Merge lp:~james-page/charms/precise/nova-compute/fix-nm-config-store into lp:~charmers/charms/precise/nova-compute/trunk
- Precise Pangolin (12.04)
- fix-nm-config-store
- Merge into trunk
Proposed by
James Page
Status: | Superseded |
---|---|
Proposed branch: | lp:~james-page/charms/precise/nova-compute/fix-nm-config-store |
Merge into: | lp:~charmers/charms/precise/nova-compute/trunk |
Diff against target: |
1204 lines (+890/-46) (has conflicts) 10 files modified
config.yaml (+14/-0) hooks/lib/nova/essex (+2/-2) hooks/lib/nova/folsom (+3/-5) hooks/lib/nova/grizzly (+80/-0) hooks/lib/nova/nova-common (+31/-4) hooks/lib/openstack-common (+587/-25) hooks/nova-compute-common (+107/-9) hooks/nova-compute-relations (+59/-1) metadata.yaml (+3/-0) revision (+4/-0) Text conflict in config.yaml Text conflict in hooks/nova-compute-common Text conflict in hooks/nova-compute-relations Text conflict in revision |
To merge this branch: | bzr merge lp:~james-page/charms/precise/nova-compute/fix-nm-config-store |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
charmers | Pending | ||
Review via email: mp+152657@code.launchpad.net |
This proposal has been superseded by a proposal from 2013-03-11.
Commit message
Description of the change
Fixup configure_
This was causing issues in other hooks when the value was stored but the associated packages had not been installed.
To post a comment you must log in.
Unmerged revisions
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'config.yaml' |
2 | --- config.yaml 2013-03-01 22:10:38 +0000 |
3 | +++ config.yaml 2013-03-11 12:12:19 +0000 |
4 | @@ -37,11 +37,25 @@ |
5 | virt-type: |
6 | default: kvm |
7 | type: string |
8 | +<<<<<<< TREE |
9 | description: "Virtualization flavor. Supported: kvm, xen, uml, lxc. qemu" |
10 | multi-host: |
11 | default: "yes" |
12 | type: string |
13 | description: Whether to run nova-api and nova-network on the compute nodes. |
14 | +======= |
15 | + description: Virtualization flavor (kvm, xen, uml, lxc, qemu) |
16 | + enable-live-migration: |
17 | + default: False |
18 | + type: boolean |
19 | + description: Configure libvirt for live migration. |
20 | + migration-auth-type: |
21 | + default: sasl |
22 | + type: string |
23 | + description: | |
24 | + TCP authentication scheme for libvirt live migration. Available options |
25 | + include sasl or none. |
26 | +>>>>>>> MERGE-SOURCE |
27 | # needed if using flatmanager |
28 | bridge-interface: |
29 | default: br100 |
30 | |
31 | === modified file 'hooks/lib/nova/essex' |
32 | --- hooks/lib/nova/essex 2012-10-02 23:41:28 +0000 |
33 | +++ hooks/lib/nova/essex 2013-03-11 12:12:19 +0000 |
34 | @@ -12,7 +12,7 @@ |
35 | |
36 | local nova_conf=${NOVA_CONF:-/etc/nova/nova.conf} |
37 | local api_conf=${API_CONF:-/etc/nova/api-paste.ini} |
38 | - |
39 | + local libvirtd_conf=${LIBVIRTD_CONF:-/etc/libvirt/libvirtd.conf} |
40 | [[ -z $key ]] && juju-log "$CHARM set_or_update: value $value missing key" && exit 1 |
41 | [[ -z $value ]] && juju-log "$CHARM set_or_update: key $key missing value" && exit 1 |
42 | [[ -z "$conf_file" ]] && conf_file=$nova_conf |
43 | @@ -22,7 +22,7 @@ |
44 | pattern="--$key=" |
45 | out=$pattern |
46 | ;; |
47 | - "$api_conf") match="^$key = " |
48 | + "$api_conf"|"$libvirtd_conf") match="^$key = " |
49 | pattern="$match" |
50 | out="$key = " |
51 | ;; |
52 | |
53 | === modified file 'hooks/lib/nova/folsom' |
54 | --- hooks/lib/nova/folsom 2012-12-03 11:18:59 +0000 |
55 | +++ hooks/lib/nova/folsom 2013-03-11 12:12:19 +0000 |
56 | @@ -15,6 +15,7 @@ |
57 | local quantum_conf=${QUANTUM_CONF:-/etc/quantum/quantum.conf} |
58 | local quantum_api_conf=${QUANTUM_API_CONF:-/etc/quantum/api-paste.ini} |
59 | local quantum_plugin_conf=${QUANTUM_PLUGIN_CONF:-/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini} |
60 | + local libvirtd_conf=${LIBVIRTD_CONF:-/etc/libvirt/libvirtd.conf} |
61 | |
62 | [[ -z $key ]] && juju-log "$CHARM: set_or_update: value $value missing key" && exit 1 |
63 | [[ -z $value ]] && juju-log "$CHARM: set_or_update: key $key missing value" && exit 1 |
64 | @@ -27,11 +28,8 @@ |
65 | pattern="$key=" |
66 | out=$pattern |
67 | ;; |
68 | - "$api_conf") match="^$key = " |
69 | - pattern="$match" |
70 | - out="$key = " |
71 | - ;; |
72 | - "$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf") |
73 | + "$api_conf"|"$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf"| \ |
74 | + "$libvirtd_conf") |
75 | match="^$key = " |
76 | pattern="$match" |
77 | out="$key = " |
78 | |
79 | === added file 'hooks/lib/nova/grizzly' |
80 | --- hooks/lib/nova/grizzly 1970-01-01 00:00:00 +0000 |
81 | +++ hooks/lib/nova/grizzly 2013-03-11 12:12:19 +0000 |
82 | @@ -0,0 +1,80 @@ |
83 | +#!/bin/bash -e |
84 | + |
85 | +# Folsom-specific functions |
86 | + |
87 | +nova_set_or_update() { |
88 | + # TODO: This needs to be shared among folsom, grizzly and beyond. |
89 | + # Set a config option in nova.conf or api-paste.ini, depending |
90 | + # Defaults to updating nova.conf |
91 | + local key="$1" |
92 | + local value="$2" |
93 | + local conf_file="$3" |
94 | + local section="${4:-DEFAULT}" |
95 | + |
96 | + local nova_conf=${NOVA_CONF:-/etc/nova/nova.conf} |
97 | + local api_conf=${API_CONF:-/etc/nova/api-paste.ini} |
98 | + local quantum_conf=${QUANTUM_CONF:-/etc/quantum/quantum.conf} |
99 | + local quantum_api_conf=${QUANTUM_API_CONF:-/etc/quantum/api-paste.ini} |
100 | + local quantum_plugin_conf=${QUANTUM_PLUGIN_CONF:-/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini} |
101 | + local libvirtd_conf=${LIBVIRTD_CONF:-/etc/libvirt/libvirtd.conf} |
102 | + |
103 | + [[ -z $key ]] && juju-log "$CHARM: set_or_update: value $value missing key" && exit 1 |
104 | + [[ -z $value ]] && juju-log "$CHARM: set_or_update: key $key missing value" && exit 1 |
105 | + |
106 | + [[ -z "$conf_file" ]] && conf_file=$nova_conf |
107 | + |
108 | + local pattern="" |
109 | + case "$conf_file" in |
110 | + "$nova_conf") match="^$key=" |
111 | + pattern="$key=" |
112 | + out=$pattern |
113 | + ;; |
114 | + "$api_conf"|"$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf"| \ |
115 | + "$libvirtd_conf") |
116 | + match="^$key = " |
117 | + pattern="$match" |
118 | + out="$key = " |
119 | + ;; |
120 | + *) juju-log "$CHARM ERROR: set_or_update: Invalid conf_file ($conf_file)" |
