From 0799cbabff4bc3d2baf7de44bcfad8ad8913a79e Mon Sep 17 00:00:00 2001 From: Weidong Shao Date: Sat, 30 Aug 2014 01:10:37 +0000 Subject: [PATCH] Update part of cookbooks from OpenDeployment Change-Id: I884d2157241150a5b1ec4e44f979908762467671 --- .../openstack-compute/attributes/default.rb | 6 ++- .../openstack-compute/recipes/libvirt.rb | 20 ++++++++ .../openstack-identity/libraries/default.rb | 38 +++++++++++++++ .../openstack-identity/recipes/server.rb | 46 ++++++++++++++++--- 4 files changed, 102 insertions(+), 8 deletions(-) create mode 100644 chef/cookbooks/openstack-identity/libraries/default.rb diff --git a/chef/cookbooks/openstack-compute/attributes/default.rb b/chef/cookbooks/openstack-compute/attributes/default.rb index 4b4c9d9..e741cec 100644 --- a/chef/cookbooks/openstack-compute/attributes/default.rb +++ b/chef/cookbooks/openstack-compute/attributes/default.rb @@ -217,6 +217,8 @@ default['openstack']['compute']['libvirt']['images_rbd_ceph_conf'] = '/etc/ceph/ default['openstack']['compute']['libvirt']['volume_backend'] = nil default['openstack']['compute']['libvirt']['rbd']['rbd_secret_name'] = 'rbd_secret_uuid' default['openstack']['compute']['libvirt']['rbd']['rbd_user'] = 'cinder' +default['openstack']['compute']['libvirt']['host_uuid'] = nil + default['openstack']['compute']['config']['availability_zone'] = 'nova' default['openstack']['compute']['config']['storage_availability_zone'] = 'nova' default['openstack']['compute']['config']['default_schedule_zone'] = 'nova' @@ -340,7 +342,7 @@ when 'fedora', 'rhel', 'suse' # :pragma-foodcritic: ~FC024 - won't fix this 'compute_vncproxy_service' => 'openstack-nova-novncproxy', 'compute_vncproxy_consoleauth_packages' => ['openstack-nova-console'], 'compute_vncproxy_consoleauth_service' => 'openstack-nova-consoleauth', - 'libvirt_packages' => ['libvirt'], + 'libvirt_packages' => ['libvirt', 'dmidecode'], 'libvirt_service' => 'libvirtd', 'libvirt_ceph_packages' => ['ceph-common'], 'dbus_service' => 'messagebus', @@ -393,7 +395,7 @@ when 'debian' 'compute_vncproxy_service' => 'nova-novncproxy', 'compute_vncproxy_consoleauth_packages' => ['nova-consoleauth'], 'compute_vncproxy_consoleauth_service' => 'nova-consoleauth', - 'libvirt_packages' => ['libvirt-bin'], + 'libvirt_packages' => ['libvirt-bin', 'dmidecode'], 'libvirt_service' => 'libvirt-bin', 'libvirt_ceph_packages' => ['ceph-common'], 'dbus_service' => 'dbus', diff --git a/chef/cookbooks/openstack-compute/recipes/libvirt.rb b/chef/cookbooks/openstack-compute/recipes/libvirt.rb index d1b2d7a..a0fb354 100644 --- a/chef/cookbooks/openstack-compute/recipes/libvirt.rb +++ b/chef/cookbooks/openstack-compute/recipes/libvirt.rb @@ -178,6 +178,26 @@ execute 'Deleting default libvirt network' do only_if 'virsh net-list | grep -q default' end +# use bios system-uuid as host uuid +ruby_block "set_libvirt_host_uuid" do + block do + # use bios system-uuid as host uuid + if node['openstack']['compute']['libvirt']['host_uuid'].nil? + cmd = Mixlib::ShellOut.new('dmidecode -s system-uuid').run_command + + system_uuid = cmd.stdout.strip + + invalid_uuid = ["00000000-0000-0000-0000-000000000000", \ + "FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF"] + if system_uuid.length.eql?(36) and \ + !invalid_uuid.include?(system_uuid.upcase) + node.set['openstack']['compute']['libvirt']['host_uuid'] = system_uuid + end + end + end + action :run +end + # TODO(breu): this section needs to be rewritten to support key privisioning template '/etc/libvirt/libvirtd.conf' do source 'libvirtd.conf.erb' diff --git a/chef/cookbooks/openstack-identity/libraries/default.rb b/chef/cookbooks/openstack-identity/libraries/default.rb new file mode 100644 index 0000000..e0d47e6 --- /dev/null +++ b/chef/cookbooks/openstack-identity/libraries/default.rb @@ -0,0 +1,38 @@ +# encoding: UTF-8 +# # +# # Cookbook Name:: openstack-identity +# # libraries::master_election +# # +# # Author: sam.su@huawei.com +# # +# # Licensed under the Apache License, Version 2.0 (the 'License'); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an 'AS IS' BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +# # +# +def node_election(role, tag, chef_environment = nil) + chef_environment = chef_environment || node.chef_environment + master = search(:node, "run_list:role\\[#{role}\\] AND \ + chef_environment:#{chef_environment} AND \ + tags:#{tag}") || [] + if master.empty? + nodes = search(:node, "run_list:role\\[#{role}\\] AND \ + chef_environment:#{chef_environment}") || [] + nodes = nodes.sort_by { |node| node.name } unless nodes.empty? + if node.name.eql?(nodes.first.name) + node.tags << tag unless node.tags.include?(tag) + node.save + end + return nodes.first + else + return master.first + end +end diff --git a/chef/cookbooks/openstack-identity/recipes/server.rb b/chef/cookbooks/openstack-identity/recipes/server.rb index 56b555f..4824f08 100644 --- a/chef/cookbooks/openstack-identity/recipes/server.rb +++ b/chef/cookbooks/openstack-identity/recipes/server.rb @@ -107,12 +107,41 @@ if node['openstack']['auth']['strategy'] == 'pki' end if certfile_url.nil? || keyfile_url.nil? || ca_certs_url.nil? - execute 'keystone-manage pki_setup' do - user node['openstack']['identity']['user'] - group node['openstack']['identity']['group'] - - not_if { ::FileTest.exists? node['openstack']['identity']['signing']['keyfile'] } + keygen_node = node_election('os-identity', 'keystone_keygen') + if keygen_node.nil? + keygen_node = node end + if node.name.eql?(keygen_node.name) + execute 'keystone-manage pki_setup' do + user node['openstack']['identity']['user'] + group node['openstack']['identity']['group'] + not_if { ::FileTest.exists? node['openstack']['identity']['signing']['keyfile'] } + end + %w{certfile keyfile ca_certs}.each do |name| + ruby_block "read #{name}" do + block do + file = node['openstack']['identity']['signing']["#{name}"] + if File.exists?(file) and !node['openstack']['identity']['signing'].attribute?("#{name}_data") + node.set['openstack']['identity']['signing']["#{name}_data"] = File.read(file) + node.save + end + end + end + end + + else + if keygen_node['openstack']['identity']['signing'].attribute?("#{name}_data") + %w{certfile keyfile ca_certs}.each do |name| + file node['openstack']['identity']['signing']["#{name}"] do + content keygen_node['openstack']['identity']['signing']["#{name}_data"] + owner node['openstack']['identity']['user'] + group node['openstack']['identity']['group'] + mode 00640 + end + end + end + end + else remote_file node['openstack']['identity']['signing']['certfile'] do source certfile_url @@ -163,7 +192,12 @@ bind_address = bind_endpoint.host # If the search role is set, we search for memcache # servers via a Chef search. If not, we look at the # memcache.servers attribute. -memcache_servers = memcached_servers.join ',' # from openstack-common lib +if node['openstack']['identity']['token']['backend'].eql?('memcache') + memcache_servers = memcached_servers('os-ops-caching').join ',' # from openstack-common lib + # number of seconds to wait before sockets timeout when the memcached server is down + # the default number is 3, here is going to set it as 0.1 + `sed -i "s/_SOCKET_TIMEOUT = 3/_SOCKET_TIMEOUT = 0.1/g" /usr/lib/python[0-9].[0-9]/site-packages/memcache.py` +end # These configuration endpoints must not have the path (v2.0, etc) # added to them, as these values are used in returning the version