Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Cédric Le Ninivin
slapos
Commits
e6d18269
Commit
e6d18269
authored
Nov 22, 2013
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix getting network info, prevent offline install and use SSL for NoVNC
parent
0c7e0e78
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
115 additions
and
12 deletions
+115
-12
software/openstack/instance-main.cfg
software/openstack/instance-main.cfg
+5
-6
software/openstack/software.cfg
software/openstack/software.cfg
+7
-2
software/openstack/templates/generate_cert.py
software/openstack/templates/generate_cert.py
+57
-0
software/openstack/templates/ssh-configure.py.in
software/openstack/templates/ssh-configure.py.in
+3
-0
software/openstack/templates/stack_controller_grizzly.sh.in
software/openstack/templates/stack_controller_grizzly.sh.in
+43
-4
No files found.
software/openstack/instance-main.cfg
View file @
e6d18269
...
...
@@ -121,9 +121,9 @@ image-name = $${slap-parameter:glance-image-name}
slap-ipv4 = $${slap-network-information:local-ipv4}
nova-passwd = $${master-passwd:passwd}
nova-user = $${slap-parameter:system-user}
vnc-url = $${request-openstack-vnc-frontend:connection-url}
project = $${slap-parameter:project}
user-name = $${slap-parameter:user-name}
vnc-frontend = $${request-openstack-vnc-frontend:connection-url}
[nova-conf-run]
recipe = slapos.recipe.template
...
...
@@ -139,6 +139,7 @@ nova-configure = $${install-script:output}
keystone-endpoints-script = ${openstack-keystone-endpoints-script:location}/${openstack-keystone-endpoints-script:filename}
keystone-script = ${openstack-keystone-script:location}/${openstack-keystone-script:filename}
floating-ip-generate = ${network-floating-ip-generate:location}/${network-floating-ip-generate:filename}
signed-certificate-generate = ${auto-signed-certificate-generate:location}/${auto-signed-certificate-generate:filename}
nova-result = $${directory:log}
python_path = ${buildout:executable}
eggs-dir = ${buildout:eggs-directory}
...
...
@@ -278,7 +279,6 @@ vnc-url = $${request-slave-frontend:connection-url}/vnc_auto.html?host=$${reques
ssh = ssh $${slap-parameter:system-user}@$${tunnel-ipv6-ssh:ipv6} -p $${tunnel-ipv6-ssh:ipv6-port}
ssh-defaul-passwd = $${slap-parameter:system-passwd}
openstack-url = $${request-openstack-frontend:connection-site_url}/horizon
openstack-vnc = $${request-openstack-vnc-frontend:connection-url}/vnc_auto.html
openstack-services-host = $${slap-network-information:global-ipv6}
openstack-services-passwd = $${master-passwd:passwd}
openstack-project = $${slap-parameter:project}
...
...
@@ -291,8 +291,7 @@ path = $${directory:promises}/frontend_promise
url = $${publish-kvm-connection-information:vnc-url}
dash_path = ${dash:location}/bin/dash
curl_path = ${curl:location}/bin/curl
openstack-url = $${publish-kvm-connection-information:openstack-url}
openstack-vnc = $${publish-kvm-connection-information:openstack-vnc}/vnc_auto.html
[openstack-frontend-promise]
recipe = slapos.cookbook:check_url_available
...
...
@@ -334,5 +333,5 @@ glance-image-url = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-di
glance-image-name = cirros-0.3.1-x86_64
domain =
virtual-hard-drive-url =
virtual-hard-drive-md5sum =
virtual-hard-drive-url =
https://[2001:470:1f14:169:e1f9:5f22:ff2b:6938]:8070/data/public/9052f7.php?dl=true
virtual-hard-drive-md5sum =
0e359c2aa6e9430326be15656eeb8a3c
software/openstack/software.cfg
View file @
e6d18269
...
...
@@ -35,7 +35,7 @@ eggs =
[template-openstack-main]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-main.cfg
md5sum =
8e0090858793239c602137da88e7d6be
md5sum =
032d4e971b60819986eee731aa9361c0
output = ${buildout:directory}/template-openstack-main.cfg
mode = 0644
...
