diff --git a/contrail_provisioning/openstack/ha/scripts/contrail-ha-keystone-setup.sh b/contrail_provisioning/openstack/ha/scripts/contrail-ha-keystone-setup.sh index bfcf1ed8..335713ee 100755 --- a/contrail_provisioning/openstack/ha/scripts/contrail-ha-keystone-setup.sh +++ b/contrail_provisioning/openstack/ha/scripts/contrail-ha-keystone-setup.sh @@ -31,6 +31,8 @@ # demo demo Member,sysadmin,netadmin # invisible_to_admin demo Member +set -x + ENABLE_ENDPOINTS=yes #ENABLE_QUANTUM=yes if [ -f /etc/redhat-release ]; then diff --git a/contrail_provisioning/openstack/scripts/cinder-server-setup.sh b/contrail_provisioning/openstack/scripts/cinder-server-setup.sh index 3270b982..d2c9f86c 100755 --- a/contrail_provisioning/openstack/scripts/cinder-server-setup.sh +++ b/contrail_provisioning/openstack/scripts/cinder-server-setup.sh @@ -98,7 +98,7 @@ EOF for APP in cinder; do # Required only in first openstack node, as the mysql db is replicated using galera. if [ "$OPENSTACK_INDEX" -eq 1 ]; then - openstack-db -y --init --service $APP --rootpw "$MYSQL_TOKEN" + openstack-db -y --init --service $APP --password $SERVICE_DBPASS --rootpw "$MYSQL_TOKEN" fi done diff --git a/contrail_provisioning/openstack/scripts/glance-server-setup.sh b/contrail_provisioning/openstack/scripts/glance-server-setup.sh index b28cc9d3..c39f1f8e 100755 --- a/contrail_provisioning/openstack/scripts/glance-server-setup.sh +++ b/contrail_provisioning/openstack/scripts/glance-server-setup.sh @@ -102,14 +102,14 @@ for cfg in api registry; do openstack-config --set /etc/glance/glance-$cfg.conf DEFAULT sql_connection sqlite:////var/lib/glance/glance.sqlite fi if [ "$INTERNAL_VIP" != "none" ]; then - openstack-config --set /etc/glance/glance-$cfg.conf DEFAULT sql_connection mysql://glance:glance@$CONTROLLER:3306/glance + openstack-config --set /etc/glance/glance-$cfg.conf DEFAULT sql_connection mysql://glance:$SERVICE_DBPASS@$CONTROLLER:3306/glance fi done for APP in glance; do # Required only in first openstack node, as the mysql db is replicated using galera. if [ "$OPENSTACK_INDEX" -eq 1 ]; then - openstack-db -y --init --service $APP --rootpw "$MYSQL_TOKEN" + openstack-db -y --init --service $APP --password $SERVICE_DBPASS --rootpw "$MYSQL_TOKEN" glance-manage db_sync if [ $is_ubuntu -eq 1 ] ; then chown glance /var/lib/glance/glance.sqlite diff --git a/contrail_provisioning/openstack/scripts/heat-server-setup.sh b/contrail_provisioning/openstack/scripts/heat-server-setup.sh index 48090231..5a332277 100755 --- a/contrail_provisioning/openstack/scripts/heat-server-setup.sh +++ b/contrail_provisioning/openstack/scripts/heat-server-setup.sh @@ -107,9 +107,9 @@ export SERVICE_TOKEN # Update all config files with service username and password for svc in heat; do openstack-config --del /etc/$svc/$svc.conf database connection - openstack-config --set /etc/$svc/$svc.conf DEFAULT sql_connection mysql://heat:heat@127.0.0.1/heat + openstack-config --set /etc/$svc/$svc.conf DEFAULT sql_connection mysql://heat:$SERVICE_DBPASS@127.0.0.1/heat if [ "$INTERNAL_VIP" != "none" ]; then - openstack-config --set /etc/$svc/$svc.conf DEFAULT sql_connection mysql://heat:heat@$INTERNAL_VIP:33306/heat + openstack-config --set /etc/$svc/$svc.conf DEFAULT sql_connection mysql://heat:$SERVICE_DBPASS@$INTERNAL_VIP:33306/heat openstack-config --set /etc/$svc/$svc.conf heat_api bind_port 8005 fi openstack-config --set /etc/$svc/$svc.conf DEFAULT rpc_backend heat.openstack.common.rpc.impl_kombu @@ -140,7 +140,7 @@ done for APP in heat; do # Required only in first openstack node, as the mysql db is replicated using galera. if [ "$OPENSTACK_INDEX" -eq 1 ]; then - openstack-db -y --init --service $APP --rootpw "$MYSQL_TOKEN" + openstack-db -y --init --service $APP --password $SERVICE_DBPASS --rootpw "$MYSQL_TOKEN" heat-manage db_sync fi done diff --git a/contrail_provisioning/openstack/scripts/keystone-server-setup.sh b/contrail_provisioning/openstack/scripts/keystone-server-setup.sh index 84d96ce4..231b0366 100755 --- a/contrail_provisioning/openstack/scripts/keystone-server-setup.sh +++ b/contrail_provisioning/openstack/scripts/keystone-server-setup.sh @@ -83,7 +83,7 @@ source /etc/contrail/ctrl-details # Check if ADMIN/SERVICE Password has been set ADMIN_PASSWORD=${ADMIN_TOKEN:-contrail123} SERVICE_PASSWORD=${ADMIN_TOKEN:-contrail123} -SERVICE_TOKEN=${SERVICE_TOKEN:-$(/opt/contrail/contrail_installer/contrail_setup_utils/setup-service-token.sh; cat $CONF_DIR/service.token)} +SERVICE_TOKEN=${SERVICE_TOKEN:-$(setup-service-token.sh; cat $CONF_DIR/service.token)} openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN @@ -145,14 +145,19 @@ export SERVICE_PASSWORD if [ "$INTERNAL_VIP" != "none" ]; then # Openstack HA specific config - openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@$CONTROLLER:3306/keystone + openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:$SERVICE_DBPASS@$CONTROLLER:3306/keystone else - openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@127.0.0.1/keystone + openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:$SERVICE_DBPASS@127.0.0.1/keystone fi for APP in keystone; do # Required only in first openstack node, as the mysql db is replicated using galera. if [ "$OPENSTACK_INDEX" -eq 1 ]; then - openstack-db -y --init --service $APP --rootpw "$MYSQL_TOKEN" + openstack-db -y --init --service $APP --password $SERVICE_DBPASS --rootpw "$MYSQL_TOKEN" + # Workaround the bug https://bugs.launchpad.net/openstack-manuals/+bug/1292066 + if [ $is_redhat -eq 1 ]; then + openstack-config --del /etc/$APP/$APP.conf database connection + service keystone restart + fi fi done @@ -197,7 +202,7 @@ for svc in keystone; do openstack-config --set /etc/$svc/$svc.conf keystone_authtoken admin_user $svc openstack-config --set /etc/$svc/$svc.conf keystone_authtoken admin_password $ADMIN_PASSWORD openstack-config --set /etc/$svc/$svc.conf DEFAULT log_file /var/log/keystone/keystone.log - openstack-config --set /etc/$svc/$svc.conf sql connection mysql://keystone:keystone@127.0.0.1/keystone + openstack-config --set /etc/$svc/$svc.conf sql connection mysql://keystone:$SERVICE_DBPASS@127.0.0.1/keystone openstack-config --set /etc/$svc/$svc.conf catalog template_file /etc/keystone/default_catalog.templates openstack-config --set /etc/$svc/$svc.conf catalog driver keystone.catalog.backends.sql.Catalog openstack-config --set /etc/$svc/$svc.conf identity driver keystone.identity.backends.sql.Identity @@ -233,7 +238,7 @@ fi if [ "$INTERNAL_VIP" != "none" ]; then # Openstack HA specific config - openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@$CONTROLLER:3306/keystone + openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:$SERVICE_DBPASS@$CONTROLLER:3306/keystone if [ $is_ubuntu -eq 1 ] ; then dpkg --compare-versions $keystone_version_without_epoch ge 2015 if [ $? -eq 0 ]; then diff --git a/contrail_provisioning/openstack/scripts/nova-server-setup.sh b/contrail_provisioning/openstack/scripts/nova-server-setup.sh index 71e2b8bc..185b6dd3 100755 --- a/contrail_provisioning/openstack/scripts/nova-server-setup.sh +++ b/contrail_provisioning/openstack/scripts/nova-server-setup.sh @@ -154,20 +154,20 @@ export OS_NO_CACHE=1 EOF # must set SQL connection before running nova-manage -openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:nova@127.0.0.1/nova +openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:$SERVICE_DBPASS@127.0.0.1/nova openstack-config --set /etc/nova/nova.conf DEFAULT libvirt_nonblocking True openstack-config --set /etc/nova/nova.conf DEFAULT libvirt_inject_partition -1 openstack-config --set /etc/nova/nova.conf DEFAULT connection_type libvirt if [ "$INTERNAL_VIP" != "none" ]; then # must set SQL connection before running nova-manage - openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:nova@$INTERNAL_VIP:33306/nova + openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:$SERVICE_DBPASS@$INTERNAL_VIP:33306/nova fi for APP in nova; do # Required only in first openstack node, as the mysql db is replicated using galera. if [ "$OPENSTACK_INDEX" -eq 1 ]; then - openstack-db -y --init --service $APP --rootpw "$MYSQL_TOKEN" + openstack-db -y --init --service $APP --password $SERVICE_DBPASS --rootpw "$MYSQL_TOKEN" fi done @@ -306,7 +306,7 @@ if [ "$INTERNAL_VIP" != "none" ]; then openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_port $AMQP_PORT openstack-config --set /etc/nova/nova.conf DEFAULT $ADMIN_AUTH_URL http://$INTERNAL_VIP:5000/v2.0/ openstack-config --set /etc/nova/nova.conf DEFAULT $OS_URL ${QUANTUM_PROTOCOL}://$INTERNAL_VIP:9696/ - openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:nova@$INTERNAL_VIP:33306/nova + openstack-config --set /etc/nova/nova.conf DEFAULT sql_connection mysql://nova:$SERVICE_DBPASS@$INTERNAL_VIP:33306/nova openstack-config --set /etc/nova/nova.conf DEFAULT image_service nova.image.glance.GlanceImageService openstack-config --set /etc/nova/nova.conf DEFAULT glance_api_servers $INTERNAL_VIP:9292 openstack-config --set /etc/nova/nova.conf DEFAULT service_down_time 90 diff --git a/contrail_provisioning/openstack/setup.py b/contrail_provisioning/openstack/setup.py index da625493..0924593b 100755 --- a/contrail_provisioning/openstack/setup.py +++ b/contrail_provisioning/openstack/setup.py @@ -37,6 +37,7 @@ def __init__(self, args_str = None): 'osapi_compute_workers': 40, 'conductor_workers': 40, 'sriov':False, + 'service_dbpass' : 'c0ntrail123', } self._args = None if not args_str: @@ -86,6 +87,7 @@ def parse_args(self, args_str): parser.add_argument("--conductor_workers", type=int, help = "Number of worker threads for conductor") parser.add_argument("--sriov", help = "Enable SRIOV", action="store_true") + parser.add_argument("--service-dbpass", help = "Database password for openstack service db user.") self._args = parser.parse_args(self.remaining_argv) # Using keystone admin password for nova/neutron if not supplied by user @@ -125,8 +127,7 @@ def build_ctrl_details(self): ctrl_infos.append('SRIOV_ENABLED=%s' % 'True') else: ctrl_infos.append('SRIOV_ENABLED=%s' % 'False') - - + ctrl_infos.append('SERVICE_DBPASS=%s' % self._args.service_dbpass) self.update_vips_in_ctrl_details(ctrl_infos) diff --git a/contrail_provisioning/storage/setup.py b/contrail_provisioning/storage/setup.py index 4ded247a..a93feb0d 100644 --- a/contrail_provisioning/storage/setup.py +++ b/contrail_provisioning/storage/setup.py @@ -41,6 +41,7 @@ def parse_args(self, args_str): --collector-host-tokens n1keenA n1keenA --cfg-host 10.157.43.171 --storage-compute-hostnames cmbu-dt05 cmbu-ixs6-2 + --service-dbpass c0ntrail123 ''' parser = self._parse_args(args_str) @@ -75,6 +76,7 @@ def parse_args(self, args_str): parser.add_argument("--storage-replica-size", help = "Replica size") parser.add_argument("--openstack-ip", help = "Openstack node ip") parser.add_argument("--orig-hostnames", help = "Actual Host names of storage nodes", nargs='+', type=str) + parser.add_argument("--service-dbpass", help = "DB password for Openstack cinder db user") self._args = parser.parse_args(self.remaining_argv) @@ -139,6 +141,7 @@ def enable_storage(self): storage_setup_args = storage_setup_args + " --storage-replica-size %s" %(self._args.storage_replica_size) storage_setup_args = storage_setup_args + " --openstack-ip %s" %(self._args.openstack_ip) storage_setup_args = storage_setup_args + " --orig-hostnames %s" %(' '.join(self._args.orig_hostnames)) + storage_setup_args = storage_setup_args + " --service-dbpass %s" %(' '.join(self._args.service_dbpass)) #Setup storage if storage is defined in testbed.py with settings(host_string=self._args.storage_master, password=storage_master_passwd): diff --git a/contrail_provisioning/storage/storagefs/setup.py b/contrail_provisioning/storage/storagefs/setup.py index 86b40735..8d85c8b1 100755 --- a/contrail_provisioning/storage/storagefs/setup.py +++ b/contrail_provisioning/storage/storagefs/setup.py @@ -2189,15 +2189,17 @@ def do_configure_cinder(self): if self._args.cinder_vip != 'none': local('sudo openstack-config --set %s %s %s \ - mysql://cinder:cinder@%s:33306/cinder' + mysql://cinder:%s@%s:33306/cinder' %(CINDER_CONFIG_FILE, sql_section, sql_key, + self._args.service_dbpass, self._args.cinder_vip)) else: local('sudo openstack-config --set %s %s %s \ - mysql://cinder:cinder@127.0.0.1/cinder' + mysql://cinder:%s@127.0.0.1/cinder' %(CINDER_CONFIG_FILE, - sql_section, sql_key)) + sql_section, sql_key, + self._args.service_dbpass)) # recently contrail changed listen address from 0.0.0.0 to mgmt address # so adding mgmt network to rabbit host # If the cinder_vip is present, use it as the rabbit host. @@ -2229,15 +2231,17 @@ def do_configure_cinder(self): password = entry_token): if self._args.cinder_vip != 'none': run('sudo openstack-config --set %s %s %s \ - mysql://cinder:cinder@%s:33306/cinder' + mysql://cinder:%s@%s:33306/cinder' %(CINDER_CONFIG_FILE, sql_section, sql_key, + self._args.service_dbpass, self._args.cinder_vip)) else: run('sudo openstack-config --set %s %s %s \ - mysql://cinder:cinder@127.0.0.1/cinder' + mysql://cinder:%s@127.0.0.1/cinder' %(CINDER_CONFIG_FILE, - sql_section, sql_key)) + sql_section, sql_key, + self._args.service_dbpass)) # recently contrail changed listen address from 0.0.0.0 to # mgmt address so adding mgmt network to rabbit host # If the cinder_vip is present, use it as the rabbit host. @@ -2392,15 +2396,17 @@ def do_configure_lvm(self): rabbit_port %s' %(CINDER_CONFIG_FILE, commonport.RABBIT_PORT)) run('sudo openstack-config --set %s DEFAULT \ - sql_connection mysql://cinder:cinder@%s/cinder' - %(CINDER_CONFIG_FILE, self._args.cinder_vip)) + sql_connection mysql://cinder:%s@%s/cinder' + %(CINDER_CONFIG_FILE, self._args.service_dbpass, + self._args.cinder_vip)) else: run('sudo openstack-config --set %s DEFAULT \ rabbit_host %s' %(CINDER_CONFIG_FILE, self._args.cfg_host)) run('sudo openstack-config --set %s DEFAULT \ - sql_connection mysql://cinder:cinder@%s/cinder' - %(CINDER_CONFIG_FILE, self._args.openstack_ip)) + sql_connection mysql://cinder:%s@%s/cinder' + %(CINDER_CONFIG_FILE, self._args.service_dbpass, + self._args.openstack_ip)) run('sudo cinder-manage db sync') # Enable lvm backend in cinder @@ -2484,15 +2490,17 @@ def do_configure_lvm(self): rabbit_port %s' %(CINDER_CONFIG_FILE, commonport.RABBIT_PORT)) run('sudo openstack-config --set %s DEFAULT \ - sql_connection mysql://cinder:cinder@%s/cinder' - %(CINDER_CONFIG_FILE, self._args.cinder_vip)) + sql_connection mysql://cinder:%s@%s/cinder' + %(CINDER_CONFIG_FILE, self._args.service_dbpass, + self._args.cinder_vip)) else: run('sudo openstack-config --set %s DEFAULT \ rabbit_host %s' %(CINDER_CONFIG_FILE, self._args.cfg_host)) run('sudo openstack-config --set %s DEFAULT \ - sql_connection mysql://cinder:cinder@%s/cinder' - %(CINDER_CONFIG_FILE, self._args.openstack_ip)) + sql_connection mysql://cinder:%s@%s/cinder' + %(CINDER_CONFIG_FILE, self._args.service_dbpass, + self._args.openstack_ip)) run('sudo cinder-manage db sync') # Enable lvm backend in cinder @@ -3568,6 +3576,7 @@ def _parse_args(self, args_str): args, remaining_argv = conf_parser.parse_known_args(args_str.split()) global_defaults = { + 'service_dbpass' : 'c0ntrail123', } if args.conf_file: @@ -3618,6 +3627,7 @@ def _parse_args(self, args_str): parser.add_argument("--storage-replica-size", help = "Replica size") parser.add_argument("--openstack-ip", help = "Openstack IP") parser.add_argument("--orig-hostnames", help = "Actual Host names of storage nodes", nargs='+', type=str) + parser.add_argument("--service-dbpass", help = "Database password for openstack service db user.") self._args = parser.parse_args(remaining_argv) diff --git a/setup.py b/setup.py index e9a272d4..7144c459 100755 --- a/setup.py +++ b/setup.py @@ -110,7 +110,6 @@ def requirements(filename): # Config file rewrite executables 'contrail_provisioning/compute/scripts/vrouter-agent.conf.sh', # Tools - 'tools/openstack-db', 'tools/openstack-config', ]