Merge remote-tracking branch 'origin/master' into deployment-2

Conflicts:
	example.py
	resources/mariadb_service/actions/run.yml
This commit is contained in:
Evgeniy L 2015-06-03 10:41:16 +02:00
commit 05b9819f1f
36 changed files with 1015 additions and 54 deletions

5
Vagrantfile vendored
View File

@ -14,7 +14,8 @@ SCRIPT
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "deb/jessie-amd64"
#config.vm.box = "deb/jessie-amd64"
config.vm.box = "rustyrobot/deb-jessie-amd64"
config.vm.define "solar-dev", primary: true do |config|
config.vm.provision "shell", inline: init_script, privileged: true
@ -38,7 +39,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.host_name = "solar-dev#{index}"
config.vm.provider :virtualbox do |v|
v.customize ["modifyvm", :id, "--memory", 512]
v.customize ["modifyvm", :id, "--memory", 1024]
v.name = "solar-dev#{index}"
end
end

View File

@ -1,4 +1,5 @@
import click
import json
import requests
import sys
import time
@ -11,6 +12,7 @@ from solar.core import validation
from solar.interfaces.db import get_db
@click.group()
def main():
pass
@ -44,6 +46,22 @@ def deploy():
haproxy_config = resource.create('haproxy_config', 'resources/haproxy_config', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'configs_names':[], 'configs_ports':[], 'listen_ports':[], 'configs':[], 'config_dir': ''})
haproxy_service = resource.create('haproxy_service', 'resources/docker_container/', {'image': 'tutum/haproxy', 'ports': [], 'host_binds': [], 'volume_binds':[], 'ip': '', 'ssh_key': '', 'ssh_user': ''})
glance_db = resource.create('glance_db', 'resources/mariadb_db/', {'db_name': 'glance_db', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
glance_db_user = resource.create('glance_db_user', 'resources/mariadb_user/', {'new_user_name': 'glance', 'new_user_password': 'glance', 'db_name': '', 'login_password': '', 'login_user': 'root', 'login_port': '', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
services_tenant = resource.create('glance_keystone_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': 'services', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
glance_keystone_user = resource.create('glance_keystone_user', 'resources/keystone_user', {'user_name': 'glance_admin', 'user_password': 'password1234', 'tenant_name': 'service_admins', 'role_name': 'glance_admin', 'keystone_host': '', 'keystone_port': '', 'admin_token': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
glance_keystone_role = resource.create('glance_keystone_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
glance_config = resource.create('glance_config', 'resources/glance_config/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'keystone_ip': '', 'keystone_port': '', 'config_dir': {}, 'api_port': '', 'registry_port': '', 'mysql_ip': '', 'mysql_db': '', 'mysql_user': '', 'mysql_password': '', 'keystone_admin_user': '', 'keystone_admin_password': '', 'keystone_admin_port': '', 'keystone_admin_tenant': ''})
glance_api_container = resource.create('glance_api_container', 'resources/glance_api_service/', {'image': 'cgenie/centos-rdo-glance-api', 'ports': [{'value': [{'value': 9292}]}], 'host_binds': [], 'volume_binds': [], 'db_password': '', 'keystone_password': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
glance_registry_container = resource.create('glance_registry_container', 'resources/glance_registry_service/', {'image': 'cgenie/centos-rdo-glance-registry', 'ports': [{'value': [{'value': 9191}]}], 'host_binds': [], 'volume_binds': [], 'db_host': '', 'db_root_password': '', 'db_password': '', 'db_name': '', 'db_user': '', 'keystone_admin_tenant': '', 'keystone_password': '', 'keystone_user': '', 'keystone_admin_token': '', 'keystone_host': '', 'ip': '', 'ssh_key': '', 'ssh_user': ''})
# TODO: admin_port should be refactored, we need to rethink docker
# container resource and make it common for all
# resources used in this demo
glance_api_endpoint = resource.create('glance_api_endpoint', 'resources/keystone_service_endpoint/', {'ip': '', 'ssh_key': '', 'ssh_user': '', 'admin_port': 9292, 'admin_token': '', 'adminurl': 'http://{{ip}}:{{admin_port}}', 'internalurl': 'http://{{ip}}:{{port}}', 'publicurl': 'http://{{ip}}:{{port}}', 'description': 'OpenStack Image Service', 'keystone_host': '', 'keystone_port': '', 'name': 'glance', 'port': 9292, 'type': 'image'})
admin_tenant = resource.create('admin_tenant', 'resources/keystone_tenant', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
admin_user = resource.create('admin_user', 'resources/keystone_user', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': 'admin', 'user_password': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
admin_role = resource.create('admin_role', 'resources/keystone_role', {'keystone_host': '', 'keystone_port': '', 'login_user': 'admin', 'admin_token': '', 'tenant_name': '', 'user_name': '', 'role_name': 'admin', 'ip': '', 'ssh_user': '', 'ssh_key': ''})
@ -104,27 +122,60 @@ def deploy():
signals.connect(keystone_service1, keystone_service_endpoint, {'ip': 'keystone_host','admin_port': 'admin_port', 'port': 'port'})
signals.connect(keystone_service1, keystone_service_endpoint, {'admin_port': 'keystone_port'})
# glance db
signals.connect(node1, glance_db)
signals.connect(mariadb_service1, glance_db, {'root_password': 'login_password', 'port': 'login_port'})
signals.connect(node1, glance_db_user)
signals.connect(mariadb_service1, glance_db_user, {'root_password': 'login_password', 'port': 'login_port'})
signals.connect(glance_db, glance_db_user, {'db_name': 'db_name'})
# glance keystone user
signals.connect(keystone_config1, services_tenant)
signals.connect(keystone_service1, services_tenant, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
signals.connect(services_tenant, glance_keystone_user) # standard ip, ssh_key, ssh_user
signals.connect(glance_keystone_user, glance_keystone_role)
signals.connect(keystone_service1, glance_keystone_user, {'admin_port': 'keystone_port', 'ip': 'keystone_host'})
signals.connect(keystone_config1, glance_keystone_user, {'admin_token': 'admin_token'})
signals.connect(glance_keystone_user, glance_config, {'user_name': 'keystone_admin_user', 'user_password': 'keystone_admin_password', 'tenant_name': 'keystone_admin_tenant'})
signals.connect(keystone_service2, glance_config, {'admin_port': 'keystone_admin_port'})
# glance
signals.connect(node2, glance_config)
signals.connect(haproxy_keystone_config, glance_config, {'listen_port': 'keystone_port'})
signals.connect(haproxy_service, glance_config, {'ip': 'keystone_ip'})
signals.connect(mariadb_service1, glance_config, {'ip': 'mysql_ip'})
signals.connect(glance_db, glance_config, {'db_name': 'mysql_db'})
signals.connect(glance_db_user, glance_config, {'new_user_name': 'mysql_user', 'new_user_password': 'mysql_password'})
signals.connect(node2, glance_api_container)
signals.connect(glance_config, glance_api_container, {'config_dir': 'host_binds'})
signals.connect(glance_db_user, glance_api_container, {'new_user_password': 'db_password'})
signals.connect(glance_keystone_user, glance_api_container, {'user_password': 'keystone_password'})
signals.connect(glance_keystone_user, glance_api_container, {'admin_token': 'keystone_admin_token'})
signals.connect(haproxy_config, glance_api_container, {'ip': 'keystone_host'})
signals.connect(node2, glance_registry_container)
signals.connect(glance_config, glance_registry_container, {'config_dir': 'host_binds'})
signals.connect(mariadb_service1, glance_registry_container, {'ip': 'db_host'})
signals.connect(glance_db, glance_registry_container, {'db_name': 'db_name', 'login_password': 'db_root_password'})
signals.connect(glance_db_user, glance_registry_container, {'new_user_name': 'db_user', 'new_user_password': 'db_password'})
signals.connect(glance_keystone_user, glance_registry_container, {'tenant_name': 'keystone_admin_tenant', 'user_name': 'keystone_user', 'user_password': 'keystone_password'})
signals.connect(glance_keystone_user, glance_registry_container, {'admin_token': 'keystone_admin_token'})
signals.connect(haproxy_config, glance_registry_container, {'ip': 'keystone_host'})
# glance keystone endpoint
signals.connect(glance_api_container, glance_api_endpoint, {'ip': 'ip', 'ssh_user': 'ssh_user', 'ssh_key': 'ssh_key'})
signals.connect(keystone_config1, glance_api_endpoint, {'admin_token': 'admin_token'})
signals.connect(keystone_service1, glance_api_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port'})
has_errors = False
for r in [node1,
node2,
mariadb_service1,
keystone_db,
rabbitmq_service1,
openstack_vhost,
openstack_rabbitmq_user,
keystone_db_user,
keystone_config1,
keystone_service1,
keystone_config2,
keystone_service2,
haproxy_keystone_config,
haproxy_config,
haproxy_service,
admin_tenant,
admin_user,
admin_role,
keystone_service_endpoint]:
for r in locals().values():
if not isinstance(r, resource.Resource):
continue
print 'Validating {}'.format(r.name)
errors = validation.validate_resource(r)
if errors:
has_errors = True
@ -155,12 +206,48 @@ def deploy():
actions.resource_action(admin_role, 'run')
actions.resource_action(keystone_service_endpoint, 'run')
actions.resource_action(services_tenant, 'run')
actions.resource_action(glance_keystone_user, 'run')
actions.resource_action(glance_keystone_role, 'run')
actions.resource_action(glance_db, 'run')
actions.resource_action(glance_db_user, 'run')
actions.resource_action(glance_config, 'run')
actions.resource_action(glance_api_container, 'run')
time.sleep(10) #TODO fix
actions.resource_action(glance_registry_container, 'run')
time.sleep(10)
actions.resource_action(glance_api_endpoint, 'run')
# test working configuration
requests.get('http://%s:%s' % (keystone_service1.args['ip'].value, keystone_service1.args['port'].value))
requests.get('http://%s:%s' % (keystone_service2.args['ip'].value, keystone_service2.args['port'].value))
requests.get('http://%s:%s' % (haproxy_service.args['ip'].value, haproxy_service.args['ports'].value[0]['value'][0]['value']))
token_data = requests.post(
'http://%s:%s/v2.0/tokens' % (haproxy_service.args['ip'].value, haproxy_keystone_config.args['listen_port'].value),
json.dumps({
'auth': {
'tenantName': glance_keystone_user.args['tenant_name'].value,
'passwordCredentials': {
'username': glance_keystone_user.args['user_name'].value,
'password': glance_keystone_user.args['user_password'].value,
}
}
}),
headers={'Content-Type': 'application/json'}
)
token = token_data.json()['access']['token']['id']
print 'TOKEN: {}'.format(token)
requests.get('http://%s:%s' % (rabbitmq_service1.args['ip'].value, rabbitmq_service1.args['management_port'].value))
requests.get('http://%s:%s' % (glance_api_container.args['ip'].value, glance_api_container.args['ports'].value[0]['value'][0]['value']))
requests.get(
'http://%s:%s' % (glance_registry_container.args['ip'].value, glance_registry_container.args['ports'].value[0]['value'][0]['value']),
headers={'X-Auth-Token': token}
)
@click.command()
def undeploy():
@ -169,10 +256,21 @@ def undeploy():
resources = map(resource.wrap_resource, db.get_list('resource'))
resources = {r.name: r for r in resources}
actions.resource_action(resources['glance_api_endpoint'], 'remove')
actions.resource_action(resources['glance_api_container'], 'remove')
actions.resource_action(resources['glance_registry_container'], 'remove')
actions.resource_action(resources['glance_config'], 'remove')
actions.resource_action(resources['glance_db_user'], 'remove')
actions.resource_action(resources['glance_db'], 'remove')
actions.resource_action(resources['glance_keystone_role'], 'remove')
actions.resource_action(resources['glance_keystone_user'], 'remove')
actions.resource_action(resources['glance_keystone_tenant'], 'remove')
actions.resource_action(resources['keystone_service_endpoint'], 'remove')
actions.resource_action(resources['admin_role'], 'remove')
actions.resource_action(resources['admin_user'], 'remove')
actions.resource_action(resources['admin_tenant'], 'remove')
actions.resource_action(resources['haproxy_service'], 'remove')
actions.resource_action(resources['haproxy_config'], 'remove')
actions.resource_action(resources['keystone_service2'], 'remove')

View File

@ -13,8 +13,12 @@
- apt: name=python-pudb state=present
- apt: name=python-pip state=present
- apt: name=python-mysqldb state=present
- apt: name=jq state=present
- shell: pip install -U pip
- shell: pip install docker-py==1.1.0
- shell: pip install python-keystoneclient==1.5.0
- shell: pip install httpie
# requirements
- shell: pip install -r /vagrant/requirements.txt

View File

@ -12,10 +12,10 @@ input:
schema: [{value: [{value: int}]}]
value: []
host_binds:
schema: [{value: {src: str, dst: str}}]
schema: [{value: {src: str, dst: str, mode: str}}]
value: []
volume_binds:
schema: [{src: str, dst: str}]
schema: [{src: str, dst: str, mode: str}]
value: []
ssh_user:
schema: str!

View File

@ -0,0 +1,6 @@
- hosts: [{{ ip }}]
sudo: yes
tasks:
- shell: docker stop {{ name }}
- shell: docker rm {{ name }}

View File

@ -0,0 +1,28 @@
- hosts: [{{ ip }}]
sudo: yes
tasks:
- docker:
command: /bin/bash -c "glance-manage db_sync && /usr/bin/glance-api"
name: {{ name }}
image: {{ image }}
state: running
net: host
{% if ports.value %}
ports:
{% for port in ports.value %}
{% for p in port['value'] %}
- {{ p['value'] }}:{{ p['value'] }}
{% endfor %}
{% endfor %}
{% endif %}
{% if host_binds.value %}
volumes:
# TODO: host_binds might need more work
# Currently it's not that trivial to pass custom src: dst here
# (when a config variable is passed here from other resource)
# so we mount it to the same directory as on host
{% for bind in host_binds.value %}
- {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
{% endfor %}
{% endif %}

View File

@ -0,0 +1,40 @@
id: container
handler: ansible
version: 1.0.0
input:
ip:
schema: str!
value:
image:
schema: str!
value:
ports:
schema: [{value: [{value: int}]}]
value: []
host_binds:
schema: [{value: {src: str, dst: str, mode: str}}]
value: []
volume_binds:
schema: [{src: str, dst: str, mode: str}]
value: []
ssh_user:
schema: str!
value: []
ssh_key:
schema: str!
value: []
db_password:
schema: str!
value:
keystone_admin_token:
schema: str!
value:
keystone_password:
schema: str!
value:
keystone_host:
schema: str!
value:
tags: [resource/container]

View File

@ -0,0 +1,5 @@
- hosts: [{{ ip }}]
sudo: yes
tasks:
- shell: echo 'removed'

