summaryrefslogtreecommitdiffstats
path: root/compass-deck/misc
diff options
context:
space:
mode:
Diffstat (limited to 'compass-deck/misc')
-rw-r--r--compass-deck/misc/Dockerfile86
-rw-r--r--compass-deck/misc/adapter_changes/Debian.yml18
-rw-r--r--compass-deck/misc/adapter_changes/HA-ansible-multinodes.yml239
-rw-r--r--compass-deck/misc/adapter_changes/keystone_install.yml74
-rw-r--r--compass-deck/misc/adapter_changes/preseed_post_anamon_local80
-rw-r--r--compass-deck/misc/adapter_changes/preseed_post_anamon_remote80
-rw-r--r--compass-deck/misc/apache/README15
-rw-r--r--compass-deck/misc/apache/cobbler_web.conf10
-rw-r--r--compass-deck/misc/apache/http_pip.conf9
-rw-r--r--compass-deck/misc/apache/images.conf9
-rw-r--r--compass-deck/misc/apache/ods-server.conf18
-rw-r--r--compass-deck/misc/apache/packages.conf9
-rw-r--r--compass-deck/misc/apache/ssl.conf221
-rw-r--r--compass-deck/misc/chef-server/chef-server.rb4
-rwxr-xr-xcompass-deck/misc/ci/prepare_node_compass.sh28
-rwxr-xr-xcompass-deck/misc/ci/pxe-deploy.sh14
-rwxr-xr-xcompass-deck/misc/ci/pxe-prepare.sh29
-rwxr-xr-xcompass-deck/misc/ci/tempest_run.sh81
-rwxr-xr-xcompass-deck/misc/ci/test-install.sh22
-rw-r--r--compass-deck/misc/compass_install.repo5
-rw-r--r--compass-deck/misc/hosts3
-rw-r--r--compass-deck/misc/logrotate.d/httpd9
-rw-r--r--compass-deck/misc/logrotate.d/ntp9
-rw-r--r--compass-deck/misc/logrotate.d/squid9
-rw-r--r--compass-deck/misc/logrotate.d/syslog13
-rw-r--r--compass-deck/misc/logrotate.d/yum7
-rw-r--r--compass-deck/misc/logstash-forwarder/logstash-forwarder.conf57
-rw-r--r--compass-deck/misc/logstash-forwarder/logstash-forwarder.crt29
-rw-r--r--compass-deck/misc/logstash-forwarder/logstash-forwarder.repo6
-rw-r--r--compass-deck/misc/ntp/ntp.conf60
-rw-r--r--compass-deck/misc/rsync14
-rw-r--r--compass-deck/misc/rsyslog/rsyslog.conf97
-rw-r--r--compass-deck/misc/snmp/snmp.conf1
-rw-r--r--compass-deck/misc/squid/squid.conf71
34 files changed, 1436 insertions, 0 deletions
diff --git a/compass-deck/misc/Dockerfile b/compass-deck/misc/Dockerfile
new file mode 100644
index 0000000..116bf9f
--- /dev/null
+++ b/compass-deck/misc/Dockerfile
@@ -0,0 +1,86 @@
+from centos:latest
+
+# Add repos
+RUN rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
+ sed -i 's/^mirrorlist=https/mirrorlist=http/g' /etc/yum.repos.d/epel.repo && \
+ rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
+
+# yum update
+RUN yum update -y
+
+# udpate repo
+ADD misc/compass_install.repo /etc/yum.repos.d/compass_install.repo
+
+# Install packages
+RUN yum --enablerepo=compass_install --nogpgcheck install -y python python-devel git wget syslinux amqp mod_wsgi httpd bind rsync yum-utils gcc unzip openssl openssl098e ca-certificates mysql-devel mysql MySQL-python python-virtualenv python-setuptools python-pip bc libselinux-python libffi-devel openssl-devel vim net-tools
+
+# Add code
+RUN mkdir -p /root/compass-deck
+ADD . /root/compass-deck
+RUN cd /root/ && \
+ git clone git://git.openstack.org/openstack/compass-web
+
+RUN mkdir -p /root/compass-deck/compass && \
+ mv /root/compass-deck/actions /root/compass-deck/compass/ && \
+ mv /root/compass-deck/api /root/compass-deck/compass/ && \
+ mv /root/compass-deck/apiclient /root/compass-deck/compass/ && \
+ mv /root/compass-deck/deployment /root/compass-deck/compass/ && \
+ mv /root/compass-deck/utils /root/compass-deck/compass/ && \
+ mv /root/compass-deck/db /root/compass-deck/compass/ && \
+ mv /root/compass-deck/tasks /root/compass-deck/compass/ && \
+ mv /root/compass-deck/log_analyzor /root/compass-deck/compass/
+
+# pip
+RUN easy_install --upgrade pip && \
+ pip install --upgrade pip && \
+ pip install --upgrade setuptools && \
+ pip install --upgrade virtualenv && \
+ pip install --upgrade redis && \
+ pip install --upgrade virtualenvwrapper
+
+# http
+RUN mkdir -p /var/log/httpd && \
+ chmod -R 777 /var/log/httpd
+
+# virtualenv
+RUN yum install -y which && \
+ source `which virtualenvwrapper.sh` && \
+ mkvirtualenv --system-site-packages compass-core && \
+ workon compass-core && \
+ cd /root/compass-deck && \
+ pip install -U -r requirements.txt
+
+# web
+RUN mkdir -p /var/www/compass_web/v2.5 && \
+ cp -rf /root/compass-web/v2.5/target/* /var/www/compass_web/v2.5/
+
+# compass-server
+RUN echo "ServerName compass-deck:80" >> /etc/httpd/conf/httpd.conf
+RUN mkdir -p /opt/compass/bin && \
+ mkdir -p /opt/compass/db
+ADD misc/apache/ods-server.conf /etc/httpd/conf.d/ods-server.conf
+ADD misc/apache/http_pip.conf /etc/httpd/conf.d/http_pip.conf
+ADD misc/apache/images.conf /etc/httpd/conf.d/images.conf
+ADD misc/apache/packages.conf /etc/httpd/conf.d/packages.conf
+#COPY conf /etc/compass
+ADD bin/* /opt/compass/bin/
+RUN mkdir -p /var/www/compass && \
+ ln -s -f /opt/compass/bin/compass_wsgi.py /var/www/compass/compass.wsgi && \
+ cp -rf /usr/lib64/libcrypto.so.6 /usr/lib64/libcrypto.so
+
+
+# install comapss-deck code
+RUN mkdir -p /var/log/compass && \
+ chmod -R 777 /var/log/compass && \
+ chmod -R 777 /opt/compass/db && \
+ touch /root/compass-deck/compass/__init__.py && \
+ source `which virtualenvwrapper.sh` && \
+ workon compass-core && \
+ cd /root/compass-deck && \
+ python setup.py install && \
+ usermod -a -G root apache
+
+EXPOSE 80
+ADD start.sh /usr/local/bin/start.sh
+ENTRYPOINT ["/bin/bash", "-c"]
+CMD ["/usr/local/bin/start.sh"]
diff --git a/compass-deck/misc/adapter_changes/Debian.yml b/compass-deck/misc/adapter_changes/Debian.yml
new file mode 100644
index 0000000..0f76f75
--- /dev/null
+++ b/compass-deck/misc/adapter_changes/Debian.yml
@@ -0,0 +1,18 @@
+#############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#############################################################################
+---
+
+cron_path: "/var/spool/cron/crontabs"
+
+packages:
+ - keystone
+
+services:
+ - apache2
+ - keystone
diff --git a/compass-deck/misc/adapter_changes/HA-ansible-multinodes.yml b/compass-deck/misc/adapter_changes/HA-ansible-multinodes.yml
new file mode 100644
index 0000000..b0c5810
--- /dev/null
+++ b/compass-deck/misc/adapter_changes/HA-ansible-multinodes.yml
@@ -0,0 +1,239 @@
+---
+- hosts: all
+ remote_user: root
+ pre_tasks:
+ - name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /root/.ssh
+ owner: root
+ group: root
+
+ - name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /root/.ssh/config
+ owner: root
+ group: root
+
+ - name: generate ssh keys
+ shell: if [ ! -f ~/.ssh/id_rsa.pub ]; then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; else echo "already gen ssh key!"; fi;
+
+ - name: fetch ssh keys
+ fetch: src=/root/.ssh/id_rsa.pub dest=/tmp/ssh-keys-{{ ansible_hostname }} flat=yes
+
+ - authorized_key:
+ user: root
+ key: "{{ lookup('file', 'item') }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+ max_fail_percentage: 0
+ roles:
+ - common
+
+- hosts: all
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - setup-network
+
+- hosts: ha
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - ha
+
+- hosts: controller
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - memcached
+ - apache
+ - database
+ - mq
+ - keystone
+ - nova-controller
+ - neutron-controller
+ - cinder-controller
+ - glance
+ - neutron-common
+ - neutron-network
+ - ceilometer_controller
+# - ext-network
+ - dashboard
+ - heat
+ - aodh
+
+- hosts: all
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - storage
+
+- hosts: compute
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - nova-compute
+ - neutron-compute
+ - cinder-volume
+ - ceilometer_compute
+
+- hosts: all
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - secgroup
+
+- hosts: ceph_adm
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles: []
+ # - ceph-deploy
+
+- hosts: ceph
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - ceph-purge
+ - ceph-config
+
+- hosts: ceph_mon
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - ceph-mon
+
+- hosts: ceph_osd
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - ceph-osd
+
+- hosts: ceph
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - ceph-openstack
+
+- hosts: all
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - monitor
+
+
+- hosts: all
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ tasks:
+ - name: set bash to nova
+ user:
+ name: nova
+ shell: /bin/bash
+
+ - name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /var/lib/nova/.ssh
+ owner: nova
+ group: nova
+
+ - name: copy ssh keys for nova
+ shell: cp -rf /root/.ssh/id_rsa /var/lib/nova/.ssh;
+
+ - name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /var/lib/nova/.ssh/config
+ owner: nova
+ group: nova
+
+ - authorized_key:
+ user: nova
+ key: "{{ lookup('file', 'item') }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+
+ - name: chown ssh file
+ shell: chown -R nova:nova /var/lib/nova/.ssh;
+
+
+- hosts: all
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - odl_cluster
+
+- hosts: all
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - onos_cluster
+
+- hosts: all
+ remote_user: root
+ sudo: True
+ max_fail_percentage: 0
+ roles:
+ - open-contrail
+
+- hosts: all
+ remote_user: root
+ serial: 1
+ max_fail_percentage: 0
+ roles:
+ - odl_cluster_neutron
+
+- hosts: all
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - odl_cluster_post
+
+- hosts: controller
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - ext-network
+
+- hosts: controller
+ remote_user: root
+ accelerate: false
+ max_fail_percentage: 0
+ roles:
+ - tacker
diff --git a/compass-deck/misc/adapter_changes/keystone_install.yml b/compass-deck/misc/adapter_changes/keystone_install.yml
new file mode 100644
index 0000000..01907c6
--- /dev/null
+++ b/compass-deck/misc/adapter_changes/keystone_install.yml
@@ -0,0 +1,74 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
+- name: install keystone packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: packages | union(packages_noarch)
+
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
+- name: generate keystone service list
+ lineinfile: dest=/opt/service create=yes line='{{ item }}'
+ with_items: services | union(services_noarch)
+
+- name: delete sqlite database
+ file:
+ path: /var/lib/keystone/keystone.db
+ state: absent
+
+- name: update keystone conf
+ template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes
+ notify:
+ - restart keystone services
+
+- name: update apache2 configs
+ template:
+ src: wsgi-keystone.conf.j2
+ dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf'
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart keystone services
+
+- name: update apache2 configs
+ template:
+ src: wsgi-keystone.conf.j2
+ dest: '{{ apache_config_dir }}/wsgi-keystone.conf'
+ when: ansible_os_family == 'RedHat'
+ notify:
+ - restart keystone services
+
+- name: enable keystone server
+ file:
+ src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf"
+ dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf"
+ state: "link"
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart keystone services
+
+- name: keystone source files
+ template: src={{ item }} dest=/opt/{{ item }}
+ with_items:
+ - admin-openrc.sh
+ - demo-openrc.sh
+
+- meta: flush_handlers
diff --git a/compass-deck/misc/adapter_changes/preseed_post_anamon_local b/compass-deck/misc/adapter_changes/preseed_post_anamon_local
new file mode 100644
index 0000000..c4f461f
--- /dev/null
+++ b/compass-deck/misc/adapter_changes/preseed_post_anamon_local
@@ -0,0 +1,80 @@
+#if $str($getVar('anamon_enabled','')) == "1"
+
+## install anamon script
+ #if $getVar("compass_server", "") != ""
+wget -O /usr/local/sbin/anamon "http://$compass_server:$http_port/cobbler/aux/anamon"
+ #else
+wget -O /usr/local/sbin/anamon "http://$server:$http_port/cobbler/aux/anamon"
+ #end if
+## install anamon system service
+cat << EOF > /etc/init.d/anamon.init
+#raw
+#!/bin/bash
+## BEGIN INIT INFO
+# Provides: anamon.init
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
+# Required-Start: $network
+# Short-Description: Starts the cobbler anamon boot notification program
+# Description: anamon runs the first time a machine is booted after
+# installation.
+## END INIT INFO
+
+#
+# anamon.init: Starts the cobbler post-install boot notification program
+#
+# chkconfig: 35 95 95
+#
+# description: anamon runs the first time a machine is booted after
+# installation.
