diff --git a/README.md b/README.md index ce8651d..0aa9b95 100644 --- a/README.md +++ b/README.md @@ -10,68 +10,122 @@ snap based OpenStack deployment. The nova snap can be installed directly from the snap store: - sudo snap install [--edge] nova + sudo snap install --edge --classic nova -## Configuring Nova +The nova snap is working towards publication across tracks for +OpenStack releases. The edge channel for each track will contain the tip +of the OpenStack project's master or stable branch, with the beta, candidate, +and stable channels being reserved for released versions. The same version +will be published progressively to beta, then candidate, and then stable once +CI validation completes for the channel. This should result in an experience +such as: -Snaps run in an AppArmor and seccomp confined profile, so don't read -configuration from `/etc/nova` on the hosting operating system install. + sudo snap install --classic --channel=ocata/stable nova + sudo snap install --classic --channel=pike/edge nova -This snap supports configuration via the $SNAP\_COMMON writable area for the -snap: +## Configuring nova - etc +The nova snap gets its default configuration from the following $SNAP +and $SNAP_COMMON locations: + + /snap/nova/current/etc/ + └── nova +    ├── nova.conf +    └── ... + + /var/snap/nova/common/etc/ ├── nova - │   ├── nova.conf - └── nova.conf.d - ├── database.conf - ├── nova-snap.conf - └── keystone.conf + │   └── conf.d + │   └── nova-snap.conf + ├── nginx + │   ├── snap + │   │   ├── nginx.conf + │   │   └── sites-enabled + │   │   └── nova.conf + └── uwsgi + └── snap +   └── nova-placement-api.ini -The nova snap can be configured in a few ways. +The nova snap supports configuration updates via its $SNAP_COMMON writable +area. The default nova configuration can be overridden as follows: -Firstly the nova-server daemon will detect and read `etc/nova/nova.conf` -if it exists so you can reuse your existing tooling to write to this file -for classic style configuration. + /var/snap/nova/common/etc/ + ├── nova + │   ├── conf.d + │   │   ├── nova-snap.conf + │   │   ├── database.conf + │   │   └── rabbitmq.conf + │   └── nova.conf + ├── nginx + │   ├── snap + │   │   ├── nginx.conf + │   │   └── sites-enabled + │   │   └── nova.conf + │   ├── nginx.conf + │   ├── sites-enabled + │   │   └── nova.conf + └── uwsgi +    ├── snap +   │ └── nova-placement-api.ini + └── nova-placement-api.ini -Alternatively the nova daemons will load all configuration files from -`etc/nova.conf.d` - in the above example, database and keystone authtoken -are configured using configuration snippets in separate files in -`etc/nova.conf.d`. +The nova configuration can be overridden or augmented by writing +configuration snippets to files in the conf.d directory. -For reference, $SNAP\_COMMON is typically located under -`/var/snap/nova/common`. +Alternatively, nova configuration can be overridden by adding a full nova.conf +file to the nova/ directory. If overriding in this way, you'll need to update +your config to point at additional config files located in $SNAP, or add those +to $SNAP_COMMON as well. -## Managing Nova +The nova nginx configuration can be overridden by adding an nginx/nginx.conf +and new site config files to the nginx/sites-enabled directory. In this case the +nginx/nginx.conf file would include that sites-enabled directory. If +nginx/nginx.conf exists, nginx/snap/nginx.conf will no longer be used. -Currently all snap binaries must be run as root; for example, to run the -nova-manage binary use: +The nova uwsgi configuration can be overridden similarly by adding a +uwsgi/nova-placement-api.ini file. If uwsgi/nova-placement-api.ini exists, +uwsgi/snap/nova-placement-api.ini will no longer be used. - sudo nova.manage +## Logging nova -## Restarting Nova services +The services for the nova snap will log to its $SNAP_COMMON writable area: +/var/snap/nova/common/log. + +## Managing nova + +The nova snap will drop privileges to run daemons and commands under +a regular user named snap-nova. Additionally, permissions and ownership +of files and directories in /var/snap/nova/common/ are modified to +restrict access from other users. + +The nova snap has alias support that enables use of the well-known +nova-manage command. To enable the alias, run the following prior to +using the command: + + sudo snap alias nova.manage nova-manage + +## Restarting nova services To restart all nova services: sudo systemctl restart snap.nova.* -or restart services individually: +or an individual service can be restarted by dropping the wildcard and +specifying the full service name. - sudo systemctl restart snap.nova.api - -## Building the Nova snap +## Building the nova snap Simply clone this repository and then install and run snapcraft: - git clone https://github.com/openstack-snaps/snap-nova + git clone https://github.com/openstack/snap-nova sudo apt install snapcraft - cd nova + cd snap-nova snapcraft ## Support -Please report any bugs related to this snap on +Please report any bugs related to this snap at: [Launchpad](https://bugs.launchpad.net/snap-nova/+filebug). -Alternatively you can find the OpenStack Snap team in `#openstack-snaps` -on Freenode IRC. +Alternatively you can find the OpenStack Snap team in `#openstack-snaps` on +Freenode IRC. diff --git a/snap/snap-openstack.yaml b/snap/snap-openstack.yaml index 8e046c5..fa94d24 100644 --- a/snap/snap-openstack.yaml +++ b/snap/snap-openstack.yaml @@ -7,17 +7,19 @@ setup: - "{snap_common}/etc/nova" - "{snap_common}/etc/nova/conf.d" - "{snap_common}/etc/nginx" + - "{snap_common}/etc/nginx/sites-enabled" + - "{snap_common}/etc/nginx/snap" + - "{snap_common}/etc/nginx/snap/sites-enabled" - "{snap_common}/etc/uwsgi" + - "{snap_common}/etc/uwsgi/snap" - "{snap_common}/lib" - "{snap_common}/lock" - "{snap_common}/log" - "{snap_common}/run" templates: nova-snap.conf.j2: "{snap_common}/etc/nova/conf.d/nova-snap.conf" - nova-nginx.conf.j2: "{snap_common}/etc/nginx/sites-enabled/nova.conf" - nginx.conf.j2: "{snap_common}/etc/nginx/nginx.conf" - copyfiles: - "{snap}/usr/conf": "{snap_common}/etc/nginx" + nova-nginx.conf.j2: "{snap_common}/etc/nginx/snap/sites-enabled/nova.conf" + nginx.conf.j2: "{snap_common}/etc/nginx/snap/nginx.conf" rchown: "{snap_common}/lib": "snap-nova:snap-nova" "{snap_common}/lock": "snap-nova:snap-nova" @@ -28,6 +30,7 @@ entry_points: binary: "{snap}/bin/nova-api-os-compute" config-files: - "{snap}/etc/nova/nova.conf" + config-files-override: - "{snap_common}/etc/nova/nova.conf" config-dirs: - "{snap_common}/etc/nova/conf.d" @@ -36,25 +39,30 @@ entry_points: snap-nova: [snap-nova] nova-uwsgi: type: uwsgi - uwsgi-dir: "{snap_common}/etc/uwsgi" + uwsgi-dir: "{snap_common}/etc/uwsgi/snap" + uwsgi-dir-override: "{snap_common}/etc/uwsgi" uwsgi-log: "{snap_common}/log/uwsgi.log" config-files: - "{snap}/etc/nova/nova.conf" + config-files-override: - "{snap_common}/etc/nova/nova.conf" config-dirs: - "{snap_common}/etc/nova/conf.d" log-file: "{snap_common}/log/nova-placement-api.log" templates: - nova-placement-api.ini.j2: "{snap_common}/etc/uwsgi/nova-placement-api.ini" + nova-placement-api.ini.j2: + "{snap_common}/etc/uwsgi/snap/nova-placement-api.ini" run-as: snap-nova: [snap-nova] nova-nginx: type: nginx - config-file: "{snap_common}/etc/nginx/nginx.conf" + config-file: "{snap_common}/etc/nginx/snap/nginx.conf" + config-file-override: "{snap_common}/etc/nginx/nginx.conf" nova-conductor: binary: "{snap}/bin/nova-conductor" config-files: - "{snap}/etc/nova/nova.conf" + config-files-override: - "{snap_common}/etc/nova/nova.conf" config-dirs: - "{snap_common}/etc/nova/conf.d" @@ -65,6 +73,7 @@ entry_points: binary: "{snap}/bin/nova-scheduler" config-files: - "{snap}/etc/nova/nova.conf" + config-files-override: - "{snap_common}/etc/nova/nova.conf" config-dirs: - "{snap_common}/etc/nova/conf.d" @@ -75,6 +84,7 @@ entry_points: binary: "{snap}/bin/nova-consoleauth" config-files: - "{snap}/etc/nova/nova.conf" + config-files-override: - "{snap_common}/etc/nova/nova.conf" config-dirs: - "{snap_common}/etc/nova/conf.d" @@ -85,6 +95,7 @@ entry_points: binary: "{snap}/bin/nova-manage" config-files: - "{snap}/etc/nova/nova.conf" + config-files-override: - "{snap_common}/etc/nova/nova.conf" config-dirs: - "{snap_common}/etc/nova/conf.d" diff --git a/snap/templates/nginx.conf.j2 b/snap/templates/nginx.conf.j2 index 70c4e98..c46bc64 100644 --- a/snap/templates/nginx.conf.j2 +++ b/snap/templates/nginx.conf.j2 @@ -17,7 +17,7 @@ http { keepalive_timeout 65; types_hash_max_size 2048; - include {{ snap_common }}/etc/nginx/mime.types; + include {{ snap }}/usr/conf/mime.types; default_type application/octet-stream; ## @@ -35,5 +35,5 @@ http { gzip_disable "msie6"; include {{ snap_common }}/etc/nginx/conf.d/*.conf; - include {{ snap_common }}/etc/nginx/sites-enabled/*; + include {{ snap_common }}/etc/nginx/snap/sites-enabled/*; } diff --git a/snap/templates/nova-nginx.conf.j2 b/snap/templates/nova-nginx.conf.j2 index c5ba1aa..91c43a6 100644 --- a/snap/templates/nova-nginx.conf.j2 +++ b/snap/templates/nova-nginx.conf.j2 @@ -3,7 +3,7 @@ server { access_log {{ snap_common }}/log/nginx-access.log; error_log {{ snap_common }}/log/nginx-error.log; location / { - include uwsgi_params; + include {{ snap }}/usr/conf/uwsgi_params; uwsgi_param SCRIPT_NAME ''; uwsgi_pass unix://{{ snap_common }}/run/placement-api.sock; }