7e5b54e9a3
As we disabled docker bridge mode when install docker, trove starts to failed to build the backup images. because the docker build command uses the default network mode which is bridge. this commit changes the network mode to host when build the backup images. Depends-On: https://review.opendev.org/c/openstack/trove/+/888640 Change-Id: Icfb9f1cef3a7e669cdeb2a7b501c1e991c2f0ffd
709 lines
28 KiB
Bash
709 lines
28 KiB
Bash
#!/bin/bash
|
|
#
|
|
# lib/trove
|
|
# Functions to control the configuration and operation of the **Trove** service
|
|
|
|
# Dependencies:
|
|
# ``functions`` file
|
|
# ``DEST``, ``STACK_USER`` must be defined
|
|
# ``SERVICE_{HOST|PROTOCOL|TOKEN}`` must be defined
|
|
|
|
# ``stack.sh`` calls the entry points in this order:
|
|
#
|
|
# install_trove
|
|
# install_python_troveclient
|
|
# configure_trove
|
|
# init_trove
|
|
# start_trove
|
|
# stop_trove
|
|
# cleanup_trove
|
|
|
|
# Save trace setting
|
|
XTRACE=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
# Functions
|
|
# ---------
|
|
|
|
# Test if any Trove services are enabled
|
|
# is_trove_enabled
|
|
function is_trove_enabled {
|
|
[[ ,${ENABLED_SERVICES} =~ ,"tr-" ]] && return 0
|
|
return 1
|
|
}
|
|
|
|
# setup_trove_logging() - Adds logging configuration to conf files
|
|
function setup_trove_logging {
|
|
local CONF=$1
|
|
iniset $CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
|
iniset $CONF DEFAULT use_syslog $SYSLOG
|
|
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
|
|
# Add color to logging output
|
|
setup_colorized_logging $CONF DEFAULT tenant user
|
|
fi
|
|
}
|
|
|
|
# create_trove_accounts() - Set up common required trove accounts
|
|
|
|
# Tenant User Roles
|
|
# ------------------------------------------------------------------
|
|
# service trove admin # if enabled
|
|
|
|
function create_trove_accounts {
|
|
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
|
|
create_service_user "trove" "admin"
|
|
|
|
# Add trove user to the clouds.yaml
|
|
CLOUDS_YAML=${CLOUDS_YAML:-/etc/openstack/clouds.yaml}
|
|
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
|
|
--file $CLOUDS_YAML \
|
|
--os-cloud trove \
|
|
--os-region-name $REGION_NAME \
|
|
$CA_CERT_ARG \
|
|
--os-auth-url $KEYSTONE_SERVICE_URI \
|
|
--os-username trove \
|
|
--os-password $SERVICE_PASSWORD \
|
|
--os-project-name $SERVICE_PROJECT_NAME
|
|
|
|
local trove_service=$(get_or_create_service "trove" \
|
|
"database" "Trove Service")
|
|
get_or_create_endpoint $trove_service \
|
|
"$REGION_NAME" \
|
|
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
|
|
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
|
|
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
|
|
fi
|
|
}
|
|
|
|
# Removes all the WSGI related files and restart apache.
|
|
function cleanup_trove_apache_wsgi {
|
|
sudo rm -rf $TROVE_WSGI_DIR
|
|
sudo rm -f $(apache_site_config_for trove-api)
|
|
restart_apache_server
|
|
}
|
|
|
|
# stack.sh entry points
|
|
# ---------------------
|
|
|
|
# cleanup_trove() - Remove residual data files, anything left over from previous
|
|
# runs that a clean run would need to clean up
|
|
function cleanup_trove {
|
|
# Clean up dirs
|
|
rm -fr $TROVE_CONF_DIR/*
|
|
|
|
if is_service_enabled horizon; then
|
|
cleanup_trove_dashboard
|
|
fi
|
|
|
|
if [[ "${TROVE_USE_MOD_WSGI}" == "TRUE" ]]; then
|
|
echo "Cleaning up Trove's WSGI setup"
|
|
cleanup_trove_apache_wsgi
|
|
fi
|
|
}
|
|
|
|
|
|
# cleanup_trove_dashboard() - Remove Trove dashboard files from Horizon
|
|
function cleanup_trove_dashboard {
|
|
rm -f $HORIZON_DIR/openstack_dashboard/local/enabled/_17*database*.py
|
|
}
|
|
|
|
|
|
# iniset_conditional() - Sets the value in the inifile, but only if it's
|
|
# actually got a value
|
|
function iniset_conditional {
|
|
local FILE=$1
|
|
local SECTION=$2
|
|
local OPTION=$3
|
|
local VALUE=$4
|
|
|
|
if [[ -n "$VALUE" ]]; then
|
|
iniset ${FILE} ${SECTION} ${OPTION} ${VALUE}
|
|
fi
|
|
}
|
|
|
|
# configure_keystone_token_life() - update the keystone token life to 3h
|
|
function configure_keystone_token_life() {
|
|
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/nova}
|
|
KEYSTONE_CONF=${KEYSTONE_CONF:-${KEYSTONE_CONF_DIR}/keystone.conf}
|
|
KEYSTONE_TOKEN_LIFE=${KEYSTONE_TOKEN_LIFE:-10800}
|
|
iniset $KEYSTONE_CONF token expiration ${KEYSTONE_TOKEN_LIFE}
|
|
echo "configure_keystone_token_life: setting keystone token life to ${KEYSTONE_TOKEN_LIFE}"
|
|
echo "configure_keystone_token_life: restarting Keystone"
|
|
stop_keystone
|
|
start_keystone
|
|
}
|
|
|
|
# configure_nova_kvm() - update the nova hypervisor configuration if possible
|
|
function configure_nova_kvm {
|
|
cpu="unknown"
|
|
|
|
if [ -e /sys/module/kvm_*/parameters/nested ]; then
|
|
reconfigure_nova="F"
|
|
|
|
if [ -e /sys/module/kvm_intel/parameters/nested ]; then
|
|
cpu="Intel"
|
|
if [[ "$(cat /sys/module/kvm_*/parameters/nested)" == "Y" ]]; then
|
|
reconfigure_nova="Y"
|
|
fi
|
|
elif [ -e /sys/module/kvm_amd/parameters/nested ]; then
|
|
cpu="AMD"
|
|
if [[ "$(cat /sys/module/kvm_*/parameters/nested)" == "1" ]]; then
|
|
reconfigure_nova="Y"
|
|
fi
|
|
fi
|
|
|
|
if [ "${reconfigure_nova}" == "Y" ]; then
|
|
NOVA_CONF_DIR=${NOVA_CONF_DIR:-/etc/nova}
|
|
NOVA_CONF=${NOVA_CONF:-${NOVA_CONF_DIR}/nova.conf}
|
|
iniset $NOVA_CONF libvirt cpu_mode "none"
|
|
iniset $NOVA_CONF libvirt virt_type "kvm"
|
|
fi
|
|
fi
|
|
|
|
virt_type=$(iniget $NOVA_CONF libvirt virt_type)
|
|
echo "configure_nova_kvm: using virt_type: ${virt_type} for cpu: ${cpu}."
|
|
}
|
|
|
|
# Setup WSGI config files for Trove and enable the site
|
|
function config_trove_apache_wsgi {
|
|
local trove_apache_conf
|
|
|
|
sudo mkdir -p ${TROVE_WSGI_DIR}
|
|
sudo cp $TROVE_DIR/trove/cmd/app_wsgi.py $TROVE_WSGI_DIR/app_wsgi.py
|
|
trove_apache_conf=$(apache_site_config_for trove-api)
|
|
sudo cp $TROVE_DEVSTACK_FILES/apache-trove-api.template ${trove_apache_conf}
|
|
sudo sed -e "
|
|
s|%TROVE_SERVICE_PORT%|${TROVE_SERVICE_PORT}|g;
|
|
s|%TROVE_WSGI_DIR%|${TROVE_WSGI_DIR}|g;
|
|
s|%USER%|${STACK_USER}|g;
|
|
s|%APACHE_NAME%|${APACHE_NAME}|g;
|
|
s|%APIWORKERS%|${API_WORKERS}|g;
|
|
" -i ${trove_apache_conf}
|
|
enable_apache_site trove-api
|
|
}
|
|
|
|
# configure_trove() - Set config files, create data dirs, etc
|
|
function configure_trove {
|
|
setup_develop $TROVE_DIR
|
|
|
|
# Temporarily disable re-configuring nova_kvm until
|
|
# more nodes in the pool can support it without crashing.
|
|
# configure_nova_kvm
|
|
configure_keystone_token_life
|
|
|
|
# Create the trove conf dir and cache dirs if they don't exist
|
|
sudo install -d -o $STACK_USER ${TROVE_CONF_DIR}
|
|
# Copy api-paste file over to the trove conf dir
|
|
cp $TROVE_LOCAL_API_PASTE_INI $TROVE_API_PASTE_INI
|
|
# configure apache related files
|
|
if [[ "${TROVE_USE_MOD_WSGI}" == "TRUE" ]]; then
|
|
echo "Configuring Trove to use mod-wsgi and Apache"
|
|
config_trove_apache_wsgi
|
|
fi
|
|
# (Re)create trove conf files
|
|
rm -f $TROVE_CONF $TROVE_GUESTAGENT_CONF
|
|
|
|
TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
|
|
|
|
################################################################ trove conf
|
|
setup_trove_logging $TROVE_CONF
|
|
iniset_conditional $TROVE_CONF DEFAULT max_accepted_volume_size $TROVE_MAX_ACCEPTED_VOLUME_SIZE
|
|
iniset_conditional $TROVE_CONF DEFAULT max_instances_per_tenant $TROVE_MAX_INSTANCES_PER_TENANT
|
|
iniset_conditional $TROVE_CONF DEFAULT max_volumes_per_tenant $TROVE_MAX_VOLUMES_PER_TENANT
|
|
iniset_conditional $TROVE_CONF DEFAULT agent_call_low_timeout $TROVE_AGENT_CALL_LOW_TIMEOUT
|
|
iniset_conditional $TROVE_CONF DEFAULT agent_call_high_timeout $TROVE_AGENT_CALL_HIGH_TIMEOUT
|
|
iniset_conditional $TROVE_CONF DEFAULT resize_time_out $TROVE_RESIZE_TIME_OUT
|
|
iniset_conditional $TROVE_CONF DEFAULT usage_timeout $TROVE_USAGE_TIMEOUT
|
|
iniset_conditional $TROVE_CONF DEFAULT state_change_wait_time $TROVE_STATE_CHANGE_WAIT_TIME
|
|
iniset_conditional $TROVE_CONF DEFAULT reboot_time_out 300
|
|
iniset $TROVE_CONF DEFAULT controller_address ${SERVICE_HOST}
|
|
|
|
configure_keystone_authtoken_middleware $TROVE_CONF trove
|
|
iniset $TROVE_CONF service_credentials username trove
|
|
iniset $TROVE_CONF service_credentials user_domain_name Default
|
|
iniset $TROVE_CONF service_credentials project_domain_name Default
|
|
iniset $TROVE_CONF service_credentials password $SERVICE_PASSWORD
|
|
iniset $TROVE_CONF service_credentials project_name $SERVICE_PROJECT_NAME
|
|
iniset $TROVE_CONF service_credentials region_name $REGION_NAME
|
|
iniset $TROVE_CONF service_credentials auth_url $TROVE_AUTH_ENDPOINT
|
|
|
|
iniset $TROVE_CONF database connection `database_connection_url trove`
|
|
|
|
iniset $TROVE_CONF DEFAULT control_exchange trove
|
|
iniset $TROVE_CONF DEFAULT transport_url rabbit://$RABBIT_USERID:$RABBIT_PASSWORD@$RABBIT_HOST:5672/
|
|
iniset $TROVE_CONF DEFAULT trove_api_workers "$API_WORKERS"
|
|
iniset $TROVE_CONF DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
|
|
iniset $TROVE_CONF DEFAULT default_datastore $TROVE_DATASTORE_TYPE
|
|
|
|
iniset $TROVE_CONF cache enabled true
|
|
iniset $TROVE_CONF cache backend dogpile.cache.memory
|
|
|
|
iniset $TROVE_CONF cassandra tcp_ports 7000,7001,7199,9042,9160
|
|
iniset $TROVE_CONF couchbase tcp_ports 8091,8092,4369,11209-11211,21100-21199
|
|
iniset $TROVE_CONF couchdb tcp_ports 5984
|
|
iniset $TROVE_CONF db2 tcp_ports 50000
|
|
iniset $TROVE_CONF mariadb tcp_ports 3306,4444,4567,4568
|
|
iniset $TROVE_CONF mongodb tcp_ports 2500,27017,27019
|
|
iniset $TROVE_CONF mysql tcp_ports 3306
|
|
iniset $TROVE_CONF percona tcp_ports 3306
|
|
iniset $TROVE_CONF postgresql tcp_ports 5432
|
|
iniset $TROVE_CONF pxc tcp_ports 3306,4444,4567,4568
|
|
iniset $TROVE_CONF redis tcp_ports 6379,16379
|
|
iniset $TROVE_CONF vertica tcp_ports 5433,5434,5444,5450,4803
|
|
|
|
################################################################ trove guest agent conf
|
|
setup_trove_logging $TROVE_GUESTAGENT_CONF
|
|
|
|
iniset_conditional $TROVE_GUESTAGENT_CONF DEFAULT state_change_wait_time $TROVE_STATE_CHANGE_WAIT_TIME
|
|
iniset_conditional $TROVE_GUESTAGENT_CONF DEFAULT command_process_timeout $TROVE_COMMAND_PROCESS_TIMEOUT
|
|
iniset $TROVE_GUESTAGENT_CONF DEFAULT transport_url rabbit://$RABBIT_USERID:$RABBIT_PASSWORD@$TROVE_HOST_GATEWAY:5672/
|
|
iniset $TROVE_GUESTAGENT_CONF DEFAULT control_exchange trove
|
|
iniset $TROVE_GUESTAGENT_CONF DEFAULT ignore_users os_admin
|
|
iniset $TROVE_GUESTAGENT_CONF DEFAULT log_dir /var/log/trove/
|
|
iniset $TROVE_GUESTAGENT_CONF DEFAULT log_file trove-guestagent.log
|
|
|
|
iniset $TROVE_GUESTAGENT_CONF service_credentials username trove
|
|
iniset $TROVE_GUESTAGENT_CONF service_credentials user_domain_name Default
|
|
iniset $TROVE_GUESTAGENT_CONF service_credentials project_domain_name Default
|
|
iniset $TROVE_GUESTAGENT_CONF service_credentials password $SERVICE_PASSWORD
|
|
iniset $TROVE_GUESTAGENT_CONF service_credentials project_name $SERVICE_PROJECT_NAME
|
|
iniset $TROVE_GUESTAGENT_CONF service_credentials region_name $REGION_NAME
|
|
iniset $TROVE_GUESTAGENT_CONF service_credentials auth_url $TROVE_AUTH_ENDPOINT
|
|
|
|
iniset $TROVE_GUESTAGENT_CONF mysql docker_image ${TROVE_DATABASE_IMAGE_MYSQL}
|
|
iniset $TROVE_GUESTAGENT_CONF mysql backup_docker_image ${TROVE_DATABASE_BACKUP_IMAGE_MYSQL}
|
|
iniset $TROVE_GUESTAGENT_CONF mariadb docker_image ${TROVE_DATABASE_IMAGE_MARIADB}
|
|
iniset $TROVE_GUESTAGENT_CONF mariadb backup_docker_image ${TROVE_DATABASE_BACKUP_IMAGE_MARIADB}
|
|
iniset $TROVE_GUESTAGENT_CONF postgresql docker_image ${TROVE_DATABASE_IMAGE_POSTGRES}
|
|
iniset $TROVE_GUESTAGENT_CONF postgresql backup_docker_image ${TROVE_DATABASE_BACKUP_IMAGE_POSTGRES}
|
|
|
|
# 1. To avoid 'Connection timed out' error of sudo command inside the guest agent
|
|
# 2. Config the controller IP address used by guest-agent to download Trove code during initialization (only valid for dev_mode=true).