+#
+#end raw
+cd /var/log/installer
+gunzip initial-status.gz
+cd -
+#if $getVar("compass_server","") != ""
+/usr/local/sbin/anamon --watchfile "/var/log/installer/syslog /var/log/installer/hardware-summary /var/log/installer/initial-status /var/log/installer/status" --name $name --server $compass_server --port $http_port --exit
+#else
+/usr/local/sbin/anamon --watchfile "/var/log/installer/syslog /var/log/installer/hardware-summary /var/log/installer/initial-status /var/log/installer/status" --name $name --server $server --port $http_port --exit
+#end if
+update-rc.d -f anamon remove
+mv /etc/init.d/anamon.init /tmp/anamon.init
+EOF
+
+## adjust permissions
+chmod 755 /etc/init.d/anamon.init /usr/local/sbin/anamon
+test -d /selinux && restorecon /etc/init.d/anamon.init /usr/local/sbin/anamon
+
+## enable the script
+update-rc.d anamon.init defaults 95 95
+#end if
+
+## place start-up script for updating os state
+#if $getVar('compass_server', '') != ""
+ #set srv = $getVar('compass_server','')
+#else
+ #set srv = $getVar('server','')
+#end if
+cat << EOF > /etc/init.d/set_state
+#raw
+#!/bin/bash
+# Provides: set_state
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
+# Required-Start: $network $ssh
+# Short-Description: Notifies the os installation is finished
+# Description: set_state runs the first time a machine is booted after
+# installation.
+#end raw
+wget -O /tmp/os_state --post-data='{"ready": true}' --header=Content-Type:application/json "http://$srv/api/hosts/${host_id}/state_internal"
+update-rc.d -f set_state remove
+mv /etc/init.d/set_state /tmp/set_state
+EOF
+
+## adjust permissions
+chmod 755 /etc/init.d/set_state
+test -d /selinux && restorecon /etc/init.d/set_state
+
+update-rc.d set_state defaults 99 99
+
+echo "compass_server=$server" >> /etc/compass.conf
diff --git a/compass-deck/misc/adapter_changes/preseed_post_anamon_remote b/compass-deck/misc/adapter_changes/preseed_post_anamon_remote
new file mode 100644
index 0000000..aae183a
--- /dev/null
+++ b/compass-deck/misc/adapter_changes/preseed_post_anamon_remote
@@ -0,0 +1,80 @@
+#if $str($getVar('anamon_enabled','')) == "1"
+
+## install anamon script
+ #if $getVar("compass_server", "") != ""
+wget -O /usr/local/sbin/anamon "http://$compass_server:$http_port/cobbler/aux/anamon"
+ #else
+wget -O /usr/local/sbin/anamon "http://$server:$http_port/cobbler/aux/anamon"
+ #end if
+## install anamon system service
+cat << EOF > /etc/init.d/anamon.init
+#raw
+#!/bin/bash
+## BEGIN INIT INFO
+# Provides: anamon.init
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
+# Required-Start: $network
+# Short-Description: Starts the cobbler anamon boot notification program
+# Description: anamon runs the first time a machine is booted after
+# installation.
+## END INIT INFO
+
+#
+# anamon.init: Starts the cobbler post-install boot notification program
+#
+# chkconfig: 35 95 95
+#
+# description: anamon runs the first time a machine is booted after
+# installation.
+#
+#end raw
+cd /var/log/installer
+gunzip initial-status.gz
+cd -
+#if $getVar("compass_server","") != ""
+/usr/local/sbin/anamon --watchfile "/var/log/installer/syslog /var/log/installer/hardware-summary /var/log/installer/initial-status /var/log/installer/status" --name $name --server $compass_server --port $http_port --exit
+#else
+/usr/local/sbin/anamon --watchfile "/var/log/installer/syslog /var/log/installer/hardware-summary /var/log/installer/initial-status /var/log/installer/status" --name $name --server $server --port $http_port --exit
+#end if
+update-rc.d -f anamon remove
+mv /etc/init.d/anamon.init /tmp/anamon.init
+EOF
+
+## adjust permissions
+chmod 755 /etc/init.d/anamon.init /usr/local/sbin/anamon
+test -d /selinux && restorecon /etc/init.d/anamon.init /usr/local/sbin/anamon
+
+## enable the script
+update-rc.d anamon.init defaults 95 95
+#end if
+
+## place start-up script for updating os state
+#if $getVar('compass_server', '') != ""
+ #set srv = $getVar('compass_server','')
+#else
+ #set srv = $getVar('server','')
+#end if
+cat << EOF > /etc/init.d/set_state
+#raw
+#!/bin/bash
+# Provides: set_state
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 4 6
+# Required-Start: $network $ssh
+# Short-Description: Notifies the os installation is finished
+# Description: set_state runs the first time a machine is booted after
+# installation.
+#end raw
+wget -O /tmp/os_state --post-data='{"ready": true}' --header=Content-Type:application/json "http://c.stack360.io/api/hosts/${host_id}/state_internal"
+update-rc.d -f set_state remove
+mv /etc/init.d/set_state /tmp/set_state
+EOF
+
+## adjust permissions
+chmod 755 /etc/init.d/set_state
+test -d /selinux && restorecon /etc/init.d/set_state
+
+update-rc.d set_state defaults 99 99
+
+echo "compass_server=$server" >> /etc/compass.conf
diff --git a/compass-deck/misc/apache/README b/compass-deck/misc/apache/README
new file mode 100644
index 0000000..73b883c
--- /dev/null
+++ b/compass-deck/misc/apache/README
@@ -0,0 +1,15 @@
+Apache2 is supported. mod_wsgi is required to run Compass web app.
+
+On Ubuntu systems (e.g, 12.04), you can install mod_wsgi with
+ sudo aptitude install libapache2-mod-wsgi
+
+The current wsgi config file assumes that the environment variable
+ODS_PROJECT_HOME is set in /etc/apache2/envvars file.You also need
+to make sure mod_rewrite module in apache is enabled. If not, you
+need to run the command: sudo a2enmod rewrite
+
+We also assume that the server host name is ods-server.us.huawei.com.
+
+Restart Apache to get mod_wsgi to work.
