Skip to content

Commit

Permalink
Merge "Provisioning changes to take openstack service DB users passwo…
Browse files Browse the repository at this point in the history 
…rd as input and use them during provisioing."
  • Loading branch information
@opencontrail-ci-admin
Zuul authored and opencontrail-ci-admin committed Feb 9, 2016
2 parents 2d80037 + 9bba4c4 commit 97a16c3
Show file tree
Hide file tree
Showing 10 changed files with 53 additions and 33 deletions.
2 changes: 2 additions & 0 deletions contrail_provisioning/openstack/ha/scripts/contrail-ha-keystone-setup.sh
View file
Expand Up @@ -31,6 +31,8 @@
# demo demo Member,sysadmin,netadmin
# invisible_to_admin demo Member

set -x

ENABLE_ENDPOINTS=yes
#ENABLE_QUANTUM=yes
if [ -f /etc/redhat-release ]; then
Expand Down
2 changes: 1 addition & 1 deletion contrail_provisioning/openstack/scripts/cinder-server-setup.sh
View file
Expand Up @@ -98,7 +98,7 @@ EOF
for APP in cinder; do
# Required only in first openstack node, as the mysql db is replicated using galera.
if [ "$OPENSTACK_INDEX" -eq 1 ]; then
openstack-db -y --init --service $APP --rootpw "$MYSQL_TOKEN"
openstack-db -y --init --service $APP --password $SERVICE_DBPASS --rootpw "$MYSQL_TOKEN"
fi
done

Expand Down
4 changes: 2 additions & 2 deletions contrail_provisioning/openstack/scripts/glance-server-setup.sh
View file
Expand Up @@ -102,14 +102,14 @@ for cfg in api registry; do
openstack-config --set /etc/glance/glance-$cfg.conf DEFAULT sql_connection sqlite:////var/lib/glance/glance.sqlite
fi
if [ "$INTERNAL_VIP" != "none" ]; then
openstack-config --set /etc/glance/glance-$cfg.conf DEFAULT sql_connection mysql://glance:glance@$CONTROLLER:3306/glance
openstack-config --set /etc/glance/glance-$cfg.conf DEFAULT sql_connection mysql://glance:$SERVICE_DBPASS@$CONTROLLER:3306/glance
fi
done

for APP in glance; do
# Required only in first openstack node, as the mysql db is replicated using galera.
if [ "$OPENSTACK_INDEX" -eq 1 ]; then
openstack-db -y --init --service $APP --rootpw "$MYSQL_TOKEN"
openstack-db -y --init --service $APP --password $SERVICE_DBPASS --rootpw "$MYSQL_TOKEN"
glance-manage db_sync
if [ $is_ubuntu -eq 1 ] ; then
chown glance /var/lib/glance/glance.sqlite
Expand Down
6 changes: 3 additions & 3 deletions contrail_provisioning/openstack/scripts/heat-server-setup.sh
View file
Expand Up @@ -107,9 +107,9 @@ export SERVICE_TOKEN
# Update all config files with service username and password
for svc in heat; do
openstack-config --del /etc/$svc/$svc.conf database connection
openstack-config --set /etc/$svc/$svc.conf DEFAULT sql_connection mysql://heat:heat@127.0.0.1/heat
openstack-config --set /etc/$svc/$svc.conf DEFAULT sql_connection mysql://heat:$SERVICE_DBPASS@127.0.0.1/heat
if [ "$INTERNAL_VIP" != "none" ]; then
openstack-config --set /etc/$svc/$svc.conf DEFAULT sql_connection mysql://heat:heat@$INTERNAL_VIP:33306/heat
openstack-config --set /etc/$svc/$svc.conf DEFAULT sql_connection mysql://heat:$SERVICE_DBPASS@$INTERNAL_VIP:33306/heat
openstack-config --set /etc/$svc/$svc.conf heat_api bind_port 8005
fi
openstack-config --set /etc/$svc/$svc.conf DEFAULT rpc_backend heat.openstack.common.rpc.impl_kombu
Expand Down Expand Up @@ -140,7 +140,7 @@ done
for APP in heat; do
# Required only in first openstack node, as the mysql db is replicated using galera.
if [ "$OPENSTACK_INDEX" -eq 1 ]; then
openstack-db -y --init --service $APP --rootpw "$MYSQL_TOKEN"
openstack-db -y --init --service $APP --password $SERVICE_DBPASS --rootpw "$MYSQL_TOKEN"
heat-manage db_sync
fi
done
Expand Down
17 changes: 11 additions & 6 deletions contrail_provisioning/openstack/scripts/keystone-server-setup.sh
View file
Expand Up @@ -83,7 +83,7 @@ source /etc/contrail/ctrl-details
# Check if ADMIN/SERVICE Password has been set
ADMIN_PASSWORD=${ADMIN_TOKEN:-contrail123}
SERVICE_PASSWORD=${ADMIN_TOKEN:-contrail123}
SERVICE_TOKEN=${SERVICE_TOKEN:-$(/opt/contrail/contrail_installer/contrail_setup_utils/setup-service-token.sh; cat $CONF_DIR/service.token)}
SERVICE_TOKEN=${SERVICE_TOKEN:-$(setup-service-token.sh; cat $CONF_DIR/service.token)}

