Update stack.sh to track quantum rootwrap

Resubmit of https://review.openstack.org/12822
Fix bugs 1044084 and 1048483

Copy new conf files into /etc at stack time.
iniset the agents' init files to include new rootwrap conf
Launch agents as regular user, not root
Fix service launch of ovs
Correctly handle qemu.conf permissions

Change-Id: Ib6b8a97698df1b816eecc18d1df11267cb027a3d
This commit is contained in:
John Dunning 2012-09-11 16:13:37 -04:00 committed by Dean Troyer
parent fc326b3847
commit b782a2c0f3

View File

@ -769,6 +769,8 @@ if is_service_enabled q-agt; then
else else
### FIXME(dtroyer): Find RPMs for OpenVSwitch ### FIXME(dtroyer): Find RPMs for OpenVSwitch
echo "OpenVSwitch packages need to be located" echo "OpenVSwitch packages need to be located"
# Fedora does not started OVS by default
restart_service openvswitch
fi fi
elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
install_package bridge-utils install_package bridge-utils
@ -1230,6 +1232,13 @@ if is_service_enabled quantum; then
Q_CONF_FILE=/etc/quantum/quantum.conf Q_CONF_FILE=/etc/quantum/quantum.conf
cp $QUANTUM_DIR/etc/quantum.conf $Q_CONF_FILE cp $QUANTUM_DIR/etc/quantum.conf $Q_CONF_FILE
Q_RR_CONF_FILE=/etc/quantum/rootwrap.conf
cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
# Copy over the config and filter bits
Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d
mkdir -p $Q_CONF_ROOTWRAP_D
cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
fi fi
# Quantum service (for controller node) # Quantum service (for controller node)
@ -1336,6 +1345,8 @@ if is_service_enabled q-agt; then
if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
iniset /$Q_PLUGIN_CONF_FILE OVS bridge_mappings $OVS_BRIDGE_MAPPINGS iniset /$Q_PLUGIN_CONF_FILE OVS bridge_mappings $OVS_BRIDGE_MAPPINGS
fi fi
# Update config w/rootwrap
iniset /$Q_PLUGIN_CONF_FILE OVS root_helper #Q_RR_CONF_FILE
AGENT_BINARY="$QUANTUM_DIR/bin/quantum-openvswitch-agent" AGENT_BINARY="$QUANTUM_DIR/bin/quantum-openvswitch-agent"
elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
# Setup physical network interface mappings. Override # Setup physical network interface mappings. Override
@ -1347,6 +1358,8 @@ if is_service_enabled q-agt; then
if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE physical_interface_mappings $LB_INTERFACE_MAPPINGS iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE physical_interface_mappings $LB_INTERFACE_MAPPINGS
fi fi
# Update config w/rootwrap
iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE root_helper #Q_RR_CONF_FILE
AGENT_BINARY="$QUANTUM_DIR/bin/quantum-linuxbridge-agent" AGENT_BINARY="$QUANTUM_DIR/bin/quantum-linuxbridge-agent"
fi fi
fi fi
@ -1367,6 +1380,9 @@ if is_service_enabled q-dhcp; then
quantum_setup_keystone $Q_DHCP_CONF_FILE DEFAULT set_auth_url quantum_setup_keystone $Q_DHCP_CONF_FILE DEFAULT set_auth_url
# Update config w/rootwrap
iniset /$Q_DHCP_CONF_FILE DEFAULT root_helper #Q_RR_CONF_FILE
if [[ "$Q_PLUGIN" = "openvswitch" ]]; then if [[ "$Q_PLUGIN" = "openvswitch" ]]; then
iniset $Q_DHCP_CONF_FILE DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver iniset $Q_DHCP_CONF_FILE DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
@ -1548,8 +1564,7 @@ if is_service_enabled n-cpu; then
QEMU_CONF=/etc/libvirt/qemu.conf QEMU_CONF=/etc/libvirt/qemu.conf
if is_service_enabled quantum && [[ $Q_PLUGIN = "openvswitch" ]] && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF ; then if is_service_enabled quantum && [[ $Q_PLUGIN = "openvswitch" ]] && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF ; then
# Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces # Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces
sudo chmod 666 $QEMU_CONF cat <<EOF | sudo tee -a $QEMU_CONF
sudo cat <<EOF >> /etc/libvirt/qemu.conf
cgroup_device_acl = [ cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero", "/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom", "/dev/random", "/dev/urandom",
@ -1557,7 +1572,6 @@ cgroup_device_acl = [
"/dev/rtc", "/dev/hpet","/dev/net/tun", "/dev/rtc", "/dev/hpet","/dev/net/tun",
] ]
EOF EOF
sudo chmod 644 $QEMU_CONF
fi fi
if [[ "$os_PACKAGE" = "deb" ]]; then if [[ "$os_PACKAGE" = "deb" ]]; then
@ -2184,9 +2198,9 @@ elif is_service_enabled mysql && is_service_enabled nova; then
fi fi
# Start up the quantum agents if enabled # Start up the quantum agents if enabled
screen_it q-agt "sudo python $AGENT_BINARY --config-file $Q_CONF_FILE --config-file /$Q_PLUGIN_CONF_FILE" screen_it q-agt "python $AGENT_BINARY --config-file $Q_CONF_FILE --config-file /$Q_PLUGIN_CONF_FILE"
screen_it q-dhcp "sudo python $AGENT_DHCP_BINARY --config-file $Q_CONF_FILE --config-file=$Q_DHCP_CONF_FILE" screen_it q-dhcp "python $AGENT_DHCP_BINARY --config-file $Q_CONF_FILE --config-file=$Q_DHCP_CONF_FILE"
screen_it q-l3 "sudo python $AGENT_L3_BINARY --config-file $Q_CONF_FILE --config-file=$Q_L3_CONF_FILE" screen_it q-l3 "python $AGENT_L3_BINARY --config-file $Q_CONF_FILE --config-file=$Q_L3_CONF_FILE"
echo_summary "Starting Nova" echo_summary "Starting Nova"
# The group **libvirtd** is added to the current user in this script. # The group **libvirtd** is added to the current user in this script.