Update stack.sh to track quantum rootwrap
Resubmit of https://review.openstack.org/12822 Fix bugs 1044084 and 1048483 Copy new conf files into /etc at stack time. iniset the agents' init files to include new rootwrap conf Launch agents as regular user, not root Fix service launch of ovs Correctly handle qemu.conf permissions Change-Id: Ib6b8a97698df1b816eecc18d1df11267cb027a3d
This commit is contained in:
parent
fc326b3847
commit
b782a2c0f3
26
stack.sh
26
stack.sh
@ -769,6 +769,8 @@ if is_service_enabled q-agt; then
|
|||||||
else
|
else
|
||||||
### FIXME(dtroyer): Find RPMs for OpenVSwitch
|
### FIXME(dtroyer): Find RPMs for OpenVSwitch
|
||||||
echo "OpenVSwitch packages need to be located"
|
echo "OpenVSwitch packages need to be located"
|
||||||
|
# Fedora does not started OVS by default
|
||||||
|
restart_service openvswitch
|
||||||
fi
|
fi
|
||||||
elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
|
elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
|
||||||
install_package bridge-utils
|
install_package bridge-utils
|
||||||
@ -1230,6 +1232,13 @@ if is_service_enabled quantum; then
|
|||||||
|
|
||||||
Q_CONF_FILE=/etc/quantum/quantum.conf
|
Q_CONF_FILE=/etc/quantum/quantum.conf
|
||||||
cp $QUANTUM_DIR/etc/quantum.conf $Q_CONF_FILE
|
cp $QUANTUM_DIR/etc/quantum.conf $Q_CONF_FILE
|
||||||
|
Q_RR_CONF_FILE=/etc/quantum/rootwrap.conf
|
||||||
|
cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
|
||||||
|
|
||||||
|
# Copy over the config and filter bits
|
||||||
|
Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d
|
||||||
|
mkdir -p $Q_CONF_ROOTWRAP_D
|
||||||
|
cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Quantum service (for controller node)
|
# Quantum service (for controller node)
|
||||||
@ -1336,6 +1345,8 @@ if is_service_enabled q-agt; then
|
|||||||
if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
|
if [[ "$OVS_BRIDGE_MAPPINGS" != "" ]]; then
|
||||||
iniset /$Q_PLUGIN_CONF_FILE OVS bridge_mappings $OVS_BRIDGE_MAPPINGS
|
iniset /$Q_PLUGIN_CONF_FILE OVS bridge_mappings $OVS_BRIDGE_MAPPINGS
|
||||||
fi
|
fi
|
||||||
|
# Update config w/rootwrap
|
||||||
|
iniset /$Q_PLUGIN_CONF_FILE OVS root_helper #Q_RR_CONF_FILE
|
||||||
AGENT_BINARY="$QUANTUM_DIR/bin/quantum-openvswitch-agent"
|
AGENT_BINARY="$QUANTUM_DIR/bin/quantum-openvswitch-agent"
|
||||||
elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
|
elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
|
||||||
# Setup physical network interface mappings. Override
|
# Setup physical network interface mappings. Override
|
||||||
@ -1347,6 +1358,8 @@ if is_service_enabled q-agt; then
|
|||||||
if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
|
if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then
|
||||||
iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE physical_interface_mappings $LB_INTERFACE_MAPPINGS
|
iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE physical_interface_mappings $LB_INTERFACE_MAPPINGS
|
||||||
fi
|
fi
|
||||||
|
# Update config w/rootwrap
|
||||||
|
iniset /$Q_PLUGIN_CONF_FILE LINUX_BRIDGE root_helper #Q_RR_CONF_FILE
|
||||||
AGENT_BINARY="$QUANTUM_DIR/bin/quantum-linuxbridge-agent"
|
AGENT_BINARY="$QUANTUM_DIR/bin/quantum-linuxbridge-agent"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -1367,6 +1380,9 @@ if is_service_enabled q-dhcp; then
|
|||||||
|
|
||||||
quantum_setup_keystone $Q_DHCP_CONF_FILE DEFAULT set_auth_url
|
quantum_setup_keystone $Q_DHCP_CONF_FILE DEFAULT set_auth_url
|
||||||
|
|
||||||
|
# Update config w/rootwrap
|
||||||
|
iniset /$Q_DHCP_CONF_FILE DEFAULT root_helper #Q_RR_CONF_FILE
|
||||||
|
|
||||||
if [[ "$Q_PLUGIN" = "openvswitch" ]]; then
|
if [[ "$Q_PLUGIN" = "openvswitch" ]]; then
|
||||||
iniset $Q_DHCP_CONF_FILE DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
|
iniset $Q_DHCP_CONF_FILE DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver
|
||||||
elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
|
elif [[ "$Q_PLUGIN" = "linuxbridge" ]]; then
|
||||||
@ -1548,8 +1564,7 @@ if is_service_enabled n-cpu; then
|
|||||||
QEMU_CONF=/etc/libvirt/qemu.conf
|
QEMU_CONF=/etc/libvirt/qemu.conf
|
||||||
if is_service_enabled quantum && [[ $Q_PLUGIN = "openvswitch" ]] && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF ; then
|
if is_service_enabled quantum && [[ $Q_PLUGIN = "openvswitch" ]] && ! sudo grep -q '^cgroup_device_acl' $QEMU_CONF ; then
|
||||||
# Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces
|
# Add /dev/net/tun to cgroup_device_acls, needed for type=ethernet interfaces
|
||||||
sudo chmod 666 $QEMU_CONF
|
cat <<EOF | sudo tee -a $QEMU_CONF
|
||||||
sudo cat <<EOF >> /etc/libvirt/qemu.conf
|
|
||||||
cgroup_device_acl = [
|
cgroup_device_acl = [
|
||||||
"/dev/null", "/dev/full", "/dev/zero",
|
"/dev/null", "/dev/full", "/dev/zero",
|
||||||
"/dev/random", "/dev/urandom",
|
"/dev/random", "/dev/urandom",
|
||||||
@ -1557,7 +1572,6 @@ cgroup_device_acl = [
|
|||||||
"/dev/rtc", "/dev/hpet","/dev/net/tun",
|
"/dev/rtc", "/dev/hpet","/dev/net/tun",
|
||||||
]
|
]
|
||||||
EOF
|
EOF
|
||||||
sudo chmod 644 $QEMU_CONF
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$os_PACKAGE" = "deb" ]]; then
|
if [[ "$os_PACKAGE" = "deb" ]]; then
|
||||||
@ -2184,9 +2198,9 @@ elif is_service_enabled mysql && is_service_enabled nova; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Start up the quantum agents if enabled
|
# Start up the quantum agents if enabled
|
||||||
screen_it q-agt "sudo python $AGENT_BINARY --config-file $Q_CONF_FILE --config-file /$Q_PLUGIN_CONF_FILE"
|
screen_it q-agt "python $AGENT_BINARY --config-file $Q_CONF_FILE --config-file /$Q_PLUGIN_CONF_FILE"
|
||||||
screen_it q-dhcp "sudo python $AGENT_DHCP_BINARY --config-file $Q_CONF_FILE --config-file=$Q_DHCP_CONF_FILE"
|
screen_it q-dhcp "python $AGENT_DHCP_BINARY --config-file $Q_CONF_FILE --config-file=$Q_DHCP_CONF_FILE"
|
||||||
screen_it q-l3 "sudo python $AGENT_L3_BINARY --config-file $Q_CONF_FILE --config-file=$Q_L3_CONF_FILE"
|
screen_it q-l3 "python $AGENT_L3_BINARY --config-file $Q_CONF_FILE --config-file=$Q_L3_CONF_FILE"
|
||||||
|
|
||||||
echo_summary "Starting Nova"
|
echo_summary "Starting Nova"
|
||||||
# The group **libvirtd** is added to the current user in this script.
|
# The group **libvirtd** is added to the current user in this script.
|
||||||
|
Loading…
Reference in New Issue
Block a user