Updating to Grizzly (in progress).

gridcentric · May 22, 2013 · 97513a2 · 97513a2
1 parent ba5160c
commit 97513a2
Show file tree

Hide file tree

Showing 29 changed files with 264 additions and 243 deletions.
diff --git a/canary/api.sls b/canary/api.sls
@@ -1,5 +1,5 @@
 {% import "openstack/canary/config.sls" as config with context %}
 include:
-    - openstack.canary.base
+    - openstack.nova.base
 
 {{ config.package("canary-api") }}
diff --git a/canary/config.sls b/canary/config.sls
@@ -1,5 +1,6 @@
 {% set canary = pillar.get('openstack', {}).get('canary', {}) %}
-{% set source = canary.get('source', 'deb http://downloads.gridcentriclabs.com/packages/canary/folsom/ubuntu gridcentric multiverse') %}
+{% set version = pillar.get('openstack', {}).get('version', 'grizzly') %}
+{% set source = canary.get('source', 'deb http://downloads.gridcentriclabs.com/packages/canary/%s/ubuntu gridcentric multiverse' % version) %}
 
 {% macro package(name) %}
 {{name}}:

diff --git a/canary/dashboard.sls b/canary/dashboard.sls
@@ -1,3 +1,5 @@
 {% import "openstack/canary/config.sls" as config with context %}
+include:
+    - openstack.horizon.base
 
 {{ config.package("canary-horizon") }}
diff --git a/canary/host.sls b/canary/host.sls
@@ -1,10 +1,13 @@
 {% import "openstack/canary/config.sls" as config with context %}
+include:
+    - openstack.nova.base
 
 {{ config.package("canary-host") }}
     service.running:
         - name: canary
         - enable: True
         - watch:
             - pkg: canary-host
+            - file: /etc/nova/nova.conf
     require:
         - service: canary
diff --git a/cinder/api-paste.ini b/cinder/api-paste.ini
@@ -0,0 +1,44 @@
+[composite:osapi_volume]
+use = call:cinder.api:root_app_factory
+/: apiversions
+/v1: openstack_volume_api_v1
+/v2: openstack_volume_api_v2
+[composite:openstack_volume_api_v1]
+use = call:cinder.api.middleware.auth:pipeline_factory
+noauth = faultwrap sizelimit noauth apiv1
+keystone = faultwrap sizelimit authtoken keystonecontext apiv1
+keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv1
+[composite:openstack_volume_api_v2]
+use = call:cinder.api.middleware.auth:pipeline_factory
+noauth = faultwrap sizelimit noauth apiv2
+keystone = faultwrap sizelimit authtoken keystonecontext apiv2
+keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv2
+[filter:faultwrap]
+paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
+[filter:noauth]
+paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory
+[filter:sizelimit]
+paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory
+[app:apiv1]
+paste.app_factory = cinder.api.v1.router:APIRouter.factory
+[app:apiv2]
+paste.app_factory = cinder.api.v2.router:APIRouter.factory
+[pipeline:apiversions]
+pipeline = faultwrap osvolumeversionapp
+[app:osvolumeversionapp]
+paste.app_factory = cinder.api.versions:Versions.factory
+[filter:keystonecontext]
+paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+service_protocol = http
+service_host = {{keystone_ip}}
+service_port = {{keystone_port}}
+auth_host = {{keystone_ip}}
+auth_port = {{keystone_auth}}
+auth_protocol = http
+auth_uri = http://{{keystone_ip}}:{{keystone_port}}/
+admin_tenant_name = {{cinder_tenant_name}}
+admin_user = {{cinder_username}}
+admin_password = {{cinder_password}}
+delay_auth_decision = true
diff --git a/cinder/api.sls b/cinder/api.sls
@@ -1,19 +1,34 @@
 {% import "openstack/config.sls" as config with context %}
 include:
-    - base
+    - openstack.cinder.base
 
 /etc/cinder/api-paste.ini:
     file.managed:
         - source: salt://openstack/cinder/api-paste.ini
         - user: cinder
         - group: cinder
         - mode: 0600
+        - mode: 0600
+        - template: jinja
+        - context:
+            debug: {{ config.debug }}
+            mysql_username: {{ config.mysql_cinder_username }}
+            mysql_password: {{ config.mysql_cinder_password }}
+            mysql_database: {{ config.mysql_cinder_database }}
+            mysql_host: {{ config.mysql_hosts|first }}
+            keystone_ip: {{ config.keystone_hosts|first }}
+            keystone_port: {{ config.keystone_port }}
+            keystone_auth: {{ config.keystone_auth }}
+            cinder_tenant_name: {{ config.service_tenant_name }}
+            cinder_username: cinder
+            cinder_password: {{ config.keystone_cinder_password }}
     require:
         - user: cinder
         - group: cinder
 
 {{ config.package("cinder-api") }}
     service.running:
+        -name: cinder-api
         - enable: True
         - watch:
             - pkg: cinder-api

diff --git a/cinder/base.sls b/cinder/base.sls
@@ -25,6 +25,7 @@ cinder:
             glance_host: {{ config.glance_hosts|first }}
             glance_port: {{ config.glance_api_port }}
             ip: {{ config.internal_ip }}
+            volume_port: {{ config.volume_port }}
 
 /etc/cinder/policy.json:
     file.managed:

diff --git a/cinder/ceph.client.volumes.keyring b/cinder/ceph.client.volumes.keyring
@@ -0,0 +1,2 @@
+[client.volumes]
+	key = {{secret}}
diff --git a/cinder/cinder.conf b/cinder/cinder.conf
@@ -15,6 +15,8 @@ glance_host={{glance_host}}
 glance_port=9292
 glance_api_servers={{glance_host}}:{{glance_port}}
 osapi_volume_listen={{ip}}
-osapi_volume_listen_port=8776
+osapi_volume_listen_port={{volume_port}}
 volume_driver=cinder.volume.driver.RBDDriver
 rbd_pool=volumes
+rbd_user=volumes
+rbd_secret_uuid=7a39b379-1bfe-6a01-aef5-5c4f5714f0db
diff --git a/cinder/scheduler.sls b/cinder/scheduler.sls
@@ -1,6 +1,6 @@
 {% import "openstack/config.sls" as config with context %}
 include:
-    - base
+    - openstack.cinder.base
 
 {{ config.package("cinder-scheduler") }}
     service.running:

diff --git a/cinder/secret.xml b/cinder/secret.xml
@@ -0,0 +1,6 @@
+<secret ephemeral='no' private='no'>
+  <uuid>7a39b379-1bfe-6a01-aef5-5c4f5714f0db</uuid>
+  <usage type='ceph'>
+    <name>client.libvirt {{secret}}</name>
+  </usage>
+</secret>
diff --git a/cinder/volume.sls b/cinder/volume.sls
@@ -10,12 +10,42 @@ include:
             - pkg: cinder-volume
             - file: /etc/cinder/cinder.conf
             - file: /etc/cinder/policy.json
+            - file: /etc/cinder/secret.xml
             - file: /etc/ceph/ceph.conf
+            - file: /etc/ceph/ceph.client.volumes.keyring
     require:
         - pkg: cinder-volume
         - file: /etc/cinder/cinder.conf
         - file: /etc/cinder/policy.json
+        - file: /etc/cinder/secret.xml
         - file: /etc/ceph/ceph.conf
+        - file: /etc/ceph/ceph.client.volumes.keyring
+
+/etc/cinder/secret.xml:
+    file.managed:
+        - source: salt://openstack/cinder/secret.xml
+        - user: cinder
+        - group: cinder
+        - mode: 0600
+        - template: jinja
+        - context:
+            secret: {{ salt['cmd.run']("ceph auth get-or-create client.volumes mon 'allow rwx' osd 'allow *' | grep key | awk '{print $3;}'") }}
+
+/etc/ceph/ceph.client.volumes.keyring:
+    file.managed:
+        - source: salt://openstack/cinder/ceph.client.volumes.keyring
+        - user: cinder
+        - group: cinder
+        - mode: 0600
+        - template: jinja
+        - context:
+            secret: {{ salt['cmd.run']("ceph auth get-or-create client.volumes mon 'allow rwx' osd 'allow *' | grep key | awk '{print $3;}'") }}
+
+define-secret:
+    cmd.run:
+        - name: virsh secret-undefine 7a39b379-1bfe-6a01-aef5-5c4f5714f0db; virsh secret-define /etc/cinder/secret.xml
+    require:
+        - file: /etc/cinder/secret.xml
 
 make-volumes:
     cmd.run:

diff --git a/compute.sls b/compute.sls
@@ -1,3 +1,3 @@
 {% include "openstack/nova/compute.sls" %}
-{% include "openstack/nova/network.sls" %}
 {% include "openstack/cinder/volume.sls" %}
+{% include "openstack/quantum/network.sls" %}
diff --git a/config.sls b/config.sls
@@ -1,6 +1,7 @@
 {% set openstack = pillar.get('openstack', {}) %}
 {% set debug = openstack.get('debug', 'True') %}
-{% set source = openstack.get('source', 'deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/folsom main') %}
+{% set version = openstack.get('version', 'grizzly') %}
+{% set source = openstack.get('source', 'deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/%s main' % version) %}
 
 # Packaging.
 # NOTE: This goes hand-in-hand with the source listed above.
@@ -11,8 +12,9 @@
 keyring-{{name}}:
     pkg.latest:
         - name: ubuntu-cloud-keyring
-{{name}}:
+pkg-{{name}}:
     pkg:
+        - name: {{name}}
         - latest
     pkgrepo.managed:
         - name: {{source}}
@@ -27,13 +29,23 @@ keyring-{{name}}:
 # Network configuration.
 {% set networks = openstack.get('networks', {}) %}
 {% set interfaces = openstack.get('interfaces', {}) %}
-{% set default_interface = interfaces.get('default', 'eth1') %}
-
-{% set public_network = networks.get('public', '') %}
+{% set default_interface = salt['network.interfaces']().keys()[0] %}
 {% set public_interface = interfaces.get('public', default_interface) %}
-{% set nova_network = networks.get('nova', '') %}
 {% set nova_interface = interfaces.get('nova', default_interface) %}
-{% set internal_network = networks.get('internal', '') %}
+
+{% set default_network = salt['network.subnets']()[0] %}
+{% set public_network = networks.get('public') %}
+{% if not public_network %}
+{% set public_network = default_network %}
+{% endif %}
+{% set nova_network = networks.get('nova') %}
+{% if not nova_network %}
+{% set nova_network = default_network %}
+{% endif %}
+{% set internal_network = networks.get('internal') %}
+{% if not internal_network %}
+{% set internal_network = default_network %}
+{% endif %}
 
 # Common services configuration.
 {% set az = openstack.get('availability_zone', 'nova') %}
@@ -50,27 +62,32 @@ keyring-{{name}}:
 {% set keystone = openstack.get('keystone', {}) %}
 {% set mysql_keystone_database = keystone.get('database', 'keystone') %}
 {% set mysql_keystone_username = keystone.get('username', 'keystone') %}
-{% set mysql_keystone_password = keystone.get('password', '') %}
+{% set mysql_keystone_password = keystone.get('password', 'keystone') %}
 
 {% set nova = openstack.get('nova', {}) %}
 {% set mysql_nova_database = nova.get('database', 'nova') %}
 {% set mysql_nova_username = nova.get('username', 'nova') %}
-{% set mysql_nova_password = nova.get('password', '') %}
+{% set mysql_nova_password = nova.get('password', 'nova') %}
 
 {% set glance = openstack.get('glance', {}) %}
 {% set mysql_glance_database = glance.get('database', 'glance') %}
 {% set mysql_glance_username = glance.get('username', 'glance') %}
-{% set mysql_glance_password = glance.get('password', '') %}
+{% set mysql_glance_password = glance.get('password', 'glance') %}
 
 {% set cinder = openstack.get('cinder', {}) %}
 {% set mysql_cinder_database = cinder.get('database', 'cinder') %}
 {% set mysql_cinder_username = cinder.get('username', 'cinder') %}
-{% set mysql_cinder_password = cinder.get('password', '') %}
+{% set mysql_cinder_password = cinder.get('password', 'cinder') %}
+
+{% set quantum = openstack.get('quantum', {}) %}
+{% set mysql_quantum_database = quantum.get('database', 'quantum') %}
+{% set mysql_quantum_username = quantum.get('username', 'quantum') %}
+{% set mysql_quantum_password = quantum.get('password', 'quantum') %}
 
 {% set horizon = openstack.get('horizon', {}) %}
 {% set mysql_horizon_database = horizon.get('database', 'horizon') %}
 {% set mysql_horizon_username = horizon.get('username', 'horizon') %}
-{% set mysql_horizon_password = horizon.get('password', '') %}
+{% set mysql_horizon_password = horizon.get('password', 'horizon') %}
 
 {% set admin = openstack.get('admin', {}) %}
 {% set os_username = admin.get('username', 'admin') %}
@@ -86,20 +103,22 @@ keyring-{{name}}:
 # Keystone configuration.
 {% set keystone_port = keystone.get('port', '5000') %}
 {% set keystone_auth = keystone.get('auth', '35357') %}
-{% set keystone_token = keystone.get('token', '') %}
+{% set keystone_token = keystone.get('token', 'keystone') %}
 
 # API configuration.
 {% set api = openstack.get('api', {}) %}
 {% set ec2_port = api.get('ec2', '8773') %}
 {% set compute_port = api.get('compute', '8774') %}
+{% set volume_port = api.get('volume', '8776') %}
 {% set glance_api_port = glance.get('api', '9292') %}
 {% set glance_registry_port = glance.get('registry', '9191') %}
 
 # Keystone services.
 {% set service_tenant_name = keystone.get('tenant_name', 'service') %}
-{% set keystone_nova_password = keystone.get('nova', '') %}
-{% set keystone_glance_password = keystone.get('glance', '') %}
-{% set keystone_cinder_password = keystone.get('cinder', '') %}
+{% set keystone_nova_password = keystone.get('nova', 'nova') %}
+{% set keystone_glance_password = keystone.get('glance', 'glance') %}
+{% set keystone_cinder_password = keystone.get('cinder', 'cinder') %}
+{% set keystone_quantum_password = keystone.get('quantum', 'quantum') %}
 
 # Debug output.
 echo internal {{ internal_ip }}:
@@ -117,6 +136,7 @@ echo nova {{ nova_ip }}:
 {% set rabbitmq_hosts = hosts.get('rabbitmq', [internal_ip]) %}
 {% set nova_api_hosts = hosts.get('nova', [internal_ip]) %}
 {% set cinder_api_hosts = hosts.get('cinder', [internal_ip]) %}
+{% set quantum_api_hosts = hosts.get('quantum', [internal_ip]) %}
 {% set keystone_hosts = hosts.get('keystone', [internal_ip]) %}
 {% set glance_hosts = hosts.get('glance', [internal_ip]) %}
 {% set novnc_hosts = hosts.get('novnc', [internal_ip]) %}
diff --git a/glance/api.sls b/glance/api.sls
@@ -1,5 +1,4 @@
 {% import "openstack/config.sls" as config with context %}
-
 include:
     - ceph
     - openstack.glance.base
@@ -23,7 +22,7 @@ include:
             keystone_auth: {{ config.keystone_auth }}
             glance_tenant_name: {{ config.service_tenant_name }}
             glance_username: glance
-            glance_password: {{ config.glance_password }}
+            glance_password: {{ config.keystone_glance_password }}
     require:
         - user: glance
         - group: glance
@@ -34,34 +33,40 @@ include:
         - user: glance
         - group: glance
         - mode: 0600
+        - template: jinja
         - context:
-            - debug: {{ config.debug }}
-            - port: {{ config.glance_api_port }}
-            - mysql_username: {{ config.mysql_glance_username }}
-            - mysql_password: {{ config.mysql_glance_password }}
-            - mysql_database: {{ config.mysql_glance_database }}
-            - mysql_host: {{ config.mysql_hosts|first }}
-            - rabbit_host: {{ config.rabbitmq_hosts|first }}
-            - rabbit_userid={{rabbit_user}}
-            - rabbit_password={{rabbit_password}}
-            - rabbit_virtual_host={{rabbit_vhost}}
-            - keystone_ip: {{ config.keystone_hosts|first }}
-            - keystone_port: {{ config.keystone_port }}
-            - keystone_auth: {{ config.keystone_auth }}
-            - glance_tenant_name: {{ config.service_tenant_name }}
-            - glance_username: {{ config.glance_username }}
-            - glance_password: {{ config.glance_password }}
-            - registry_host={{registry_ip}}
-            - registry_port={{registry_port}}
+            debug: {{ config.debug }}
+            port: {{ config.glance_api_port }}
+            mysql_username: {{ config.mysql_glance_username }}
+            mysql_password: {{ config.mysql_glance_password }}
+            mysql_database: {{ config.mysql_glance_database }}
+            mysql_host: {{ config.mysql_hosts|first }}
+            rabbit_host: {{ config.rabbitmq_hosts|first }}
+            rabbit_user: {{ config.rabbitmq_user }}
+            rabbit_password: {{ config.rabbitmq_password }}
+            rabbit_vhost: {{ config.rabbitmq_vhost }}
+            keystone_ip: {{ config.keystone_hosts|first }}
+            keystone_port: {{ config.keystone_port }}
+            keystone_auth: {{ config.keystone_auth }}
+            glance_tenant_name: {{ config.service_tenant_name }}
+            glance_username: glance
+            glance_password: {{ config.keystone_glance_password }}
+            registry_host: {{ config.glance_hosts|first }}
+            registry_port: {{ config.glance_registry_port }}
+            ip: {{ config.internal_ip }}
     require:
         - user: glance
         - group: glance
 
 {{ config.package("glance-api") }}
     service.running:
+        - name: glance-api
         - enable: True
         - watch:
             - pkg: glance-api
+            - file: /etc/glance/policy.json
+            - file: /etc/glance/glance-api-paste.ini
+            - file: /etc/glance/glance-api.conf
     require:
         - file: /etc/glance/policy.json
         - file: /etc/glance/glance-api-paste.ini