499315fb65
Reading from /dev/random can block an virtual machine even for several minutes, when the entropy pool is empty at the read time. I have doubts we really need to use /dev/random here. Even the ssh-keygen uses /dev/urandom by default, so the /dev/random is a little bit overkill here. Change-Id: I6d2c6364c2b445304a33b0140e3cdc6804404b63
299 lines
11 KiB
Plaintext
299 lines
11 KiB
Plaintext
# lib/heat
|
|
# Install and start **Heat** service
|
|
|
|
# To enable, add the following to localrc
|
|
#
|
|
# ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
|
|
|
|
# Dependencies:
|
|
#
|
|
# - functions
|
|
|
|
# stack.sh
|
|
# ---------
|
|
# - install_heatclient
|
|
# - install_heat
|
|
# - configure_heatclient
|
|
# - configure_heat
|
|
# - init_heat
|
|
# - start_heat
|
|
# - stop_heat
|
|
# - cleanup_heat
|
|
|
|
# Save trace setting
|
|
XTRACE=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
|
|
# Defaults
|
|
# --------
|
|
|
|
# set up default directories
|
|
HEAT_DIR=$DEST/heat
|
|
HEATCLIENT_DIR=$DEST/python-heatclient
|
|
HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat}
|
|
HEAT_STANDALONE=`trueorfalse False $HEAT_STANDALONE`
|
|
HEAT_CONF_DIR=/etc/heat
|
|
HEAT_CONF=$HEAT_CONF_DIR/heat.conf
|
|
HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
|
|
HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
|
|
HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`
|
|
|
|
# other default options
|
|
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
|
|
|
|
# Tell Tempest this project is present
|
|
TEMPEST_SERVICES+=,heat
|
|
|
|
|
|
# Functions
|
|
# ---------
|
|
|
|
# Test if any Heat services are enabled
|
|
# is_heat_enabled
|
|
function is_heat_enabled {
|
|
[[ ,${ENABLED_SERVICES} =~ ,"h-" ]] && return 0
|
|
return 1
|
|
}
|
|
|
|
# cleanup_heat() - Remove residual data files, anything left over from previous
|
|
# runs that a clean run would need to clean up
|
|
function cleanup_heat {
|
|
sudo rm -rf $HEAT_AUTH_CACHE_DIR
|
|
sudo rm -rf $HEAT_ENV_DIR
|
|
sudo rm -rf $HEAT_TEMPLATES_DIR
|
|
}
|
|
|
|
# configure_heat() - Set config files, create data dirs, etc
|
|
function configure_heat {
|
|
setup_develop $HEAT_DIR
|
|
|
|
if [[ ! -d $HEAT_CONF_DIR ]]; then
|
|
sudo mkdir -p $HEAT_CONF_DIR
|
|
fi
|
|
sudo chown $STACK_USER $HEAT_CONF_DIR
|
|
# remove old config files
|
|
rm -f $HEAT_CONF_DIR/heat-*.conf
|
|
|
|
HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$HOST_IP}
|
|
HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}
|
|
HEAT_ENGINE_HOST=${HEAT_ENGINE_HOST:-$SERVICE_HOST}
|
|
HEAT_ENGINE_PORT=${HEAT_ENGINE_PORT:-8001}
|
|
HEAT_API_CW_HOST=${HEAT_API_CW_HOST:-$HOST_IP}
|
|
HEAT_API_CW_PORT=${HEAT_API_CW_PORT:-8003}
|
|
HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
|
|
HEAT_API_PORT=${HEAT_API_PORT:-8004}
|
|
HEAT_API_PASTE_FILE=$HEAT_CONF_DIR/api-paste.ini
|
|
HEAT_POLICY_FILE=$HEAT_CONF_DIR/policy.json
|
|
|
|
cp $HEAT_DIR/etc/heat/api-paste.ini $HEAT_API_PASTE_FILE
|
|
cp $HEAT_DIR/etc/heat/policy.json $HEAT_POLICY_FILE
|
|
cp $HEAT_DIR/etc/heat/heat.conf.sample $HEAT_CONF
|
|
|
|
# common options
|
|
iniset_rpc_backend heat $HEAT_CONF DEFAULT
|
|
iniset $HEAT_CONF DEFAULT heat_metadata_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT
|
|
iniset $HEAT_CONF DEFAULT heat_waitcondition_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1/waitcondition
|
|
iniset $HEAT_CONF DEFAULT heat_watch_server_url http://$HEAT_API_CW_HOST:$HEAT_API_CW_PORT
|
|
iniset $HEAT_CONF database connection `database_connection_url heat`
|
|
iniset $HEAT_CONF DEFAULT auth_encryption_key `hexdump -n 16 -v -e '/1 "%02x"' /dev/urandom`
|
|
|
|
# logging
|
|
iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
|
iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG
|
|
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
|
|
# Add color to logging output
|
|
setup_colorized_logging $HEAT_CONF DEFAULT tenant user
|
|
fi
|
|
|
|
# keystone authtoken
|
|
iniset $HEAT_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
|
|
iniset $HEAT_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
|
|
iniset $HEAT_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
|
|
configure_API_version $HEAT_CONF $IDENTITY_API_VERSION
|
|
iniset $HEAT_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
|
|
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
|
iniset $HEAT_CONF keystone_authtoken admin_user heat
|
|
iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
|
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
|
|
|
|
# ec2authtoken
|
|
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
|
|
iniset $HEAT_CONF ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens
|
|
|
|
# paste_deploy
|
|
[[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone
|
|
|
|
# OpenStack API
|
|
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
|
|
|
|
# Cloudformation API
|
|
iniset $HEAT_CONF heat_api_cfn bind_port $HEAT_API_CFN_PORT
|
|
|
|
# Cloudwatch API
|
|
iniset $HEAT_CONF heat_api_cloudwatch bind_port $HEAT_API_CW_PORT
|
|
|
|
# heat environment
|
|
sudo mkdir -p $HEAT_ENV_DIR
|
|
sudo chown $STACK_USER $HEAT_ENV_DIR
|
|
# copy the default environment
|
|
cp $HEAT_DIR/etc/heat/environment.d/* $HEAT_ENV_DIR/
|
|
|
|
# heat template resources.
|
|
sudo mkdir -p $HEAT_TEMPLATES_DIR
|
|
sudo chown $STACK_USER $HEAT_TEMPLATES_DIR
|
|
# copy the default templates
|
|
cp $HEAT_DIR/etc/heat/templates/* $HEAT_TEMPLATES_DIR/
|
|
|
|
}
|
|
|
|
# init_heat() - Initialize database
|
|
function init_heat {
|
|
|
|
# (re)create heat database
|
|
recreate_database heat utf8
|
|
|
|
$HEAT_DIR/bin/heat-manage db_sync
|
|
create_heat_cache_dir
|
|
}
|
|
|
|
# create_heat_cache_dir() - Part of the init_heat() process
|
|
function create_heat_cache_dir {
|
|
# Create cache dirs
|
|
sudo mkdir -p $HEAT_AUTH_CACHE_DIR
|
|
sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR
|
|
}
|
|
|
|
# install_heatclient() - Collect source and prepare
|
|
function install_heatclient {
|
|
git_clone $HEATCLIENT_REPO $HEATCLIENT_DIR $HEATCLIENT_BRANCH
|
|
setup_develop $HEATCLIENT_DIR
|
|
sudo install -D -m 0644 -o $STACK_USER {$HEATCLIENT_DIR/tools/,/etc/bash_completion.d/}heat.bash_completion
|
|
}
|
|
|
|
# install_heat() - Collect source and prepare
|
|
function install_heat {
|
|
git_clone $HEAT_REPO $HEAT_DIR $HEAT_BRANCH
|
|
}
|
|
|
|
# start_heat() - Start running processes, including screen
|
|
function start_heat {
|
|
screen_it h-eng "cd $HEAT_DIR; bin/heat-engine --config-file=$HEAT_CONF"
|
|
screen_it h-api "cd $HEAT_DIR; bin/heat-api --config-file=$HEAT_CONF"
|
|
screen_it h-api-cfn "cd $HEAT_DIR; bin/heat-api-cfn --config-file=$HEAT_CONF"
|
|
screen_it h-api-cw "cd $HEAT_DIR; bin/heat-api-cloudwatch --config-file=$HEAT_CONF"
|
|
}
|
|
|
|
# stop_heat() - Stop running processes
|
|
function stop_heat {
|
|
# Kill the screen windows
|
|
for serv in h-eng h-api h-api-cfn h-api-cw; do
|
|
screen_stop $serv
|
|
done
|
|
}
|
|
|
|
function disk_image_create {
|
|
local elements_path=$1
|
|
local elements=$2
|
|
local arch=$3
|
|
local output=$TOP_DIR/files/$4
|
|
if [[ -f "$output.qcow2" ]]; then
|
|
echo "Image file already exists: $output_file"
|
|
else
|
|
ELEMENTS_PATH=$elements_path disk-image-create \
|
|
$elements -a $arch -o $output
|
|
fi
|
|
# upload with fake URL so that image in $TOP_DIR/files is used
|
|
upload_image "http://localhost/$output.qcow2" $TOKEN
|
|
}
|
|
|
|
# create_heat_accounts() - Set up common required heat accounts
|
|
function create_heat_accounts {
|
|
# migrated from files/keystone_data.sh
|
|
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
|
|
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
|
|
|
|
HEAT_USER=$(openstack user create \
|
|
heat \
|
|
--password "$SERVICE_PASSWORD" \
|
|
--project $SERVICE_TENANT \
|
|
--email heat@example.com \
|
|
| grep " id " | get_field 2)
|
|
openstack role add \
|
|
$ADMIN_ROLE \
|
|
--project $SERVICE_TENANT \
|
|
--user $HEAT_USER
|
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
|
HEAT_SERVICE=$(openstack service create \
|
|
heat \
|
|
--type=orchestration \
|
|
--description="Heat Orchestration Service" \
|
|
| grep " id " | get_field 2)
|
|
openstack endpoint create \
|
|
$HEAT_SERVICE \
|
|
--region RegionOne \
|
|
--publicurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
|
--adminurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
|
--internalurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
|
|
HEAT_CFN_SERVICE=$(openstack service create \
|
|
heat \
|
|
--type=cloudformation \
|
|
--description="Heat CloudFormation Service" \
|
|
| grep " id " | get_field 2)
|
|
openstack endpoint create \
|
|
$HEAT_CFN_SERVICE \
|
|
--region RegionOne \
|
|
--publicurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
|
|
--adminurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
|
|
--internalurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
|
|
fi
|
|
|
|
# heat_stack_user role is for users created by Heat
|
|
openstack role create heat_stack_user
|
|
|
|
if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
|
|
# heat_stack_owner role is given to users who create Heat stacks,
|
|
# it's the default role used by heat to delegate to the heat service
|
|
# user (for performing deferred operations via trusts), see heat.conf
|
|
HEAT_OWNER_ROLE=$(openstack role create \
|
|
heat_stack_owner \
|
|
| grep " id " | get_field 2)
|
|
|
|
# Give the role to the demo and admin users so they can create stacks
|
|
# in either of the projects created by devstack
|
|
openstack role add $HEAT_OWNER_ROLE --project demo --user demo
|
|
openstack role add $HEAT_OWNER_ROLE --project demo --user admin
|
|
openstack role add $HEAT_OWNER_ROLE --project admin --user admin
|
|
iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
|
|
fi
|
|
|
|
if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
|
|
# Note we have to pass token/endpoint here because the current endpoint and
|
|
# version negotiation in OSC means just --os-identity-api-version=3 won't work
|
|
KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"
|
|
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
|
|
--os-identity-api-version=3 domain create heat \
|
|
--description "Owns users and projects created by heat" \
|
|
| grep ' id ' | get_field 2)
|
|
iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID}
|
|
|
|
openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
|
|
--os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
|
|
--domain $D_ID heat_domain_admin \
|
|
--description "Manages users and projects created by heat"
|
|
openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
|
|
--os-identity-api-version=3 role add \
|
|
--user heat_domain_admin --domain ${D_ID} admin
|
|
iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
|
|
iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
|
|
fi
|
|
}
|
|
|
|
# Restore xtrace
|
|
$XTRACE
|
|
|
|
# Tell emacs to use shell-script-mode
|
|
## Local variables:
|
|
## mode: shell-script
|
|
## End:
|