aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml6
-rw-r--r--deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml3
-rw-r--r--deploy/adapters/ansible/roles/cinder-volume/files/create_img.sh2
-rw-r--r--deploy/adapters/ansible/roles/cinder-volume/files/get_var_size.sh2
-rw-r--r--deploy/adapters/ansible/roles/database/vars/RedHat.yml1
-rw-r--r--deploy/adapters/ansible/roles/glance/tasks/glance_config.yml4
-rw-r--r--deploy/adapters/ansible/roles/glance/tasks/glance_install.yml2
-rw-r--r--deploy/adapters/ansible/roles/glance/tasks/nfs.yml6
-rw-r--r--deploy/adapters/ansible/roles/glance/vars/Debian.yml1
-rw-r--r--deploy/adapters/ansible/roles/glance/vars/RedHat.yml4
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml3
-rw-r--r--deploy/adapters/ansible/roles/neutron-compute/vars/RedHat.yml1
-rwxr-xr-xdeploy/adapters/ansible/roles/odl_cluster/tasks/openvswitch.yml6
-rw-r--r--deploy/adapters/ansible/roles/secgroup/handlers/main.yml10
-rw-r--r--deploy/adapters/ansible/roles/secgroup/tasks/main.yml10
-rw-r--r--deploy/adapters/ansible/roles/secgroup/tasks/secgroup.yml27
-rw-r--r--deploy/adapters/ansible/roles/secgroup/templates/neutron.j24
-rw-r--r--deploy/adapters/ansible/roles/secgroup/templates/nova.j23
-rw-r--r--deploy/adapters/ansible/roles/secgroup/vars/Debian.yml27
-rw-r--r--deploy/adapters/ansible/roles/secgroup/vars/RedHat.yml27
-rw-r--r--deploy/adapters/ansible/roles/secgroup/vars/main.yml3
-rw-r--r--deploy/client.py13
-rw-r--r--deploy/conf/base.conf5
-rw-r--r--deploy/deploy_host.sh3
24 files changed, 154 insertions, 19 deletions
diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
index ac2f2a8d..d3cec000 100644
--- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
+++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
@@ -67,3 +67,9 @@
sudo: True
roles:
- monitor
+
+- hosts: all
+ remote_user: root
+ sudo: True
+ roles:
+ - secgroup
diff --git a/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml b/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml
index 69850846..85556a5a 100644
--- a/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml
+++ b/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml
@@ -3,6 +3,7 @@
template: src=cinder.conf dest=/etc/cinder/cinder.conf
- name: sync cinder db
- cinder_manage: action=dbsync
+ #cinder_manage: action=dbsync
+ shell: cinder-manage db sync
notify:
- restart cinder control serveice
diff --git a/deploy/adapters/ansible/roles/cinder-volume/files/create_img.sh b/deploy/adapters/ansible/roles/cinder-volume/files/create_img.sh
index b69db0ed..2e734188 100644
--- a/deploy/adapters/ansible/roles/cinder-volume/files/create_img.sh
+++ b/deploy/adapters/ansible/roles/cinder-volume/files/create_img.sh
@@ -1,3 +1,3 @@
if [[ ! -f /var/cinder.img ]]; then
- dd if=/dev/zero of=/var/cinder.img bs=1 count=1 seek=$1
+ dd if=/dev/zero of=/var/cinder.img bs=1 count=0 seek=$1
fi
diff --git a/deploy/adapters/ansible/roles/cinder-volume/files/get_var_size.sh b/deploy/adapters/ansible/roles/cinder-volume/files/get_var_size.sh
index 9670da12..55041c6e 100644
--- a/deploy/adapters/ansible/roles/cinder-volume/files/get_var_size.sh
+++ b/deploy/adapters/ansible/roles/cinder-volume/files/get_var_size.sh
@@ -2,5 +2,5 @@ size=`df /var | awk '$3 ~ /[0-9]+/ { print $4 }'`;
if [[ $size -gt 2000000000 ]]; then
echo -n 2000000000000;
else
- echo -n $((size * 1000));
+ echo -n $((size * 1000 / 512 * 512));
fi
diff --git a/deploy/adapters/ansible/roles/database/vars/RedHat.yml b/deploy/adapters/ansible/roles/database/vars/RedHat.yml
index 7213d7fa..a4171559 100644
--- a/deploy/adapters/ansible/roles/database/vars/RedHat.yml
+++ b/deploy/adapters/ansible/roles/database/vars/RedHat.yml
@@ -7,6 +7,7 @@ maridb_packages:
- MariaDB-Galera-server
- MariaDB-client
- galera
+ - MySQL-python
services: []
diff --git a/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml b/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml
index 548c2309..4cd71ffc 100644
--- a/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml
+++ b/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml
@@ -1,6 +1,8 @@
---
- name: sync glance db
- glance_manage: action=dbsync
+ #glance_manage: action=dbsync
+ shell: glance-manage db sync
+ ignore_errors: True
notify:
- restart glance services
diff --git a/deploy/adapters/ansible/roles/glance/tasks/glance_install.yml b/deploy/adapters/ansible/roles/glance/tasks/glance_install.yml
index 6d2b7053..1a34c6f5 100644
--- a/deploy/adapters/ansible/roles/glance/tasks/glance_install.yml
+++ b/deploy/adapters/ansible/roles/glance/tasks/glance_install.yml
@@ -13,8 +13,6 @@
with_items:
- glance-api.conf
- glance-registry.conf
- notify:
- - restart glance services
- name: remove default sqlite db
shell: rm /var/lib/glance/glance.sqlite || touch glance.sqllite.db.removed
diff --git a/deploy/adapters/ansible/roles/glance/tasks/nfs.yml b/deploy/adapters/ansible/roles/glance/tasks/nfs.yml
index dc1be977..ff96c64a 100644
--- a/deploy/adapters/ansible/roles/glance/tasks/nfs.yml
+++ b/deploy/adapters/ansible/roles/glance/tasks/nfs.yml
@@ -17,7 +17,7 @@
line="/opt/images *(rw,insecure,sync,all_squash)"
run_once: True
-- name: restart nfs service
+- name: restart compass nfs service
local_action: service name={{ item }} state=restarted enabled=yes
with_items:
- rpcbind
@@ -32,6 +32,10 @@
shell: awk -F'=' '/compass_server/ {print $2}' /etc/compass.conf
register: ip_info
+- name: restart host nfs service
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: '{{ nfs_services }}'
+
- name: mount image directory
shell: |
mount -t nfs -onfsvers=3 {{ ip_info.stdout_lines[0] }}:/opt/images /var/lib/glance/images
diff --git a/deploy/adapters/ansible/roles/glance/vars/Debian.yml b/deploy/adapters/ansible/roles/glance/vars/Debian.yml
index b295ff28..974ada23 100644
--- a/deploy/adapters/ansible/roles/glance/vars/Debian.yml
+++ b/deploy/adapters/ansible/roles/glance/vars/Debian.yml
@@ -6,6 +6,7 @@ packages:
nfs_packages:
- nfs-common
+nfs_services: []
services:
- glance-registry
- glance-api
diff --git a/deploy/adapters/ansible/roles/glance/vars/RedHat.yml b/deploy/adapters/ansible/roles/glance/vars/RedHat.yml
index e26b7034..bd80d21d 100644
--- a/deploy/adapters/ansible/roles/glance/vars/RedHat.yml
+++ b/deploy/adapters/ansible/roles/glance/vars/RedHat.yml
@@ -6,6 +6,10 @@ nfs_packages:
- nfs-utils
- rpcbind
+nfs_services:
+ - rpcbind
+ - rpc-statd
+
services:
- openstack-glance-api
- openstack-glance-registry
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
index f69a83cb..6c39da8d 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
@@ -1,6 +1,7 @@
---
- name: keystone-manage db-sync
- keystone_manage: action=dbsync
+ #keystone_manage: action=dbsync
+ shell: keystone-manage db_sync
- name: wait for keystone ready
wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }}
diff --git a/deploy/adapters/ansible/roles/neutron-compute/vars/RedHat.yml b/deploy/adapters/ansible/roles/neutron-compute/vars/RedHat.yml
index cf882150..386c4e53 100644
--- a/deploy/adapters/ansible/roles/neutron-compute/vars/RedHat.yml
+++ b/deploy/adapters/ansible/roles/neutron-compute/vars/RedHat.yml
@@ -1,5 +1,6 @@
---
packages:
+ - openstack-neutron
- openstack-neutron-ml2
- openstack-neutron-openvswitch
diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/openvswitch.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/openvswitch.yml
index f301cba2..e52b18ff 100755
--- a/deploy/adapters/ansible/roles/odl_cluster/tasks/openvswitch.yml
+++ b/deploy/adapters/ansible/roles/odl_cluster/tasks/openvswitch.yml
@@ -17,6 +17,12 @@
- name: shut down and disable Neutron's openvswitch agent services
service: name=neutron-plugin-openvswitch-agent state=stopped
+- name: Stop the Open vSwitch service and clear existing OVSDB
