devstack/lib/cinder
Alan Bishop ccd116d364 Cinder: add creator role when barbican is enabled
When barbican is enabled, add the "creator" role to cinder's service
user so that cinder can create secrets. Cinder needs to create
barbican secrets when migrating encryption keys from the legacy
ConfKeyManager to barbican. Cinder also needs to create barbican
secrets in order to support transferring encrypted volumes.

Implements: bp/transfer-encrypted-volume
Depends-On: I216f78e8a300ab3f79bbcbb38110adf2bbec2196
Change-Id: Ia3f414c4b9b0829f60841a6dd63c97a893fdde4d
2022-08-22 19:52:00 -07:00

655 lines
25 KiB
Bash

#!/bin/bash
#
# lib/cinder
# Install and start **Cinder** volume service
# Dependencies:
#
# - functions
# - DEST, DATA_DIR, STACK_USER must be defined
# - SERVICE_{TENANT_NAME|PASSWORD} must be defined
# - ``KEYSTONE_TOKEN_FORMAT`` must be defined
# stack.sh
# ---------
# - install_cinder
# - configure_cinder
# - init_cinder
# - start_cinder
# - stop_cinder
# - cleanup_cinder
# Save trace setting
_XTRACE_CINDER=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
# set up default driver
CINDER_DRIVER=${CINDER_DRIVER:-default}
CINDER_PLUGINS=$TOP_DIR/lib/cinder_plugins
CINDER_BACKENDS=$TOP_DIR/lib/cinder_backends
CINDER_BACKUPS=$TOP_DIR/lib/cinder_backups
# grab plugin config if specified via cinder_driver
if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then
source $CINDER_PLUGINS/$CINDER_DRIVER
fi
# set up default directories
GITDIR["python-cinderclient"]=$DEST/python-cinderclient
GITDIR["python-brick-cinderclient-ext"]=$DEST/python-brick-cinderclient-ext
CINDER_DIR=$DEST/cinder
# Cinder virtual environment
if [[ ${USE_VENV} = True ]]; then
PROJECT_VENV["cinder"]=${CINDER_DIR}.venv
CINDER_BIN_DIR=${PROJECT_VENV["cinder"]}/bin
else
CINDER_BIN_DIR=$(get_python_exec_prefix)
fi
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
CINDER_CONF_DIR=/etc/cinder
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
CINDER_UWSGI=$CINDER_BIN_DIR/cinder-wsgi
CINDER_UWSGI_CONF=$CINDER_CONF_DIR/cinder-api-uwsgi.ini
CINDER_API_PASTE_INI=$CINDER_CONF_DIR/api-paste.ini
# Public facing bits
if is_service_enabled tls-proxy; then
CINDER_SERVICE_PROTOCOL="https"
fi
CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST}
CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
# What type of LVM device should Cinder use for LVM backend
# Defaults to auto, which will do thin provisioning if it's a fresh
# volume group, otherwise it will do thick. The other valid choices are
# default, which is thick, or thin, which as the name implies utilizes lvm
# thin provisioning.
CINDER_LVM_TYPE=${CINDER_LVM_TYPE:-auto}
# Default backends
# The backend format is type:name where type is one of the supported backend
# types (lvm, nfs, etc) and name is the identifier used in the Cinder
# configuration and for the volume type name. Multiple backends are
# comma-separated.
# The old ``CINDER_MULTI_LVM_BACKEND=True`` setting had a default of:
# CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1,lvm:lvmdriver-2}
CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1}
CINDER_VOLUME_CLEAR=${CINDER_VOLUME_CLEAR:-${CINDER_VOLUME_CLEAR_DEFAULT:-zero}}
CINDER_VOLUME_CLEAR=$(echo ${CINDER_VOLUME_CLEAR} | tr '[:upper:]' '[:lower:]')
# Default to lioadm
CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-lioadm}
# EL and SUSE should only use lioadm
if is_fedora || is_suse; then
if [[ ${CINDER_ISCSI_HELPER} != "lioadm" ]]; then
die "lioadm is the only valid Cinder target_helper config on this platform"
fi
fi
# When Cinder is used as a backend for Glance, it can be configured to clone
# the volume containing image data directly in the backend instead of
# transferring data from volume to volume. Value is a comma separated list of
# schemes (currently only 'file' and 'cinder' are supported). The default
# configuration in Cinder is empty (that is, do not use this feature). NOTE:
# to use this feature you must also enable GLANCE_SHOW_DIRECT_URL and/or
# GLANCE_SHOW_MULTIPLE_LOCATIONS for glance-api.conf.
CINDER_ALLOWED_DIRECT_URL_SCHEMES=${CINDER_ALLOWED_DIRECT_URL_SCHEMES:-}
if [[ -n "$CINDER_ALLOWED_DIRECT_URL_SCHEMES" ]]; then
if [[ "${GLANCE_SHOW_DIRECT_URL:-False}" != "True" \
&& "${GLANCE_SHOW_MULTIPLE_LOCATIONS:-False}" != "True" ]]; then
warn $LINENO "CINDER_ALLOWED_DIRECT_URL_SCHEMES is set, but neither \
GLANCE_SHOW_DIRECT_URL nor GLANCE_SHOW_MULTIPLE_LOCATIONS is True"
fi
fi
# For backward compatibility
# Before CINDER_BACKUP_DRIVER was introduced, ceph backup driver was configured
# along with ceph backend driver.
if [[ -z "${CINDER_BACKUP_DRIVER}" && "$CINDER_ENABLED_BACKENDS" =~ "ceph" ]]; then
CINDER_BACKUP_DRIVER=ceph
fi
# Supported backup drivers are in lib/cinder_backups
CINDER_BACKUP_DRIVER=${CINDER_BACKUP_DRIVER:-swift}
# Toggle for deploying Cinder under a wsgi server. Legacy mod_wsgi
# reference should be cleaned up to more accurately refer to uwsgi.
CINDER_USE_MOD_WSGI=${CINDER_USE_MOD_WSGI:-True}
# Source the enabled backends
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
be_type=${be%%:*}
be_name=${be##*:}
if [[ -r $CINDER_BACKENDS/${be_type} ]]; then
source $CINDER_BACKENDS/${be_type}
fi
done
fi
# Source the backup driver
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if [[ -r $CINDER_BACKUPS/$CINDER_BACKUP_DRIVER ]]; then
source $CINDER_BACKUPS/$CINDER_BACKUP_DRIVER
else
die "cinder backup driver $CINDER_BACKUP_DRIVER is not supported"
fi
fi
# Environment variables to configure the image-volume cache
CINDER_IMG_CACHE_ENABLED=${CINDER_IMG_CACHE_ENABLED:-True}
# For limits, if left unset, it will use cinder defaults of 0 for unlimited
CINDER_IMG_CACHE_SIZE_GB=${CINDER_IMG_CACHE_SIZE_GB:-}
CINDER_IMG_CACHE_SIZE_COUNT=${CINDER_IMG_CACHE_SIZE_COUNT:-}
# Configure which cinder backends will have the image-volume cache, this takes the same
# form as the CINDER_ENABLED_BACKENDS config option. By default it will
# enable the cache for all cinder backends.
CINDER_CACHE_ENABLED_FOR_BACKENDS=${CINDER_CACHE_ENABLED_FOR_BACKENDS:-$CINDER_ENABLED_BACKENDS}
# Flag to set the oslo_policy.enforce_scope. This is used to switch
# the Volume API policies to start checking the scope of token. by default,
# this flag is False.
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
CINDER_ENFORCE_SCOPE=$(trueorfalse False CINDER_ENFORCE_SCOPE)
# Functions
# ---------
# Test if any Cinder services are enabled
# is_cinder_enabled
function is_cinder_enabled {
[[ ,${DISABLED_SERVICES} =~ ,"cinder" ]] && return 1
[[ ,${ENABLED_SERVICES} =~ ,"c-" ]] && return 0
return 1
}
# _cinder_cleanup_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
function _cinder_cleanup_apache_wsgi {
sudo rm -f $(apache_site_config_for osapi-volume)
}
# cleanup_cinder() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_cinder {
# ensure the volume group is cleared up because fails might
# leave dead volumes in the group
if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
local targets
targets=$(sudo tgtadm --op show --mode target)
if [ $? -ne 0 ]; then
# If tgt driver isn't running this won't work obviously
# So check the response and restart if need be
echo "tgtd seems to be in a bad state, restarting..."
if is_ubuntu; then
restart_service tgt
else
restart_service tgtd
fi
targets=$(sudo tgtadm --op show --mode target)
fi
if [[ -n "$targets" ]]; then
local iqn_list=( $(grep --no-filename -r iqn $SCSI_PERSIST_DIR | sed 's/<target //' | sed 's/>//') )
for i in "${iqn_list[@]}"; do
echo removing iSCSI target: $i
sudo tgt-admin --delete $i
done
fi
if is_ubuntu; then
stop_service tgt
else
stop_service tgtd
fi
else
sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
fi
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
local be be_name be_type
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
be_type=${be%%:*}
be_name=${be##*:}
if type cleanup_cinder_backend_${be_type} >/dev/null 2>&1; then
cleanup_cinder_backend_${be_type} ${be_name}
fi
done
fi
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if type cleanup_cinder_backup_$CINDER_BACKUP_DRIVER >/dev/null 2>&1; then
cleanup_cinder_backup_$CINDER_BACKUP_DRIVER
fi
fi
stop_process "c-api"
remove_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI"
}
# configure_cinder() - Set config files, create data dirs, etc
function configure_cinder {
sudo install -d -o $STACK_USER -m 755 $CINDER_CONF_DIR
rm -f $CINDER_CONF
configure_rootwrap cinder
if [[ -f "$CINDER_DIR/etc/cinder/resource_filters.json" ]]; then
cp -p "$CINDER_DIR/etc/cinder/resource_filters.json" "$CINDER_CONF_DIR/resource_filters.json"
fi
cp $CINDER_DIR/etc/cinder/api-paste.ini $CINDER_API_PASTE_INI
inicomment $CINDER_API_PASTE_INI filter:authtoken auth_host
inicomment $CINDER_API_PASTE_INI filter:authtoken auth_port
inicomment $CINDER_API_PASTE_INI filter:authtoken auth_protocol
inicomment $CINDER_API_PASTE_INI filter:authtoken cafile
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_user
inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password
inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir
configure_keystone_authtoken_middleware $CINDER_CONF cinder
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $CINDER_CONF DEFAULT target_helper "$CINDER_ISCSI_HELPER"
iniset $CINDER_CONF database connection `database_connection_url cinder`
iniset $CINDER_CONF DEFAULT api_paste_config $CINDER_API_PASTE_INI
iniset $CINDER_CONF DEFAULT rootwrap_config "$CINDER_CONF_DIR/rootwrap.conf"
iniset $CINDER_CONF DEFAULT osapi_volume_extension cinder.api.contrib.standard_extensions
iniset $CINDER_CONF DEFAULT osapi_volume_listen $CINDER_SERVICE_LISTEN_ADDRESS
iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH
iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH
if [[ $SERVICE_IP_VERSION == 6 ]]; then
iniset $CINDER_CONF DEFAULT my_ip "$HOST_IPV6"
else
iniset $CINDER_CONF DEFAULT my_ip "$HOST_IP"
fi
iniset $CINDER_CONF key_manager backend cinder.keymgr.conf_key_mgr.ConfKeyManager
iniset $CINDER_CONF key_manager fixed_key $(openssl rand -hex 16)
if [[ -n "$CINDER_ALLOWED_DIRECT_URL_SCHEMES" ]]; then
iniset $CINDER_CONF DEFAULT allowed_direct_url_schemes $CINDER_ALLOWED_DIRECT_URL_SCHEMES