121 | + esac |
122 | + |
123 | + cat $conf_file | grep "$match$value" >/dev/null && |
124 | + juju-log "$CHARM: $key=$value already in set in $conf_file" \ |
125 | + && return 0 |
126 | + |
127 | + case $conf_file in |
128 | + "$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf") |
129 | + python -c " |
130 | +import ConfigParser |
131 | +config = ConfigParser.RawConfigParser() |
132 | +config.read('$conf_file') |
133 | +config.set('$section','$key','$value') |
134 | +with open('$conf_file', 'wb') as configfile: |
135 | + config.write(configfile) |
136 | +" |
137 | + ;; |
138 | + *) |
139 | + if cat $conf_file | grep "$match" >/dev/null ; then |
140 | + juju-log "$CHARM: Updating $conf_file, $key=$value" |
141 | + sed -i "s|\($pattern\).*|\1$value|" $conf_file |
142 | + else |
143 | + juju-log "$CHARM: Setting new option $key=$value in $conf_file" |
144 | + echo "$out$value" >>$conf_file |
145 | + fi |
146 | + ;; |
147 | + esac |
148 | +} |
149 | + |
150 | +# Upgrade Helpers |
151 | +nova_pre_upgrade() { |
152 | + # Pre-upgrade helper. Caller should pass the version of OpenStack we are |
153 | + # upgrading from. |
154 | + return 0 # Nothing to do here, yet. |
155 | +} |
156 | + |
157 | +nova_post_upgrade() { |
158 | + # Post-upgrade helper. Caller should pass the version of OpenStack we are |
159 | + # upgrading from. |
160 | + juju-log "$CHARM: Running post-upgrade hook: $upgrade_from -> folsom." |
161 | + # nothing to do here yet. |
162 | +} |
163 | |
164 | === modified file 'hooks/lib/nova/nova-common' |
165 | --- hooks/lib/nova/nova-common 2012-12-06 10:21:10 +0000 |
166 | +++ hooks/lib/nova/nova-common 2013-03-11 12:12:19 +0000 |
167 | @@ -32,9 +32,15 @@ |
168 | |
169 | configure_volume_service() { |
170 | local svc="$1" |
171 | + local cur_vers="$(get_os_codename_package "nova-common")" |
172 | case "$svc" in |
173 | - "cinder") set_or_update "volume_api_class" "nova.volume.cinder.API" ;; |
174 | - "nova-volume") set_or_update "volume_api_class" "nova.volume.api.API" ;; |
175 | + "cinder") |
176 | + set_or_update "volume_api_class" "nova.volume.cinder.API" ;; |
177 | + "nova-volume") |
178 | + # nova-volume only supported before grizzly. |
179 | + [[ "$cur_vers" == "essex" ]] || [[ "$cur_vers" == "folsom" ]] && |
180 | + set_or_update "volume_api_class" "nova.volume.api.API" |
181 | + ;; |
182 | *) juju-log "$CHARM ERROR - configure_volume_service: Invalid service $svc" |
183 | return 1 ;; |
184 | esac |
185 | @@ -49,11 +55,32 @@ |
186 | ;; |
187 | "FlatDHCPManager") |
188 | set_or_update "network_manager" "nova.network.manager.FlatDHCPManager" |
189 | + |
190 | + if [[ "$CHARM" == "nova-compute" ]] ; then |
191 | + local flat_interface=$(config-get flat-interface) |
192 | + local ec2_host=$(relation-get ec2_host) |
193 | + set_or_update flat_inteface "$flat_interface" |
194 | + set_or_update ec2_dmz_host "$ec2_host" |
195 | + |
196 | + # Ensure flat_interface has link. |
197 | + if ip link show $flat_interface >/dev/null 2>&1 ; then |
198 | + ip link set $flat_interface up |
199 | + fi |
200 | + |
201 | + # work around (LP: #1035172) |
202 | + if [[ -e /dev/vhost-net ]] ; then |
203 | + iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM \ |
204 | + --checksum-fill |
205 | + fi |
206 | + fi |
207 | + |
208 | ;; |
209 | "Quantum") |
210 | local local_ip=$(get_ip `unit-get private-address`) |
211 | - [[ -n $local_ip ]] || juju-log "Unable to resolve local IP address" \ |
212 | - && exit 1 |
213 | + [[ -n $local_ip ]] || { |
214 | + juju-log "Unable to resolve local IP address" |
215 | + exit 1 |
216 | + } |
217 | set_or_update "network_api_class" "nova.network.quantumv2.api.API" |
218 | set_or_update "quantum_auth_strategy" "keystone" |
219 | set_or_update "core_plugin" "$QUANTUM_CORE_PLUGIN" "$QUANTUM_CONF" |
220 | |
221 | === modified file 'hooks/lib/openstack-common' |
222 | --- hooks/lib/openstack-common 2012-12-06 10:17:41 +0000 |
223 | +++ hooks/lib/openstack-common 2013-03-11 12:12:19 +0000 |
224 | @@ -70,46 +70,62 @@ |
225 | # gpg key id tagged to end of url folloed by a | |
226 | url=$(echo $src | cut -d'|' -f1) |
227 | key=$(echo $src | cut -d'|' -f2) |
228 | - if [[ -n "$key" ]] ; then |
229 | - juju-log "$CHARM: Importing repository key: $key" |
230 | - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$key" || \ |
231 | - juju-log "$CHARM WARN: Could not import key from keyserver: $key" |
232 | - else |
233 | - juju-log "$CHARM No repository key specified" |
234 | - url="$src" |
235 | - fi |
236 | - echo $url > /etc/apt/sources.list.d/juju_deb.list |
237 | + juju-log "$CHARM: Importing repository key: $key" |
238 | + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$key" || \ |
239 | + juju-log "$CHARM WARN: Could not import key from keyserver: $key" |
240 | + else |
241 | + juju-log "$CHARM No repository key specified." |
242 | + url="$src" |
243 | fi |
244 | + echo "$url" > /etc/apt/sources.list.d/juju_deb.list |
245 | return 0 |
246 | fi |
247 | |
248 | # Cloud Archive |
249 | if [[ "${src:0:6}" == "cloud:" ]] ; then |
250 | - local archive_key="5EDB1B62EC4926EA" |
251 | - local rel=$(echo $src | cut -d: -f2) |
252 | - local u_rel=$(echo $rel | cut -d- -f1) |
253 | - local ca_rel=$(echo $rel | cut -d- -f2) |
254 | + |
255 | + # current os releases supported by the UCA. |
256 | + local cloud_archive_versions="folsom grizzly" |
257 | + |
258 | + local ca_rel=$(echo $src | cut -d: -f2) |
259 | + local u_rel=$(echo $ca_rel | cut -d- -f1) |
260 | + local os_rel=$(echo $ca_rel | cut -d- -f2 | cut -d/ -f1) |
261 | |
262 | [[ "$u_rel" != "$DISTRIB_CODENAME" ]] && |
263 | error_out "Cannot install from Cloud Archive pocket $src " \ |
264 | "on this Ubuntu version ($DISTRIB_CODENAME)!" |
265 | |
266 | - if [[ "$ca_rel" == "folsom/staging" ]] ; then |
267 | - # cloud archive staging is just a regular PPA. |
268 | - add-apt-repository -y ppa:ubuntu-cloud-archive/folsom-staging |
269 | + valid_release="" |
270 | + for rel in $cloud_archive_versions ; do |
271 | + if [[ "$os_rel" == "$rel" ]] ; then |
272 | + valid_release=1 |
273 | + juju-log "Installing OpenStack ($os_rel) from the Ubuntu Cloud Archive." |
274 | + fi |
275 | + done |
276 | + if [[ -z "$valid_release" ]] ; then |