+ shell: >
+ ovs-vsctl del-br br-int ;
+ ovs-vsctl del-br br-tun ;
+ ovs-vsctl del-manager ;
+
#- name: remove Neutron's openvswitch agent services
# shell: >
# update-rc.d neutron-plugin-openvswitch-agent remove
diff --git a/deploy/adapters/ansible/roles/secgroup/handlers/main.yml b/deploy/adapters/ansible/roles/secgroup/handlers/main.yml
new file mode 100644
index 00000000..551258d2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/secgroup/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+- name: restart controller relation service
+ service: name={{ item }} state=restarted enabled=yes
+ ignore_errors: True
+ with_items: controller_services
+
+- name: restart compute relation service
+ service: name={{ item }} state=restarted enabled=yes
+ ignore_errors: True
+ with_items: compute_services
diff --git a/deploy/adapters/ansible/roles/secgroup/tasks/main.yml b/deploy/adapters/ansible/roles/secgroup/tasks/main.yml
new file mode 100644
index 00000000..c26af4b0
--- /dev/null
+++ b/deploy/adapters/ansible/roles/secgroup/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+ tags: secgroup
+
+- debug: msg={{ enable_secgroup }}
+ tags: secgroup
+
+- include: secgroup.yml
+ when: '{{ enable_secgroup }} == False'
+ tags: secgroup
diff --git a/deploy/adapters/ansible/roles/secgroup/tasks/secgroup.yml b/deploy/adapters/ansible/roles/secgroup/tasks/secgroup.yml
new file mode 100644
index 00000000..f2a6c0ab
--- /dev/null
+++ b/deploy/adapters/ansible/roles/secgroup/tasks/secgroup.yml
@@ -0,0 +1,27 @@
+---
+- name: make sure template dir exits
+ file: path=/opt/os_templates state=directory mode=0755
+ tags: secgroup
+
+- name: copy configs
+ template: src={{ item.src}} dest=/opt/os_templates
+ with_items: "{{ configs_templates }}"
+ tags: secgroup
+
+- name: update controller configs
+ shell: '[ -f {{ item.1 }} ] && crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }} || /bin/true'
+ tags: secgroup
+ with_subelements:
+ - configs_templates
+ - dest
+ notify: restart controller relation service
+ when: inventory_hostname in "{{ groups['controller'] }}"
+
+- name: update compute configs
+ shell: '[ -f {{ item.1 }} ] && crudini --merge {{ item.1 }} < /opt/os_templates/{{ item.0.src }} || /bin/true'
+ tags: secgroup
+ with_subelements:
+ - configs_templates
+ - dest
+ notify: restart compute relation service
+ when: inventory_hostname in "{{ groups['compute'] }}"
diff --git a/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2 b/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2
new file mode 100644
index 00000000..7b39e18c
--- /dev/null
+++ b/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2
@@ -0,0 +1,4 @@
+[securitygroup]
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+enable_security_group = False
+
diff --git a/deploy/adapters/ansible/roles/secgroup/templates/nova.j2 b/deploy/adapters/ansible/roles/secgroup/templates/nova.j2
new file mode 100644
index 00000000..91fa6cd2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/secgroup/templates/nova.j2
@@ -0,0 +1,3 @@
+[DEFAULT]
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+security_group_api = nova
diff --git a/deploy/adapters/ansible/roles/secgroup/vars/Debian.yml b/deploy/adapters/ansible/roles/secgroup/vars/Debian.yml
new file mode 100644
index 00000000..85025bf5
--- /dev/null
+++ b/deploy/adapters/ansible/roles/secgroup/vars/Debian.yml
@@ -0,0 +1,27 @@
+---
+configs_templates:
+ - src: nova.j2
+ dest:
+ - /etc/nova/nova.conf
+ - src: neutron.j2
+ dest:
+ - /etc/neutron/plugins/ml2/ml2_conf.ini
+ - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+ - /etc/neutron/plugins/ml2/restproxy.ini
+
+controller_services:
+ - nova-api
+ - nova-cert
+ - nova-conductor
+ - nova-consoleauth
+ - nova-novncproxy
+ - nova-scheduler
+ - neutron-server
+ - neutron-plugin-openvswitch-agent
+ - neutron-l3-agent
+ - neutron-dhcp-agent
+ - neutron-metadata-agent
+
+compute_services:
+ - nova-compute
+ - neutron-plugin-openvswitch-agent
diff --git a/deploy/adapters/ansible/roles/secgroup/vars/RedHat.yml b/deploy/adapters/ansible/roles/secgroup/vars/RedHat.yml
new file mode 100644
index 00000000..533bbe9d
--- /dev/null
+++ b/deploy/adapters/ansible/roles/secgroup/vars/RedHat.yml
@@ -0,0 +1,27 @@
+---
+configs_templates:
+ - src: nova.j2
+ dest:
+ - /etc/nova/nova.conf
+ - src: neutron.j2
+ dest:
+ - /etc/neutron/plugins/ml2/ml2_conf.ini
+ - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+ - /etc/neutron/plugins/ml2/restproxy.ini
+
+controller_services:
+ - openstack-nova-api
+ - openstack-nova-cert
+ - openstack-nova-conductor
+ - openstack-nova-consoleauth
+ - openstack-nova-novncproxy
+ - openstack-nova-scheduler
+ - neutron-openvswitch-agent
+ - neutron-l3-agent
+ - neutron-dhcp-agent
+ - neutron-metadata-agent
+ - neutron-server
+
+compute_services:
+ - openstack-nova-compute
+ - neutron-openvswitch-agent
diff --git a/deploy/adapters/ansible/roles/secgroup/vars/main.yml b/deploy/adapters/ansible/roles/secgroup/vars/main.yml
new file mode 100644
index 00000000..bb87da65
--- /dev/null
+++ b/deploy/adapters/ansible/roles/secgroup/vars/main.yml
@@ -0,0 +1,3 @@
+---
+packages_noarch: []
+metering_secret: 1c5df72079b31fb47747
diff --git a/deploy/client.py b/deploy/client.py
index 84041af5..b69b8acc 100644
--- a/deploy/client.py
+++ b/deploy/client.py
@@ -201,6 +201,9 @@ opts = [
cfg.StrOpt('cluster_vip',
help='cluster ip address',
default=''),
+ cfg.StrOpt('enable_secgroup',
+ help='enable security group',
+ default='true'),
cfg.StrOpt('network_cfg',
help='netowrk config file',
default=''),
@@ -695,17 +698,11 @@ class CompassClient(object):
)
"""
package_config['ha_proxy'] = {}
-
- #TODO, we need two vip
- if CONF.cluster_pub_vip:
- package_config["ha_proxy"]["pub_vip"] = CONF.cluster_pub_vip
-
- if CONF.cluster_prv_vip:
- package_config["ha_proxy"]["prv_vip"] = CONF.cluster_prv_vip
-
if CONF.cluster_vip:
package_config["ha_proxy"]["vip"] = CONF.cluster_vip
+ package_config['enable_secgroup'] = (CONF.enable_secgroup == "true")
+
status, resp = self.client.update_cluster_config(
cluster_id, package_config=package_config)
LOG.info(
diff --git a/deploy/conf/base.conf b/deploy/conf/base.conf
index d3d535dc..a77fa9b2 100644
--- a/deploy/conf/base.conf
+++ b/deploy/conf/base.conf
@@ -5,8 +5,8 @@ export INSTALL_GW=${INSTALL_GW:-10.1.0.1}
export INSTALL_IP_START=${INSTALL_IP_START:-10.1.0.1}
export INSTALL_IP_END=${INSTALL_IP_END:-10.1.0.254}
export MGMT_IP=${MGMT_IP:-192.168.200.2}
-export MGMT_MASK=${MAGMT_MASK:-255.255.252.0}
-export MGMT_GW=${MAGMT_GW:-192.168.200.1}
+export MGMT_MASK=${MGMT_MASK:-255.255.252.0}
+export MGMT_GW=${MGMT_GW:-192.168.200.1}
export MGMT_IP_START=${MGMT_IP_START:-192.168.200.3}
export MGMT_IP_END=${MGMT_IP_END:-192.168.200.254}
export EXTERNAL_NIC=${EXTERNAL_NIC:-eth0}
@@ -18,6 +18,7 @@ export SUBNETS="10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24"
export MANAGEMENT_IP_START=${MANAGEMENT_IP_START:-'10.1.0.50'}
export MANAGEMENT_INTERFACE=${MANAGEMENT_INTERFACE:-eth0}
export DASHBOARD_URL=""
+export ENABLE_SECGROUP="false"
function next_ip {
ip_addr=$1
diff --git a/deploy/deploy_host.sh b/deploy/deploy_host.sh
index 02a53cd5..e708bc28 100644
--- a/deploy/deploy_host.sh
+++ b/deploy/deploy_host.sh
@@ -22,6 +22,7 @@ function deploy_host(){
--host_roles="${HOST_ROLES}" --default_roles="${DEFAULT_ROLES}" --switch_ips="${SWITCH_IPS}" \
--machines=${machines//\'} --switch_credential="${SWITCH_CREDENTIAL}" --deploy_type="${TYPE}" \
--deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}" \
- --cluster_vip="${VIP}" --network_cfg="$NETWORK" --neutron_cfg="$NEUTRON"
+ --cluster_vip="${VIP}" --network_cfg="$NETWORK" --neutron_cfg="$NEUTRON" \
+ --enable_secgroup="${ENABLE_SECGROUP}"
}