Merge "Create tools/install_prereqs.sh"
diff --git a/files/apts/ldap b/files/apts/ldap
new file mode 100644
index 0000000..81a00f2
--- /dev/null
+++ b/files/apts/ldap
@@ -0,0 +1,3 @@
+ldap-utils
+slapd # NOPRIME
+python-ldap
diff --git a/files/apts/ryu b/files/apts/ryu
index 1e8f2d2..4a4fc52 100644
--- a/files/apts/ryu
+++ b/files/apts/ryu
@@ -1,4 +1,5 @@
python-setuptools
python-gevent
python-gflags
+python-netifaces
python-sphinx
diff --git a/files/ldap/manager.ldif.in b/files/ldap/manager.ldif.in
new file mode 100644
index 0000000..e522150
--- /dev/null
+++ b/files/ldap/manager.ldif.in
@@ -0,0 +1,10 @@
+dn: olcDatabase={${LDAP_OLCDB_NUMBER}}hdb,cn=config
+changetype: modify
+replace: olcSuffix
+olcSuffix: dc=openstack,dc=org
+-
+replace: olcRootDN
+olcRootDN: dc=Manager,dc=openstack,dc=org
+-
+${LDAP_ROOTPW_COMMAND}: olcRootPW
+olcRootPW: ${SLAPPASS}
diff --git a/files/ldap/openstack.ldif b/files/ldap/openstack.ldif
new file mode 100644
index 0000000..287fda4
--- /dev/null
+++ b/files/ldap/openstack.ldif
@@ -0,0 +1,21 @@
+dn: dc=openstack,dc=org
+dc: openstack
+objectClass: dcObject
+objectClass: organizationalUnit
+ou: openstack
+
+dn: ou=Groups,dc=openstack,dc=org
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Users,dc=openstack,dc=org
+objectClass: organizationalUnit
+ou: Users
+
+dn: ou=Roles,dc=openstack,dc=org
+objectClass: organizationalUnit
+ou: Roles
+
+dn: ou=Projects,dc=openstack,dc=org
+objectClass: organizationalUnit
+ou: Projects
diff --git a/files/rpms/ldap b/files/rpms/ldap
new file mode 100644
index 0000000..2f7ab5d
--- /dev/null
+++ b/files/rpms/ldap
@@ -0,0 +1,3 @@
+openldap-servers
+openldap-clients
+python-ldap
diff --git a/files/rpms/ryu b/files/rpms/ryu
index 1e8f2d2..4a4fc52 100644
--- a/files/rpms/ryu
+++ b/files/rpms/ryu
@@ -1,4 +1,5 @@
python-setuptools
python-gevent
python-gflags
+python-netifaces
python-sphinx
diff --git a/lib/baremetal b/lib/baremetal
index 3cc2429..7c31d1f 100644
--- a/lib/baremetal
+++ b/lib/baremetal
@@ -90,6 +90,9 @@
BM_DNSMASQ_RANGE=${BM_DNSMASQ_RANGE:-}
fi
+# BM_DNSMASQ_DNS provide dns server to bootstrap clients
+BM_DNSMASQ_DNS=${BM_DNSMASQ_DNS:-}
+
# BM_FIRST_MAC *must* be set to the MAC address of the node you will boot.
# This is passed to dnsmasq along with the kernel/ramdisk to
# deploy via PXE.
diff --git a/lib/ceilometer b/lib/ceilometer
index 41a5f53..bc37d92 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -73,6 +73,7 @@
# Install the policy file for the API server
cp $CEILOMETER_DIR/etc/ceilometer/policy.json $CEILOMETER_CONF_DIR
+ cp $CEILOMETER_DIR/etc/ceilometer/pipeline.yaml $CEILOMETER_CONF_DIR
iniset $CEILOMETER_CONF DEFAULT policy_file $CEILOMETER_CONF_DIR/policy.json
# the compute and central agents need these credentials in order to
diff --git a/lib/keystone b/lib/keystone
index 5714670..866c62e 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -94,6 +94,17 @@
local dburl
database_connection_url dburl keystone
+ if is_service_enabled ldap; then
+ #Set all needed ldap values
+ iniset $KEYSTONE_CONF ldap password $LDAP_PASSWORD
+ iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org"
+ iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org"
+ fi
+
+ if [[ "$KEYSTONE_IDENTITY_BACKEND" == "ldap" ]]; then
+ iniset $KEYSTONE_CONF identity driver "keystone.identity.backends.ldap.Identity"
+ fi
+
if is_service_enabled tls-proxy; then
# Set the service ports for a proxy to take the originals
iniset $KEYSTONE_CONF DEFAULT public_port $KEYSTONE_SERVICE_PORT_INT
@@ -283,6 +294,10 @@
# install_keystone() - Collect source and prepare
function install_keystone() {
+ # only install ldap if the service has been enabled
+ if is_service_enabled ldap; then
+ install_ldap
+ fi
git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
}
diff --git a/lib/ldap b/lib/ldap
new file mode 100644
index 0000000..5cb4534
--- /dev/null
+++ b/lib/ldap
@@ -0,0 +1,74 @@
+# lib/ldap
+# Functions to control the installation and configuration of **ldap**
+
+# ``stack.sh`` calls the entry points in this order:
+#
+
+# Save trace setting
+XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+# install_ldap
+# install_ldap() - Collect source and prepare
+function install_ldap() {
+ echo "Installing LDAP inside function"
+ echo "LDAP_PASSWORD is $LDAP_PASSWORD"
+ echo "os_VENDOR is $os_VENDOR"
+ printf "installing"
+ if is_ubuntu; then
+ echo "os vendor is Ubuntu"
+ LDAP_OLCDB_NUMBER=1
+ LDAP_ROOTPW_COMMAND=replace
+ sudo DEBIAN_FRONTEND=noninteractive apt-get install slapd ldap-utils
+ #automatically starts LDAP on ubuntu so no need to call start_ldap
+ elif is_fedora; then
+ echo "os vendor is Fedora"
+ LDAP_OLCDB_NUMBER=2
+ LDAP_ROOTPW_COMMAND=add
+ start_ldap
+ fi
+
+ printf "generate password file"
+ SLAPPASS=`slappasswd -s $LDAP_PASSWORD`
+
+ printf "secret is $SLAPPASS\n"
+ #create manager.ldif
+ TMP_MGR_DIFF_FILE=`mktemp -t manager_ldiff.$$.XXXXXXXXXX.ldif`
+ sed -e "s|\${LDAP_OLCDB_NUMBER}|$LDAP_OLCDB_NUMBER|" -e "s|\${SLAPPASS}|$SLAPPASS|" -e "s|\${LDAP_ROOTPW_COMMAND}|$LDAP_ROOTPW_COMMAND|" $FILES/ldap/manager.ldif.in >> $TMP_MGR_DIFF_FILE
+
+ #update ldap olcdb
+ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $TMP_MGR_DIFF_FILE
+
+ # add our top level ldap nodes
+ if ldapsearch -x -w $LDAP_PASSWORD -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -x -b dc=openstack,dc=org | grep -q "Success" ; then
+ printf "LDAP already configured for OpenStack\n"
+ if [[ "$KEYSTONE_CLEAR_LDAP" == "yes" ]]; then
+ # clear LDAP state
+ clear_ldap_state
+ # reconfigure LDAP for OpenStack
+ ldapadd -c -x -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -w $LDAP_PASSWORD -f $FILES/ldap/openstack.ldif
+ fi
+ else
+ printf "Configuring LDAP for OpenStack\n"
+ ldapadd -c -x -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -w $LDAP_PASSWORD -f $FILES/ldap/openstack.ldif
+ fi
+}
+
+# start_ldap() - Start LDAP
+function start_ldap() {
+ sudo service slapd restart
+}
+
+
+# stop_ldap() - Stop LDAP
+function stop_ldap() {
+ sudo service slapd stop
+}
+
+# clear_ldap_state() - Clear LDAP State
+function clear_ldap_state() {
+ ldapdelete -x -w $LDAP_PASSWORD -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -x -r "dc=openstack,dc=org"
+}
+
+# Restore xtrace
+$XTRACE
diff --git a/lib/quantum_plugins/bigswitch_floodlight b/lib/quantum_plugins/bigswitch_floodlight