|
|
common_cloudinit=/etc/trove/cloudinit/common.cloudinit
|
|
sudo mkdir -p $(dirname ${common_cloudinit})
|
|
sudo touch ${common_cloudinit}
|
|
sudo tee ${common_cloudinit} >/dev/null <<EOF
|
|
#cloud-config
|
|
manage_etc_hosts: "localhost"
|
|
write_files:
|
|
- path: /etc/trove/controller.conf
|
|
content: |
|
|
CONTROLLER=${SERVICE_HOST}
|
|
EOF
|
|
|
|
# NOTE(lxkong): Remove this when we support common cloud-init file for all datastores.
|
|
for datastore in "mysql" "mariadb" "postgresql"
|
|
do
|
|
sudo cp ${common_cloudinit} /etc/trove/cloudinit/${datastore}.cloudinit
|
|
done
|
|
}
|
|
|
|
# install_trove() - Collect source and prepare
|
|
function install_trove {
|
|
install_package jq
|
|
|
|
echo "Changing stack user sudoers"
|
|
echo "stack ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/60_stack_sh_allow_all
|
|
|
|
setup_develop $TROVE_DIR
|
|
|
|
if [[ "${TROVE_USE_MOD_WSGI}" == "TRUE" ]]; then
|
|
echo "Installing apache wsgi"
|
|
install_apache_wsgi
|
|
fi
|
|
|
|
if is_service_enabled horizon; then
|
|
install_trove_dashboard
|
|
fi
|
|
|
|
# Fix iptables rules that prevent amqp connections from the devstack box to the guests
|
|
sudo iptables -D openstack-INPUT -j REJECT --reject-with icmp-host-prohibited || true
|
|
}
|
|
|
|
# install_trove_dashboard() - Collect source and prepare
|
|
function install_trove_dashboard {
|
|
git_clone $TROVE_DASHBOARD_REPO $TROVE_DASHBOARD_DIR $TROVE_DASHBOARD_BRANCH
|
|
setup_develop $TROVE_DASHBOARD_DIR
|
|
cp $TROVE_DASHBOARD_DIR/trove_dashboard/enabled/_17*database*.py $HORIZON_DIR/openstack_dashboard/local/enabled
|
|
}
|
|
|
|
# install_python_troveclient() - Collect source and prepare
|
|
function install_python_troveclient {
|
|
if use_library_from_git "python-troveclient"; then
|
|
git_clone $TROVE_CLIENT_REPO $TROVE_CLIENT_DIR $TROVE_CLIENT_BRANCH
|
|
setup_develop $TROVE_CLIENT_DIR
|
|
fi
|
|
}
|
|
|
|
function init_trove_db {
|
|
# (Re)Create trove db
|
|
recreate_database trove
|
|
|
|
# Initialize the trove database
|
|
$TROVE_MANAGE db_sync
|
|
}
|
|
|
|
function create_mgmt_subnet_v4 {
|
|
local project_id=$1
|
|
local net_id=$2
|
|
local name=$3
|
|
local ip_range=$4
|
|
|
|
subnet_id=$(openstack subnet create --project ${project_id} --ip-version 4 --subnet-range ${ip_range} --gateway none --dns-nameserver 8.8.8.8 --network ${net_id} $name -c id -f value)
|
|
die_if_not_set $LINENO subnet_id "Failed to create private IPv4 subnet for network: ${net_id}, project: ${project_id}"
|
|
echo $subnet_id
|
|
}
|
|
|
|
# Create private IPv6 subnet
|
|
# Note: Trove is not fully tested in IPv6.
|
|
function create_subnet_v6 {
|
|
local project_id=$1
|
|
local net_id=$2
|
|
local name=$3
|
|
local subnet_params="--ip-version 6 "
|
|
|
|
die_if_not_set $LINENO IPV6_RA_MODE "IPV6 RA Mode not set"
|
|
die_if_not_set $LINENO IPV6_ADDRESS_MODE "IPV6 Address Mode not set"
|
|
local ipv6_modes="--ipv6-ra-mode $IPV6_RA_MODE --ipv6-address-mode $IPV6_ADDRESS_MODE"
|
|
|
|
if [[ -n "$IPV6_PRIVATE_NETWORK_GATEWAY" ]]; then
|
|
subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
|
|
fi
|
|
if [[ -n $SUBNETPOOL_V6_ID ]]; then
|
|
subnet_params+="--subnet-pool $SUBNETPOOL_V6_ID "
|
|
else
|
|
subnet_params+="--subnet-range $FIXED_RANGE_V6 $ipv6_modes} "
|
|
fi
|
|
subnet_params+="--network $net_id $name "
|
|
|
|
ipv6_subnet_id=$(openstack --project ${project_id} subnet create $subnet_params | grep ' id ' | get_field 2)
|
|
die_if_not_set $LINENO ipv6_subnet_id "Failed to create private IPv6 subnet for network: ${net_id}, project: ${project_id}"
|
|
echo $ipv6_subnet_id
|
|
}
|
|
|
|
function setup_mgmt_network() {
|
|
local PROJECT_ID=$1
|
|
local NET_NAME=$2
|
|
local SUBNET_NAME=$3
|
|
local SUBNET_RANGE=$4
|
|
local SHARED=$5
|
|
|
|
local share_flag=""
|
|
if [[ "${SHARED}" == "TRUE" ]]; then
|
|
share_flag="--share"
|
|
fi
|
|
|
|
network_id=$(openstack network create --project ${PROJECT_ID} ${share_flag} $NET_NAME -c id -f value)
|
|
die_if_not_set $LINENO network_id "Failed to create network: $NET_NAME, project: ${PROJECT_ID}"
|
|
|
|
if [[ "$IP_VERSION" =~ 4.* ]]; then
|
|
net_subnet_id=$(create_mgmt_subnet_v4 ${PROJECT_ID} ${network_id} ${SUBNET_NAME} ${SUBNET_RANGE})
|
|
# 'openstack router add' has a bug that cound't show the error message
|
|
# openstack router add subnet ${ROUTER_ID} ${net_subnet_id} --debug
|
|
fi
|
|
|
|
# Trove doesn't support IPv6 for now.
|
|
# if [[ "$IP_VERSION" =~ .*6 ]]; then
|
|
# NEW_IPV6_SUBNET_ID=$(create_subnet_v6 ${PROJECT_ID} ${network_id} ${IPV6_SUBNET_NAME})
|
|
# openstack router add subnet $ROUTER_ID $NEW_IPV6_SUBNET_ID
|
|
# fi
|
|
}
|
|
|
|
# start_trove() - Start running processes, including screen
|
|
function start_trove {
|
|
if [[ ${TROVE_USE_MOD_WSGI}" == TRUE" ]]; then
|
|
echo "Restarting Apache server ..."
|
|
enable_apache_site trove-api
|
|
restart_apache_server
|
|
else
|
|
run_process tr-api "$TROVE_BIN_DIR/trove-api --config-file=$TROVE_CONF"
|
|
fi
|
|
run_process tr-tmgr "$TROVE_BIN_DIR/trove-taskmanager --config-file=$TROVE_CONF"
|
|
run_process tr-cond "$TROVE_BIN_DIR/trove-conductor --config-file=$TROVE_CONF"
|
|
}
|
|
|
|
# stop_trove() - Stop running processes
|
|
function stop_trove {
|
|
# Kill the trove screen windows
|
|
local serv
|
|
if [[ ${TROVE_USE_MOD_WSGI} == "TRUE" ]]; then
|
|
echo "Disabling Trove API in Apache"
|
|
disable_apache_site trove-api
|
|
else
|
|
stop_process tr-api
|
|
fi
|
|
for serv in tr-tmgr tr-cond; do
|
|
stop_process $serv
|
|
done
|
|
}
|
|
|
|
# configure_tempest_for_trove() - Set Trove related setting on Tempest
|
|
# NOTE (gmann): Configure all the Tempest setting for Trove service in
|
|
# this function.
|
|
function configure_tempest_for_trove {
|
|
if is_service_enabled tempest; then
|
|
iniset $TEMPEST_CONFIG service_available trove True
|
|
fi
|
|
}
|
|
|
|
# Use trovestack to create guest image and register the image in the datastore.
|
|
function create_guest_image {
|
|
TROVE_ENABLE_IMAGE_BUILD=`echo ${TROVE_ENABLE_IMAGE_BUILD,,}`
|
|
if [[ ${TROVE_ENABLE_IMAGE_BUILD} == "false" ]]; then
|
|
echo "Skip creating guest image."
