Merge "Finish configuring ceilometer authentication"
diff --git a/README.md b/README.md
index 872b16b..9310758 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,15 @@
You can override environment variables used in `stack.sh` by creating file name `localrc`. It is likely that you will need to do this to tweak your networking configuration should you need to access your cloud from a different host.
+# Database Backend
+
+Multiple database backends are available. The available databases are defined in the lib/databases directory.
+To choose a database backend, add a line to your `localrc` like:
+
+ use_database postgresql
+
+By default, the mysql database backend is used.
+
# RPC Backend
Multiple RPC backends are available. Currently, this
diff --git a/exercises/boot_from_volume.sh b/exercises/boot_from_volume.sh
index 460b50c..b06c8dd 100755
--- a/exercises/boot_from_volume.sh
+++ b/exercises/boot_from_volume.sh
@@ -95,7 +95,7 @@
chmod 600 $KEY_FILE
# Delete the old volume
-nova volume-delete $VOL_NAME || true
+cinder delete $VOL_NAME || true
# Free every floating ips - setting FREE_ALL_FLOATING_IPS=True in localrc will make life easier for testers
if [ "$FREE_ALL_FLOATING_IPS" = "True" ]; then
@@ -112,15 +112,15 @@
fi
# Create the bootable volume
-nova volume-create --display_name=$VOL_NAME --image-id $IMAGE 1
+cinder create --display_name=$VOL_NAME --image-id $IMAGE 1
# Wait for volume to activate
-if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova volume-list | grep $VOL_NAME | grep available; do sleep 1; done"; then
+if ! timeout $ACTIVE_TIMEOUT sh -c "while ! cinder list | grep $VOL_NAME | grep available; do sleep 1; done"; then
echo "Volume $VOL_NAME not created"
exit 1
fi
-VOLUME_ID=`nova volume-list | grep $VOL_NAME | get_field 1`
+VOLUME_ID=`cinder list | grep $VOL_NAME | get_field 1`
# Boot instance from volume! This is done with the --block_device_mapping param.
# The format of mapping is:
@@ -152,13 +152,13 @@
die "Failure deleting instance volume $VOL_INSTANCE_NAME"
# Wait till our volume is no longer in-use
-if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova volume-list | grep $VOL_NAME | grep available; do sleep 1; done"; then
+if ! timeout $ACTIVE_TIMEOUT sh -c "while ! cinder list | grep $VOL_NAME | grep available; do sleep 1; done"; then
echo "Volume $VOL_NAME not created"
exit 1
fi
# Delete the volume
-nova volume-delete $VOL_NAME || \
+cinder delete $VOL_NAME || \
die "Failure deleting volume $VOLUME_NAME"
# De-allocate the floating ip
diff --git a/exercises/volumes.sh b/exercises/volumes.sh
index 1c73786..72c8729 100755
--- a/exercises/volumes.sh
+++ b/exercises/volumes.sh
@@ -2,7 +2,7 @@
# **volumes.sh**
-# Test nova volumes with the nova command from python-novaclient
+# Test cinder volumes with the cinder command from python-cinderclient
echo "*********************************************************************"
echo "Begin DevStack Exercise: $0"
@@ -131,28 +131,28 @@
VOL_NAME="myvol-$(openssl rand -hex 4)"
# Verify it doesn't exist
-if [[ -n "`nova volume-list | grep $VOL_NAME | head -1 | get_field 2`" ]]; then
+if [[ -n "`cinder list | grep $VOL_NAME | head -1 | get_field 2`" ]]; then
echo "Volume $VOL_NAME already exists"
exit 1
fi
# Create a new volume
-nova volume-create --display_name $VOL_NAME --display_description "test volume: $VOL_NAME" 1
+cinder create --display_name $VOL_NAME --display_description "test volume: $VOL_NAME" 1
if [[ $? != 0 ]]; then
echo "Failure creating volume $VOL_NAME"
exit 1
fi
start_time=`date +%s`
-if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova volume-list | grep $VOL_NAME | grep available; do sleep 1; done"; then
+if ! timeout $ACTIVE_TIMEOUT sh -c "while ! cinder list | grep $VOL_NAME | grep available; do sleep 1; done"; then
echo "Volume $VOL_NAME not created"
exit 1
fi
end_time=`date +%s`
-echo "Completed volume-create in $((end_time - start_time)) seconds"
+echo "Completed cinder create in $((end_time - start_time)) seconds"
# Get volume ID
-VOL_ID=`nova volume-list | grep $VOL_NAME | head -1 | get_field 1`
+VOL_ID=`cinder list | grep $VOL_NAME | head -1 | get_field 1`