index 35276a5..2c928be 100644
--- a/lib/quantum_plugins/bigswitch_floodlight
+++ b/lib/quantum_plugins/bigswitch_floodlight
@@ -2,7 +2,7 @@
# ------------------------------------
# Save trace setting
-XTRACE=$(set +o | grep xtrace)
+MY_XTRACE=$(set +o | grep xtrace)
set +o xtrace
source $TOP_DIR/lib/quantum_plugins/ovs_base
@@ -52,4 +52,4 @@
}
# Restore xtrace
-$XTRACE
+$MY_XTRACE
diff --git a/lib/quantum_plugins/linuxbridge b/lib/quantum_plugins/linuxbridge
index e8ba68c..6d5d4e0 100644
--- a/lib/quantum_plugins/linuxbridge
+++ b/lib/quantum_plugins/linuxbridge
@@ -2,7 +2,7 @@
# ---------------------------
# Save trace setting
-XTRACE=$(set +o | grep xtrace)
+MY_XTRACE=$(set +o | grep xtrace)
set +o xtrace
function is_quantum_ovs_base_plugin() {
@@ -76,4 +76,4 @@
}
# Restore xtrace
-$XTRACE
+$MY_XTRACE
diff --git a/lib/quantum_plugins/openvswitch b/lib/quantum_plugins/openvswitch
index 5415e86..12bc244 100644
--- a/lib/quantum_plugins/openvswitch
+++ b/lib/quantum_plugins/openvswitch
@@ -2,7 +2,7 @@
# ---------------------------
# Save trace setting
-XTRACE=$(set +o | grep xtrace)
+MY_XTRACE=$(set +o | grep xtrace)
set +o xtrace
source $TOP_DIR/lib/quantum_plugins/ovs_base
@@ -141,4 +141,4 @@
}
# Restore xtrace
-$XTRACE
+$MY_XTRACE
diff --git a/lib/quantum_plugins/ovs_base b/lib/quantum_plugins/ovs_base
index d9f6fd0..8563674 100644
--- a/lib/quantum_plugins/ovs_base
+++ b/lib/quantum_plugins/ovs_base
@@ -2,7 +2,7 @@
# -------------------------------------
# Save trace setting
-XTRACE=$(set +o | grep xtrace)
+MY_XTRACE=$(set +o | grep xtrace)
set +o xtrace
function is_quantum_ovs_base_plugin() {
@@ -12,7 +12,7 @@
function _quantum_ovs_base_setup_bridge() {
local bridge=$1
- quantum-ovs-cleanup --ovs_integration_bridge $bridge
+ quantum-ovs-cleanup
sudo ovs-vsctl --no-wait -- --may-exist add-br $bridge
sudo ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge
}
@@ -39,11 +39,11 @@
function _quantum_ovs_base_configure_l3_agent() {
iniset $Q_L3_CONF_FILE DEFAULT external_network_bridge $PUBLIC_BRIDGE
- quantum-ovs-cleanup --external_network_bridge $PUBLIC_BRIDGE
+ quantum-ovs-cleanup
sudo ovs-vsctl --no-wait -- --may-exist add-br $PUBLIC_BRIDGE
# ensure no IP is configured on the public bridge
sudo ip addr flush dev $PUBLIC_BRIDGE
}
# Restore xtrace
-$XTRACE
+$MY_XTRACE
diff --git a/lib/quantum_plugins/ryu b/lib/quantum_plugins/ryu
index 86105bc..2dfd4f7 100644
--- a/lib/quantum_plugins/ryu
+++ b/lib/quantum_plugins/ryu
@@ -2,7 +2,7 @@
# ------------------
# Save trace setting
-XTRACE=$(set +o | grep xtrace)
+MY_XTRACE=$(set +o | grep xtrace)
set +o xtrace
source $TOP_DIR/lib/quantum_plugins/ovs_base
@@ -15,6 +15,9 @@
function quantum_plugin_install_agent_packages() {
_quantum_ovs_base_install_agent_packages
+
+ # quantum_ryu_agent requires ryu module
+ install_ryu
}
function quantum_plugin_configure_common() {
@@ -60,4 +63,4 @@
}
# Restore xtrace
-$XTRACE
+$MY_XTRACE
diff --git a/lib/quantum_thirdparty/bigswitch_floodlight b/lib/quantum_thirdparty/bigswitch_floodlight
index 77aeb61..60e3924 100644
--- a/lib/quantum_thirdparty/bigswitch_floodlight
+++ b/lib/quantum_thirdparty/bigswitch_floodlight
@@ -2,7 +2,7 @@
# ------------------------------------------
# Save trace setting
-XTRACE=$(set +o | grep xtrace)
+MY_XTRACE=$(set +o | grep xtrace)
set +o xtrace
BS_FL_CONTROLLERS_PORT=${BS_FL_CONTROLLERS_PORT:-localhost:80}
@@ -47,4 +47,4 @@
}
# Restore xtrace
-$XTRACE
+$MY_XTRACE
diff --git a/lib/quantum_thirdparty/ryu b/lib/quantum_thirdparty/ryu
index f11951a..7a01923 100644
--- a/lib/quantum_thirdparty/ryu
+++ b/lib/quantum_thirdparty/ryu
@@ -2,7 +2,7 @@
# -----------------------
# Save trace setting
-XTRACE=$(set +o | grep xtrace)
+MY_XTRACE=$(set +o | grep xtrace)
set +o xtrace
@@ -49,8 +49,16 @@
echo "${RYU_CONF_CONTENTS}" > $RYU_CONF
}
+# install_ryu can be called multiple times as quantum_pluing/ryu may call
+# this function for quantum-ryu-agent
+# Make this function idempotent and avoid cloning same repo many times
+# with RECLONE=yes
+_RYU_INSTALLED=${_RYU_INSTALLED:-False}
function install_ryu() {
- git_clone $RYU_REPO $RYU_DIR $RYU_BRANCH
+ if [[ "$_RYU_INSTALLED" == "False" ]]; then
+ git_clone $RYU_REPO $RYU_DIR $RYU_BRANCH
+ _RYU_INSTALLED=True
+ fi
}
function start_ryu() {
@@ -62,4 +70,4 @@
}
# Restore xtrace
-$XTRACE
+$MY_XTRACE
diff --git a/stack.sh b/stack.sh
index 7a8bd80..c1525bd 100755
--- a/stack.sh
+++ b/stack.sh
@@ -290,6 +290,7 @@
source $TOP_DIR/lib/heat
source $TOP_DIR/lib/quantum
source $TOP_DIR/lib/baremetal
+source $TOP_DIR/lib/ldap
# Set the destination directories for OpenStack projects
HORIZON_DIR=$DEST/horizon
@@ -459,6 +460,20 @@
read_password SERVICE_PASSWORD "ENTER A SERVICE_PASSWORD TO USE FOR THE SERVICE AUTHENTICATION."
# Horizon currently truncates usernames and passwords at 20 characters
read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR HORIZON AND KEYSTONE (20 CHARS OR LESS)."
+# Keystone can now optionally install OpenLDAP by adding ldap to the list
+# of enabled services in the localrc file (e.g. ENABLED_SERVICES=key,ldap).
+# If OpenLDAP has already been installed but you need to clear out
+# the Keystone contents of LDAP set KEYSTONE_CLEAR_LDAP to yes
+# (e.g. KEYSTONE_CLEAR_LDAP=yes ) in the localrc file. To enable the
+# Keystone Identity Driver (keystone.identity.backends.ldap.Identity)
+# set KEYSTONE_IDENTITY_BACKEND to ldap (e.g. KEYSTONE_IDENTITY_BACKEND=ldap)
+# in the localrc file.
+
+
+# only request ldap password if the service is enabled
+if is_service_enabled ldap; then
+ read_password LDAP_PASSWORD "ENTER A PASSWORD TO USE FOR LDAP"
+fi
# Set the tenant for service accounts in Keystone
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
@@ -1252,8 +1267,8 @@
sudo pkill dnsmasq || true
sudo dnsmasq --conf-file= --port=0 --enable-tftp --tftp-root=/tftpboot \
--dhcp-boot=pxelinux.0 --bind-interfaces --pid-file=/var/run/dnsmasq.pid \
- --interface=$BM_DNSMASQ_IFACE --dhcp-range=$BM_DNSMASQ_RANGE
-
+ --interface=$BM_DNSMASQ_IFACE --dhcp-range=$BM_DNSMASQ_RANGE \
+ ${$BM_DNSMASQ_DNS:+--dhcp-option=option:dns-server,$BM_DNSMASQ_DNS}
# ensure callback daemon is running
sudo pkill nova-baremetal-deploy-helper || true
screen_it baremetal "nova-baremetal-deploy-helper"