Add a cinder element.

Change-Id: I4729cf003896c3b4f8267d16e1b4822099231051
2013-02-20 21:50:33 -08:00 · 2013-02-20 21:50:33 -08:00 · aa8a2174a6
commit aa8a2174a6
parent 07c476b590
15 changed files with 265 additions and 0 deletions
--- a/elements/cinder-config/config/etc/cinder/api-paste.ini
+++ b/elements/cinder-config/config/etc/cinder/api-paste.ini
@ -0,0 +1,61 @@
+#############
+# OpenStack #
+#############
+
+[composite:osapi_volume]
+use = call:cinder.api:root_app_factory
+/: apiversions
+/v1: openstack_volume_api_v1
+/v2: openstack_volume_api_v2
+
+[composite:openstack_volume_api_v1]
+use = call:cinder.api.middleware.auth:pipeline_factory
+noauth = faultwrap sizelimit noauth apiv1
+keystone = faultwrap sizelimit authtoken keystonecontext apiv1
+keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv1
+
+[composite:openstack_volume_api_v2]
+use = call:cinder.api.middleware.auth:pipeline_factory
+noauth = faultwrap sizelimit noauth apiv2
+keystone = faultwrap sizelimit authtoken keystonecontext apiv2
+keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv2
+
+[filter:faultwrap]
+paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory
+
+[filter:noauth]
+paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory
+
+[filter:sizelimit]
+paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory
+
+[app:apiv1]
+paste.app_factory = cinder.api.v1.router:APIRouter.factory
+
+[app:apiv2]
+paste.app_factory = cinder.api.v2.router:APIRouter.factory
+
+[pipeline:apiversions]
+pipeline = faultwrap osvolumeversionapp
+
+[app:osvolumeversionapp]
+paste.app_factory = cinder.api.versions:Versions.factory
+
+##########
+# Shared #
+##########
+
+[filter:keystonecontext]
+paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+service_protocol = http
+service_host = {{keystone.host}}
+service_port = 5000
+auth_host = {{keystone.host}}
+auth_port = 35357
+auth_protocol = http
+admin_tenant_name = service
+admin_user = cinder
+admin_password = {{service-password}}
--- a/elements/cinder-config/config/etc/cinder/cinder.conf
+++ b/elements/cinder-config/config/etc/cinder/cinder.conf
@ -0,0 +1,20 @@
+[DEFAULT]
+debug = True
+
+state_path = /var/run/cinder
+
+rootwrap_config=/etc/cinder/rootwrap.conf
+api_paste_config = /etc/cinder/api-paste.ini
+
+iscsi_helper=tgtadm
+volume_name_template = volume-%s
+volume_group = cinder-volumes
+verbose = True
+auth_strategy = keystone
+
+sql_connection={{cinder.db}}
+
+rabbit_host = {{rabbit.host}}
+rabbit_port = 5672
+rabbit_userid = {{rabbit.user}}
+rabbit_password = {{rabbit.password}}
--- a/elements/cinder-config/config/etc/cinder/policy.json
+++ b/elements/cinder-config/config/etc/cinder/policy.json
@ -0,0 +1,34 @@
+{
+    "context_is_admin": [["role:admin"]],
+    "admin_or_owner":  [["is_admin:True"], ["project_id:%(project_id)s"]],
+    "default": [["rule:admin_or_owner"]],
+
+    "admin_api": [["is_admin:True"]],
+
+    "volume:create": [],
+    "volume:get_all": [],
+    "volume:get_volume_metadata": [],
+    "volume:get_snapshot": [],
+    "volume:get_all_snapshots": [],
+
+    "volume_extension:types_manage": [["rule:admin_api"]],
+    "volume_extension:types_extra_specs": [["rule:admin_api"]],
+    "volume_extension:extended_snapshot_attributes": [],
+    "volume_extension:volume_image_metadata": [],
+
+    "volume_extension:quotas:show": [],
+    "volume_extension:quotas:update_for_project": [["rule:admin_api"]],
+    "volume_extension:quotas:update_for_user": [["rule:admin_or_projectadmin"]],
+    "volume_extension:quota_classes": [],
+
+    "volume_extension:volume_admin_actions:reset_status": [["rule:admin_api"]],
+    "volume_extension:snapshot_admin_actions:reset_status": [["rule:admin_api"]],
+    "volume_extension:volume_admin_actions:force_delete": [["rule:admin_api"]],
+    "volume_extension:snapshot_admin_actions:force_delete": [["rule:admin_api"]],
+
+    "volume_extension:volume_host_attribute": [["rule:admin_api"]],
+    "volume_extension:volume_tenant_attribute": [["rule:admin_api"]],
+    "volume_extension:hosts": [["rule:admin_api"]],
+    "volume_extension:services": [["rule:admin_api"]],
+    "volume:services": [["rule:admin_api"]]
+}
--- a/elements/cinder-config/config/etc/cinder/rootwrap.conf
+++ b/elements/cinder-config/config/etc/cinder/rootwrap.conf
@ -0,0 +1,27 @@
+# Configuration for cinder-rootwrap
+# This file should be owned by (and only-writeable by) the root user
+
+[DEFAULT]
+# List of directories to load filter definitions from (separated by ',').
+# These directories MUST all be only writeable by root !
+filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap
+
+# List of directories to search executables in, in case filters do not
+# explicitely specify a full path (separated by ',')
+# If not specified, defaults to system PATH environment variable.
+# These directories MUST all be only writeable by root !
+exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
+
+# Enable logging to syslog
+# Default value is False
+use_syslog=False
+
+# Which syslog facility to use.
+# Valid values include auth, authpriv, syslog, user0, user1...
+# Default value is 'syslog'
+syslog_log_facility=syslog
+
+# Which messages to log.
+# INFO means log all usage
+# ERROR means only log unsuccessful attempts
+syslog_log_level=ERROR
--- a/elements/cinder-config/config/etc/cinder/rootwrap.d/volume.filters
+++ b/elements/cinder-config/config/etc/cinder/rootwrap.d/volume.filters
@ -0,0 +1,55 @@
+# cinder-rootwrap command filters for volume nodes
+# This file should be owned by (and only-writeable by) the root user
+
+[Filters]
+# cinder/volume/iscsi.py: iscsi_helper '--op' ...
+ietadm: CommandFilter, /usr/sbin/ietadm, root
+tgtadm: CommandFilter, /usr/sbin/tgtadm, root
+tgt-admin: CommandFilter, /usr/sbin/tgt-admin, root
+
+# cinder/volume/driver.py: 'vgs', '--noheadings', '-o', 'name'
+vgs: CommandFilter, /sbin/vgs, root
+
+# cinder/volume/driver.py: 'lvcreate', '-L', sizestr, '-n', volume_name,..
+# cinder/volume/driver.py: 'lvcreate', '-L', ...
+lvcreate: CommandFilter, /sbin/lvcreate, root
+
+# cinder/volume/driver.py: 'dd', 'if=%s' % srcstr, 'of=%s' % deststr,...
+dd: CommandFilter, /bin/dd, root
+
+# cinder/volume/driver.py: 'lvremove', '-f', %s/%s % ...
+lvremove: CommandFilter, /sbin/lvremove, root
+
+# cinder/volume/driver.py: 'lvdisplay', '--noheading', '-C', '-o', 'Attr',..
+lvdisplay: CommandFilter, /sbin/lvdisplay, root
+
+# cinder/volume/driver.py: 'iscsiadm', '-m', 'discovery', '-t',...
+# cinder/volume/driver.py: 'iscsiadm', '-m', 'node', '-T', ...
+iscsiadm: CommandFilter, /sbin/iscsiadm, root
+iscsiadm_usr: CommandFilter, /usr/bin/iscsiadm, root
+
+# cinder/volume/drivers/lvm.py: 'shred', '-n3'
+# cinder/volume/drivers/lvm.py: 'shred', '-n0', '-z', '-s%dMiB'
+shred: CommandFilter, /usr/bin/shred, root
+
+#cinder/volume/.py: utils.temporary_chown(path, 0), ...
+chown: CommandFilter, /bin/chown, root
+
+# cinder/volume/driver.py
+dmsetup: CommandFilter, /sbin/dmsetup, root
+dmsetup_usr: CommandFilter, /usr/sbin/dmsetup, root
+ln: CommandFilter, /bin/ln, root
+qemu-img: CommandFilter, /usr/bin/qemu-img, root
+env: CommandFilter, /usr/bin/env, root
+
+# cinder/volume/driver.py: utils.read_file_as_root()
+cat: CommandFilter, /bin/cat, root
+
+# cinder/volume/nfs.py
+stat: CommandFilter, /usr/bin/stat, root
+mount: CommandFilter, /bin/mount, root
+df: CommandFilter, /bin/df, root
+truncate: CommandFilter, /usr/bin/truncate, root
+chmod: CommandFilter, /bin/chmod, root
+rm: CommandFilter, /bin/rm, root
+lvs: CommandFilter, /sbin/lvs, root
--- a/elements/cinder-config/config/etc/default/iscsitarget
+++ b/elements/cinder-config/config/etc/default/iscsitarget
@ -0,0 +1,2 @@
+ISCSITARGET_ENABLE=true
+
--- a/elements/cinder-config/element-deps
+++ b/elements/cinder-config/element-deps
@ -0,0 +1 @@
+os-config-applier
--- a/elements/cinder-config/install.d/01-cinder-config
+++ b/elements/cinder-config/install.d/01-cinder-config
@ -0,0 +1,3 @@
+#!/bin/bash
+set -eu
+use-config-templates $(dirname $0)/../config
--- a/elements/cinder/README.md
+++ b/elements/cinder/README.md
@ -0,0 +1 @@
+Install cinder service from git.
--- a/elements/cinder/element-deps
+++ b/elements/cinder/element-deps
@ -0,0 +1,4 @@
+os-svc-install
+os-refresh-config
+os-config-applier
+cinder-config
--- a/elements/cinder/install.d/72-cinder
+++ b/elements/cinder/install.d/72-cinder
@ -0,0 +1,22 @@
+#!/bin/bash
+set -eux
+
+install-packages lvm2
+os-svc-install -n cinder -u cinder -r https://github.com/openstack/cinder.git
+
+os-svc-upstart cinder-api cinder /usr/local/bin/cinder-api "--config-dir /etc/cinder"
+os-svc-upstart cinder-volume cinder /usr/local/bin/cinder-volume "--config-dir /etc/cinder"
+os-svc-upstart cinder-scheduler cinder /usr/local/bin/cinder-scheduler "--config-dir /etc/cinder"
+mkdir -p /etc/tgt/conf.d
+echo 'include /etc/tgt/conf.d/cinder_tgt.conf' > /etc/tgt/targets.conf
+echo 'include /var/run/cinder/volumes/*' > /etc/tgt/conf.d/cinder_tgt.conf
+
+echo "cinder ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/cinder
+chmod 0440 /etc/sudoers.d/cinder
+visudo -c
+
+os_refresh=$(os-refresh-config --print-base)
+
+for stage in pre-configure migration post-configure; do
+  install -m 0755 -o root -g root $(dirname $0)/../$stage $os_refresh/$stage.d/72-cinder
+done
--- a/elements/cinder/migration
+++ b/elements/cinder/migration
@ -0,0 +1,15 @@
+#!/bin/bash
+set -eu
+
+# TODO: resize volume group in response to config changes.
+# TODO: is there a safe way to shrink a volume group?
+vol_group=cinder-volumes
+vol_file=/var/run/cinder/$vol_group-backing-file
+size=$(os-config-applier --key cinder.volume_size_mb --type int)M
+
+if ! vgs $vol_group; then
+  [[ -f $vol_file ]] || truncate -s $size $vol_file
+  dev=`sudo losetup -f --show $vol_file`
+  if ! vgs $vol_group; then vgcreate $vol_group $dev; fi
+  mkdir -p /var/run/cinder/volumes
+fi
--- a/elements/cinder/post-configure
+++ b/elements/cinder/post-configure
@ -0,0 +1,8 @@
+#!/bin/bash
+set -eu
+
+service iscsitarget restart
+service open-iscsi restart
+service cinder-api restart
+service cinder-volume restart
+service cinder-scheduler restart
--- a/elements/cinder/pre-configure
+++ b/elements/cinder/pre-configure
@ -0,0 +1,8 @@
+#!/bin/bash
+set -eu
+
+#   installation requires building a kernel module.
+# - TODO: use generic 'install-packages' instead of apt-get once
+#   it is available from first-boot scripts.
+DEBIAN_FRONTEND=noninteractive apt-get install --yes linux-headers-`uname -r`
+DEBIAN_FRONTEND=noninteractive apt-get install --yes iscsitarget iscsitarget-dkms openvswitch-datapath-dkms
--- a/elements/os-refresh-config/install.d/01-os-refresh-config
+++ b/elements/os-refresh-config/install.d/01-os-refresh-config
@ -8,6 +8,10 @@ install-packages git-core python-pip

 pip install git+https://github.com/tripleo/os-refresh-config.git

+for d in pre-configure.d configure.d migration.d post-configure.d; do
+  install -m 0755 -o root -g root -d /opt/stack/os-config-refresh/$d
+done
+
 cat > /etc/init/os-refresh-config.conf <<- eof
 start on runlevel [2345]
 task