die_if_not_set VOL_ID "Failure retrieving volume ID for $VOL_NAME"
# Attach to server
@@ -160,14 +160,14 @@
start_time=`date +%s`
nova volume-attach $VM_UUID $VOL_ID $DEVICE || \
die "Failure attaching volume $VOL_NAME to $NAME"
-if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova volume-list | grep $VOL_NAME | grep in-use; do sleep 1; done"; then
+if ! timeout $ACTIVE_TIMEOUT sh -c "while ! cinder list | grep $VOL_NAME | grep in-use; do sleep 1; done"; then
echo "Volume $VOL_NAME not attached to $NAME"
exit 1
fi
end_time=`date +%s`
echo "Completed volume-attach in $((end_time - start_time)) seconds"
-VOL_ATTACH=`nova volume-list | grep $VOL_NAME | head -1 | get_field -1`
+VOL_ATTACH=`cinder list | grep $VOL_NAME | head -1 | get_field -1`
die_if_not_set VOL_ATTACH "Failure retrieving $VOL_NAME status"
if [[ "$VOL_ATTACH" != $VM_UUID ]]; then
echo "Volume not attached to correct instance"
@@ -177,7 +177,7 @@
# Detach volume
start_time=`date +%s`
nova volume-detach $VM_UUID $VOL_ID || die "Failure detaching volume $VOL_NAME from $NAME"
-if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova volume-list | grep $VOL_NAME | grep available; do sleep 1; done"; then
+if ! timeout $ACTIVE_TIMEOUT sh -c "while ! cinder list | grep $VOL_NAME | grep available; do sleep 1; done"; then
echo "Volume $VOL_NAME not detached from $NAME"
exit 1
fi
@@ -186,13 +186,13 @@
# Delete volume
start_time=`date +%s`
-nova volume-delete $VOL_ID || die "Failure deleting volume $VOL_NAME"
-if ! timeout $ACTIVE_TIMEOUT sh -c "while ! nova volume-list | grep $VOL_NAME; do sleep 1; done"; then
+cinder delete $VOL_ID || die "Failure deleting volume $VOL_NAME"
+if ! timeout $ACTIVE_TIMEOUT sh -c "while ! cinder list | grep $VOL_NAME; do sleep 1; done"; then
echo "Volume $VOL_NAME not deleted"
exit 1
fi
end_time=`date +%s`
-echo "Completed volume-delete in $((end_time - start_time)) seconds"
+echo "Completed cinder delete in $((end_time - start_time)) seconds"
# Shutdown the server
nova delete $VM_UUID || die "Failure deleting instance $NAME"
diff --git a/files/apts/postgresql b/files/apts/postgresql
new file mode 100644
index 0000000..bf19d39
--- /dev/null
+++ b/files/apts/postgresql
@@ -0,0 +1 @@
+python-psycopg2
diff --git a/files/rpms/postgresql b/files/rpms/postgresql
new file mode 100644
index 0000000..bf19d39
--- /dev/null
+++ b/files/rpms/postgresql
@@ -0,0 +1 @@
+python-psycopg2
diff --git a/functions b/functions
index dbe9d30..0da8299 100644
--- a/functions
+++ b/functions
@@ -570,7 +570,7 @@
# is_set env-var
function is_set() {
local var=\$"$1"
- if eval "[ -z $var ]"; then
+ if eval "[ -z \"$var\" ]"; then
return 1
fi
return 0
@@ -836,6 +836,21 @@
fi
}
+# Toggle enable/disable_service for services that must run exclusive of each other
+# $1 The name of a variable containing a space-separated list of services
+# $2 The name of a variable in which to store the enabled service's name
+# $3 The name of the service to enable
+function use_exclusive_service {
+ local options=${!1}
+ local selection=$3
+ out=$2
+ [ -z $selection ] || [[ ! "$options" =~ "$selection" ]] && return 1
+ for opt in $options;do
+ [[ "$opt" = "$selection" ]] && enable_service $opt || disable_service $opt
+ done
+ eval "$out=$selection"
+ return 0
+}
# Wrapper for ``yum`` to set proxy environment variables
# Uses globals ``OFFLINE``, ``*_proxy`
diff --git a/lib/cinder b/lib/cinder
index 08c840e..81bfbfe 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -4,8 +4,8 @@
# Dependencies:
# - functions
# - DEST, DATA_DIR must be defined
-# - KEYSTONE_AUTH_* must be defined
# SERVICE_{TENANT_NAME|PASSWORD} must be defined
+# ``KEYSTONE_TOKEN_FORMAT`` must be defined
# stack.sh
# ---------
@@ -30,6 +30,7 @@
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
CINDER_CONF_DIR=/etc/cinder
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
+CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
# Support entry points installation of console scripts
if [[ -d $CINDER_DIR/bin ]]; then
@@ -106,13 +107,19 @@
iniset $CINDER_API_PASTE_INI filter:authtoken admin_user cinder
iniset $CINDER_API_PASTE_INI filter:authtoken admin_password $SERVICE_PASSWORD
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ iniset $CINDER_API_PASTE_INI filter:authtoken signing_dir $CINDER_AUTH_CACHE_DIR
+ fi
+
cp $CINDER_DIR/etc/cinder/cinder.conf.sample $CINDER_CONF
iniset $CINDER_CONF DEFAULT auth_strategy keystone
iniset $CINDER_CONF DEFAULT verbose True
iniset $CINDER_CONF DEFAULT volume_group $VOLUME_GROUP
iniset $CINDER_CONF DEFAULT volume_name_template ${VOLUME_NAME_PREFIX}%s
iniset $CINDER_CONF DEFAULT iscsi_helper tgtadm
- iniset $CINDER_CONF DEFAULT sql_connection $BASE_SQL_CONN/cinder?charset=utf8
+ local dburl
+ database_connection_url dburl cinder
+ iniset $CINDER_CONF DEFAULT sql_connection $dburl
iniset $CINDER_CONF DEFAULT api_paste_config $CINDER_API_PASTE_INI
iniset $CINDER_CONF DEFAULT root_helper "sudo ${CINDER_ROOTWRAP}"
iniset $CINDER_CONF DEFAULT osapi_volume_extension cinder.api.openstack.volume.contrib.standard_extensions
@@ -141,10 +148,9 @@
# Force nova volumes off
NOVA_ENABLED_APIS=$(echo $NOVA_ENABLED_APIS | sed "s/osapi_volume,//")
- if is_service_enabled mysql; then
+ if is_service_enabled $DATABASE_BACKENDS; then
# (re)create cinder database
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS cinder;'
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE cinder;'
+ recreate_database cinder utf8
# (re)create cinder database
$CINDER_BIN_DIR/cinder-manage db sync
@@ -186,6 +192,12 @@
done
fi
fi
+
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ # Create cache dir
+ sudo mkdir -p $CINDER_AUTH_CACHE_DIR
+ sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
+ fi
}
# install_cinder() - Collect source and prepare
diff --git a/lib/database b/lib/database
new file mode 100644
index 0000000..66fb36f
--- /dev/null
+++ b/lib/database
@@ -0,0 +1,103 @@
+# lib/database
+# Interface for interacting with different database backends
+
+# Dependencies:
+# DATABASE_BACKENDS variable must contain a list of available database backends
+# DATABASE_TYPE variable must be set
+
+# Each database must implement four functions:
+# recreate_database_$DATABASE_TYPE
+# install_database_$DATABASE_TYPE
+# configure_database_$DATABASE_TYPE
+# database_connection_url_$DATABASE_TYPE
+#
+# and call register_database $DATABASE_TYPE
+
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+# Register a database backend
+# $1 The name of the database backend
+function register_database {
+ [ -z "$DATABASE_BACKENDS" ] && DATABASE_BACKENDS=$1 || DATABASE_BACKENDS+=" $1"
+}
+
+for f in $TOP_DIR/lib/databases/*; do source $f; done
+
+# Set the database type based on the configuration
+function initialize_database_backends {
+ for backend in $DATABASE_BACKENDS; do
+ is_service_enabled $backend && DATABASE_TYPE=$backend
+ done
+
+ [ -z "$DATABASE_TYPE" ] && return 1
+
+ # For backward-compatibility, read in the MYSQL_HOST/USER variables and use
+ # them as the default values for the DATABASE_HOST/USER variables.
+ MYSQL_HOST=${MYSQL_HOST:-localhost}
+ MYSQL_USER=${MYSQL_USER:-root}
+
+ DATABASE_HOST=${DATABASE_HOST:-${MYSQL_HOST}}
+ DATABASE_USER=${DATABASE_USER:-${MYSQL_USER}}
+
+ if [ -n "$MYSQL_PASSWORD" ]; then
+ DATABASE_PASSWORD=$MYSQL_PASSWORD
+ else
+ read_password DATABASE_PASSWORD "ENTER A PASSWORD TO USE FOR THE DATABASE."
+ fi
+
+ # We configure Nova, Horizon, Glance and Keystone to use MySQL as their
+ # database server. While they share a single server, each has their own
+ # database and tables.
+
+ # By default this script will install and configure MySQL. If you want to
+ # use an existing server, you can pass in the user/password/host parameters.
+ # You will need to send the same ``DATABASE_PASSWORD`` to every host if you are doing
+ # a multi-node DevStack installation.
+
+ # NOTE: Don't specify ``/db`` in this string so we can use it for multiple services
+ BASE_SQL_CONN=${BASE_SQL_CONN:-${DATABASE_TYPE}://$DATABASE_USER:$DATABASE_PASSWORD@$DATABASE_HOST}
+
+ return 0
+}
+
+# Set the database backend to use
+# $1 The name of the database backend to use (mysql, postgresql, ...)
+function use_database {
+ use_exclusive_service DATABASE_BACKENDS DATABASE_TYPE $1 && return 0
+ ret=$?
+ echo "Invalid database '$1'"
+ return $ret
+}
+
+# Recreate a given database
+# $1 The name of the database
+# $2 The character set/encoding of the database
+function recreate_database {
+ local db=$1
+ local charset=$2
+ recreate_database_$DATABASE_TYPE $db $charset
+}
+
+# Install the database
+function install_database {
+ install_database_$DATABASE_TYPE
+}
+
+# Configure and start the database
+function configure_database {
+ configure_database_$DATABASE_TYPE
+}
+
+# Generate an SQLAlchemy connection URL and store it in a variable
+# $1 The variable name in which to store the connection URL
+# $2 The name of the database
+function database_connection_url {
+ local var=$1
+ local db=$2
+ database_connection_url_$DATABASE_TYPE $var $db
+}
+
+# Restore xtrace
+$XTRACE
diff --git a/lib/databases/mysql b/lib/databases/mysql
new file mode 100644
index 0000000..ed59290
--- /dev/null
+++ b/lib/databases/mysql
@@ -0,0 +1,93 @@
+# lib/mysql
+# Functions to control the configuration and operation of the MySQL database backend
+
+# Dependencies:
+# DATABASE_{HOST,USER,PASSWORD} must be defined
+
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+register_database mysql
+
+function recreate_database_mysql {
+ local db=$1
+ local charset=$2
+ mysql -u$DATABASE_USER -p$DATABASE_PASSWORD -e "DROP DATABASE IF EXISTS $db;"
+ mysql -u$DATABASE_USER -p$DATABASE_PASSWORD -e "CREATE DATABASE $db CHARACTER SET $charset;"
+}
+
+function configure_database_mysql {
+ echo_summary "Configuring and starting MySQL"
+
+ if [[ "$os_PACKAGE" = "deb" ]]; then
+ MY_CONF=/etc/mysql/my.cnf
+ MYSQL=mysql
+ else
+ MY_CONF=/etc/my.cnf
+ MYSQL=mysqld
+ fi
+
+ # Start mysql-server
+ if [[ "$os_PACKAGE" = "rpm" ]]; then
+ # RPM doesn't start the service
+ start_service $MYSQL
+ # Set the root password - only works the first time
+ sudo mysqladmin -u root password $DATABASE_PASSWORD || true
+ fi
+ # Update the DB to give user ‘$DATABASE_USER’@’%’ full control of the all databases:
+ sudo mysql -uroot -p$DATABASE_PASSWORD -h127.0.0.1 -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
+
+ # Now update ``my.cnf`` for some local needs and restart the mysql service
+
+ # Change ‘bind-address’ from localhost (127.0.0.1) to any (0.0.0.0)
+ sudo sed -i '/^bind-address/s/127.0.0.1/0.0.0.0/g' $MY_CONF
+
+ # Set default db type to InnoDB
+ if sudo grep -q "default-storage-engine" $MY_CONF; then
+ # Change it
+ sudo bash -c "source $TOP_DIR/functions; iniset $MY_CONF mysqld default-storage-engine InnoDB"
+ else
+ # Add it
+ sudo sed -i -e "/^\[mysqld\]/ a \
+default-storage-engine = InnoDB" $MY_CONF
+ fi
+
+ restart_service $MYSQL
+}
+
+function install_database_mysql {
+ if [[ "$os_PACKAGE" = "deb" ]]; then
+ # Seed configuration with mysql password so that apt-get install doesn't
+ # prompt us for a password upon install.
+ cat <<MYSQL_PRESEED | sudo debconf-set-selections
+mysql-server-5.1 mysql-server/root_password password $DATABASE_PASSWORD
+mysql-server-5.1 mysql-server/root_password_again password $DATABASE_PASSWORD
+mysql-server-5.1 mysql-server/start_on_boot boolean true
+MYSQL_PRESEED
+ fi
+
+ # while ``.my.cnf`` is not needed for OpenStack to function, it is useful
+ # as it allows you to access the mysql databases via ``mysql nova`` instead
+ # of having to specify the username/password each time.
+ if [[ ! -e $HOME/.my.cnf ]]; then
+ cat <<EOF >$HOME/.my.cnf
+[client]
+user=$DATABASE_USER
+password=$DATABASE_PASSWORD
+host=$DATABASE_HOST
+EOF
+ chmod 0600 $HOME/.my.cnf
+ fi
+ # Install mysql-server
+ install_package mysql-server
+}
+
+function database_connection_url_mysql {
+ local output=$1
+ local db=$2
+ eval "$output=$BASE_SQL_CONN/$db?charset=utf8"
+}
+
+# Restore xtrace
+$XTRACE
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
new file mode 100644
index 0000000..81989f2
--- /dev/null
+++ b/lib/databases/postgresql
@@ -0,0 +1,70 @@
+# lib/postgresql
+# Functions to control the configuration and operation of the PostgreSQL database backend
+
+# Dependencies:
+# DATABASE_{HOST,USER,PASSWORD} must be defined
+
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+register_database postgresql
+
+function recreate_database_postgresql {
+ local db=$1
+ local charset=$2
+ # Avoid unsightly error when calling dropdb when the database doesn't exist
+ psql -h$DATABASE_HOST -U$DATABASE_USER -dtemplate1 -c "DROP DATABASE IF EXISTS $db"
+ createdb -h $DATABASE_HOST -U$DATABASE_USER -l C -T template0 -E $charset $db
+}
+
+function configure_database_postgresql {
+ echo_summary "Configuring and starting PostgreSQL"
+ if [[ "$os_PACKAGE" = "rpm" ]]; then
+ PG_HBA=/var/lib/pgsql/data/pg_hba.conf
+ PG_CONF=/var/lib/pgsql/data/postgresql.conf
+ else
+ PG_DIR=`find /etc/postgresql -name pg_hba.conf|xargs dirname`
+ PG_HBA=$PG_DIR/pg_hba.conf
+ PG_CONF=$PG_DIR/postgresql.conf
+ fi
+ sudo [ -e /var/lib/pgsql/data ] || sudo postgresql-setup initdb
+ # Listen on all addresses
+ sudo sed -i "/listen_addresses/s/.*/listen_addresses = '*'/" $PG_CONF
+ # Do password auth from all IPv4 clients
+ sudo sed -i "/^host/s/all\s\+127.0.0.1\/32\s\+ident/$DATABASE_USER\t0.0.0.0\/0\tpassword/" $PG_HBA
+ # Do password auth for all IPv6 clients
+ sudo sed -i "/^host/s/all\s\+::1\/128\s\+ident/$DATABASE_USER\t::0\/0\tpassword/" $PG_HBA
+ start_service postgresql
+
+ # If creating the role fails, chances are it already existed. Try to alter it.
+ sudo -u postgres -i psql -c "CREATE ROLE $DATABASE_USER WITH SUPERUSER LOGIN PASSWORD '$DATABASE_PASSWORD'" || \
+ sudo -u postgres -i psql -c "ALTER ROLE $DATABASE_USER WITH SUPERUSER LOGIN PASSWORD '$DATABASE_PASSWORD'"
+}
+
+function install_database_postgresql {
+ echo_summary "Installing postgresql"
+ PGPASS=$HOME/.pgpass
+ if [[ ! -e $PGPASS ]]; then
+ cat <<EOF > $PGPASS
+*:*:*:$DATABASE_USER:$DATABASE_PASSWORD
+EOF
+ chmod 0600 $PGPASS
+ else
+ sed -i "s/:root:\w\+/:root:$DATABASE_PASSWORD/" $PGPASS
+ fi
+ if [[ "$os_PACKAGE" = "rpm" ]]; then
+ install_package postgresql-server
+ else
+ install_package postgresql
+ fi
+}
+
+function database_connection_url_postgresql {
+ local output=$1
+ local db=$2
+ eval "$output=$BASE_SQL_CONN/$db?client_encoding=utf8"
+}
+
+# Restore xtrace
+$XTRACE
diff --git a/lib/glance b/lib/glance
index 070c80d..b02a4b6 100644
--- a/lib/glance
+++ b/lib/glance
@@ -6,6 +6,7 @@
# ``DEST``, ``DATA_DIR`` must be defined
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``SERVICE_HOST``
+# ``KEYSTONE_TOKEN_FORMAT`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
@@ -31,6 +32,7 @@
GLANCECLIENT_DIR=$DEST/python-glanceclient
GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
+GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
GLANCE_REGISTRY_CONF=$GLANCE_CONF_DIR/glance-registry.conf
@@ -81,7 +83,9 @@
cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
iniset $GLANCE_REGISTRY_CONF DEFAULT debug True
inicomment $GLANCE_REGISTRY_CONF DEFAULT log_file
- iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $BASE_SQL_CONN/glance?charset=utf8
+ local dburl
+ database_connection_url dburl glance
+ iniset $GLANCE_REGISTRY_CONF DEFAULT sql_connection $dburl
iniset $GLANCE_REGISTRY_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
iniset $GLANCE_REGISTRY_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
@@ -91,11 +95,14 @@
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_user glance
iniset $GLANCE_REGISTRY_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ iniset $GLANCE_REGISTRY_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/registry
+ fi
cp $GLANCE_DIR/etc/glance-api.conf $GLANCE_API_CONF
iniset $GLANCE_API_CONF DEFAULT debug True
inicomment $GLANCE_API_CONF DEFAULT log_file
- iniset $GLANCE_API_CONF DEFAULT sql_connection $BASE_SQL_CONN/glance?charset=utf8
+ iniset $GLANCE_API_CONF DEFAULT sql_connection $dburl
iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_API_CONF DEFAULT filesystem_store_datadir $GLANCE_IMAGE_DIR/
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
@@ -114,6 +121,9 @@
iniset $GLANCE_API_CONF DEFAULT rabbit_host $RABBIT_HOST
iniset $GLANCE_API_CONF DEFAULT rabbit_password $RABBIT_PASSWORD
fi
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ iniset $GLANCE_API_CONF keystone_authtoken signing_dir $GLANCE_AUTH_CACHE_DIR/api
+ fi
cp -p $GLANCE_DIR/etc/glance-registry-paste.ini $GLANCE_REGISTRY_PASTE_INI
@@ -149,10 +159,17 @@
mkdir -p $GLANCE_CACHE_DIR
# (re)create glance database
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS glance;'
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE glance CHARACTER SET utf8;'
+ recreate_database glance utf8
$GLANCE_BIN_DIR/glance-manage db_sync
+
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ # Create cache dir
+ sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
+ sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
+ sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
+ sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
+ fi
}
# install_glanceclient() - Collect source and prepare
diff --git a/lib/heat b/lib/heat
index 7fb5fcc..d1f1c7c 100644
--- a/lib/heat
+++ b/lib/heat
@@ -120,7 +120,9 @@
iniset $HEAT_ENGINE_CONF DEFAULT use_syslog $SYSLOG
iniset $HEAT_ENGINE_CONF DEFAULT bind_host $HEAT_ENGINE_HOST
iniset $HEAT_ENGINE_CONF DEFAULT bind_port $HEAT_ENGINE_PORT
- iniset $HEAT_ENGINE_CONF DEFAULT sql_connection $BASE_SQL_CONN/heat?charset=utf8
+ local dburl
+ database_connection_url dburl heat
+ iniset $HEAT_ENGINE_CONF DEFAULT sql_connection $dburl
iniset $HEAT_ENGINE_CONF DEFAULT auth_encryption_key `hexdump -n 16 -v -e '/1 "%02x"' /dev/random`
if is_service_enabled rabbit; then
@@ -185,8 +187,7 @@
function init_heat() {
# (re)create heat database
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS heat;'
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE heat CHARACTER SET utf8;'
+ recreate_database heat utf8
$HEAT_DIR/bin/heat-db-setup $os_PACKAGE -r $MYSQL_PASSWORD
$HEAT_DIR/tools/nova_create_flavors.sh
diff --git a/lib/keystone b/lib/keystone
index 73d82c5..ae89056 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -32,13 +32,18 @@
KEYSTONE_DIR=$DEST/keystone
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
+KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
-# Select the backend for Keystopne's service catalog
+# Select the backend for Keystone's service catalog
KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
+# Select Keystone's token format
+# Choose from 'UUID' and 'PKI'
+KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKI}
+
# Set Keystone interface configuration
KEYSTONE_API_PORT=${KEYSTONE_API_PORT:-5000}
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
@@ -47,7 +52,6 @@
KEYSTONE_SERVICE_HOST=${KEYSTONE_SERVICE_HOST:-$SERVICE_HOST}
KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000}
KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-http}
-KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKI}
# Entry Points
@@ -82,9 +86,11 @@
fi
# Rewrite stock ``keystone.conf``
+ local dburl
+ database_connection_url dburl keystone
iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"
iniset $KEYSTONE_CONF signing token_format "$KEYSTONE_TOKEN_FORMAT"
- iniset $KEYSTONE_CONF sql connection "$BASE_SQL_CONN/keystone?charset=utf8"
+ iniset $KEYSTONE_CONF sql connection $dburl
iniset $KEYSTONE_CONF ec2 driver "keystone.contrib.ec2.backends.sql.Ec2"
sed -e "
/^pipeline.*ec2_extension crud_/s|ec2_extension crud_extension|ec2_extension s3_extension crud_extension|;
@@ -141,14 +147,19 @@
# init_keystone() - Initialize databases, etc.
function init_keystone() {
# (Re)create keystone database
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS keystone;'
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE keystone CHARACTER SET utf8;'
+ recreate_database keystone utf8
# Initialize keystone database
$KEYSTONE_DIR/bin/keystone-manage db_sync
- # Set up certificates
- $KEYSTONE_DIR/bin/keystone-manage pki_setup
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ # Set up certificates
+ $KEYSTONE_DIR/bin/keystone-manage pki_setup
+
+ # Create cache dir
+ sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
+ sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR
+ fi
}
# install_keystoneclient() - Collect source and prepare
diff --git a/lib/nova b/lib/nova
index 7797927..2c1413d 100644
--- a/lib/nova
+++ b/lib/nova
@@ -7,6 +7,7 @@
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``LIBVIRT_TYPE`` must be defined
# ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
+# ``KEYSTONE_TOKEN_FORMAT`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
@@ -32,6 +33,7 @@
NOVA_STATE_PATH=${NOVA_STATE_PATH:=$DATA_DIR/nova}
# INSTANCES_PATH is the previous name for this
NOVA_INSTANCES_PATH=${NOVA_INSTANCES_PATH:=${INSTANCES_PATH:=$NOVA_STATE_PATH/instances}}
+NOVA_AUTH_CACHE_DIR=${NOVA_AUTH_CACHE_DIR:-/var/cache/nova}
NOVA_CONF_DIR=/etc/nova
NOVA_CONF=$NOVA_CONF_DIR/nova.conf
@@ -174,6 +176,10 @@
" -i $NOVA_API_PASTE_INI
fi
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ iniset $NOVA_API_PASTE_INI filter:authtoken signing_dir $NOVA_AUTH_CACHE_DIR
+ fi
+
if is_service_enabled n-cpu; then
# Force IP forwarding on, just on case
sudo sysctl -w net.ipv4.ip_forward=1
@@ -296,7 +302,9 @@
add_nova_opt "s3_port=$S3_SERVICE_PORT"
add_nova_opt "osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions"
add_nova_opt "my_ip=$HOST_IP"
- add_nova_opt "sql_connection=$BASE_SQL_CONN/nova?charset=utf8"
+ local dburl
+ database_connection_url dburl nova
+ add_nova_opt "sql_connection=$dburl"
add_nova_opt "libvirt_type=$LIBVIRT_TYPE"
add_nova_opt "libvirt_cpu_mode=none"
add_nova_opt "instance_name_template=${INSTANCE_NAME_PREFIX}%08x"