+
+sudo service apache2 restart
diff --git a/compass-deck/misc/apache/cobbler_web.conf b/compass-deck/misc/apache/cobbler_web.conf
new file mode 100644
index 0000000..f03d4fe
--- /dev/null
+++ b/compass-deck/misc/apache/cobbler_web.conf
@@ -0,0 +1,10 @@
+# This configuration file enables the cobbler web
+# interface (django version)
+
+# Force everything to go to https
+RewriteEngine on
+RewriteCond %{HTTPS} off
+RewriteCond %{REQUEST_URI} ^/cobbler_web
+# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+
+WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi
diff --git a/compass-deck/misc/apache/http_pip.conf b/compass-deck/misc/apache/http_pip.conf
new file mode 100644
index 0000000..9a61de2
--- /dev/null
+++ b/compass-deck/misc/apache/http_pip.conf
@@ -0,0 +1,9 @@
+Alias /pip /var/www/pip
+
+<Directory "/var/www/pip">
+ SetEnv VIRTUALENV
+ Options Indexes FollowSymLinks
+ Order allow,deny
+ Allow from all
+</Directory>
+
diff --git a/compass-deck/misc/apache/images.conf b/compass-deck/misc/apache/images.conf
new file mode 100644
index 0000000..d38986a
--- /dev/null
+++ b/compass-deck/misc/apache/images.conf
@@ -0,0 +1,9 @@
+Alias /image /var/www/guestimg
+
+<Directory "/var/www/guestimg">
+ SetEnv VIRTUALENV
+ Options Indexes FollowSymLinks
+ Order allow,deny
+ Allow from all
+</Directory>
+
diff --git a/compass-deck/misc/apache/ods-server.conf b/compass-deck/misc/apache/ods-server.conf
new file mode 100644
index 0000000..a773777
--- /dev/null
+++ b/compass-deck/misc/apache/ods-server.conf
@@ -0,0 +1,18 @@
+# Apache config for ods server
+#
+# Specify python path if you use virtualenv
+
+WSGIDaemonProcess compass threads=4 display-name=%{GROUP}
+WSGIProcessGroup compass
+WSGIScriptAlias /api /var/www/compass/compass.wsgi
+WSGISocketPrefix /var/run/wsgi
+
+<VirtualHost *:80>
+ DocumentRoot /var/www/compass_web/v2.5
+
+ <Directory "/var/www/compass_web/v2.5">
+ Options Indexes FollowSymLinks
+ Order allow,deny
+ Allow from all
+ </Directory>
+</VirtualHost>
diff --git a/compass-deck/misc/apache/packages.conf b/compass-deck/misc/apache/packages.conf
new file mode 100644
index 0000000..0934fcd
--- /dev/null
+++ b/compass-deck/misc/apache/packages.conf
@@ -0,0 +1,9 @@
+Alias /packages /var/www/packages
+
+<Directory "/var/www/packages">
+ SetEnv VIRTUALENV
+ Options Indexes FollowSymLinks
+ Order allow,deny
+ Allow from all
+</Directory>
+
diff --git a/compass-deck/misc/apache/ssl.conf b/compass-deck/misc/apache/ssl.conf
new file mode 100644
index 0000000..703f97d
--- /dev/null
+++ b/compass-deck/misc/apache/ssl.conf
@@ -0,0 +1,221 @@
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these
+# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+#
+
+LoadModule ssl_module modules/mod_ssl.so
+
+#
+# When we also provide SSL we have to listen to the
+# the HTTPS port in addition.
+#
+Listen 445
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism
+# to use and second the expiring timeout (in seconds).
+SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout 300
+
+# Semaphore:
+# Configure the path to the mutual exclusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the
+# SSL library. The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+SSLRandomSeed startup file:/dev/urandom 256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random 512
+#SSLRandomSeed connect file:/dev/random 512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names. NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly.
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:445>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+# SSL Engine Switch:
+# Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+# SSL Protocol support:
+# List the enable protocol levels with which clients will be able to
+# connect. Disable SSLv2 access by default:
+SSLProtocol all -SSLv2
+
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+# Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate. If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase. Note that a kill -HUP will prompt again. A new
+# certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+# Server Private Key:
+# If the key is not combined with the certificate, use this
+# directive to point at the key file. Keep in mind that if
+# you've both a RSA and a DSA private key you can configure
+# both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+# Server Certificate Chain:
+# Point SSLCertificateChainFile at a file containing the
+# concatenation of PEM encoded CA certificates which form the
+# certificate chain for the server certificate. Alternatively
+# the referenced file can be the same as SSLCertificateFile
+# when the CA certificates are directly appended to the server
+# certificate for convinience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+# Certificate Authority (CA):
+# Set the CA certificate verification path where to find CA
+# certificates for client authentication or alternatively one
+# huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+# Client Authentication (Type):
+# Client certificate verification type and depth. Types are
+# none, optional, require and optional_no_ca. Depth is a
+# number which specifies how deeply to verify the certificate
+# issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth 10
+
+# Access Control:
+# With SSLRequire you can do per-directory access control based
+# on arbitrary complex boolean expressions containing server
+# variable checks and other lookup directives. The syntax is a
+# mixture between C and Perl. See the mod_ssl documentation
+# for more details.
+#<Location />
+#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+# SSL Engine Options:
+# Set various options for the SSL engine.
+# o FakeBasicAuth:
+# Translate the client X.509 into a Basic Authorisation. This means that
+# the standard Auth/DBMAuth methods can be used for access control. The
+# user name is the `one line' version of the client's X.509 certificate.
+# Note that no password is obtained from the user. Every entry in the user
+# file needs this password: `xxj31ZMTZzkVA'.
+# o ExportCertData:
+# This exports two additional environment variables: SSL_CLIENT_CERT and
+# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+# server (always existing) and the client (only existing when client
+# authentication is used). This can be used to import the certificates
+# into CGI scripts.
+# o StdEnvVars:
+# This exports the standard SSL/TLS related `SSL_*' environment variables.
+# Per default this exportation is switched off for performance reasons,
+# because the extraction step is an expensive operation and is usually
+# useless for serving static content. So one usually enables the
+# exportation for CGI and SSI requests only.
+# o StrictRequire:
+# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+# under a "Satisfy any" situation, i.e. when it applies access is denied
+# and no other module can change it.
+# o OptRenegotiate:
+# This enables optimized SSL connection renegotiation handling when SSL
+# directives are used in per-directory context.
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+ SSLOptions +StdEnvVars
+</Files>
+<Directory "/var/www/cgi-bin">
+ SSLOptions +StdEnvVars
+</Directory>
+
+# SSL Protocol Adjustments:
+# The safe and default but still SSL/TLS standard compliant shutdown
+# approach is that mod_ssl sends the close notify alert but doesn't wait for
+# the close notify alert from client. When you need a different shutdown
+# approach you can use one of the following variables:
+# o ssl-unclean-shutdown:
+# This forces an unclean shutdown when the connection is closed, i.e. no
+# SSL close notify alert is send or allowed to received. This violates
+# the SSL/TLS standard but is needed for some brain-dead browsers. Use
+# this when you receive I/O errors because of the standard approach where
+# mod_ssl sends the close notify alert.
+# o ssl-accurate-shutdown:
+# This forces an accurate shutdown when the connection is closed, i.e. a
+# SSL close notify alert is send and mod_ssl waits for the close notify
+# alert of the client. This is 100% SSL/TLS standard compliant, but in
+# practice often causes hanging connections with brain-dead browsers. Use
+# this only for browsers where you know that their SSL implementation
+# works correctly.
+# Notice: Most problems of broken clients are also related to the HTTP
+# keep-alive facility, so you usually additionally want to disable
+# keep-alive for those clients, too. Use variable "nokeepalive" for this.
+# Similarly, one has to force some clients to use HTTP/1.0 to workaround
+# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+# "force-response-1.0" for this.
+SetEnvIf User-Agent ".*MSIE.*" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+# Per-Server Logging:
+# The home of a custom SSL log file. Use this when you want a
+# compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
+
diff --git a/compass-deck/misc/chef-server/chef-server.rb b/compass-deck/misc/chef-server/chef-server.rb
new file mode 100644
index 0000000..f7956a6
--- /dev/null
+++ b/compass-deck/misc/chef-server/chef-server.rb
@@ -0,0 +1,4 @@
+nginx['non_ssl_port'] = 8080
+nginx['enable_non_ssl'] = true
+nginx['ssl_port'] = 443
+nginx['url'] = "https://#{node['fqdn']}"
diff --git a/compass-deck/misc/ci/prepare_node_compass.sh b/compass-deck/misc/ci/prepare_node_compass.sh
new file mode 100755
index 0000000..b9c40db
--- /dev/null
+++ b/compass-deck/misc/ci/prepare_node_compass.sh
@@ -0,0 +1,28 @@
+#!/bin/bash -x
+echo 0 > /selinux/enforce
+yum clean all
+yum -y update --skip-broken
+yum install -y virt-install libvirt qemu-kvm figlet rsyslog logrotate iproute openssh-clients python git wget python-setuptools python-netaddr python-flask python-flask-sqlalchemy python-amqplib amqp python-paramiko python-mock dhcp bind rsync yum-utils xinetd tftp-server gcc net-snmp-utils net-snmp net-snmp-python python-daemon unzip openssl openssl098e createrepo mkisofs python-cheetah python-simplejson python-urlgrabber PyYAML Django cman debmirror pykickstart libxml2-devel libxslt-devel python-devel sshpass bc
+service libvirtd start
+sed -i "s/Defaults requiretty/#Defaults requiretty/" /etc/sudoers
+brctl show |grep installation > /dev/null
+if [[ $? -eq 0 ]] ; then
+ echo "bridge already exists"
+else
+ brctl addbr installation
+ brctl addif installation eth1
+ ifconfig eth1 up
+ dhclient -r eth1
+ dhclient -r installation
+ dhclient installation
+fi
+git clone http://git.openstack.org/openstack/compass-core -b dev/experimental ||exit $?
+cd compass-core
+source install/install.conf.template
+source install/install.conf
+source install/setup_env.sh
+source install/dependency.sh
+source install/prepare.sh
+sync
+sleep 5
+echo "image preparation done"
diff --git a/compass-deck/misc/ci/pxe-deploy.sh b/compass-deck/misc/ci/pxe-deploy.sh
new file mode 100755
index 0000000..545c95a
--- /dev/null
+++ b/compass-deck/misc/ci/pxe-deploy.sh
@@ -0,0 +1,14 @@
+#!/bin/bash -xe
+ln -s /var/log/cobbler/anamon cobbler_logs
+ln -s /var/log/compass compass_logs
+ln -s /var/log/chef chef_logs
+cp compass-core/compass/apiclient/example.py /tmp/test.py
+chmod +x /tmp/test.py
+virsh destroy pxe01
+virsh start pxe01
+virsh list
+source compass-core/install/install.conf.template
+/usr/bin/python /tmp/test.py
+if [ "$tempest" == "true" ]; then
+ ./tempest_run.sh
+fi
diff --git a/compass-deck/misc/ci/pxe-prepare.sh b/compass-deck/misc/ci/pxe-prepare.sh
new file mode 100755
index 0000000..08f5eb3
--- /dev/null
+++ b/compass-deck/misc/ci/pxe-prepare.sh
@@ -0,0 +1,29 @@
+#!/bin/bash -x
+if [[ ! -e /tmp/pxe01.raw ]]; then
+ qemu-img create -f raw /tmp/pxe01.raw 20G
+else
+ rm -rf /tmp/pxe01.raw
+ qemu-img create -f raw /tmp/pxe01.raw 20G
+fi
+virsh list |grep pxe01
+vmrc=$?
+if [[ $vmrc -eq 0 ]] ; then
+ virsh destroy pxe01
+ virsh undefine pxe01
+else
+ echo "no legacy pxe vm found"
+fi
+virt-install --accelerate --hvm --connect qemu:///system \
+ --network=bridge:installation,mac=00:11:20:30:40:01 --pxe \
+ --network=network:default \
+ --name pxe01 --ram=8192 \
+ --disk /tmp/pxe01.raw,format=raw \
+ --vcpus=10 \
+ --graphics vnc,listen=0.0.0.0 --noautoconsole \
+ --os-type=linux --os-variant=rhel6
+rm -rf switch-file
+echo "machine,10.145.81.220,5,1,00:11:20:30:40:01" > switch-file
+echo "switch,10.145.81.220,huawei,v2c,public,under_monitoring" >> switch-file
+/usr/bin/python /opt/compass/bin/manage_db.py set_switch_machines --switch_machines_file switch-file
+/usr/bin/python /opt/compass/bin/manage_db.py clean_clusters
+/usr/bin/python /opt/compass/bin/manage_db.py clean_installation_progress
diff --git a/compass-deck/misc/ci/tempest_run.sh b/compass-deck/misc/ci/tempest_run.sh
new file mode 100755
index 0000000..7ac2212
--- /dev/null
+++ b/compass-deck/misc/ci/tempest_run.sh
@@ -0,0 +1,81 @@
+#!/bin/bash -xe
+# Determinate is the given option present in the INI file
+# ini_has_option config-file section option
+function ini_has_option {
+ local xtrace=$(set +o | grep xtrace)
+ set +o xtrace
+ local file=$1
+ local section=$2
+ local option=$3
+ local line
+ line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
+ $xtrace
+ [ -n "$line" ]
+}
+# Set an option in an INI file
+# iniset config-file section option value
+function iniset {
+ local xtrace=$(set +o | grep xtrace)
+ set +o xtrace
+ local file=$1
+ local section=$2
+ local option=$3
+ local value=$4
+
+ [[ -z $section || -z $option ]] && return
+
+ if ! grep -q "^\[$section\]" "$file" 2>/dev/null; then
+ # Add section at the end
+ echo -e "\n[$section]" >>"$file"
+ fi
+ if ! ini_has_option "$file" "$section" "$option"; then
+ # Add it
+ sed -i -e "/^\[$section\]/ a\\
+$option = $value
+" "$file"
+ else
+ local sep=$(echo -ne "\x01")
+ # Replace it
+ sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file"
+ fi
+ $xtrace
+}
+#Install prerequites for Tempest
+pip install tox==1.6.1
+#Install setuptools twice so that it is really upgraded
+pip install -U setuptools
+pip install -U setuptools
+pip install -U virtualenvwrapper
+yum install -y libxml2-devel libxslt-devel python-devel sshpass
+if [[ ! -e /tmp/tempest ]]; then
+ git clone http://git.openstack.org/openstack/tempest /tmp/tempest
+ cd /tmp/tempest
+else
+ cd /tmp/tempest
+ git remote set-url origin http://git.openstack.org/openstack/tempest
+ git remote update
+ git reset --hard
+ git clean -x -f -d -q
+ git checkout remotes/origin/master
+fi
+source `which virtualenvwrapper.sh`
+set +e
+if ! lsvirtualenv |grep tempest>/dev/null; then
+ mkvirtualenv tempest
+ workon tempest
+else
+ workon tempest
+fi
+set -e
+cd /tmp/tempest
+#Install Tempest including dependencies
+pip install -e .
+nova_api_host=$(knife search node 'roles:os-compute-api' | grep 'IP:' | awk '{print $2}' | head -1)
+sshpass -p 'root' scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -r root@$nova_api_host:/root/openrc /root/.
+source /root/openrc
+# wait for nova-compute neutron-agent and cinder-volume to report health
+# In some scenarios, nova-compute is up before conductor and has to retry
+# to register to conductor and there is some wait time between retries.
+timeout 180s sh -c "while ! nova service-list --binary nova-compute | grep 'enabled.*\ up\ '; do sleep 3; done"
+timeout 180s sh -c '''while ! neutron agent-list -f csv -c alive -c agent_type -c host | grep "\":-).*Open vSwitch agent.*\"" ; do sleep 3; done'''
+timeout 180s sh -c "cinder service-list --binary cinder-volume | grep 'enabled.*\ up\ '"
diff --git a/compass-deck/misc/ci/test-install.sh b/compass-deck/misc/ci/test-install.sh
new file mode 100755
index 0000000..22fd5d4
--- /dev/null
+++ b/compass-deck/misc/ci/test-install.sh
@@ -0,0 +1,22 @@
+#!/bin/bash -x
+# create a bridge named 'installation' so that compass and pxeboot vm are in the
+# same l2 network.
+brctl show |grep installation > /dev/null
+if [[ $? -eq 0 ]] ; then
+ echo "bridge already exists"
+else
+ brctl addbr installation
+ brctl addif installation eth1
+fi
+
+ifconfig installation 172.16.0.1 broadcast 172.16.0.0 netmask 255.255.0.0 up
+ifconfig eth1 up
+
+# kill the dhcp service started by libvirt to avoid conflict with dhcpd
+killall dnsmasq
+source compass-core/install/install.conf.template
+/bin/bash -x compass-core/install/install.sh || exit $?
+# echo "cache_peer 10.145.81.137 parent 3128 3130 default" >> /etc/squid/squid.conf
+# service squid restart
+# service squid status |grep running || exit $?
+# sleep 5
diff --git a/compass-deck/misc/compass_install.repo b/compass-deck/misc/compass_install.repo
new file mode 100644
index 0000000..6b97ed0
--- /dev/null
+++ b/compass-deck/misc/compass_install.repo
@@ -0,0 +1,5 @@
+[compass_install]
+name=compass_repo
+baseurl=http://192.168.104.2:9999/download/compass_install/centos7/
+gpgcheck=0
+enabled=1
diff --git a/compass-deck/misc/hosts b/compass-deck/misc/hosts
new file mode 100644
index 0000000..8b39e25
--- /dev/null
+++ b/compass-deck/misc/hosts
@@ -0,0 +1,3 @@
+127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
+$ipaddr $hostname
diff --git a/compass-deck/misc/logrotate.d/httpd b/compass-deck/misc/logrotate.d/httpd
new file mode 100644
index 0000000..794b9d7
--- /dev/null
+++ b/compass-deck/misc/logrotate.d/httpd
@@ -0,0 +1,9 @@
+/var/log/httpd/*log {
+ missingok
+ notifempty
+ sharedscripts
+ delaycompress
+ postrotate
+ /sbin/service httpd reload > /dev/null 2>/dev/null || true
+ endscript
+}
diff --git a/compass-deck/misc/logrotate.d/ntp b/compass-deck/misc/logrotate.d/ntp
new file mode 100644
index 0000000..6b290d5
--- /dev/null
+++ b/compass-deck/misc/logrotate.d/ntp
@@ -0,0 +1,9 @@
+/var/log/ntp.log {
+ missingok
+ notifempty
+ sharedscripts
+ delaycompress
+ postrotate
+ /sbin/service ntpd reload > /dev/null 2>/dev/null || true
+ endscript
+}
diff --git a/compass-deck/misc/logrotate.d/squid b/compass-deck/misc/logrotate.d/squid
new file mode 100644
index 0000000..1191d23
--- /dev/null
+++ b/compass-deck/misc/logrotate.d/squid
@@ -0,0 +1,9 @@
+/var/log/squid/*log {
+ missingok
+ notifempty
+ sharedscripts
+ delaycompress
+ postrotate
+ /sbin/service squid reload > /dev/null 2>/dev/null || true
+ endscript
+}
diff --git a/compass-deck/misc/logrotate.d/syslog b/compass-deck/misc/logrotate.d/syslog
new file mode 100644
index 0000000..db907ed
--- /dev/null
+++ b/compass-deck/misc/logrotate.d/syslog
@@ -0,0 +1,13 @@
+/var/log/cron
+/var/log/maillog
+/var/log/messages
+/var/log/secure
+/var/log/spooler
+/var/log/dhcpd.log
+/var/log/tftpd.log
+{
+ sharedscripts
+ postrotate
+ /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
+ endscript
+}
diff --git a/compass-deck/misc/logrotate.d/yum b/compass-deck/misc/logrotate.d/yum
new file mode 100644
index 0000000..e587f96
--- /dev/null
+++ b/compass-deck/misc/logrotate.d/yum
@@ -0,0 +1,7 @@
+/var/log/yum.log {
+ missingok
+ notifempty
+ size 30k
+ yearly
+ create 0600 root root
+}
diff --git a/compass-deck/misc/logstash-forwarder/logstash-forwarder.conf b/compass-deck/misc/logstash-forwarder/logstash-forwarder.conf
new file mode 100644
index 0000000..d0cffeb
--- /dev/null
+++ b/compass-deck/misc/logstash-forwarder/logstash-forwarder.conf
@@ -0,0 +1,57 @@
+{
+ # The network section covers network configuration :)
+ "network": {
+ # A list of downstream servers listening for our messages.
+ # logstash-forwarder will pick one at random and only switch if
+ # the selected one appears to be dead or unresponsive
+ "servers": [ "www.stack360.io:5000" ],
+
+ # The path to your client ssl certificate (optional)
+ #"ssl certificate": "./logstash-forwarder.crt",
+ # The path to your client ssl key (optional)
+ #"ssl key": "./logstash-forwarder.key",
+
+ # The path to your trusted ssl CA file. This is used
+ # to authenticate your downstream server.
+ "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt",
+
+ # Network timeout in seconds. This is most important for
+ # logstash-forwarder determining whether to stop waiting for an
+ # acknowledgement from the downstream server. If an timeout is reached,
+ # logstash-forwarder will assume the connection or server is bad and
+ # will connect to a server chosen at random from the servers list.
+ "timeout": 15
+ },
+
+ # The list of files configurations
+ "files": [
+ {
+ "paths": [
+ "/var/log/compass/celery.log"
+ ]
+ }
+ # An array of hashes. Each hash tells what paths to watch and
+ # what fields to annotate on events from those paths.
+ #{
+ #"paths": [
+ # single paths are fine
+ #"/var/log/messages",
+ # globs are fine too, they will be periodically evaluated
+ # to see if any new files match the wildcard.
+ #"/var/log/*.log"
+ #],
+
+ # A dictionary of fields to annotate on each event.
+ #"fields": { "type": "syslog" }
+ #}, {
+ # A path of "-" means stdin.
+ #"paths": [ "-" ],
+ #"fields": { "type": "stdin" }
+ #}, {
+ #"paths": [
+ #"/var/log/apache/httpd-*.log"
+ #],
+ #"fields": { "type": "apache" }
+ #}
+ ]
+}
diff --git a/compass-deck/misc/logstash-forwarder/logstash-forwarder.crt b/compass-deck/misc/logstash-forwarder/logstash-forwarder.crt
new file mode 100644
index 0000000..90f66b1
--- /dev/null
+++ b/compass-deck/misc/logstash-forwarder/logstash-forwarder.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFAzCCAuugAwIBAgIJAKrryFncVfJNMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNV
+BAMMDSouc3RhY2szNjAuaW8wHhcNMTYwODE4MTcwNzEyWhcNMjYwODE2MTcwNzEy
+WjAYMRYwFAYDVQQDDA0qLnN0YWNrMzYwLmlvMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAw4p1OVw8tMeYfk9828FiRLPhYWwHD2OCVwlKr8P3bl974I/P
+PhYTkrjEEe5SDYCWNcO58MxJ5X1vB2uQGNBBUFMni+KOqbVvcbPLL4Mkf8pjLdzD
+2pItE1X7UQ8p1iYBEyAnLoV4MjA7CJ4MmUtOOcCb6keHWEhyJFOj9IzkTjFCbKuL
+Y0paxayQOFlkuEK2d3Aa2HXgTLh3FFUX3kRqOcGg1uxEs2awf0nwP/NwcyfAgTSe
+6yqVjnb3GLYdy283FqvxW1MrZS9UAxp/tAXRgMT8I9L2wSrjnPmrabBv5I+Kuf0p
+EmLmxedOCTQsRYtYGL7TmySYgGuYtt/4UNKaG9tCPBnRXuMzlRClBDIoDhwLEKzC
+LlE8JKyClNgutMKcrHbWlEJiGxooyDC1H9gwkHTi3w7qF9BYYBhkXFN2Sl0mPk0m
+6NMfhQUAeqI0HlOsAX/HLwSWyRl0Nr2rvVJqgbbHRF18pADitQEuc/koT9qhON5f
+BReYhQZIarwPJ/UBgwgadrP79bvWJ5u9Oga6H7yHf49/UYD3gQCvu3/Hxo/IY6AX
+86eZg1ZObD6J0xpWb5jskVSgugar6Xq/h6iRkX8O3ssUdIyIxsIMhtCgxykSmdQY
+FDEIWGZq2kdEVvF6GR/EYJRxvASI+27TXzuxP1UodQQOXa8xySkKu9U5SqMCAwEA
+AaNQME4wHQYDVR0OBBYEFPLilPT6k6rRlxv9kCTW38VYy5AuMB8GA1UdIwQYMBaA
+FPLilPT6k6rRlxv9kCTW38VYy5AuMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggIBAAdDy+R0bGCBQgiF2fGunl+AZ8zd0MZbtL4Kv53gunlhyaPQJ3Z+e3GF
+V+Z9BhvMUXE/XN3bsAIZYJekvclysYLBdK1C8n9Rli+AbBSGjwgttRAXeEqaZCbE
+QrNPukRgHThv6hyJNcf1TnR70xCBlcYOGQkEqWx1g0xrsG8ryGbum0BAG0YWLCYq
+BboP16FGAPjDlb10ysWy7HuGJorf470Kyb2iRfp4PX/zdYbcA8gcggGCT323JwuD
+Qwnd8kyX6+6pNhBJE3gAyPDhqvbFbpmo/Ia5pqmJkL3APee1bVI2itqZB/HnmyZ5
+UCIzqf4uAuEodN6yXiImHt0TagXtL4eEXNE2qjwsFSaHeyP6iXPX5tc8RMHzFQjH
+I3MzROHaeVUxs2rMxETGvq4+DebhGzCBKaJUWfMV6Y1+ovrE0MowcR8nO1Q4YQt3
+to+W5IrjI7zzQ7+4XqZm+Yz1DQ4Kr7s2iyAExvkq7kU5FAow6SLPIaOl7kbas2M4
+fwFisuEQT2Om+hbWWZTJ1T45KU5NjznkPqJZ9dCdyqs2mH7BE4vOkOULq81uFG06
+VnJHcO+wZM1iCLa1hy7F2S4fDTjTBYDcuD5GFkulFLeFH5X7zoPz20OGTRMXZONI
+CHEk1ibp8j/Q6bw1zd0jGm3KDUSx+0/Avfve/e28U4KAdNekrgQf
+-----END CERTIFICATE-----
diff --git a/compass-deck/misc/logstash-forwarder/logstash-forwarder.repo b/compass-deck/misc/logstash-forwarder/logstash-forwarder.repo
new file mode 100644
index 0000000..27d68ba
--- /dev/null
+++ b/compass-deck/misc/logstash-forwarder/logstash-forwarder.repo
@@ -0,0 +1,6 @@
+[logstashforwarder]
+name=logstashforwarder repository
+baseurl=http://packages.elasticsearch.org/logstashforwarder/centos
+gpgcheck=1
+gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
+enabled=1
diff --git a/compass-deck/misc/ntp/ntp.conf b/compass-deck/misc/ntp/ntp.conf
new file mode 100644
index 0000000..e1572f3
--- /dev/null
+++ b/compass-deck/misc/ntp/ntp.conf
@@ -0,0 +1,60 @@
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile /var/lib/ntp/drift
+
+logfile /var/log/ntp.log
+
+# Permit time synchronization with our time source, but do not
+# permit the source to query or modify the service on this system.
+restrict default kod nomodify notrap nopeer noquery
+restrict -6 default kod nomodify notrap nopeer noquery
+
+# Permit all access over the loopback interface. This could
+# be tightened as well, but to do so would effect some of
+# the administrative functions.
+restrict 127.0.0.1
+restrict -6 ::1
+
+# Hosts on local network are less restricted.
+#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
+
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+server 0.centos.pool.ntp.org iburst
+server 1.centos.pool.ntp.org iburst
+server 2.centos.pool.ntp.org iburst
+server 3.centos.pool.ntp.org iburst
+
+#broadcast 192.168.1.255 autokey # broadcast server
+#broadcastclient # broadcast client
+#broadcast 224.0.1.1 autokey # multicast server
+#multicastclient 224.0.1.1 # multicast client
+#manycastserver 239.255.254.254 # manycast server
+#manycastclient 239.255.254.254 autokey # manycast client
+
+# Undisciplined Local Clock. This is a fake driver intended for backup
+# and when no outside source of synchronized time is available.
+server 127.127.1.0 # local clock
+#fudge 127.127.1.0 stratum 10
+
+# Enable public key cryptography.
+#crypto
+
+includefile /etc/ntp/crypto/pw
+
+# Key file containing the keys and key identifiers used when operating
+# with symmetric key cryptography.
+keys /etc/ntp/keys
+
+# Specify the key identifiers which are trusted.
+#trustedkey 4 8 42
+
+# Specify the key identifier to use with the ntpdc utility.
+#requestkey 8
+
+# Specify the key identifier to use with the ntpq utility.
+#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
diff --git a/compass-deck/misc/rsync b/compass-deck/misc/rsync
new file mode 100644
index 0000000..1f8b9b1
--- /dev/null
+++ b/compass-deck/misc/rsync
@@ -0,0 +1,14 @@
+# default: off
+# description: The rsync server is a good addition to an ftp server, as it \
+# allows crc checksumming etc.
+service rsync
+{
+ disable = no
+ flags = IPv6
+ socket_type = stream
+ wait = no
+ user = root
+ server = /usr/bin/rsync
+ server_args = --daemon
+ log_on_failure += USERID
+}
diff --git a/compass-deck/misc/rsyslog/rsyslog.conf b/compass-deck/misc/rsyslog/rsyslog.conf
new file mode 100644
index 0000000..306108b
--- /dev/null
+++ b/compass-deck/misc/rsyslog/rsyslog.conf
@@ -0,0 +1,97 @@
+# rsyslog v5 configuration file
+
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
+
+#### MODULES ####
+
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imklog # provides kernel logging support (previously done by rklogd)
+#$ModLoad immark # provides --MARK-- message capability
+
+# Provides UDP syslog reception
+#$ModLoad imudp
+#$UDPServerRun 514
+
+# Provides TCP syslog reception
+$ModLoad imtcp
+$InputTCPServerRun 514
+
+
+$WorkDirectory /var/lib/rsyslog
+
+# Added for chef logfiles
+$template Chef_log,"/var/log/chef/%syslogtag%/chef-client.log"
+$template Raw, "%rawmsg%"
+$template CustomLog, "%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
+$template Chef_Openstack_log, "/var/log/chef/%syslogtag%/%programname%.log"
+#### GLOBAL DIRECTIVES ####
+
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# File syncing capability is disabled by default. This feature is usually not required,
+# not useful and an extreme performance hit
+#$ActionFileEnableSync on
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+#### RULES ####
+
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.* /dev/console
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+syslog.*,daemon.* /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.* /var/log/secure
+
+# Log all the mail messages in one place.
+mail.* -/var/log/maillog
+
+
+# Log cron stuff
+cron.* /var/log/cron
+
+# Log dhcpd
+local6.* /var/log/dhcpd.log
+
+# Log tftpd
+local5.* /var/log/tftpd.log
+
+# Everybody gets emergency messages
+*.emerg *
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.* /var/log/boot.log
+
+
+local3.* -?Chef_log
+
+local4.* -?Chef_Openstack_log;CustomLog
+
+# ### begin forwarding rule ###
+# The statement between the begin ... end define a SINGLE forwarding
+# rule. They belong together, do NOT split them. If you create multiple
+# forwarding rules, duplicate the whole block!
+# Remote Logging (we use TCP for reliable delivery)
+#
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#$WorkDirectory /var/lib/rsyslog # where to place spool files
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList # run asynchronously
+#$ActionResumeRetryCount -1 # infinite retries if host is down
+# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
+#*.* @@remote-host:514
+# ### end of the forwarding rule ###
diff --git a/compass-deck/misc/snmp/snmp.conf b/compass-deck/misc/snmp/snmp.conf
new file mode 100644
index 0000000..34f8053
--- /dev/null
+++ b/compass-deck/misc/snmp/snmp.conf
@@ -0,0 +1 @@
+mibdirs +/usr/local/share/snmp/mibs
diff --git a/compass-deck/misc/squid/squid.conf b/compass-deck/misc/squid/squid.conf
new file mode 100644
index 0000000..018da20
--- /dev/null
+++ b/compass-deck/misc/squid/squid.conf
@@ -0,0 +1,71 @@
+#
+# Recommended minimum configuration:
+#
+acl manager proto cache_object
+acl localhost src 127.0.0.1/32 ::1
+acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
+
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+acl localnet src $subnet # the subnet of local network
+acl localnet src fc00::/7 # RFC 4193 local private network range
+acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
+
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Only allow cachemgr access from localhost
+http_access allow manager localhost
+http_access deny manager
+
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+http_access deny to_localhost
+
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
+http_access allow localnet
+http_access allow localhost
+
+# And finally deny all other access to this proxy
+http_access deny all
+
+# Squid normally listens to port 3128
+http_port 3128
+
+# We recommend you to use at least the following line.
+# hierarchy_stoplist cgi-bin ?
+
+cache_mem 512 MB
+maximum_object_size_in_memory 512 KB
+maximum_object_size 512 MB
+# Uncomment and adjust the following to add a disk cache directory.
+cache_dir aufs /var/squid/cache 25000 16 256
+
+cache_store_log /var/log/squid/store.log
+
+access_log none
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/spool/squid
+
+# Add any of your own refresh_pattern entries above these.
+refresh_pattern . 86400 50% 518400
+
+quick_abort_min -1 QB
+read_ahead_gap 100 MB
+
+positive_dns_ttl 30 second
+negative_dns_ttl 1 second
+
+pipeline_prefetch on
+request_timeout 15 minute