View File

@ -0,0 +1,36 @@
- hosts: [{{ ip }}]
sudo: yes
vars:
api_port: {{ api_port }}
registry_port: {{ registry_port }}
keystone_ip: {{ keystone_ip }}
keystone_port: {{ keystone_port }}
keystone_admin_user: {{ keystone_admin_user }}
keystone_admin_password: {{ keystone_admin_password }}
keystone_admin_port: {{ keystone_admin_port }}
keystone_admin_tenant: {{ keystone_admin_tenant }}
mysql_ip: {{ mysql_ip }}
mysql_db: {{ mysql_db }}
mysql_user: {{ mysql_user }}
mysql_password: {{ mysql_password }}
config_dir: {src: {{ config_dir.value['src'] }}, dst: {{ config_dir.value['dst'] }}}
tasks:
- file: path={{ config_dir.value['src'] }}/ state=directory
- file: path={{ config_dir.value['src'] }}/glance-api.conf state=touch
- file: path={{ config_dir.value['src'] }}/glance-api-paste.ini state=touch
- file: path={{ config_dir.value['src'] }}/glance-cache.conf state=touch
- file: path={{ config_dir.value['src'] }}/glance-registry.conf state=touch
- file: path={{ config_dir.value['src'] }}/glance-registry-paste.ini state=touch
- file: path={{ config_dir.value['src'] }}/glance-scrubber.conf state=touch
- file: path={{ config_dir.value['src'] }}/policy.json state=touch
- file: path={{ config_dir.value['src'] }}/schema-image.json state=touch
- file: path={{ config_dir.value['src'] }}/exports state=touch
- template: src={{ resource_dir }}/templates/glance-api.conf dest={{ config_dir.value['src'] }}/glance-api.conf
- template: src={{ resource_dir }}/templates/glance-api-paste.ini dest={{ config_dir.value['src'] }}/glance-api-paste.ini
- template: src={{ resource_dir }}/templates/glance-cache.conf dest={{ config_dir.value['src'] }}/glance-cache.conf
- template: src={{ resource_dir }}/templates/glance-registry.conf dest={{ config_dir.value['src'] }}/glance-registry.conf
- template: src={{ resource_dir }}/templates/glance-registry-paste.ini dest={{ config_dir.value['src'] }}/glance-registry-paste.ini
- template: src={{ resource_dir }}/templates/glance-scrubber.conf dest={{ config_dir.value['src'] }}/glance-scrubber.conf
- template: src={{ resource_dir }}/templates/policy.json dest={{ config_dir.value['src'] }}/policy.json
- template: src={{ resource_dir }}/templates/schema-image.json dest={{ config_dir.value['src'] }}/schema-image.json
- template: src={{ resource_dir }}/templates/exports dest={{ config_dir.value['src'] }}/glance-export

View File

@ -0,0 +1,53 @@
id: glance_config
handler: ansible
version: 1.0.0
input:
ip:
schema: str!
value:
ssh_user:
schema: str!
value: []
ssh_key:
schema: str!
value: []
config_dir:
schema: {src: str!, dst: str!, mode: str}
value: {src: /etc/solar/glance, dst: /etc/glance, mode: rw}
api_port:
schema: int!
value: 9292
registry_port:
schema: int!
value: 9191
keystone_ip:
schema: str!
value:
keystone_port:
schema: int!
value: 5000
keystone_admin_user:
schema: str!
value: glance_admin
keystone_admin_password:
schema: str!
value: password1234
keystone_admin_port:
schema: int!
value:
keystone_admin_tenant:
schema: str!
value: service_admins
mysql_ip:
schema: str!
value:
mysql_db:
schema: str!
value:
mysql_user:
schema: str!
value:
mysql_password:
schema: str!
value:

View File

@ -0,0 +1,4 @@
export OS_TENANT_NAME={{ keystone_admin_tenant }}
export OS_USERNAME={{ keystone_admin_user }}
export OS_PASSWORD={{ keystone_admin_password }}
export OS_AUTH_URL=http://{{ keystone_ip }}:{{ keystone_admin_port }}/v2.0

View File

@ -0,0 +1,82 @@
# Use this pipeline for no auth or image caching - DEFAULT
[pipeline:glance-api]
#pipeline = versionnegotiation osprofiler unauthenticated-context rootapp
pipeline = versionnegotiation authtoken context appv1app
# Use this pipeline for image caching and no auth
[pipeline:glance-api-caching]
pipeline = versionnegotiation osprofiler unauthenticated-context cache rootapp
# Use this pipeline for caching w/ management interface but no auth
[pipeline:glance-api-cachemanagement]
pipeline = versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
# Use this pipeline for keystone auth
[pipeline:glance-api-keystone]
pipeline = versionnegotiation osprofiler authtoken context rootapp
# Use this pipeline for keystone auth with image caching
[pipeline:glance-api-keystone+caching]
pipeline = versionnegotiation osprofiler authtoken context cache rootapp
# Use this pipeline for keystone auth with caching and cache management
[pipeline:glance-api-keystone+cachemanagement]
pipeline = versionnegotiation osprofiler authtoken context cache cachemanage rootapp
# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user.
[pipeline:glance-api-trusted-auth]
pipeline = versionnegotiation osprofiler context rootapp
# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user and uses cache management
[pipeline:glance-api-trusted-auth+cachemanagement]
pipeline = versionnegotiation osprofiler context cache cachemanage rootapp
[composite:rootapp]
paste.composite_factory = glance.api:root_app_factory
/: apiversions
/v1: apiv1app
/v2: apiv2app
[app:apiversions]
paste.app_factory = glance.api.versions:create_resource
[app:apiv1app]
paste.app_factory = glance.api.v1.router:API.factory
[app:apiv2app]
paste.app_factory = glance.api.v2.router:API.factory
[filter:versionnegotiation]
paste.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
[filter:cache]
paste.filter_factory = glance.api.middleware.cache:CacheFilter.factory
[filter:cachemanage]
paste.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter.factory
[filter:context]
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
[filter:unauthenticated-context]
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
admin_user = {{ keystone_admin_user }}
admin_tenant_name = {{ keystone_admin_tenant }}
admin_password = {{ keystone_admin_password }}
#delay_auth_decision = true
[filter:gzip]
paste.filter_factory = glance.api.middleware.gzip:GzipMiddleware.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY
enabled = yes

View File

@ -0,0 +1,35 @@
[DEFAULT]
default_store = file
bind_host = 0.0.0.0
bind_port = {{ api_port }}
log_file = /var/log/glance/api.log
backlog = 4096
registry_host = 0.0.0.0
registry_port = {{ registry_port }}
registry_client_protocol = http
delayed_delete = False
scrub_time = 43200
scrubber_datadir = /var/lib/glance/scrubber
image_cache_dir = /var/lib/glance/image-cache/
[database]
connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }}
backend = mysql
[keystone_authtoken]
auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
admin_tenant_name = {{ keystone_admin_tenant }}
admin_user = {{ keystone_admin_user }}
admin_password = {{ keystone_admin_password }}
revocation_cache_time = 10
[paste_deploy]
flavor=keystone+cachemanagement
[glance_store]
filesystem_store_datadir = /var/lib/glance/images/
sheepdog_store_address = localhost
sheepdog_store_port = 7000
sheepdog_store_chunk_size = 64

View File

@ -0,0 +1,200 @@
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
#verbose = False
# Show debugging output in logs (sets DEBUG log level output)
#debug = False
# Log to this file. Make sure you do not set the same log file for both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
log_file = /var/log/glance/image-cache.log
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
#use_syslog = False
# Directory that the Image Cache writes data to
image_cache_dir = /var/lib/glance/image-cache/
# Number of seconds after which we should consider an incomplete image to be
# stalled and eligible for reaping
image_cache_stall_time = 86400
# Max cache size in bytes
image_cache_max_size = 10737418240
# Address to find the registry server
registry_host = 0.0.0.0
# Port the registry server is listening on
registry_port = 9191
# Auth settings if using Keystone
# auth_url = http://127.0.0.1:5000/v2.0/
# admin_tenant_name = %SERVICE_TENANT_NAME%
# admin_user = %SERVICE_USER%
# admin_password = %SERVICE_PASSWORD%
# List of which store classes and store class locations are
# currently known to glance at startup.
# known_stores = glance.store.filesystem.Store,
# glance.store.http.Store,
# glance.store.rbd.Store,
# glance.store.s3.Store,
# glance.store.swift.Store,
# glance.store.sheepdog.Store,
# glance.store.cinder.Store,
# glance.store.vmware_datastore.Store,
# ============ Filesystem Store Options ========================
# Directory that the Filesystem backend store
# writes image data to
filesystem_store_datadir = /var/lib/glance/images/
# ============ Swift Store Options =============================
# Version of the authentication service to use
# Valid versions are '2' for keystone and '1' for swauth and rackspace
swift_store_auth_version = 2
# Address where the Swift authentication service lives
# Valid schemes are 'http://' and 'https://'
# If no scheme specified, default to 'https://'
# For swauth, use something like '127.0.0.1:8080/v1.0/'
swift_store_auth_address = 127.0.0.1:5000/v2.0/
# User to authenticate against the Swift authentication service
# If you use Swift authentication service, set it to 'account':'user'
# where 'account' is a Swift storage account and 'user'
# is a user in that account
swift_store_user = jdoe:jdoe
# Auth key for the user authenticating against the
# Swift authentication service
swift_store_key = a86850deb2742ec3cb41518e26aa2d89
# Container within the account that the account should use
# for storing images in Swift
swift_store_container = glance
# Do we create the container if it does not exist?
swift_store_create_container_on_put = False
# What size, in MB, should Glance start chunking image files
# and do a large object manifest in Swift? By default, this is
# the maximum object size in Swift, which is 5GB
swift_store_large_object_size = 5120
# When doing a large object manifest, what size, in MB, should
# Glance write chunks to Swift? This amount of data is written
# to a temporary disk buffer during the process of chunking
# the image file, and the default is 200MB
swift_store_large_object_chunk_size = 200
# Whether to use ServiceNET to communicate with the Swift storage servers.
# (If you aren't RACKSPACE, leave this False!)
#
# To use ServiceNET for authentication, prefix hostname of
# `swift_store_auth_address` with 'snet-'.
# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
swift_enable_snet = False
# ============ S3 Store Options =============================
# Address where the S3 authentication service lives
# Valid schemes are 'http://' and 'https://'
# If no scheme specified, default to 'http://'
s3_store_host = 127.0.0.1:8080/v1.0/
# User to authenticate against the S3 authentication service
s3_store_access_key = <20-char AWS access key>
# Auth key for the user authenticating against the
# S3 authentication service
s3_store_secret_key = <40-char AWS secret key>
# Container within the account that the account should use
# for storing images in S3. Note that S3 has a flat namespace,
# so you need a unique bucket name for your glance images. An
# easy way to do this is append your AWS access key to "glance".
# S3 buckets in AWS *must* be lowercased, so remember to lowercase
# your AWS access key if you use it in your bucket name below!
s3_store_bucket = <lowercased 20-char aws access key>glance
# Do we create the bucket if it does not exist?
s3_store_create_bucket_on_put = False
# When sending images to S3, the data will first be written to a
# temporary buffer on disk. By default the platform's temporary directory
# will be used. If required, an alternative directory can be specified here.
# s3_store_object_buffer_dir = /path/to/dir
# ============ Cinder Store Options ===========================
# Info to match when looking for cinder in the service catalog
# Format is : separated values of the form:
# <service_type>:<service_name>:<endpoint_type> (string value)
#cinder_catalog_info = volume:cinder:publicURL
# Override service catalog lookup with template for cinder endpoint
# e.g. http://localhost:8776/v1/%(project_id)s (string value)
#cinder_endpoint_template = <None>
# Region name of this node (string value)
#os_region_name = <None>
# Location of ca certicates file to use for cinder client requests
# (string value)
#cinder_ca_certificates_file = <None>
# Number of cinderclient retries on failed http calls (integer value)
#cinder_http_retries = 3
# Allow to perform insecure SSL requests to cinder (boolean value)
#cinder_api_insecure = False
# ============ VMware Datastore Store Options =====================
# ESX/ESXi or vCenter Server target system.
# The server value can be an IP address or a DNS name
# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
#vmware_server_host = <None>
# Server username (string value)
#vmware_server_username = <None>
# Server password (string value)
#vmware_server_password = <None>
# Inventory path to a datacenter (string value)
# Value optional when vmware_server_ip is an ESX/ESXi host: if specified
# should be `ha-datacenter`.
#vmware_datacenter_path = <None>
# Datastore associated with the datacenter (string value)
#vmware_datastore_name = <None>
# The number of times we retry on failures
# e.g., socket error, etc (integer value)
#vmware_api_retry_count = 10
# The interval used for polling remote tasks
# invoked on VMware ESX/VC server in seconds (integer value)
#vmware_task_poll_interval = 5
# Absolute path of the folder containing the images in the datastore
# (string value)
#vmware_store_image_dir = /openstack_glance
# Allow to perform insecure SSL requests to the target system (boolean value)
#vmware_api_insecure = False
# ================= Security Options ==========================
# AES key for encrypting store 'location' metadata, including
# -- if used -- Swift or S3 credentials
# Should be set to a random string of length 16, 24 or 32 bytes
# metadata_encryption_key = <16, 24 or 32 char registry metadata key>

View File

@ -0,0 +1,35 @@
# Use this pipeline for no auth - DEFAULT
[pipeline:glance-registry]
#pipeline = osprofiler unauthenticated-context registryapp
pipeline = authtoke context registryapp
# Use this pipeline for keystone auth
[pipeline:glance-registry-keystone]
pipeline = osprofiler authtoken context registryapp
# Use this pipeline for authZ only. This means that the registry will treat a
# user as authenticated without making requests to keystone to reauthenticate
# the user.
[pipeline:glance-registry-trusted-auth]
pipeline = osprofiler context registryapp
[app:registryapp]
paste.app_factory = glance.registry.api:API.factory
[filter:context]
paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
[filter:unauthenticated-context]
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
admin_user = {{ keystone_admin_user }}
admin_tenant_name = {{ keystone_admin_tenant }}
admin_password = {{ keystone_admin_password }}
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
hmac_keys = SECRET_KEY
enabled = yes

View File

@ -0,0 +1,22 @@
[DEFAULT]
bind_host = 0.0.0.0
bind_port = 9191
log_file = /var/log/glance/registry.log
backlog = 4096
api_limit_max = 1000
limit_param_default = 25
[database]
backend = mysql
connection = mysql://{{ mysql_user }}:{{ mysql_password }}@{{ mysql_ip }}/{{ mysql_db }}
[keystone_authtoken]
auth_uri = http://{{ keystone_ip }}:{{ keystone_port }}/v2.0
identity_uri = http://{{ keystone_ip }}:{{ keystone_admin_port }}
admin_tenant_name = {{ keystone_admin_tenant }}
admin_user = {{ keystone_admin_user }}
admin_password = {{ keystone_admin_password }}
[paste_deploy]
flavor=keystone
[profiler]

View File

@ -0,0 +1,108 @@
[DEFAULT]
# Show more verbose log output (sets INFO log level output)
#verbose = False
# Show debugging output in logs (sets DEBUG log level output)
#debug = False
# Log to this file. Make sure you do not set the same log file for both the API
# and registry servers!
#
# If `log_file` is omitted and `use_syslog` is false, then log messages are
# sent to stdout as a fallback.
log_file = /var/log/glance/scrubber.log
# Send logs to syslog (/dev/log) instead of to file specified by `log_file`
#use_syslog = False
# Should we run our own loop or rely on cron/scheduler to run us
daemon = False
# Loop time between checking for new items to schedule for delete
wakeup_time = 300
# Directory that the scrubber will use to remind itself of what to delete
# Make sure this is also set in glance-api.conf
scrubber_datadir = /var/lib/glance/scrubber
# Only one server in your deployment should be designated the cleanup host
cleanup_scrubber = False
# pending_delete items older than this time are candidates for cleanup
cleanup_scrubber_time = 86400
# Address to find the registry server for cleanups
registry_host = 0.0.0.0
# Port the registry server is listening on
registry_port = 9191
# Auth settings if using Keystone
# auth_url = http://127.0.0.1:5000/v2.0/
# admin_tenant_name = %SERVICE_TENANT_NAME%
# admin_user = %SERVICE_USER%
# admin_password = %SERVICE_PASSWORD%
# Directory to use for lock files. Default to a temp directory
# (string value). This setting needs to be the same for both
# glance-scrubber and glance-api.
#lock_path=<None>
# API to use for accessing data. Default value points to sqlalchemy
# package, it is also possible to use: glance.db.registry.api
#data_api = glance.db.sqlalchemy.api
# ================= Security Options ==========================
# AES key for encrypting store 'location' metadata, including
# -- if used -- Swift or S3 credentials
# Should be set to a random string of length 16, 24 or 32 bytes
#metadata_encryption_key = <16, 24 or 32 char registry metadata key>
# ================= Database Options ===============+==========
[database]
# The SQLAlchemy connection string used to connect to the
# database (string value)
#connection=sqlite:////glance/openstack/common/db/$sqlite_db
# The SQLAlchemy connection string used to connect to the
# slave database (string value)
#slave_connection=
# timeout before idle sql connections are reaped (integer
# value)
#idle_timeout=3600
# Minimum number of SQL connections to keep open in a pool
# (integer value)
#min_pool_size=1
# Maximum number of SQL connections to keep open in a pool
# (integer value)
#max_pool_size=<None>
# maximum db connection retries during startup. (setting -1
# implies an infinite retry count) (integer value)
#max_retries=10
# interval between retries of opening a sql connection
# (integer value)
#retry_interval=10
# If set, use this value for max_overflow with sqlalchemy
# (integer value)
#max_overflow=<None>
# Verbosity of SQL debugging information. 0=None,
# 100=Everything (integer value)
#connection_debug=0
# Add python stack traces to SQL as comment strings (boolean
# value)
#connection_trace=false
# If set, use this value for pool_timeout with sqlalchemy
# (integer value)
#pool_timeout=<None>

View File

@ -0,0 +1,52 @@
{
"context_is_admin": "role:admin",
"default": "",
"add_image": "",
"delete_image": "",
"get_image": "",
"get_images": "",
"modify_image": "",
"publicize_image": "role:admin",
"copy_from": "",
"download_image": "",
"upload_image": "",
"delete_image_location": "",
"get_image_location": "",
"set_image_location": "",
"add_member": "",
"delete_member": "",
"get_member": "",
"get_members": "",
"modify_member": "",
"manage_image_cache": "role:admin",
"get_task": "",
"get_tasks": "",
"add_task": "",
"modify_task": "",
"get_metadef_namespace": "",
"get_metadef_namespaces":"",
"modify_metadef_namespace":"",
"add_metadef_namespace":"",
"get_metadef_object":"",
"get_metadef_objects":"",
"modify_metadef_object":"",
"add_metadef_object":"",
"list_metadef_resource_types":"",
"get_metadef_resource_type":"",
"add_metadef_resource_type_association":"",
"get_metadef_property":"",
"get_metadef_properties":"",
"modify_metadef_property":"",
"add_metadef_property":""
}

View File

@ -0,0 +1,28 @@
{
"kernel_id": {
"type": "string",
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
"description": "ID of image stored in Glance that should be used as the kernel when booting an AMI-style image."
},
"ramdisk_id": {
"type": "string",
"pattern": "^([0-9a-fA-F]){8}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){4}-([0-9a-fA-F]){12}$",
"description": "ID of image stored in Glance that should be used as the ramdisk when booting an AMI-style image."
},
"instance_uuid": {
"type": "string",
"description": "ID of instance used to create this image."
},
"architecture": {
"description": "Operating system architecture as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
"type": "string"
},
"os_distro": {
"description": "Common name of operating system distribution as specified in http://docs.openstack.org/trunk/openstack-compute/admin/content/adding-images.html",
"type": "string"
},
"os_version": {
"description": "Operating system version as specified by the distributor",
"type": "string"
}
}

View File

@ -0,0 +1,6 @@
- hosts: [{{ ip }}]
sudo: yes
tasks:
- shell: docker stop {{ name }}
- shell: docker rm {{ name }}

View File

@ -0,0 +1,29 @@
- hosts: [{{ ip }}]
sudo: yes
tasks:
- docker:
#command: /bin/bash -c "glance-manage db_sync && /usr/bin/glance-registry"
command: /usr/bin/glance-registry
name: {{ name }}
image: {{ image }}
state: running
net: host
{% if ports.value %}
ports:
{% for port in ports.value %}
{% for p in port['value'] %}
- {{ p['value'] }}:{{ p['value'] }}
{% endfor %}
{% endfor %}
{% endif %}
{% if host_binds.value %}
volumes:
# TODO: host_binds might need more work
# Currently it's not that trivial to pass custom src: dst here
# (when a config variable is passed here from other resource)
# so we mount it to the same directory as on host
{% for bind in host_binds.value %}
- {{ bind['value']['src'] }}:{{ bind['value']['dst'] }}:{{ bind['value'].get('mode', 'ro') }}
{% endfor %}
{% endif %}

View File

@ -0,0 +1,58 @@
id: container
handler: ansible
version: 1.0.0
input:
ip:
schema: str!
value:
image:
schema: str!
value:
ports:
schema: [{value: [{value: int}]}]
value: []
host_binds:
schema: [{value: {src: str, dst: str, mode: str}}]
value: []
volume_binds:
schema: [{src: str, dst: str, mode: str}]
value: []
ssh_user:
schema: str!
value: []
ssh_key:
schema: str!
value: []
db_host:
schema: str!
value:
db_root_password:
schema: str!
value:
db_name:
schema: str!
value:
db_password:
schema: str!
value:
db_user:
schema: str!
value:
keystone_admin_token:
schema: str!
value:
keystone_admin_tenant:
schema: str!
value:
keystone_user:
schema: str!
value:
keystone_password:
schema: str!
value:
keystone_host:
schema: str!
value:
tags: [resource/container]

View File

@ -2,6 +2,8 @@
sudo: yes
vars:
admin_token: {{admin_token}}
keystone_host: {{ ip }}
keystone_port: {{ port }}
db_user: {{db_user}}
db_password: {{db_password}}
db_host: {{db_host}}
@ -12,3 +14,4 @@
- template: src={{resource_dir}}/templates/default_catalog.templates dest={{config_dir}}/default_catalog.templates
- template: src={{resource_dir}}/templates/logging.conf dest={{config_dir}}/logging.conf
- template: src={{resource_dir}}/templates/policy.json dest={{config_dir}}/policy.json
- template: src={{resource_dir}}/templates/exports dest={{ config_dir }}/keystone-exports

View File

@ -0,0 +1,2 @@
export OS_SERVICE_ENDPOINT=http://localhost:35357/v2.0/
export OS_SERVICE_TOKEN={{ admin_token }}

View File

@ -1,5 +1,7 @@
- hosts: [{{ ip }}]
sudo: yes
tasks:
- name: install python-keystoneclient
shell: pip install python-keystoneclient
- name: keystone role
keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} user={{user_name}} tenant={{tenant_name}} role={{role_name}} state=present

View File

@ -1,5 +1,7 @@
- hosts: [{{ ip }}]
sudo: yes
tasks:
- name: install python-keystoneclient
shell: pip install python-keystoneclient
- name: keystone tenant
keystone_user: endpoint=http://{{keystone_host}}:{{keystone_port}}/v2.0/ token={{admin_token}} tenant={{tenant_name}} state=present

View File

@ -1,5 +1,7 @@
- hosts: [{{ ip }}]
sudo: yes
tasks:
- name: install python-keystoneclient
shell: pip install python-keystoneclient
- name: keystone user
keystone_user: endpoint=http://{{ keystone_host }}:{{ keystone_port }}/v2.0/ token={{ admin_token }} user={{ user_name }} password={{ user_password }} tenant={{ tenant_name }} state=present

View File

@ -1,7 +1,6 @@
# -*- coding: utf-8 -*-
import os
import subprocess
import yaml
from solar.core.handlers.base import BaseHandler
@ -14,7 +13,11 @@ class Ansible(BaseHandler):
print 'playbook_file', playbook_file
call_args = ['ansible-playbook', '--module-path', '/vagrant/library', '-i', inventory_file, playbook_file]
print 'EXECUTING: ', ' '.join(call_args)
subprocess.call(call_args)
try:
subprocess.check_output(call_args)
except subprocess.CalledProcessError as e:
print e.output
raise
def _create_inventory(self, r):
directory = self.dirs[r.name]

View File

@ -99,7 +99,6 @@ class Resource(object):
# Update will be blocked if this resource is listening
# on some input that is to be updated -- we should only listen
# to the emitter and not be able to change the input's value
for key, value in args.iteritems():
self.args[key].update(value)
@ -157,7 +156,7 @@ def load_all():
ret = {}
for raw_resource in db.get_list('resource'):
resource = wrap_resource(raw_resource)
resource = db.get_obj_resource(raw_resource['id'])
ret[resource.name] = resource
signals.Connections.reconnect_all()

View File

@ -4,6 +4,11 @@ mapping = {
'file_system': FileSystemDB
}
DB = None
def get_db():
# Should be retrieved from config
return mapping['file_system']()
global DB
if DB is None:
DB = mapping['file_system']()
return DB

View File

@ -24,10 +24,11 @@ class FileSystemDB(DirDBM):
return self[self._make_key(self.RESOURCE_COLLECTION_NAME, uid)]
def get_obj_resource(self, uid):
if not uid in self.entities:
from solar.core.resource import wrap_resource
raw_resource = self[self._make_key(self.RESOURCE_COLLECTION_NAME, uid)]
return wrap_resource(raw_resource)
self.entities[uid] = wrap_resource(raw_resource)
return self.entities[uid]
def add_resource(self, uid, resource):
self[self._make_key(self.RESOURCE_COLLECTION_NAME, uid)] = resource

View File

@ -21,16 +21,21 @@ from solar import utils
from enum import Enum
from solar.interfaces.db import get_db
import yaml
db = get_db()
STATES = Enum('States', 'pending inprogress error success')
def state_file(filename):
filepath = os.path.join(utils.read_config()['state'], filename)
if 'log' in filename:
return Log(filepath)
elif 'data' in filename:
return Data(filepath)
def state_file(name):
if 'log' in name:
return Log(name)
elif 'data' in name:
return Data(name)
CD = partial(state_file, 'commited_data')
@ -70,14 +75,18 @@ class Log(object):
def __init__(self, path):
self.path = path
items = utils.yaml_load(path) or []
if path in db:
items = db[path]
else:
items = []
self.items = deque([LogItem(
l['uid'], l['res'],
l['diff'], l['action'],
getattr(STATES, l['state'])) for l in items])
def sync(self):
utils.yaml_dump_to([i.to_dict() for i in self.items], self.path)
db[self.path] = [i.to_dict() for i in self.items]
def add(self, logitem):
self.items.append(logitem)
@ -111,18 +120,21 @@ class Data(collections.MutableMapping):
def __init__(self, path):
self.path = path
self.store = utils.yaml_load(path) or {}
if path in db:
self.store = db[path]
else:
self.store = {}
def __getitem__(self, key):
return self.store[key]
def __setitem__(self, key, value):
self.store[key] = value
utils.yaml_dump_to(self.store, self.path)
db[self.path] = self.store
def __delitem__(self, key):
self.store.pop(key)
utils.yaml_dump_to(self.store, self.path)
db[self.path] = self.store
def __iter__(self):
return iter(self.store)

View File

View File

View File