Commit Graph

95 Commits

Author SHA1 Message Date
Andreas Jaeger d139d81213 Retire astara repo
Retire repository, following
https://docs.openstack.org/infra/manual/drivers.html#retiring-a-project

Change-Id: I0a8240c961955447d65aee7af24e03cb81da12d3
2018-10-14 12:52:23 +02:00
Xiayu abd07978e0 Astara appliance oslo.rootwrap
Use oslo.rootwrap to replace the default root_helper sudo.

Change-Id: I5875cd647a4cc4f60f3058a98ea8a829cf056c43
Implements: blueprint astara-rootwrap
2016-02-18 08:54:45 +00:00
Adam Gandelman a5a5545419 Drop gunicorn from requirementes.txt
We dont ever actually import this anywhere or depend on it as a python
dependency.  Instead, its part of our diskimage-builder elements and
is largely an opinionated deployer choice we've made.  The only purpose
having it in requirements.txt is to pull it in during installation, which
should be delegated to ansible/DIB instead.

This also manually sync's global-requirements along with the update.

Closes-bug: #1526527

Change-Id: I834efb47ccda02a5163c5083836ff29fdc3fdd6f
2015-12-17 12:39:31 -08:00
Jenkins e595595163 Merge "Adjust build script to not use rev-parse" 2015-12-08 21:39:54 +00:00
Adam Gandelman 101859e2b4 Adjust build script to not use rev-parse
The gate's post-jobs run from a detached head. Using rev-parse yields
the last commit of master as opposed to the newly merged commit.
Use and parse git-log instead.

Change-Id: I2c4d8501191a95005e566f2c594a3d880b688096
2015-12-07 14:29:53 -08:00
Mark McClain 1a68612a71 Rename Akanda to Astara
Change-Id: Id5b7509a64cd274696f6bdd63a1133c25505f01b
2015-12-03 19:57:21 +00:00
Mark McClain bca6b74eb7 remove legacy script that was replaced by ansible
Depends-on: I2e87e8bdcc3ad17d8689cd74e9697dc371849006
Change-Id: Ibd9e2c9127a02d714983f547d0b6f7519dff0651
2015-12-02 17:02:55 -08:00
Adam Gandelman 8667a618b0 Update DIB element and build scripts for akanda->astara.
Also enables Nginx LB in the published image.

Change-Id: I9f6f8288a9d40ec9d199c565278688a1a94fff14
2015-11-17 13:27:17 -08:00
Adam Gandelman 433a4c7190 Introduces advanced service drivers to akanda-appliance
This introduces the ability to create service manager drivers to handle
managing advanced services within the akanda-appliance.

It splits some common things into a System manager.  Existing
stuff that is router-specific is moved to a Router manager and we begin
implementing LBAAS drivers using Nginx.

At the moment, configuration for which drivers are loaded by the appliance
code itself is stored in /etc/default/akanda-appliance.  This is setup by
a DIB_* variable and accessed by the appliance via environment variable. We
should improve this later when we need to expose richer configuration to the
appliance.

We could and should work on the API for this.  Currently, our v1
API is entirely router-specific.  This adds to that and allows the
RUG to attach other advanced service configuratino data to the config
object it pushes.  If the corresponding service's driver has been enabled
in the appliance, it will attempt to find that data and configure the
advanced service accordingly.  Ideally, longterm we want a v2 API
that can reference all services the same.  There's a few ugly compat
hacks added here to maintain compatability with where the RUG expects
certain router resources to be.  We can evolve this over time.

Partially-implements: blueprint appliance-provisioning-driver
Depends-on: Ic19a883f56fb6d65a83b1f4d93b581f9e242d97f
Change-Id: I6048789ec15fad1dbc899cbbd82508433cb96d44
2015-10-14 15:02:16 -07:00
Adam Gandelman cf844cf55a Add a build script + build_image tox env
This adds a little script to call DIB to build an appliance with the
currently checked out code, and adds a tox target to call that.
This'll mostly be used by the jenkins bot when doing image builds as
a post build job.

Change-Id: I636cd5c37884c5bf9bfe1051716e6c3790ed0165
2015-06-17 15:36:43 -07:00
Mark McClain f8701a0a6f add support for cloud-init API configuation
This change makes the MGT API service fully configurable to either IPv4
or IPv6 address.

Implements blueprint: cloud-init-provisioning
Change-Id: Ibff39030c4e3fe04c3f8cc238508e33d450a4398
2015-05-07 06:23:32 -07:00
Jeremy Hanmer ebb2f2f2f6 Merge pull request #113 from markmcclain/ansible
add LSB info to init script
2015-04-08 13:58:41 -07:00
Mark McClain 29d3780dd6 add LSB info to init script 2015-04-08 16:44:51 -04:00
Jeremy Hanmer 222c924d6a set arp_notify=1 on all interfaces by default 2015-04-06 12:52:49 -07:00
David Wahlstrom 154290c09f Bump kernel to 3.16.0
In order to address CVE-2014-6271, the 3.14 kernel is needed.  However,
this kernel is no longer available in the repos (3.16.0 is now
available).  As such, this patch bumps the kernel to > 3.14.
2015-03-31 12:15:03 -07:00
Jordan Tardif b2ec0c986a Set accept_dad to explicity 0 on eth0/eth2 2014-10-13 16:59:27 -04:00
Jordan Tardif 30704a6512 Change all.accept_dad=0 to default.accept_dad=0 2014-10-13 16:43:28 -04:00
Jordan Tardif 8b45f44def Disable accept_dad on all interfaces except external
Disable duplicate address detection on all interfaces except
the external interface (eth1). This change is to fix race conditions
with bird6 binding to tenant networks as well as SSHD binding to
the mgmt interface on boot.
2014-10-13 16:36:33 -04:00
Jordan Tardif 223f9b39da Adding various useful debuging tools / conntrack pacakge
These tools (tcpdump,tshark, mtr) are useful for debugging various network issues with
routers. The conntrack pacakge will be required in future versions of the
appliance to clear old floater entries.
2014-09-29 16:14:19 -04:00
Jordan Tardif 174f79c2a5 Set arp_announce '2' sysctl for all interfaces
This will force arp's for any new ipv4 addresses that are added
to the appliance.
2014-09-29 14:22:26 -04:00
Jeremy Hanmer a7c30564f6 upgrade bash to fix CVE-2014-6271 2014-09-26 10:04:35 -07:00
Jeremy Hanmer 47be1bbf5f install a newer kernel from backports
Debian's default 3.2 kernel seems to include a few IPv6-related
bugs that, in some cases, make IPv6 forwarding performance
unacceptable.  The linux-image-3.14-0.bpo.2-amd64 package
from backports appears to fix all of those known issues.
2014-09-26 09:39:23 -07:00
Jeremy Hanmer 89a127439e Hopefully fix IPv6 fwding perf by disabling GSO
Apparently GSO (Generic Segmentation Offload) doesn't
work quite right when forwarding IPv6 in a virtual
environment.  It provides negligible improvements
to performance anyway, so let's just disable it
outright.
2014-09-23 14:19:17 -07:00
Jordan Tardif 683c215af0 Only set root password if it exists (encrypted) in $APPLIANCE_SCRIPT_DIR/etc/rootpass 2014-08-20 14:08:27 -04:00
Jordan Tardif c6d265198a Remove logic to add SSH key if one exists
This really should be done by another part of the imaging process. We should
not be stepping on keys written by installers such as veewee.
2014-08-20 12:57:29 -04:00
Jordan Tardif d52c1907de Merge pull request #81 from jordant/linux
change default hostname to match that of veewee "akanda-linux"
2014-08-13 13:06:07 -07:00
