Commit e6d18269 authored by Alain Takoudjou's avatar Alain Takoudjou

Fix getting network info, prevent offline install and use SSL for NoVNC

parent 0c7e0e78
......@@ -121,9 +121,9 @@ image-name = $${slap-parameter:glance-image-name}
slap-ipv4 = $${slap-network-information:local-ipv4}
nova-passwd = $${master-passwd:passwd}
nova-user = $${slap-parameter:system-user}
vnc-url = $${request-openstack-vnc-frontend:connection-url}
project = $${slap-parameter:project}
user-name = $${slap-parameter:user-name}
vnc-frontend = $${request-openstack-vnc-frontend:connection-url}
[nova-conf-run]
recipe = slapos.recipe.template
......@@ -139,6 +139,7 @@ nova-configure = $${install-script:output}
keystone-endpoints-script = ${openstack-keystone-endpoints-script:location}/${openstack-keystone-endpoints-script:filename}
keystone-script = ${openstack-keystone-script:location}/${openstack-keystone-script:filename}
floating-ip-generate = ${network-floating-ip-generate:location}/${network-floating-ip-generate:filename}
signed-certificate-generate = ${auto-signed-certificate-generate:location}/${auto-signed-certificate-generate:filename}
nova-result = $${directory:log}
python_path = ${buildout:executable}
eggs-dir = ${buildout:eggs-directory}
......@@ -278,7 +279,6 @@ vnc-url = $${request-slave-frontend:connection-url}/vnc_auto.html?host=$${reques
ssh = ssh $${slap-parameter:system-user}@$${tunnel-ipv6-ssh:ipv6} -p $${tunnel-ipv6-ssh:ipv6-port}
ssh-defaul-passwd = $${slap-parameter:system-passwd}
openstack-url = $${request-openstack-frontend:connection-site_url}/horizon
openstack-vnc = $${request-openstack-vnc-frontend:connection-url}/vnc_auto.html
openstack-services-host = $${slap-network-information:global-ipv6}
openstack-services-passwd = $${master-passwd:passwd}
openstack-project = $${slap-parameter:project}
......@@ -291,8 +291,7 @@ path = $${directory:promises}/frontend_promise
url = $${publish-kvm-connection-information:vnc-url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
openstack-url = $${publish-kvm-connection-information:openstack-url}
openstack-vnc = $${publish-kvm-connection-information:openstack-vnc}/vnc_auto.html
[openstack-frontend-promise]
recipe = slapos.cookbook:check_url_available
......@@ -334,5 +333,5 @@ glance-image-url = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-di
glance-image-name = cirros-0.3.1-x86_64
domain =
virtual-hard-drive-url =
virtual-hard-drive-md5sum =
virtual-hard-drive-url = https://[2001:470:1f14:169:e1f9:5f22:ff2b:6938]:8070/data/public/9052f7.php?dl=true
virtual-hard-drive-md5sum = 0e359c2aa6e9430326be15656eeb8a3c
......@@ -35,7 +35,7 @@ eggs =
[template-openstack-main]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-main.cfg
md5sum = 8e0090858793239c602137da88e7d6be
md5sum = 032d4e971b60819986eee731aa9361c0
output = ${buildout:directory}/template-openstack-main.cfg
mode = 0644
......@@ -67,13 +67,18 @@ md5sum = 136339c0d704bb11af3839726e24c47f
[compute-script-run]
<= template-download
filename = ssh-configure.py.in
md5sum = 2a4f82db89a01ed0866682a30bce185b
md5sum = 656db97dd54a7a0d96e7ce18f0be5c32
[network-floating-ip-generate]
<= template-download
filename = network.py
#md5sum =
[auto-signed-certificate-generate]
<= template-download
filename = generate_cert.py
#md5sum =
[openstack-install]
<= template-download
filename = openstack-install.sh.in
......
#!/usr/bin/env python
from OpenSSL import crypto, SSL
from socket import gethostname
from pprint import pprint
from time import gmtime, mktime
from os.path import exists, join
import sys
CERT_FILE = "certificate.crt"
KEY_FILE = "certificate.key"
def create_self_signed_cert(cert_dir):
"""
If datacard.crt and datacard.key don't exist in cert_dir, create a new
self-signed cert and keypair and write them into that directory.
"""
if not exists(join(cert_dir, CERT_FILE)) \
or not exists(join(cert_dir, KEY_FILE)):
# create a key pair
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 1024)
# create a self-signed cert
cert = crypto.X509()
cert.get_subject().C = "XX"
cert.get_subject().ST = "State"
cert.get_subject().L = "City"
cert.get_subject().O = "Sample Compagny"
cert.get_subject().OU = "Sample Organization"
cert.get_subject().CN = "XXXX"
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(10*365*24*60*60)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, 'sha1')
open(join(cert_dir, CERT_FILE), "wt").write(
crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
open(join(cert_dir, KEY_FILE), "wt").write(
crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
if __name__ == '__main__':
if len(sys.argv) > 1:
path = sys.argv[1]
basename = sys.argv[2]
CERT_FILE = basename + ".crt"
KEY_FILE = basename + ".key"
else:
path = "."
create_self_signed_cert(path)
exit(0)
......@@ -27,6 +27,7 @@ nova_configure = '${:nova-configure}'
keystone_script = '${:keystone-script}'
keystone_endpoints_script = '${:keystone-endpoints-script}'
floating_ip_generate_script = '${:floating-ip-generate}'
auto_signed_certificate_script = '${:signed-certificate-generate}'
instance = '${:instance}'.strip() #Type: manage or compute
def getClient():
......@@ -67,6 +68,8 @@ def installManage():
print 'Keystone Endpoints Configuration script has been copied successfully! File size: %s' % result.st_size
result = sftp.put(floating_ip_generate_script, 'network.py' )
print 'Network generate script has been copied successfully! File size: %s' % result.st_size
result = sftp.put(auto_signed_certificate_script, 'generate_cert.py')
print 'Auto-signed certificate script has been copied successfully! File size: %s' % result.st_size
sftp.close()
#Install nova components and services
......
......@@ -6,6 +6,24 @@
export DEBIAN_FRONTEND=noninteractive
###############################################################################################
##### Check Installation and internet connexion
###############################################################################################
if [ -f .installed ]; then
echo "An installation of openstack already exist. Exiting..."
exit 0;
fi
wget -q --tries=10 --timeout=20 http://google.com
if [[ $? -eq 0 ]]; then
echo "OK: Succefully check internet connection with success. Go next ...";
else
echo "ERROR: We can't install openstack without internet connection. Please check it before retry installation...";
exit 1;
fi
###############################################################################################
apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y
......@@ -33,8 +51,8 @@ then
BCAST=`cat network.conf | cut -d: -f4`
else
GATEWAY=`route | grep default | awk '{print $2}'`
MASK=`ifconfig eth0 | grep 'inet adr:' | awk '{ print $4}' | cut -d: -f2`
BCAST=`ifconfig eth0 | grep 'inet adr:' | awk '{ print $3}' | cut -d: -f2`
MASK=`ifconfig eth0 | egrep '(inet ad)d?r:' | awk '{ print $4}' | cut -d: -f2`
BCAST=`ifconfig eth0 | egrep '(inet ad)d?r:' | awk '{ print $3}' | cut -d: -f2`
IPv4=`ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1`
echo "$IPv4:$MASK:$GATEWAY:$BCAST" > network.conf
fi
......@@ -118,6 +136,11 @@ EOF
source localrc
CURRENT_DIR=`pwd`
VNC_BASE="${:vnc-frontend}"
if [ -z "$VNC_BASE" ]; then
VNC_BASE=https://$PUBLIC_ADDRESS:6080
fi
###############################################################################################
##### Install Mysql, ntp, MysqlDB and RabbitMQ
......@@ -411,6 +434,16 @@ cp $CONF $CONF.orig
-e "s/^#signing_dir *=.*/signing_dirname = \/tmp\/keystone-signing-nova/" \
$CONF.orig > $CONF
#Generate certificate to use for nova
cd $CURRENT_DIR
chmod +x generate_cert.py
mkdir -p /etc/nova/ssl
./generate_cert.py /etc/nova/ssl nova
chown -R nova: /etc/nova/ssl
chmod -R 700 /etc/nova/ssl
#Configure nova
CONF=/etc/nova/nova.conf
cp $CONF $CONF.orig
/bin/cat << EOF > $CONF
......@@ -436,7 +469,10 @@ image_service=nova.image.glance.GlanceImageService
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://$PUBLIC_ADDRESS:6080/vnc_auto.html
ssl_only=true
cert=/etc/nova/ssl/nova.crt
key=/etc/nova/ssl/nova.key
novncproxy_base_url=$VNC_BASE/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=$HOST_IP
vncserver_listen=0.0.0.0
......@@ -648,3 +684,6 @@ nova --no-cache secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova --no-cache secgroup-add-rule default tcp 22 22 0.0.0.0/0
quantum floatingip-create ext_net
#End Installation ...
echo "done" > $CURRENT_DIR/.installed
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment