
289 | - # List of pairs of additional acceptable block device types found |
290 | - # in /proc/devices with maximum (non-zero) number of partitions. |
291 | - # types = [ "fd", 16 ] |
292 | - |
293 | - # If sysfs is mounted (2.6 kernels) restrict device scanning to |
294 | - # the block devices it believes are valid. |
295 | - # 1 enables; 0 disables. |
296 | - sysfs_scan = 1 |
297 | - |
298 | - # By default, LVM2 will ignore devices used as components of |
299 | - # software RAID (md) devices by looking for md superblocks. |
300 | - # 1 enables; 0 disables. |
301 | - md_component_detection = 1 |
302 | - |
303 | - # By default, if a PV is placed directly upon an md device, LVM2 |
304 | - # will align its data blocks with the md device's stripe-width. |
305 | - # 1 enables; 0 disables. |
306 | - md_chunk_alignment = 1 |
307 | - |
308 | - # By default, the start of a PV's data area will be a multiple of |
309 | - # the 'minimum_io_size' or 'optimal_io_size' exposed in sysfs. |
310 | - # - minimum_io_size - the smallest request the device can perform |
311 | - # w/o incurring a read-modify-write penalty (e.g. MD's chunk size) |
312 | - # - optimal_io_size - the device's preferred unit of receiving I/O |
313 | - # (e.g. MD's stripe width) |
314 | - # minimum_io_size is used if optimal_io_size is undefined (0). |
315 | - # If md_chunk_alignment is enabled, that detects the optimal_io_size. |
316 | - # This setting takes precedence over md_chunk_alignment. |
317 | - # 1 enables; 0 disables. |
318 | - data_alignment_detection = 1 |
319 | - |
320 | - # Alignment (in KB) of start of data area when creating a new PV. |
321 | - # If a PV is placed directly upon an md device and md_chunk_alignment or |
322 | - # data_alignment_detection is enabled this parameter is ignored. |
323 | - # Set to 0 for the default alignment of 64KB or page size, if larger. |
324 | - data_alignment = 0 |
325 | - |
326 | - # By default, the start of the PV's aligned data area will be shifted by |
327 | - # the 'alignment_offset' exposed in sysfs. This offset is often 0 but |
328 | - # may be non-zero; e.g.: certain 4KB sector drives that compensate for |
329 | - # windows partitioning will have an alignment_offset of 3584 bytes |
330 | - # (sector 7 is the lowest aligned logical block, the 4KB sectors start |
331 | - # at LBA -1, and consequently sector 63 is aligned on a 4KB boundary). |
332 | - # 1 enables; 0 disables. |
333 | - data_alignment_offset_detection = 1 |
334 | - |
335 | - # If, while scanning the system for PVs, LVM2 encounters a device-mapper |
336 | - # device that has its I/O suspended, it waits for it to become accessible. |
337 | - # Set this to 1 to skip such devices. This should only be needed |
338 | - # in recovery situations. |
339 | - ignore_suspended_devices = 0 |
340 | -} |
341 | - |
342 | -# This section that allows you to configure the nature of the |
343 | -# information that LVM2 reports. |
344 | -log { |
345 | - |
346 | - # Controls the messages sent to stdout or stderr. |
347 | - # There are three levels of verbosity, 3 being the most verbose. |
348 | - verbose = 0 |
349 | - |
350 | - # Should we send log messages through syslog? |
351 | - # 1 is yes; 0 is no. |
352 | - syslog = 1 |
353 | - |
354 | - # Should we log error and debug messages to a file? |
355 | - # By default there is no log file. |
356 | - #file = "/var/log/lvm2.log" |
357 | - |
358 | - # Should we overwrite the log file each time the program is run? |
359 | - # By default we append. |
360 | - overwrite = 0 |
361 | - |
362 | - # What level of log messages should we send to the log file and/or syslog? |
363 | - # There are 6 syslog-like log levels currently in use - 2 to 7 inclusive. |
364 | - # 7 is the most verbose (LOG_DEBUG). |
365 | - level = 0 |
366 | - |
367 | - # Format of output messages |
368 | - # Whether or not (1 or 0) to indent messages according to their severity |
369 | - indent = 1 |
370 | - |
371 | - # Whether or not (1 or 0) to display the command name on each line output |
372 | - command_names = 0 |
373 | - |
374 | - # A prefix to use before the message text (but after the command name, |
375 | - # if selected). Default is two spaces, so you can see/grep the severity |
376 | - # of each message. |
377 | - prefix = " " |
378 | - |
379 | - # To make the messages look similar to the original LVM tools use: |
380 | - # indent = 0 |
381 | - # command_names = 1 |
382 | - # prefix = " -- " |
383 | - |
384 | - # Set this if you want log messages during activation. |
385 | - # Don't use this in low memory situations (can deadlock). |
386 | - # activation = 0 |
387 | -} |
388 | - |
389 | -# Configuration of metadata backups and archiving. In LVM2 when we |
390 | -# talk about a 'backup' we mean making a copy of the metadata for the |
391 | -# *current* system. The 'archive' contains old metadata configurations. |
392 | -# Backups are stored in a human readeable text format. |
393 | -backup { |
394 | - |
395 | - # Should we maintain a backup of the current metadata configuration ? |
396 | - # Use 1 for Yes; 0 for No. |
397 | - # Think very hard before turning this off! |
398 | - backup = 1 |
399 | - |
400 | - # Where shall we keep it ? |
401 | - # Remember to back up this directory regularly! |
402 | - backup_dir = "/etc/lvm/backup" |
403 | - |
404 | - # Should we maintain an archive of old metadata configurations. |
405 | - # Use 1 for Yes; 0 for No. |
406 | - # On by default. Think very hard before turning this off. |
407 | - archive = 1 |
408 | - |
409 | - # Where should archived files go ? |
410 | - # Remember to back up this directory regularly! |
411 | - archive_dir = "/etc/lvm/archive" |
412 | - |
413 | - # What is the minimum number of archive files you wish to keep ? |
414 | - retain_min = 10 |
415 | - |
416 | - # What is the minimum time you wish to keep an archive file for ? |
417 | - retain_days = 30 |
418 | -} |
419 | - |
420 | -# Settings for the running LVM2 in shell (readline) mode. |
421 | -shell { |
422 | - |
423 | - # Number of lines of history to store in ~/.lvm_history |
424 | - history_size = 100 |
425 | -} |
426 | - |
427 | - |
428 | -# Miscellaneous global LVM2 settings |
429 | -global { |
430 | - |
431 | - # The file creation mask for any files and directories created. |
432 | - # Interpreted as octal if the first digit is zero. |
433 | - umask = 077 |
434 | - |
435 | - # Allow other users to read the files |
436 | - #umask = 022 |
437 | - |
438 | - # Enabling test mode means that no changes to the on disk metadata |
439 | - # will be made. Equivalent to having the -t option on every |
440 | - # command. Defaults to off. |
441 | - test = 0 |
442 | - |
443 | - # Default value for --units argument |
444 | - units = "h" |
445 | - |
446 | - # Since version 2.02.54, the tools distinguish between powers of |
447 | - # 1024 bytes (e.g. KiB, MiB, GiB) and powers of 1000 bytes (e.g. |
448 | - # KB, MB, GB). |
449 | - # If you have scripts that depend on the old behaviour, set this to 0 |
450 | - # temporarily until you update them. |
451 | - si_unit_consistency = 1 |
452 | - |
453 | - # Whether or not to communicate with the kernel device-mapper. |
454 | - # Set to 0 if you want to use the tools to manipulate LVM metadata |
455 | - # without activating any logical volumes. |
456 | - # If the device-mapper kernel driver is not present in your kernel |
457 | - # setting this to 0 should suppress the error messages. |
458 | - activation = 1 |
459 | - |
460 | - # If we can't communicate with device-mapper, should we try running |
461 | - # the LVM1 tools? |
462 | - # This option only applies to 2.4 kernels and is provided to help you |
463 | - # switch between device-mapper kernels and LVM1 kernels. |
464 | - # The LVM1 tools need to be installed with .lvm1 suffices |
465 | - # e.g. vgscan.lvm1 and they will stop working after you start using |
466 | - # the new lvm2 on-disk metadata format. |
467 | - # The default value is set when the tools are built. |
468 | - # fallback_to_lvm1 = 0 |
469 | - |
470 | - # The default metadata format that commands should use - "lvm1" or "lvm2". |
471 | - # The command line override is -M1 or -M2. |
472 | - # Defaults to "lvm2". |
473 | - # format = "lvm2" |
474 | - |
475 | - # Location of proc filesystem |
476 | - proc = "/proc" |
477 | - |
478 | - # Type of locking to use. Defaults to local file-based locking (1). |
479 | - # Turn locking off by setting to 0 (dangerous: risks metadata corruption |
480 | - # if LVM2 commands get run concurrently). |
481 | - # Type 2 uses the external shared library locking_library. |
482 | - # Type 3 uses built-in clustered locking. |
483 | - # Type 4 uses read-only locking which forbids any operations that might |
484 | - # change metadata. |
485 | - locking_type = 1 |
486 | - |
487 | - # Set to 0 to fail when a lock request cannot be satisfied immediately. |
488 | - wait_for_locks = 1 |
489 | - |
490 | - # If using external locking (type 2) and initialisation fails, |
491 | - # with this set to 1 an attempt will be made to use the built-in |
492 | - # clustered locking. |
493 | - # If you are using a customised locking_library you should set this to 0. |
494 | - fallback_to_clustered_locking = 1 |
495 | - |
496 | - # If an attempt to initialise type 2 or type 3 locking failed, perhaps |
497 | - # because cluster components such as clvmd are not running, with this set |
498 | - # to 1 an attempt will be made to use local file-based locking (type 1). |
499 | - # If this succeeds, only commands against local volume groups will proceed. |
500 | - # Volume Groups marked as clustered will be ignored. |
501 | - fallback_to_local_locking = 1 |
502 | - |
503 | - # Local non-LV directory that holds file-based locks while commands are |
504 | - # in progress. A directory like /tmp that may get wiped on reboot is OK. |
505 | - locking_dir = "/var/lock/lvm" |
506 | - |
507 | - # Whenever there are competing read-only and read-write access requests for |
508 | - # a volume group's metadata, instead of always granting the read-only |
509 | - # requests immediately, delay them to allow the read-write requests to be |
510 | - # serviced. Without this setting, write access may be stalled by a high |
511 | - # volume of read-only requests. |
512 | - # NB. This option only affects locking_type = 1 viz. local file-based |
513 | - # locking. |
514 | - prioritise_write_locks = 1 |
515 | - |
516 | - # Other entries can go here to allow you to load shared libraries |
517 | - # e.g. if support for LVM1 metadata was compiled as a shared library use |
518 | - # format_libraries = "liblvm2format1.so" |
519 | - # Full pathnames can be given. |
520 | - |
521 | - # Search this directory first for shared libraries. |
522 | - # library_dir = "/lib/lvm2" |
523 | - |
524 | - # The external locking library to load if locking_type is set to 2. |
525 | - # locking_library = "liblvm2clusterlock.so" |
526 | -} |
527 | - |
528 | -activation { |
529 | - # Set to 0 to disable udev syncronisation (if compiled into the binaries). |
530 | - # Processes will not wait for notification from udev. |
531 | - # They will continue irrespective of any possible udev processing |
532 | - # in the background. You should only use this if udev is not running |
533 | - # or has rules that ignore the devices LVM2 creates. |
534 | - # The command line argument --nodevsync takes precedence over this setting. |
535 | - # If set to 1 when udev is not running, and there are LVM2 processes |
536 | - # waiting for udev, run 'dmsetup udevcomplete_all' manually to wake them up. |
537 | - udev_sync = 1 |
538 | - |
539 | - # How to fill in missing stripes if activating an incomplete volume. |
540 | - # Using "error" will make inaccessible parts of the device return |
541 | - # I/O errors on access. You can instead use a device path, in which |
542 | - # case, that device will be used to in place of missing stripes. |
543 | - # But note that using anything other than "error" with mirrored |
544 | - # or snapshotted volumes is likely to result in data corruption. |
545 | - missing_stripe_filler = "error" |
546 | - |
547 | - # How much stack (in KB) to reserve for use while devices suspended |
548 | - reserved_stack = 256 |
549 | - |
550 | - # How much memory (in KB) to reserve for use while devices suspended |
551 | - reserved_memory = 8192 |
552 | - |
553 | - # Nice value used while devices suspended |
554 | - process_priority = -18 |
555 | - |
556 | - # If volume_list is defined, each LV is only activated if there is a |
557 | - # match against the list. |
558 | - # "vgname" and "vgname/lvname" are matched exactly. |
559 | - # "@tag" matches any tag set in the LV or VG. |
560 | - # "@*" matches if any tag defined on the host is also set in the LV or VG |
561 | - # |
562 | - # volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] |
563 | - |
564 | - # Size (in KB) of each copy operation when mirroring |
565 | - mirror_region_size = 512 |
566 | - |
567 | - # Setting to use when there is no readahead value stored in the metadata. |
568 | - # |
569 | - # "none" - Disable readahead. |
570 | - # "auto" - Use default value chosen by kernel. |
571 | - readahead = "auto" |
572 | - |
573 | - # 'mirror_image_fault_policy' and 'mirror_log_fault_policy' define |
574 | - # how a device failure affecting a mirror is handled. |
575 | - # A mirror is composed of mirror images (copies) and a log. |
576 | - # A disk log ensures that a mirror does not need to be re-synced |
577 | - # (all copies made the same) every time a machine reboots or crashes. |
578 | - # |
579 | - # In the event of a failure, the specified policy will be used to determine |
580 | - # what happens. This applies to automatic repairs (when the mirror is being |
581 | - # monitored by dmeventd) and to manual lvconvert --repair when |
582 | - # --use-policies is given. |
583 | - # |
584 | - # "remove" - Simply remove the faulty device and run without it. If |
585 | - # the log device fails, the mirror would convert to using |
586 | - # an in-memory log. This means the mirror will not |
587 | - # remember its sync status across crashes/reboots and |
588 | - # the entire mirror will be re-synced. If a |
589 | - # mirror image fails, the mirror will convert to a |
590 | - # non-mirrored device if there is only one remaining good |
591 | - # copy. |
592 | - # |
593 | - # "allocate" - Remove the faulty device and try to allocate space on |
594 | - # a new device to be a replacement for the failed device. |
595 | - # Using this policy for the log is fast and maintains the |
596 | - # ability to remember sync state through crashes/reboots. |
597 | - # Using this policy for a mirror device is slow, as it |
598 | - # requires the mirror to resynchronize the devices, but it |
599 | - # will preserve the mirror characteristic of the device. |
600 | - # This policy acts like "remove" if no suitable device and |
601 | - # space can be allocated for the replacement. |
602 | - # |
603 | - # "allocate_anywhere" - Not yet implemented. Useful to place the log device |
604 | - # temporarily on same physical volume as one of the mirror |
605 | - # images. This policy is not recommended for mirror devices |
606 | - # since it would break the redundant nature of the mirror. This |
607 | - # policy acts like "remove" if no suitable device and space can |
608 | - # be allocated for the replacement. |
609 | - |
610 | - mirror_log_fault_policy = "allocate" |
611 | - mirror_device_fault_policy = "remove" |
612 | -} |
613 | - |
614 | - |
615 | -#################### |
616 | -# Advanced section # |
617 | -#################### |
618 | - |
619 | -# Metadata settings |
620 | -# |
621 | -# metadata { |
622 | - # Default number of copies of metadata to hold on each PV. 0, 1 or 2. |
623 | - # You might want to override it from the command line with 0 |
624 | - # when running pvcreate on new PVs which are to be added to large VGs. |
625 | - |
626 | - # pvmetadatacopies = 1 |
627 | - |
628 | - # Approximate default size of on-disk metadata areas in sectors. |
629 | - # You should increase this if you have large volume groups or |
630 | - # you want to retain a large on-disk history of your metadata changes. |
631 | - |
632 | - # pvmetadatasize = 255 |
633 | - |
634 | - # List of directories holding live copies of text format metadata. |
635 | - # These directories must not be on logical volumes! |
636 | - # It's possible to use LVM2 with a couple of directories here, |
637 | - # preferably on different (non-LV) filesystems, and with no other |
638 | - # on-disk metadata (pvmetadatacopies = 0). Or this can be in |
639 | - # addition to on-disk metadata areas. |
640 | - # The feature was originally added to simplify testing and is not |
641 | - # supported under low memory situations - the machine could lock up. |
642 | - # |
643 | - # Never edit any files in these directories by hand unless you |
644 | - # you are absolutely sure you know what you are doing! Use |
645 | - # the supplied toolset to make changes (e.g. vgcfgrestore). |
646 | - |
647 | - # dirs = [ "/etc/lvm/metadata", "/mnt/disk2/lvm/metadata2" ] |
648 | -#} |
649 | - |
650 | -# Event daemon |
651 | -# |
652 | -dmeventd { |
653 | - # mirror_library is the library used when monitoring a mirror device. |
654 | - # |
655 | - # "libdevmapper-event-lvm2mirror.so" attempts to recover from |
656 | - # failures. It removes failed devices from a volume group and |
657 | - # reconfigures a mirror as necessary. If no mirror library is |
658 | - # provided, mirrors are not monitored through dmeventd. |
659 | - |
660 | - mirror_library = "libdevmapper-event-lvm2mirror.so" |
661 | - |
662 | - # snapshot_library is the library used when monitoring a snapshot device. |
663 | - # |
664 | - # "libdevmapper-event-lvm2snapshot.so" monitors the filling of |
665 | - # snapshots and emits a warning through syslog, when the use of |
666 | - # snapshot exceedes 80%. The warning is repeated when 85%, 90% and |
667 | - # 95% of the snapshot are filled. |
668 | - |
669 | - snapshot_library = "libdevmapper-event-lvm2snapshot.so" |
670 | -} |
671 | |
672 | === removed file 'contrib/puppet/files/etc/nova.conf' |
673 | --- contrib/puppet/files/etc/nova.conf 2010-11-12 19:07:46 +0000 |
674 | +++ contrib/puppet/files/etc/nova.conf 1970-01-01 00:00:00 +0000 |
675 | @@ -1,28 +0,0 @@ |
676 | ---ec2_url=http://192.168.255.1:8773/services/Cloud |
677 | ---rabbit_host=192.168.255.1 |
678 | ---redis_host=192.168.255.1 |
679 | ---s3_host=192.168.255.1 |
680 | ---vpn_ip=192.168.255.1 |
681 | ---datastore_path=/var/lib/nova/keeper |
682 | ---networks_path=/var/lib/nova/networks |
683 | ---instances_path=/var/lib/nova/instances |
684 | ---buckets_path=/var/lib/nova/objectstore/buckets |
685 | ---images_path=/var/lib/nova/objectstore/images |
686 | ---ca_path=/var/lib/nova/CA |
687 | ---keys_path=/var/lib/nova/keys |
688 | ---vlan_start=2000 |
689 | ---vlan_end=3000 |
690 | ---private_range=192.168.0.0/16 |
691 | ---public_range=10.0.0.0/24 |
692 | ---volume_group=vgdata |
693 | ---storage_dev=/dev/sdc |
694 | ---bridge_dev=eth2 |
695 | ---aoe_eth_dev=eth2 |
696 | ---public_interface=vlan0 |
697 | ---default_kernel=aki-DEFAULT |
698 | ---default_ramdisk=ari-DEFAULT |
699 | ---vpn_image_id=ami-cloudpipe |
700 | ---daemonize |
701 | ---verbose |
702 | ---syslog |
703 | ---prefix=nova |
704 | |
705 | === removed directory 'contrib/puppet/files/production' |
706 | === removed file 'contrib/puppet/files/production/boto.cfg' |
707 | --- contrib/puppet/files/production/boto.cfg 2010-11-12 19:07:46 +0000 |
708 | +++ contrib/puppet/files/production/boto.cfg 1970-01-01 00:00:00 +0000 |
709 | @@ -1,3 +0,0 @@ |
710 | -[Boto] |
711 | -debug = 0 |
712 | -num_retries = 1 |
713 | |
714 | === removed file 'contrib/puppet/files/production/genvpn.sh' |
715 | --- contrib/puppet/files/production/genvpn.sh 2010-11-12 19:07:46 +0000 |
716 | +++ contrib/puppet/files/production/genvpn.sh 1970-01-01 00:00:00 +0000 |
717 | @@ -1,35 +0,0 @@ |
718 | -#!/bin/bash |
719 | -# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
720 | - |
721 | -# Copyright 2010 United States Government as represented by the |
722 | -# Administrator of the National Aeronautics and Space Administration. |
723 | -# All Rights Reserved. |
724 | -# |
725 | -# Licensed under the Apache License, Version 2.0 (the "License"); you may |
726 | -# not use this file except in compliance with the License. You may obtain |
727 | -# a copy of the License at |
728 | -# |
729 | -# http://www.apache.org/licenses/LICENSE-2.0 |
730 | -# |
731 | -# Unless required by applicable law or agreed to in writing, software |
732 | -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
733 | -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
734 | -# License for the specific language governing permissions and limitations |
735 | -# under the License. |
736 | - |
737 | -# This gets zipped and run on the cloudpipe-managed OpenVPN server |
738 | -NAME=$1 |
739 | -SUBJ=$2 |
740 | - |
741 | -mkdir -p projects/$NAME |
742 | -cd projects/$NAME |
743 | - |
744 | -# generate a server priv key |
745 | -openssl genrsa -out server.key 2048 |
746 | - |
747 | -# generate a server CSR |
748 | -openssl req -new -key server.key -out server.csr -batch -subj "$SUBJ" |
749 | - |
750 | -if [ "`id -u`" != "`grep nova /etc/passwd | cut -d':' -f3`" ]; then |
751 | - sudo chown -R nova:nogroup . |
752 | -fi |
753 | |
754 | === removed file 'contrib/puppet/files/production/libvirt.qemu.xml.template' |
755 | --- contrib/puppet/files/production/libvirt.qemu.xml.template 2010-11-12 19:07:46 +0000 |
756 | +++ contrib/puppet/files/production/libvirt.qemu.xml.template 1970-01-01 00:00:00 +0000 |
757 | @@ -1,35 +0,0 @@ |
758 | -<domain type='%(type)s'> |
759 | - <name>%(name)s</name> |
760 | - <os> |
761 | - <type>hvm</type> |
762 | - <kernel>%(basepath)s/kernel</kernel> |
763 | - <initrd>%(basepath)s/ramdisk</initrd> |
764 | - <cmdline>root=/dev/vda1 console=ttyS0</cmdline> |
765 | - </os> |
766 | - <features> |
767 | - <acpi/> |
768 | - </features> |
769 | - <memory>%(memory_kb)s</memory> |
770 | - <vcpu>%(vcpus)s</vcpu> |
771 | - <devices> |
772 | - <disk type='file'> |
773 | - <source file='%(basepath)s/disk'/> |
774 | - <target dev='vda' bus='virtio'/> |
775 | - </disk> |
776 | - <interface type='bridge'> |
777 | - <source bridge='%(bridge_name)s'/> |
778 | - <mac address='%(mac_address)s'/> |
779 | - <!-- <model type='virtio'/> CANT RUN virtio network right now --> |
780 | - <!-- |
781 | - <filterref filter="nova-instance-%(name)s"> |
782 | - <parameter name="IP" value="%(ip_address)s" /> |
783 | - <parameter name="DHCPSERVER" value="%(dhcp_server)s" /> |
784 | - </filterref> |
785 | - --> |
786 | - </interface> |
787 | - <serial type="file"> |
788 | - <source path='%(basepath)s/console.log'/> |
789 | - <target port='1'/> |
790 | - </serial> |
791 | - </devices> |
792 | -</domain> |
793 | |
794 | === removed file 'contrib/puppet/files/production/my.cnf' |
795 | --- contrib/puppet/files/production/my.cnf 2010-11-12 19:07:46 +0000 |
796 | +++ contrib/puppet/files/production/my.cnf 1970-01-01 00:00:00 +0000 |
797 | @@ -1,137 +0,0 @@ |
798 | -# |
799 | -# The MySQL database server configuration file. |
800 | -# |
801 | -# You can copy this to one of: |
802 | -# - "/etc/mysql/my.cnf" to set global options, |
803 | -# - "~/.my.cnf" to set user-specific options. |
804 | -# |
805 | -# One can use all long options that the program supports. |
806 | -# Run program with --help to get a list of available options and with |
807 | -# --print-defaults to see which it would actually understand and use. |
808 | -# |
809 | -# For explanations see |
810 | -# http://dev.mysql.com/doc/mysql/en/server-system-variables.html |
811 | - |
812 | -# This will be passed to all mysql clients |
813 | -# It has been reported that passwords should be enclosed with ticks/quotes |
814 | -# escpecially if they contain "#" chars... |
815 | -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. |
816 | -[client] |
817 | -port = 3306 |
818 | -socket = /var/run/mysqld/mysqld.sock |
819 | - |
820 | -# Here is entries for some specific programs |
821 | -# The following values assume you have at least 32M ram |
822 | - |
823 | -# This was formally known as [safe_mysqld]. Both versions are currently parsed. |
824 | -[mysqld_safe] |
825 | -socket = /var/run/mysqld/mysqld.sock |
826 | -nice = 0 |
827 | - |
828 | -[mysqld] |
829 | -# |
830 | -# * Basic Settings |
831 | -# |
832 | - |
833 | -# |
834 | -# * IMPORTANT |
835 | -# If you make changes to these settings and your system uses apparmor, you may |
836 | -# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld. |
837 | -# |
838 | - |
839 | -user = mysql |
840 | -socket = /var/run/mysqld/mysqld.sock |
841 | -port = 3306 |
842 | -basedir = /usr |
843 | -datadir = /var/lib/mysql |
844 | -tmpdir = /tmp |
845 | -skip-external-locking |
846 | -# |
847 | -# Instead of skip-networking the default is now to listen only on |
848 | -# localhost which is more compatible and is not less secure. |
849 | -# bind-address = 127.0.0.1 |
850 | -# |
851 | -# * Fine Tuning |
852 | -# |
853 | -innodb_buffer_pool_size = 12G |
854 | -#innodb_log_file_size = 256M |
855 | -innodb_log_buffer_size=4M |
856 | -innodb_flush_log_at_trx_commit=2 |
857 | -innodb_thread_concurrency=8 |
858 | -innodb_flush_method=O_DIRECT |
859 | -key_buffer = 128M |
860 | -max_allowed_packet = 256M |
861 | -thread_stack = 8196K |
862 | -thread_cache_size = 32 |
863 | -# This replaces the startup script and checks MyISAM tables if needed |
864 | -# the first time they are touched |
865 | -myisam-recover = BACKUP |
866 | -max_connections = 1000 |
867 | -table_cache = 1024 |
868 | -#thread_concurrency = 10 |
869 | -# |
870 | -# * Query Cache Configuration |
871 | -# |
872 | -query_cache_limit = 32M |
873 | -query_cache_size = 256M |
874 | -# |
875 | -# * Logging and Replication |
876 | -# |
877 | -# Both location gets rotated by the cronjob. |
878 | -# Be aware that this log type is a performance killer. |
879 | -# As of 5.1 you can enable the log at runtime! |
880 | -#general_log_file = /var/log/mysql/mysql.log |
881 | -#general_log = 1 |
882 | - |
883 | -log_error = /var/log/mysql/error.log |
884 | - |
885 | -# Here you can see queries with especially long duration |
886 | -log_slow_queries = /var/log/mysql/mysql-slow.log |
887 | -long_query_time = 2 |
888 | -#log-queries-not-using-indexes |
889 | -# |
890 | -# The following can be used as easy to replay backup logs or for replication. |
891 | -# note: if you are setting up a replication slave, see README.Debian about |
892 | -# other settings you may need to change. |
893 | -server-id = 1 |
894 | -log_bin = /var/log/mysql/mysql-bin.log |
895 | -expire_logs_days = 10 |
896 | -max_binlog_size = 50M |
897 | -#binlog_do_db = include_database_name |
898 | -#binlog_ignore_db = include_database_name |
899 | -# |
900 | -# * InnoDB |
901 | -# |
902 | -sync_binlog=1 |
903 | -# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. |
904 | -# Read the manual for more InnoDB related options. There are many! |
905 | -# |
906 | -# * Security Features |
907 | -# |
908 | -# Read the manual, too, if you want chroot! |
909 | -# chroot = /var/lib/mysql/ |
910 | -# |
911 | -# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". |
912 | -# |
913 | -# ssl-ca=/etc/mysql/cacert.pem |
914 | -# ssl-cert=/etc/mysql/server-cert.pem |
915 | -# ssl-key=/etc/mysql/server-key.pem |
916 | - |
917 | - |
918 | - |
919 | -[mysqldump] |
920 | -quick |
921 | -quote-names |
922 | -max_allowed_packet = 256M |
923 | - |
924 | -[mysql] |
925 | -#no-auto-rehash # faster start of mysql but no tab completition |
926 | - |
927 | -[isamchk] |
928 | -key_buffer = 128M |
929 | - |
930 | -# |
931 | -# * IMPORTANT: Additional settings that can override those from this file! |
932 | -# The files must end with '.cnf', otherwise they'll be ignored. |
933 | -# |
934 | -!includedir /etc/mysql/conf.d/ |
935 | |
936 | === removed file 'contrib/puppet/files/production/nova-iptables' |
937 | --- contrib/puppet/files/production/nova-iptables 2010-12-16 11:35:46 +0000 |
938 | +++ contrib/puppet/files/production/nova-iptables 1970-01-01 00:00:00 +0000 |
939 | @@ -1,187 +0,0 @@ |
940 | -#! /bin/sh |
941 | - |
942 | -# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
943 | - |
944 | -# Copyright 2010 United States Government as represented by the |
945 | -# Administrator of the National Aeronautics and Space Administration. |
946 | -# All Rights Reserved. |
947 | -# |
948 | -# Licensed under the Apache License, Version 2.0 (the "License"); you may |
949 | -# not use this file except in compliance with the License. You may obtain |
950 | -# a copy of the License at |
951 | -# |
952 | -# http://www.apache.org/licenses/LICENSE-2.0 |
953 | -# |
954 | -# Unless required by applicable law or agreed to in writing, software |
955 | -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
956 | -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
957 | -# License for the specific language governing permissions and limitations |
958 | -# under the License. |
959 | - |
960 | -# NOTE(vish): This script sets up some reasonable defaults for iptables and |
961 | -# creates nova-specific chains. If you use this script you should |
962 | -# run nova-network and nova-compute with --use_nova_chains=True |
963 | - |
964 | - |
965 | -# NOTE(vish): If you run public nova-api on a different port, make sure to |
966 | -# change the port here |
967 | - |
968 | -if [ -f /etc/default/nova-iptables ] ; then |
969 | - . /etc/default/nova-iptables |
970 | -fi |
971 | - |
972 | -export LC_ALL=C |
973 | - |
974 | -API_PORT=${API_PORT:-"8773"} |
975 | - |
976 | -if [ ! -n "$IP" ]; then |
977 | - # NOTE(vish): IP address is what address the services ALLOW on. |
978 | - # This will just get the first ip in the list, so if you |
979 | - # have more than one eth device set up, this will fail, and |
980 | - # you should explicitly pass in the ip of the instance |
981 | - IP=`ifconfig | grep -m 1 'inet addr:'| cut -d: -f2 | awk '{print $1}'` |
982 | -fi |
983 | - |
984 | -if [ ! -n "$PRIVATE_RANGE" ]; then |
985 | - #NOTE(vish): PRIVATE_RANGE: range is ALLOW to access DHCP |
986 | - PRIVATE_RANGE="192.168.0.0/12" |
987 | -fi |
988 | - |
989 | -if [ ! -n "$MGMT_IP" ]; then |
990 | - # NOTE(vish): Management IP is the ip over which to allow ssh traffic. It |
991 | - # will also allow traffic to nova-api |
992 | - MGMT_IP="$IP" |
993 | -fi |
994 | - |
995 | -if [ ! -n "$DMZ_IP" ]; then |
996 | - # NOTE(vish): DMZ IP is the ip over which to allow api & objectstore access |
997 | - DMZ_IP="$IP" |
998 | -fi |
999 | - |
1000 | -clear_nova_iptables() { |
1001 | - iptables -P INPUT ACCEPT |
1002 | - iptables -P FORWARD ACCEPT |
1003 | - iptables -P OUTPUT ACCEPT |
1004 | - iptables -F |
1005 | - iptables -t nat -F |
1006 | - iptables -F services |
1007 | - iptables -X services |
1008 | - # HACK: re-adding fail2ban rules :( |
1009 | - iptables -N fail2ban-ssh |
1010 | - iptables -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh |
1011 | - iptables -A fail2ban-ssh -j RETURN |
1012 | -} |
1013 | - |
1014 | -load_nova_iptables() { |
1015 | - |
1016 | - iptables -P INPUT DROP |
1017 | - iptables -A INPUT -m state --state INVALID -j DROP |
1018 | - iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
1019 | - # NOTE(ja): allow localhost for everything |
1020 | - iptables -A INPUT -d 127.0.0.1/32 -j ACCEPT |
1021 | - # NOTE(ja): 22 only allowed MGMT_IP before, but we widened it to any |
1022 | - # address, since ssh should be listening only on internal |
1023 | - # before we re-add this rule we will need to add |
1024 | - # flexibility for RSYNC between omega/stingray |
1025 | - iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT |
1026 | - iptables -A INPUT -m udp -p udp --dport 123 -j ACCEPT |
1027 | - iptables -A INPUT -p icmp -j ACCEPT |
1028 | - iptables -N services |
1029 | - iptables -A INPUT -j services |
1030 | - iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset |
1031 | - iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable |
1032 | - |
1033 | - iptables -P FORWARD DROP |
1034 | - iptables -A FORWARD -m state --state INVALID -j DROP |
1035 | - iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT |
1036 | - iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu |
1037 | - |
1038 | - # NOTE(vish): DROP on output is too restrictive for now. We need to add |
1039 | - # in a bunch of more specific output rules to use it. |
1040 | - # iptables -P OUTPUT DROP |
1041 | - iptables -A OUTPUT -m state --state INVALID -j DROP |
1042 | - iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
1043 | - |
1044 | - if [ -n "$GANGLIA" ] || [ -n "$ALL" ]; then |
1045 | - iptables -A services -m tcp -p tcp -d $IP --dport 8649 -j ACCEPT |
1046 | - iptables -A services -m udp -p udp -d $IP --dport 8649 -j ACCEPT |
1047 | - fi |
1048 | - |
1049 | - # if [ -n "$WEB" ] || [ -n "$ALL" ]; then |
1050 | - # # NOTE(vish): This opens up ports for web access, allowing web-based |
1051 | - # # dashboards to work. |
1052 | - # iptables -A services -m tcp -p tcp -d $IP --dport 80 -j ACCEPT |
1053 | - # iptables -A services -m tcp -p tcp -d $IP --dport 443 -j ACCEPT |
1054 | - # fi |
1055 | - |
1056 | - if [ -n "$OBJECTSTORE" ] || [ -n "$ALL" ]; then |
1057 | - # infrastructure |
1058 | - iptables -A services -m tcp -p tcp -d $IP --dport 3333 -j ACCEPT |
1059 | - # clients |
1060 | - iptables -A services -m tcp -p tcp -d $DMZ_IP --dport 3333 -j ACCEPT |
1061 | - fi |
1062 | - |
1063 | - if [ -n "$API" ] || [ -n "$ALL" ]; then |
1064 | - iptables -A services -m tcp -p tcp -d $IP --dport $API_PORT -j ACCEPT |
1065 | - if [ "$IP" != "$DMZ_IP" ]; then |
1066 | - iptables -A services -m tcp -p tcp -d $DMZ_IP --dport $API_PORT -j ACCEPT |
1067 | - fi |
1068 | - if [ "$IP" != "$MGMT_IP" ] && [ "$DMZ_IP" != "$MGMT_IP" ]; then |
1069 | - iptables -A services -m tcp -p tcp -d $MGMT_IP --dport $API_PORT -j ACCEPT |
1070 | - fi |
1071 | - fi |
1072 | - |
1073 | - if [ -n "$REDIS" ] || [ -n "$ALL" ]; then |
1074 | - iptables -A services -m tcp -p tcp -d $IP --dport 6379 -j ACCEPT |
1075 | - fi |
1076 | - |
1077 | - if [ -n "$MYSQL" ] || [ -n "$ALL" ]; then |
1078 | - iptables -A services -m tcp -p tcp -d $IP --dport 3306 -j ACCEPT |
1079 | - fi |
1080 | - |
1081 | - if [ -n "$RABBITMQ" ] || [ -n "$ALL" ]; then |
1082 | - iptables -A services -m tcp -p tcp -d $IP --dport 4369 -j ACCEPT |
1083 | - iptables -A services -m tcp -p tcp -d $IP --dport 5672 -j ACCEPT |
1084 | - iptables -A services -m tcp -p tcp -d $IP --dport 53284 -j ACCEPT |
1085 | - fi |
1086 | - |
1087 | - if [ -n "$DNSMASQ" ] || [ -n "$ALL" ]; then |
1088 | - # NOTE(vish): this could theoretically be setup per network |
1089 | - # for each host, but it seems like overkill |
1090 | - iptables -A services -m tcp -p tcp -s $PRIVATE_RANGE --dport 53 -j ACCEPT |
1091 | - iptables -A services -m udp -p udp -s $PRIVATE_RANGE --dport 53 -j ACCEPT |
1092 | - iptables -A services -m udp -p udp --dport 67 -j ACCEPT |
1093 | - fi |
1094 | - |
1095 | - if [ -n "$LDAP" ] || [ -n "$ALL" ]; then |
1096 | - iptables -A services -m tcp -p tcp -d $IP --dport 389 -j ACCEPT |
1097 | - fi |
1098 | - |
1099 | - if [ -n "$ISCSI" ] || [ -n "$ALL" ]; then |
1100 | - iptables -A services -m tcp -p tcp -d $IP --dport 3260 -j ACCEPT |
1101 | - iptables -A services -m tcp -p tcp -d 127.0.0.0/16 --dport 3260 -j ACCEPT |
1102 | - fi |
1103 | -} |
1104 | - |
1105 | - |
1106 | -case "$1" in |
1107 | - start) |
1108 | - echo "Starting nova-iptables: " |
1109 | - load_nova_iptables |
1110 | - ;; |
1111 | - stop) |
1112 | - echo "Clearing nova-iptables: " |
1113 | - clear_nova_iptables |
1114 | - ;; |
1115 | - restart) |
1116 | - echo "Restarting nova-iptables: " |
1117 | - clear_nova_iptables |
1118 | - load_nova_iptables |
1119 | - ;; |
1120 | - *) |
1121 | - echo "Usage: $NAME {start|stop|restart}" >&2 |
1122 | - exit 1 |
1123 | - ;; |
1124 | -esac |
1125 | - |
1126 | -exit 0 |
1127 | |
1128 | === removed file 'contrib/puppet/files/production/nova-iscsi-dev.sh' |
1129 | --- contrib/puppet/files/production/nova-iscsi-dev.sh 2010-11-12 19:07:46 +0000 |
1130 | +++ contrib/puppet/files/production/nova-iscsi-dev.sh 1970-01-01 00:00:00 +0000 |
1131 | @@ -1,19 +0,0 @@ |
1132 | -#!/bin/sh |
1133 | - |
1134 | -# FILE: /etc/udev/scripts/iscsidev.sh |
1135 | - |
1136 | -BUS=${1} |
1137 | -HOST=${BUS%%:*} |
1138 | - |
1139 | -[ -e /sys/class/iscsi_host ] || exit 1 |
1140 | - |
1141 | -file="/sys/class/iscsi_host/host${HOST}/device/session*/iscsi_session*/session*/targetname" |
1142 | - |
1143 | -target_name=$(cat ${file}) |
1144 | - |
1145 | -# This is not an open-scsi drive |
1146 | -if [ -z "${target_name}" ]; then |
1147 | - exit 1 |
1148 | -fi |
1149 | - |
1150 | -echo "${target_name##*:}" |
1151 | |
1152 | === removed file 'contrib/puppet/files/production/setup_data.sh' |
1153 | --- contrib/puppet/files/production/setup_data.sh 2010-11-12 19:07:46 +0000 |
1154 | +++ contrib/puppet/files/production/setup_data.sh 1970-01-01 00:00:00 +0000 |
1155 | @@ -1,6 +0,0 @@ |
1156 | -#!/bin/bash |
1157 | -/root/slap.sh |
1158 | -mysql -e "DROP DATABASE nova" |
1159 | -mysql -e "CREATE DATABASE nova" |
1160 | -mysql -e "GRANT ALL on nova.* to nova@'%' identified by 'TODO:CHANGEME:CMON'" |
1161 | -touch /root/installed |
1162 | |
1163 | === removed file 'contrib/puppet/files/production/slap.sh' |
1164 | --- contrib/puppet/files/production/slap.sh 2010-11-12 19:07:46 +0000 |
1165 | +++ contrib/puppet/files/production/slap.sh 1970-01-01 00:00:00 +0000 |
1166 | @@ -1,261 +0,0 @@ |
1167 | -#!/usr/bin/env bash |
1168 | -# vim: tabstop=4 shiftwidth=4 softtabstop=4 |
1169 | - |
1170 | -# Copyright 2010 United States Government as represented by the |
1171 | -# Administrator of the National Aeronautics and Space Administration. |
1172 | -# All Rights Reserved. |
1173 | -# |
1174 | -# Licensed under the Apache License, Version 2.0 (the "License"); you may |
1175 | -# not use this file except in compliance with the License. You may obtain |
1176 | -# a copy of the License at |
1177 | -# |
1178 | -# http://www.apache.org/licenses/LICENSE-2.0 |
1179 | -# |
1180 | -# Unless required by applicable law or agreed to in writing, software |
1181 | -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
1182 | -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
1183 | -# License for the specific language governing permissions and limitations |
1184 | -# under the License. |
1185 | -# LDAP INSTALL SCRIPT - SHOULD BE IDEMPOTENT, but it SCRUBS all USERS |
1186 | - |
1187 | -apt-get install -y slapd ldap-utils python-ldap |
1188 | - |
1189 | -cat >/etc/ldap/schema/openssh-lpk_openldap.schema <<LPK_SCHEMA_EOF |
1190 | -# |
1191 | -# LDAP Public Key Patch schema for use with openssh-ldappubkey |
1192 | -# Author: Eric AUGE <eau@phear.org> |
1193 | -# |
1194 | -# Based on the proposal of : Mark Ruijter |
1195 | -# |
1196 | - |
1197 | - |
1198 | -# octetString SYNTAX |
1199 | -attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' |
1200 | - DESC 'MANDATORY: OpenSSH Public key' |
1201 | - EQUALITY octetStringMatch |
1202 | - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) |
1203 | - |
1204 | -# printableString SYNTAX yes|no |
1205 | -objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY |
1206 | - DESC 'MANDATORY: OpenSSH LPK objectclass' |
1207 | - MAY ( sshPublicKey $ uid ) |
1208 | - ) |
1209 | -LPK_SCHEMA_EOF |
1210 | - |
1211 | -cat >/etc/ldap/schema/nova.schema <<NOVA_SCHEMA_EOF |
1212 | -# |
1213 | -# Person object for Nova |
1214 | -# inetorgperson with extra attributes |
1215 | -# Author: Vishvananda Ishaya <vishvananda@yahoo.com> |
1216 | -# |
1217 | -# |
1218 | - |
1219 | -# using internet experimental oid arc as per BP64 3.1 |
1220 | -objectidentifier novaSchema 1.3.6.1.3.1.666.666 |
1221 | -objectidentifier novaAttrs novaSchema:3 |
1222 | -objectidentifier novaOCs novaSchema:4 |
1223 | - |
1224 | -attributetype ( |
1225 | - novaAttrs:1 |
1226 | - NAME 'accessKey' |
1227 | - DESC 'Key for accessing data' |
1228 | - EQUALITY caseIgnoreMatch |
1229 | - SUBSTR caseIgnoreSubstringsMatch |
1230 | - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 |
1231 | - SINGLE-VALUE |
1232 | - ) |
1233 | - |
1234 | -attributetype ( |
1235 | - novaAttrs:2 |
1236 | - NAME 'secretKey' |
1237 | - DESC 'Secret key' |
1238 | - EQUALITY caseIgnoreMatch |
1239 | - SUBSTR caseIgnoreSubstringsMatch |
1240 | - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 |
1241 | - SINGLE-VALUE |
1242 | - ) |
1243 | - |
1244 | -attributetype ( |
1245 | - novaAttrs:3 |
1246 | - NAME 'keyFingerprint' |
1247 | - DESC 'Fingerprint of private key' |
1248 | - EQUALITY caseIgnoreMatch |
1249 | - SUBSTR caseIgnoreSubstringsMatch |
1250 | - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 |
1251 | - SINGLE-VALUE |
1252 | - ) |
1253 | - |
1254 | -attributetype ( |
1255 | - novaAttrs:4 |
1256 | - NAME 'isAdmin' |
1257 | - DESC 'Is user an administrator?' |
1258 | - EQUALITY booleanMatch |
1259 | - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 |
1260 | - SINGLE-VALUE |
1261 | - ) |
1262 | - |
1263 | -attributetype ( |
1264 | - novaAttrs:5 |
1265 | - NAME 'projectManager' |
1266 | - DESC 'Project Managers of a project' |
1267 | - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 |
1268 | - ) |
1269 | - |
1270 | -objectClass ( |
1271 | - novaOCs:1 |
1272 | - NAME 'novaUser' |
1273 | - DESC 'access and secret keys' |
1274 | - AUXILIARY |
1275 | - MUST ( uid ) |
1276 | - MAY ( accessKey $ secretKey $ isAdmin ) |
1277 | - ) |
1278 | - |
1279 | -objectClass ( |
1280 | - novaOCs:2 |
1281 | - NAME 'novaKeyPair' |
1282 | - DESC 'Key pair for User' |
1283 | - SUP top |
1284 | - STRUCTURAL |
1285 | - MUST ( cn $ sshPublicKey $ keyFingerprint ) |
1286 | - ) |
1287 | - |
1288 | -objectClass ( |
1289 | - novaOCs:3 |
1290 | - NAME 'novaProject' |
1291 | - DESC 'Container for project' |
1292 | - SUP groupOfNames |
1293 | - STRUCTURAL |
1294 | - MUST ( cn $ projectManager ) |
1295 | - ) |
1296 | - |
1297 | -NOVA_SCHEMA_EOF |
1298 | - |
1299 | -mv /etc/ldap/slapd.conf /etc/ldap/slapd.conf.orig |
1300 | -cat >/etc/ldap/slapd.conf <<SLAPD_CONF_EOF |
1301 | -# slapd.conf - Configuration file for LDAP SLAPD |
1302 | -########## |
1303 | -# Basics # |
1304 | -########## |
1305 | -include /etc/ldap/schema/core.schema |
1306 | -include /etc/ldap/schema/cosine.schema |
1307 | -include /etc/ldap/schema/inetorgperson.schema |
1308 | -include /etc/ldap/schema/openssh-lpk_openldap.schema |
1309 | -include /etc/ldap/schema/nova.schema |
1310 | -pidfile /var/run/slapd/slapd.pid |
1311 | -argsfile /var/run/slapd/slapd.args |
1312 | -loglevel none |
1313 | -modulepath /usr/lib/ldap |
1314 | -# modulepath /usr/local/libexec/openldap |
1315 | -moduleload back_hdb |
1316 | -########################## |
1317 | -# Database Configuration # |
1318 | -########################## |
1319 | -database hdb |
1320 | -suffix "dc=example,dc=com" |
1321 | -rootdn "cn=Manager,dc=example,dc=com" |
1322 | -rootpw changeme |
1323 | -directory /var/lib/ldap |
1324 | -# directory /usr/local/var/openldap-data |
1325 | -index objectClass,cn eq |
1326 | -######## |
1327 | -# ACLs # |
1328 | -######## |
1329 | -access to attrs=userPassword |
1330 | - by anonymous auth |
1331 | - by self write |
1332 | - by * none |
1333 | -access to * |
1334 | - by self write |
1335 | - by * none |
1336 | -SLAPD_CONF_EOF |
1337 | - |
1338 | -mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig |
1339 | - |
1340 | -cat >/etc/ldap/ldap.conf <<LDAP_CONF_EOF |
1341 | -# LDAP Client Settings |
1342 | -URI ldap://localhost |
1343 | -BASE dc=example,dc=com |
1344 | -BINDDN cn=Manager,dc=example,dc=com |
1345 | -SIZELIMIT 0 |
1346 | -TIMELIMIT 0 |
1347 | -LDAP_CONF_EOF |
1348 | - |
1349 | -cat >/etc/ldap/base.ldif <<BASE_LDIF_EOF |
1350 | -# This is the root of the directory tree |
1351 | -dn: dc=example,dc=com |
1352 | -description: Example.Com, your trusted non-existent corporation. |
1353 | -dc: example |
1354 | -o: Example.Com |
1355 | -objectClass: top |
1356 | -objectClass: dcObject |
1357 | -objectClass: organization |
1358 | - |
1359 | -# Subtree for users |
1360 | -dn: ou=Users,dc=example,dc=com |
1361 | -ou: Users |
1362 | -description: Users |
1363 | -objectClass: organizationalUnit |
1364 | - |
1365 | -# Subtree for groups |
1366 | -dn: ou=Groups,dc=example,dc=com |
1367 | -ou: Groups |
1368 | -description: Groups |
1369 | -objectClass: organizationalUnit |
1370 | - |
1371 | -# Subtree for system accounts |
1372 | -dn: ou=System,dc=example,dc=com |
1373 | -ou: System |
1374 | -description: Special accounts used by software applications. |
1375 | -objectClass: organizationalUnit |
1376 | - |
1377 | -# Special Account for Authentication: |
1378 | -dn: uid=authenticate,ou=System,dc=example,dc=com |
1379 | -uid: authenticate |
1380 | -ou: System |
1381 | -description: Special account for authenticating users |
1382 | -userPassword: {MD5}TODO-000000000000000000000000000== |
1383 | -objectClass: account |
1384 | -objectClass: simpleSecurityObject |
1385 | - |
1386 | -# create the sysadmin entry |
1387 | - |
1388 | -dn: cn=developers,ou=Groups,dc=example,dc=com |
1389 | -objectclass: groupOfNames |
1390 | -cn: developers |
1391 | -description: IT admin group |
1392 | -member: uid=admin,ou=Users,dc=example,dc=com |
1393 | - |
1394 | -dn: cn=sysadmins,ou=Groups,dc=example,dc=com |
1395 | -objectclass: groupOfNames |
1396 | -cn: sysadmins |
1397 | -description: IT admin group |
1398 | -member: uid=admin,ou=Users,dc=example,dc=com |
1399 | - |
1400 | -dn: cn=netadmins,ou=Groups,dc=example,dc=com |
1401 | -objectclass: groupOfNames |
1402 | -cn: netadmins |
1403 | -description: Network admin group |
1404 | -member: uid=admin,ou=Users,dc=example,dc=com |
1405 | - |
1406 | -dn: cn=cloudadmins,ou=Groups,dc=example,dc=com |
1407 | -objectclass: groupOfNames |
1408 | -cn: cloudadmins |
1409 | -description: Cloud admin group |
1410 | -member: uid=admin,ou=Users,dc=example,dc=com |
1411 | - |
1412 | -dn: cn=itsec,ou=Groups,dc=example,dc=com |
1413 | -objectclass: groupOfNames |
1414 | -cn: itsec |
1415 | -description: IT security users group |
1416 | -member: uid=admin,ou=Users,dc=example,dc=com |
1417 | -BASE_LDIF_EOF |
1418 | - |
1419 | -/etc/init.d/slapd stop |
1420 | -rm -rf /var/lib/ldap/* |
1421 | -rm -rf /etc/ldap/slapd.d/* |
1422 | -slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d |
1423 | -cp /usr/share/slapd/DB_CONFIG /var/lib/ldap/DB_CONFIG |
1424 | -slapadd -v -l /etc/ldap/base.ldif |
1425 | -chown -R openldap:openldap /etc/ldap/slapd.d |
1426 | -chown -R openldap:openldap /var/lib/ldap |
1427 | -/etc/init.d/slapd start |
1428 | |
1429 | === removed file 'contrib/puppet/fileserver.conf' |
1430 | --- contrib/puppet/fileserver.conf 2010-11-12 19:07:46 +0000 |
1431 | +++ contrib/puppet/fileserver.conf 1970-01-01 00:00:00 +0000 |
1432 | @@ -1,8 +0,0 @@ |
1433 | -# fileserver.conf |
1434 | - |
1435 | -[files] |
1436 | -path /srv/cloud/puppet/files |
1437 | -allow 10.0.0.0/24 |
1438 | - |
1439 | -[plugins] |
1440 | - |
1441 | |
1442 | === removed directory 'contrib/puppet/manifests' |
1443 | === removed directory 'contrib/puppet/manifests/classes' |
1444 | === removed file 'contrib/puppet/manifests/classes/apt.pp' |
1445 | --- contrib/puppet/manifests/classes/apt.pp 2010-11-12 19:07:46 +0000 |
1446 | +++ contrib/puppet/manifests/classes/apt.pp 1970-01-01 00:00:00 +0000 |
1447 | @@ -1,1 +0,0 @@ |
1448 | -exec { "update-apt": command => "/usr/bin/apt-get update" } |
1449 | |
1450 | === removed file 'contrib/puppet/manifests/classes/issue.pp' |
1451 | --- contrib/puppet/manifests/classes/issue.pp 2010-11-12 19:07:46 +0000 |
1452 | +++ contrib/puppet/manifests/classes/issue.pp 1970-01-01 00:00:00 +0000 |
1453 | @@ -1,14 +0,0 @@ |
1454 | -class issue { |
1455 | - file { "/etc/issue": |
1456 | - owner => "root", |
1457 | - group => "root", |
1458 | - mode => 444, |
1459 | - source => "puppet://${puppet_server}/files/etc/issue", |
1460 | - } |
1461 | - file { "/etc/issue.net": |
1462 | - owner => "root", |
1463 | - group => "root", |
1464 | - mode => 444, |
1465 | - source => "puppet://${puppet_server}/files/etc/issue", |
1466 | - } |
1467 | -} |
1468 | |
1469 | === removed file 'contrib/puppet/manifests/classes/kern_module.pp' |
1470 | --- contrib/puppet/manifests/classes/kern_module.pp 2010-11-12 19:07:46 +0000 |
1471 | +++ contrib/puppet/manifests/classes/kern_module.pp 1970-01-01 00:00:00 +0000 |
1472 | @@ -1,34 +0,0 @@ |
1473 | -# via http://projects.puppetlabs.com/projects/puppet/wiki/Kernel_Modules_Patterns |
1474 | - |
1475 | -define kern_module ($ensure) { |
1476 | - $modulesfile = $operatingsystem ? { ubuntu => "/etc/modules", redhat => "/etc/rc.modules" } |
1477 | - case $operatingsystem { |
1478 | - redhat: { file { "/etc/rc.modules": ensure => file, mode => 755 } } |
1479 | - } |
1480 | - case $ensure { |
1481 | - present: { |
1482 | - exec { "insert_module_${name}": |
1483 | - command => $operatingsystem ? { |
1484 | - ubuntu => "/bin/echo '${name}' >> '${modulesfile}'", |
1485 | - redhat => "/bin/echo '/sbin/modprobe ${name}' >> '${modulesfile}' " |
1486 | - }, |
1487 | - unless => "/bin/grep -qFx '${name}' '${modulesfile}'" |
1488 | - } |
1489 | - exec { "/sbin/modprobe ${name}": unless => "/bin/grep -q '^${name} ' '/proc/modules'" } |
1490 | - } |
1491 | - absent: { |
1492 | - exec { "/sbin/modprobe -r ${name}": onlyif => "/bin/grep -q '^${name} ' '/proc/modules'" } |
1493 | - exec { "remove_module_${name}": |
1494 | - command => $operatingsystem ? { |
1495 | - ubuntu => "/usr/bin/perl -ni -e 'print unless /^\\Q${name}\\E\$/' '${modulesfile}'", |
1496 | - redhat => "/usr/bin/perl -ni -e 'print unless /^\\Q/sbin/modprobe ${name}\\E\$/' '${modulesfile}'" |
1497 | - }, |
1498 | - onlyif => $operatingsystem ? { |
1499 | - ubuntu => "/bin/grep -qFx '${name}' '${modulesfile}'", |
1500 | - redhat => "/bin/grep -q '^/sbin/modprobe ${name}' '${modulesfile}'" |
1501 | - } |
1502 | - } |
1503 | - } |
1504 | - default: { err ( "unknown ensure value ${ensure}" ) } |
1505 | - } |
1506 | -} |
1507 | |
1508 | === removed file 'contrib/puppet/manifests/classes/loopback.pp' |
1509 | --- contrib/puppet/manifests/classes/loopback.pp 2010-11-12 19:07:46 +0000 |
1510 | +++ contrib/puppet/manifests/classes/loopback.pp 1970-01-01 00:00:00 +0000 |
1511 | @@ -1,6 +0,0 @@ |
1512 | -define loopback($num) { |
1513 | - exec { "mknod -m 0660 /dev/loop${num} b 7 ${num}; chown root:disk /dev/loop${num}": |
1514 | - creates => "/dev/loop${num}", |
1515 | - path => ["/usr/bin", "/usr/sbin", "/bin"] |
1516 | - } |
1517 | -} |
1518 | |
1519 | === removed file 'contrib/puppet/manifests/classes/lvm.pp' |
1520 | --- contrib/puppet/manifests/classes/lvm.pp 2010-11-12 19:07:46 +0000 |
1521 | +++ contrib/puppet/manifests/classes/lvm.pp 1970-01-01 00:00:00 +0000 |
1522 | @@ -1,8 +0,0 @@ |
1523 | -class lvm { |
1524 | - file { "/etc/lvm/lvm.conf": |
1525 | - owner => "root", |
1526 | - group => "root", |
1527 | - mode => 444, |
1528 | - source => "puppet://${puppet_server}/files/etc/lvm.conf", |
1529 | - } |
1530 | -} |
1531 | |
1532 | === removed file 'contrib/puppet/manifests/classes/lvmconf.pp' |
1533 | --- contrib/puppet/manifests/classes/lvmconf.pp 2010-11-12 19:07:46 +0000 |
1534 | +++ contrib/puppet/manifests/classes/lvmconf.pp 1970-01-01 00:00:00 +0000 |
1535 | @@ -1,8 +0,0 @@ |
1536 | -class lvmconf { |
1537 | - file { "/etc/lvm/lvm.conf": |
1538 | - owner => "root", group => "root", mode => 644, |
1539 | - source => "puppet://${puppet_server}/files/etc/lvm/lvm.conf", |
1540 | - ensure => present |
1541 | - } |
1542 | -} |
1543 | - |
1544 | |
1545 | === removed file 'contrib/puppet/manifests/classes/nova.pp' |
1546 | --- contrib/puppet/manifests/classes/nova.pp 2010-11-12 19:07:46 +0000 |
1547 | +++ contrib/puppet/manifests/classes/nova.pp 1970-01-01 00:00:00 +0000 |
1548 | @@ -1,464 +0,0 @@ |
1549 | -import "kern_module" |
1550 | -import "apt" |
1551 | -import "loopback" |
1552 | - |
1553 | -#$head_node_ip = "undef" |
1554 | -#$rabbit_ip = "undef" |
1555 | -#$vpn_ip = "undef" |
1556 | -#$public_interface = "undef" |
1557 | -#$vlan_start = "5000" |
1558 | -#$vlan_end = "6000" |
1559 | -#$private_range = "10.0.0.0/16" |
1560 | -#$public_range = "192.168.177.0/24" |
1561 | - |
1562 | -define nova_iptables($services, $ip="", $private_range="", $mgmt_ip="", $dmz_ip="") { |
1563 | - file { "/etc/init.d/nova-iptables": |
1564 | - owner => "root", mode => 755, |
1565 | - source => "puppet://${puppet_server}/files/production/nova-iptables", |
1566 | - } |
1567 | - |
1568 | - file { "/etc/default/nova-iptables": |
1569 | - owner => "root", mode => 644, |
1570 | - content => template("nova-iptables.erb") |
1571 | - } |
1572 | -} |
1573 | - |
1574 | -define nova_conf_pointer($name) { |
1575 | - file { "/etc/nova/nova-${name}.conf": |
1576 | - owner => "nova", mode => 400, |
1577 | - content => "--flagfile=/etc/nova/nova.conf" |
1578 | - } |
1579 | -} |
1580 | - |
1581 | -class novaconf { |
1582 | - file { "/etc/nova/nova.conf": |
1583 | - owner => "nova", mode => 400, |
1584 | - content => template("production/nova-common.conf.erb", "production/nova-${cluster_name}.conf.erb") |
1585 | - } |
1586 | - nova_conf_pointer{'manage': name => 'manage'} |
1587 | -} |
1588 | - |
1589 | -class novadata { |
1590 | - package { "rabbitmq-server": ensure => present } |
1591 | - |
1592 | - file { "/etc/rabbitmq/rabbitmq.conf": |
1593 | - owner => "root", mode => 644, |
1594 | - content => "NODENAME=rabbit@localhost", |
1595 | - } |
1596 | - |
1597 | - service { "rabbitmq-server": |
1598 | - ensure => running, |
1599 | - enable => true, |
1600 | - hasstatus => true, |
1601 | - require => [ |
1602 | - File["/etc/rabbitmq/rabbitmq.conf"], |
1603 | - Package["rabbitmq-server"] |
1604 | - ] |
1605 | - } |
1606 | - |
1607 | - package { "mysql-server": ensure => present } |
1608 | - |
1609 | - file { "/etc/mysql/my.cnf": |
1610 | - owner => "root", mode => 644, |
1611 | - source => "puppet://${puppet_server}/files/production/my.cnf", |
1612 | - } |
1613 | - |
1614 | - service { "mysql": |
1615 | - ensure => running, |
1616 | - enable => true, |
1617 | - hasstatus => true, |
1618 | - require => [ |
1619 | - File["/etc/mysql/my.cnf"], |
1620 | - Package["mysql-server"] |
1621 | - ] |
1622 | - } |
1623 | - |
1624 | - file { "/root/slap.sh": |
1625 | - owner => "root", mode => 755, |
1626 | - source => "puppet://${puppet_server}/files/production/slap.sh", |
1627 | - } |
1628 | - |
1629 | - file { "/root/setup_data.sh": |
1630 | - owner => "root", mode => 755, |
1631 | - source => "puppet://${puppet_server}/files/production/setup_data.sh", |
1632 | - } |
1633 | - |
1634 | - # setup compute data |
1635 | - exec { "setup_data": |
1636 | - command => "/root/setup_data.sh", |
1637 | - path => "/usr/bin:/bin", |
1638 | - unless => "test -f /root/installed", |
1639 | - require => [ |
1640 | - Service["mysql"], |
1641 | - File["/root/slap.sh"], |
1642 | - File["/root/setup_data.sh"] |
1643 | - ] |
1644 | - } |
1645 | -} |
1646 | - |
1647 | -define nscheduler($version) { |
1648 | - package { "nova-scheduler": ensure => $version, require => Exec["update-apt"] } |
1649 | - nova_conf_pointer{'scheduler': name => 'scheduler'} |
1650 | - exec { "update-rc.d -f nova-scheduler remove; update-rc.d nova-scheduler defaults 50": |
1651 | - path => "/usr/bin:/usr/sbin:/bin", |
1652 | - onlyif => "test -f /etc/init.d/nova-scheduler", |
1653 | - unless => "test -f /etc/rc2.d/S50nova-scheduler" |
1654 | - } |
1655 | - service { "nova-scheduler": |
1656 | - ensure => running, |
1657 | - hasstatus => true, |
1658 | - subscribe => [ |
1659 | - Package["nova-scheduler"], |
1660 | - File["/etc/nova/nova.conf"], |
1661 | - File["/etc/nova/nova-scheduler.conf"] |
1662 | - ] |
1663 | - } |
1664 | - |
1665 | -} |
1666 | - |
1667 | -define napi($version, $api_servers, $api_base_port) { |
1668 | - file { "/etc/boto.cfg": |
1669 | - owner => "root", mode => 644, |
1670 | - source => "puppet://${puppet_server}/files/production/boto.cfg", |
1671 | - } |
1672 | - |
1673 | - file { "/var/lib/nova/CA/genvpn.sh": |
1674 | - owner => "nova", mode => 755, |
1675 | - source => "puppet://${puppet_server}/files/production/genvpn.sh", |
1676 | - } |
1677 | - |
1678 | - package { "python-greenlet": ensure => present } |
1679 | - package { "nova-api": ensure => $version, require => [Exec["update-apt"], Package["python-greenlet"]] } |
1680 | - nova_conf_pointer{'api': name => 'api'} |
1681 | - |
1682 | - exec { "update-rc.d -f nova-api remove; update-rc.d nova-api defaults 50": |
1683 | - path => "/usr/bin:/usr/sbin:/bin", |
1684 | - onlyif => "test -f /etc/init.d/nova-api", |
1685 | - unless => "test -f /etc/rc2.d/S50nova-api" |
1686 | - } |
1687 | - |
1688 | - service { "nova-netsync": |
1689 | - start => "/usr/bin/nova-netsync --pidfile=/var/run/nova/nova-netsync.pid --lockfile=/var/run/nova/nova-netsync.pid.lock start", |
1690 | - stop => "/usr/bin/nova-netsync --pidfile=/var/run/nova/nova-netsync.pid --lockfile=/var/run/nova/nova-netsync.pid.lock stop", |
1691 | - ensure => running, |
1692 | - hasstatus => false, |
1693 | - pattern => "nova-netsync", |
1694 | - require => Service["nova-api"], |
1695 | - subscribe => File["/etc/nova/nova.conf"] |
1696 | - } |
1697 | - service { "nova-api": |
1698 | - start => "monit start all -g nova_api", |
1699 | - stop => "monit stop all -g nova_api", |
1700 | - restart => "monit restart all -g nova_api", |
1701 | - # ensure => running, |
1702 | - # hasstatus => true, |
1703 | - require => Service["monit"], |
1704 | - subscribe => [ |
1705 | - Package["nova-objectstore"], |
1706 | - File["/etc/boto.cfg"], |
1707 | - File["/etc/nova/nova.conf"], |
1708 | - File["/etc/nova/nova-objectstore.conf"] |
1709 | - ] |
1710 | - } |
1711 | - |
1712 | - # the haproxy & monit's template use $api_servers and $api_base_port |
1713 | - |
1714 | - package { "haproxy": ensure => present } |
1715 | - file { "/etc/default/haproxy": |
1716 | - owner => "root", mode => 644, |
1717 | - content => "ENABLED=1", |
1718 | - require => Package['haproxy'] |
1719 | - } |
1720 | - file { "/etc/haproxy/haproxy.cfg": |
1721 | - owner => "root", mode => 644, |
1722 | - content => template("/srv/cloud/puppet/templates/haproxy.cfg.erb"), |
1723 | - require => Package['haproxy'] |
1724 | - } |
1725 | - service { "haproxy": |
1726 | - ensure => true, |
1727 | - enable => true, |
1728 | - hasstatus => true, |
1729 | - subscribe => [ |
1730 | - Package["haproxy"], |
1731 | - File["/etc/default/haproxy"], |
1732 | - File["/etc/haproxy/haproxy.cfg"], |
1733 | - ] |
1734 | - } |
1735 | - |
1736 | - package { "socat": ensure => present } |
1737 | - |
1738 | - file { "/usr/local/bin/gmetric_haproxy.sh": |
1739 | - owner => "root", mode => 755, |
1740 | - source => "puppet://${puppet_server}/files/production/ganglia/gmetric_scripts/gmetric_haproxy.sh", |
1741 | - } |
1742 | - |
1743 | - cron { "gmetric_haproxy": |
1744 | - command => "/usr/local/bin/gmetric_haproxy.sh", |
1745 | - user => root, |
1746 | - minute => "*/3", |
1747 | - } |
1748 | - |
1749 | - package { "monit": ensure => present } |
1750 | - |
1751 | - file { "/etc/default/monit": |
1752 | - owner => "root", mode => 644, |
1753 | - content => "startup=1", |
1754 | - require => Package['monit'] |
1755 | - } |
1756 | - file { "/etc/monit/monitrc": |
1757 | - owner => "root", mode => 600, |
1758 | - content => template("/srv/cloud/puppet/templates/monitrc-nova-api.erb"), |
1759 | - require => Package['monit'] |
1760 | - } |
1761 | - service { "monit": |
1762 | - ensure => true, |
1763 | - pattern => "sbin/monit", |
1764 | - subscribe => [ |
1765 | - Package["monit"], |
1766 | - File["/etc/default/monit"], |
1767 | - File["/etc/monit/monitrc"], |
1768 | - ] |
1769 | - } |
1770 | - |
1771 | -} |
1772 | - |
1773 | - |
1774 | -define nnetwork($version) { |
1775 | - # kill the default network added by the package |
1776 | - exec { "kill-libvirt-default-net": |
1777 | - command => "virsh net-destroy default; rm /etc/libvirt/qemu/networks/autostart/default.xml", |
1778 | - path => "/usr/bin:/bin", |
1779 | - onlyif => "test -f /etc/libvirt/qemu/networks/autostart/default.xml" |
1780 | - } |
1781 | - |
1782 | - # EVIL HACK: custom binary because dnsmasq 2.52 segfaulted accessing dereferenced object |
1783 | - file { "/usr/sbin/dnsmasq": |
1784 | - owner => "root", group => "root", |
1785 | - source => "puppet://${puppet_server}/files/production/dnsmasq", |
1786 | - } |
1787 | - |
1788 | - package { "nova-network": ensure => $version, require => Exec["update-apt"] } |
1789 | - nova_conf_pointer{'dhcpbridge': name => 'dhcpbridge'} |
1790 | - nova_conf_pointer{'network': name => "network" } |
1791 | - |
1792 | - exec { "update-rc.d -f nova-network remove; update-rc.d nova-network defaults 50": |
1793 | - path => "/usr/bin:/usr/sbin:/bin", |
1794 | - onlyif => "test -f /etc/init.d/nova-network", |
1795 | - unless => "test -f /etc/rc2.d/S50nova-network" |
1796 | - } |
1797 | - service { "nova-network": |
1798 | - ensure => running, |
1799 | - hasstatus => true, |
1800 | - subscribe => [ |
1801 | - Package["nova-network"], |
1802 | - File["/etc/nova/nova.conf"], |
1803 | - File["/etc/nova/nova-network.conf"] |
1804 | - ] |
1805 | - } |
1806 | -} |
1807 | - |
1808 | -define nobjectstore($version) { |
1809 | - package { "nova-objectstore": ensure => $version, require => Exec["update-apt"] } |
1810 | - nova_conf_pointer{'objectstore': name => 'objectstore'} |
1811 | - exec { "update-rc.d -f nova-objectstore remove; update-rc.d nova-objectstore defaults 50": |
1812 | - path => "/usr/bin:/usr/sbin:/bin", |
1813 | - onlyif => "test -f /etc/init.d/nova-objectstore", |
1814 | - unless => "test -f /etc/rc2.d/S50nova-objectstore" |
1815 | - } |
1816 | - service { "nova-objectstore": |
1817 | - ensure => running, |
1818 | - hasstatus => true, |
1819 | - subscribe => [ |
1820 | - Package["nova-objectstore"], |
1821 | - File["/etc/nova/nova.conf"], |
1822 | - File["/etc/nova/nova-objectstore.conf"] |
1823 | - ] |
1824 | - } |
1825 | -} |
1826 | - |
1827 | -define ncompute($version) { |
1828 | - include ganglia-python |
1829 | - include ganglia-compute |
1830 | - |
1831 | - # kill the default network added by the package |
1832 | - exec { "kill-libvirt-default-net": |
1833 | - command => "virsh net-destroy default; rm /etc/libvirt/qemu/networks/autostart/default.xml", |
1834 | - path => "/usr/bin:/bin", |
1835 | - onlyif => "test -f /etc/libvirt/qemu/networks/autostart/default.xml" |
1836 | - } |
1837 | - |
1838 | - |
1839 | - # LIBVIRT has to be restarted when ebtables / gawk is installed |
1840 | - service { "libvirt-bin": |
1841 | - ensure => running, |
1842 | - pattern => "sbin/libvirtd", |
1843 | - subscribe => [ |
1844 | - Package["ebtables"], |
1845 | - Kern_module["kvm_intel"] |
1846 | - ], |
1847 | - require => [ |
1848 | - Package["libvirt-bin"], |
1849 | - Package["ebtables"], |
1850 | - Package["gawk"], |
1851 | - Kern_module["kvm_intel"], |
1852 | - File["/dev/kvm"] |
1853 | - ] |
1854 | - } |
1855 | - |
1856 | - package { "libvirt-bin": ensure => "0.8.3-1ubuntu14~ppalucid2" } |
1857 | - package { "ebtables": ensure => present } |
1858 | - package { "gawk": ensure => present } |
1859 | - |
1860 | - # ensure proper permissions on /dev/kvm |
1861 | - file { "/dev/kvm": |
1862 | - owner => "root", |
1863 | - group => "kvm", |
1864 | - mode => 660 |
1865 | - } |
1866 | - |
1867 | - # require hardware virt |
1868 | - kern_module { "kvm_intel": |
1869 | - ensure => present, |
1870 | - } |
1871 | - |
1872 | - # increase loopback devices |
1873 | - file { "/etc/modprobe.d/loop.conf": |
1874 | - owner => "root", mode => 644, |
1875 | - content => "options loop max_loop=40" |
1876 | - } |
1877 | - |
1878 | - nova_conf_pointer{'compute': name => 'compute'} |
1879 | - |
1880 | - loopback{loop0: num => 0} |
1881 | - loopback{loop1: num => 1} |
1882 | - loopback{loop2: num => 2} |
1883 | - loopback{loop3: num => 3} |
1884 | - loopback{loop4: num => 4} |
1885 | - loopback{loop5: num => 5} |
1886 | - loopback{loop6: num => 6} |
1887 | - loopback{loop7: num => 7} |
1888 | - loopback{loop8: num => 8} |
1889 | - loopback{loop9: num => 9} |
1890 | - loopback{loop10: num => 10} |
1891 | - loopback{loop11: num => 11} |
1892 | - loopback{loop12: num => 12} |
1893 | - loopback{loop13: num => 13} |
1894 | - loopback{loop14: num => 14} |
1895 | - loopback{loop15: num => 15} |
1896 | - loopback{loop16: num => 16} |
1897 | - loopback{loop17: num => 17} |
1898 | - loopback{loop18: num => 18} |
1899 | - loopback{loop19: num => 19} |
1900 | - loopback{loop20: num => 20} |
1901 | - loopback{loop21: num => 21} |
1902 | - loopback{loop22: num => 22} |
1903 | - loopback{loop23: num => 23} |
1904 | - loopback{loop24: num => 24} |
1905 | - loopback{loop25: num => 25} |
1906 | - loopback{loop26: num => 26} |
1907 | - loopback{loop27: num => 27} |
1908 | - loopback{loop28: num => 28} |
1909 | - loopback{loop29: num => 29} |
1910 | - loopback{loop30: num => 30} |
1911 | - loopback{loop31: num => 31} |
1912 | - loopback{loop32: num => 32} |
1913 | - loopback{loop33: num => 33} |
1914 | - loopback{loop34: num => 34} |
1915 | - loopback{loop35: num => 35} |
1916 | - loopback{loop36: num => 36} |
1917 | - loopback{loop37: num => 37} |
1918 | - loopback{loop38: num => 38} |
1919 | - loopback{loop39: num => 39} |
1920 | - |
1921 | - package { "python-libvirt": ensure => "0.8.3-1ubuntu14~ppalucid2" } |
1922 | - |
1923 | - package { "nova-compute": |
1924 | - ensure => "$version", |
1925 | - require => Package["python-libvirt"] |
1926 | - } |
1927 | - |
1928 | - #file { "/usr/share/nova/libvirt.qemu.xml.template": |
1929 | - # owner => "nova", mode => 400, |
1930 | - # source => "puppet://${puppet_server}/files/production/libvirt.qemu.xml.template", |
1931 | - #} |
1932 | - |
1933 | - # fix runlevels: using enable => true adds it as 20, which is too early |
1934 | - exec { "update-rc.d -f nova-compute remove": |
1935 | - path => "/usr/bin:/usr/sbin:/bin", |
1936 | - onlyif => "test -f /etc/rc2.d/S??nova-compute" |
1937 | - } |
1938 | - service { "nova-compute": |
1939 | - ensure => running, |
1940 | - hasstatus => true, |
1941 | - subscribe => [ |
1942 | - Package["nova-compute"], |
1943 | - File["/etc/nova/nova.conf"], |
1944 | - File["/etc/nova/nova-compute.conf"], |
1945 | - #File["/usr/share/nova/libvirt.qemu.xml.template"], |
1946 | - Service["libvirt-bin"], |
1947 | - Kern_module["kvm_intel"] |
1948 | - ] |
1949 | - } |
1950 | -} |
1951 | - |
1952 | -define nvolume($version) { |
1953 | - |
1954 | - package { "nova-volume": ensure => $version, require => Exec["update-apt"] } |
1955 | - |
1956 | - nova_conf_pointer{'volume': name => 'volume'} |
1957 | - |
1958 | - # fix runlevels: using enable => true adds it as 20, which is too early |
1959 | - exec { "update-rc.d -f nova-volume remove": |
1960 | - path => "/usr/bin:/usr/sbin:/bin", |
1961 | - onlyif => "test -f /etc/rc2.d/S??nova-volume" |
1962 | - } |
1963 | - |
1964 | - file { "/etc/default/iscsitarget": |
1965 | - owner => "root", mode => 644, |
1966 | - content => "ISCSITARGET_ENABLE=true" |
1967 | - } |
1968 | - |
1969 | - package { "iscsitarget": ensure => present } |
1970 | - |
1971 | - file { "/dev/iscsi": ensure => directory } # FIXME(vish): owner / mode? |
1972 | - file { "/usr/sbin/nova-iscsi-dev.sh": |
1973 | - owner => "root", mode => 755, |
1974 | - source => "puppet://${puppet_server}/files/production/nova-iscsi-dev.sh" |
1975 | - } |
1976 | - file { "/etc/udev/rules.d/55-openiscsi.rules": |
1977 | - owner => "root", mode => 644, |
1978 | - content => 'KERNEL=="sd*", BUS=="scsi", PROGRAM="/usr/sbin/nova-iscsi-dev.sh %b",SYMLINK+="iscsi/%c%n"' |
1979 | - } |
1980 | - |
1981 | - service { "iscsitarget": |
1982 | - ensure => running, |
1983 | - enable => true, |
1984 | - hasstatus => true, |
1985 | - require => [ |
1986 | - File["/etc/default/iscsitarget"], |
1987 | - Package["iscsitarget"] |
1988 | - ] |
1989 | - } |
1990 | - |
1991 | - service { "nova-volume": |
1992 | - ensure => running, |
1993 | - hasstatus => true, |
1994 | - subscribe => [ |
1995 | - Package["nova-volume"], |
1996 | - File["/etc/nova/nova.conf"], |
1997 | - File["/etc/nova/nova-volume.conf"] |
1998 | - ] |
1999 | - } |
2000 | -} |
2001 | - |
2002 | -class novaspool { |
2003 | - # This isn't in release yet |
2004 | - #cron { logspool: |
2005 | - # command => "/usr/bin/nova-logspool /var/log/nova.log /var/lib/nova/spool", |
2006 | - # user => "nova" |
2007 | - #} |
2008 | - #cron { spoolsentry: |
2009 | - # command => "/usr/bin/nova-spoolsentry ${sentry_url} ${sentry_key} /var/lib/nova/spool", |
2010 | - # user => "nova" |
2011 | - #} |
2012 | -} |
2013 | |
2014 | === removed file 'contrib/puppet/manifests/classes/swift.pp' |
2015 | --- contrib/puppet/manifests/classes/swift.pp 2010-11-12 19:07:46 +0000 |
2016 | +++ contrib/puppet/manifests/classes/swift.pp 1970-01-01 00:00:00 +0000 |
2017 | @@ -1,7 +0,0 @@ |
2018 | -class swift { |
2019 | - package { "memcached": ensure => present } |
2020 | - service { "memcached": require => Package['memcached'] } |
2021 | - |
2022 | - package { "swift-proxy": ensure => present } |
2023 | -} |
2024 | - |
2025 | |
2026 | === removed file 'contrib/puppet/manifests/site.pp' |
2027 | --- contrib/puppet/manifests/site.pp 2010-11-12 19:07:46 +0000 |
2028 | +++ contrib/puppet/manifests/site.pp 1970-01-01 00:00:00 +0000 |
2029 | @@ -1,120 +0,0 @@ |
2030 | -# site.pp |
2031 | - |
2032 | -import "templates" |
2033 | -import "classes/*" |
2034 | - |
2035 | -node novabase inherits default { |
2036 | -# $puppet_server = "192.168.0.10" |
2037 | - $cluster_name = "openstack001" |
2038 | - $ganglia_udp_send_channel = "openstack001.example.com" |
2039 | - $syslog = "192.168.0.10" |
2040 | - |
2041 | - # THIS STUFF ISN'T IN RELEASE YET |
2042 | - #$sentry_url = "http://192.168.0.19/sentry/store/" |
2043 | - #$sentry_key = "TODO:SENTRYPASS" |
2044 | - |
2045 | - $local_network = "192.168.0.0/16" |
2046 | - $vpn_ip = "192.168.0.2" |
2047 | - $public_interface = "eth0" |
2048 | - include novanode |
2049 | -# include nova-common |
2050 | - include opsmetrics |
2051 | - |
2052 | -# non-nova stuff such as nova-dash inherit from novanode |
2053 | -# novaspool needs a better home |
2054 | -# include novaspool |
2055 | -} |
2056 | - |
2057 | -# Builder |
2058 | -node "nova000.example.com" inherits novabase { |
2059 | - $syslog = "server" |
2060 | - include ntp |
2061 | - include syslog-server |
2062 | -} |
2063 | - |
2064 | -# Non-Nova nodes |
2065 | - |
2066 | -node |
2067 | - "blog.example.com", |
2068 | - "wiki.example.com" |
2069 | -inherits novabase { |
2070 | - include ganglia-python |
2071 | - include ganglia-apache |
2072 | - include ganglia-mysql |
2073 | -} |
2074 | - |
2075 | - |
2076 | -node "nova001.example.com" |
2077 | -inherits novabase { |
2078 | - include novabase |
2079 | - |
2080 | - nova_iptables { nova: |
2081 | - services => [ |
2082 | - "ganglia", |
2083 | - "mysql", |
2084 | - "rabbitmq", |
2085 | - "ldap", |
2086 | - "api", |
2087 | - "objectstore", |
2088 | - "nrpe", |
2089 | - ], |
2090 | - ip => "192.168.0.10", |
2091 | - } |
2092 | - |
2093 | - nobjectstore { nova: version => "0.9.0" } |
2094 | - nscheduler { nova: version => "0.9.0" } |
2095 | - napi { nova: |
2096 | - version => "0.9.0", |
2097 | - api_servers => 10, |
2098 | - api_base_port => 8000 |
2099 | - } |
2100 | -} |
2101 | - |
2102 | -node "nova002.example.com" |
2103 | -inherits novabase { |
2104 | - include novaconf |
2105 | - |
2106 | - nova_iptables { nova: |
2107 | - services => [ |
2108 | - "ganglia", |
2109 | - "dnsmasq", |
2110 | - "nrpe" |
2111 | - ], |
2112 | - ip => "192.168.4.2", |
2113 | - private_range => "192.168.0.0/16", |
2114 | - } |
2115 | - |
2116 | - nnetwork { nova: version => "0.9.0" } |
2117 | -} |
2118 | - |
2119 | -node |
2120 | - "nova003.example.com", |
2121 | - "nova004.example.com", |
2122 | - "nova005.example.com", |
2123 | - "nova006.example.com", |
2124 | - "nova007.example.com", |
2125 | - "nova008.example.com", |
2126 | - "nova009.example.com", |
2127 | - "nova010.example.com", |
2128 | - "nova011.example.com", |
2129 | - "nova012.example.com", |
2130 | - "nova013.example.com", |
2131 | - "nova014.example.com", |
2132 | - "nova015.example.com", |
2133 | - "nova016.example.com", |
2134 | - "nova017.example.com", |
2135 | - "nova018.example.com", |
2136 | - "nova019.example.com", |
2137 | -inherits novabase { |
2138 | - include novaconf |
2139 | - ncompute { nova: version => "0.9.0" } |
2140 | - nvolume { nova: version => "0.9.0" } |
2141 | -} |
2142 | - |
2143 | -#node |
2144 | -# "nova020.example.com" |
2145 | -# "nova021.example.com" |
2146 | -#inherits novanode { |
2147 | -# include novaconf |
2148 | - #ncompute { nova: version => "0.9.0" } |
2149 | -#} |
2150 | |
2151 | === removed file 'contrib/puppet/manifests/templates.pp' |
2152 | --- contrib/puppet/manifests/templates.pp 2010-11-12 19:07:46 +0000 |
2153 | +++ contrib/puppet/manifests/templates.pp 1970-01-01 00:00:00 +0000 |
2154 | @@ -1,21 +0,0 @@ |
2155 | -# templates.pp |
2156 | - |
2157 | -import "classes/*" |
2158 | - |
2159 | -class baseclass { |
2160 | -# include dns-client # FIXME: missing resolv.conf.erb?? |
2161 | - include issue |
2162 | -} |
2163 | - |
2164 | -node default { |
2165 | - $nova_site = "undef" |
2166 | - $nova_ns1 = "undef" |
2167 | - $nova_ns2 = "undef" |
2168 | -# include baseclass |
2169 | -} |
2170 | - |
2171 | -# novanode handles the system-level requirements for Nova/Swift nodes |
2172 | -class novanode { |
2173 | - include baseclass |
2174 | - include lvmconf |
2175 | -} |
2176 | |
2177 | === removed file 'contrib/puppet/puppet.conf' |
2178 | --- contrib/puppet/puppet.conf 2010-11-12 19:07:46 +0000 |
2179 | +++ contrib/puppet/puppet.conf 1970-01-01 00:00:00 +0000 |
2180 | @@ -1,11 +0,0 @@ |
2181 | -[main] |
2182 | -logdir=/var/log/puppet |
2183 | -vardir=/var/lib/puppet |
2184 | -ssldir=/var/lib/puppet/ssl |
2185 | -rundir=/var/run/puppet |
2186 | -factpath=$vardir/lib/facter |
2187 | -pluginsync=false |
2188 | - |
2189 | -[puppetmasterd] |
2190 | -templatedir=/var/lib/nova/contrib/puppet/templates |
2191 | -autosign=true |
2192 | |
2193 | === removed directory 'contrib/puppet/templates' |
2194 | === removed file 'contrib/puppet/templates/haproxy.cfg.erb' |
2195 | --- contrib/puppet/templates/haproxy.cfg.erb 2010-11-12 19:07:46 +0000 |
2196 | +++ contrib/puppet/templates/haproxy.cfg.erb 1970-01-01 00:00:00 +0000 |
2197 | @@ -1,39 +0,0 @@ |
2198 | -# this config needs haproxy-1.1.28 or haproxy-1.2.1 |
2199 | - |
2200 | -global |
2201 | - log 127.0.0.1 local0 |
2202 | - log 127.0.0.1 local1 notice |
2203 | - #log loghost local0 info |
2204 | - maxconn 4096 |
2205 | - #chroot /usr/share/haproxy |
2206 | - stats socket /var/run/haproxy.sock |
2207 | - user haproxy |
2208 | - group haproxy |
2209 | - daemon |
2210 | - #debug |
2211 | - #quiet |
2212 | - |
2213 | -defaults |
2214 | - log global |
2215 | - mode http |
2216 | - option httplog |
2217 | - option dontlognull |
2218 | - retries 3 |
2219 | - option redispatch |
2220 | - stats enable |
2221 | - stats uri /haproxy |
2222 | - maxconn 2000 |
2223 | - contimeout 5000 |
2224 | - clitimeout 50000 |
2225 | - srvtimeout 50000 |
2226 | - |
2227 | - |
2228 | -listen nova-api 0.0.0.0:8773 |
2229 | - option httpchk GET / HTTP/1.0\r\nHost:\ example.com |
2230 | - option forwardfor |
2231 | - reqidel ^X-Forwarded-For:.* |
2232 | - balance roundrobin |
2233 | -<% api_servers.to_i.times do |offset| %><% port = api_base_port.to_i + offset -%> |
2234 | - server api_<%= port %> 127.0.0.1:<%= port %> maxconn 1 check |
2235 | -<% end -%> |
2236 | - option httpclose # disable keep-alive |
2237 | |
2238 | === removed file 'contrib/puppet/templates/monitrc-nova-api.erb' |
2239 | --- contrib/puppet/templates/monitrc-nova-api.erb 2010-11-12 19:07:46 +0000 |
2240 | +++ contrib/puppet/templates/monitrc-nova-api.erb 1970-01-01 00:00:00 +0000 |
2241 | @@ -1,138 +0,0 @@ |
2242 | -############################################################################### |
2243 | -## Monit control file |
2244 | -############################################################################### |
2245 | -## |
2246 | -## Comments begin with a '#' and extend through the end of the line. Keywords |
2247 | -## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. |
2248 | -## |
2249 | -## Below you will find examples of some frequently used statements. For |
2250 | -## information about the control file, a complete list of statements and |
2251 | -## options please have a look in the monit manual. |
2252 | -## |
2253 | -## |
2254 | -############################################################################### |
2255 | -## Global section |
2256 | -############################################################################### |
2257 | -## |
2258 | -## Start monit in the background (run as a daemon): |
2259 | -# |
2260 | -set daemon 60 # check services at 1-minute intervals |
2261 | - with start delay 30 # optional: delay the first check by half a minute |
2262 | - # (by default check immediately after monit start) |
2263 | - |
2264 | - |
2265 | -## Set syslog logging with the 'daemon' facility. If the FACILITY option is |
2266 | -## omitted, monit will use 'user' facility by default. If you want to log to |
2267 | -## a stand alone log file instead, specify the path to a log file |
2268 | -# |
2269 | -set logfile syslog facility log_daemon |
2270 | -# |
2271 | -# |
2272 | -### Set the location of monit id file which saves the unique id specific for |
2273 | -### given monit. The id is generated and stored on first monit start. |
2274 | -### By default the file is placed in $HOME/.monit.id. |
2275 | -# |
2276 | -# set idfile /var/.monit.id |
2277 | -# |
2278 | -### Set the location of monit state file which saves the monitoring state |
2279 | -### on each cycle. By default the file is placed in $HOME/.monit.state. If |
2280 | -### state file is stored on persistent filesystem, monit will recover the |
2281 | -### monitoring state across reboots. If it is on temporary filesystem, the |
2282 | -### state will be lost on reboot. |
2283 | -# |
2284 | -# set statefile /var/.monit.state |
2285 | -# |
2286 | -## Set the list of mail servers for alert delivery. Multiple servers may be |
2287 | -## specified using comma separator. By default monit uses port 25 - this |
2288 | -## is possible to override with the PORT option. |
2289 | -# |
2290 | -# set mailserver mail.bar.baz, # primary mailserver |
2291 | -# backup.bar.baz port 10025, # backup mailserver on port 10025 |
2292 | -# localhost # fallback relay |
2293 | -# |
2294 | -# |
2295 | -## By default monit will drop alert events if no mail servers are available. |
2296 | -## If you want to keep the alerts for a later delivery retry, you can use the |
2297 | -## EVENTQUEUE statement. The base directory where undelivered alerts will be |
2298 | -## stored is specified by the BASEDIR option. You can limit the maximal queue |
2299 | -## size using the SLOTS option (if omitted, the queue is limited by space |
2300 | -## available in the back end filesystem). |
2301 | -# |
2302 | -# set eventqueue |
2303 | -# basedir /var/monit # set the base directory where events will be stored |
2304 | -# slots 100 # optionaly limit the queue size |
2305 | -# |
2306 | -# |
2307 | -## Send status and events to M/Monit (Monit central management: for more |
2308 | -## informations about M/Monit see http://www.tildeslash.com/mmonit). |
2309 | -# |
2310 | -# set mmonit http://monit:monit@192.168.1.10:8080/collector |
2311 | -# |
2312 | -# |
2313 | -## Monit by default uses the following alert mail format: |
2314 | -## |
2315 | -## --8<-- |
2316 | -## From: monit@$HOST # sender |
2317 | -## Subject: monit alert -- $EVENT $SERVICE # subject |
2318 | -## |
2319 | -## $EVENT Service $SERVICE # |
2320 | -## # |
2321 | -## Date: $DATE # |
2322 | -## Action: $ACTION # |
2323 | -## Host: $HOST # body |
2324 | -## Description: $DESCRIPTION # |
2325 | -## # |
2326 | -## Your faithful employee, # |
2327 | -## monit # |
2328 | -## --8<-- |
2329 | -## |
2330 | -## You can override this message format or parts of it, such as subject |
2331 | -## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. |
2332 | -## are expanded at runtime. For example, to override the sender: |
2333 | -# |
2334 | -# set mail-format { from: monit@foo.bar } |
2335 | -# |
2336 | -# |
2337 | -## You can set alert recipients here whom will receive alerts if/when a |
2338 | -## service defined in this file has errors. Alerts may be restricted on |
2339 | -## events by using a filter as in the second example below. |
2340 | -# |
2341 | -# set alert sysadm@foo.bar # receive all alerts |
2342 | -# set alert manager@foo.bar only on { timeout } # receive just service- |
2343 | -# # timeout alert |
2344 | -# |
2345 | -# |
2346 | -## Monit has an embedded web server which can be used to view status of |
2347 | -## services monitored, the current configuration, actual services parameters |
2348 | -## and manage services from a web interface. |
2349 | -# |
2350 | - set httpd port 2812 and |
2351 | - use address localhost # only accept connection from localhost |
2352 | - allow localhost # allow localhost to connect to the server and |
2353 | -# allow admin:monit # require user 'admin' with password 'monit' |
2354 | -# allow @monit # allow users of group 'monit' to connect (rw) |
2355 | -# allow @users readonly # allow users of group 'users' to connect readonly |
2356 | -# |
2357 | -# |
2358 | -############################################################################### |
2359 | -## Services |
2360 | -############################################################################### |
2361 | - |
2362 | -<% api_servers.to_i.times do |offset| %><% port = api_base_port.to_i + offset %> |
2363 | - |
2364 | -check process nova_api_<%= port %> with pidfile /var/run/nova/nova-api-<%= port %>.pid |
2365 | - group nova_api |
2366 | - start program = "/usr/bin/nova-api --flagfile=/etc/nova/nova.conf --pidfile=/var/run/nova/nova-api-<%= port %>.pid --api_listen_port=<%= port %> --lockfile=/var/run/nova/nova-api-<%= port %>.pid.lock start" |
2367 | - as uid nova |
2368 | - stop program = "/usr/bin/nova-api --flagfile=/etc/nova/nova.conf --pidfile=/var/run/nova/nova-api-<%= port %>.pid --api_listen_port=<%= port %> --lockfile=/var/run/nova/nova-api-<%= port %>.pid.lock stop" |
2369 | - as uid nova |
2370 | - if failed port <%= port %> protocol http |
2371 | - with timeout 15 seconds |
2372 | - for 4 cycles |
2373 | - then restart |
2374 | - if totalmem > 300 Mb then restart |
2375 | - if cpu is greater than 60% for 2 cycles then alert |
2376 | - if cpu > 80% for 3 cycles then restart |
2377 | - if 3 restarts within 5 cycles then timeout |
2378 | - |
2379 | -<% end %> |
2380 | |
2381 | === removed file 'contrib/puppet/templates/nova-iptables.erb' |
2382 | --- contrib/puppet/templates/nova-iptables.erb 2010-11-12 19:07:46 +0000 |
2383 | +++ contrib/puppet/templates/nova-iptables.erb 1970-01-01 00:00:00 +0000 |
2384 | @@ -1,10 +0,0 @@ |
2385 | -<% services.each do |service| -%> |
2386 | -<%= service.upcase %>=1 |
2387 | -<% end -%> |
2388 | -<% if ip && ip != "" %>IP="<%=ip%>"<% end %> |
2389 | -<% if private_range && private_range != "" %>PRIVATE_RANGE="<%=private_range%>"<% end %> |
2390 | -<% if mgmt_ip && mgmt_ip != "" %>MGMT_IP="<%=mgmt_ip%>"<% end %> |
2391 | -<% if dmz_ip && dmz_ip != "" %>DMZ_IP="<%=dmz_ip%>"<% end %> |
2392 | - |
2393 | -# warning: this file is auto-generated by puppet |
2394 | - |
2395 | |
2396 | === removed directory 'contrib/puppet/templates/production' |
2397 | === removed file 'contrib/puppet/templates/production/nova-common.conf.erb' |
2398 | --- contrib/puppet/templates/production/nova-common.conf.erb 2010-11-23 18:46:07 +0000 |
2399 | +++ contrib/puppet/templates/production/nova-common.conf.erb 1970-01-01 00:00:00 +0000 |
2400 | @@ -1,55 +0,0 @@ |
2401 | -# global |
2402 | ---dmz_net=192.168.0.0 |
2403 | ---dmz_mask=255.255.0.0 |
2404 | ---dmz_cidr=192.168.0.0/16 |
2405 | ---ldap_user_dn=cn=Administrators,dc=example,dc=com |
2406 | ---ldap_user_unit=Users |
2407 | ---ldap_user_subtree=ou=Users,dc=example,dc=com |
2408 | ---ldap_project_subtree=ou=Groups,dc=example,dc=com |
2409 | ---role_project_subtree=ou=Groups,dc=example,dc=com |
2410 | ---ldap_cloudadmin=cn=NovaAdmins,ou=Groups,dc=example,dc=com |
2411 | ---ldap_itsec=cn=NovaSecurity,ou=Groups,dc=example,dc=com |
2412 | ---ldap_sysadmin=cn=Administrators,ou=Groups,dc=example,dc=com |
2413 | ---ldap_netadmin=cn=Administrators,ou=Groups,dc=example,dc=com |
2414 | ---ldap_developer=cn=developers,ou=Groups,dc=example,dc=com |
2415 | ---verbose |
2416 | ---daemonize |
2417 | ---syslog |
2418 | ---networks_path=/var/lib/nova/networks |
2419 | ---instances_path=/var/lib/nova/instances |
2420 | ---buckets_path=/var/lib/nova/objectstore/buckets |
2421 | ---images_path=/var/lib/nova/objectstore/images |
2422 | ---scheduler_driver=nova.scheduler.simple.SimpleScheduler |
2423 | ---libvirt_xml_template=/usr/share/nova/libvirt.qemu.xml.template |
2424 | ---credentials_template=/usr/share/nova/novarc.template |
2425 | ---boot_script_template=/usr/share/nova/bootscript.template |
2426 | ---vpn_client_template=/usr/share/nova/client.ovpn.template |
2427 | ---max_cores=40 |
2428 | ---max_gigabytes=2000 |
2429 | ---ca_path=/var/lib/nova/CA |
2430 | ---keys_path=/var/lib/nova/keys |
2431 | ---vpn_start=11000 |
2432 | ---volume_group=vgdata |
2433 | ---volume_manager=nova.volume.manager.ISCSIManager |
2434 | ---volume_driver=nova.volume.driver.ISCSIDriver |
2435 | ---default_kernel=aki-DEFAULT |
2436 | ---default_ramdisk=ari-DEFAULT |
2437 | ---dhcpbridge=/usr/bin/nova-dhcpbridge |
2438 | ---vpn_image_id=ami-cloudpipe |
2439 | ---dhcpbridge_flagfile=/etc/nova/nova.conf |
2440 | ---credential_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=NOVA/CN=%s-%s |
2441 | ---auth_driver=nova.auth.ldapdriver.LdapDriver |
2442 | ---quota_cores=17 |
2443 | ---quota_floating_ips=5 |
2444 | ---quota_instances=6 |
2445 | ---quota_volumes=10 |
2446 | ---quota_gigabytes=100 |
2447 | ---use_nova_chains=True |
2448 | ---input_chain=services |
2449 | ---use_project_ca=True |
2450 | ---fixed_ip_disassociate_timeout=300 |
2451 | ---api_max_requests=1 |
2452 | ---api_listen_ip=127.0.0.1 |
2453 | ---user_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=Nova/CN=%s-%s-%s |
2454 | ---project_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=Nova/CN=project-ca-%s-%s |
2455 | ---vpn_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=Nova/CN=project-vpn-%s-%s |
2456 | |
2457 | === removed file 'contrib/puppet/templates/production/nova-nova.conf.erb' |
2458 | --- contrib/puppet/templates/production/nova-nova.conf.erb 2010-11-12 19:07:46 +0000 |
2459 | +++ contrib/puppet/templates/production/nova-nova.conf.erb 1970-01-01 00:00:00 +0000 |
2460 | @@ -1,21 +0,0 @@ |
2461 | ---fixed_range=192.168.0.0/16 |
2462 | ---iscsi_ip_prefix=192.168.4 |
2463 | ---floating_range=10.0.0.0/24 |
2464 | ---rabbit_host=192.168.0.10 |
2465 | ---s3_host=192.168.0.10 |
2466 | ---cc_host=192.168.0.10 |
2467 | ---cc_dmz=192.168.24.10 |
2468 | ---s3_dmz=192.168.24.10 |
2469 | ---ec2_url=http://192.168.0.1:8773/services/Cloud |
2470 | ---vpn_ip=192.168.0.2 |
2471 | ---ldap_url=ldap://192.168.0.10 |
2472 | ---sql_connection=mysql://nova:TODO-MYPASS@192.168.0.10/nova |
2473 | ---other_sql_connection=mysql://nova:TODO-MYPASS@192.168.0.10/nova |
2474 | ---routing_source_ip=192.168.0.2 |
2475 | ---bridge_dev=eth1 |
2476 | ---public_interface=eth0 |
2477 | ---vlan_start=3100 |
2478 | ---num_networks=700 |
2479 | ---rabbit_userid=TODO:RABBIT |
2480 | ---rabbit_password=TODO:CHANGEME |
2481 | ---ldap_password=TODO:CHANGEME |
2482 | |
2483 | === modified file 'nova/service.py' |
2484 | --- nova/service.py 2011-01-27 19:52:10 +0000 |
2485 | +++ nova/service.py 2011-02-20 19:58:33 +0000 |
2486 | @@ -50,10 +50,6 @@ |
2487 | 'seconds between running periodic tasks', |
2488 | lower_bound=1) |
2489 | |
2490 | -flags.DEFINE_string('pidfile', None, |
2491 | - 'pidfile to use for this service') |
2492 | - |
2493 | - |
2494 | flags.DEFINE_flag(flags.HelpFlag()) |
2495 | flags.DEFINE_flag(flags.HelpshortFlag()) |
2496 | flags.DEFINE_flag(flags.HelpXMLFlag()) |
The monit template in puppet/contrib is still making use of pidfile. To be fair, this couldn't work now anyway since pidfile flag doesn't do anything. Here is the bit in question, from contrib/ puppet/ templates/ monitrc- nova-api. erb:
check process nova_api_<%= port %> with pidfile /var/run/ nova/nova- api-<%= port %>.pid /etc/nova/ nova.conf --pidfile= /var/run/ nova/nova- api-<%= port %>.pid --api_listen_ port=<% = port %> --lockfile= /var/run/ nova/nova- api-<%= port %>.pid.lock start"
group nova_api
start program = "/usr/bin/nova-api --flagfile=
as uid nova