Jordan Tardif a0a00a3abd change default hostname to match that of veewee "akanda-linux" 2014-08-13 16:04:37 -04:00
Ryan Petrello 765f32809d Merge pull request #79 from jordant/linux
Init script changes for bird6/akanda-metadata-proxy and akanda-router-api-server
2014-08-13 13:11:37 -04:00
Jordan Tardif bb43a29335 Update pid file locations for router-api-server and akanda-metadata-proxy 2014-08-13 13:05:55 -04:00
Jordan Tardif 35b29b2cbe Add custom bird6 init script with support for "status" 2014-08-13 12:44:03 -04:00
Jordan Tardif 3c78b8e6a1 Update PIDFILE to correct location and make stop/start/status use it 2014-08-13 12:29:01 -04:00
Ryan Petrello 824f726129 Remove code to manage BSD Packet Filter. 2014-08-11 14:36:10 -07:00
Jordan Tardif 807e8cd67d Add akanda-router-api-server init script and remove rc.local since we no longer
need it.
2014-08-11 16:51:42 -04:00
Jordan Tardif 2550d9764a Add iptables/iptables-persistent to installed packages 2014-08-11 15:25:03 -04:00
Ryan Petrello df187aa029 Merge pull request #75 from jordant/linux
Akanda requires bird6 >= 1.3.10. Setup backports for wheezy
2014-08-07 16:03:38 -04:00
Jordan Tardif bc65295ec1 Akanda requires bird6 >= 1.3.10. When building Debian Wheezy images we need to
install bird/bird6 from backports.
2014-08-07 15:16:58 -04:00
Ryan Petrello 84a71c29f9 Merge pull request #74 from jordant/linux
dhcp is only needed for building, then it should be removed
2014-08-07 14:24:03 -04:00
Jordan Tardif ec864f6e67 dhcp is only needed for building, then it should be removed 2014-08-07 14:04:05 -04:00
Ryan Petrello b4d1e70a1c Merge pull request #71 from jordant/linux
Sysctl to disable accept_dad on managment interface
2014-08-06 15:48:47 -04:00
Jordan Tardif f42ff906dd Sysctl to disable accept_dad on managment interface 2014-08-06 15:42:49 -04:00
Ryan Petrello a9c85d9d19 More changes for Linux support.
* Fix pep8 failures.
* Add a few additional tests.
* Forcefully install a modern setuptools.
2014-08-06 07:36:33 -07:00
Jordan Tardif 8bf985ef6e Do not remove ssh keys here. This should be done at the end of your image build
process
2014-08-05 14:47:55 -04:00
Jordan Tardif ff2233a14d Remove dad_count/dad_transmists from sysctl 2014-08-05 14:28:54 -04:00
Jordan Tardif 530e2a9569 Keep python-pip installed after the build is complete and no longer remove
dhcp-client after build is done
2014-08-05 14:18:04 -04:00
Jordan Tardif 8ee7cd49fa Change APPLIANCE_BASE_DIR to more generic /tmp/akanda-appliance and only
setup ssh key if $APPLIANCE_SCRIPT_DIR/etc/key exists
2014-08-05 14:10:53 -04:00
Jordan Tardif aceaa891c1 Update MOTD to include default root password 2014-08-05 13:42:06 -04:00
Jordan Tardif 53840b0dce Change default password for applaince to "akanda" 2014-08-05 13:38:45 -04:00
Jordan Tardif 99081aa593 Add net.ipv6.conf.all.forwarding=1 sysctl 2014-08-05 12:26:06 -04:00
Jordan Tardif a0c0412453 Disable fsck on booth and setup ssh key/root password 2014-08-04 20:11:32 -04:00
Jordan Tardif 74dc1dd74d Linux support for build scripts
This commit modifies create-akanda-raw-image.sh to configure/install akanda-appliance on
debian machines. It also includes multiple cleanups of files that are no longer needed.
2014-08-04 19:47:15 -04:00