|
|
return 0
|
|
fi
|
|
|
|
image_name="trove-guest-${TROVE_IMAGE_OS}-${TROVE_IMAGE_OS_RELEASE}"
|
|
mkdir -p $HOME/images
|
|
image_file=$HOME/images/${image_name}.qcow2
|
|
|
|
if [[ -n ${TROVE_NON_DEV_IMAGE_URL} ]]; then
|
|
echo "Downloading guest image from ${TROVE_NON_DEV_IMAGE_URL}"
|
|
curl -sSL ${TROVE_NON_DEV_IMAGE_URL} -o ${image_file}
|
|
else
|
|
echo "Starting to create guest image"
|
|
export SYNC_LOG_TO_CONTROLLER=${SYNC_LOG_TO_CONTROLLER:-"False"}
|
|
$DEST/trove/integration/scripts/trovestack \
|
|
build-image \
|
|
${TROVE_IMAGE_OS} \
|
|
${TROVE_IMAGE_OS_RELEASE} \
|
|
true \
|
|
${TROVE_IMAGE_OS} \
|
|
${image_file}
|
|
fi
|
|
|
|
if [[ ! -f ${image_file} ]]; then
|
|
echo "Image file was not found at ${image_file}"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Add the image to glance"
|
|
glance_image_id=$(openstack --os-cloud trove \
|
|
image create ${image_name} \
|
|
--disk-format qcow2 --container-format bare \
|
|
--tag trove \
|
|
--property hw_rng_model='virtio' \
|
|
--file ${image_file} \
|
|
--debug \
|
|
-c id -f value)
|
|
echo "Glance image ${glance_image_id} uploaded"
|
|
|
|
echo "Register the image in datastore"
|
|
$TROVE_MANAGE datastore_update $TROVE_DATASTORE_TYPE ""
|
|
$TROVE_MANAGE datastore_version_update $TROVE_DATASTORE_TYPE $TROVE_DATASTORE_VERSION $TROVE_DATASTORE_TYPE "" "" 1 --image-tags trove
|
|
$TROVE_MANAGE datastore_update $TROVE_DATASTORE_TYPE $TROVE_DATASTORE_VERSION
|
|
|
|
echo "Add parameter validation rules if available"
|
|
if [[ -f $DEST/trove/trove/templates/$TROVE_DATASTORE_TYPE/validation-rules.json ]]; then
|
|
$TROVE_MANAGE db_load_datastore_config_parameters "$TROVE_DATASTORE_TYPE" "$TROVE_DATASTORE_VERSION" \
|
|
$DEST/trove/trove/templates/$TROVE_DATASTORE_TYPE/validation-rules.json
|
|
fi
|
|
# NOTE(wuchunyang): Create log directory so that guest agent can rsync logs to this directory
|
|
if [[ ${SYNC_LOG_TO_CONTROLLER} == "True" ]]; then
|
|
test -e /var/log/guest-agent-logs || sudo mkdir -p /var/log/guest-agent-logs/ && sudo chmod 777 /var/log/guest-agent-logs
|
|
fi
|
|
}
|
|
|
|
function create_registry_container {
|
|
# install docker on the host.
|
|
local ret='0'
|
|
which docker >/dev/null 2>&1 || { local ret='1'; }
|
|
if [[ "$ret" -ne 0 ]]; then
|
|
echo "Installing docker on the host"
|
|
$DEST/trove/integration/scripts/trovestack install-docker
|
|
fi
|
|
# running a docker registry container
|
|
echo "Running a docker registry container..."
|
|
container=$(sudo docker ps -a --format "{{.Names}}" --filter name=registry)
|
|
if [ -z $container ]; then
|
|
sudo docker run -d --net=host -e REGISTRY_HTTP_ADDR=0.0.0.0:4000 --restart=always -v /opt/trove_registry/:/var/lib/registry --name registry registry:2
|
|
for img in {"mysql:5.7.29","mysql:8.0","mariadb:10.4","postgres:12"};
|
|
do
|
|
sudo docker pull ${img} && sudo docker tag ${img} 127.0.0.1:4000/trove-datastores/${img} && sudo docker push 127.0.0.1:4000/trove-datastores/${img}
|
|
done
|
|
pushd $DEST/trove/backup
|
|
# build backup images
|
|
sudo docker build --network host -t 127.0.0.1:4000/trove-datastores/db-backup-mysql5.7:1.1.0 --build-arg DATASTORE=mysql5.7 .
|
|
sudo docker build --network host -t 127.0.0.1:4000/trove-datastores/db-backup-mysql8.0:1.1.0 --build-arg DATASTORE=mysql8.0 .
|
|
sudo docker build --network host -t 127.0.0.1:4000/trove-datastores/db-backup-mariadb:1.1.0 --build-arg DATASTORE=mariadb .
|
|
sudo docker build --network host -t 127.0.0.1:4000/trove-datastores/db-backup-postgresql:1.1.2 --build-arg DATASTORE=postgresql .
|
|
popd
|
|
# push backup images
|
|
for backupimg in {"db-backup-mysql5.7:1.1.0","db-backup-mysql8.0:1.1.0","db-backup-mariadb:1.1.0","db-backup-postgresql:1.1.2"};
|
|
do
|
|
sudo docker push 127.0.0.1:4000/trove-datastores/${backupimg}
|
|
done
|
|
# clean up backup images.
|
|
sudo docker image prune -a -f
|
|
fi
|
|
iniset $TROVE_CONF DEFAULT docker_insecure_registries "$TROVE_HOST_GATEWAY:4000"
|
|
}
|
|
|
|
# Set up Trove management network and make configuration change.
|
|
function config_trove_network {
|
|
echo "Finalizing Neutron networking for Trove"
|
|
echo "Dumping current network parameters:"
|
|
echo " SERVICE_HOST: $SERVICE_HOST"
|
|
echo " BRIDGE_IP: $BRIDGE_IP"
|
|
echo " PUBLIC_NETWORK_GATEWAY: $PUBLIC_NETWORK_GATEWAY"
|
|
echo " NETWORK_GATEWAY: $NETWORK_GATEWAY"
|
|
echo " IPV4_ADDRS_SAFE_TO_USE: $IPV4_ADDRS_SAFE_TO_USE"
|
|
echo " IPV6_ADDRS_SAFE_TO_USE: $IPV6_ADDRS_SAFE_TO_USE"
|
|
echo " FIXED_RANGE: $FIXED_RANGE"
|
|
echo " FLOATING_RANGE: $FLOATING_RANGE"
|
|
echo " SUBNETPOOL_PREFIX_V4: $SUBNETPOOL_PREFIX_V4"
|
|
echo " SUBNETPOOL_SIZE_V4: $SUBNETPOOL_SIZE_V4"
|
|
echo " SUBNETPOOL_V4_ID: $SUBNETPOOL_V4_ID"
|
|
echo " ROUTER_GW_IP: $ROUTER_GW_IP"
|
|
echo " TROVE_MGMT_SUBNET_RANGE: ${TROVE_MGMT_SUBNET_RANGE}"
|
|
|
|
# Save xtrace setting
|
|
local orig_xtrace
|
|
orig_xtrace=$(set +o | grep xtrace)
|
|
set -x
|
|
|
|
echo "Creating Trove management network/subnet for Trove service project."
|
|
trove_service_project_id=$(openstack project show $SERVICE_PROJECT_NAME -c id -f value)
|
|
setup_mgmt_network ${trove_service_project_id} ${TROVE_MGMT_NETWORK_NAME} ${TROVE_MGMT_SUBNET_NAME} ${TROVE_MGMT_SUBNET_RANGE}
|
|
mgmt_net_id=$(openstack network show ${TROVE_MGMT_NETWORK_NAME} -c id -f value)
|
|
echo "Created Trove management network ${TROVE_MGMT_NETWORK_NAME}(${mgmt_net_id})"
|
|
|
|
# Share the private network to other projects for testing purpose. We make
|
|
# the private network accessible to control plane below so that we could
|
|
# reach the private network for integration tests without floating ips
|
|
# associated, no matter which user the tests are using.
|
|
shared=$(openstack network show ${PRIVATE_NETWORK_NAME} -c shared -f value)
|
|
if [[ "$shared" == "False" ]]; then
|
|
openstack network set ${PRIVATE_NETWORK_NAME} --share
|
|
fi
|
|
if [[ -n ${ROUTER_GW_IP} && -n ${IPV4_ADDRS_SAFE_TO_USE} ]]; then
|
|
sudo ip route replace ${IPV4_ADDRS_SAFE_TO_USE} via $ROUTER_GW_IP
|
|
fi
|
|
|
|
# Make sure we can reach the management port of the service VM, this
|
|
# configuration is only for testing purpose. In production, it's
|
|
# recommended to config the router in the cloud infrastructure for the
|
|
# communication between Trove control plane and service VMs.
|
|
INTERFACE=trove-mgmt
|
|
MGMT_PORT_ID=$(openstack port create --project ${trove_service_project_id} --security-group ${TROVE_MGMT_SECURITY_GROUP} --device-owner trove --network ${TROVE_MGMT_NETWORK_NAME} --host=$(hostname) -c id -f value ${INTERFACE}-port)
|
|
MGMT_PORT_MAC=$(openstack port show -c mac_address -f value $MGMT_PORT_ID)
|
|
MGMT_PORT_IP=$(openstack port show -f value -c fixed_ips $MGMT_PORT_ID)
|
|
MGMT_PORT_IP=${MGMT_PORT_IP//u\'/\'}
|
|
MGMT_PORT_IP=$(echo ${MGMT_PORT_IP//\'/\"} | jq -r '.[0].ip_address')
|
|
sudo ovs-vsctl -- --may-exist add-port ${OVS_BRIDGE:-br-int} $INTERFACE -- set Interface $INTERFACE type=internal -- set Interface $INTERFACE external-ids:iface-status=active -- set Interface $INTERFACE external-ids:attached-mac=$MGMT_PORT_MAC -- set Interface $INTERFACE external-ids:iface-id=$MGMT_PORT_ID -- set Interface $INTERFACE external-ids:skip_cleanup=true
|
|
sudo ip link set dev $INTERFACE address $MGMT_PORT_MAC
|
|
mask=$(echo ${TROVE_MGMT_SUBNET_RANGE} | awk -F'/' '{print $2}')
|
|
sudo ip addr add ${MGMT_PORT_IP}/${mask} dev $INTERFACE
|
|
sudo ip link set $INTERFACE up
|
|
|
|
echo "Neutron network list:"
|
|
openstack network list
|
|
echo "Neutron subnet list:"
|
|
openstack subnet list
|
|
echo "Neutron router:"
|
|
openstack router show ${ROUTER_ID} -f yaml
|
|
echo "ip route:"
|
|
sudo ip route
|
|
|
|
# Now make sure the conf settings are right
|
|
iniset $TROVE_CONF DEFAULT ip_regex ""
|
|
iniset $TROVE_CONF DEFAULT black_list_regex ""
|
|
iniset $TROVE_CONF DEFAULT management_networks ${mgmt_net_id}
|
|
iniset $TROVE_CONF DEFAULT network_driver trove.network.neutron.NeutronDriver
|
|
|
|
# Restore xtrace setting
|
|
$orig_xtrace
|
|
}
|
|
|
|
function config_nova_keypair {
|
|
export SSH_DIR=${SSH_DIR:-"$HOME/.ssh"}
|
|
|
|
if [[ ! -f ${SSH_DIR}/id_rsa.pub ]]; then
|
|
mkdir -p ${SSH_DIR}
|
|
/usr/bin/ssh-keygen -f ${SSH_DIR}/id_rsa -q -N ""
|
|
# This is to allow guest agent ssh into the controller in dev mode.
|
|
cat ${SSH_DIR}/id_rsa.pub >> ${SSH_DIR}/authorized_keys
|
|
else
|
|
# This is to allow guest agent ssh into the controller in dev mode.
|
|
cat ${SSH_DIR}/id_rsa.pub >> ${SSH_DIR}/authorized_keys
|
|
sort ${SSH_DIR}/authorized_keys | uniq > ${SSH_DIR}/authorized_keys.uniq
|
|
mv ${SSH_DIR}/authorized_keys.uniq ${SSH_DIR}/authorized_keys
|
|
chmod 600 ${SSH_DIR}/authorized_keys
|
|
fi
|
|
|
|
echo "Creating Trove management keypair ${TROVE_MGMT_KEYPAIR_NAME}"
|
|
openstack --os-cloud trove keypair create --public-key ${SSH_DIR}/id_rsa.pub ${TROVE_MGMT_KEYPAIR_NAME}
|
|
|
|
iniset $TROVE_CONF DEFAULT nova_keypair ${TROVE_MGMT_KEYPAIR_NAME}
|
|
}
|
|
|
|
function config_cinder_volume_type {
|
|
volume_type=$(openstack --os-cloud trove volume type list -c Name -f value | awk 'NR==1 {print}')
|
|
|
|
iniset $TROVE_CONF DEFAULT cinder_volume_type ${volume_type}
|
|
}
|
|
|
|
function config_mgmt_security_group {
|
|
local sgid
|
|
|
|
echo "Creating Trove management security group."
|
|
sgid=$(openstack --os-cloud trove security group create ${TROVE_MGMT_SECURITY_GROUP} -f value -c id)
|
|
|
|
# Allow ICMP
|
|
openstack --os-cloud trove security group rule create --proto icmp $sgid
|
|
# Allow SSH
|
|
openstack --os-cloud trove security group rule create --protocol tcp --dst-port 22 $sgid
|
|
|
|
iniset $TROVE_CONF DEFAULT management_security_groups $sgid
|
|
}
|
|
|
|
# Dispatcher for trove plugin
|
|
if is_service_enabled trove; then
|
|
if [[ "$1" == "stack" && "$2" == "install" ]]; then
|
|
echo_summary "Installing Trove"
|
|
install_trove
|
|
install_python_troveclient
|
|
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
|
if is_service_enabled key; then
|
|
create_trove_accounts
|
|
fi
|
|
|
|
echo_summary "Configuring Trove"
|
|
configure_trove
|
|
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
|
init_trove_db
|
|
config_nova_keypair
|
|
config_cinder_volume_type
|
|
config_mgmt_security_group
|
|
config_trove_network
|
|
create_guest_image
|
|
if [ "$TROVE_ENABLE_LOCAL_REGISTRY" == "True" ] ; then
|
|
create_registry_container
|
|
fi
|
|
|
|
echo_summary "Starting Trove"
|
|
start_trove
|
|
|
|
# Guarantee the file permission in the trove code repo in order to
|
|
# download trove code from trove-guestagent.
|
|
sudo chown -R $STACK_USER:$STACK_USER "$DEST/trove"
|
|
elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
|
|
echo_summary "Configuring Tempest for Trove"
|
|
configure_tempest_for_trove
|
|
fi
|
|
|
|
if [[ "$1" == "unstack" ]]; then
|
|
stop_trove
|
|
cleanup_trove
|
|
fi
|
|
fi
|
|
|
|
# Restore xtrace
|
|
$XTRACE
|
|
|
|
# Tell emacs to use shell-script-mode
|
|
## Local variables:
|
|
## mode: shell-script
|
|
## End:
|