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN

Expand Down Expand Up @@ -145,14 +145,19 @@ export SERVICE_PASSWORD

if [ "$INTERNAL_VIP" != "none" ]; then
# Openstack HA specific config
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@$CONTROLLER:3306/keystone
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:$SERVICE_DBPASS@$CONTROLLER:3306/keystone
else
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@127.0.0.1/keystone
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:$SERVICE_DBPASS@127.0.0.1/keystone
fi
for APP in keystone; do
# Required only in first openstack node, as the mysql db is replicated using galera.
if [ "$OPENSTACK_INDEX" -eq 1 ]; then
openstack-db -y --init --service $APP --rootpw "$MYSQL_TOKEN"
openstack-db -y --init --service $APP --password $SERVICE_DBPASS --rootpw "$MYSQL_TOKEN"
# Workaround the bug https://bugs.launchpad.net/openstack-manuals/+bug/1292066
if [ $is_redhat -eq 1 ]; then
openstack-config --del /etc/$APP/$APP.conf database connection
service keystone restart
fi
fi
done

Expand Down Expand Up @@ -197,7 +202,7 @@ for svc in keystone; do
openstack-config --set /etc/$svc/$svc.conf keystone_authtoken admin_user $svc
openstack-config --set /etc/$svc/$svc.conf keystone_authtoken admin_password $ADMIN_PASSWORD
openstack-config --set /etc/$svc/$svc.conf DEFAULT log_file /var/log/keystone/keystone.log
openstack-config --set /etc/$svc/$svc.conf sql connection mysql://keystone:keystone@127.0.0.1/keystone
openstack-config --set /etc/$svc/$svc.conf sql connection mysql://keystone:$SERVICE_DBPASS@127.0.0.1/keystone
openstack-config --set /etc/$svc/$svc.conf catalog template_file /etc/keystone/default_catalog.templates
openstack-config --set /etc/$svc/$svc.conf catalog driver keystone.catalog.backends.sql.Catalog
openstack-config --set /etc/$svc/$svc.conf identity driver keystone.identity.backends.sql.Identity
Expand Down Expand Up @@ -233,7 +238,7 @@ fi

if [ "$INTERNAL_VIP" != "none" ]; then
# Openstack HA specific config
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@$CONTROLLER:3306/keystone
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:$SERVICE_DBPASS@$CONTROLLER:3306/keystone
if [ $is_ubuntu -eq 1 ] ; then
dpkg --compare-versions $keystone_version_without_epoch ge 2015
if [ $? -eq 0 ]; then
Expand Down
8 changes: 4 additions & 4 deletions contrail_provisioning/openstack/scripts/nova-server-setup.sh
View file
Expand Up @@ -154,20 +154,20 @@ export OS_NO_CACHE=1
EOF

# must set SQL connection before running nova-manage
openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:nova@127.0.0.1/nova
openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:$SERVICE_DBPASS@127.0.0.1/nova
openstack-config --set /etc/nova/nova.conf DEFAULT libvirt_nonblocking True
openstack-config --set /etc/nova/nova.conf DEFAULT libvirt_inject_partition -1
openstack-config --set /etc/nova/nova.conf DEFAULT connection_type libvirt

if [ "$INTERNAL_VIP" != "none" ]; then
# must set SQL connection before running nova-manage
openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:nova@$INTERNAL_VIP:33306/nova
openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:$SERVICE_DBPASS@$INTERNAL_VIP:33306/nova
fi

for APP in nova; do
# Required only in first openstack node, as the mysql db is replicated using galera.
if [ "$OPENSTACK_INDEX" -eq 1 ]; then
openstack-db -y --init --service $APP --rootpw "$MYSQL_TOKEN"
openstack-db -y --init --service $APP --password $SERVICE_DBPASS --rootpw "$MYSQL_TOKEN"
fi
done

Expand Down Expand Up @@ -306,7 +306,7 @@ if [ "$INTERNAL_VIP" != "none" ]; then
openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_port $AMQP_PORT
openstack-config --set /etc/nova/nova.conf DEFAULT $ADMIN_AUTH_URL http://$INTERNAL_VIP:5000/v2.0/
openstack-config --set /etc/nova/nova.conf DEFAULT $OS_URL ${QUANTUM_PROTOCOL}://$INTERNAL_VIP:9696/
openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:nova@$INTERNAL_VIP:33306/nova
openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:$SERVICE_DBPASS@$INTERNAL_VIP:33306/nova
openstack-config --set /etc/nova/nova.conf DEFAULT image_service nova.image.glance.GlanceImageService
openstack-config --set /etc/nova/nova.conf DEFAULT glance_api_servers $INTERNAL_VIP:9292
openstack-config --set /etc/nova/nova.conf DEFAULT service_down_time 90
Expand Down
5 changes: 3 additions & 2 deletions contrail_provisioning/openstack/setup.py
View file
Expand Up @@ -37,6 +37,7 @@ def __init__(self, args_str = None):
'osapi_compute_workers': 40,
'conductor_workers': 40,
'sriov':False,
'service_dbpass' : 'c0ntrail123',
}
self._args = None
if not args_str:
Expand Down Expand Up @@ -86,6 +87,7 @@ def parse_args(self, args_str):
parser.add_argument("--conductor_workers", type=int,
help = "Number of worker threads for conductor")
parser.add_argument("--sriov", help = "Enable SRIOV", action="store_true")
parser.add_argument("--service-dbpass", help = "Database password for openstack service db user.")

self._args = parser.parse_args(self.remaining_argv)
# Using keystone admin password for nova/neutron if not supplied by user
Expand Down Expand Up @@ -125,8 +127,7 @@ def build_ctrl_details(self):
ctrl_infos.append('SRIOV_ENABLED=%s' % 'True')
else:
ctrl_infos.append('SRIOV_ENABLED=%s' % 'False')


ctrl_infos.append('SERVICE_DBPASS=%s' % self._args.service_dbpass)

self.update_vips_in_ctrl_details(ctrl_infos)

Expand Down
3 changes: 3 additions & 0 deletions contrail_provisioning/storage/setup.py
View file
Expand Up @@ -41,6 +41,7 @@ def parse_args(self, args_str):
--collector-host-tokens n1keenA n1keenA
--cfg-host 10.157.43.171
--storage-compute-hostnames cmbu-dt05 cmbu-ixs6-2
--service-dbpass c0ntrail123
'''

parser = self._parse_args(args_str)
Expand Down Expand Up @@ -75,6 +76,7 @@ def parse_args(self, args_str):
parser.add_argument("--storage-replica-size", help = "Replica size")
parser.add_argument("--openstack-ip", help = "Openstack node ip")
parser.add_argument("--orig-hostnames", help = "Actual Host names of storage nodes", nargs='+', type=str)
parser.add_argument("--service-dbpass", help = "DB password for Openstack cinder db user")


self._args = parser.parse_args(self.remaining_argv)
Expand Down Expand Up @@ -139,6 +141,7 @@ def enable_storage(self):
storage_setup_args = storage_setup_args + " --storage-replica-size %s" %(self._args.storage_replica_size)
storage_setup_args = storage_setup_args + " --openstack-ip %s" %(self._args.openstack_ip)
storage_setup_args = storage_setup_args + " --orig-hostnames %s" %(' '.join(self._args.orig_hostnames))
storage_setup_args = storage_setup_args + " --service-dbpass %s" %(' '.join(self._args.service_dbpass))

#Setup storage if storage is defined in testbed.py
with settings(host_string=self._args.storage_master, password=storage_master_passwd):
Expand Down
38 changes: 24 additions & 14 deletions contrail_provisioning/storage/storagefs/setup.py
View file
Expand Up @@ -2189,15 +2189,17 @@ def do_configure_cinder(self):

if self._args.cinder_vip != 'none':
local('sudo openstack-config --set %s %s %s \
mysql://cinder:cinder@%s:33306/cinder'
mysql://cinder:%s@%s:33306/cinder'
%(CINDER_CONFIG_FILE,
sql_section, sql_key,
self._args.service_dbpass,
self._args.cinder_vip))
else:
local('sudo openstack-config --set %s %s %s \
mysql://cinder:cinder@127.0.0.1/cinder'
mysql://cinder:%s@127.0.0.1/cinder'
%(CINDER_CONFIG_FILE,
sql_section, sql_key))
sql_section, sql_key,
self._args.service_dbpass))
# recently contrail changed listen address from 0.0.0.0 to mgmt address
# so adding mgmt network to rabbit host
# If the cinder_vip is present, use it as the rabbit host.
Expand Down Expand Up @@ -2229,15 +2231,17 @@ def do_configure_cinder(self):
password = entry_token):
if self._args.cinder_vip != 'none':
run('sudo openstack-config --set %s %s %s \
mysql://cinder:cinder@%s:33306/cinder'
mysql://cinder:%s@%s:33306/cinder'
%(CINDER_CONFIG_FILE,
sql_section, sql_key,
self._args.service_dbpass,
self._args.cinder_vip))
else:
run('sudo openstack-config --set %s %s %s \
mysql://cinder:cinder@127.0.0.1/cinder'
mysql://cinder:%s@127.0.0.1/cinder'
%(CINDER_CONFIG_FILE,
sql_section, sql_key))
sql_section, sql_key,
self._args.service_dbpass))
# recently contrail changed listen address from 0.0.0.0 to
# mgmt address so adding mgmt network to rabbit host
# If the cinder_vip is present, use it as the rabbit host.
Expand Down Expand Up @@ -2392,15 +2396,17 @@ def do_configure_lvm(self):
rabbit_port %s' %(CINDER_CONFIG_FILE,
commonport.RABBIT_PORT))
run('sudo openstack-config --set %s DEFAULT \
sql_connection mysql://cinder:cinder@%s/cinder'
%(CINDER_CONFIG_FILE, self._args.cinder_vip))
sql_connection mysql://cinder:%s@%s/cinder'
%(CINDER_CONFIG_FILE, self._args.service_dbpass,
self._args.cinder_vip))
else:
run('sudo openstack-config --set %s DEFAULT \
rabbit_host %s' %(CINDER_CONFIG_FILE,
self._args.cfg_host))
run('sudo openstack-config --set %s DEFAULT \
sql_connection mysql://cinder:cinder@%s/cinder'
%(CINDER_CONFIG_FILE, self._args.openstack_ip))
sql_connection mysql://cinder:%s@%s/cinder'
%(CINDER_CONFIG_FILE, self._args.service_dbpass,
self._args.openstack_ip))
run('sudo cinder-manage db sync')

# Enable lvm backend in cinder
Expand Down Expand Up @@ -2484,15 +2490,17 @@ def do_configure_lvm(self):
rabbit_port %s' %(CINDER_CONFIG_FILE,
commonport.RABBIT_PORT))
run('sudo openstack-config --set %s DEFAULT \
sql_connection mysql://cinder:cinder@%s/cinder'
%(CINDER_CONFIG_FILE, self._args.cinder_vip))
sql_connection mysql://cinder:%s@%s/cinder'
%(CINDER_CONFIG_FILE, self._args.service_dbpass,
self._args.cinder_vip))
else:
run('sudo openstack-config --set %s DEFAULT \
rabbit_host %s' %(CINDER_CONFIG_FILE,
self._args.cfg_host))
run('sudo openstack-config --set %s DEFAULT \
sql_connection mysql://cinder:cinder@%s/cinder'
%(CINDER_CONFIG_FILE, self._args.openstack_ip))
sql_connection mysql://cinder:%s@%s/cinder'
%(CINDER_CONFIG_FILE, self._args.service_dbpass,
self._args.openstack_ip))
run('sudo cinder-manage db sync')

# Enable lvm backend in cinder
Expand Down Expand Up @@ -3568,6 +3576,7 @@ def _parse_args(self, args_str):
args, remaining_argv = conf_parser.parse_known_args(args_str.split())

global_defaults = {
'service_dbpass' : 'c0ntrail123',
}

if args.conf_file:
Expand Down Expand Up @@ -3618,6 +3627,7 @@ def _parse_args(self, args_str):
parser.add_argument("--storage-replica-size", help = "Replica size")
parser.add_argument("--openstack-ip", help = "Openstack IP")
parser.add_argument("--orig-hostnames", help = "Actual Host names of storage nodes", nargs='+', type=str)
parser.add_argument("--service-dbpass", help = "Database password for openstack service db user.")

self._args = parser.parse_args(remaining_argv)

Expand Down
1 change: 0 additions & 1 deletion setup.py
View file
Expand Up @@ -110,7 +110,6 @@ def requirements(filename):
# Config file rewrite executables
'contrail_provisioning/compute/scripts/vrouter-agent.conf.sh',
# Tools
'tools/openstack-db',
'tools/openstack-config',
]

Expand Down

0 comments on commit 97a16c3

Please sign in to comment.