Add a cinder element.

Change-Id: I4729cf003896c3b4f8267d16e1b4822099231051
This commit is contained in:
Tim Miller 2013-02-20 21:50:33 -08:00
parent 07c476b590
commit aa8a2174a6
15 changed files with 265 additions and 0 deletions

View File

@ -0,0 +1,61 @@
#############
# OpenStack #
#############
[composite:osapi_volume]
use = call:cinder.api:root_app_factory
/: apiversions
/v1: openstack_volume_api_v1
/v2: openstack_volume_api_v2
[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = faultwrap sizelimit noauth apiv1
keystone = faultwrap sizelimit authtoken keystonecontext apiv1
keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv1
[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = faultwrap sizelimit noauth apiv2
keystone = faultwrap sizelimit authtoken keystonecontext apiv2
keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv2
[filter:faultwrap]
paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
[filter:noauth]
paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory
[filter:sizelimit]
paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory
[app:apiv1]
paste.app_factory = cinder.api.v1.router:APIRouter.factory
[app:apiv2]
paste.app_factory = cinder.api.v2.router:APIRouter.factory
[pipeline:apiversions]
pipeline = faultwrap osvolumeversionapp
[app:osvolumeversionapp]
paste.app_factory = cinder.api.versions:Versions.factory
##########
# Shared #
##########
[filter:keystonecontext]
paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
service_protocol = http
service_host = {{keystone.host}}
service_port = 5000
auth_host = {{keystone.host}}
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = {{service-password}}

View File

@ -0,0 +1,20 @@
[DEFAULT]
debug = True
state_path = /var/run/cinder
rootwrap_config=/etc/cinder/rootwrap.conf
api_paste_config = /etc/cinder/api-paste.ini
iscsi_helper=tgtadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
sql_connection={{cinder.db}}
rabbit_host = {{rabbit.host}}
rabbit_port = 5672
rabbit_userid = {{rabbit.user}}
rabbit_password = {{rabbit.password}}

View File

@ -0,0 +1,34 @@
{
"context_is_admin": [["role:admin"]],
"admin_or_owner": [["is_admin:True"], ["project_id:%(project_id)s"]],
"default": [["rule:admin_or_owner"]],
"admin_api": [["is_admin:True"]],
"volume:create": [],
"volume:get_all": [],
"volume:get_volume_metadata": [],
"volume:get_snapshot": [],
"volume:get_all_snapshots": [],
"volume_extension:types_manage": [["rule:admin_api"]],
"volume_extension:types_extra_specs": [["rule:admin_api"]],
"volume_extension:extended_snapshot_attributes": [],
"volume_extension:volume_image_metadata": [],
"volume_extension:quotas:show": [],
"volume_extension:quotas:update_for_project": [["rule:admin_api"]],
"volume_extension:quotas:update_for_user": [["rule:admin_or_projectadmin"]],
"volume_extension:quota_classes": [],
"volume_extension:volume_admin_actions:reset_status": [["rule:admin_api"]],
"volume_extension:snapshot_admin_actions:reset_status": [["rule:admin_api"]],
"volume_extension:volume_admin_actions:force_delete": [["rule:admin_api"]],
"volume_extension:snapshot_admin_actions:force_delete": [["rule:admin_api"]],
"volume_extension:volume_host_attribute": [["rule:admin_api"]],
"volume_extension:volume_tenant_attribute": [["rule:admin_api"]],
"volume_extension:hosts": [["rule:admin_api"]],
"volume_extension:services": [["rule:admin_api"]],
"volume:services": [["rule:admin_api"]]
}

View File

@ -0,0 +1,27 @@
# Configuration for cinder-rootwrap
# This file should be owned by (and only-writeable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
# Enable logging to syslog
# Default value is False
use_syslog=False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, user0, user1...
# Default value is 'syslog'
syslog_log_facility=syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR

View File

@ -0,0 +1,55 @@
# cinder-rootwrap command filters for volume nodes
# This file should be owned by (and only-writeable by) the root user
[Filters]
# cinder/volume/iscsi.py: iscsi_helper '--op' ...
ietadm: CommandFilter, /usr/sbin/ietadm, root
tgtadm: CommandFilter, /usr/sbin/tgtadm, root
tgt-admin: CommandFilter, /usr/sbin/tgt-admin, root
# cinder/volume/driver.py: 'vgs', '--noheadings', '-o', 'name'
vgs: CommandFilter, /sbin/vgs, root
# cinder/volume/driver.py: 'lvcreate', '-L', sizestr, '-n', volume_name,..
# cinder/volume/driver.py: 'lvcreate', '-L', ...
lvcreate: CommandFilter, /sbin/lvcreate, root
# cinder/volume/driver.py: 'dd', 'if=%s' % srcstr, 'of=%s' % deststr,...
dd: CommandFilter, /bin/dd, root
# cinder/volume/driver.py: 'lvremove', '-f', %s/%s % ...
lvremove: CommandFilter, /sbin/lvremove, root
# cinder/volume/driver.py: 'lvdisplay', '--noheading', '-C', '-o', 'Attr',..
lvdisplay: CommandFilter, /sbin/lvdisplay, root
# cinder/volume/driver.py: 'iscsiadm', '-m', 'discovery', '-t',...
# cinder/volume/driver.py: 'iscsiadm', '-m', 'node', '-T', ...
iscsiadm: CommandFilter, /sbin/iscsiadm, root
iscsiadm_usr: CommandFilter, /usr/bin/iscsiadm, root
# cinder/volume/drivers/lvm.py: 'shred', '-n3'
# cinder/volume/drivers/lvm.py: 'shred', '-n0', '-z', '-s%dMiB'
shred: CommandFilter, /usr/bin/shred, root
#cinder/volume/.py: utils.temporary_chown(path, 0), ...
chown: CommandFilter, /bin/chown, root
# cinder/volume/driver.py
dmsetup: CommandFilter, /sbin/dmsetup, root
dmsetup_usr: CommandFilter, /usr/sbin/dmsetup, root
ln: CommandFilter, /bin/ln, root
qemu-img: CommandFilter, /usr/bin/qemu-img, root
env: CommandFilter, /usr/bin/env, root
# cinder/volume/driver.py: utils.read_file_as_root()
cat: CommandFilter, /bin/cat, root
# cinder/volume/nfs.py
stat: CommandFilter, /usr/bin/stat, root
mount: CommandFilter, /bin/mount, root
df: CommandFilter, /bin/df, root
truncate: CommandFilter, /usr/bin/truncate, root
chmod: CommandFilter, /bin/chmod, root
rm: CommandFilter, /bin/rm, root
lvs: CommandFilter, /sbin/lvs, root

View File

@ -0,0 +1,2 @@
ISCSITARGET_ENABLE=true

View File

@ -0,0 +1 @@
os-config-applier

View File

@ -0,0 +1,3 @@
#!/bin/bash
set -eu
use-config-templates $(dirname $0)/../config

View File

@ -0,0 +1 @@
Install cinder service from git.

View File

@ -0,0 +1,4 @@
os-svc-install
os-refresh-config
os-config-applier
cinder-config

View File

@ -0,0 +1,22 @@
#!/bin/bash
set -eux
install-packages lvm2
os-svc-install -n cinder -u cinder -r https://github.com/openstack/cinder.git
os-svc-upstart cinder-api cinder /usr/local/bin/cinder-api "--config-dir /etc/cinder"
os-svc-upstart cinder-volume cinder /usr/local/bin/cinder-volume "--config-dir /etc/cinder"
os-svc-upstart cinder-scheduler cinder /usr/local/bin/cinder-scheduler "--config-dir /etc/cinder"
mkdir -p /etc/tgt/conf.d
echo 'include /etc/tgt/conf.d/cinder_tgt.conf' > /etc/tgt/targets.conf
echo 'include /var/run/cinder/volumes/*' > /etc/tgt/conf.d/cinder_tgt.conf
echo "cinder ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/cinder
chmod 0440 /etc/sudoers.d/cinder
visudo -c
os_refresh=$(os-refresh-config --print-base)
for stage in pre-configure migration post-configure; do
install -m 0755 -o root -g root $(dirname $0)/../$stage $os_refresh/$stage.d/72-cinder
done

15
elements/cinder/migration Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
set -eu
# TODO: resize volume group in response to config changes.
# TODO: is there a safe way to shrink a volume group?
vol_group=cinder-volumes
vol_file=/var/run/cinder/$vol_group-backing-file
size=$(os-config-applier --key cinder.volume_size_mb --type int)M
if ! vgs $vol_group; then
[[ -f $vol_file ]] || truncate -s $size $vol_file
dev=`sudo losetup -f --show $vol_file`
if ! vgs $vol_group; then vgcreate $vol_group $dev; fi
mkdir -p /var/run/cinder/volumes
fi

8
elements/cinder/post-configure Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
set -eu
service iscsitarget restart
service open-iscsi restart
service cinder-api restart
service cinder-volume restart
service cinder-scheduler restart

8
elements/cinder/pre-configure Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
set -eu
# installation requires building a kernel module.
# - TODO: use generic 'install-packages' instead of apt-get once
# it is available from first-boot scripts.
DEBIAN_FRONTEND=noninteractive apt-get install --yes linux-headers-`uname -r`
DEBIAN_FRONTEND=noninteractive apt-get install --yes iscsitarget iscsitarget-dkms openvswitch-datapath-dkms

View File

@ -8,6 +8,10 @@ install-packages git-core python-pip
pip install git+https://github.com/tripleo/os-refresh-config.git
for d in pre-configure.d configure.d migration.d post-configure.d; do
install -m 0755 -o root -g root -d /opt/stack/os-config-refresh/$d
done
cat > /etc/init/os-refresh-config.conf <<- eof
start on runlevel [2345]
task