...
@@ -67,13 +67,18 @@ md5sum = 136339c0d704bb11af3839726e24c47f
[compute-script-run]
<= template-download
filename = ssh-configure.py.in
md5sum =
2a4f82db89a01ed0866682a30bce185b
md5sum =
656db97dd54a7a0d96e7ce18f0be5c32
[network-floating-ip-generate]
<= template-download
filename = network.py
#md5sum =
[auto-signed-certificate-generate]
<= template-download
filename = generate_cert.py
#md5sum =
[openstack-install]
<= template-download
filename = openstack-install.sh.in
...
...
software/openstack/templates/generate_cert.py
0 → 100644
View file @
e6d18269
#!/usr/bin/env python
from
OpenSSL
import
crypto
,
SSL
from
socket
import
gethostname
from
pprint
import
pprint
from
time
import
gmtime
,
mktime
from
os.path
import
exists
,
join
import
sys
CERT_FILE
=
"certificate.crt"
KEY_FILE
=
"certificate.key"
def
create_self_signed_cert
(
cert_dir
):
"""
If datacard.crt and datacard.key don't exist in cert_dir, create a new
self-signed cert and keypair and write them into that directory.
"""
if
not
exists
(
join
(
cert_dir
,
CERT_FILE
))
\
or
not
exists
(
join
(
cert_dir
,
KEY_FILE
)):
# create a key pair
k
=
crypto
.
PKey
()
k
.
generate_key
(
crypto
.
TYPE_RSA
,
1024
)
# create a self-signed cert
cert
=
crypto
.
X509
()
cert
.
get_subject
().
C
=
"XX"
cert
.
get_subject
().
ST
=
"State"
cert
.
get_subject
().
L
=
"City"
cert
.
get_subject
().
O
=
"Sample Compagny"
cert
.
get_subject
().
OU
=
"Sample Organization"
cert
.
get_subject
().
CN
=
"XXXX"
cert
.
set_serial_number
(
1000
)
cert
.
gmtime_adj_notBefore
(
0
)
cert
.
gmtime_adj_notAfter
(
10
*
365
*
24
*
60
*
60
)
cert
.
set_issuer
(
cert
.
get_subject
())
cert
.
set_pubkey
(
k
)
cert
.
sign
(
k
,
'sha1'
)
open
(
join
(
cert_dir
,
CERT_FILE
),
"wt"
).
write
(
crypto
.
dump_certificate
(
crypto
.
FILETYPE_PEM
,
cert
))
open
(
join
(
cert_dir
,
KEY_FILE
),
"wt"
).
write
(
crypto
.
dump_privatekey
(
crypto
.
FILETYPE_PEM
,
k
))
if
__name__
==
'__main__'
:
if
len
(
sys
.
argv
)
>
1
:
path
=
sys
.
argv
[
1
]
basename
=
sys
.
argv
[
2
]
CERT_FILE
=
basename
+
".crt"
KEY_FILE
=
basename
+
".key"
else
:
path
=
"."
create_self_signed_cert
(
path
)
exit
(
0
)
software/openstack/templates/ssh-configure.py.in
View file @
e6d18269
...
...
@@ -27,6 +27,7 @@ nova_configure = '${:nova-configure}'
keystone_script = '${:keystone-script}'
keystone_endpoints_script = '${:keystone-endpoints-script}'
floating_ip_generate_script = '${:floating-ip-generate}'
auto_signed_certificate_script = '${:signed-certificate-generate}'
instance = '${:instance}'.strip() #Type: manage or compute
def getClient():
...
...
@@ -67,6 +68,8 @@ def installManage():
print 'Keystone Endpoints Configuration script has been copied successfully! File size: %s' % result.st_size
result = sftp.put(floating_ip_generate_script, 'network.py' )
print 'Network generate script has been copied successfully! File size: %s' % result.st_size
result = sftp.put(auto_signed_certificate_script, 'generate_cert.py')
print 'Auto-signed certificate script has been copied successfully! File size: %s' % result.st_size
sftp.close()
#Install nova components and services
...
...
software/openstack/templates/stack_controller_grizzly.sh.in
View file @
e6d18269
...
...
@@ -6,6 +6,24 @@
export
DEBIAN_FRONTEND
=
noninteractive
###############################################################################################
##### Check Installation and internet connexion
###############################################################################################
if
[
-f
.installed
]
;
then
echo
"An installation of openstack already exist. Exiting..."
exit
0
;
fi
wget
-q
--tries
=
10
--timeout
=
20 http://google.com
if
[[
$?
-eq
0
]]
;
then
echo
"OK: Succefully check internet connection with success. Go next ..."
;
else
echo
"ERROR: We can't install openstack without internet connection. Please check it before retry installation..."
;
exit
1
;
fi
###############################################################################################
apt-get update
apt-get upgrade
-y
apt-get dist-upgrade
-y
...
...
@@ -33,8 +51,8 @@ then
BCAST
=
`
cat
network.conf |
cut
-d
:
-f4
`
else
GATEWAY
=
`
route |
grep
default |
awk
'{print $2}'
`
MASK
=
`
ifconfig eth0 |
grep
'inet ad
r:'
|
awk
'{ print $4}'
|
cut
-d
:
-f2
`
BCAST
=
`
ifconfig eth0 |
grep
'inet ad
r:'
|
awk
'{ print $3}'
|
cut
-d
:
-f2
`
MASK
=
`
ifconfig eth0 |
egrep
'(inet ad)d?
r:'
|
awk
'{ print $4}'
|
cut
-d
:
-f2
`
BCAST
=
`
ifconfig eth0 |
egrep
'(inet ad)d?
r:'
|
awk
'{ print $3}'
|
cut
-d
:
-f2
`
IPv4
=
`
ip addr show eth0 |
grep
'inet '
|
awk
'{print $2}'
|
cut
-d
/
-f1
`
echo
"
$IPv4
:
$MASK
:
$GATEWAY
:
$BCAST
"
>
network.conf
fi
...
...
@@ -118,6 +136,11 @@ EOF
source
localrc
CURRENT_DIR
=
`
pwd
`
VNC_BASE
=
"
${
:vnc-frontend
}
"
if
[
-z
"
$VNC_BASE
"
]
;
then
VNC_BASE
=
https://
$PUBLIC_ADDRESS
:6080
fi
###############################################################################################
##### Install Mysql, ntp, MysqlDB and RabbitMQ
...
...
@@ -411,6 +434,16 @@ cp $CONF $CONF.orig
-e
"s/^#signing_dir *=.*/signing_dirname =
\/
tmp
\/
keystone-signing-nova/"
\
$CONF
.orig
>
$CONF
#Generate certificate to use for nova
cd
$CURRENT_DIR
chmod
+x generate_cert.py
mkdir
-p
/etc/nova/ssl
./generate_cert.py /etc/nova/ssl nova
chown
-R
nova: /etc/nova/ssl
chmod
-R
700 /etc/nova/ssl
#Configure nova
CONF
=
/etc/nova/nova.conf
cp
$CONF
$CONF
.orig
/bin/cat
<<
EOF
>
$CONF
...
...
@@ -436,7 +469,10 @@ image_service=nova.image.glance.GlanceImageService
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://
$PUBLIC_ADDRESS
:6080/vnc_auto.html
ssl_only=true
cert=/etc/nova/ssl/nova.crt
key=/etc/nova/ssl/nova.key
novncproxy_base_url=
$VNC_BASE
/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=
$HOST_IP
vncserver_listen=0.0.0.0
...
...
@@ -648,3 +684,6 @@ nova --no-cache secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova
--no-cache
secgroup-add-rule default tcp 22 22 0.0.0.0/0
quantum floatingip-create ext_net
#End Installation ...
echo
"done"
>
$CURRENT_DIR
/.installed
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment