OpenStack Compute (nova)

Merge lp:~berendt/nova/lp712681 into lp:~hudson-openstack/nova/trunk

  1. lp712681
  2. Merge into trunk
Proposed by Christian Berendt
Status: Merged
Approved by: Devin Carlen
Approved revision: 680
Merged at revision: 715
Proposed branch: lp:~berendt/nova/lp712681
Merge into: lp:~hudson-openstack/nova/trunk
Diff against target: 2496 lines (+0/-2320)
32 files modified
contrib/puppet/files/etc/default/nova-compute (+0/-1)
contrib/puppet/files/etc/default/nova-volume (+0/-1)
contrib/puppet/files/etc/issue (+0/-5)
contrib/puppet/files/etc/libvirt/qemu.conf (+0/-170)
contrib/puppet/files/etc/lvm/lvm.conf (+0/-463)
contrib/puppet/files/etc/nova.conf (+0/-28)
contrib/puppet/files/production/boto.cfg (+0/-3)
contrib/puppet/files/production/genvpn.sh (+0/-35)
contrib/puppet/files/production/libvirt.qemu.xml.template (+0/-35)
contrib/puppet/files/production/my.cnf (+0/-137)
contrib/puppet/files/production/nova-iptables (+0/-187)
contrib/puppet/files/production/nova-iscsi-dev.sh (+0/-19)
contrib/puppet/files/production/setup_data.sh (+0/-6)
contrib/puppet/files/production/slap.sh (+0/-261)
contrib/puppet/fileserver.conf (+0/-8)
contrib/puppet/manifests/classes/apt.pp (+0/-1)
contrib/puppet/manifests/classes/issue.pp (+0/-14)
contrib/puppet/manifests/classes/kern_module.pp (+0/-34)
contrib/puppet/manifests/classes/loopback.pp (+0/-6)
contrib/puppet/manifests/classes/lvm.pp (+0/-8)
contrib/puppet/manifests/classes/lvmconf.pp (+0/-8)
contrib/puppet/manifests/classes/nova.pp (+0/-464)
contrib/puppet/manifests/classes/swift.pp (+0/-7)
contrib/puppet/manifests/site.pp (+0/-120)
contrib/puppet/manifests/templates.pp (+0/-21)
contrib/puppet/puppet.conf (+0/-11)
contrib/puppet/templates/haproxy.cfg.erb (+0/-39)
contrib/puppet/templates/monitrc-nova-api.erb (+0/-138)
contrib/puppet/templates/nova-iptables.erb (+0/-10)
contrib/puppet/templates/production/nova-common.conf.erb (+0/-55)
contrib/puppet/templates/production/nova-nova.conf.erb (+0/-21)
nova/service.py (+0/-4)
To merge this branch: bzr merge lp:~berendt/nova/lp712681
Reviewer Review Type Date Requested Status
Todd Willey (community) Approve
Devin Carlen (community) Approve
Thierry Carrez (community) Approve
Review via email: mp+49871@code.launchpad.net

Description of the change

At the moment --pidfile is still used in some scripts in contrib/puppet/. I don't use puppet, please check if there are possible side effects.

To post a comment you must log in.
Revision history for this message
Devin Carlen (devcamcar) wrote :

The monit template in puppet/contrib is still making use of pidfile. To be fair, this couldn't work now anyway since pidfile flag doesn't do anything. Here is the bit in question, from contrib/puppet/templates/monitrc-nova-api.erb:

check process nova_api_<%= port %> with pidfile /var/run/nova/nova-api-<%= port %>.pid
   group nova_api
   start program = "/usr/bin/nova-api --flagfile=/etc/nova/nova.conf --pidfile=/var/run/nova/nova-api-<%= port %>.pid --api_listen_port=<%= port %> --lockfile=/var/run/nova/nova-api-<%= port %>.pid.lock start"
       as uid nova

Revision history for this message
Christian Berendt (berendt) wrote :

@Devin: Do you know who is responsible for the puppet stuff? I want to talk to them that they should cleanup the pid file handling...

Revision history for this message
Vish Ishaya (vishvananda) wrote :

Already done. I think we should move puppet scripts out, though. They
were just there as an example

On Sunday, February 20, 2011, Christian Berendt <email address hidden> wrote:
> @Devin: Do you know who is responsible for the puppet stuff? I want to talk to them that they should cleanup the pid file handling...
> --
> https://code.launchpad.net/~berendt/nova/lp712681/+merge/49871
> You are subscribed to branch lp:nova.
>

lp:~berendt/nova/lp712681 updated
680. By Christian Berendt

puppet scripts only there as an example, should be moved to some other place if they are still necessary

Revision history for this message
Christian Berendt (berendt) wrote :

I removed the puppet files in this branch. I think the branch can be merged now or do you think we need a discussion about the removing of contrib/puppet?

Revision history for this message
Todd Willey (xtoddx) wrote :

I think they need to come out, they don't really do anyone any good. It might be worth letting the mailing list know and then waiting until Wednesday or so to see if anyone objects.

Revision history for this message
Christian Berendt (berendt) wrote :

Posted a mail on ML openstack, lazy approval until wednesday (18:00 UTC). I'll post the results here, than we can approve (or disapprove...).

Revision history for this message
Thierry Carrez (ttx) wrote :

Deployment scripts in general should live outside the source tree, unless we can always keep them in sync with the rest of the code. They are usually refined once the code stabilizes and even shortly after release, so their release cycle is slightly off. That's why we pushed the nova deployment tool from NII outside the main source tree, and I don't see the puppet stuff being any different.

review: Approve
Revision history for this message
Devin Carlen (devcamcar) wrote :

lgtm

review: Approve
Revision history for this message
Todd Willey (xtoddx) wrote :

looks good. assuming no push-back on the mailing list we can approve this tomorrow.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== removed directory 'contrib/puppet'
=== removed directory 'contrib/puppet/files'
=== removed directory 'contrib/puppet/files/etc'
=== removed directory 'contrib/puppet/files/etc/default'
=== removed file 'contrib/puppet/files/etc/default/nova-compute'
--- contrib/puppet/files/etc/default/nova-compute 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/etc/default/nova-compute 1970-01-01 00:00:00 +0000
@@ -1,1 +0,0 @@
1ENABLED=true
20
=== removed file 'contrib/puppet/files/etc/default/nova-volume'
--- contrib/puppet/files/etc/default/nova-volume 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/etc/default/nova-volume 1970-01-01 00:00:00 +0000
@@ -1,1 +0,0 @@
1ENABLED=true
20
=== removed file 'contrib/puppet/files/etc/issue'
--- contrib/puppet/files/etc/issue 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/etc/issue 1970-01-01 00:00:00 +0000
@@ -1,5 +0,0 @@
1-----------------------------------------------
2
3 Welcome to your OpenStack installation!
4
5-----------------------------------------------
60
=== removed directory 'contrib/puppet/files/etc/libvirt'
=== removed file 'contrib/puppet/files/etc/libvirt/qemu.conf'
--- contrib/puppet/files/etc/libvirt/qemu.conf 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/etc/libvirt/qemu.conf 1970-01-01 00:00:00 +0000
@@ -1,170 +0,0 @@
1# Master configuration file for the QEMU driver.
2# All settings described here are optional - if omitted, sensible
3# defaults are used.
4
5# VNC is configured to listen on 127.0.0.1 by default.
6# To make it listen on all public interfaces, uncomment
7# this next option.
8#
9# NB, strong recommendation to enable TLS + x509 certificate
10# verification when allowing public access
11#
12# vnc_listen = "0.0.0.0"
13
14
15# Enable use of TLS encryption on the VNC server. This requires
16# a VNC client which supports the VeNCrypt protocol extension.
17# Examples include vinagre, virt-viewer, virt-manager and vencrypt
18# itself. UltraVNC, RealVNC, TightVNC do not support this
19#
20# It is necessary to setup CA and issue a server certificate
21# before enabling this.
22#
23# vnc_tls = 1
24
25
26# Use of TLS requires that x509 certificates be issued. The
27# default it to keep them in /etc/pki/libvirt-vnc. This directory
28# must contain
29#
30# ca-cert.pem - the CA master certificate
31# server-cert.pem - the server certificate signed with ca-cert.pem
32# server-key.pem - the server private key
33#
34# This option allows the certificate directory to be changed
35#
36# vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
37
38
39# The default TLS configuration only uses certificates for the server
40# allowing the client to verify the server's identity and establish
41# and encrypted channel.
42#
43# It is possible to use x509 certificates for authentication too, by
44# issuing a x509 certificate to every client who needs to connect.
45#
46# Enabling this option will reject any client who does not have a
47# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
48#
49# vnc_tls_x509_verify = 1
50
51
52# The default VNC password. Only 8 letters are significant for
53# VNC passwords. This parameter is only used if the per-domain
54# XML config does not already provide a password. To allow
55# access without passwords, leave this commented out. An empty
56# string will still enable passwords, but be rejected by QEMU
57# effectively preventing any use of VNC. Obviously change this
58# example here before you set this
59#
60# vnc_password = "XYZ12345"
61
62
63# Enable use of SASL encryption on the VNC server. This requires
64# a VNC client which supports the SASL protocol extension.
65# Examples include vinagre, virt-viewer and virt-manager
66# itself. UltraVNC, RealVNC, TightVNC do not support this
67#
68# It is necessary to configure /etc/sasl2/qemu.conf to choose
69# the desired SASL plugin (eg, GSSPI for Kerberos)
70#
71# vnc_sasl = 1
72
73
74# The default SASL configuration file is located in /etc/sasl2/
75# When running libvirtd unprivileged, it may be desirable to
76# override the configs in this location. Set this parameter to
77# point to the directory, and create a qemu.conf in that location
78#
79# vnc_sasl_dir = "/some/directory/sasl2"
80
81
82
83
84# The default security driver is SELinux. If SELinux is disabled
85# on the host, then the security driver will automatically disable
86# itself. If you wish to disable QEMU SELinux security driver while
87# leaving SELinux enabled for the host in general, then set this
88# to 'none' instead
89#
90# security_driver = "selinux"
91
92
93# The user ID for QEMU processes run by the system instance
94user = "root"
95
96# The group ID for QEMU processes run by the system instance
97group = "root"
98
99# Whether libvirt should dynamically change file ownership
100# to match the configured user/group above. Defaults to 1.
101# Set to 0 to disable file ownership changes.
102#dynamic_ownership = 1
103
104
105# What cgroup controllers to make use of with QEMU guests
106#
107# - 'cpu' - use for schedular tunables
108# - 'devices' - use for device whitelisting
109#
110# NB, even if configured here, they won't be used unless
111# the adminsitrator has mounted cgroups. eg
112#
113# mkdir /dev/cgroup
114# mount -t cgroup -o devices,cpu none /dev/cgroup
115#
116# They can be mounted anywhere, and different controlers
117# can be mounted in different locations. libvirt will detect
118# where they are located.
119#
120# cgroup_controllers = [ "cpu", "devices" ]
121
122# This is the basic set of devices allowed / required by
123# all virtual machines.
124#
125# As well as this, any configured block backed disks,
126# all sound device, and all PTY devices are allowed.
127#
128# This will only need setting if newer QEMU suddenly
129# wants some device we don't already know a bout.
130#
131#cgroup_device_acl = [
132# "/dev/null", "/dev/full", "/dev/zero",
133# "/dev/random", "/dev/urandom",
134# "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
135# "/dev/rtc", "/dev/hpet", "/dev/net/tun",
136#]
137
138# The default format for Qemu/KVM guest save images is raw; that is, the
139# memory from the domain is dumped out directly to a file. If you have
140# guests with a large amount of memory, however, this can take up quite
141# a bit of space. If you would like to compress the images while they
142# are being saved to disk, you can also set "lzop", "gzip", "bzip2", or "xz"
143# for save_image_format. Note that this means you slow down the process of
144# saving a domain in order to save disk space; the list above is in descending
145# order by performance and ascending order by compression ratio.
146#
147# save_image_format = "raw"
148
149# If provided by the host and a hugetlbfs mount point is configured,
150# a guest may request huge page backing. When this mount point is
151# unspecified here, determination of a host mount point in /proc/mounts
152# will be attempted. Specifying an explicit mount overrides detection
153# of the same in /proc/mounts. Setting the mount point to "" will
154# disable guest hugepage backing.
155#
156# NB, within this mount point, guests will create memory backing files
157# in a location of $MOUNTPOINT/libvirt/qemu
158
159# hugetlbfs_mount = "/dev/hugepages"
160
161# mac_filter enables MAC addressed based filtering on bridge ports.
162# This currently requires ebtables to be installed.
163#
164# mac_filter = 1
165
166# By default, PCI devices below non-ACS switch are not allowed to be assigned
167# to guests. By setting relaxed_acs_check to 1 such devices will be allowed to
168# be assigned to guests.
169#
170# relaxed_acs_check = 1
1710
=== removed directory 'contrib/puppet/files/etc/lvm'
=== removed file 'contrib/puppet/files/etc/lvm/lvm.conf'
--- contrib/puppet/files/etc/lvm/lvm.conf 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/etc/lvm/lvm.conf 1970-01-01 00:00:00 +0000
@@ -1,463 +0,0 @@
1# This is an example configuration file for the LVM2 system.
2# It contains the default settings that would be used if there was no
3# /etc/lvm/lvm.conf file.
4#
5# Refer to 'man lvm.conf' for further information including the file layout.
6#
7# To put this file in a different directory and override /etc/lvm set
8# the environment variable LVM_SYSTEM_DIR before running the tools.
9
10
11# This section allows you to configure which block devices should
12# be used by the LVM system.
13devices {
14
15 # Where do you want your volume groups to appear ?
16 dir = "/dev"
17
18 # An array of directories that contain the device nodes you wish
19 # to use with LVM2.
20 scan = [ "/dev" ]
21
22 # If several entries in the scanned directories correspond to the
23 # same block device and the tools need to display a name for device,
24 # all the pathnames are matched against each item in the following
25 # list of regular expressions in turn and the first match is used.
26 preferred_names = [ ]
27
28 # Try to avoid using undescriptive /dev/dm-N names, if present.
29 # preferred_names = [ "^/dev/mpath/", "^/dev/mapper/mpath", "^/dev/[hs]d" ]
30
31 # A filter that tells LVM2 to only use a restricted set of devices.
32 # The filter consists of an array of regular expressions. These
33 # expressions can be delimited by a character of your choice, and
34 # prefixed with either an 'a' (for accept) or 'r' (for reject).
35 # The first expression found to match a device name determines if
36 # the device will be accepted or rejected (ignored). Devices that
37 # don't match any patterns are accepted.
38
39 # Be careful if there there are symbolic links or multiple filesystem
40 # entries for the same device as each name is checked separately against
41 # the list of patterns. The effect is that if any name matches any 'a'
42 # pattern, the device is accepted; otherwise if any name matches any 'r'
43 # pattern it is rejected; otherwise it is accepted.
44
45 # Don't have more than one filter line active at once: only one gets used.
46
47 # Run vgscan after you change this parameter to ensure that
48 # the cache file gets regenerated (see below).
49 # If it doesn't do what you expect, check the output of 'vgscan -vvvv'.
50
51
52 # By default we accept every block device:
53 filter = [ "r|/dev/etherd/.*|", "r|/dev/block/.*|", "a/.*/" ]
54
55 # Exclude the cdrom drive
56 # filter = [ "r|/dev/cdrom|" ]
57
58 # When testing I like to work with just loopback devices:
59 # filter = [ "a/loop/", "r/.*/" ]
60
61 # Or maybe all loops and ide drives except hdc:
62 # filter =[ "a|loop|", "r|/dev/hdc|", "a|/dev/ide|", "r|.*|" ]
63
64 # Use anchors if you want to be really specific
65 # filter = [ "a|^/dev/hda8$|", "r/.*/" ]
66
67 # The results of the filtering are cached on disk to avoid
68 # rescanning dud devices (which can take a very long time).
69 # By default this cache is stored in the /etc/lvm/cache directory
70 # in a file called '.cache'.
71 # It is safe to delete the contents: the tools regenerate it.
72 # (The old setting 'cache' is still respected if neither of
73 # these new ones is present.)
74 cache_dir = "/etc/lvm/cache"
75 cache_file_prefix = ""
76
77 # You can turn off writing this cache file by setting this to 0.
78 write_cache_state = 1
79
80 # Advanced settings.
81
82 # List of pairs of additional acceptable block device types found
83 # in /proc/devices with maximum (non-zero) number of partitions.
84 # types = [ "fd", 16 ]
85
86 # If sysfs is mounted (2.6 kernels) restrict device scanning to
87 # the block devices it believes are valid.
88 # 1 enables; 0 disables.
89 sysfs_scan = 1
90
91 # By default, LVM2 will ignore devices used as components of
92 # software RAID (md) devices by looking for md superblocks.
93 # 1 enables; 0 disables.
94 md_component_detection = 1
95
96 # By default, if a PV is placed directly upon an md device, LVM2
97 # will align its data blocks with the md device's stripe-width.
98 # 1 enables; 0 disables.
99 md_chunk_alignment = 1
100
101 # By default, the start of a PV's data area will be a multiple of
102 # the 'minimum_io_size' or 'optimal_io_size' exposed in sysfs.
103 # - minimum_io_size - the smallest request the device can perform
104 # w/o incurring a read-modify-write penalty (e.g. MD's chunk size)
105 # - optimal_io_size - the device's preferred unit of receiving I/O
106 # (e.g. MD's stripe width)
107 # minimum_io_size is used if optimal_io_size is undefined (0).
108 # If md_chunk_alignment is enabled, that detects the optimal_io_size.
109 # This setting takes precedence over md_chunk_alignment.
110 # 1 enables; 0 disables.
111 data_alignment_detection = 1
112
113 # Alignment (in KB) of start of data area when creating a new PV.
114 # If a PV is placed directly upon an md device and md_chunk_alignment or
115 # data_alignment_detection is enabled this parameter is ignored.
116 # Set to 0 for the default alignment of 64KB or page size, if larger.
117 data_alignment = 0
118
119 # By default, the start of the PV's aligned data area will be shifted by
120 # the 'alignment_offset' exposed in sysfs. This offset is often 0 but
121 # may be non-zero; e.g.: certain 4KB sector drives that compensate for
122 # windows partitioning will have an alignment_offset of 3584 bytes
123 # (sector 7 is the lowest aligned logical block, the 4KB sectors start
124 # at LBA -1, and consequently sector 63 is aligned on a 4KB boundary).
125 # 1 enables; 0 disables.
126 data_alignment_offset_detection = 1
127
128 # If, while scanning the system for PVs, LVM2 encounters a device-mapper
129 # device that has its I/O suspended, it waits for it to become accessible.
130 # Set this to 1 to skip such devices. This should only be needed
131 # in recovery situations.
132 ignore_suspended_devices = 0
133}
134
135# This section that allows you to configure the nature of the
136# information that LVM2 reports.
137log {
138
139 # Controls the messages sent to stdout or stderr.
140 # There are three levels of verbosity, 3 being the most verbose.
141 verbose = 0
142
143 # Should we send log messages through syslog?
144 # 1 is yes; 0 is no.
145 syslog = 1
146
147 # Should we log error and debug messages to a file?
148 # By default there is no log file.
149 #file = "/var/log/lvm2.log"
150
151 # Should we overwrite the log file each time the program is run?
152 # By default we append.
153 overwrite = 0
154
155 # What level of log messages should we send to the log file and/or syslog?
156 # There are 6 syslog-like log levels currently in use - 2 to 7 inclusive.
157 # 7 is the most verbose (LOG_DEBUG).
158 level = 0
159
160 # Format of output messages
161 # Whether or not (1 or 0) to indent messages according to their severity
162 indent = 1
163
164 # Whether or not (1 or 0) to display the command name on each line output
165 command_names = 0
166
167 # A prefix to use before the message text (but after the command name,
168 # if selected). Default is two spaces, so you can see/grep the severity
169 # of each message.
170 prefix = " "
171
172 # To make the messages look similar to the original LVM tools use:
173 # indent = 0
174 # command_names = 1
175 # prefix = " -- "
176
177 # Set this if you want log messages during activation.
178 # Don't use this in low memory situations (can deadlock).
179 # activation = 0
180}
181
182# Configuration of metadata backups and archiving. In LVM2 when we
183# talk about a 'backup' we mean making a copy of the metadata for the
184# *current* system. The 'archive' contains old metadata configurations.
185# Backups are stored in a human readeable text format.
186backup {
187
188 # Should we maintain a backup of the current metadata configuration ?
189 # Use 1 for Yes; 0 for No.
190 # Think very hard before turning this off!
191 backup = 1
192
193 # Where shall we keep it ?
194 # Remember to back up this directory regularly!
195 backup_dir = "/etc/lvm/backup"
196
197 # Should we maintain an archive of old metadata configurations.
198 # Use 1 for Yes; 0 for No.
199 # On by default. Think very hard before turning this off.
200 archive = 1
201
202 # Where should archived files go ?
203 # Remember to back up this directory regularly!
204 archive_dir = "/etc/lvm/archive"
205
206 # What is the minimum number of archive files you wish to keep ?
207 retain_min = 10
208
209 # What is the minimum time you wish to keep an archive file for ?
210 retain_days = 30
211}
212
213# Settings for the running LVM2 in shell (readline) mode.
214shell {
215
216 # Number of lines of history to store in ~/.lvm_history
217 history_size = 100
218}
219
220
221# Miscellaneous global LVM2 settings
222global {
223
224 # The file creation mask for any files and directories created.
225 # Interpreted as octal if the first digit is zero.
226 umask = 077
227
228 # Allow other users to read the files
229 #umask = 022
230
231 # Enabling test mode means that no changes to the on disk metadata
232 # will be made. Equivalent to having the -t option on every
233 # command. Defaults to off.
234 test = 0
235
236 # Default value for --units argument
237 units = "h"
238
239 # Since version 2.02.54, the tools distinguish between powers of
240 # 1024 bytes (e.g. KiB, MiB, GiB) and powers of 1000 bytes (e.g.
241 # KB, MB, GB).
242 # If you have scripts that depend on the old behaviour, set this to 0
243 # temporarily until you update them.
244 si_unit_consistency = 1
245
246 # Whether or not to communicate with the kernel device-mapper.
247 # Set to 0 if you want to use the tools to manipulate LVM metadata
248 # without activating any logical volumes.
249 # If the device-mapper kernel driver is not present in your kernel
250 # setting this to 0 should suppress the error messages.
251 activation = 1
252
253 # If we can't communicate with device-mapper, should we try running
254 # the LVM1 tools?
255 # This option only applies to 2.4 kernels and is provided to help you
256 # switch between device-mapper kernels and LVM1 kernels.
257 # The LVM1 tools need to be installed with .lvm1 suffices
258 # e.g. vgscan.lvm1 and they will stop working after you start using
259 # the new lvm2 on-disk metadata format.
260 # The default value is set when the tools are built.
261 # fallback_to_lvm1 = 0
262
263 # The default metadata format that commands should use - "lvm1" or "lvm2".
264 # The command line override is -M1 or -M2.
265 # Defaults to "lvm2".
266 # format = "lvm2"
267
268 # Location of proc filesystem
269 proc = "/proc"
270
271 # Type of locking to use. Defaults to local file-based locking (1).
272 # Turn locking off by setting to 0 (dangerous: risks metadata corruption
273 # if LVM2 commands get run concurrently).
274 # Type 2 uses the external shared library locking_library.
275 # Type 3 uses built-in clustered locking.
276 # Type 4 uses read-only locking which forbids any operations that might
277 # change metadata.
278 locking_type = 1
279
280 # Set to 0 to fail when a lock request cannot be satisfied immediately.
281 wait_for_locks = 1
282
283 # If using external locking (type 2) and initialisation fails,
284 # with this set to 1 an attempt will be made to use the built-in
285 # clustered locking.
286 # If you are using a customised locking_library you should set this to 0.
287 fallback_to_clustered_locking = 1
288
289 # If an attempt to initialise type 2 or type 3 locking failed, perhaps
290 # because cluster components such as clvmd are not running, with this set
291 # to 1 an attempt will be made to use local file-based locking (type 1).
292 # If this succeeds, only commands against local volume groups will proceed.
293 # Volume Groups marked as clustered will be ignored.
294 fallback_to_local_locking = 1
295
296 # Local non-LV directory that holds file-based locks while commands are
297 # in progress. A directory like /tmp that may get wiped on reboot is OK.
298 locking_dir = "/var/lock/lvm"
299
300 # Whenever there are competing read-only and read-write access requests for
301 # a volume group's metadata, instead of always granting the read-only
302 # requests immediately, delay them to allow the read-write requests to be
303 # serviced. Without this setting, write access may be stalled by a high
304 # volume of read-only requests.
305 # NB. This option only affects locking_type = 1 viz. local file-based
306 # locking.
307 prioritise_write_locks = 1
308
309 # Other entries can go here to allow you to load shared libraries
310 # e.g. if support for LVM1 metadata was compiled as a shared library use
311 # format_libraries = "liblvm2format1.so"
312 # Full pathnames can be given.
313
314 # Search this directory first for shared libraries.
315 # library_dir = "/lib/lvm2"
316
317 # The external locking library to load if locking_type is set to 2.
318 # locking_library = "liblvm2clusterlock.so"
319}
320
321activation {
322 # Set to 0 to disable udev syncronisation (if compiled into the binaries).
323 # Processes will not wait for notification from udev.
324 # They will continue irrespective of any possible udev processing
325 # in the background. You should only use this if udev is not running
326 # or has rules that ignore the devices LVM2 creates.
327 # The command line argument --nodevsync takes precedence over this setting.
328 # If set to 1 when udev is not running, and there are LVM2 processes
329 # waiting for udev, run 'dmsetup udevcomplete_all' manually to wake them up.
330 udev_sync = 1
331
332 # How to fill in missing stripes if activating an incomplete volume.
333 # Using "error" will make inaccessible parts of the device return
334 # I/O errors on access. You can instead use a device path, in which
335 # case, that device will be used to in place of missing stripes.
336 # But note that using anything other than "error" with mirrored
337 # or snapshotted volumes is likely to result in data corruption.
338 missing_stripe_filler = "error"
339
340 # How much stack (in KB) to reserve for use while devices suspended
341 reserved_stack = 256
342
343 # How much memory (in KB) to reserve for use while devices suspended
344 reserved_memory = 8192
345
346 # Nice value used while devices suspended
347 process_priority = -18
348
349 # If volume_list is defined, each LV is only activated if there is a
350 # match against the list.
351 # "vgname" and "vgname/lvname" are matched exactly.
352 # "@tag" matches any tag set in the LV or VG.
353 # "@*" matches if any tag defined on the host is also set in the LV or VG
354 #
355 # volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ]
356
357 # Size (in KB) of each copy operation when mirroring
358 mirror_region_size = 512
359
360 # Setting to use when there is no readahead value stored in the metadata.
361 #
362 # "none" - Disable readahead.
363 # "auto" - Use default value chosen by kernel.
364 readahead = "auto"
365
366 # 'mirror_image_fault_policy' and 'mirror_log_fault_policy' define
367 # how a device failure affecting a mirror is handled.
368 # A mirror is composed of mirror images (copies) and a log.
369 # A disk log ensures that a mirror does not need to be re-synced
370 # (all copies made the same) every time a machine reboots or crashes.
371 #
372 # In the event of a failure, the specified policy will be used to determine
373 # what happens. This applies to automatic repairs (when the mirror is being
374 # monitored by dmeventd) and to manual lvconvert --repair when
375 # --use-policies is given.
376 #
377 # "remove" - Simply remove the faulty device and run without it. If
378 # the log device fails, the mirror would convert to using
379 # an in-memory log. This means the mirror will not
380 # remember its sync status across crashes/reboots and
381 # the entire mirror will be re-synced. If a
382 # mirror image fails, the mirror will convert to a
383 # non-mirrored device if there is only one remaining good
384 # copy.
385 #
386 # "allocate" - Remove the faulty device and try to allocate space on
387 # a new device to be a replacement for the failed device.
388 # Using this policy for the log is fast and maintains the
389 # ability to remember sync state through crashes/reboots.
390 # Using this policy for a mirror device is slow, as it
391 # requires the mirror to resynchronize the devices, but it
392 # will preserve the mirror characteristic of the device.
393 # This policy acts like "remove" if no suitable device and
394 # space can be allocated for the replacement.
395 #
396 # "allocate_anywhere" - Not yet implemented. Useful to place the log device
397 # temporarily on same physical volume as one of the mirror
398 # images. This policy is not recommended for mirror devices
399 # since it would break the redundant nature of the mirror. This
400 # policy acts like "remove" if no suitable device and space can
401 # be allocated for the replacement.
402
403 mirror_log_fault_policy = "allocate"
404 mirror_device_fault_policy = "remove"
405}
406
407
408####################
409# Advanced section #
410####################
411
412# Metadata settings
413#
414# metadata {
415 # Default number of copies of metadata to hold on each PV. 0, 1 or 2.
416 # You might want to override it from the command line with 0
417 # when running pvcreate on new PVs which are to be added to large VGs.
418
419 # pvmetadatacopies = 1
420
421 # Approximate default size of on-disk metadata areas in sectors.
422 # You should increase this if you have large volume groups or
423 # you want to retain a large on-disk history of your metadata changes.
424
425 # pvmetadatasize = 255
426
427 # List of directories holding live copies of text format metadata.
428 # These directories must not be on logical volumes!
429 # It's possible to use LVM2 with a couple of directories here,
430 # preferably on different (non-LV) filesystems, and with no other
431 # on-disk metadata (pvmetadatacopies = 0). Or this can be in
432 # addition to on-disk metadata areas.
433 # The feature was originally added to simplify testing and is not
434 # supported under low memory situations - the machine could lock up.
435 #
436 # Never edit any files in these directories by hand unless you
437 # you are absolutely sure you know what you are doing! Use
438 # the supplied toolset to make changes (e.g. vgcfgrestore).
439
440 # dirs = [ "/etc/lvm/metadata", "/mnt/disk2/lvm/metadata2" ]
441#}
442
443# Event daemon
444#
445dmeventd {
446 # mirror_library is the library used when monitoring a mirror device.
447 #
448 # "libdevmapper-event-lvm2mirror.so" attempts to recover from
449 # failures. It removes failed devices from a volume group and
450 # reconfigures a mirror as necessary. If no mirror library is
451 # provided, mirrors are not monitored through dmeventd.
452
453 mirror_library = "libdevmapper-event-lvm2mirror.so"
454
455 # snapshot_library is the library used when monitoring a snapshot device.
456 #
457 # "libdevmapper-event-lvm2snapshot.so" monitors the filling of
458 # snapshots and emits a warning through syslog, when the use of
459 # snapshot exceedes 80%. The warning is repeated when 85%, 90% and
460 # 95% of the snapshot are filled.
461
462 snapshot_library = "libdevmapper-event-lvm2snapshot.so"
463}
4640
=== removed file 'contrib/puppet/files/etc/nova.conf'
--- contrib/puppet/files/etc/nova.conf 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/etc/nova.conf 1970-01-01 00:00:00 +0000
@@ -1,28 +0,0 @@
1--ec2_url=http://192.168.255.1:8773/services/Cloud
2--rabbit_host=192.168.255.1
3--redis_host=192.168.255.1
4--s3_host=192.168.255.1
5--vpn_ip=192.168.255.1
6--datastore_path=/var/lib/nova/keeper
7--networks_path=/var/lib/nova/networks
8--instances_path=/var/lib/nova/instances
9--buckets_path=/var/lib/nova/objectstore/buckets
10--images_path=/var/lib/nova/objectstore/images
11--ca_path=/var/lib/nova/CA
12--keys_path=/var/lib/nova/keys
13--vlan_start=2000
14--vlan_end=3000
15--private_range=192.168.0.0/16
16--public_range=10.0.0.0/24
17--volume_group=vgdata
18--storage_dev=/dev/sdc
19--bridge_dev=eth2
20--aoe_eth_dev=eth2
21--public_interface=vlan0
22--default_kernel=aki-DEFAULT
23--default_ramdisk=ari-DEFAULT
24--vpn_image_id=ami-cloudpipe
25--daemonize
26--verbose
27--syslog
28--prefix=nova
290
=== removed directory 'contrib/puppet/files/production'
=== removed file 'contrib/puppet/files/production/boto.cfg'
--- contrib/puppet/files/production/boto.cfg 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/production/boto.cfg 1970-01-01 00:00:00 +0000
@@ -1,3 +0,0 @@
1[Boto]
2debug = 0
3num_retries = 1
40
=== removed file 'contrib/puppet/files/production/genvpn.sh'
--- contrib/puppet/files/production/genvpn.sh 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/production/genvpn.sh 1970-01-01 00:00:00 +0000
@@ -1,35 +0,0 @@
1#!/bin/bash
2# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
4# Copyright 2010 United States Government as represented by the
5# Administrator of the National Aeronautics and Space Administration.
6# All Rights Reserved.
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License. You may obtain
10# a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
17# License for the specific language governing permissions and limitations
18# under the License.
19
20# This gets zipped and run on the cloudpipe-managed OpenVPN server
21NAME=$1
22SUBJ=$2
23
24mkdir -p projects/$NAME
25cd projects/$NAME
26
27# generate a server priv key
28openssl genrsa -out server.key 2048
29
30# generate a server CSR
31openssl req -new -key server.key -out server.csr -batch -subj "$SUBJ"
32
33if [ "`id -u`" != "`grep nova /etc/passwd | cut -d':' -f3`" ]; then
34 sudo chown -R nova:nogroup .
35fi
360
=== removed file 'contrib/puppet/files/production/libvirt.qemu.xml.template'
--- contrib/puppet/files/production/libvirt.qemu.xml.template 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/production/libvirt.qemu.xml.template 1970-01-01 00:00:00 +0000
@@ -1,35 +0,0 @@
1<domain type='%(type)s'>
2 <name>%(name)s</name>
3 <os>
4 <type>hvm</type>
5 <kernel>%(basepath)s/kernel</kernel>
6 <initrd>%(basepath)s/ramdisk</initrd>
7 <cmdline>root=/dev/vda1 console=ttyS0</cmdline>
8 </os>
9 <features>
10 <acpi/>
11 </features>
12 <memory>%(memory_kb)s</memory>
13 <vcpu>%(vcpus)s</vcpu>
14 <devices>
15 <disk type='file'>
16 <source file='%(basepath)s/disk'/>
17 <target dev='vda' bus='virtio'/>
18 </disk>
19 <interface type='bridge'>
20 <source bridge='%(bridge_name)s'/>
21 <mac address='%(mac_address)s'/>
22 <!-- <model type='virtio'/> CANT RUN virtio network right now -->
23 <!--
24 <filterref filter="nova-instance-%(name)s">
25 <parameter name="IP" value="%(ip_address)s" />
26 <parameter name="DHCPSERVER" value="%(dhcp_server)s" />
27 </filterref>
28 -->
29 </interface>
30 <serial type="file">
31 <source path='%(basepath)s/console.log'/>
32 <target port='1'/>
33 </serial>
34 </devices>
35</domain>
360
=== removed file 'contrib/puppet/files/production/my.cnf'
--- contrib/puppet/files/production/my.cnf 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/production/my.cnf 1970-01-01 00:00:00 +0000
@@ -1,137 +0,0 @@
1#
2# The MySQL database server configuration file.
3#
4# You can copy this to one of:
5# - "/etc/mysql/my.cnf" to set global options,
6# - "~/.my.cnf" to set user-specific options.
7#
8# One can use all long options that the program supports.
9# Run program with --help to get a list of available options and with
10# --print-defaults to see which it would actually understand and use.
11#
12# For explanations see
13# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
14
15# This will be passed to all mysql clients
16# It has been reported that passwords should be enclosed with ticks/quotes
17# escpecially if they contain "#" chars...
18# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
19[client]
20port = 3306
21socket = /var/run/mysqld/mysqld.sock
22
23# Here is entries for some specific programs
24# The following values assume you have at least 32M ram
25
26# This was formally known as [safe_mysqld]. Both versions are currently parsed.
27[mysqld_safe]
28socket = /var/run/mysqld/mysqld.sock
29nice = 0
30
31[mysqld]
32#
33# * Basic Settings
34#
35
36#
37# * IMPORTANT
38# If you make changes to these settings and your system uses apparmor, you may
39# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
40#
41
42user = mysql
43socket = /var/run/mysqld/mysqld.sock
44port = 3306
45basedir = /usr
46datadir = /var/lib/mysql
47tmpdir = /tmp
48skip-external-locking
49#
50# Instead of skip-networking the default is now to listen only on
51# localhost which is more compatible and is not less secure.
52# bind-address = 127.0.0.1
53#
54# * Fine Tuning
55#
56innodb_buffer_pool_size = 12G
57#innodb_log_file_size = 256M
58innodb_log_buffer_size=4M
59innodb_flush_log_at_trx_commit=2
60innodb_thread_concurrency=8
61innodb_flush_method=O_DIRECT
62key_buffer = 128M
63max_allowed_packet = 256M
64thread_stack = 8196K
65thread_cache_size = 32
66# This replaces the startup script and checks MyISAM tables if needed
67# the first time they are touched
68myisam-recover = BACKUP
69max_connections = 1000
70table_cache = 1024
71#thread_concurrency = 10
72#
73# * Query Cache Configuration
74#
75query_cache_limit = 32M
76query_cache_size = 256M
77#
78# * Logging and Replication
79#
80# Both location gets rotated by the cronjob.
81# Be aware that this log type is a performance killer.
82# As of 5.1 you can enable the log at runtime!
83#general_log_file = /var/log/mysql/mysql.log
84#general_log = 1
85
86log_error = /var/log/mysql/error.log
87
88# Here you can see queries with especially long duration
89log_slow_queries = /var/log/mysql/mysql-slow.log
90long_query_time = 2
91#log-queries-not-using-indexes
92#
93# The following can be used as easy to replay backup logs or for replication.
94# note: if you are setting up a replication slave, see README.Debian about
95# other settings you may need to change.
96server-id = 1
97log_bin = /var/log/mysql/mysql-bin.log
98expire_logs_days = 10
99max_binlog_size = 50M
100#binlog_do_db = include_database_name
101#binlog_ignore_db = include_database_name
102#
103# * InnoDB
104#
105sync_binlog=1
106# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
107# Read the manual for more InnoDB related options. There are many!
108#
109# * Security Features
110#
111# Read the manual, too, if you want chroot!
112# chroot = /var/lib/mysql/
113#
114# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
115#
116# ssl-ca=/etc/mysql/cacert.pem
117# ssl-cert=/etc/mysql/server-cert.pem
118# ssl-key=/etc/mysql/server-key.pem
119
120
121
122[mysqldump]
123quick
124quote-names
125max_allowed_packet = 256M
126
127[mysql]
128#no-auto-rehash # faster start of mysql but no tab completition
129
130[isamchk]
131key_buffer = 128M
132
133#
134# * IMPORTANT: Additional settings that can override those from this file!
135# The files must end with '.cnf', otherwise they'll be ignored.
136#
137!includedir /etc/mysql/conf.d/
1380
=== removed file 'contrib/puppet/files/production/nova-iptables'
--- contrib/puppet/files/production/nova-iptables 2010-12-16 11:35:46 +0000
+++ contrib/puppet/files/production/nova-iptables 1970-01-01 00:00:00 +0000
@@ -1,187 +0,0 @@
1#! /bin/sh
2
3# vim: tabstop=4 shiftwidth=4 softtabstop=4
4
5# Copyright 2010 United States Government as represented by the
6# Administrator of the National Aeronautics and Space Administration.
7# All Rights Reserved.
8#
9# Licensed under the Apache License, Version 2.0 (the "License"); you may
10# not use this file except in compliance with the License. You may obtain
11# a copy of the License at
12#
13# http://www.apache.org/licenses/LICENSE-2.0
14#
15# Unless required by applicable law or agreed to in writing, software
16# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
18# License for the specific language governing permissions and limitations
19# under the License.
20
21# NOTE(vish): This script sets up some reasonable defaults for iptables and
22# creates nova-specific chains. If you use this script you should
23# run nova-network and nova-compute with --use_nova_chains=True
24
25
26# NOTE(vish): If you run public nova-api on a different port, make sure to
27# change the port here
28
29if [ -f /etc/default/nova-iptables ] ; then
30 . /etc/default/nova-iptables
31fi
32
33export LC_ALL=C
34
35API_PORT=${API_PORT:-"8773"}
36
37if [ ! -n "$IP" ]; then
38 # NOTE(vish): IP address is what address the services ALLOW on.
39 # This will just get the first ip in the list, so if you
40 # have more than one eth device set up, this will fail, and
41 # you should explicitly pass in the ip of the instance
42 IP=`ifconfig | grep -m 1 'inet addr:'| cut -d: -f2 | awk '{print $1}'`
43fi
44
45if [ ! -n "$PRIVATE_RANGE" ]; then
46 #NOTE(vish): PRIVATE_RANGE: range is ALLOW to access DHCP
47 PRIVATE_RANGE="192.168.0.0/12"
48fi
49
50if [ ! -n "$MGMT_IP" ]; then
51 # NOTE(vish): Management IP is the ip over which to allow ssh traffic. It
52 # will also allow traffic to nova-api
53 MGMT_IP="$IP"
54fi
55
56if [ ! -n "$DMZ_IP" ]; then
57 # NOTE(vish): DMZ IP is the ip over which to allow api & objectstore access
58 DMZ_IP="$IP"
59fi
60
61clear_nova_iptables() {
62 iptables -P INPUT ACCEPT
63 iptables -P FORWARD ACCEPT
64 iptables -P OUTPUT ACCEPT
65 iptables -F
66 iptables -t nat -F
67 iptables -F services
68 iptables -X services
69 # HACK: re-adding fail2ban rules :(
70 iptables -N fail2ban-ssh
71 iptables -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
72 iptables -A fail2ban-ssh -j RETURN
73}
74
75load_nova_iptables() {
76
77 iptables -P INPUT DROP
78 iptables -A INPUT -m state --state INVALID -j DROP
79 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
80 # NOTE(ja): allow localhost for everything
81 iptables -A INPUT -d 127.0.0.1/32 -j ACCEPT
82 # NOTE(ja): 22 only allowed MGMT_IP before, but we widened it to any
83 # address, since ssh should be listening only on internal
84 # before we re-add this rule we will need to add
85 # flexibility for RSYNC between omega/stingray
86 iptables -A INPUT -m tcp -p tcp --dport 22 -j ACCEPT
87 iptables -A INPUT -m udp -p udp --dport 123 -j ACCEPT
88 iptables -A INPUT -p icmp -j ACCEPT
89 iptables -N services
90 iptables -A INPUT -j services
91 iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
92 iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
93
94 iptables -P FORWARD DROP
95 iptables -A FORWARD -m state --state INVALID -j DROP
96 iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
97 iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
98
99 # NOTE(vish): DROP on output is too restrictive for now. We need to add
100 # in a bunch of more specific output rules to use it.
101 # iptables -P OUTPUT DROP
102 iptables -A OUTPUT -m state --state INVALID -j DROP
103 iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
104
105 if [ -n "$GANGLIA" ] || [ -n "$ALL" ]; then
106 iptables -A services -m tcp -p tcp -d $IP --dport 8649 -j ACCEPT
107 iptables -A services -m udp -p udp -d $IP --dport 8649 -j ACCEPT
108 fi
109
110 # if [ -n "$WEB" ] || [ -n "$ALL" ]; then
111 # # NOTE(vish): This opens up ports for web access, allowing web-based
112 # # dashboards to work.
113 # iptables -A services -m tcp -p tcp -d $IP --dport 80 -j ACCEPT
114 # iptables -A services -m tcp -p tcp -d $IP --dport 443 -j ACCEPT
115 # fi
116
117 if [ -n "$OBJECTSTORE" ] || [ -n "$ALL" ]; then
118 # infrastructure
119 iptables -A services -m tcp -p tcp -d $IP --dport 3333 -j ACCEPT
120 # clients
121 iptables -A services -m tcp -p tcp -d $DMZ_IP --dport 3333 -j ACCEPT
122 fi
123
124 if [ -n "$API" ] || [ -n "$ALL" ]; then
125 iptables -A services -m tcp -p tcp -d $IP --dport $API_PORT -j ACCEPT
126 if [ "$IP" != "$DMZ_IP" ]; then
127 iptables -A services -m tcp -p tcp -d $DMZ_IP --dport $API_PORT -j ACCEPT
128 fi
129 if [ "$IP" != "$MGMT_IP" ] && [ "$DMZ_IP" != "$MGMT_IP" ]; then
130 iptables -A services -m tcp -p tcp -d $MGMT_IP --dport $API_PORT -j ACCEPT
131 fi
132 fi
133
134 if [ -n "$REDIS" ] || [ -n "$ALL" ]; then
135 iptables -A services -m tcp -p tcp -d $IP --dport 6379 -j ACCEPT
136 fi
137
138 if [ -n "$MYSQL" ] || [ -n "$ALL" ]; then
139 iptables -A services -m tcp -p tcp -d $IP --dport 3306 -j ACCEPT
140 fi
141
142 if [ -n "$RABBITMQ" ] || [ -n "$ALL" ]; then
143 iptables -A services -m tcp -p tcp -d $IP --dport 4369 -j ACCEPT
144 iptables -A services -m tcp -p tcp -d $IP --dport 5672 -j ACCEPT
145 iptables -A services -m tcp -p tcp -d $IP --dport 53284 -j ACCEPT
146 fi
147
148 if [ -n "$DNSMASQ" ] || [ -n "$ALL" ]; then
149 # NOTE(vish): this could theoretically be setup per network
150 # for each host, but it seems like overkill
151 iptables -A services -m tcp -p tcp -s $PRIVATE_RANGE --dport 53 -j ACCEPT
152 iptables -A services -m udp -p udp -s $PRIVATE_RANGE --dport 53 -j ACCEPT
153 iptables -A services -m udp -p udp --dport 67 -j ACCEPT
154 fi
155
156 if [ -n "$LDAP" ] || [ -n "$ALL" ]; then
157 iptables -A services -m tcp -p tcp -d $IP --dport 389 -j ACCEPT
158 fi
159
160 if [ -n "$ISCSI" ] || [ -n "$ALL" ]; then
161 iptables -A services -m tcp -p tcp -d $IP --dport 3260 -j ACCEPT
162 iptables -A services -m tcp -p tcp -d 127.0.0.0/16 --dport 3260 -j ACCEPT
163 fi
164}
165
166
167case "$1" in
168 start)
169 echo "Starting nova-iptables: "
170 load_nova_iptables
171 ;;
172 stop)
173 echo "Clearing nova-iptables: "
174 clear_nova_iptables
175 ;;
176 restart)
177 echo "Restarting nova-iptables: "
178 clear_nova_iptables
179 load_nova_iptables
180 ;;
181 *)
182 echo "Usage: $NAME {start|stop|restart}" >&2
183 exit 1
184 ;;
185esac
186
187exit 0
1880
=== removed file 'contrib/puppet/files/production/nova-iscsi-dev.sh'
--- contrib/puppet/files/production/nova-iscsi-dev.sh 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/production/nova-iscsi-dev.sh 1970-01-01 00:00:00 +0000
@@ -1,19 +0,0 @@
1#!/bin/sh
2
3# FILE: /etc/udev/scripts/iscsidev.sh
4
5BUS=${1}
6HOST=${BUS%%:*}
7
8[ -e /sys/class/iscsi_host ] || exit 1
9
10file="/sys/class/iscsi_host/host${HOST}/device/session*/iscsi_session*/session*/targetname"
11
12target_name=$(cat ${file})
13
14# This is not an open-scsi drive
15if [ -z "${target_name}" ]; then
16 exit 1
17fi
18
19echo "${target_name##*:}"
200
=== removed file 'contrib/puppet/files/production/setup_data.sh'
--- contrib/puppet/files/production/setup_data.sh 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/production/setup_data.sh 1970-01-01 00:00:00 +0000
@@ -1,6 +0,0 @@
1#!/bin/bash
2/root/slap.sh
3mysql -e "DROP DATABASE nova"
4mysql -e "CREATE DATABASE nova"
5mysql -e "GRANT ALL on nova.* to nova@'%' identified by 'TODO:CHANGEME:CMON'"
6touch /root/installed
70
=== removed file 'contrib/puppet/files/production/slap.sh'
--- contrib/puppet/files/production/slap.sh 2010-11-12 19:07:46 +0000
+++ contrib/puppet/files/production/slap.sh 1970-01-01 00:00:00 +0000
@@ -1,261 +0,0 @@
1#!/usr/bin/env bash
2# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
4# Copyright 2010 United States Government as represented by the
5# Administrator of the National Aeronautics and Space Administration.
6# All Rights Reserved.
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License. You may obtain
10# a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
17# License for the specific language governing permissions and limitations
18# under the License.
19# LDAP INSTALL SCRIPT - SHOULD BE IDEMPOTENT, but it SCRUBS all USERS
20
21apt-get install -y slapd ldap-utils python-ldap
22
23cat >/etc/ldap/schema/openssh-lpk_openldap.schema <<LPK_SCHEMA_EOF
24#
25# LDAP Public Key Patch schema for use with openssh-ldappubkey
26# Author: Eric AUGE <eau@phear.org>
27#
28# Based on the proposal of : Mark Ruijter
29#
30
31
32# octetString SYNTAX
33attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
34 DESC 'MANDATORY: OpenSSH Public key'
35 EQUALITY octetStringMatch
36 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
37
38# printableString SYNTAX yes|no
39objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
40 DESC 'MANDATORY: OpenSSH LPK objectclass'
41 MAY ( sshPublicKey $ uid )
42 )
43LPK_SCHEMA_EOF
44
45cat >/etc/ldap/schema/nova.schema <<NOVA_SCHEMA_EOF
46#
47# Person object for Nova
48# inetorgperson with extra attributes
49# Author: Vishvananda Ishaya <vishvananda@yahoo.com>
50#
51#
52
53# using internet experimental oid arc as per BP64 3.1
54objectidentifier novaSchema 1.3.6.1.3.1.666.666
55objectidentifier novaAttrs novaSchema:3
56objectidentifier novaOCs novaSchema:4
57
58attributetype (
59 novaAttrs:1
60 NAME 'accessKey'
61 DESC 'Key for accessing data'
62 EQUALITY caseIgnoreMatch
63 SUBSTR caseIgnoreSubstringsMatch
64 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
65 SINGLE-VALUE
66 )
67
68attributetype (
69 novaAttrs:2
70 NAME 'secretKey'
71 DESC 'Secret key'
72 EQUALITY caseIgnoreMatch
73 SUBSTR caseIgnoreSubstringsMatch
74 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
75 SINGLE-VALUE
76 )
77
78attributetype (
79 novaAttrs:3
80 NAME 'keyFingerprint'
81 DESC 'Fingerprint of private key'
82 EQUALITY caseIgnoreMatch
83 SUBSTR caseIgnoreSubstringsMatch
84 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
85 SINGLE-VALUE
86 )
87
88attributetype (
89 novaAttrs:4
90 NAME 'isAdmin'
91 DESC 'Is user an administrator?'
92 EQUALITY booleanMatch
93 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
94 SINGLE-VALUE
95 )
96
97attributetype (
98 novaAttrs:5
99 NAME 'projectManager'
100 DESC 'Project Managers of a project'
101 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
102 )
103
104objectClass (
105 novaOCs:1
106 NAME 'novaUser'
107 DESC 'access and secret keys'
108 AUXILIARY
109 MUST ( uid )
110 MAY ( accessKey $ secretKey $ isAdmin )
111 )
112
113objectClass (
114 novaOCs:2
115 NAME 'novaKeyPair'
116 DESC 'Key pair for User'
117 SUP top
118 STRUCTURAL
119 MUST ( cn $ sshPublicKey $ keyFingerprint )
120 )
121
122objectClass (
123 novaOCs:3
124 NAME 'novaProject'
125 DESC 'Container for project'
126 SUP groupOfNames
127 STRUCTURAL
128 MUST ( cn $ projectManager )
129 )
130
131NOVA_SCHEMA_EOF
132
133mv /etc/ldap/slapd.conf /etc/ldap/slapd.conf.orig
134cat >/etc/ldap/slapd.conf <<SLAPD_CONF_EOF
135# slapd.conf - Configuration file for LDAP SLAPD
136##########
137# Basics #
138##########
139include /etc/ldap/schema/core.schema
140include /etc/ldap/schema/cosine.schema
141include /etc/ldap/schema/inetorgperson.schema
142include /etc/ldap/schema/openssh-lpk_openldap.schema
143include /etc/ldap/schema/nova.schema
144pidfile /var/run/slapd/slapd.pid
145argsfile /var/run/slapd/slapd.args
146loglevel none
147modulepath /usr/lib/ldap
148# modulepath /usr/local/libexec/openldap
149moduleload back_hdb
150##########################
151# Database Configuration #
152##########################
153database hdb
154suffix "dc=example,dc=com"
155rootdn "cn=Manager,dc=example,dc=com"
156rootpw changeme
157directory /var/lib/ldap
158# directory /usr/local/var/openldap-data
159index objectClass,cn eq
160########
161# ACLs #
162########
163access to attrs=userPassword
164 by anonymous auth
165 by self write
166 by * none
167access to *
168 by self write
169 by * none
170SLAPD_CONF_EOF
171
172mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig
173
174cat >/etc/ldap/ldap.conf <<LDAP_CONF_EOF
175# LDAP Client Settings
176URI ldap://localhost
177BASE dc=example,dc=com
178BINDDN cn=Manager,dc=example,dc=com
179SIZELIMIT 0
180TIMELIMIT 0
181LDAP_CONF_EOF
182
183cat >/etc/ldap/base.ldif <<BASE_LDIF_EOF
184# This is the root of the directory tree
185dn: dc=example,dc=com
186description: Example.Com, your trusted non-existent corporation.
187dc: example
188o: Example.Com
189objectClass: top
190objectClass: dcObject
191objectClass: organization
192
193# Subtree for users
194dn: ou=Users,dc=example,dc=com
195ou: Users
196description: Users
197objectClass: organizationalUnit
198
199# Subtree for groups
200dn: ou=Groups,dc=example,dc=com
201ou: Groups
202description: Groups
203objectClass: organizationalUnit
204
205# Subtree for system accounts
206dn: ou=System,dc=example,dc=com
207ou: System
208description: Special accounts used by software applications.
209objectClass: organizationalUnit
210
211# Special Account for Authentication:
212dn: uid=authenticate,ou=System,dc=example,dc=com
213uid: authenticate
214ou: System
215description: Special account for authenticating users
216userPassword: {MD5}TODO-000000000000000000000000000==
217objectClass: account
218objectClass: simpleSecurityObject
219
220# create the sysadmin entry
221
222dn: cn=developers,ou=Groups,dc=example,dc=com
223objectclass: groupOfNames
224cn: developers
225description: IT admin group
226member: uid=admin,ou=Users,dc=example,dc=com
227
228dn: cn=sysadmins,ou=Groups,dc=example,dc=com
229objectclass: groupOfNames
230cn: sysadmins
231description: IT admin group
232member: uid=admin,ou=Users,dc=example,dc=com
233
234dn: cn=netadmins,ou=Groups,dc=example,dc=com
235objectclass: groupOfNames
236cn: netadmins
237description: Network admin group
238member: uid=admin,ou=Users,dc=example,dc=com
239
240dn: cn=cloudadmins,ou=Groups,dc=example,dc=com
241objectclass: groupOfNames
242cn: cloudadmins
243description: Cloud admin group
244member: uid=admin,ou=Users,dc=example,dc=com
245
246dn: cn=itsec,ou=Groups,dc=example,dc=com
247objectclass: groupOfNames
248cn: itsec
249description: IT security users group
250member: uid=admin,ou=Users,dc=example,dc=com
251BASE_LDIF_EOF
252
253/etc/init.d/slapd stop
254rm -rf /var/lib/ldap/*
255rm -rf /etc/ldap/slapd.d/*
256slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
257cp /usr/share/slapd/DB_CONFIG /var/lib/ldap/DB_CONFIG
258slapadd -v -l /etc/ldap/base.ldif
259chown -R openldap:openldap /etc/ldap/slapd.d
260chown -R openldap:openldap /var/lib/ldap
261/etc/init.d/slapd start
2620
=== removed file 'contrib/puppet/fileserver.conf'
--- contrib/puppet/fileserver.conf 2010-11-12 19:07:46 +0000
+++ contrib/puppet/fileserver.conf 1970-01-01 00:00:00 +0000
@@ -1,8 +0,0 @@
1# fileserver.conf
2
3[files]
4path /srv/cloud/puppet/files
5allow 10.0.0.0/24
6
7[plugins]
8
90
=== removed directory 'contrib/puppet/manifests'
=== removed directory 'contrib/puppet/manifests/classes'
=== removed file 'contrib/puppet/manifests/classes/apt.pp'
--- contrib/puppet/manifests/classes/apt.pp 2010-11-12 19:07:46 +0000
+++ contrib/puppet/manifests/classes/apt.pp 1970-01-01 00:00:00 +0000
@@ -1,1 +0,0 @@
1exec { "update-apt": command => "/usr/bin/apt-get update" }
20
=== removed file 'contrib/puppet/manifests/classes/issue.pp'
--- contrib/puppet/manifests/classes/issue.pp 2010-11-12 19:07:46 +0000
+++ contrib/puppet/manifests/classes/issue.pp 1970-01-01 00:00:00 +0000
@@ -1,14 +0,0 @@
1class issue {
2 file { "/etc/issue":
3 owner => "root",
4 group => "root",
5 mode => 444,
6 source => "puppet://${puppet_server}/files/etc/issue",
7 }
8 file { "/etc/issue.net":
9 owner => "root",
10 group => "root",
11 mode => 444,
12 source => "puppet://${puppet_server}/files/etc/issue",
13 }
14}
150
=== removed file 'contrib/puppet/manifests/classes/kern_module.pp'
--- contrib/puppet/manifests/classes/kern_module.pp 2010-11-12 19:07:46 +0000
+++ contrib/puppet/manifests/classes/kern_module.pp 1970-01-01 00:00:00 +0000
@@ -1,34 +0,0 @@
1# via http://projects.puppetlabs.com/projects/puppet/wiki/Kernel_Modules_Patterns
2
3define kern_module ($ensure) {
4 $modulesfile = $operatingsystem ? { ubuntu => "/etc/modules", redhat => "/etc/rc.modules" }
5 case $operatingsystem {
6 redhat: { file { "/etc/rc.modules": ensure => file, mode => 755 } }
7 }
8 case $ensure {
9 present: {
10 exec { "insert_module_${name}":
11 command => $operatingsystem ? {
12 ubuntu => "/bin/echo '${name}' >> '${modulesfile}'",
13 redhat => "/bin/echo '/sbin/modprobe ${name}' >> '${modulesfile}' "
14 },
15 unless => "/bin/grep -qFx '${name}' '${modulesfile}'"
16 }
17 exec { "/sbin/modprobe ${name}": unless => "/bin/grep -q '^${name} ' '/proc/modules'" }
18 }
19 absent: {
20 exec { "/sbin/modprobe -r ${name}": onlyif => "/bin/grep -q '^${name} ' '/proc/modules'" }
21 exec { "remove_module_${name}":
22 command => $operatingsystem ? {
23 ubuntu => "/usr/bin/perl -ni -e 'print unless /^\\Q${name}\\E\$/' '${modulesfile}'",
24 redhat => "/usr/bin/perl -ni -e 'print unless /^\\Q/sbin/modprobe ${name}\\E\$/' '${modulesfile}'"
25 },
26 onlyif => $operatingsystem ? {
27 ubuntu => "/bin/grep -qFx '${name}' '${modulesfile}'",
28 redhat => "/bin/grep -q '^/sbin/modprobe ${name}' '${modulesfile}'"
29 }
30 }
31 }
32 default: { err ( "unknown ensure value ${ensure}" ) }
33 }
34}
350
=== removed file 'contrib/puppet/manifests/classes/loopback.pp'
--- contrib/puppet/manifests/classes/loopback.pp 2010-11-12 19:07:46 +0000
+++ contrib/puppet/manifests/classes/loopback.pp 1970-01-01 00:00:00 +0000
@@ -1,6 +0,0 @@
1define loopback($num) {
2 exec { "mknod -m 0660 /dev/loop${num} b 7 ${num}; chown root:disk /dev/loop${num}":
3 creates => "/dev/loop${num}",
4 path => ["/usr/bin", "/usr/sbin", "/bin"]
5 }
6}
70
=== removed file 'contrib/puppet/manifests/classes/lvm.pp'
--- contrib/puppet/manifests/classes/lvm.pp 2010-11-12 19:07:46 +0000
+++ contrib/puppet/manifests/classes/lvm.pp 1970-01-01 00:00:00 +0000
@@ -1,8 +0,0 @@
1class lvm {
2 file { "/etc/lvm/lvm.conf":
3 owner => "root",
4 group => "root",
5 mode => 444,
6 source => "puppet://${puppet_server}/files/etc/lvm.conf",
7 }
8}
90
=== removed file 'contrib/puppet/manifests/classes/lvmconf.pp'
--- contrib/puppet/manifests/classes/lvmconf.pp 2010-11-12 19:07:46 +0000
+++ contrib/puppet/manifests/classes/lvmconf.pp 1970-01-01 00:00:00 +0000
@@ -1,8 +0,0 @@
1class lvmconf {
2 file { "/etc/lvm/lvm.conf":
3 owner => "root", group => "root", mode => 644,
4 source => "puppet://${puppet_server}/files/etc/lvm/lvm.conf",
5 ensure => present
6 }
7}
8
90
=== removed file 'contrib/puppet/manifests/classes/nova.pp'
--- contrib/puppet/manifests/classes/nova.pp 2010-11-12 19:07:46 +0000
+++ contrib/puppet/manifests/classes/nova.pp 1970-01-01 00:00:00 +0000
@@ -1,464 +0,0 @@
1import "kern_module"
2import "apt"
3import "loopback"
4
5#$head_node_ip = "undef"
6#$rabbit_ip = "undef"
7#$vpn_ip = "undef"
8#$public_interface = "undef"
9#$vlan_start = "5000"
10#$vlan_end = "6000"
11#$private_range = "10.0.0.0/16"
12#$public_range = "192.168.177.0/24"
13
14define nova_iptables($services, $ip="", $private_range="", $mgmt_ip="", $dmz_ip="") {
15 file { "/etc/init.d/nova-iptables":
16 owner => "root", mode => 755,
17 source => "puppet://${puppet_server}/files/production/nova-iptables",
18 }
19
20 file { "/etc/default/nova-iptables":
21 owner => "root", mode => 644,
22 content => template("nova-iptables.erb")
23 }
24}
25
26define nova_conf_pointer($name) {
27 file { "/etc/nova/nova-${name}.conf":
28 owner => "nova", mode => 400,
29 content => "--flagfile=/etc/nova/nova.conf"
30 }
31}
32
33class novaconf {
34 file { "/etc/nova/nova.conf":
35 owner => "nova", mode => 400,
36 content => template("production/nova-common.conf.erb", "production/nova-${cluster_name}.conf.erb")
37 }
38 nova_conf_pointer{'manage': name => 'manage'}
39}
40
41class novadata {
42 package { "rabbitmq-server": ensure => present }
43
44 file { "/etc/rabbitmq/rabbitmq.conf":
45 owner => "root", mode => 644,
46 content => "NODENAME=rabbit@localhost",
47 }
48
49 service { "rabbitmq-server":
50 ensure => running,
51 enable => true,
52 hasstatus => true,
53 require => [
54 File["/etc/rabbitmq/rabbitmq.conf"],
55 Package["rabbitmq-server"]
56 ]
57 }
58
59 package { "mysql-server": ensure => present }
60
61 file { "/etc/mysql/my.cnf":
62 owner => "root", mode => 644,
63 source => "puppet://${puppet_server}/files/production/my.cnf",
64 }
65
66 service { "mysql":
67 ensure => running,
68 enable => true,
69 hasstatus => true,
70 require => [
71 File["/etc/mysql/my.cnf"],
72 Package["mysql-server"]
73 ]
74 }
75
76 file { "/root/slap.sh":
77 owner => "root", mode => 755,
78 source => "puppet://${puppet_server}/files/production/slap.sh",
79 }
80
81 file { "/root/setup_data.sh":
82 owner => "root", mode => 755,
83 source => "puppet://${puppet_server}/files/production/setup_data.sh",
84 }
85
86 # setup compute data
87 exec { "setup_data":
88 command => "/root/setup_data.sh",
89 path => "/usr/bin:/bin",
90 unless => "test -f /root/installed",
91 require => [
92 Service["mysql"],
93 File["/root/slap.sh"],
94 File["/root/setup_data.sh"]
95 ]
96 }
97}
98
99define nscheduler($version) {
100 package { "nova-scheduler": ensure => $version, require => Exec["update-apt"] }
101 nova_conf_pointer{'scheduler': name => 'scheduler'}
102 exec { "update-rc.d -f nova-scheduler remove; update-rc.d nova-scheduler defaults 50":
103 path => "/usr/bin:/usr/sbin:/bin",
104 onlyif => "test -f /etc/init.d/nova-scheduler",
105 unless => "test -f /etc/rc2.d/S50nova-scheduler"
106 }
107 service { "nova-scheduler":
108 ensure => running,
109 hasstatus => true,
110 subscribe => [
111 Package["nova-scheduler"],
112 File["/etc/nova/nova.conf"],
113 File["/etc/nova/nova-scheduler.conf"]
114 ]
115 }
116
117}
118
119define napi($version, $api_servers, $api_base_port) {
120 file { "/etc/boto.cfg":
121 owner => "root", mode => 644,
122 source => "puppet://${puppet_server}/files/production/boto.cfg",
123 }
124
125 file { "/var/lib/nova/CA/genvpn.sh":
126 owner => "nova", mode => 755,
127 source => "puppet://${puppet_server}/files/production/genvpn.sh",
128 }
129
130 package { "python-greenlet": ensure => present }
131 package { "nova-api": ensure => $version, require => [Exec["update-apt"], Package["python-greenlet"]] }
132 nova_conf_pointer{'api': name => 'api'}
133
134 exec { "update-rc.d -f nova-api remove; update-rc.d nova-api defaults 50":
135 path => "/usr/bin:/usr/sbin:/bin",
136 onlyif => "test -f /etc/init.d/nova-api",
137 unless => "test -f /etc/rc2.d/S50nova-api"
138 }
139
140 service { "nova-netsync":
141 start => "/usr/bin/nova-netsync --pidfile=/var/run/nova/nova-netsync.pid --lockfile=/var/run/nova/nova-netsync.pid.lock start",
142 stop => "/usr/bin/nova-netsync --pidfile=/var/run/nova/nova-netsync.pid --lockfile=/var/run/nova/nova-netsync.pid.lock stop",
143 ensure => running,
144 hasstatus => false,
145 pattern => "nova-netsync",
146 require => Service["nova-api"],
147 subscribe => File["/etc/nova/nova.conf"]
148 }
149 service { "nova-api":
150 start => "monit start all -g nova_api",
151 stop => "monit stop all -g nova_api",
152 restart => "monit restart all -g nova_api",
153 # ensure => running,
154 # hasstatus => true,
155 require => Service["monit"],
156 subscribe => [
157 Package["nova-objectstore"],
158 File["/etc/boto.cfg"],
159 File["/etc/nova/nova.conf"],
160 File["/etc/nova/nova-objectstore.conf"]
161 ]
162 }
163
164 # the haproxy & monit's template use $api_servers and $api_base_port
165
166 package { "haproxy": ensure => present }
167 file { "/etc/default/haproxy":
168 owner => "root", mode => 644,
169 content => "ENABLED=1",
170 require => Package['haproxy']
171 }
172 file { "/etc/haproxy/haproxy.cfg":
173 owner => "root", mode => 644,
174 content => template("/srv/cloud/puppet/templates/haproxy.cfg.erb"),
175 require => Package['haproxy']
176 }
177 service { "haproxy":
178 ensure => true,
179 enable => true,
180 hasstatus => true,
181 subscribe => [
182 Package["haproxy"],
183 File["/etc/default/haproxy"],
184 File["/etc/haproxy/haproxy.cfg"],
185 ]
186 }
187
188 package { "socat": ensure => present }
189
190 file { "/usr/local/bin/gmetric_haproxy.sh":
191 owner => "root", mode => 755,
192 source => "puppet://${puppet_server}/files/production/ganglia/gmetric_scripts/gmetric_haproxy.sh",
193 }
194
195 cron { "gmetric_haproxy":
196 command => "/usr/local/bin/gmetric_haproxy.sh",
197 user => root,
198 minute => "*/3",
199 }
200
201 package { "monit": ensure => present }
202
203 file { "/etc/default/monit":
204 owner => "root", mode => 644,
205 content => "startup=1",
206 require => Package['monit']
207 }
208 file { "/etc/monit/monitrc":
209 owner => "root", mode => 600,
210 content => template("/srv/cloud/puppet/templates/monitrc-nova-api.erb"),
211 require => Package['monit']
212 }
213 service { "monit":
214 ensure => true,
215 pattern => "sbin/monit",
216 subscribe => [
217 Package["monit"],
218 File["/etc/default/monit"],
219 File["/etc/monit/monitrc"],
220 ]
221 }
222
223}
224
225
226define nnetwork($version) {
227 # kill the default network added by the package
228 exec { "kill-libvirt-default-net":
229 command => "virsh net-destroy default; rm /etc/libvirt/qemu/networks/autostart/default.xml",
230 path => "/usr/bin:/bin",
231 onlyif => "test -f /etc/libvirt/qemu/networks/autostart/default.xml"
232 }
233
234 # EVIL HACK: custom binary because dnsmasq 2.52 segfaulted accessing dereferenced object
235 file { "/usr/sbin/dnsmasq":
236 owner => "root", group => "root",
237 source => "puppet://${puppet_server}/files/production/dnsmasq",
238 }
239
240 package { "nova-network": ensure => $version, require => Exec["update-apt"] }
241 nova_conf_pointer{'dhcpbridge': name => 'dhcpbridge'}
242 nova_conf_pointer{'network': name => "network" }
243
244 exec { "update-rc.d -f nova-network remove; update-rc.d nova-network defaults 50":
245 path => "/usr/bin:/usr/sbin:/bin",
246 onlyif => "test -f /etc/init.d/nova-network",
247 unless => "test -f /etc/rc2.d/S50nova-network"
248 }
249 service { "nova-network":
250 ensure => running,
251 hasstatus => true,
252 subscribe => [
253 Package["nova-network"],
254 File["/etc/nova/nova.conf"],
255 File["/etc/nova/nova-network.conf"]
256 ]
257 }
258}
259
260define nobjectstore($version) {
261 package { "nova-objectstore": ensure => $version, require => Exec["update-apt"] }
262 nova_conf_pointer{'objectstore': name => 'objectstore'}
263 exec { "update-rc.d -f nova-objectstore remove; update-rc.d nova-objectstore defaults 50":
264 path => "/usr/bin:/usr/sbin:/bin",
265 onlyif => "test -f /etc/init.d/nova-objectstore",
266 unless => "test -f /etc/rc2.d/S50nova-objectstore"
267 }
268 service { "nova-objectstore":
269 ensure => running,
270 hasstatus => true,
271 subscribe => [
272 Package["nova-objectstore"],
273 File["/etc/nova/nova.conf"],
274 File["/etc/nova/nova-objectstore.conf"]
275 ]
276 }
277}
278
279define ncompute($version) {
280 include ganglia-python
281 include ganglia-compute
282
283 # kill the default network added by the package
284 exec { "kill-libvirt-default-net":
285 command => "virsh net-destroy default; rm /etc/libvirt/qemu/networks/autostart/default.xml",
286 path => "/usr/bin:/bin",
287 onlyif => "test -f /etc/libvirt/qemu/networks/autostart/default.xml"
288 }
289
290
291 # LIBVIRT has to be restarted when ebtables / gawk is installed
292 service { "libvirt-bin":
293 ensure => running,
294 pattern => "sbin/libvirtd",
295 subscribe => [
296 Package["ebtables"],
297 Kern_module["kvm_intel"]
298 ],
299 require => [
300 Package["libvirt-bin"],
301 Package["ebtables"],
302 Package["gawk"],
303 Kern_module["kvm_intel"],
304 File["/dev/kvm"]
305 ]
306 }
307
308 package { "libvirt-bin": ensure => "0.8.3-1ubuntu14~ppalucid2" }
309 package { "ebtables": ensure => present }
310 package { "gawk": ensure => present }
311
312 # ensure proper permissions on /dev/kvm
313 file { "/dev/kvm":
314 owner => "root",
315 group => "kvm",
316 mode => 660
317 }
318
319 # require hardware virt
320 kern_module { "kvm_intel":
321 ensure => present,
322 }
323
324 # increase loopback devices
325 file { "/etc/modprobe.d/loop.conf":
326 owner => "root", mode => 644,
327 content => "options loop max_loop=40"
328 }
329
330 nova_conf_pointer{'compute': name => 'compute'}
331
332 loopback{loop0: num => 0}
333 loopback{loop1: num => 1}
334 loopback{loop2: num => 2}
335 loopback{loop3: num => 3}
336 loopback{loop4: num => 4}
337 loopback{loop5: num => 5}
338 loopback{loop6: num => 6}
339 loopback{loop7: num => 7}
340 loopback{loop8: num => 8}
341 loopback{loop9: num => 9}
342 loopback{loop10: num => 10}
343 loopback{loop11: num => 11}
344 loopback{loop12: num => 12}
345 loopback{loop13: num => 13}
346 loopback{loop14: num => 14}
347 loopback{loop15: num => 15}
348 loopback{loop16: num => 16}
349 loopback{loop17: num => 17}
350 loopback{loop18: num => 18}
351 loopback{loop19: num => 19}
352 loopback{loop20: num => 20}
353 loopback{loop21: num => 21}
354 loopback{loop22: num => 22}
355 loopback{loop23: num => 23}
356 loopback{loop24: num => 24}
357 loopback{loop25: num => 25}
358 loopback{loop26: num => 26}
359 loopback{loop27: num => 27}
360 loopback{loop28: num => 28}
361 loopback{loop29: num => 29}
362 loopback{loop30: num => 30}
363 loopback{loop31: num => 31}
364 loopback{loop32: num => 32}
365 loopback{loop33: num => 33}
366 loopback{loop34: num => 34}
367 loopback{loop35: num => 35}
368 loopback{loop36: num => 36}
369 loopback{loop37: num => 37}
370 loopback{loop38: num => 38}
371 loopback{loop39: num => 39}
372
373 package { "python-libvirt": ensure => "0.8.3-1ubuntu14~ppalucid2" }
374
375 package { "nova-compute":
376 ensure => "$version",
377 require => Package["python-libvirt"]
378 }
379
380 #file { "/usr/share/nova/libvirt.qemu.xml.template":
381 # owner => "nova", mode => 400,
382 # source => "puppet://${puppet_server}/files/production/libvirt.qemu.xml.template",
383 #}
384
385 # fix runlevels: using enable => true adds it as 20, which is too early
386 exec { "update-rc.d -f nova-compute remove":
387 path => "/usr/bin:/usr/sbin:/bin",
388 onlyif => "test -f /etc/rc2.d/S??nova-compute"
389 }
390 service { "nova-compute":
391 ensure => running,
392 hasstatus => true,
393 subscribe => [
394 Package["nova-compute"],
395 File["/etc/nova/nova.conf"],
396 File["/etc/nova/nova-compute.conf"],
397 #File["/usr/share/nova/libvirt.qemu.xml.template"],
398 Service["libvirt-bin"],
399 Kern_module["kvm_intel"]
400 ]
401 }
402}
403
404define nvolume($version) {
405
406 package { "nova-volume": ensure => $version, require => Exec["update-apt"] }
407
408 nova_conf_pointer{'volume': name => 'volume'}
409
410 # fix runlevels: using enable => true adds it as 20, which is too early
411 exec { "update-rc.d -f nova-volume remove":
412 path => "/usr/bin:/usr/sbin:/bin",
413 onlyif => "test -f /etc/rc2.d/S??nova-volume"
414 }
415
416 file { "/etc/default/iscsitarget":
417 owner => "root", mode => 644,
418 content => "ISCSITARGET_ENABLE=true"
419 }
420
421 package { "iscsitarget": ensure => present }
422
423 file { "/dev/iscsi": ensure => directory } # FIXME(vish): owner / mode?
424 file { "/usr/sbin/nova-iscsi-dev.sh":
425 owner => "root", mode => 755,
426 source => "puppet://${puppet_server}/files/production/nova-iscsi-dev.sh"
427 }
428 file { "/etc/udev/rules.d/55-openiscsi.rules":
429 owner => "root", mode => 644,
430 content => 'KERNEL=="sd*", BUS=="scsi", PROGRAM="/usr/sbin/nova-iscsi-dev.sh %b",SYMLINK+="iscsi/%c%n"'
431 }
432
433 service { "iscsitarget":
434 ensure => running,
435 enable => true,
436 hasstatus => true,
437 require => [
438 File["/etc/default/iscsitarget"],
439 Package["iscsitarget"]
440 ]
441 }
442
443 service { "nova-volume":
444 ensure => running,
445 hasstatus => true,
446 subscribe => [
447 Package["nova-volume"],
448 File["/etc/nova/nova.conf"],
449 File["/etc/nova/nova-volume.conf"]
450 ]
451 }
452}
453
454class novaspool {
455 # This isn't in release yet
456 #cron { logspool:
457 # command => "/usr/bin/nova-logspool /var/log/nova.log /var/lib/nova/spool",
458 # user => "nova"
459 #}
460 #cron { spoolsentry:
461 # command => "/usr/bin/nova-spoolsentry ${sentry_url} ${sentry_key} /var/lib/nova/spool",
462 # user => "nova"
463 #}
464}
4650
=== removed file 'contrib/puppet/manifests/classes/swift.pp'
--- contrib/puppet/manifests/classes/swift.pp 2010-11-12 19:07:46 +0000
+++ contrib/puppet/manifests/classes/swift.pp 1970-01-01 00:00:00 +0000
@@ -1,7 +0,0 @@
1class swift {
2 package { "memcached": ensure => present }
3 service { "memcached": require => Package['memcached'] }
4
5 package { "swift-proxy": ensure => present }
6}
7
80
=== removed file 'contrib/puppet/manifests/site.pp'
--- contrib/puppet/manifests/site.pp 2010-11-12 19:07:46 +0000
+++ contrib/puppet/manifests/site.pp 1970-01-01 00:00:00 +0000
@@ -1,120 +0,0 @@
1# site.pp
2
3import "templates"
4import "classes/*"
5
6node novabase inherits default {
7# $puppet_server = "192.168.0.10"
8 $cluster_name = "openstack001"
9 $ganglia_udp_send_channel = "openstack001.example.com"
10 $syslog = "192.168.0.10"
11
12 # THIS STUFF ISN'T IN RELEASE YET
13 #$sentry_url = "http://192.168.0.19/sentry/store/"
14 #$sentry_key = "TODO:SENTRYPASS"
15
16 $local_network = "192.168.0.0/16"
17 $vpn_ip = "192.168.0.2"
18 $public_interface = "eth0"
19 include novanode
20# include nova-common
21 include opsmetrics
22
23# non-nova stuff such as nova-dash inherit from novanode
24# novaspool needs a better home
25# include novaspool
26}
27
28# Builder
29node "nova000.example.com" inherits novabase {
30 $syslog = "server"
31 include ntp
32 include syslog-server
33}
34
35# Non-Nova nodes
36
37node
38 "blog.example.com",
39 "wiki.example.com"
40inherits novabase {
41 include ganglia-python
42 include ganglia-apache
43 include ganglia-mysql
44}
45
46
47node "nova001.example.com"
48inherits novabase {
49 include novabase
50
51 nova_iptables { nova:
52 services => [
53 "ganglia",
54 "mysql",
55 "rabbitmq",
56 "ldap",
57 "api",
58 "objectstore",
59 "nrpe",
60 ],
61 ip => "192.168.0.10",
62 }
63
64 nobjectstore { nova: version => "0.9.0" }
65 nscheduler { nova: version => "0.9.0" }
66 napi { nova:
67 version => "0.9.0",
68 api_servers => 10,
69 api_base_port => 8000
70 }
71}
72
73node "nova002.example.com"
74inherits novabase {
75 include novaconf
76
77 nova_iptables { nova:
78 services => [
79 "ganglia",
80 "dnsmasq",
81 "nrpe"
82 ],
83 ip => "192.168.4.2",
84 private_range => "192.168.0.0/16",
85 }
86
87 nnetwork { nova: version => "0.9.0" }
88}
89
90node
91 "nova003.example.com",
92 "nova004.example.com",
93 "nova005.example.com",
94 "nova006.example.com",
95 "nova007.example.com",
96 "nova008.example.com",
97 "nova009.example.com",
98 "nova010.example.com",
99 "nova011.example.com",
100 "nova012.example.com",
101 "nova013.example.com",
102 "nova014.example.com",
103 "nova015.example.com",
104 "nova016.example.com",
105 "nova017.example.com",
106 "nova018.example.com",
107 "nova019.example.com",
108inherits novabase {
109 include novaconf
110 ncompute { nova: version => "0.9.0" }
111 nvolume { nova: version => "0.9.0" }
112}
113
114#node
115# "nova020.example.com"
116# "nova021.example.com"
117#inherits novanode {
118# include novaconf
119 #ncompute { nova: version => "0.9.0" }
120#}
1210
=== removed file 'contrib/puppet/manifests/templates.pp'
--- contrib/puppet/manifests/templates.pp 2010-11-12 19:07:46 +0000
+++ contrib/puppet/manifests/templates.pp 1970-01-01 00:00:00 +0000
@@ -1,21 +0,0 @@
1# templates.pp
2
3import "classes/*"
4
5class baseclass {
6# include dns-client # FIXME: missing resolv.conf.erb??
7 include issue
8}
9
10node default {
11 $nova_site = "undef"
12 $nova_ns1 = "undef"
13 $nova_ns2 = "undef"
14# include baseclass
15}
16
17# novanode handles the system-level requirements for Nova/Swift nodes
18class novanode {
19 include baseclass
20 include lvmconf
21}
220
=== removed file 'contrib/puppet/puppet.conf'
--- contrib/puppet/puppet.conf 2010-11-12 19:07:46 +0000
+++ contrib/puppet/puppet.conf 1970-01-01 00:00:00 +0000
@@ -1,11 +0,0 @@
1[main]
2logdir=/var/log/puppet
3vardir=/var/lib/puppet
4ssldir=/var/lib/puppet/ssl
5rundir=/var/run/puppet
6factpath=$vardir/lib/facter
7pluginsync=false
8
9[puppetmasterd]
10templatedir=/var/lib/nova/contrib/puppet/templates
11autosign=true
120
=== removed directory 'contrib/puppet/templates'
=== removed file 'contrib/puppet/templates/haproxy.cfg.erb'
--- contrib/puppet/templates/haproxy.cfg.erb 2010-11-12 19:07:46 +0000
+++ contrib/puppet/templates/haproxy.cfg.erb 1970-01-01 00:00:00 +0000
@@ -1,39 +0,0 @@
1# this config needs haproxy-1.1.28 or haproxy-1.2.1
2
3global
4 log 127.0.0.1 local0
5 log 127.0.0.1 local1 notice
6 #log loghost local0 info
7 maxconn 4096
8 #chroot /usr/share/haproxy
9 stats socket /var/run/haproxy.sock
10 user haproxy
11 group haproxy
12 daemon
13 #debug
14 #quiet
15
16defaults
17 log global
18 mode http
19 option httplog
20 option dontlognull
21 retries 3
22 option redispatch
23 stats enable
24 stats uri /haproxy
25 maxconn 2000
26 contimeout 5000
27 clitimeout 50000
28 srvtimeout 50000
29
30
31listen nova-api 0.0.0.0:8773
32 option httpchk GET / HTTP/1.0\r\nHost:\ example.com
33 option forwardfor
34 reqidel ^X-Forwarded-For:.*
35 balance roundrobin
36<% api_servers.to_i.times do |offset| %><% port = api_base_port.to_i + offset -%>
37 server api_<%= port %> 127.0.0.1:<%= port %> maxconn 1 check
38<% end -%>
39 option httpclose # disable keep-alive
400
=== removed file 'contrib/puppet/templates/monitrc-nova-api.erb'
--- contrib/puppet/templates/monitrc-nova-api.erb 2010-11-12 19:07:46 +0000
+++ contrib/puppet/templates/monitrc-nova-api.erb 1970-01-01 00:00:00 +0000
@@ -1,138 +0,0 @@
1###############################################################################
2## Monit control file
3###############################################################################
4##
5## Comments begin with a '#' and extend through the end of the line. Keywords
6## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
7##
8## Below you will find examples of some frequently used statements. For
9## information about the control file, a complete list of statements and
10## options please have a look in the monit manual.
11##
12##
13###############################################################################
14## Global section
15###############################################################################
16##
17## Start monit in the background (run as a daemon):
18#
19set daemon 60 # check services at 1-minute intervals
20 with start delay 30 # optional: delay the first check by half a minute
21 # (by default check immediately after monit start)
22
23
24## Set syslog logging with the 'daemon' facility. If the FACILITY option is
25## omitted, monit will use 'user' facility by default. If you want to log to
26## a stand alone log file instead, specify the path to a log file
27#
28set logfile syslog facility log_daemon
29#
30#
31### Set the location of monit id file which saves the unique id specific for
32### given monit. The id is generated and stored on first monit start.
33### By default the file is placed in $HOME/.monit.id.
34#
35# set idfile /var/.monit.id
36#
37### Set the location of monit state file which saves the monitoring state
38### on each cycle. By default the file is placed in $HOME/.monit.state. If
39### state file is stored on persistent filesystem, monit will recover the
40### monitoring state across reboots. If it is on temporary filesystem, the
41### state will be lost on reboot.
42#
43# set statefile /var/.monit.state
44#
45## Set the list of mail servers for alert delivery. Multiple servers may be
46## specified using comma separator. By default monit uses port 25 - this
47## is possible to override with the PORT option.
48#
49# set mailserver mail.bar.baz, # primary mailserver
50# backup.bar.baz port 10025, # backup mailserver on port 10025
51# localhost # fallback relay
52#
53#
54## By default monit will drop alert events if no mail servers are available.
55## If you want to keep the alerts for a later delivery retry, you can use the
56## EVENTQUEUE statement. The base directory where undelivered alerts will be
57## stored is specified by the BASEDIR option. You can limit the maximal queue
58## size using the SLOTS option (if omitted, the queue is limited by space
59## available in the back end filesystem).
60#
61# set eventqueue
62# basedir /var/monit # set the base directory where events will be stored
63# slots 100 # optionaly limit the queue size
64#
65#
66## Send status and events to M/Monit (Monit central management: for more
67## informations about M/Monit see http://www.tildeslash.com/mmonit).
68#
69# set mmonit http://monit:monit@192.168.1.10:8080/collector
70#
71#
72## Monit by default uses the following alert mail format:
73##
74## --8<--
75## From: monit@$HOST # sender
76## Subject: monit alert -- $EVENT $SERVICE # subject
77##
78## $EVENT Service $SERVICE #
79## #
80## Date: $DATE #
81## Action: $ACTION #
82## Host: $HOST # body
83## Description: $DESCRIPTION #
84## #
85## Your faithful employee, #
86## monit #
87## --8<--
88##
89## You can override this message format or parts of it, such as subject
90## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
91## are expanded at runtime. For example, to override the sender:
92#
93# set mail-format { from: monit@foo.bar }
94#
95#
96## You can set alert recipients here whom will receive alerts if/when a
97## service defined in this file has errors. Alerts may be restricted on
98## events by using a filter as in the second example below.
99#
100# set alert sysadm@foo.bar # receive all alerts
101# set alert manager@foo.bar only on { timeout } # receive just service-
102# # timeout alert
103#
104#
105## Monit has an embedded web server which can be used to view status of
106## services monitored, the current configuration, actual services parameters
107## and manage services from a web interface.
108#
109 set httpd port 2812 and
110 use address localhost # only accept connection from localhost
111 allow localhost # allow localhost to connect to the server and
112# allow admin:monit # require user 'admin' with password 'monit'
113# allow @monit # allow users of group 'monit' to connect (rw)
114# allow @users readonly # allow users of group 'users' to connect readonly
115#
116#
117###############################################################################
118## Services
119###############################################################################
120
121<% api_servers.to_i.times do |offset| %><% port = api_base_port.to_i + offset %>
122
123check process nova_api_<%= port %> with pidfile /var/run/nova/nova-api-<%= port %>.pid
124 group nova_api
125 start program = "/usr/bin/nova-api --flagfile=/etc/nova/nova.conf --pidfile=/var/run/nova/nova-api-<%= port %>.pid --api_listen_port=<%= port %> --lockfile=/var/run/nova/nova-api-<%= port %>.pid.lock start"
126 as uid nova
127 stop program = "/usr/bin/nova-api --flagfile=/etc/nova/nova.conf --pidfile=/var/run/nova/nova-api-<%= port %>.pid --api_listen_port=<%= port %> --lockfile=/var/run/nova/nova-api-<%= port %>.pid.lock stop"
128 as uid nova
129 if failed port <%= port %> protocol http
130 with timeout 15 seconds
131 for 4 cycles
132 then restart
133 if totalmem > 300 Mb then restart
134 if cpu is greater than 60% for 2 cycles then alert
135 if cpu > 80% for 3 cycles then restart
136 if 3 restarts within 5 cycles then timeout
137
138<% end %>
1390
=== removed file 'contrib/puppet/templates/nova-iptables.erb'
--- contrib/puppet/templates/nova-iptables.erb 2010-11-12 19:07:46 +0000
+++ contrib/puppet/templates/nova-iptables.erb 1970-01-01 00:00:00 +0000
@@ -1,10 +0,0 @@
1<% services.each do |service| -%>
2<%= service.upcase %>=1
3<% end -%>
4<% if ip && ip != "" %>IP="<%=ip%>"<% end %>
5<% if private_range && private_range != "" %>PRIVATE_RANGE="<%=private_range%>"<% end %>
6<% if mgmt_ip && mgmt_ip != "" %>MGMT_IP="<%=mgmt_ip%>"<% end %>
7<% if dmz_ip && dmz_ip != "" %>DMZ_IP="<%=dmz_ip%>"<% end %>
8
9# warning: this file is auto-generated by puppet
10
110
=== removed directory 'contrib/puppet/templates/production'
=== removed file 'contrib/puppet/templates/production/nova-common.conf.erb'
--- contrib/puppet/templates/production/nova-common.conf.erb 2010-11-23 18:46:07 +0000
+++ contrib/puppet/templates/production/nova-common.conf.erb 1970-01-01 00:00:00 +0000
@@ -1,55 +0,0 @@
1# global
2--dmz_net=192.168.0.0
3--dmz_mask=255.255.0.0
4--dmz_cidr=192.168.0.0/16
5--ldap_user_dn=cn=Administrators,dc=example,dc=com
6--ldap_user_unit=Users
7--ldap_user_subtree=ou=Users,dc=example,dc=com
8--ldap_project_subtree=ou=Groups,dc=example,dc=com
9--role_project_subtree=ou=Groups,dc=example,dc=com
10--ldap_cloudadmin=cn=NovaAdmins,ou=Groups,dc=example,dc=com
11--ldap_itsec=cn=NovaSecurity,ou=Groups,dc=example,dc=com
12--ldap_sysadmin=cn=Administrators,ou=Groups,dc=example,dc=com
13--ldap_netadmin=cn=Administrators,ou=Groups,dc=example,dc=com
14--ldap_developer=cn=developers,ou=Groups,dc=example,dc=com
15--verbose
16--daemonize
17--syslog
18--networks_path=/var/lib/nova/networks
19--instances_path=/var/lib/nova/instances
20--buckets_path=/var/lib/nova/objectstore/buckets
21--images_path=/var/lib/nova/objectstore/images
22--scheduler_driver=nova.scheduler.simple.SimpleScheduler
23--libvirt_xml_template=/usr/share/nova/libvirt.qemu.xml.template
24--credentials_template=/usr/share/nova/novarc.template
25--boot_script_template=/usr/share/nova/bootscript.template
26--vpn_client_template=/usr/share/nova/client.ovpn.template
27--max_cores=40
28--max_gigabytes=2000
29--ca_path=/var/lib/nova/CA
30--keys_path=/var/lib/nova/keys
31--vpn_start=11000
32--volume_group=vgdata
33--volume_manager=nova.volume.manager.ISCSIManager
34--volume_driver=nova.volume.driver.ISCSIDriver
35--default_kernel=aki-DEFAULT
36--default_ramdisk=ari-DEFAULT
37--dhcpbridge=/usr/bin/nova-dhcpbridge
38--vpn_image_id=ami-cloudpipe
39--dhcpbridge_flagfile=/etc/nova/nova.conf
40--credential_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=NOVA/CN=%s-%s
41--auth_driver=nova.auth.ldapdriver.LdapDriver
42--quota_cores=17
43--quota_floating_ips=5
44--quota_instances=6
45--quota_volumes=10
46--quota_gigabytes=100
47--use_nova_chains=True
48--input_chain=services
49--use_project_ca=True
50--fixed_ip_disassociate_timeout=300
51--api_max_requests=1
52--api_listen_ip=127.0.0.1
53--user_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=Nova/CN=%s-%s-%s
54--project_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=Nova/CN=project-ca-%s-%s
55--vpn_cert_subject=/C=US/ST=Texas/L=Bexar/O=NovaDev/OU=Nova/CN=project-vpn-%s-%s
560
=== removed file 'contrib/puppet/templates/production/nova-nova.conf.erb'
--- contrib/puppet/templates/production/nova-nova.conf.erb 2010-11-12 19:07:46 +0000
+++ contrib/puppet/templates/production/nova-nova.conf.erb 1970-01-01 00:00:00 +0000
@@ -1,21 +0,0 @@
1--fixed_range=192.168.0.0/16
2--iscsi_ip_prefix=192.168.4
3--floating_range=10.0.0.0/24
4--rabbit_host=192.168.0.10
5--s3_host=192.168.0.10
6--cc_host=192.168.0.10
7--cc_dmz=192.168.24.10
8--s3_dmz=192.168.24.10
9--ec2_url=http://192.168.0.1:8773/services/Cloud
10--vpn_ip=192.168.0.2
11--ldap_url=ldap://192.168.0.10
12--sql_connection=mysql://nova:TODO-MYPASS@192.168.0.10/nova
13--other_sql_connection=mysql://nova:TODO-MYPASS@192.168.0.10/nova
14--routing_source_ip=192.168.0.2
15--bridge_dev=eth1
16--public_interface=eth0
17--vlan_start=3100
18--num_networks=700
19--rabbit_userid=TODO:RABBIT
20--rabbit_password=TODO:CHANGEME
21--ldap_password=TODO:CHANGEME
220
=== modified file 'nova/service.py'
--- nova/service.py 2011-01-27 19:52:10 +0000
+++ nova/service.py 2011-02-20 19:58:33 +0000
@@ -50,10 +50,6 @@
50 'seconds between running periodic tasks',50 'seconds between running periodic tasks',
51 lower_bound=1)51 lower_bound=1)
5252
53flags.DEFINE_string('pidfile', None,
54 'pidfile to use for this service')
55
56
57flags.DEFINE_flag(flags.HelpFlag())53flags.DEFINE_flag(flags.HelpFlag())
58flags.DEFINE_flag(flags.HelpshortFlag())54flags.DEFINE_flag(flags.HelpshortFlag())
59flags.DEFINE_flag(flags.HelpXMLFlag())55flags.DEFINE_flag(flags.HelpXMLFlag())