Fix getting network info, prevent offline install and use SSL for NoVNC

software/openstack/instance-main.cfg

@@ -121,9 +121,9 @@ image-name = $${slap-parameter:glance-image-name}
 slap-ipv4 = $${slap-network-information:local-ipv4}
 nova-passwd = $${master-passwd:passwd}
 nova-user = $${slap-parameter:system-user}
-vnc-url = $${request-openstack-vnc-frontend:connection-url}
 project = $${slap-parameter:project}
 user-name = $${slap-parameter:user-name}
+vnc-frontend = $${request-openstack-vnc-frontend:connection-url}
 
 [nova-conf-run]
 recipe = slapos.recipe.template
@@ -139,6 +139,7 @@ nova-configure = $${install-script:output}
 keystone-endpoints-script = ${openstack-keystone-endpoints-script:location}/${openstack-keystone-endpoints-script:filename}
 keystone-script = ${openstack-keystone-script:location}/${openstack-keystone-script:filename}
 floating-ip-generate = ${network-floating-ip-generate:location}/${network-floating-ip-generate:filename}
+signed-certificate-generate = ${auto-signed-certificate-generate:location}/${auto-signed-certificate-generate:filename}
 nova-result = $${directory:log}
 python_path = ${buildout:executable}
 eggs-dir = ${buildout:eggs-directory}
@@ -278,7 +279,6 @@ vnc-url = $${request-slave-frontend:connection-url}/vnc_auto.html?host=$${reques
 ssh = ssh $${slap-parameter:system-user}@$${tunnel-ipv6-ssh:ipv6} -p $${tunnel-ipv6-ssh:ipv6-port}
 ssh-defaul-passwd = $${slap-parameter:system-passwd}
 openstack-url = $${request-openstack-frontend:connection-site_url}/horizon
-openstack-vnc = $${request-openstack-vnc-frontend:connection-url}/vnc_auto.html
 openstack-services-host = $${slap-network-information:global-ipv6}
 openstack-services-passwd = $${master-passwd:passwd}
 openstack-project = $${slap-parameter:project}
@@ -291,8 +291,7 @@ path = $${directory:promises}/frontend_promise
 url = $${publish-kvm-connection-information:vnc-url}
 dash_path = ${dash:location}/bin/dash
 curl_path = ${curl:location}/bin/curl
-openstack-url = $${publish-kvm-connection-information:openstack-url}
-openstack-vnc = $${publish-kvm-connection-information:openstack-vnc}/vnc_auto.html
+
 
 [openstack-frontend-promise]
 recipe = slapos.cookbook:check_url_available
@@ -334,5 +333,5 @@ glance-image-url = http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-di
 glance-image-name = cirros-0.3.1-x86_64
 
 domain =
-virtual-hard-drive-url =
-virtual-hard-drive-md5sum =
+virtual-hard-drive-url = https://[2001:470:1f14:169:e1f9:5f22:ff2b:6938]:8070/data/public/9052f7.php?dl=true
+virtual-hard-drive-md5sum = 0e359c2aa6e9430326be15656eeb8a3c

software/openstack/software.cfg

@@ -35,7 +35,7 @@ eggs =
 [template-openstack-main]
 recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/instance-main.cfg
-md5sum = 8e0090858793239c602137da88e7d6be
+md5sum = 032d4e971b60819986eee731aa9361c0
 output = ${buildout:directory}/template-openstack-main.cfg
 mode = 0644
 
@@ -67,13 +67,18 @@ md5sum = 136339c0d704bb11af3839726e24c47f
 [compute-script-run]
 <= template-download
 filename = ssh-configure.py.in
-md5sum = 2a4f82db89a01ed0866682a30bce185b
+md5sum = 656db97dd54a7a0d96e7ce18f0be5c32
 
 [network-floating-ip-generate]
 <= template-download
 filename = network.py
 #md5sum = 
 
+[auto-signed-certificate-generate]
+<= template-download
+filename = generate_cert.py
+#md5sum = 
+
 [openstack-install]
 <= template-download
 filename = openstack-install.sh.in

software/openstack/templates/generate_cert.py

+#!/usr/bin/env python
+
+from OpenSSL import crypto, SSL
+from socket import gethostname
+from pprint import pprint
+from time import gmtime, mktime
+from os.path import exists, join
+import sys
+
+CERT_FILE = "certificate.crt"
+KEY_FILE = "certificate.key"
+
+def create_self_signed_cert(cert_dir):
+    """
+    If datacard.crt and datacard.key don't exist in cert_dir, create a new
+    self-signed cert and keypair and write them into that directory.
+    """
+
+    if not exists(join(cert_dir, CERT_FILE)) \
+            or not exists(join(cert_dir, KEY_FILE)):
+
+        # create a key pair
+        k = crypto.PKey()
+        k.generate_key(crypto.TYPE_RSA, 1024)
+
+        # create a self-signed cert
+        cert = crypto.X509()
+        cert.get_subject().C = "XX"
+        cert.get_subject().ST = "State"
+        cert.get_subject().L = "City"
+        cert.get_subject().O = "Sample Compagny"
+        cert.get_subject().OU = "Sample Organization"
+        cert.get_subject().CN = "XXXX"
+        cert.set_serial_number(1000)
+        cert.gmtime_adj_notBefore(0)
+        cert.gmtime_adj_notAfter(10*365*24*60*60)
+        cert.set_issuer(cert.get_subject())
+        cert.set_pubkey(k)
+        cert.sign(k, 'sha1')
+
+        open(join(cert_dir, CERT_FILE), "wt").write(
+            crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
+        open(join(cert_dir, KEY_FILE), "wt").write(
+            crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
+        
+
+if __name__ == '__main__':
+    if len(sys.argv) > 1:     
+        path = sys.argv[1]
+        basename = sys.argv[2]
+        CERT_FILE = basename + ".crt"
+        KEY_FILE = basename + ".key"
+    else:
+        path = "."        
+    create_self_signed_cert(path)
+
+    exit(0)

software/openstack/templates/ssh-configure.py.in

@@ -27,6 +27,7 @@ nova_configure = '${:nova-configure}'
 keystone_script = '${:keystone-script}'
 keystone_endpoints_script = '${:keystone-endpoints-script}'
 floating_ip_generate_script = '${:floating-ip-generate}'
+auto_signed_certificate_script = '${:signed-certificate-generate}'
 instance = '${:instance}'.strip() #Type: manage or compute
 
 def getClient():
@@ -67,6 +68,8 @@ def installManage():
   print 'Keystone Endpoints Configuration script has been copied successfully! File size: %s' % result.st_size
   result = sftp.put(floating_ip_generate_script, 'network.py' )
   print 'Network generate script has been copied successfully! File size: %s' % result.st_size
+  result = sftp.put(auto_signed_certificate_script, 'generate_cert.py')
+  print 'Auto-signed certificate script has been copied successfully! File size: %s' % result.st_size
   sftp.close()
   
   #Install nova components and services

software/openstack/templates/stack_controller_grizzly.sh.in

@@ -6,6 +6,24 @@
 
 export DEBIAN_FRONTEND=noninteractive
 
+###############################################################################################
+#####  Check Installation and internet connexion
+###############################################################################################
+if [ -f .installed ]; then
+    echo "An installation of openstack already exist. Exiting..."
+    exit 0;
+fi
+
+wget -q --tries=10 --timeout=20 http://google.com
+if [[ $? -eq 0 ]]; then
+    echo "OK: Succefully check internet connection with success. Go next ...";
+else
+    echo "ERROR:  We can't install openstack without internet connection. Please check it before retry installation...";
+    exit 1;
+fi
+
+###############################################################################################
+
 apt-get update
 apt-get upgrade -y
 apt-get dist-upgrade -y
@@ -33,8 +51,8 @@ then
     BCAST=`cat network.conf | cut -d: -f4`
 else
     GATEWAY=`route | grep default | awk '{print $2}'`
-    MASK=`ifconfig eth0 | grep 'inet adr:' |  awk '{ print $4}' | cut -d: -f2`
-    BCAST=`ifconfig eth0 | grep 'inet adr:' |  awk '{ print $3}' | cut -d: -f2`
+    MASK=`ifconfig eth0 | egrep '(inet ad)d?r:' |  awk '{ print $4}' | cut -d: -f2`
+    BCAST=`ifconfig eth0 | egrep '(inet ad)d?r:' |  awk '{ print $3}' | cut -d: -f2`
     IPv4=`ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1`
     echo "$IPv4:$MASK:$GATEWAY:$BCAST" > network.conf
 fi
@@ -118,6 +136,11 @@ EOF
 
 source localrc
 CURRENT_DIR=`pwd`
+VNC_BASE="${:vnc-frontend}"
+if [ -z "$VNC_BASE" ]; then
+    VNC_BASE=https://$PUBLIC_ADDRESS:6080
+fi
+
 
 ###############################################################################################
 #####  Install Mysql, ntp, MysqlDB and RabbitMQ
@@ -410,6 +433,16 @@ cp $CONF $CONF.orig
 	-e "s/%SERVICE_PASSWORD%/$ADMIN_PASSWORD/" \
 	-e "s/^#signing_dir *=.*/signing_dirname = \/tmp\/keystone-signing-nova/" \
 	$CONF.orig > $CONF
+  
+#Generate certificate to use for nova
+cd $CURRENT_DIR
+chmod +x generate_cert.py
+mkdir -p /etc/nova/ssl
+./generate_cert.py /etc/nova/ssl nova
+chown -R nova: /etc/nova/ssl
+chmod -R 700 /etc/nova/ssl
+
+#Configure nova
 
 CONF=/etc/nova/nova.conf
 cp $CONF $CONF.orig
@@ -436,7 +469,10 @@ image_service=nova.image.glance.GlanceImageService
 
 # Vnc configuration
 novnc_enabled=true
-novncproxy_base_url=http://$PUBLIC_ADDRESS:6080/vnc_auto.html
+ssl_only=true
+cert=/etc/nova/ssl/nova.crt
+key=/etc/nova/ssl/nova.key
+novncproxy_base_url=$VNC_BASE/vnc_auto.html
 novncproxy_port=6080
 vncserver_proxyclient_address=$HOST_IP
 vncserver_listen=0.0.0.0
@@ -647,4 +683,7 @@ source creds_$PROJECT
 nova --no-cache secgroup-add-rule default icmp -1 -1 0.0.0.0/0
 nova --no-cache secgroup-add-rule default tcp 22 22 0.0.0.0/0
 
-quantum floatingip-create ext_net
+quantum floatingip-create ext_net
\ No newline at end of file
+
+#End Installation ...
+echo "done" > $CURRENT_DIR/.installed
\ No newline at end of file