@@ -372,19 +380,22 @@
# All nova components talk to a central database. We will need to do this step
# only once for an entire cluster.
- if is_service_enabled mysql && is_service_enabled nova; then
+ if is_service_enabled $DATABASE_BACKENDS && is_service_enabled nova; then
# (Re)create nova database
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'DROP DATABASE IF EXISTS nova;'
-
# Explicitly use latin1: to avoid lp#829209, nova expects the database to
# use latin1 by default, and then upgrades the database to utf8 (see the
# 082_essex.py in nova)
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e 'CREATE DATABASE nova CHARACTER SET latin1;'
+ recreate_database nova latin1
# (Re)create nova database
$NOVA_BIN_DIR/nova-manage db sync
fi
+ if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+ # Create cache dir
+ sudo mkdir -p $NOVA_AUTH_CACHE_DIR
+ sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
+ fi
}
# install_novaclient() - Collect source and prepare
diff --git a/stack.sh b/stack.sh
index 29e4953..1cd1e1a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -30,6 +30,8 @@
# and ``DISTRO``
GetDistro
+# Import database library (must be loaded before stackrc which sources localrc)
+source $TOP_DIR/lib/database
# Settings
# ========
@@ -37,15 +39,15 @@
# ``stack.sh`` is customizable through setting environment variables. If you
# want to override a setting you can set and export it::
#
-# export MYSQL_PASSWORD=anothersecret
+# export DATABASE_PASSWORD=anothersecret
# ./stack.sh
#
-# You can also pass options on a single line ``MYSQL_PASSWORD=simple ./stack.sh``
+# You can also pass options on a single line ``DATABASE_PASSWORD=simple ./stack.sh``
#
# Additionally, you can put any local variables into a ``localrc`` file::
#
-# MYSQL_PASSWORD=anothersecret
-# MYSQL_USER=hellaroot
+# DATABASE_PASSWORD=anothersecret
+# DATABASE_USER=hellaroot
#
# We try to have sensible defaults, so you should be able to run ``./stack.sh``
# in most cases. ``localrc`` is not distributed with DevStack and will never
@@ -471,24 +473,21 @@
# With Quantum networking the NET_MAN variable is ignored.
-# MySQL & (RabbitMQ or Qpid)
+# Database configuration
+# ----------------------
+# To select between database backends, add a line to localrc like:
+#
+# use_database postgresql
+#
+# The available database backends are defined in the DATABASE_BACKENDS
+# variable defined in stackrc. By default, MySQL is enabled as the database
+# backend.
+
+initialize_database_backends && echo "Using $DATABASE_TYPE database backend" || echo "No database enabled"
+
+# RabbitMQ or Qpid
# --------------------------
-# We configure Nova, Horizon, Glance and Keystone to use MySQL as their
-# database server. While they share a single server, each has their own
-# database and tables.
-
-# By default this script will install and configure MySQL. If you want to
-# use an existing server, you can pass in the user/password/host parameters.
-# You will need to send the same ``MYSQL_PASSWORD`` to every host if you are doing
-# a multi-node DevStack installation.
-MYSQL_HOST=${MYSQL_HOST:-localhost}
-MYSQL_USER=${MYSQL_USER:-root}
-read_password MYSQL_PASSWORD "ENTER A PASSWORD TO USE FOR MYSQL."
-
-# NOTE: Don't specify ``/db`` in this string so we can use it for multiple services
-BASE_SQL_CONN=${BASE_SQL_CONN:-mysql://$MYSQL_USER:$MYSQL_PASSWORD@$MYSQL_HOST}
-
# Rabbit connection info
if is_service_enabled rabbit; then
RABBIT_HOST=${RABBIT_HOST:-localhost}
@@ -746,32 +745,8 @@
fi
fi
-if is_service_enabled mysql; then
-
- if [[ "$os_PACKAGE" = "deb" ]]; then
- # Seed configuration with mysql password so that apt-get install doesn't
- # prompt us for a password upon install.
- cat <<MYSQL_PRESEED | sudo debconf-set-selections
-mysql-server-5.1 mysql-server/root_password password $MYSQL_PASSWORD
-mysql-server-5.1 mysql-server/root_password_again password $MYSQL_PASSWORD
-mysql-server-5.1 mysql-server/start_on_boot boolean true
-MYSQL_PRESEED
- fi
-
- # while ``.my.cnf`` is not needed for OpenStack to function, it is useful
- # as it allows you to access the mysql databases via ``mysql nova`` instead
- # of having to specify the username/password each time.
- if [[ ! -e $HOME/.my.cnf ]]; then
- cat <<EOF >$HOME/.my.cnf
-[client]
-user=$MYSQL_USER
-password=$MYSQL_PASSWORD
-host=$MYSQL_HOST
-EOF
- chmod 0600 $HOME/.my.cnf
- fi
- # Install mysql-server
- install_package mysql-server
+if is_service_enabled $DATABASE_BACKENDS; then
+ install_database
fi
if is_service_enabled horizon; then
@@ -935,9 +910,6 @@
if is_service_enabled cinder; then
configure_cinder
fi
-if is_service_enabled tempest; then
- configure_tempest
-fi
if is_service_enabled ryu || (is_service_enabled quantum && [[ "$Q_PLUGIN" = "ryu" ]]); then
setup_develop $RYU_DIR
fi
@@ -993,46 +965,10 @@
fi
-# Mysql
-# -----
-
-if is_service_enabled mysql; then
- echo_summary "Configuring and starting MySQL"
-
- if [[ "$os_PACKAGE" = "deb" ]]; then
- MY_CONF=/etc/mysql/my.cnf
- MYSQL=mysql
- else
- MY_CONF=/etc/my.cnf
- MYSQL=mysqld
- fi
-
- # Start mysql-server
- if [[ "$os_PACKAGE" = "rpm" ]]; then
- # RPM doesn't start the service
- start_service $MYSQL
- # Set the root password - only works the first time
- sudo mysqladmin -u root password $MYSQL_PASSWORD || true
- fi
- # Update the DB to give user ‘$MYSQL_USER’@’%’ full control of the all databases:
- sudo mysql -uroot -p$MYSQL_PASSWORD -h127.0.0.1 -e "GRANT ALL PRIVILEGES ON *.* TO '$MYSQL_USER'@'%' identified by '$MYSQL_PASSWORD';"
-
- # Now update ``my.cnf`` for some local needs and restart the mysql service
-
- # Change ‘bind-address’ from localhost (127.0.0.1) to any (0.0.0.0)
- sudo sed -i '/^bind-address/s/127.0.0.1/0.0.0.0/g' $MY_CONF
-
- # Set default db type to InnoDB
- if sudo grep -q "default-storage-engine" $MY_CONF; then
- # Change it
- sudo bash -c "source $TOP_DIR/functions; iniset $MY_CONF mysqld default-storage-engine InnoDB"
- else
- # Add it
- sudo sed -i -e "/^\[mysqld\]/ a \
-default-storage-engine = InnoDB" $MY_CONF
- fi
-
- restart_service $MYSQL
+# Configure database
+# ------------------
+if is_service_enabled $DATABASE_BACKENDS; then
+ configure_database
fi
if [ -z "$SCREEN_HARDSTATUS" ]; then
@@ -1283,7 +1219,9 @@
Q_PLUGIN_CONF_FILE=$Q_PLUGIN_CONF_PATH/$Q_PLUGIN_CONF_FILENAME
cp $QUANTUM_DIR/$Q_PLUGIN_CONF_FILE /$Q_PLUGIN_CONF_FILE
- iniset /$Q_PLUGIN_CONF_FILE DATABASE sql_connection mysql:\/\/$MYSQL_USER:$MYSQL_PASSWORD@$MYSQL_HOST\/$Q_DB_NAME?charset=utf8
+ database_connection_url dburl $Q_DB_NAME
+ iniset /$Q_PLUGIN_CONF_FILE DATABASE sql_connection $dburl
+ unset dburl
Q_CONF_FILE=/etc/quantum/quantum.conf
cp $QUANTUM_DIR/etc/quantum.conf $Q_CONF_FILE
@@ -1309,12 +1247,11 @@
cp $QUANTUM_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
cp $QUANTUM_DIR/etc/policy.json $Q_POLICY_FILE
- if is_service_enabled mysql; then
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e "DROP DATABASE IF EXISTS $Q_DB_NAME;"
- mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e "CREATE DATABASE IF NOT EXISTS $Q_DB_NAME CHARACTER SET utf8;"
- else
- echo "mysql must be enabled in order to use the $Q_PLUGIN Quantum plugin."
- exit 1
+ if is_service_enabled $DATABASE_BACKENDS; then
+ recreate_database $Q_DB_NAME utf8
+ else
+ echo "A database must be enabled in order to use the $Q_PLUGIN Quantum plugin."
+ exit 1
fi
# Update either configuration file with plugin
@@ -1974,7 +1911,7 @@
fi
fi
-elif is_service_enabled mysql && is_service_enabled nova; then
+elif is_service_enabled $DATABASE_BACKENDS && is_service_enabled nova; then
# Create a small network
$NOVA_BIN_DIR/nova-manage network create "$PRIVATE_NETWORK_NAME" $FIXED_RANGE 1 $FIXED_NETWORK_SIZE $NETWORK_CREATE_ARGS
@@ -2042,7 +1979,7 @@
if is_service_enabled g-reg; then
echo_summary "Uploading images"
- TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
+ TOKEN=$(keystone token-get | grep ' id ' | get_field 2)
# Option to upload legacy ami-tty, which works with xenserver
if [[ -n "$UPLOAD_LEGACY_TTY" ]]; then
@@ -2055,6 +1992,13 @@
fi
+# Configure Tempest last to ensure that the runtime configuration of
+# the various OpenStack services can be queried.
+if is_service_enabled tempest; then
+ configure_tempest
+fi
+
+
# Run local script
# ================
diff --git a/unstack.sh b/unstack.sh
index 42cb7af..6b34aa3 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -15,6 +15,9 @@
# Import common functions
source $TOP_DIR/functions
+# Import database library
+source $TOP_DIR/lib/database
+
# Load local configuration
source $TOP_DIR/stackrc
@@ -102,6 +105,10 @@
stop_service mysql
fi
+ if is_service_enabled postgresql; then
+ stop_service postgresql
+ fi
+
# Stop rabbitmq-server
if is_service_enabled rabbit; then
stop_service rabbitmq-server