fi
# set default quotas
iniset $CINDER_CONF DEFAULT quota_volumes ${CINDER_QUOTA_VOLUMES:-10}
iniset $CINDER_CONF DEFAULT quota_backups ${CINDER_QUOTA_BACKUPS:-10}
iniset $CINDER_CONF DEFAULT quota_snapshots ${CINDER_QUOTA_SNAPSHOTS:-10}
# Avoid RPC timeouts in slow CI and test environments by doubling the
# default response timeout set by RPC clients. See bug #1873234 for more
# details and example failures.
iniset $CINDER_CONF DEFAULT rpc_response_timeout 120
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
local enabled_backends=""
local default_name=""
local be be_name be_type
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
be_type=${be%%:*}
be_name=${be##*:}
if type configure_cinder_backend_${be_type} >/dev/null 2>&1; then
configure_cinder_backend_${be_type} ${be_name}
fi
if [[ -z "$default_name" ]]; then
default_name=$be_name
fi
enabled_backends+=$be_name,
done
iniset $CINDER_CONF DEFAULT enabled_backends ${enabled_backends%,*}
if [[ -n "$default_name" ]]; then
iniset $CINDER_CONF DEFAULT default_volume_type ${default_name}
fi
configure_cinder_image_volume_cache
fi
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if type configure_cinder_backup_$CINDER_BACKUP_DRIVER >/dev/null 2>&1; then
configure_cinder_backup_$CINDER_BACKUP_DRIVER
else
die "configure_cinder_backup_$CINDER_BACKUP_DRIVER doesn't exist in $CINDER_BACKUPS/$CINDER_BACKUP_DRIVER"
fi
fi
if is_service_enabled ceilometer; then
iniset $CINDER_CONF oslo_messaging_notifications driver "messagingv2"
fi
if is_service_enabled tls-proxy; then
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
# Set the service port for a proxy to take the original
if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
iniset $CINDER_CONF oslo_middleware enable_proxy_headers_parsing True
else
iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
iniset $CINDER_CONF DEFAULT osapi_volume_base_URL $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
fi
fi
fi
if [ "$SYSLOG" != "False" ]; then
iniset $CINDER_CONF DEFAULT use_syslog True
fi
iniset_rpc_backend cinder $CINDER_CONF
# Format logging
setup_logging $CINDER_CONF $CINDER_USE_MOD_WSGI
if is_service_enabled c-api; then
write_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI" "/volume"
fi
if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then
configure_cinder_driver
fi
iniset $CINDER_CONF DEFAULT osapi_volume_workers "$API_WORKERS"
iniset $CINDER_CONF DEFAULT glance_api_servers "$GLANCE_URL"
if is_service_enabled tls-proxy; then
iniset $CINDER_CONF DEFAULT glance_protocol https
iniset $CINDER_CONF DEFAULT glance_ca_certificates_file $SSL_BUNDLE_FILE
fi
# Set nova credentials (used for os-assisted-snapshots)
configure_keystone_authtoken_middleware $CINDER_CONF nova nova
iniset $CINDER_CONF nova region_name "$REGION_NAME"
iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
if [[ ! -z "$CINDER_COORDINATION_URL" ]]; then
iniset $CINDER_CONF coordination backend_url "$CINDER_COORDINATION_URL"
elif is_service_enabled etcd3; then
iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:$ETCD_PORT"
fi
if [[ "$CINDER_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $CINDER_CONF oslo_policy enforce_scope true
iniset $CINDER_CONF oslo_policy enforce_new_defaults true
fi
}
# create_cinder_accounts() - Set up common required cinder accounts
# Project User Roles
# ------------------------------------------------------------------
# SERVICE_PROJECT_NAME cinder service
# SERVICE_PROJECT_NAME cinder creator (if Barbican is enabled)
# Migrated from keystone_data.sh
function create_cinder_accounts {
# Cinder
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
local extra_role=""
# cinder needs the "creator" role in order to interact with barbican
if is_service_enabled barbican; then
extra_role=$(get_or_create_role "creator")
fi
create_service_user "cinder" $extra_role
# block-storage is the official service type
get_or_create_service "cinder" "block-storage" "Cinder Volume Service"
if [ "$CINDER_USE_MOD_WSGI" == "False" ]; then
get_or_create_endpoint \
"block-storage" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v3/\$(project_id)s"
get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
get_or_create_endpoint \
"volumev3" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v3/\$(project_id)s"
else
get_or_create_endpoint \
"block-storage" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v3/\$(project_id)s"
get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
get_or_create_endpoint \
"volumev3" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v3/\$(project_id)s"
fi
configure_cinder_internal_tenant
fi
}
# init_cinder() - Initialize database and volume group
function init_cinder {
if is_service_enabled $DATABASE_BACKENDS; then
# (Re)create cinder database
recreate_database cinder
time_start "dbsync"
# Migrate cinder database
$CINDER_BIN_DIR/cinder-manage --config-file $CINDER_CONF db sync
time_stop "dbsync"
fi
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
local be be_name be_type
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
be_type=${be%%:*}
be_name=${be##*:}
if type init_cinder_backend_${be_type} >/dev/null 2>&1; then
init_cinder_backend_${be_type} ${be_name}
fi
done
fi
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if type init_cinder_backup_$CINDER_BACKUP_DRIVER >/dev/null 2>&1; then
init_cinder_backup_$CINDER_BACKUP_DRIVER
fi
fi
mkdir -p $CINDER_STATE_PATH/volumes
}
# install_cinder() - Collect source and prepare
function install_cinder {
git_clone $CINDER_REPO $CINDER_DIR $CINDER_BRANCH
setup_develop $CINDER_DIR
if [[ "$CINDER_ISCSI_HELPER" == "tgtadm" ]]; then
install_package tgt
elif [[ "$CINDER_ISCSI_HELPER" == "lioadm" ]]; then
if is_ubuntu; then
# TODO(frickler): Workaround for https://launchpad.net/bugs/1819819
sudo mkdir -p /etc/target
install_package targetcli-fb
else
install_package targetcli
fi
fi
}
# install_cinderclient() - Collect source and prepare
function install_cinderclient {
if use_library_from_git "python-brick-cinderclient-ext"; then
git_clone_by_name "python-brick-cinderclient-ext"
setup_dev_lib "python-brick-cinderclient-ext"
fi
if use_library_from_git "python-cinderclient"; then
git_clone_by_name "python-cinderclient"
setup_dev_lib "python-cinderclient"
sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-cinderclient"]}/tools/,/etc/bash_completion.d/}cinder.bash_completion
fi
}
# apply config.d approach for cinder volumes directory
function _configure_tgt_for_config_d {
if [[ ! -d /etc/tgt/stack.d/ ]]; then
sudo ln -sf $CINDER_STATE_PATH/volumes /etc/tgt/stack.d
fi
if ! grep -q "include /etc/tgt/stack.d/*" /etc/tgt/targets.conf; then
echo "include /etc/tgt/stack.d/*" | sudo tee -a /etc/tgt/targets.conf
fi
}
# start_cinder() - Start running processes
function start_cinder {
local service_port=$CINDER_SERVICE_PORT
local service_protocol=$CINDER_SERVICE_PROTOCOL
local cinder_url
if is_service_enabled tls-proxy && [ "$CINDER_USE_MOD_WSGI" == "False" ]; then
service_port=$CINDER_SERVICE_PORT_INT
service_protocol="http"
fi
if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
if is_service_enabled c-vol; then
# Delete any old stack.conf
sudo rm -f /etc/tgt/conf.d/stack.conf
_configure_tgt_for_config_d
if is_ubuntu; then
sudo service tgt restart
elif is_suse; then
# NOTE(dmllr): workaround restart bug
# https://bugzilla.suse.com/show_bug.cgi?id=934642
stop_service tgtd
start_service tgtd
else
restart_service tgtd
fi
# NOTE(gfidente): ensure tgtd is running in debug mode
sudo tgtadm --mode system --op update --name debug --value on
fi
fi
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
if [ "$CINDER_USE_MOD_WSGI" == "False" ]; then
run_process c-api "$CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF"
cinder_url=$service_protocol://$SERVICE_HOST:$service_port
# Start proxy if tls enabled
if is_service_enabled tls-proxy; then
start_tls_proxy cinder '*' $CINDER_SERVICE_PORT $CINDER_SERVICE_HOST $CINDER_SERVICE_PORT_INT
fi
else
run_process "c-api" "$(which uwsgi) --procname-prefix cinder-api --ini $CINDER_UWSGI_CONF"
cinder_url=$service_protocol://$SERVICE_HOST/volume/v3
fi
fi
echo "Waiting for Cinder API to start..."
if ! wait_for_service $SERVICE_TIMEOUT $cinder_url; then
die $LINENO "c-api did not start"
fi
run_process c-sch "$CINDER_BIN_DIR/cinder-scheduler --config-file $CINDER_CONF"
# Tune glibc for Python Services using single malloc arena for all threads
# and disabling dynamic thresholds to reduce memory usage when using native
# threads directly or via eventlet.tpool
# https://www.gnu.org/software/libc/manual/html_node/Memory-Allocation-Tunables.html
malloc_tuning="MALLOC_ARENA_MAX=1 MALLOC_MMAP_THRESHOLD_=131072 MALLOC_TRIM_THRESHOLD_=262144"
run_process c-bak "$CINDER_BIN_DIR/cinder-backup --config-file $CINDER_CONF" "" "" "$malloc_tuning"
run_process c-vol "$CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF" "" "" "$malloc_tuning"
# NOTE(jdg): For cinder, startup order matters. To ensure that repor_capabilities is received
# by the scheduler start the cinder-volume service last (or restart it) after the scheduler
# has started. This is a quick fix for lp bug/1189595
}
# stop_cinder() - Stop running processes
function stop_cinder {
stop_process c-api
stop_process c-bak
stop_process c-sch
stop_process c-vol
}
# create_volume_types() - Create Cinder's configured volume types
function create_volume_types {
# Create volume types
if is_service_enabled c-api && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
local be be_name
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
be_name=${be##*:}
# NOTE (e0ne): openstack client doesn't work with cinder in noauth mode
if is_service_enabled keystone; then
openstack --os-region-name="$REGION_NAME" volume type create --property volume_backend_name="${be_name}" ${be_name}
else
# TODO (e0ne): use openstack client once it will support cinder in noauth mode:
# https://bugs.launchpad.net/python-cinderclient/+bug/1755279
local cinder_url
cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST:$CINDER_SERVICE_PORT/v3
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-create ${be_name}
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-key ${be_name} set volume_backend_name=${be_name}
fi
done
# Increase quota for the service project if glance is using cinder,
# since it's likely to occasionally go above the default 10 in parallel
# test execution.
if [[ "$USE_CINDER_FOR_GLANCE" == "True" ]]; then
openstack --os-region-name="$REGION_NAME" \
quota set --volumes 50 "$SERVICE_PROJECT_NAME"
fi
fi
}
# Compatibility for Grenade
function create_cinder_volume_group {
# During a transition period Grenade needs to have this function defined
# It is effectively a no-op in the Grenade 'target' use case
:
}
function configure_cinder_internal_tenant {
# Re-use the Cinder service account for simplicity.
iniset $CINDER_CONF DEFAULT cinder_internal_tenant_project_id $(get_or_create_project $SERVICE_PROJECT_NAME)
iniset $CINDER_CONF DEFAULT cinder_internal_tenant_user_id $(get_or_create_user "cinder")
}
function configure_cinder_image_volume_cache {
# Expect CINDER_CACHE_ENABLED_FOR_BACKENDS to be a list of backends
# similar to CINDER_ENABLED_BACKENDS with NAME:TYPE where NAME will
# be the backend specific configuration stanza in cinder.conf.
for be in ${CINDER_CACHE_ENABLED_FOR_BACKENDS//,/ }; do
local be_name=${be##*:}
iniset $CINDER_CONF $be_name image_volume_cache_enabled $CINDER_IMG_CACHE_ENABLED
if [[ -n $CINDER_IMG_CACHE_SIZE_GB ]]; then
iniset $CINDER_CONF $be_name image_volume_cache_max_size_gb $CINDER_IMG_CACHE_SIZE_GB
fi
if [[ -n $CINDER_IMG_CACHE_SIZE_COUNT ]]; then
iniset $CINDER_CONF $be_name image_volume_cache_max_count $CINDER_IMG_CACHE_SIZE_COUNT
fi
done
}
# Restore xtrace
$_XTRACE_CINDER
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End: