openstack/devstack
Code Issues Proposed changes
a8fad91cdf
devstack/lib/trove
Jamie Lennox e8bc2b82a0 Reduce service user permissions 
Most of the services create the service user with the admin permission.
This is unnecessary for token validation and they should be restricted
to only having the service role.

Change-Id: Id7a9366d2c6a36139240f64371002362dc2d8d3b
2015-02-11 14:49:56 +11:00

248 lines
9.7 KiB
Bash
Raw Blame History

#!/bin/bash
#
# lib/trove
# Functions to control the configuration and operation of the **Trove** service
# Dependencies:
# ``functions`` file
# ``DEST``, ``STACK_USER`` must be defined
# ``SERVICE_{HOST|PROTOCOL|TOKEN}`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
# install_trove
# configure_trove
# init_trove
# start_trove
# stop_trove
# cleanup_trove
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
if is_service_enabled neutron; then
TROVE_HOST_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-172.24.4.1}
else
TROVE_HOST_GATEWAY=${NETWORK_GATEWAY:-10.0.0.1}
fi
# Set up default configuration
GITDIR["python-troveclient"]=$DEST/python-troveclient
TROVE_DIR=$DEST/trove
TROVE_CONF_DIR=/etc/trove
TROVE_LOCAL_CONF_DIR=$TROVE_DIR/etc/trove
TROVE_AUTH_CACHE_DIR=${TROVE_AUTH_CACHE_DIR:-/var/cache/trove}
TROVE_DATASTORE_TYPE=${TROVE_DATASTORE_TYPE:-"mysql"}
TROVE_DATASTORE_VERSION=${TROVE_DATASTORE_VERSION:-"5.5"}
TROVE_DATASTORE_PACKAGE=${TROVE_DATASTORE_PACKAGE:-"mysql-server-5.5"}
# Support entry points installation of console scripts
if [[ -d $TROVE_DIR/bin ]]; then
TROVE_BIN_DIR=$TROVE_DIR/bin
else
TROVE_BIN_DIR=$(get_python_exec_prefix)
fi
# Tell Tempest this project is present
TEMPEST_SERVICES+=,trove
# Functions
# ---------
# Test if any Trove services are enabled
# is_trove_enabled
function is_trove_enabled {
[[ ,${ENABLED_SERVICES} =~ ,"tr-" ]] && return 0
return 1
}
# setup_trove_logging() - Adds logging configuration to conf files
function setup_trove_logging {
local CONF=$1
iniset $CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $CONF DEFAULT use_syslog $SYSLOG
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
# Add color to logging output
setup_colorized_logging $CONF DEFAULT tenant user
fi
}
# create_trove_accounts() - Set up common required trove accounts
# Tenant User Roles
# ------------------------------------------------------------------
# service trove admin # if enabled
function create_trove_accounts {
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
create_service_user "trove"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
local trove_service=$(get_or_create_service "trove" \
"database" "Trove Service")
get_or_create_endpoint $trove_service \
"$REGION_NAME" \
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s" \
"http://$SERVICE_HOST:8779/v1.0/\$(tenant_id)s"
fi
fi
}
# stack.sh entry points
# ---------------------
# cleanup_trove() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_trove {
#Clean up dirs
rm -fr $TROVE_AUTH_CACHE_DIR/*
rm -fr $TROVE_CONF_DIR/*
}
# configure_trove() - Set config files, create data dirs, etc
function configure_trove {
setup_develop $TROVE_DIR
# Create the trove conf dir and cache dirs if they don't exist
sudo mkdir -p ${TROVE_CONF_DIR}
sudo mkdir -p ${TROVE_AUTH_CACHE_DIR}
sudo chown -R $STACK_USER: ${TROVE_CONF_DIR}
sudo chown -R $STACK_USER: ${TROVE_AUTH_CACHE_DIR}
# Copy api-paste file over to the trove conf dir
cp $TROVE_LOCAL_CONF_DIR/api-paste.ini $TROVE_CONF_DIR/api-paste.ini
# (Re)create trove conf files
rm -f $TROVE_CONF_DIR/trove.conf
rm -f $TROVE_CONF_DIR/trove-taskmanager.conf
rm -f $TROVE_CONF_DIR/trove-conductor.conf
iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove.conf DEFAULT default_datastore $TROVE_DATASTORE_TYPE
setup_trove_logging $TROVE_CONF_DIR/trove.conf
iniset $TROVE_CONF_DIR/trove.conf DEFAULT trove_api_workers "$API_WORKERS"
configure_auth_token_middleware $TROVE_CONF_DIR/trove.conf trove $TROVE_AUTH_CACHE_DIR
# (Re)create trove taskmanager conf file if needed
if is_service_enabled tr-tmgr; then
TROVE_AUTH_ENDPOINT=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT nova_proxy_admin_user radmin
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT nova_proxy_admin_tenant_name trove
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
iniset $TROVE_CONF_DIR/trove-taskmanager.conf DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
setup_trove_logging $TROVE_CONF_DIR/trove-taskmanager.conf
fi
# (Re)create trove conductor conf file if needed
if is_service_enabled tr-cond; then
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT sql_connection `database_connection_url trove`
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_user radmin
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_tenant_name trove
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
iniset $TROVE_CONF_DIR/trove-conductor.conf DEFAULT control_exchange trove
setup_trove_logging $TROVE_CONF_DIR/trove-conductor.conf
fi
# Set up Guest Agent conf
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_userid $RABBIT_USERID
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_host $TROVE_HOST_GATEWAY
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT rabbit_password $RABBIT_PASSWORD
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_user radmin
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_tenant_name trove
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT nova_proxy_admin_pass $RADMIN_USER_PASS
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT trove_auth_url $TROVE_AUTH_ENDPOINT
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT control_exchange trove
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT ignore_users os_admin
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT log_dir /tmp/
iniset $TROVE_CONF_DIR/trove-guestagent.conf DEFAULT log_file trove-guestagent.log
setup_trove_logging $TROVE_CONF_DIR/trove-guestagent.conf
}
# install_troveclient() - Collect source and prepare
function install_troveclient {
if use_library_from_git "python-troveclient"; then
git_clone_by_name "python-troveclient"
setup_dev_lib "python-troveclient"
fi
}
# install_trove() - Collect source and prepare
function install_trove {
git_clone $TROVE_REPO $TROVE_DIR $TROVE_BRANCH
}
# init_trove() - Initializes Trove Database as a Service
function init_trove {
# (Re)Create trove db
recreate_database trove
# Initialize the trove database
$TROVE_BIN_DIR/trove-manage db_sync
# If no guest image is specified, skip remaining setup
[ -z "$TROVE_GUEST_IMAGE_URL" ] && return 0
# Find the glance id for the trove guest image
# The image is uploaded by stack.sh -- see $IMAGE_URLS handling
GUEST_IMAGE_NAME=$(basename "$TROVE_GUEST_IMAGE_URL")
GUEST_IMAGE_NAME=${GUEST_IMAGE_NAME%.*}
TROVE_GUEST_IMAGE_ID=$(openstack --os-token $TOKEN --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT image list | grep "${GUEST_IMAGE_NAME}" | get_field 1)
if [ -z "$TROVE_GUEST_IMAGE_ID" ]; then
# If no glance id is found, skip remaining setup
echo "Datastore ${TROVE_DATASTORE_TYPE} will not be created: guest image ${GUEST_IMAGE_NAME} not found."
return 1
fi
# Now that we have the guest image id, initialize appropriate datastores / datastore versions
$TROVE_BIN_DIR/trove-manage datastore_update "$TROVE_DATASTORE_TYPE" ""
$TROVE_BIN_DIR/trove-manage datastore_version_update "$TROVE_DATASTORE_TYPE" "$TROVE_DATASTORE_VERSION" "$TROVE_DATASTORE_TYPE" \
"$TROVE_GUEST_IMAGE_ID" "$TROVE_DATASTORE_PACKAGE" 1
$TROVE_BIN_DIR/trove-manage datastore_version_update "$TROVE_DATASTORE_TYPE" "inactive_version" "inactive_manager" "$TROVE_GUEST_IMAGE_ID" "" 0
$TROVE_BIN_DIR/trove-manage datastore_update "$TROVE_DATASTORE_TYPE" "$TROVE_DATASTORE_VERSION"
$TROVE_BIN_DIR/trove-manage datastore_update "Inactive_Datastore" ""
}
# start_trove() - Start running processes, including screen
function start_trove {
run_process tr-api "$TROVE_BIN_DIR/trove-api --config-file=$TROVE_CONF_DIR/trove.conf --debug"
run_process tr-tmgr "$TROVE_BIN_DIR/trove-taskmanager --config-file=$TROVE_CONF_DIR/trove-taskmanager.conf --debug"
run_process tr-cond "$TROVE_BIN_DIR/trove-conductor --config-file=$TROVE_CONF_DIR/trove-conductor.conf --debug"
}
# stop_trove() - Stop running processes
function stop_trove {
# Kill the trove screen windows
local serv
for serv in tr-api tr-tmgr tr-cond; do
stop_process $serv
done
}
# Restore xtrace
$XTRACE
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End:
View Git Blame Copy Permalink