277 | + error_out "OpenStack release ($os_rel) not supported by "\ |
278 | + "the Ubuntu Cloud Archive." |
279 | + fi |
280 | + |
281 | + # CA staging repos are standard PPAs. |
282 | + if echo $ca_rel | grep -q "staging" ; then |
283 | + add-apt-repository -y ppa:ubuntu-cloud-archive/${os_rel}-staging |
284 | return 0 |
285 | fi |
286 | |
287 | + # the others are LP-external deb repos. |
288 | case "$ca_rel" in |
289 | - "folsom"|"folsom/updates") pocket="precise-updates/folsom" ;; |
290 | - "folsom/proposed") pocket="precise-proposed/folsom" ;; |
291 | + "$u_rel-$os_rel"|"$u_rel-$os_rel/updates") pocket="$u_rel-updates/$os_rel" ;; |
292 | + "$u_rel-$os_rel/proposed") pocket="$u_rel-proposed/$os_rel" ;; |
293 | + "$u_rel-$os_rel"|"$os_rel/updates") pocket="$u_rel-updates/$os_rel" ;; |
294 | + "$u_rel-$os_rel/proposed") pocket="$u_rel-proposed/$os_rel" ;; |
295 | *) error_out "Invalid Cloud Archive repo specified: $src" |
296 | esac |
297 | |
298 | + apt-get -y install ubuntu-cloud-keyring |
299 | entry="deb http://ubuntu-cloud.archive.canonical.com/ubuntu $pocket main" |
300 | echo "$entry" \ |
301 | >/etc/apt/sources.list.d/ubuntu-cloud-archive-$DISTRIB_CODENAME.list |
302 | - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $archive_key |
303 | return 0 |
304 | fi |
305 | |
306 | @@ -142,15 +158,16 @@ |
307 | case "$ca_rel" in |
308 | "folsom"|"folsom/updates"|"folsom/proposed"|"folsom/staging") |
309 | codename="folsom" ;; |
310 | - "grizzly"|"grizzly/updates"|"grizzly/proposed"|"grizzy/staging") |
311 | - codename="grizly" ;; |
312 | + "grizzly"|"grizzly/updates"|"grizzly/proposed"|"grizzly/staging") |
313 | + codename="grizzly" ;; |
314 | esac |
315 | fi |
316 | fi |
317 | |
318 | # have a guess based on the deb string provided |
319 | - if [[ "${rel:0:3}" == "deb" ]]; then |
320 | - CODENAMES="diablo essex folsom grizzly" |
321 | + if [[ "${rel:0:3}" == "deb" ]] || \ |
322 | + [[ "${rel:0:3}" == "ppa" ]] ; then |
323 | + CODENAMES="diablo essex folsom grizzly havana" |
324 | for cname in $CODENAMES; do |
325 | if echo $rel | grep -q $cname; then |
326 | codename=$cname |
327 | @@ -161,12 +178,14 @@ |
328 | } |
329 | |
330 | get_os_codename_package() { |
331 | - local pkg_vers=$(dpkg -l | grep "$1" | awk '{ print $3 }') |
332 | + local pkg_vers=$(dpkg -l | grep "$1" | awk '{ print $3 }') || echo "none" |
333 | + pkg_vers=$(echo $pkg_vers | cut -d: -f2) # epochs |
334 | case "${pkg_vers:0:6}" in |
335 | "2011.2") echo "diablo" ;; |
336 | "2012.1") echo "essex" ;; |
337 | "2012.2") echo "folsom" ;; |
338 | "2013.1") echo "grizzly" ;; |
339 | + "2013.2") echo "havana" ;; |
340 | esac |
341 | } |
342 | |
343 | @@ -175,7 +194,8 @@ |
344 | "diablo") echo "2011.2" ;; |
345 | "essex") echo "2012.1" ;; |
346 | "folsom") echo "2012.2" ;; |
347 | - "grizzly") echo "2012.3" ;; |
348 | + "grizzly") echo "2013.1" ;; |
349 | + "havana") echo "2013.2" ;; |
350 | esac |
351 | } |
352 | |
353 | @@ -200,3 +220,545 @@ |
354 | pass |
355 | " |
356 | } |
357 | + |
358 | +# Common storage routines used by cinder, nova-volume and swift-storage. |
359 | +clean_storage() { |
360 | + # if configured to overwrite existing storage, we unmount the block-dev |
361 | + # if mounted and clear any previous pv signatures |
362 | + local block_dev="$1" |
363 | + juju-log "Cleaining storage '$block_dev'" |
364 | + if grep -q "^$block_dev" /proc/mounts ; then |
365 | + mp=$(grep "^$block_dev" /proc/mounts | awk '{ print $2 }') |
366 | + juju-log "Unmounting $block_dev from $mp" |
367 | + umount "$mp" || error_out "ERROR: Could not unmount storage from $mp" |
368 | + fi |
369 | + if pvdisplay "$block_dev" >/dev/null 2>&1 ; then |
370 | + juju-log "Removing existing LVM PV signatures from $block_dev" |
371 | + |
372 | + # deactivate any volgroups that may be built on this dev |
373 | + vg=$(pvdisplay $block_dev | grep "VG Name" | awk '{ print $3 }') |
374 | + if [[ -n "$vg" ]] ; then |
375 | + juju-log "Deactivating existing volume group: $vg" |
376 | + vgchange -an "$vg" || |
377 | + error_out "ERROR: Could not deactivate volgroup $vg. Is it in use?" |
378 | + fi |
379 | + echo "yes" | pvremove -ff "$block_dev" || |
380 | + error_out "Could not pvremove $block_dev" |
381 | + else |
382 | + juju-log "Zapping disk of all GPT and MBR structures" |
383 | + sgdisk --zap-all $block_dev || |
384 | + error_out "Unable to zap $block_dev" |
385 | + fi |
386 | +} |
387 | + |
388 | +function get_block_device() { |
389 | + # given a string, return full path to the block device for that |
390 | + # if input is not a block device, find a loopback device |
391 | + local input="$1" |
392 | + |
393 | + case "$input" in |
394 | + /dev/*) [[ ! -b "$input" ]] && error_out "$input does not exist." |
395 | + echo "$input"; return 0;; |
396 | + /*) :;; |
397 | + *) [[ ! -b "/dev/$input" ]] && error_out "/dev/$input does not exist." |
398 | + echo "/dev/$input"; return 0;; |
399 | + esac |
400 | + |
401 | + # this represents a file |
402 | + # support "/path/to/file|5G" |
403 | + local fpath size oifs="$IFS" |
404 | + if [ "${input#*|}" != "${input}" ]; then |
405 | + size=${input##*|} |
406 | + fpath=${input%|*} |
407 | + else |
408 | + fpath=${input} |
409 | + size=5G |
410 | + fi |
411 | + |
412 | + ## loop devices are not namespaced. This is bad for containers. |
413 | + ## it means that the output of 'losetup' may have the given $fpath |
414 | + ## in it, but that may not represent this containers $fpath, but |
415 | + ## another containers. To address that, we really need to |
416 | + ## allow some uniq container-id to be expanded within path. |
417 | + ## TODO: find a unique container-id that will be consistent for |
418 | + ## this container throughout its lifetime and expand it |
419 | + ## in the fpath. |
420 | + # fpath=${fpath//%{id}/$THAT_ID} |
421 | + |
422 | + local found="" |
423 | + # parse through 'losetup -a' output, looking for this file |
424 | + # output is expected to look like: |
425 | + # /dev/loop0: [0807]:961814 (/tmp/my.img) |
426 | + found=$(losetup -a | |
427 | + awk 'BEGIN { found=0; } |
428 | + $3 == f { sub(/:$/,"",$1); print $1; found=found+1; } |
429 | + END { if( found == 0 || found == 1 ) { exit(0); }; exit(1); }' \ |
430 | + f="($fpath)") |
431 | + |
432 | + if [ $? -ne 0 ]; then |
433 | + echo "multiple devices found for $fpath: $found" 1>&2 |
434 | + return 1; |
435 | + fi |
436 | + |
437 | + [ -n "$found" -a -b "$found" ] && { echo "$found"; return 1; } |
438 | + |
439 | + if [ -n "$found" ]; then |
440 | + echo "confused, $found is not a block device for $fpath"; |
441 | + return 1; |
442 | + fi |
443 | + |
444 | + # no existing device was found, create one |
445 | + mkdir -p "${fpath%/*}" |
446 | + truncate --size "$size" "$fpath" || |
447 | + { echo "failed to create $fpath of size $size"; return 1; } |
448 | + |
449 | + found=$(losetup --find --show "$fpath") || |
450 | + { echo "failed to setup loop device for $fpath" 1>&2; return 1; } |
451 | + |
452 | + echo "$found" |
453 | + return 0 |
454 | +} |
455 | + |
456 | +HAPROXY_CFG=/etc/haproxy/haproxy.cfg |
457 | +HAPROXY_DEFAULT=/etc/default/haproxy |
458 | +########################################################################## |
459 | +# Description: Configures HAProxy services for Openstack API's |
460 | +# Parameters: |
461 | +# Space delimited list of service:port combinations for which |
462 | +# haproxy service configuration should be generated for. The function |
463 | +# assumes the name of the peer relation is 'cluster' and that every |
464 | +# service unit in the peer relation is running the same services. |
465 | +# |
466 | +# Example |
467 | +# configure_haproxy cinder_api:8776:8756i nova_api:8774:8764 |
468 | +########################################################################## |
469 | +configure_haproxy() { |
470 | + local address=`unit-get private-address` |
471 | + local name=${JUJU_UNIT_NAME////-} |
472 | + cat > $HAPROXY_CFG << EOF |
473 | +global |
474 | + log 127.0.0.1 local0 |
475 | + log 127.0.0.1 local1 notice |
476 | + maxconn 20000 |
477 | + user haproxy |
478 | + group haproxy |
479 | + spread-checks 0 |
480 | + |
481 | +defaults |
482 | + log global |
483 | + mode http |
484 | + option httplog |
485 | + option dontlognull |
486 | + retries 3 |
487 | + timeout queue 1000 |
488 | + timeout connect 1000 |
489 | + timeout client 10000 |
490 | + timeout server 10000 |
491 | + |
492 | +listen stats :8888 |
493 | + mode http |
494 | + stats enable |
495 | + stats hide-version |
496 | + stats realm Haproxy\ Statistics |
497 | + stats uri / |
498 | + stats auth admin:password |
499 | + |
500 | +EOF |
501 | + for service in $@; do |
502 | + local service_name=$(echo $service | cut -d : -f 1) |
503 | + local haproxy_listen_port=$(echo $service | cut -d : -f 2) |
504 | + local api_listen_port=$(echo $service | cut -d : -f 3) |
505 | + juju-log "Adding haproxy configuration entry for $service "\ |
506 | + "($haproxy_listen_port -> $api_listen_port)" |
507 | + cat >> $HAPROXY_CFG << EOF |
508 | +listen $service_name 0.0.0.0:$haproxy_listen_port |
509 | + balance roundrobin |
510 | + option tcplog |
511 | + server $name $address:$api_listen_port check |
512 | +EOF |
513 | + local r_id="" |
514 | + local unit="" |
515 | + for r_id in `relation-ids cluster`; do |
516 | + for unit in `relation-list -r $r_id`; do |
517 | + local unit_name=${unit////-} |
518 | + local unit_address=`relation-get -r $r_id private-address $unit` |
519 | + if [ -n "$unit_address" ]; then |
520 | + echo " server $unit_name $unit_address:$api_listen_port check" \ |
521 | + >> $HAPROXY_CFG |
522 | + fi |
523 | + done |
524 | + done |
525 | + done |
526 | + echo "ENABLED=1" > $HAPROXY_DEFAULT |
527 | + service haproxy restart |
528 | +} |
529 | + |
530 | +########################################################################## |
531 | +# Description: Query HA interface to determine is cluster is configured |
532 | +# Returns: 0 if configured, 1 if not configured |
533 | +########################################################################## |
534 | +is_clustered() { |
535 | + local r_id="" |
536 | + local unit="" |
537 | + for r_id in $(relation-ids ha); do |
538 | + if [ -n "$r_id" ]; then |
539 | + for unit in $(relation-list -r $r_id); do |
540 | + clustered=$(relation-get -r $r_id clustered $unit) |
541 | + if [ -n "$clustered" ]; then |
542 | + juju-log "Unit is haclustered" |
543 | + return 0 |
544 | + fi |
545 | + done |
546 | + fi |
547 | + done |
548 | + juju-log "Unit is not haclustered" |
549 | + return 1 |
550 | +} |
551 | + |
552 | +########################################################################## |
553 | +# Description: Return a list of all peers in cluster relations |
554 | +########################################################################## |
555 | +peer_units() { |
556 | + local peers="" |
557 | + local r_id="" |
558 | + for r_id in $(relation-ids cluster); do |
559 | + peers="$peers $(relation-list -r $r_id)" |
560 | + done |
561 | + echo $peers |
562 | +} |
563 | + |
564 | +########################################################################## |
565 | +# Description: Determines whether the current unit is the oldest of all |
566 | +# its peers - supports partial leader election |
567 | +# Returns: 0 if oldest, 1 if not |
568 | +########################################################################## |
569 | +oldest_peer() { |
570 | + peers=$1 |
571 | + local l_unit_no=$(echo $JUJU_UNIT_NAME | cut -d / -f 2) |
572 | + for peer in $peers; do |
573 | + echo "Comparing $JUJU_UNIT_NAME with peers: $peers" |
574 | + local r_unit_no=$(echo $peer | cut -d / -f 2) |
575 | + if (($r_unit_no<$l_unit_no)); then |
576 | + juju-log "Not oldest peer; deferring" |
577 | + return 1 |
578 | + fi |
579 | + done |
580 | + juju-log "Oldest peer; might take charge?" |
581 | + return 0 |
582 | +} |
583 | + |
584 | +########################################################################## |
585 | +# Description: Determines whether the current service units is the |
586 | +# leader within a) a cluster of its peers or b) across a |
587 | +# set of unclustered peers. |
588 | +# Parameters: CRM resource to check ownership of if clustered |
589 | +# Returns: 0 if leader, 1 if not |
590 | +########################################################################## |
591 | +eligible_leader() { |
592 | + if is_clustered; then |
593 | + if ! is_leader $1; then |
594 | + juju-log 'Deferring action to CRM leader' |
595 | + return 1 |
596 | + fi |
597 | + else |
598 | + peers=$(peer_units) |
599 | + if [ -n "$peers" ] && ! oldest_peer "$peers"; then |
600 | + juju-log 'Deferring action to oldest service unit.' |
601 | + return 1 |
602 | + fi |
603 | + fi |
604 | + return 0 |
605 | +} |
606 | + |
607 | +########################################################################## |
608 | +# Description: Query Cluster peer interface to see if peered |
609 | +# Returns: 0 if peered, 1 if not peered |
610 | +########################################################################## |
611 | +is_peered() { |
612 | + local r_id=$(relation-ids cluster) |
613 | + if [ -n "$r_id" ]; then |
614 | + if [ -n "$(relation-list -r $r_id)" ]; then |
615 | + juju-log "Unit peered" |
616 | + return 0 |
617 | + fi |
618 | + fi |
619 | + juju-log "Unit not peered" |
620 | + return 1 |
621 | +} |
622 | + |
623 | +########################################################################## |
624 | +# Description: Determines whether host is owner of clustered services |
625 | +# Parameters: Name of CRM resource to check ownership of |
626 | +# Returns: 0 if leader, 1 if not leader |
627 | +########################################################################## |
628 | +is_leader() { |
629 | + hostname=`hostname` |
630 | + if [ -x /usr/sbin/crm ]; then |
631 | + if crm resource show $1 | grep -q $hostname; then |
632 | + juju-log "$hostname is cluster leader." |
633 | + return 0 |
634 | + fi |
635 | + fi |
636 | + juju-log "$hostname is not cluster leader." |
637 | + return 1 |
638 | +} |
639 | + |
640 | +########################################################################## |
641 | +# Description: Determines whether enough data has been provided in |
642 | +# configuration or relation data to configure HTTPS. |
643 | +# Parameters: None |
644 | +# Returns: 0 if HTTPS can be configured, 1 if not. |
645 | +########################################################################## |
646 | +https() { |
647 | + local r_id="" |
648 | + if [[ -n "$(config-get ssl_cert)" ]] && |
649 | + [[ -n "$(config-get ssl_key)" ]] ; then |
650 | + return 0 |
651 | + fi |
652 | + for r_id in $(relation-ids identity-service) ; do |
653 | + for unit in $(relation-list -r $r_id) ; do |
654 | + if [[ "$(relation-get -r $r_id https_keystone $unit)" == "True" ]] && |
655 | + [[ -n "$(relation-get -r $r_id ssl_cert $unit)" ]] && |
656 | + [[ -n "$(relation-get -r $r_id ssl_key $unit)" ]] && |
657 | + [[ -n "$(relation-get -r $r_id ca_cert $unit)" ]] ; then |
658 | + return 0 |
659 | + fi |
660 | + done |
661 | + done |
662 | + return 1 |
663 | +} |
664 | + |
665 | +########################################################################## |
666 | +# Description: For a given number of port mappings, configures apache2 |
667 | +# HTTPs local reverse proxying using certficates and keys provided in |
668 | +# either configuration data (preferred) or relation data. Assumes ports |
669 | +# are not in use (calling charm should ensure that). |
670 | +# Parameters: Variable number of proxy port mappings as |
671 | +# $internal:$external. |
672 | +# Returns: 0 if reverse proxy(s) have been configured, 0 if not. |
673 | +########################################################################## |
674 | +enable_https() { |
675 | + local port_maps="$@" |
676 | + local http_restart="" |
677 | + juju-log "Enabling HTTPS for port mappings: $port_maps." |
678 | + |
679 | + # allow overriding of keystone provided certs with those set manually |
680 | + # in config. |
681 | + local cert=$(config-get ssl_cert) |
682 | + local key=$(config-get ssl_key) |
683 | + local ca_cert="" |
684 | + if [[ -z "$cert" ]] || [[ -z "$key" ]] ; then |
685 | + juju-log "Inspecting identity-service relations for SSL certificate." |
686 | + local r_id="" |
687 | + cert="" |
688 | + key="" |
689 | + ca_cert="" |
690 | + for r_id in $(relation-ids identity-service) ; do |
691 | + for unit in $(relation-list -r $r_id) ; do |
692 | + [[ -z "$cert" ]] && cert="$(relation-get -r $r_id ssl_cert $unit)" |
693 | + [[ -z "$key" ]] && key="$(relation-get -r $r_id ssl_key $unit)" |
694 | + [[ -z "$ca_cert" ]] && ca_cert="$(relation-get -r $r_id ca_cert $unit)" |
695 | + done |
696 | + done |
697 | + [[ -n "$cert" ]] && cert=$(echo $cert | base64 -di) |
698 | + [[ -n "$key" ]] && key=$(echo $key | base64 -di) |
699 | + [[ -n "$ca_cert" ]] && ca_cert=$(echo $ca_cert | base64 -di) |
700 | + else |
701 | + juju-log "Using SSL certificate provided in service config." |
702 | + fi |
703 | + |
704 | + [[ -z "$cert" ]] || [[ -z "$key" ]] && |
705 | + juju-log "Expected but could not find SSL certificate data, not "\ |
706 | + "configuring HTTPS!" && return 1 |
707 | + |
708 | + apt-get -y install apache2 |
709 | + a2enmod ssl proxy proxy_http | grep -v "To activate the new configuration" && |
710 | + http_restart=1 |
711 | + |
712 | + mkdir -p /etc/apache2/ssl/$CHARM |
713 | + echo "$cert" >/etc/apache2/ssl/$CHARM/cert |
714 | + echo "$key" >/etc/apache2/ssl/$CHARM/key |
715 | + if [[ -n "$ca_cert" ]] ; then |
716 | + juju-log "Installing Keystone supplied CA cert." |
717 | + echo "$ca_cert" >/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt |
718 | + update-ca-certificates --fresh |
719 | + |
720 | + # XXX TODO: Find a better way of exporting this? |
721 | + if [[ "$CHARM" == "nova-cloud-controller" ]] ; then |
722 | + [[ -e /var/www/keystone_juju_ca_cert.crt ]] && |
723 | + rm -rf /var/www/keystone_juju_ca_cert.crt |
724 | + ln -s /usr/local/share/ca-certificates/keystone_juju_ca_cert.crt \ |
725 | + /var/www/keystone_juju_ca_cert.crt |
726 | + fi |
727 | + |
728 | + fi |
729 | + for port_map in $port_maps ; do |
730 | + local ext_port=$(echo $port_map | cut -d: -f1) |
731 | + local int_port=$(echo $port_map | cut -d: -f2) |
732 | + juju-log "Creating apache2 reverse proxy vhost for $port_map." |
733 | + cat >/etc/apache2/sites-available/${CHARM}_${ext_port} <<END |
734 | +Listen $ext_port |
735 | +NameVirtualHost *:$ext_port |
736 | +<VirtualHost *:$ext_port> |
737 | + ServerName $(unit-get private-address) |
738 | + SSLEngine on |
739 | + SSLCertificateFile /etc/apache2/ssl/$CHARM/cert |
740 | + SSLCertificateKeyFile /etc/apache2/ssl/$CHARM/key |
741 | + ProxyPass / http://localhost:$int_port/ |
742 | + ProxyPassReverse / http://localhost:$int_port/ |
743 | + ProxyPreserveHost on |
744 | +</VirtualHost> |
745 | +<Proxy *> |
746 | + Order deny,allow |
747 | + Allow from all |
748 | +</Proxy> |
749 | +<Location /> |
750 | + Order allow,deny |
751 | + Allow from all |
752 | +</Location> |
753 | +END |
754 | + a2ensite ${CHARM}_${ext_port} | grep -v "To activate the new configuration" && |
755 | + http_restart=1 |
756 | + done |
757 | + if [[ -n "$http_restart" ]] ; then |
758 | + service apache2 restart |
759 | + fi |
760 | +} |
761 | + |
762 | +########################################################################## |
763 | +# Description: Ensure HTTPS reverse proxying is disabled for given port |
764 | +# mappings. |
765 | +# Parameters: Variable number of proxy port mappings as |
766 | +# $internal:$external. |
767 | +# Returns: 0 if reverse proxy is not active for all portmaps, 1 on error. |
768 | +########################################################################## |
769 | +disable_https() { |
770 | + local port_maps="$@" |
771 | + local http_restart="" |
772 | + juju-log "Ensuring HTTPS disabled for $port_maps." |
773 | + ( [[ ! -d /etc/apache2 ]] || [[ ! -d /etc/apache2/ssl/$CHARM ]] ) && return 0 |
774 | + for port_map in $port_maps ; do |
775 | + local ext_port=$(echo $port_map | cut -d: -f1) |
776 | + local int_port=$(echo $port_map | cut -d: -f2) |
777 | + if [[ -e /etc/apache2/sites-available/${CHARM}_${ext_port} ]] ; then |
778 | + juju-log "Disabling HTTPS reverse proxy for $CHARM $port_map." |
779 | + a2dissite ${CHARM}_${ext_port} | grep -v "To activate the new configuration" && |
780 | + http_restart=1 |
781 | + fi |
782 | + done |
783 | + if [[ -n "$http_restart" ]] ; then |
784 | + service apache2 restart |
785 | + fi |
786 | +} |
787 | + |
788 | + |
789 | +########################################################################## |
790 | +# Description: Ensures HTTPS is either enabled or disabled for given port |
791 | +# mapping. |
792 | +# Parameters: Variable number of proxy port mappings as |
793 | +# $internal:$external. |
794 | +# Returns: 0 if HTTPS reverse proxy is in place, 1 if it is not. |
795 | +########################################################################## |
796 | +setup_https() { |
797 | + # configure https via apache reverse proxying either |
798 | + # using certs provided by config or keystone. |
799 | + [[ -z "$CHARM" ]] && |
800 | + error_out "setup_https(): CHARM not set." |
801 | + if ! https ; then |
802 | + disable_https $@ |
803 | + else |
804 | + enable_https $@ |
805 | + fi |
806 | +} |
807 | + |
808 | +########################################################################## |
809 | +# Description: Determine correct API server listening port based on |
810 | +# existence of HTTPS reverse proxy and/or haproxy. |
811 | +# Paremeters: The standard public port for given service. |
812 | +# Returns: The correct listening port for API service. |
813 | +########################################################################## |
814 | +determine_api_port() { |
815 | + local public_port="$1" |
816 | + local i=0 |
817 | + ( [[ -n "$(peer_units)" ]] || is_clustered >/dev/null 2>&1 ) && i=$[$i + 1] |
818 | + https >/dev/null 2>&1 && i=$[$i + 1] |
819 | + echo $[$public_port - $[$i * 10]] |
820 | +} |
821 | + |
822 | +########################################################################## |
823 | +# Description: Determine correct proxy listening port based on public IP + |
824 | +# existence of HTTPS reverse proxy. |
825 | +# Paremeters: The standard public port for given service. |
826 | +# Returns: The correct listening port for haproxy service public address. |
827 | +########################################################################## |
828 | +determine_haproxy_port() { |
829 | + local public_port="$1" |
830 | + local i=0 |
831 | + https >/dev/null 2>&1 && i=$[$i + 1] |
832 | + echo $[$public_port - $[$i * 10]] |
833 | +} |
834 | + |
835 | +########################################################################## |
836 | +# Description: Print the value for a given config option in an OpenStack |
837 | +# .ini style configuration file. |
838 | +# Parameters: File path, option to retrieve, optional |
839 | +# section name (default=DEFAULT) |
840 | +# Returns: Prints value if set, prints nothing otherwise. |
841 | +########################################################################## |
842 | +local_config_get() { |
843 | + # return config values set in openstack .ini config files. |
844 | + # default placeholders starting (eg, %AUTH_HOST%) treated as |
845 | + # unset values. |
846 | + local file="$1" |
847 | + local option="$2" |
848 | + local section="$3" |
849 | + [[ -z "$section" ]] && section="DEFAULT" |
850 | + python -c " |
851 | +import ConfigParser |
852 | +config = ConfigParser.RawConfigParser() |
853 | +config.read('$file') |
854 | +try: |
855 | + value = config.get('$section', '$option') |
856 | +except: |
857 | + print '' |
858 | + exit(0) |
859 | +if value.startswith('%'): exit(0) |
860 | +print value |
861 | +" |
862 | +} |
863 | + |
864 | +########################################################################## |
865 | +# Description: Creates an rc file exporting environment variables to a |
866 | +# script_path local to the charm's installed directory. |
867 | +# Any charm scripts run outside the juju hook environment can source this |
868 | +# scriptrc to obtain updated config information necessary to perform health |
869 | +# checks or service changes |
870 | +# |
871 | +# Parameters: |
872 | +# An array of '=' delimited ENV_VAR:value combinations to export. |
873 | +# If optional script_path key is not provided in the array, script_path |
874 | +# defaults to scripts/scriptrc |
875 | +########################################################################## |
876 | +function save_script_rc { |
877 | + if [ ! -n "$JUJU_UNIT_NAME" ]; then |
878 | + echo "Error: Missing JUJU_UNIT_NAME environment variable" |
879 | + exit 1 |
880 | + fi |
881 | + # our default unit_path |
882 | + unit_path="/var/lib/juju/units/${JUJU_UNIT_NAME/\//-}/charm/scripts/scriptrc" |
883 | + echo $unit_path |
884 | + tmp_rc="/tmp/${JUJU_UNIT_NAME/\//-}rc" |
885 | + |
886 | + echo "#!/bin/bash" > $tmp_rc |
887 | + for env_var in "${@}" |
888 | + do |
889 | + if `echo $env_var | grep -q script_path`; then |
890 | + # well then we need to reset the new unit-local script path |
891 | + unit_path="/var/lib/juju/units/${JUJU_UNIT_NAME/\//-}/charm/${env_var/script_path=/}" |
892 | + else |
893 | + echo "export $env_var" >> $tmp_rc |
894 | + fi |
895 | + done |
896 | + chmod 755 $tmp_rc |
897 | + mv $tmp_rc $unit_path |
898 | +} |
899 | |
900 | === modified file 'hooks/nova-compute-common' |
901 | --- hooks/nova-compute-common 2013-03-04 19:58:18 +0000 |
902 | +++ hooks/nova-compute-common 2013-03-11 12:12:19 +0000 |
903 | @@ -7,7 +7,11 @@ |
904 | NOVA_CONF=$(config-get nova-config) |
905 | API_CONF="/etc/nova/api-paste.ini" |
906 | QUANTUM_CONF="/etc/quantum/quantum.conf" |
907 | +<<<<<<< TREE |
908 | MULTI_HOST=$(config-get multi-host) |
909 | +======= |
910 | +LIBVIRTD_CONF="/etc/libvirt/libvirtd.conf" |
911 | +>>>>>>> MERGE-SOURCE |
912 | |
913 | if [ -f /etc/nova/nm.conf ]; then |
914 | NET_MANAGER=$(cat /etc/nova/nm.conf) |
915 | @@ -52,7 +56,7 @@ |
916 | "xen") compute_pkg="nova-compute-xen";; |
917 | "uml") compute_pkg="nova-compute-uml";; |
918 | "lxc") compute_pkg="nova-compute-lxc";; |
919 | - *) error_out" ERROR: Unsupported virt_type=$virt_type";; |
920 | + *) error_out "ERROR: Unsupported virt_type=$virt_type";; |
921 | esac |
922 | echo "$compute_pkg" |
923 | } |
924 | @@ -98,17 +102,18 @@ |
925 | exit 1 |
926 | } |
927 | |
928 | - # Store the network manager and quantum plugin |
929 | - # for use in later hook invocations |
930 | - [[ -n $net_manager ]] && echo $net_manager > /etc/nova/nm.conf |
931 | - [[ -n $quantum_plugin ]] && echo $quantum_plugin > /etc/nova/quantum_plugin.conf |
932 | - |
933 | case $net_manager in |
934 | "FlatManager"|"FlatDHCPManager") |
935 | +<<<<<<< TREE |
936 | if [[ "$MULTI_HOST" == "yes" ]] ; then |
937 | apt-get -y install nova-api nova-network |
938 | SERVICES="$SERVICES nova-api nova-network" |
939 | fi |
940 | +======= |
941 | + apt-get -y install nova-api nova-network |
942 | + SERVICES="$SERVICES nova-api nova-network" |
943 | + [[ -n $net_manager ]] && echo $net_manager > /etc/nova/nm.conf |
944 | +>>>>>>> MERGE-SOURCE |
945 | ;;& |
946 | "FlatManager") |
947 | local bridge_ip=$(config-get bridge-ip) |
948 | @@ -134,13 +139,20 @@ |
949 | && exit 0 |
950 | set_or_update "network_api_class" "nova.network.quantumv2.api.API" |
951 | set_or_update "quantum_auth_strategy" "keystone" |
952 | - set_or_update "quantum_url" "http://$(relation-get quantum_host):9696" |
953 | + set_or_update "quantum_url" "$(relation-get quantum_url)" |
954 | set_or_update "quantum_admin_tenant_name" "$(relation-get service_tenant)" |
955 | set_or_update "quantum_admin_username" "$(relation-get service_username)" |
956 | set_or_update "quantum_admin_password" "$(relation-get service_password)" |
957 | set_or_update "quantum_admin_auth_url" \ |
958 | "http://$(relation-get keystone_host):$(relation-get auth_port)/v2.0" |
959 | - set_or_update "force_config_drive" "True" |
960 | + local cur=$(get_os_codename_package "nova-common") |
961 | + if dpkg --compare-versions $(get_os_version_codename $cur) gt '2012.2'; then |
962 | + # Grizzly onwards supports metadata proxy so forcing use of config |
963 | + # drive is not required. |
964 | + set_or_update "force_config_drive" "False" |
965 | + else |
966 | + set_or_update "force_config_drive" "True" |
967 | + fi |
968 | case $quantum_plugin in |
969 | "ovs") |
970 | apt-get -y install openvswitch-datapath-dkms |
971 | @@ -157,6 +169,8 @@ |
972 | ;; |
973 | esac |
974 | set_or_update "bind_host" "0.0.0.0" "$QUANTUM_CONF" |
975 | + [[ -n $net_manager ]] && echo $net_manager > /etc/nova/nm.conf |
976 | + [[ -n $quantum_plugin ]] && echo $quantum_plugin > /etc/nova/quantum_plugin.conf |
977 | ;; |
978 | *) echo "ERROR: Invalid network manager $1" && exit 1 ;; |
979 | esac |
980 | @@ -170,6 +184,83 @@ |
981 | fi |
982 | } |
983 | |
984 | +function initialize_ssh_keys { |
985 | + # generate ssh keypair for root if one does not exist or |
986 | + # the pari is not complete. |
987 | + local pub="/root/.ssh/id_rsa" |
988 | + local priv="/root/.ssh/id_rsa.pub" |
989 | + if [[ -e $pub ]] && |
990 | + [[ -e $priv ]] ; then |
991 | + juju-log "$CHARM: SSH credentials already exist for root." |
992 | + return 0 |
993 | + fi |
994 | + juju-log "$CHARM: Initializing new SSH key pair for live migration." |
995 | + [[ -e $pub ]] && mv $pub $pub.$(date +"%s") |
996 | + [[ -e $priv ]] && mv $priv $priv.$(date +"%s") |
997 | + local keyname=$(echo $JUJU_UNIT_NAME | sed -e 's,/,-,g') |
998 | + echo -e "\n" | ssh-keygen -C "$keyname" -N "" |
999 | +} |
1000 | + |
1001 | +function libvirt_tcp_listening { |
1002 | + # toggle libvirtd's tcp listening in both /etc/default/libvirt-bin |
1003 | + # and /etc/libvirt/libvirtd.conf. |
1004 | + local toggle="$1" |
1005 | + juju-log "$CHARM: Configuring libvirt tcp listening: $toggle." |
1006 | + local cur_opts=$(grep "^libvirtd_opts" /etc/default/libvirt-bin | |
1007 | + cut -d= -f2 | sed -e 's/\"//g') |
1008 | + local new_opts="" |
1009 | + |
1010 | + if [[ "$toggle" == "on" ]] ; then |
1011 | + if [[ -z "$cur_opts" ]] ; then |
1012 | + echo "libvirtd_opts=\"-d -l\"" >>/etc/default/libvirt-bin |
1013 | + elif ! echo "$cur_opts" | grep -q "\-l" ; then |
1014 | + new_opts="$cur_opts -l" |
1015 | + sed -i "s|\(libvirtd_opts=\).*|\1\"$new_opts\"|" /etc/default/libvirt-bin |
1016 | + fi |
1017 | + set_or_update "listen_tcp" 1 $LIBVIRTD_CONF |
1018 | + elif [[ "$toggle" == "off" ]] ; then |
1019 | + if echo "$cur_opts" | grep -q "\-l" ; then |
1020 | + new_opts=$(echo $cur_opts | sed -e 's/\-l//g') |
1021 | + fi |
1022 | + set_or_update "listen_tcp" 0 $LIBVIRTD_CONF |
1023 | + fi |
1024 | + |
1025 | + [[ -n "$new_opts" ]] && |
1026 | + sed -i "s|\(libvirtd_opts=\).*|\1\"$new_opts\"|" /etc/default/libvirt-bin |
1027 | + |
1028 | + return 0 |
1029 | +} |
1030 | + |
1031 | + |
1032 | +function configure_migration { |
1033 | + local enable_migration=$(config-get enable-live-migration) |
1034 | + |
1035 | + if [[ "$enable_migration" != "True" ]] && |
1036 | + [[ "$enable_migraiton" != "true" ]] ; then |
1037 | + libvirt_tcp_listening "off" |
1038 | + return $? |
1039 | + fi |
1040 | + |
1041 | + libvirt_tcp_listening "on" |
1042 | + |
1043 | + case "$(config-get migration-auth-type)" in |
1044 | + "none"|"None") |
1045 | + set_or_update "listen_tls" 0 $LIBVIRTD_CONF |
1046 | + set_or_update "auth_tcp" "\"none\"" $LIBVIRTD_CONF |
1047 | + ;; |
1048 | + "ssh") |
1049 | + set_or_update "listen_tls" 0 $LIBVIRTD_CONF |
1050 | + set_or_update "live_migration_uri" "qemu+ssh://%s/system" $NOVA_CONF |
1051 | + initialize_ssh_keys |
1052 | + # check in with nova-c-c and register our new key. |
1053 | + for id in $(relation-ids cloud-compute) ; do |
1054 | + compute_joined $id |
1055 | + done |
1056 | + service_ctl nova-compute restart ;; |
1057 | + "sasl") return 0 ;; |
1058 | + esac |
1059 | +} |
1060 | + |
1061 | function configure_libvirt { |
1062 | cat > /etc/libvirt/qemu.conf << EOF |
1063 | # File installed by Juju nova-compute charm |
1064 | @@ -180,5 +271,12 @@ |
1065 | "/dev/rtc", "/dev/hpet", "/dev/net/tun", |
1066 | ] |
1067 | EOF |
1068 | - service libvirt-bin reload |
1069 | + configure_migration |
1070 | + service libvirt-bin restart |
1071 | +} |
1072 | + |
1073 | +function migration_enabled { |
1074 | + local migration="$(config-get enable-live-migration)" |
1075 | + [[ "$migration" == "true" ]] || [[ "$migration" == "True" ]] && return 0 |
1076 | + return 1 |
1077 | } |
1078 | |
1079 | === modified file 'hooks/nova-compute-relations' |
1080 | --- hooks/nova-compute-relations 2013-03-04 19:58:18 +0000 |
1081 | +++ hooks/nova-compute-relations 2013-03-11 12:12:19 +0000 |
1082 | @@ -40,6 +40,11 @@ |
1083 | do_openstack_upgrade "$install_src" $PACKAGES |
1084 | fi |
1085 | |
1086 | + # set this here until its fixed in grizzly packaging. (adam_g) |
1087 | + [[ "$cur" == "grizzly" ]] && |
1088 | + set_or_update "compute_driver" "libvirt.LibvirtDriver" |
1089 | + |
1090 | + configure_libvirt |
1091 | set_config_flags |
1092 | service_ctl all restart |
1093 | } |
1094 | @@ -67,6 +72,18 @@ |
1095 | exit 0 |
1096 | fi |
1097 | |
1098 | + # if the rabbitmq service is clustered among nodes with hacluster, |
1099 | + # point to its vip instead of its private-address. |
1100 | + local clustered=$(relation-get clustered) |
1101 | + if [[ -n "$clustered" ]] ; then |
1102 | + juju-log "$CHARM - ampq_changed: Configuring for "\ |
1103 | + "access to haclustered rabbitmq service." |
1104 | + local vip=$(relation-get vip) |
1105 | + [[ -z "$vip" ]] && juju-log "$CHARM - amqp_changed: Clustered but no vip."\ |
1106 | + && exit 0 |
1107 | + rabbit_host="$vip" |
1108 | + fi |
1109 | + |
1110 | local rabbit_user=$(config-get rabbit-user) |
1111 | local rabbit_vhost=$(config-get rabbit-vhost) |
1112 | juju-log "$CHARM - amqp_changed: Setting rabbit config in nova.conf: " \ |
1113 | @@ -134,6 +151,18 @@ |
1114 | service_ctl all restart |
1115 | } |
1116 | |
1117 | +function compute_joined { |
1118 | + migration_enabled || return 0 |
1119 | + local relid="$1" |
1120 | + [[ -n "$relid" ]] && relid="-r $relid" |
1121 | + migration_auth="$(config-get migration-auth-type)" |
1122 | + case "$migration_auth" in |
1123 | + "none"|"None") return 0 ;; |
1124 | + "ssh") relation-set $relid ssh_public_key="$(cat /root/.ssh/id_rsa.pub)" ;; |
1125 | + esac |
1126 | + relation-set $relid migration_auth_type="$migration_auth" |
1127 | +} |
1128 | + |
1129 | function compute_changed { |
1130 | # nova-c-c will inform us of the configured network manager. nova-compute |
1131 | # needs to configure itself accordingly. |
1132 | @@ -178,6 +207,31 @@ |
1133 | volume_service=`relation-get volume_service` |
1134 | [[ -n "$volume_service" ]] && configure_volume_service "$volume_service" |
1135 | |
1136 | + if migration_enabled ; then |
1137 | + case "$(config-get migration-auth-type)" in |
1138 | + "ssh") |
1139 | + local known_hosts="$(relation-get known_hosts)" |
1140 | + local authorized_keys="$(relation-get authorized_keys)" |
1141 | + if [[ -n "$known_hosts" ]] && |
1142 | + [[ -n "$authorized_keys" ]] ; then |
1143 | + juju-log "$CHARM: Saving new known_hosts+authorized_keys file." |
1144 | + echo "$known_hosts" | base64 -di >/root/.ssh/known_hosts |
1145 | + echo "$authorized_keys" | base64 -di >/root/.ssh/authorized_keys |
1146 | + fi |
1147 | + ;; |
1148 | + esac |
1149 | + fi |
1150 | + |
1151 | + # If Keytone is configured manage SSL certs, nova-compute needs a copy |
1152 | + # of its CA installed. |
1153 | + local ca_cert="$(relation-get ca_cert)" |
1154 | + if [[ -n "$ca_cert" ]] ; then |
1155 | + juju-log "Installing Keystone CA certificate." |
1156 | + ca_cert="$(echo $ca_cert | base64 -di)" |
1157 | + echo "$ca_cert" >/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt |
1158 | + update-ca-certificates |
1159 | + fi |
1160 | + |
1161 | # restart on all changed events. nova-c-c may send out a uuid to trigger |
1162 | # remote restarts of services here (after db migrations, for instance) |
1163 | service_ctl all restart |
1164 | @@ -208,7 +262,11 @@ |
1165 | MONS=`relation-list` |
1166 | mon_hosts="" |
1167 | for mon in $MONS; do |
1168 | +<<<<<<< TREE |
1169 | mon_hosts="$mon_hosts $(get_ip $(relation-get private-address $mon)):6789" |
1170 | +======= |
1171 | + mon_hosts="$mon_hosts`relation-get private-address $mon`:6789," |
1172 | +>>>>>>> MERGE-SOURCE |
1173 | done |
1174 | cat > /etc/ceph/ceph.conf << EOF |
1175 | [global] |
1176 | @@ -252,6 +310,6 @@ |
1177 | "identity-service-relation-changed") exit 0 ;; |
1178 | "ceph-relation-joined") ceph_joined;; |
1179 | "ceph-relation-changed") ceph_changed;; |
1180 | - "cloud-compute-relation-joined" ) exit 0 ;; |
1181 | + "cloud-compute-relation-joined" ) compute_joined ;; |
1182 | "cloud-compute-relation-changed") compute_changed ;; |
1183 | esac |
1184 | |
1185 | === modified file 'metadata.yaml' |
1186 | --- metadata.yaml 2013-03-01 22:10:38 +0000 |
1187 | +++ metadata.yaml 2013-03-11 12:12:19 +0000 |
1188 | @@ -20,3 +20,6 @@ |
1189 | interface: glance |
1190 | ceph: |
1191 | interface: ceph-client |
1192 | +peers: |
1193 | + compute-peer: |
1194 | + interface: nova |
1195 | |
1196 | === modified file 'revision' |
1197 | --- revision 2013-03-05 17:34:40 +0000 |
1198 | +++ revision 2013-03-11 12:12:19 +0000 |
1199 | @@ -1,1 +1,5 @@ |
1200 | +<<<<<<< TREE |
1201 | 81 |
1202 | +======= |
1203 | +86 |
1204 | +>>>>>>> MERGE-SOURCE |