"Fossies" - the Fresh Open Source Software Archive

Member "magnum-8.2.0/devstack/lib/magnum" (6 Dec 2019, 15242 Bytes) of package /linux/misc/openstack/magnum-8.2.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "magnum": 8.1.0_vs_8.2.0.

    1 #!/bin/bash
    2 #
    3 # lib/magnum
    4 # Functions to control the configuration and operation of the **magnum** service
    5 
    6 # Dependencies:
    7 #
    8 # - ``functions`` file
    9 # - ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
   10 # - ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
   11 
   12 # ``stack.sh`` calls the entry points in this order:
   13 #
   14 # - install_magnum
   15 # - configure_magnum
   16 # - create_magnum_conf
   17 # - init_magnum
   18 # - magnum_register_image
   19 # - magnum_configure_flavor
   20 # - start_magnum
   21 # - configure_iptables_magnum
   22 # - configure_apache_magnum
   23 # - stop_magnum
   24 # - cleanup_magnum
   25 
   26 # Save trace setting
   27 XTRACE=$(set +o | grep xtrace)
   28 set +o xtrace
   29 
   30 
   31 # Defaults
   32 # --------
   33 
   34 # Set up default directories
   35 MAGNUM_REPO=${MAGNUM_REPO:-${GIT_BASE}/openstack/magnum.git}
   36 MAGNUM_BRANCH=${MAGNUM_BRANCH:-master}
   37 MAGNUM_DIR=$DEST/magnum
   38 
   39 GITREPO["python-magnumclient"]=${MAGNUMCLIENT_REPO:-${GIT_BASE}/openstack/python-magnumclient.git}
   40 GITBRANCH["python-magnumclient"]=${MAGNUMCLIENT_BRANCH:-master}
   41 GITDIR["python-magnumclient"]=$DEST/python-magnumclient
   42 
   43 MAGNUM_STATE_PATH=${MAGNUM_STATE_PATH:=$DATA_DIR/magnum}
   44 MAGNUM_AUTH_CACHE_DIR=${MAGNUM_AUTH_CACHE_DIR:-/var/cache/magnum}
   45 MAGNUM_CERTIFICATE_CACHE_DIR=${MAGNUM_CERTIFICATE_CACHE_DIR:-/var/lib/magnum/certificate-cache}
   46 
   47 MAGNUM_CONF_DIR=/etc/magnum
   48 MAGNUM_CONF=$MAGNUM_CONF_DIR/magnum.conf
   49 MAGNUM_API_PASTE=$MAGNUM_CONF_DIR/api-paste.ini
   50 MAGNUM_POLICY=$MAGNUM_CONF_DIR/policy.yaml
   51 
   52 if is_ssl_enabled_service "magnum" || is_service_enabled tls-proxy; then
   53     MAGNUM_SERVICE_PROTOCOL="https"
   54 fi
   55 
   56 # Public facing bits
   57 MAGNUM_SERVICE_HOST=${MAGNUM_SERVICE_HOST:-$HOST_IP}
   58 MAGNUM_SERVICE_PORT=${MAGNUM_SERVICE_PORT:-9511}
   59 MAGNUM_SERVICE_PORT_INT=${MAGNUM_SERVICE_PORT_INT:-19511}
   60 MAGNUM_SERVICE_PROTOCOL=${MAGNUM_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
   61 
   62 MAGNUM_TRUSTEE_DOMAIN_ADMIN_PASSWORD=${MAGNUM_TRUSTEE_DOMAIN_ADMIN_PASSWORD:-secret}
   63 
   64 MAGNUM_SWIFT_REGISTRY_CONTAINER=${MAGNUM_SWIFT_REGISTRY_CONTAINER:-docker_registry}
   65 
   66 # Support entry points installation of console scripts
   67 if [[ -d $MAGNUM_DIR/bin ]]; then
   68     MAGNUM_BIN_DIR=$MAGNUM_DIR/bin
   69 else
   70     MAGNUM_BIN_DIR=$(get_python_exec_prefix)
   71 fi
   72 
   73 MAGNUM_CONFIGURE_IPTABLES=${MAGNUM_CONFIGURE_IPTABLES:-True}
   74 
   75 # Functions
   76 # ---------
   77 
   78 # Test if any magnum services are enabled
   79 # is_magnum_enabled
   80 function is_magnum_enabled {
   81     [[ ,${ENABLED_SERVICES} =~ ,"magnum-" ]] && return 0
   82     return 1
   83 }
   84 # cleanup_magnum() - Remove residual data files, anything left over from previous
   85 # runs that a clean run would need to clean up
   86 function cleanup_magnum {
