diff options
author | Harry Huang <huangxiangyu5@huawei.com> | 2017-02-25 15:56:38 +0800 |
---|---|---|
committer | Harry Huang <huangxiangyu5@huawei.com> | 2017-02-25 15:56:57 +0800 |
commit | da008451297c461788d098f58da9419ed6fcb52c (patch) | |
tree | 214caf86a7bbccd7faf3c6d5f3f5f1255bc4d3b1 | |
parent | 420fbebbec6185e662818711bee7b23aec458100 (diff) |
Adjust juju bootstrap
1. use openstack default security group
2. change security group rules to allow all ports
access of both tcp and udp
3. bootstrap juju controller using floating ip and
default security group
Change-Id: I81c943105187fd8ffbde3f3d4e6d96ae24c07e53
Signed-off-by: Harry Huang <huangxiangyu5@huawei.com>
-rwxr-xr-x | command.sh | 65 | ||||
-rwxr-xr-x | juju/adapter.sh | 2 | ||||
-rwxr-xr-x | juju/juju_launch.sh | 60 | ||||
-rwxr-xr-x | juju/juju_setup.sh | 34 | ||||
-rwxr-xr-x | open-o/openo_vm.sh | 26 | ||||
-rwxr-xr-x | opera_launch.sh | 1 |
6 files changed, 122 insertions, 66 deletions
diff --git a/command.sh b/command.sh new file mode 100755 index 0000000..2f6b76c --- /dev/null +++ b/command.sh @@ -0,0 +1,65 @@ +#!/bin/bash +############################################################################## +# Copyright (c) 2016-2017 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +function exec_cmd_on_openo() +{ + local rsa_file=${OPENO_VM_DIR}/boot.rsa + local ssh_args="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $rsa_file" + + if [ ! -f $rsa_file ]; then + log_error "open-o vm boot.rsa not found" + exit 1 + fi + + if [ ! $OPENO_VM_IP ]; then + log_error "open-o vm ip not found" + exit 1 + fi + ssh $ssh_args root@$OPENO_VM_IP "$@" +} + +function scp_to_openo() +{ + local rsa_file=${OPENO_VM_DIR}/boot.rsa + local ssh_args="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $rsa_file" + + if [ ! -f $rsa_file ]; then + log_error "open-o vm boot.rsa not found" + exit 1 + fi + + if [ ! $OPENO_VM_IP ]; then + log_error "open-o vm ip not found" + exit 1 + fi + scp $ssh_args $1 root@$OPENO_VM_IP:$2 +} + +function exec_cmd_on_client() +{ + local ssh_args="-o StrictHostKeyChecking=no" + + if [ ! $floating_ip_client ]; then + log_error "juju-client ip not found" + exit 1 + fi + ssh $ssh_options ubuntu@$floating_ip_client "$@" +} + +function exec_cmd_on_metadata() +{ + local ssh_args="-o StrictHostKeyChecking=no" + + if [ ! $floating_ip_metadata ]; then + log_error "juju-metadata ip not found" + exit 1 + fi + ssh $ssh_options ubuntu@$floating_ip_metadata "$@" +} diff --git a/juju/adapter.sh b/juju/adapter.sh index 2f1d8f7..2bf9e2b 100755 --- a/juju/adapter.sh +++ b/juju/adapter.sh @@ -20,7 +20,7 @@ function generate_compass_openrc() echo -e "export OS_PASSWORD=console \n\ export OS_PROJECT_NAME=admin \n\ -export OS_AUTH_URL=http://$PUBLIC_VIP:35357/v2.0 \n\ +export OS_AUTH_URL=http://$PUBLIC_VIP:5000/v2.0 \n\ export OS_USERNAME=admin \n\ export OS_VOLUME_API_VERSION=2 \n\ export OS_REGION_NAME=RegionOne " > $WORK_DIR/admin-openrc.sh diff --git a/juju/juju_launch.sh b/juju/juju_launch.sh index b87c360..558fa5d 100755 --- a/juju/juju_launch.sh +++ b/juju/juju_launch.sh @@ -8,15 +8,13 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## -ssh_options="-o StrictHostKeyChecking=no" - function launch_juju_vm() { - NET_ID=$(neutron net-list | grep juju-net | awk '{print $2}') + local NET_ID=$(neutron net-list | grep juju-net | awk '{print $2}') if [[ ! $(nova list | grep juju-client-vm) ]]; then - nova boot --flavor m1.small --image Xenial_x86_64 --nic net-id=$NET_ID \ - --key-name jump-key --security-group juju-default juju-client-vm + nova boot --flavor m1.small --image xenial_x86_64 --nic net-id=$NET_ID \ + --key-name jump-key --security-group default juju-client-vm if [ $? -ne 0 ]; then log_error "boot juju-client-vm fail" exit 1 @@ -24,19 +22,19 @@ function launch_juju_vm() fi if [[ ! $(nova list | grep juju-metadata-vm) ]]; then - nova boot --flavor m1.small --image Xenial_x86_64 --nic net-id=$NET_ID \ - --key-name jump-key --security-group juju-default juju-metadata-vm + nova boot --flavor m1.small --image xenial_x86_64 --nic net-id=$NET_ID \ + --key-name jump-key --security-group default juju-metadata-vm if [ $? -ne 0 ]; then log_error "boot juju-metadata-vm fail" exit 1 fi fi - count=300 + local count=300 set +x while - state1=$(nova list | grep juju-client-vm | awk '{print $6}') - state2=$(nova list | grep juju-metadata-vm | awk '{print $6}') + local state1=$(nova list | grep juju-client-vm | awk '{print $6}') + local state2=$(nova list | grep juju-metadata-vm | awk '{print $6}') if [[ $state1 == "ERROR" || $state2 == "ERROR" || $count == 0 ]]; then log_error "launch juju vm error" exit 1 @@ -67,23 +65,13 @@ function launch_juju_vm() export floating_ip_metadata=$floating_ip_metadata } -function exec_cmd_on_client() -{ - ssh $ssh_options ubuntu@$floating_ip_client "$@" -} - -function exec_cmd_on_metadata() -{ - ssh $ssh_options ubuntu@$floating_ip_metadata "$@" -} - function juju_metadata_prepare() { - cmd="sudo apt update -y; \ + local cmd="sudo apt update -y; \ sudo apt-get install nginx -y" exec_cmd_on_metadata $cmd - if [ ! $(exec_cmd_on_metadata sudo ps -aux | grep nginx) ]; then + if [[ ! $(exec_cmd_on_metadata sudo ps -aux | grep nginx) ]]; then log_error "juju-metadata nginx error" exit 1 fi @@ -91,7 +79,7 @@ function juju_metadata_prepare() function juju_client_prepare() { - cmd1="sudo add-apt-repository ppa:juju/stable; \ + local cmd1="sudo add-apt-repository ppa:juju/stable; \ sudo apt update -y; \ sudo apt install juju zfsutils-linux -y" exec_cmd_on_client $cmd1 @@ -104,7 +92,7 @@ function juju_client_prepare() $OS_REGION_NAME: endpoint: $OS_AUTH_URL' > clouds.yaml" - cmd2="juju add-cloud openstack clouds.yaml --replace" + local cmd2="juju add-cloud openstack clouds.yaml --replace" exec_cmd_on_client $cmd2 if [[ ! $(exec_cmd_on_client "juju list-clouds | grep openstack") ]]; then @@ -112,11 +100,11 @@ function juju_client_prepare() exit 1 fi - cmd3='ssh-keygen -q -t rsa -f /home/ubuntu/.ssh/id_rsa -N ""' + local cmd3='ssh-keygen -q -t rsa -f /home/ubuntu/.ssh/id_rsa -N ""' exec_cmd_on_client $cmd3 - client_key=`exec_cmd_on_client sudo cat /home/ubuntu/.ssh/id_rsa.pub` - cmd4="echo $client_key >> /home/ubuntu/.ssh/authorized_keys" + local client_key=`exec_cmd_on_client sudo cat /home/ubuntu/.ssh/id_rsa.pub` + local cmd4="echo $client_key >> /home/ubuntu/.ssh/authorized_keys" exec_cmd_on_metadata $cmd4 exec_cmd_on_client "echo 'credentials: @@ -127,9 +115,8 @@ function juju_client_prepare() tenant-name: $OS_PROJECT_NAME username: $OS_USERNAME' > os-creds.yaml" - # credential uses keystone url V3 - cmd3="juju add-credential openstack -f os-creds.yaml --replace" - exec_cmd_on_client $cmd3 + local cmd5="juju add-credential openstack -f os-creds.yaml --replace" + exec_cmd_on_client $cmd5 } function juju_generate_metadata() @@ -144,13 +131,13 @@ function juju_generate_metadata() exec_cmd_on_client $cmd done - cmd1="juju metadata generate-tools -d mt" + local cmd1="juju metadata generate-tools -d mt" exec_cmd_on_client $cmd1 - cmd2="rsync -e 'ssh $ssh_options' -av mt ubuntu@$floating_ip_metadata:~/" + local cmd2="rsync -e 'ssh -o StrictHostKeyChecking=no' -av mt ubuntu@$floating_ip_metadata:~/" exec_cmd_on_client $cmd2 - cmd3="sudo cp -a mt/tools/ /var/www/html; \ + local cmd3="sudo cp -a mt/tools/ /var/www/html; \ sudo cp -a mt/images/ /var/www/html; \ sudo chmod a+rx /var/www/html/ -R" exec_cmd_on_metadata $cmd3 @@ -164,11 +151,14 @@ function juju_generate_metadata() function bootstrap_juju_controller() { - cmd="juju bootstrap openstack openstack \ + local cmd="juju bootstrap openstack openstack \ --config image-metadata-url=http://$floating_ip_metadata/images \ - --config network=juju-net \ + --config network=juju-net --config use-floating-ip=True \ + --config use-default-secgroup=True \ + --constraints 'mem=4G root-disk=40G' \ --verbose --debug" exec_cmd_on_client $cmd + } function launch_juju() diff --git a/juju/juju_setup.sh b/juju/juju_setup.sh index dc8e99b..30df1b2 100755 --- a/juju/juju_setup.sh +++ b/juju/juju_setup.sh @@ -58,29 +58,35 @@ function juju_prepare() neutron router-gateway-set juju-router ext-net fi - if [[ ! $(neutron security-group-rule-list | grep "juju-default") ]]; then - neutron security-group-create juju-default --description "juju default security group" - fi + local default_secgroup_id=$(nova secgroup-list | grep "Default security group" | awk '{print $2}') - if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "icmp") ]]; then + if [[ ! $(neutron security-group-rule-list | grep default | grep "icmp") ]]; then neutron security-group-rule-create --direction ingress --protocol icmp \ - --remote-ip-prefix 0.0.0.0/0 juju-default + --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id fi - if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "22/tcp") ]]; then + if [[ ! $(neutron security-group-rule-list | grep default | grep "tcp") ]]; then neutron security-group-rule-create --direction ingress --protocol tcp \ - --port_range_min 22 --port_range_max 22 \ - --remote-ip-prefix 0.0.0.0/0 juju-default + --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id fi - if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "80/tcp") ]]; then - neutron security-group-rule-create --direction ingress --protocol tcp \ - --port_range_min 80 --port_range_max 80 \ - --remote-ip-prefix 0.0.0.0/0 juju-default + if [[ ! $(neutron security-group-rule-list | grep default | grep "tcp") ]]; then + neutron security-group-rule-create --direction egress --protocol tcp \ + --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id + fi + + if [[ ! $(neutron security-group-rule-list | grep default | grep "udp") ]]; then + neutron security-group-rule-create --direction ingress --protocol udp \ + --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id + fi + + if [[ ! $(neutron security-group-rule-list | grep default | grep "udp") ]]; then + neutron security-group-rule-create --direction egress --protocol udp \ + --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id fi - if [ ! -f ~/.ssh/id_rsa.pub ]; then - ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N "" + if [ ! -f /root/.ssh/id_rsa.pub ]; then + ssh-keygen -q -t rsa -f /root/.ssh/id_rsa -N "" fi openstack keypair list | grep jump-key || openstack keypair create --public-key ~/.ssh/id_rsa.pub jump-key diff --git a/open-o/openo_vm.sh b/open-o/openo_vm.sh index dc227e2..fdce33a 100755 --- a/open-o/openo_vm.sh +++ b/open-o/openo_vm.sh @@ -8,10 +8,8 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## set -ex -OPENO_VM_DIR=${WORK_DIR}/openo_vm OPENO_VM_ISO=${OPENO_VM_ISO_URL##*/} -rsa_file=${OPENO_VM_DIR}/boot.rsa -ssh_args="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $rsa_file" +OPENO_VM_DIR=${WORK_DIR}/openo_vm function openo_download_iso() { @@ -70,18 +68,13 @@ function openo_docker_prepare() -e "s/GSO_GUI_PORTAL_IP/$GSO_GUI_PORTAL_IP/g" \ ${OPENO_VM_DIR}/openo_docker.sh - scp $ssh_args ${OPENO_VM_DIR}/openo_docker.sh root@${OPENO_VM_IP}:/home -} - -function exec_cmd_on_openo() -{ - ssh $ssh_args root@$OPENO_VM_IP "$@" + scp_to_openo ${OPENO_VM_DIR}/openo_docker.sh /home } function launch_openo_docker() { openo_docker_prepare - cmd="/home/openo_docker.sh" + local cmd="/home/openo_docker.sh" exec_cmd_on_openo $cmd } @@ -103,18 +96,18 @@ function wait_openo_ok() set +x log_info "wait_openo_ok enter" ssh-keygen -f "/root/.ssh/known_hosts" -R $OPENO_VM_IP >/dev/null 2>&1 - retry=0 - until timeout 1s ssh $ssh_args root@$OPENO_VM_IP "exit" >/dev/null 2>&1 + local retry=0 + until timeout 1s exec_cmd_on_openo "exit" >/dev/null 2>&1 do log_progress "os install time used: $((retry*100/$1))%" sleep 1 let retry+=1 if [[ $retry -ge $1 ]];then # first try - ssh $ssh_args root@$OPENO_VM_IP "exit" + exec_cmd_on_openo "exit" # second try - ssh $ssh_args root@$OPENO_VM_IP "exit" - exit_status=$? + exec_cmd_on_openo "exit" + local exit_status=$? if [[ $exit_status == 0 ]]; then log_warn "final ssh login open-o success !!!" break @@ -136,6 +129,7 @@ function launch_openo_vm() { local new_mnt=${OPENO_VM_DIR}/new local old_iso=${WORK_DIR}/iso/${OPENO_VM_ISO} local new_iso=${OPENO_VM_DIR}/centos.iso + local rsa_file=${OPENO_VM_DIR}/boot.rsa sudo virsh net-destroy external sudo virsh net-undefine external @@ -189,7 +183,7 @@ function launch_openo_vm() { sudo virsh define ${OPENO_VM_DIR}/open-o.xml sudo virsh start open-o - exit_status=$? + local exit_status=$? if [ $exit_status != 0 ];then log_error "virsh start open-o failed" exit 1 diff --git a/opera_launch.sh b/opera_launch.sh index ae86dee..001d7d1 100755 --- a/opera_launch.sh +++ b/opera_launch.sh @@ -24,6 +24,7 @@ source ${WORK_DIR}/scripts/network.conf source ${UTIL_DIR}/log.sh source ${OPENO_DIR}/openo_vm.sh +source ${OPERA_DIR}/command.sh source ${JUJU_DIR}/adapter.sh source ${JUJU_DIR}/juju_setup.sh source ${JUJU_DIR}/juju_launch.sh |