diff options
-rw-r--r-- | build/build.conf | 3 | ||||
-rw-r--r-- | deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/main.yml | 2 | ||||
-rw-r--r-- | deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 | 16 | ||||
-rw-r--r-- | deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 | 50 | ||||
-rw-r--r-- | deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/vars/main.yml | 2 | ||||
-rwxr-xr-x | deploy/deploy_parameter.sh | 8 | ||||
-rwxr-xr-x | deploy/launch.sh | 1 | ||||
-rwxr-xr-x | deploy/prepare.sh | 2 | ||||
-rw-r--r-- | util/check_valid.py | 155 |
9 files changed, 235 insertions, 4 deletions
diff --git a/build/build.conf b/build/build.conf index c6e0f7a1..15e2e1df 100644 --- a/build/build.conf +++ b/build/build.conf @@ -112,5 +112,6 @@ export SPECIAL_PIP_PACKAGE="https://bootstrap.pypa.io/ez_setup.py \ https://pypi.python.org/packages/source/p/python-dateutil/python-dateutil-2.4.2.tar.gz " export PIP_PACKAGE="https://pypi.python.org/packages/0d/af/8ccfb73834a6ddf9d57ecac61466557b7ca0722620bbb16d2d069ce312db/networking-odl-2.0.0.tar.gz \ - https://pypi.python.org/packages/90/4f/74b730294de1db393e3e82211b5d2115f9a763849abca7d014348a550d2a/oslosphinx-4.5.0.tar.gz" + https://pypi.python.org/packages/90/4f/74b730294de1db393e3e82211b5d2115f9a763849abca7d014348a550d2a/oslosphinx-4.5.0.tar.gz \ + https://pypi.python.org/packages/74/f0/386f7f73aa6628c1bef53874c5d453b556356d77732add69000aa53b353b/policy2tosca-1.0.tar.gz " diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/main.yml b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/main.yml index 9e97a29c..b049ee0b 100644 --- a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/main.yml +++ b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/main.yml @@ -157,7 +157,7 @@ os_users: tenant_description: "Service Tenant" - user: demo - password: "" + password: "{{ DEMO_PASS }}" email: heat@demo.com role: heat_stack_user tenant: demo diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 new file mode 100644 index 00000000..96472779 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 @@ -0,0 +1,16 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} +{% set work_threads = 10 %} +{% endif %} + +<VirtualHost {{ internal_ip }}:80> + WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi + WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads={{ work_threads }} + WSGIProcessGroup horizon + Alias /static {{ horizon_dir }}/static/ + Alias /horizon/static {{ horizon_dir }}/static/ + <Directory {{ horizon_dir }}/wsgi> + Order allow,deny + Allow from all + </Directory> +</VirtualHost> diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 new file mode 100644 index 00000000..55c89839 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -0,0 +1,50 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} +{% set work_threads = 10 %} +{% endif %} + +<VirtualHost {{ internal_ip }}:5000> + WSGIDaemonProcess keystone-public processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-public + WSGIScriptAlias / /usr/bin/keystone-wsgi-public + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> + +<VirtualHost {{ internal_ip }}:35357> + WSGIDaemonProcess keystone-admin processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-admin + WSGIScriptAlias / /usr/bin/keystone-wsgi-admin + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/vars/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/vars/main.yml index ac548a09..b4d3d7e0 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/vars/main.yml +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/vars/main.yml @@ -165,7 +165,7 @@ os_users: tenant_description: "Service Tenant" - user: demo - password: "" + password: "{{ DEMO_PASS }}" email: heat@demo.com role: heat_stack_user tenant: demo diff --git a/deploy/deploy_parameter.sh b/deploy/deploy_parameter.sh index d8696ce8..9c0d5dc0 100755 --- a/deploy/deploy_parameter.sh +++ b/deploy/deploy_parameter.sh @@ -111,3 +111,11 @@ function process_input_para() echo $input_file } + +function check_input_para() +{ + python ${COMPASS_DIR}/util/check_valid.py "$DHA" "$NETWORK" + if [ $? -ne 0 ];then + exit 1 + fi +} diff --git a/deploy/launch.sh b/deploy/launch.sh index fe16dd5b..348d11e2 100755 --- a/deploy/launch.sh +++ b/deploy/launch.sh @@ -19,6 +19,7 @@ prepare_python_env source ${COMPASS_DIR}/util/log.sh source ${COMPASS_DIR}/deploy/deploy_parameter.sh source $(process_input_para $*) || exit 1 +check_input_para source $(process_default_para $*) || exit 1 source ${COMPASS_DIR}/deploy/conf/${FLAVOR}.conf source ${COMPASS_DIR}/deploy/conf/${TYPE}.conf diff --git a/deploy/prepare.sh b/deploy/prepare.sh index ea1534ff..d326bd5b 100755 --- a/deploy/prepare.sh +++ b/deploy/prepare.sh @@ -95,7 +95,7 @@ function _prepare_python_env() { pip install --upgrade requests pip install --upgrade netaddr pip install --upgrade oslo.config - pip install --upgrade ansible + pip install --upgrade ansible==2.1.1.0 fi } diff --git a/util/check_valid.py b/util/check_valid.py new file mode 100644 index 00000000..87cd57ed --- /dev/null +++ b/util/check_valid.py @@ -0,0 +1,155 @@ +import re +import os +import yaml +import sys +import traceback + + +def load_file(file): + with open(file) as fd: + try: + return yaml.load(fd) + except: + traceback.print_exc() + return None + + +def err_print(info): + print '\033[0;31m%s\033[0m' % info + + +def is_valid_ip(ip): + """return True if the given string is a well-formed IP address + currently only support IPv4 + """ + if not ip: + return False + res = re.search( + "^(0?\d{1,2}|1\d\d|2[0-4]\d|25[0-5])(\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])){3}(\/(\d|[1-2]\d|3[0-2]))?$", + ip) is not None + return res + + +def is_valid_mac(mac): + """return True if the given string is a well-formed MAC address + """ + if not mac: + return False + res = re.search("^([a-zA-Z0-9]{2}:){5}[a-zA-Z0-9]{2}$", mac) is not None + return res + + +def check_network_file(network): + invalid = False + for i in network['ip_settings']: + if not is_valid_ip(i['cidr']): + err_print('''invalid address: + ip_settings: + - name: %s + cidr: %s''' % (i['name'], i['cidr'])) + invalid = True + if not is_valid_ip(i['ip_ranges'][0][0]): + err_print('''invalid address: + ip_settings: + - name: %s + ip_ranges: + - - %s''' % (i['name'], i['ip_ranges'][0][0])) + invalid = True + if not is_valid_ip(i['ip_ranges'][0][1]): + err_print('''invalid address: + ip_settings: + - name: %s + ip_ranges: + - %s''' % (i['name'], i['ip_ranges'][0][1])) + invalid = True + if i['name'] == 'external' and not is_valid_ip(i['gw']): + err_print(i['gw']) + err_print('''invalid address: + ip_settings: + - name: %s + gw: %s''' % (i['name'], i['gw'])) + invalid = True + + for i in network['public_net_info'].keys(): + if i in ('external_gw', 'floating_ip_cidr', + 'floating_ip_start', 'floating_ip_end'): + if not is_valid_ip(network['public_net_info'][i]): + err_print('''invalid address: + public_net_info: + %s: %s''' % (i, network['public_net_info'][i])) + invalid = True + + if not invalid: + return True + else: + return False + + +def check_dha_file(dha): + invalid = False + if dha['TYPE'] == 'baremetal': + for i in dha['hosts']: + if not is_valid_mac(i['mac']): + err_print('''invalid address: + hosts: + - name: %s + mac: %s''' % (i['name'], i['mac'])) + invalid = True + for j in i['interfaces']: + if not is_valid_mac(j.values()[0]): + err_print('''invalid address: + hosts: + - name: %s + interfaces: + - %s: %s''' % (i['name'], j.keys()[0], j.values()[0])) + invalid = True + if not is_valid_ip(i['ipmiIp']): + err_print('''invalid address: + hosts: + - name: %s + ipmiIp: %s''' % (i['name'], i['ipmiIp'])) + invalid = True + + if not invalid: + return True + else: + return False + +if __name__ == "__main__": + + has_invalid = False + + if len(sys.argv) != 3: + err_print('input file error') + sys.exit(1) + + _, dha_file, network_file = sys.argv + + if not os.path.exists(dha_file): + err_print("DHA file doesn't exit") + sys.exit(1) + else: + dha = load_file(dha_file) + if not dha: + err_print('format error in DHA: %s' % dha_file) + has_invalid = True + else: + if not check_dha_file(dha): + err_print('in DHA: %s' % dha_file) + has_invalid = True + + if not os.path.exists(network_file): + err_print("NETWORK file doesn't exit") + sys.exit(1) + else: + network = load_file(network_file) + if not network: + err_print('format error in NETWORK: %s' % network_file) + has_invalid = True + else: + if not check_network_file(network): + err_print('in NETWORK: %s' % network_file) + has_invalid = True + + if has_invalid: + sys.exit(1) |