   87     sudo rm -rf $MAGNUM_STATE_PATH $MAGNUM_AUTH_CACHE_DIR $MAGNUM_CERTIFICATE_CACHE_DIR
   88 }
   89 
   90 # configure_magnum() - Set config files, create data dirs, etc
   91 function configure_magnum {
   92     # Put config files in ``/etc/magnum`` for everyone to find
   93     if [[ ! -d $MAGNUM_CONF_DIR ]]; then
   94         sudo mkdir -p $MAGNUM_CONF_DIR
   95         sudo chown $STACK_USER $MAGNUM_CONF_DIR
   96     fi
   97 
   98     # Rebuild the config file from scratch
   99     create_magnum_conf
  100 
  101     create_api_paste_conf
  102 }
  103 
  104 # create_magnum_accounts() - Set up common required magnum accounts
  105 #
  106 # Project              User         Roles
  107 # ------------------------------------------------------------------
  108 # SERVICE_PROJECT_NAME  magnum         service
  109 function create_magnum_accounts {
  110 
  111     create_service_user "magnum" "admin"
  112 
  113     local magnum_service=$(get_or_create_service "magnum" \
  114         "container-infra" "Container Infrastructure Management Service")
  115     get_or_create_endpoint $magnum_service \
  116         "$REGION_NAME" \
  117         "$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST:$MAGNUM_SERVICE_PORT/v1" \
  118         "$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST:$MAGNUM_SERVICE_PORT/v1" \
  119         "$MAGNUM_SERVICE_PROTOCOL://$MAGNUM_SERVICE_HOST:$MAGNUM_SERVICE_PORT/v1"
  120 
  121 }
  122 
  123 # create_magnum_conf() - Create a new magnum.conf file
  124 function create_magnum_conf {
  125 
  126     # (Re)create ``magnum.conf``
  127     rm -f $MAGNUM_CONF
  128     HOSTNAME=`hostname`
  129     iniset $MAGNUM_CONF DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"
  130     iniset $MAGNUM_CONF DEFAULT transport_url $(get_transport_url)
  131     iniset $MAGNUM_CONF DEFAULT host "$HOSTNAME"
  132 
  133     iniset $MAGNUM_CONF database connection `database_connection_url magnum`
  134     iniset $MAGNUM_CONF api host "$MAGNUM_SERVICE_HOST"
  135     if is_service_enabled tls-proxy; then
  136         iniset $MAGNUM_CONF api port "$MAGNUM_SERVICE_PORT_INT"
  137         iniset $MAGNUM_CONF drivers verify_ca true
  138         iniset $MAGNUM_CONF drivers openstack_ca_file $SSL_BUNDLE_FILE
  139     else
  140         iniset $MAGNUM_CONF api port "$MAGNUM_SERVICE_PORT"
  141         iniset $MAGNUM_CONF drivers verify_ca false
  142     fi
  143 
  144     iniset $MAGNUM_CONF cluster temp_cache_dir $MAGNUM_CERTIFICATE_CACHE_DIR
  145 
  146     iniset $MAGNUM_CONF oslo_policy policy_file $MAGNUM_POLICY
  147 
  148     iniset $MAGNUM_CONF keystone_auth auth_type password
  149     iniset $MAGNUM_CONF keystone_auth username magnum
  150     iniset $MAGNUM_CONF keystone_auth password $SERVICE_PASSWORD
  151     iniset $MAGNUM_CONF keystone_auth project_name $SERVICE_PROJECT_NAME
  152     iniset $MAGNUM_CONF keystone_auth project_domain_id default
  153     iniset $MAGNUM_CONF keystone_auth user_domain_id default
  154 
  155     configure_auth_token_middleware $MAGNUM_CONF magnum $MAGNUM_AUTH_CACHE_DIR
  156 
  157     iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_AUTH_URI_V3
  158 
  159     # FIXME(pauloewerton): keystone_authtoken section is deprecated. Remove it
  160     # after deprecation period.
  161     iniset $MAGNUM_CONF keystone_authtoken www_authenticate_uri $KEYSTONE_SERVICE_URI_V3
  162     iniset $MAGNUM_CONF keystone_authtoken auth_url $KEYSTONE_AUTH_URI_V3
  163     iniset $MAGNUM_CONF keystone_authtoken auth_version v3
  164 
  165     if is_fedora || is_suse; then
  166         # magnum defaults to /usr/local/bin, but fedora and suse pip like to
  167         # install things in /usr/bin
  168         iniset $MAGNUM_CONF DEFAULT bindir "/usr/bin"
  169     fi
  170 
  171     if [ -n "$MAGNUM_STATE_PATH" ]; then
  172         iniset $MAGNUM_CONF DEFAULT state_path "$MAGNUM_STATE_PATH"
  173         iniset $MAGNUM_CONF oslo_concurrency lock_path "$MAGNUM_STATE_PATH"
  174     fi
  175 
  176     if [ "$USE_SYSTEMD" != "False" ]; then
  177         setup_systemd_logging $MAGNUM_CONF
  178     fi
  179 
  180     # Format logging
  181     if [ "$LOG_COLOR" == "True" ] && [ "$USE_SYSTEMD" == "False" ]; then
  182         setup_colorized_logging $MAGNUM_CONF DEFAULT
  183     fi
  184 
  185     # Register SSL certificates if provided
  186     if is_ssl_enabled_service magnum; then
  187         ensure_certificates MAGNUM
  188 
  189         iniset $MAGNUM_CONF DEFAULT ssl_cert_file "$MAGNUM_SSL_CERT"
  190         iniset $MAGNUM_CONF DEFAULT ssl_key_file "$MAGNUM_SSL_KEY"
  191 
  192         iniset $MAGNUM_CONF DEFAULT enabled_ssl_apis "$MAGNUM_ENABLED_APIS"
  193     fi
  194 
  195     if is_service_enabled ceilometer; then
  196         iniset $MAGNUM_CONF oslo_messaging_notifications driver "messaging"
  197     fi
  198 
  199     if is_service_enabled barbican; then
  200         iniset $MAGNUM_CONF certificates cert_manager_type "barbican"
  201     else
  202         iniset $MAGNUM_CONF certificates cert_manager_type "x509keypair"
  203     fi
  204 
  205     trustee_domain_id=$(get_or_create_domain magnum 'Owns users and projects created by magnum')
  206     trustee_domain_admin_id=$(get_or_create_user trustee_domain_admin $MAGNUM_TRUSTEE_DOMAIN_ADMIN_PASSWORD $trustee_domain_id)
  207     openstack --os-auth-url $KEYSTONE_SERVICE_URI_V3 \
  208               --os-identity-api-version 3 role add \
  209               --user $trustee_domain_admin_id --domain $trustee_domain_id \
  210               admin
  211     iniset $MAGNUM_CONF trust cluster_user_trust True
  212     iniset $MAGNUM_CONF trust trustee_domain_name magnum
  213     iniset $MAGNUM_CONF trust trustee_domain_admin_name trustee_domain_admin
  214     iniset $MAGNUM_CONF trust trustee_domain_admin_password $MAGNUM_TRUSTEE_DOMAIN_ADMIN_PASSWORD
  215     iniset $MAGNUM_CONF trust trustee_keystone_interface public
  216     iniset $MAGNUM_CONF cinder_client region_name $REGION_NAME
  217 
  218     if is_service_enabled swift; then
  219         iniset $MAGNUM_CONF docker_registry swift_region $REGION_NAME
  220         iniset $MAGNUM_CONF docker_registry swift_registry_container $MAGNUM_SWIFT_REGISTRY_CONTAINER
  221     fi
  222 
  223     # Get the default volume type from cinder.conf and set the coresponding
  224     # default in magnum.conf
  225     default_volume_type=$(iniget /etc/cinder/cinder.conf DEFAULT default_volume_type)
  226     iniset $MAGNUM_CONF cinder default_docker_volume_type $default_volume_type
  227     iniset $MAGNUM_CONF drivers send_cluster_metrics False
  228 }
  229 
  230 function create_api_paste_conf {
  231     # copy api_paste.ini
  232     cp $MAGNUM_DIR/etc/magnum/api-paste.ini $MAGNUM_API_PASTE
  233 }
  234 
  235 # create_magnum_cache_dir() - Part of the init_magnum() process
  236 function create_magnum_cache_dir {
  237     # Create cache dir
  238     sudo mkdir -p $1
  239     sudo chown $STACK_USER $1
  240     rm -f $1/*
  241 }
  242 
  243 
  244 # init_magnum() - Initialize databases, etc.
  245 function init_magnum {
  246     # Only do this step once on the API node for an entire cluster.
  247     if is_service_enabled $DATABASE_BACKENDS && is_service_enabled magnum-api; then
  248         # (Re)create magnum database
  249         recreate_database magnum
  250 
  251         # Migrate magnum database
  252         $MAGNUM_BIN_DIR/magnum-db-manage upgrade
  253     fi
  254     create_magnum_cache_dir $MAGNUM_AUTH_CACHE_DIR
  255     create_magnum_cache_dir $MAGNUM_CERTIFICATE_CACHE_DIR
  256 }
  257 
  258 # magnum_register_image - Register heat image for magnum with property os_distro
  259 function magnum_register_image {
  260     local magnum_image_property="--property os_distro="
  261 
  262     local atomic="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -io 'atomic' || true;)"
  263     if [ ! -z "$atomic" ]; then
  264         magnum_image_property=$magnum_image_property"fedora-atomic --property hw_rng_model=virtio"
  265     fi
  266     local ubuntu="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -io "ubuntu" || true;)"
  267     if [ ! -z "$ubuntu" ]; then
  268         magnum_image_property=$magnum_image_property"ubuntu"
  269     fi
  270     local coreos="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -io "coreos" || true;)"
  271     if [ ! -z "$coreos" ]; then
  272         magnum_image_property=$magnum_image_property"coreos"
  273     fi
  274     # os_distro property for fedora ironic image
  275     local fedora_ironic="$(echo $MAGNUM_GUEST_IMAGE_URL | grep -i "ironic" \
  276                                                         | grep -io "fedora" || true;)"
  277     if [ ! -z "$fedora_ironic" ]; then
  278         magnum_image_property=$magnum_image_property"fedora"
  279     fi
  280 
  281     # get the image name
  282     local image_filename=$(basename "$MAGNUM_GUEST_IMAGE_URL")
  283     local image_name=""
  284     for extension in "tgz" "img" "qcow2" "iso" "vhd" "vhdx" "tar.gz" "img.gz" "img.bz2" "vhd.gz" "vhdx.gz"
  285     do
  286         if [ $(expr match "${image_filename}" ".*\.${extension}$") -ne 0 ]; then
  287             image_name=$(basename "$image_filename" ".${extension}")
  288             break
  289         fi
  290     done
  291     if [ -z ${image_name} ]; then
  292         echo "Unknown image extension in $image_filename, supported extensions: tgz, img, qcow2, iso, vhd, vhdx, tar.gz, img.gz, img.bz2, vhd.gz, vhdx.gz"; false
  293     fi
  294 
  295     openstack --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT --os-image-api-version 2 image set $image_name $magnum_image_property
  296 }
  297 
  298 #magnum_configure_flavor - set hw_rng property for flavor to address the potential entropy issue
  299 function magnum_configure_flavor {
  300     local magnum_flavor_property="--property hw_rng:allowed=True --property hw_rng:rate_bytes=1024 --property hw_rng:rate_period=1"
  301 
  302     local FLAVOR_LIST=$(openstack --os-url $NOVA_SERVICE_PROTOCOL://$NOVA_HOSTPORT --os-compute-api-version 2.1 flavor list -c Name -f value)
  303     for flavor in ${FLAVOR_LIST}; do
  304         openstack --os-url $NOVA_SERVICE_PROTOCOL://$NOVA_HOSTPORT --os-compute-api-version 2.1 flavor set $flavor $magnum_flavor_property
  305     done
  306 }
  307 
  308 # install_magnumclient() - Collect source and prepare
  309 function install_magnumclient {
  310     if use_library_from_git "python-magnumclient"; then
  311         git_clone_by_name "python-magnumclient"
  312         setup_dev_lib "python-magnumclient"
  313         sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-magnumclient"]}/tools/,/etc/bash_completion.d/}magnum.bash_completion
  314     fi
  315 }
  316 
  317 # install_magnum() - Collect source and prepare
  318 function install_magnum {
  319     git_clone $MAGNUM_REPO $MAGNUM_DIR $MAGNUM_BRANCH
  320     setup_develop $MAGNUM_DIR
  321 }
  322 
  323 # start_magnum_api() - Start the API process ahead of other things
  324 function start_magnum_api {
  325     # Get right service port for testing
  326     local service_port=$MAGNUM_SERVICE_PORT
  327     local service_protocol=$MAGNUM_SERVICE_PROTOCOL
  328     if is_service_enabled tls-proxy; then
  329         service_port=$MAGNUM_SERVICE_PORT_INT
  330         service_protocol="http"
  331     fi
  332 
  333     run_process magnum-api "$MAGNUM_BIN_DIR/magnum-api"
  334     echo "Waiting for magnum-api to start..."
  335     if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$MAGNUM_SERVICE_HOST:$service_port; then
  336         die $LINENO "magnum-api did not start"
  337     fi
  338 
  339     # Start proxies if enabled
  340     if is_service_enabled tls-proxy; then
  341         start_tls_proxy magnum '*' $MAGNUM_SERVICE_PORT $MAGNUM_SERVICE_HOST $MAGNUM_SERVICE_PORT_INT &
  342     fi
  343 }
  344 
  345 
  346 # configure_iptables_magnum() - Configure the IP table rules for Magnum
  347 function configure_iptables_magnum {
  348     if [ "$MAGNUM_CONFIGURE_IPTABLES" != "False" ]; then
  349         ROUTE_TO_INTERNET=$(ip route get 8.8.8.8)
  350         OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}')
  351         sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
  352         # bay nodes will access magnum-api (port $MAGNUM_SERVICE_PORT) to get CA certificate.
  353         sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $MAGNUM_SERVICE_PORT -j ACCEPT || true
  354         # allow access to keystone etc (http and https)
  355         sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true
  356         sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
  357     fi
  358 }
  359 
  360 
  361 function configure_apache_magnum {
  362     # Set redirection for kubernetes openstack cloud provider
  363     # FIXME: When [1] is in kubernetes, we won't need the redirection anymore.
  364     # [1] https://github.com/gophercloud/gophercloud/pull/423
  365     HTACCESS_PATH=/var/www/html
  366     if is_ubuntu; then
  367         OVERRIDE_CONF_FILE=/etc/apache2/apache2.conf
  368     elif is_fedora; then
  369         OVERRIDE_CONF_FILE=/etc/httpd/conf/httpd.conf
  370     fi
  371     # If horizon is enabled then we need
  372     if is_service_enabled horizon; then
  373          HTACCESS_PATH=$DEST/horizon/.blackhole
  374          sudo tee -a $APACHE_CONF_DIR/horizon.conf <<EOF
  375 <Directory $HTACCESS_PATH>
  376 Options Indexes FollowSymLinks
  377 AllowOverride all
  378 Require all granted
  379 </Directory>
  380 EOF
  381     else
  382         sudo tee -a $OVERRIDE_CONF_FILE <<EOF
  383 <Directory $HTACCESS_PATH>
  384     Options Indexes FollowSymLinks
  385     AllowOverride all
  386     Require all granted
  387 </Directory>
  388 EOF
  389     fi
  390 
  391     sudo mkdir -p $HTACCESS_PATH
  392     sudo tee $HTACCESS_PATH/.htaccess <<EOF
  393 RewriteEngine on
  394 RewriteRule ^v2\.0(.*) /identity/v2.0\$1
  395 RewriteRule ^v3(.*) /identity/v3\$1
  396 EOF
  397     enable_apache_mod rewrite
  398 }
  399 
  400 
  401 # start_magnum() - Start running processes, including screen
  402 function start_magnum {
  403 
  404     # ``run_process`` checks ``is_service_enabled``, it is not needed here
  405     start_magnum_api
  406     run_process magnum-cond "$MAGNUM_BIN_DIR/magnum-conductor"
  407 }
  408 
  409 # stop_magnum() - Stop running processes (non-screen)
  410 function stop_magnum {
  411     for serv in magnum-api magnum-cond; do
  412         stop_process $serv
  413     done
  414 }
  415 
  416 
  417 # Restore xtrace
  418 $XTRACE