diff options
| -rw-r--r-- | build/build.conf | 3 | ||||
| -rw-r--r-- | deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/main.yml | 2 | ||||
| -rw-r--r-- | deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 | 16 | ||||
| -rw-r--r-- | deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 | 50 | ||||
| -rw-r--r-- | deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/vars/main.yml | 2 | ||||
| -rw-r--r-- | deploy/adapters/ansible/roles/dashboard/tasks/main.yml | 2 | ||||
| -rwxr-xr-x | deploy/compass_vm.sh | 23 | ||||
| -rw-r--r-- | deploy/conf/base.conf | 1 | ||||
| -rwxr-xr-x | deploy/deploy_parameter.sh | 8 | ||||
| -rwxr-xr-x | deploy/launch.sh | 5 | ||||
| -rwxr-xr-x | deploy/prepare.sh | 2 | ||||
| -rw-r--r-- | util/check_valid.py | 155 |
12 files changed, 264 insertions, 5 deletions
diff --git a/build/build.conf b/build/build.conf index c6e0f7a1..15e2e1df 100644 --- a/build/build.conf +++ b/build/build.conf @@ -112,5 +112,6 @@ export SPECIAL_PIP_PACKAGE="https://bootstrap.pypa.io/ez_setup.py \ https://pypi.python.org/packages/source/p/python-dateutil/python-dateutil-2.4.2.tar.gz " export PIP_PACKAGE="https://pypi.python.org/packages/0d/af/8ccfb73834a6ddf9d57ecac61466557b7ca0722620bbb16d2d069ce312db/networking-odl-2.0.0.tar.gz \ - https://pypi.python.org/packages/90/4f/74b730294de1db393e3e82211b5d2115f9a763849abca7d014348a550d2a/oslosphinx-4.5.0.tar.gz" + https://pypi.python.org/packages/90/4f/74b730294de1db393e3e82211b5d2115f9a763849abca7d014348a550d2a/oslosphinx-4.5.0.tar.gz \ + https://pypi.python.org/packages/74/f0/386f7f73aa6628c1bef53874c5d453b556356d77732add69000aa53b353b/policy2tosca-1.0.tar.gz " diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/main.yml b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/main.yml index 9e97a29c..b049ee0b 100644 --- a/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/main.yml +++ b/deploy/adapters/ansible/openstack_mitaka/roles/keystone/vars/main.yml @@ -157,7 +157,7 @@ os_users: tenant_description: "Service Tenant" - user: demo - password: "" + password: "{{ DEMO_PASS }}" email: heat@demo.com role: heat_stack_user tenant: demo diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 new file mode 100644 index 00000000..96472779 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/dashboard/templates/openstack-dashboard.conf.j2 @@ -0,0 +1,16 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} +{% set work_threads = 10 %} +{% endif %} + +<VirtualHost {{ internal_ip }}:80> + WSGIScriptAlias /horizon {{ horizon_dir }}/wsgi/django.wsgi + WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads={{ work_threads }} + WSGIProcessGroup horizon + Alias /static {{ horizon_dir }}/static/ + Alias /horizon/static {{ horizon_dir }}/static/ + <Directory {{ horizon_dir }}/wsgi> + Order allow,deny + Allow from all + </Directory> +</VirtualHost> diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 new file mode 100644 index 00000000..55c89839 --- /dev/null +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -0,0 +1,50 @@ +{% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +{% if work_threads > 10 %} +{% set work_threads = 10 %} +{% endif %} + +<VirtualHost {{ internal_ip }}:5000> + WSGIDaemonProcess keystone-public processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-public + WSGIScriptAlias / /usr/bin/keystone-wsgi-public + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> + +<VirtualHost {{ internal_ip }}:35357> + WSGIDaemonProcess keystone-admin processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-admin + WSGIScriptAlias / /usr/bin/keystone-wsgi-admin + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/{{ http_service_name }}/keystone.log + CustomLog /var/log/{{ http_service_name }}/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/vars/main.yml b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/vars/main.yml index ac548a09..b4d3d7e0 100644 --- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/vars/main.yml +++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/keystone/vars/main.yml @@ -165,7 +165,7 @@ os_users: tenant_description: "Service Tenant" - user: demo - password: "" + password: "{{ DEMO_PASS }}" email: heat@demo.com role: heat_stack_user tenant: demo diff --git a/deploy/adapters/ansible/roles/dashboard/tasks/main.yml b/deploy/adapters/ansible/roles/dashboard/tasks/main.yml index da6990c4..229e3cfe 100644 --- a/deploy/adapters/ansible/roles/dashboard/tasks/main.yml +++ b/deploy/adapters/ansible/roles/dashboard/tasks/main.yml @@ -28,7 +28,7 @@ - name: remove ubuntu theme action: "{{ ansible_pkg_mgr }} name=openstack-dashboard-ubuntu-theme state=absent" - when: ansible_os_family == 'Debian' + when: ansible_os_family == 'Debian' and not enable_ubuntu_theme notify: - restart dashboard services diff --git a/deploy/compass_vm.sh b/deploy/compass_vm.sh index 0c213e31..63c1998b 100755 --- a/deploy/compass_vm.sh +++ b/deploy/compass_vm.sh @@ -48,6 +48,29 @@ function install_compass() { fi } +function exec_cmd_on_compass() { + ssh $ssh_args root@$MGMT_IP "$@" +} + +function _inject_dashboard_conf() { + if [[ "$ENABLE_UBUNTU_THEME" == "true" ]]; then + cmd=" + sed -i '/enable_ubuntu_theme/d' /etc/compass/templates/ansible_installer/openstack_mitaka/vars/HA-ansible-multinodes.tmpl; \ + echo enable_ubuntu_theme: True >> /etc/compass/templates/ansible_installer/openstack_mitaka/vars/HA-ansible-multinodes.tmpl + " + else + cmd=" + sed -i '/enable_ubuntu_theme/d' /etc/compass/templates/ansible_installer/openstack_mitaka/vars/HA-ansible-multinodes.tmpl; \ + echo enable_ubuntu_theme: False >> /etc/compass/templates/ansible_installer/openstack_mitaka/vars/HA-ansible-multinodes.tmpl + " + fi + exec_cmd_on_compass $cmd +} + +function inject_compass_conf() { + _inject_dashboard_conf +} + function wait_ok() { set +x log_info "wait_compass_ok enter" diff --git a/deploy/conf/base.conf b/deploy/conf/base.conf index 24eb703d..6926b581 100644 --- a/deploy/conf/base.conf +++ b/deploy/conf/base.conf @@ -24,6 +24,7 @@ export DASHBOARD_URL="" export ENABLE_SECGROUP=${ENABLE_SECGROUP:-"true"} export ENABLE_VPNAAS="false" export ENABLE_FWAAS="false" +export ENABLE_UBUNTU_THEME=${ENABLE_UBUNTU_THEME:-"true"} function next_ip { ip_addr=$1 diff --git a/deploy/deploy_parameter.sh b/deploy/deploy_parameter.sh index d8696ce8..9c0d5dc0 100755 --- a/deploy/deploy_parameter.sh +++ b/deploy/deploy_parameter.sh @@ -111,3 +111,11 @@ function process_input_para() echo $input_file } + +function check_input_para() +{ + python ${COMPASS_DIR}/util/check_valid.py "$DHA" "$NETWORK" + if [ $? -ne 0 ];then + exit 1 + fi +} diff --git a/deploy/launch.sh b/deploy/launch.sh index 488e0fd7..348d11e2 100755 --- a/deploy/launch.sh +++ b/deploy/launch.sh @@ -19,6 +19,7 @@ prepare_python_env source ${COMPASS_DIR}/util/log.sh source ${COMPASS_DIR}/deploy/deploy_parameter.sh source $(process_input_para $*) || exit 1 +check_input_para source $(process_default_para $*) || exit 1 source ${COMPASS_DIR}/deploy/conf/${FLAVOR}.conf source ${COMPASS_DIR}/deploy/conf/${TYPE}.conf @@ -67,6 +68,10 @@ if [[ -z "$REDEPLOY_HOST" || "$REDEPLOY_HOST" == "false" ]]; then if ! set_compass_machine; then log_error "set_compass_machine fail" fi + + # FIXME: refactor compass adapter and conf code, instead of doing + # hack conf injection. + inject_compass_conf fi if [[ "$DEPLOY_HOST" == "true" || $REDEPLOY_HOST == "true" ]]; then diff --git a/deploy/prepare.sh b/deploy/prepare.sh index ea1534ff..d326bd5b 100755 --- a/deploy/prepare.sh +++ b/deploy/prepare.sh @@ -95,7 +95,7 @@ function _prepare_python_env() { pip install --upgrade requests pip install --upgrade netaddr pip install --upgrade oslo.config - pip install --upgrade ansible + pip install --upgrade ansible==2.1.1.0 fi } diff --git a/util/check_valid.py b/util/check_valid.py new file mode 100644 index 00000000..87cd57ed --- /dev/null +++ b/util/check_valid.py @@ -0,0 +1,155 @@ +import re +import os +import yaml +import sys +import traceback + + +def load_file(file): + with open(file) as fd: + try: + return yaml.load(fd) + except: + traceback.print_exc() + return None + + +def err_print(info): + print '\033[0;31m%s\033[0m' % info + + +def is_valid_ip(ip): + """return True if the given string is a well-formed IP address + currently only support IPv4 + """ + if not ip: + return False + res = re.search( + "^(0?\d{1,2}|1\d\d|2[0-4]\d|25[0-5])(\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])){3}(\/(\d|[1-2]\d|3[0-2]))?$", + ip) is not None + return res + + +def is_valid_mac(mac): + """return True if the given string is a well-formed MAC address + """ + if not mac: + return False + res = re.search("^([a-zA-Z0-9]{2}:){5}[a-zA-Z0-9]{2}$", mac) is not None + return res + + +def check_network_file(network): + invalid = False + for i in network['ip_settings']: + if not is_valid_ip(i['cidr']): + err_print('''invalid address: + ip_settings: + - name: %s + cidr: %s''' % (i['name'], i['cidr'])) + invalid = True + if not is_valid_ip(i['ip_ranges'][0][0]): + err_print('''invalid address: + ip_settings: + - name: %s + ip_ranges: + - - %s''' % (i['name'], i['ip_ranges'][0][0])) + invalid = True + if not is_valid_ip(i['ip_ranges'][0][1]): + err_print('''invalid address: + ip_settings: + - name: %s + ip_ranges: + - %s''' % (i['name'], i['ip_ranges'][0][1])) + invalid = True + if i['name'] == 'external' and not is_valid_ip(i['gw']): + err_print(i['gw']) + err_print('''invalid address: + ip_settings: + - name: %s + gw: %s''' % (i['name'], i['gw'])) + invalid = True + + for i in network['public_net_info'].keys(): + if i in ('external_gw', 'floating_ip_cidr', + 'floating_ip_start', 'floating_ip_end'): + if not is_valid_ip(network['public_net_info'][i]): + err_print('''invalid address: + public_net_info: + %s: %s''' % (i, network['public_net_info'][i])) + invalid = True + + if not invalid: + return True + else: + return False + + +def check_dha_file(dha): + invalid = False + if dha['TYPE'] == 'baremetal': + for i in dha['hosts']: + if not is_valid_mac(i['mac']): + err_print('''invalid address: + hosts: + - name: %s + mac: %s''' % (i['name'], i['mac'])) + invalid = True + for j in i['interfaces']: + if not is_valid_mac(j.values()[0]): + err_print('''invalid address: + hosts: + - name: %s + interfaces: + - %s: %s''' % (i['name'], j.keys()[0], j.values()[0])) + invalid = True + if not is_valid_ip(i['ipmiIp']): + err_print('''invalid address: + hosts: + - name: %s + ipmiIp: %s''' % (i['name'], i['ipmiIp'])) + invalid = True + + if not invalid: + return True + else: + return False + +if __name__ == "__main__": + + has_invalid = False + + if len(sys.argv) != 3: + err_print('input file error') + sys.exit(1) + + _, dha_file, network_file = sys.argv + + if not os.path.exists(dha_file): + err_print("DHA file doesn't exit") + sys.exit(1) + else: + dha = load_file(dha_file) + if not dha: + err_print('format error in DHA: %s' % dha_file) + has_invalid = True + else: + if not check_dha_file(dha): + err_print('in DHA: %s' % dha_file) + has_invalid = True + + if not os.path.exists(network_file): + err_print("NETWORK file doesn't exit") + sys.exit(1) + else: + network = load_file(network_file) + if not network: + err_print('format error in NETWORK: %s' % network_file) + has_invalid = True + else: + if not check_network_file(network): + err_print('in NETWORK: %s' % network_file) + has_invalid = True + + if has_invalid: + sys.exit(1) |