diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1377554 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.swp diff --git a/README.md b/README.md index a518ad4..0e65e34 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,96 @@ -cinder -====== +Description +=========== -Chef cookbook for deploying the OpenStack Advanced Volume Management service Cinder. \ No newline at end of file +Installs the Openstack volume service (codename: cinder) from packages. + +http://cinder.openstack.org + +Requirements +============ + +Chef 0.10.0 or higher required (for Chef environment use). + +Platforms +-------- + +* Ubuntu-12.04 +* Fedora-17 + +Cookbooks +--------- + +The following cookbooks are dependencies: + +* apt +* database +* glance +* keystone +* mysql +* openssh +* rabbitmq +* selinux (Fedora) +* openstack-common +* openstack-utils + +Recipes +======= + +api +---- +- Installs the cinder-api, sets up the cinder database, + and cinder service/user/endpoints in keystone + +scheduler +---- +- Installs the cinder-scheduler service + +volume +---- +- Installs the cinder-volume service and sets up the iscsi helper + + +Attributes +========== + +* `cinder["db"]["name"]` - name of database to create for cinder +* `cinder["db"]["username"]` - cinder username for database +* `cinder["service_tenant_name"]` - name of tenant to use for the cinder service account in keystone +* `cinder["service_user"]` - cinder service user in keystone +* `cinder["service_role"]` - role for the cinder service user in keystone +* `cinder["syslog"]["use"]` +* `cinder["syslog"]["facility"]` +* `cinder["syslog"]["config_facility"]` +* `cinder["platform"]` = hash of platform specific package/service names and options + +Templates +===== +* `api-paste.ini.erb` - Paste config for cinder API middleware +* `cinder.conf.erb` - Basic cinder.conf file +* `targets.conf.erb` - config file for tgt (iscsi target software) + +License and Author +================== + +Author:: Justin Shepherd () +Author:: Jason Cannavale () +Author:: Ron Pedde () +Author:: Joseph Breu () +Author:: William Kelly () +Author:: Darren Birkett () +Author:: Evan Callicoat () +Author:: Jay Pipes () + +Copyright 2012, Rackspace US, Inc. +Copyright 2012, AT&T, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/attributes/default.rb b/attributes/default.rb index 574f1cd..21d4f8f 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -23,44 +23,71 @@ default["developer_mode"] = false # we want secure passwords by default ######################################################################## -default["openstack"]["cinder"]["services"]["volume"]["scheme"] = "http" -default["openstack"]["cinder"]["services"]["volume"]["network"] = "public" -default["openstack"]["cinder"]["services"]["volume"]["port"] = 8776 -default["openstack"]["cinder"]["services"]["volume"]["path"] = "/v1" +# Set to some text value if you want templated config files +# to contain a custom banner at the top of the written file +default["cinder"]["custom_template_banner"] = " +# This file autogenerated by Chef +# Do not edit, changes will be overwritten +" -default["cinder"]["services"]["volume"]["scheme"] = "http" -default["cinder"]["services"]["volume"]["network"] = "public" -default["cinder"]["services"]["volume"]["port"] = 8776 -default["cinder"]["services"]["volume"]["path"] = "/v1" +default["cinder"]["verbose"] = "False" +default["cinder"]["debug"] = "False" -default["openstack"]["cinder"]["db"]["name"] = "cinder" -default["openstack"]["cinder"]["db"]["username"] = "cinder" +# Availability zone/region for the Cinder service +default["cinder"]["region"] = "RegionOne" -# TODO: These may need to be glance-registry specific.. and looked up by glance-api -default["openstack"]["cinder"]["service_tenant_name"] = "service" -default["openstack"]["cinder"]["service_user"] = "cinder" -default["openstack"]["cinder"]["service_role"] = "admin" +# The name of the Chef role that knows about the message queue server +# that Cinder uses +default["cinder"]["rabbit_server_chef_role"] = "rabbitmq-server" + +# This is the name of the Chef role that will install the Keystone Service API +default["cinder"]["keystone_service_chef_role"] = "keystone" + +# This is the name of the Chef role that will install the Glance API +default["cinder"]["glance_api_chef_role"] = "glance-api" + +# operating system group name +default["cinder"]["group"] = "cinder" +# operating system user that services will run under +default["cinder"]["user"] = "cinder" + +default["cinder"]["db"]["name"] = "cinder" +default["cinder"]["db"]["username"] = "cinder" + +default["cinder"]["service_tenant_name"] = "service" +default["cinder"]["service_user"] = "cinder" +default["cinder"]["service_role"] = "admin" # logging attribute -default["openstack"]["cinder"]["syslog"]["use"] = false -default["openstack"]["cinder"]["syslog"]["facility"] = "LOG_LOCAL2" -default["openstack"]["cinder"]["syslog"]["config_facility"] = "local2" +default["cinder"]["syslog"]["use"] = false +default["cinder"]["syslog"]["facility"] = "LOG_LOCAL2" +default["cinder"]["syslog"]["config_facility"] = "local2" + +default["cinder"]["api"]["ratelimit"] = "True" -# platform-specific settings case platform when "fedora", "redhat", "centos" - default["openstack"]["cinder"]["platform"] = { - "mysql_python_packages" => [ "MySQL-python" ], - "cinder_packages" => [ "openstack-cinder", "openstack-swift" ], + default["cinder"]["platform"] = { + "cinder_api_packages" => ["openstack-cinder", "python-cinderclient", "MySQL-python"], + "cinder_api_service" => "openstack-cinder-api", + "cinder_volume_packages" => ["openstack-cinder", "MySQL-python"], + "cinder_volume_service" => "openstack-cinder-volume", + "cinder_scheduler_packages" => ["openstack-cinder", "MySQL-python"], + "cinder_scheduler_service" => "openstack-cinder-scheduler", + "cinder_iscsitarget_packages" => ["scsi-target-utils"], + "cinder_iscsitarget_service" => "tgtd", "package_overrides" => "" } when "ubuntu" - default["openstack"]["cinder"]["platform"] = { - "mysql_python_packages" => [ "python-mysqldb" ], - "cinder_packages" => [ "cinder-scheduler", "python-swift", "python-keystoneclient", "cinder-volume", "cinder-api" ], - "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'", + default["cinder"]["platform"] = { + "cinder_api_packages" => ["cinder-common", "cinder-api", "python-cinderclient", "python-mysqldb"], "cinder_api_service" => "cinder-api", + "cinder_volume_packages" => ["cinder-volume", "python-mysqldb"], + "cinder_volume_service" => "cinder-volume", + "cinder_scheduler_packages" => ["cinder-scheduler", "python-mysqldb"], "cinder_scheduler_service" => "cinder-scheduler", - "cinder_volume_service" => "cinder-volume" + "cinder_iscsitarget_packages" => ["tgt"], + "cinder_iscsitarget_service" => "tgt", + "package_overrides" => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'" } end diff --git a/recipes/api.rb b/recipes/api.rb new file mode 100644 index 0000000..e8e5763 --- /dev/null +++ b/recipes/api.rb @@ -0,0 +1,55 @@ +# +# Cookbook Name:: cinder +# Recipe:: api +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012, AT&T, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "cinder::common" + +class ::Chef::Recipe + include ::Openstack +end + +platform_options = node["cinder"]["platform"] + +platform_options["cinder_api_packages"].each do |pkg| + package pkg do + action :upgrade + options platform_options["package_overrides"] + end +end + +service "cinder-api" do + service_name platform_options["cinder_api_service"] + supports :status => true, :restart => true + action :enable +end + +identity_admin_endpoint = endpoint "identity-admin" +identity_endpoint = endpoint "identity-api" + +template "/etc/cinder/api-paste.ini" do + source "api-paste.ini.erb" + group node["cinder"]["group"] + owner node["cinder"]["user"] + mode 00644 + variables( + "identity_endpoint" => identity_endpoint, + "identity_admin_endpoint" => identity_admin_endpoint, + ) + notifies :restart, resources(:service => "cinder-api"), :immediately +end diff --git a/recipes/common.rb b/recipes/common.rb new file mode 100644 index 0000000..dc038ed --- /dev/null +++ b/recipes/common.rb @@ -0,0 +1,66 @@ +# +# Cookbook Name:: cinder +# Recipe:: common +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012, AT&T, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +class ::Chef::Recipe + include ::Openstack + include ::Opscode::OpenSSL::Password +end + +# Allow for using a well known service password +if node["developer_mode"] + node.set_unless["cinder"]["service_pass"] = "cinder" +else + node.set_unless["cinder"]["service_pass"] = secure_password +end + +directory "/etc/cinder" do + action :create + group node["cinder"]["group"] + owner node["cinder"]["user"] + mode 00700 +end + +db_user = node["cinder"]["db"]["username"] +db_pass = node["cinder"]["db"]["password"] +sql_connection = db_uri("volume", db_user, db_pass) + +rabbit_server_role = node["cinder"]["rabbit_server_chef_role"] +rabbit_info = get_settings_by_role rabbit_server_role, "queue" + +glance_api_role = node["cinder"]["glance_api_chef_role"] +glance = get_settings_by_role glance_api_role, "glance" +glance_api_endpoint = endpoint "image-api" + +template "/etc/cinder/cinder.conf" do + source "cinder.conf.erb" + group node["cinder"]["group"] + owner node["cinder"]["user"] + mode 00644 + variables( + :sql_connection => sql_connection, + :rabbit_host => rabbit_info["host"], + :rabbit_port => rabbit_info["port"], + :glance_host => glance_api_endpoint.host, + :glance_port => glance_api_endpoint.port, + ) + notifies :restart, resources(:service => "cinder-api"), :immediately + notifies :restart, resources(:service => "cinder-scheduler"), :immediately + notifies :restart, resources(:service => "cinder-volume"), :immediately +end diff --git a/recipes/db.rb b/recipes/db.rb index cab4537..40f1cfa 100644 --- a/recipes/db.rb +++ b/recipes/db.rb @@ -18,7 +18,7 @@ # # This recipe should be placed in the run_list of the node that -# runs the database server that houses the Nova main database +# runs the database server that houses the Cinder main database class ::Chef::Recipe include ::Openstack @@ -32,12 +32,12 @@ include_recipe "mysql::ruby" # Allow for using a well known db password if node["developer_mode"] - node.set_unless["openstack"]["cinder"]["db"]["password"] = "cinder" + node.set_unless["cinder"]["db"]["password"] = "cinder" else - node.set_unless["openstack"]["cinder"]["db"]["password"] = secure_password + node.set_unless["cinder"]["db"]["password"] = secure_password end -db_create_with_user("image", - node["openstack"]["cinder"]["db"]["username"], - node["openstack"]["cinder"]["db"]["password"] +db_create_with_user("volume", + node["cinder"]["db"]["username"], + node["cinder"]["db"]["password"] ) diff --git a/recipes/scheduler.rb b/recipes/scheduler.rb new file mode 100644 index 0000000..7008cf6 --- /dev/null +++ b/recipes/scheduler.rb @@ -0,0 +1,36 @@ +# +# Cookbook Name:: cinder +# Recipe:: scheduler +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012, AT&T, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "cinder::common" + +platform_options = node["cinder"]["platform"] + +platform_options["cinder_scheduler_packages"].each do |pkg| + package pkg do + action :upgrade + options platform_options["package_overrides"] + end +end + +service "cinder-scheduler" do + service_name platform_options["cinder_scheduler_service"] + supports :status => true, :restart => true + action [ :enable, :start ] +end diff --git a/recipes/server.rb b/recipes/server.rb deleted file mode 100644 index 4c68d3c..0000000 --- a/recipes/server.rb +++ /dev/null @@ -1,189 +0,0 @@ -# -# Cookbook Name:: cinder -# Recipe:: server -# -# Copyright 2012, DreamHost -# Copyright 2012, Rackspace US, Inc. -# Copyright 2012, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -class ::Chef::Recipe - include ::Openstack -end - -# Allow for using a well known service password -if node["developer_mode"] - node.set_unless["openstack"]["cinder"]["service_pass"] = "cinder" -else - node.set_unless["openstack"]["cinder"]["service_pass"] = secure_password -end - -platform_options = node["openstack"]["cinder"]["platform"] - -platform_options["cinder_packages"].each do |pkg| - package pkg do - action :upgrade - end -end - -service "cinder-api" do - service_name platform_options["cinder_api_service"] - supports :status => true, :restart => true - action :enable -end - -service "cinder-scheduler" do - service_name platform_options["cinder_scheduler_service"] - supports :status => true, :restart => true - action :enable -end - -service "cinder-volume" do - service_name platform_options["cinder_volume_service"] - supports :status => true, :restart => true - action :enable -end - -directory "/etc/cinder" do - action :create - group "cinder" - owner "cinder" - mode "0700" -end - - -db_user = node['openstack']['cinder']['db']['username'] -db_pass = node['openstack']['cinder']['db']['password'] -sql_connection = db_uri("cinder", db_user, db_pass) - -rabbit_server_role = node["nova"]["rabbit_server_chef_role"] -rabbit_info = get_settings_by_role rabbit_server_role, "queue" - -ks_admin_endpoint = endpoint "identity-admin" -ks_service_endpoint = endpoint "identity-api" -keystone_service_role = node["nova"]["keystone_service_chef_role"] -keystone = get_settings_by_role keystone_service_role, "keystone" -glance_api_role = node["nova"]["glance_api_chef_role"] -glance = get_settings_by_role glance_api_role, "glance" -glance_api_endpoint = endpoint "image-api" -api_endpoint = endpoint "compute-volume" - -if glance["api"]["swift_store_auth_address"].nil? - swift_store_auth_address="http://#{ks_admin_endpoint["host"]}:#{ks_service_endpoint["port"]}/v2.0" - swift_store_user="#{glance["service_tenant_name"]}:#{glance["service_user"]}" - swift_store_key=glance["service_pass"] - swift_store_auth_version=2 -else - swift_store_auth_address=glance["api"]["swift_store_auth_address"] - swift_store_user=glance["api"]["swift_store_user"] - swift_store_key=glance["api"]["swift_store_key"] - swift_store_auth_version=glance["api"]["swift_store_auth_version"] -end - -template "/etc/cinder/cinder.conf" do - source "cinder.conf.erb" - owner "root" - group "root" - mode "0644" - variables( - :sql_connection => sql_connection, - :use_syslog => node["openstack"]["cinder"]["syslog"]["use"], - :log_facility => node["openstack"]["cinder"]["syslog"]["facility"], - :rabbit_ipaddress => rabbit_info["host"], - :rabbit_port => rabbit_info["port"], - :default_store => glance["api"]["default_store"], - :swift_store_key => swift_store_key, - :swift_store_user => swift_store_user, - :swift_store_auth_address => swift_store_auth_address, - :swift_store_auth_version => swift_store_auth_version, - :swift_large_object_size => glance["api"]["swift"]["store_large_object_size"], - :swift_large_object_chunk_size => glance["api"]["swift"]["store_large_object_chunk_size"], - :swift_store_container => glance["api"]["swift"]["store_container"], - :keystone_api_ipaddress => identity_endpoint.host, - :keystone_service_port => identity_endpoint.port, - :keystone_admin_port => identity_endpoint.port, - #:keystone_admin_token => keystone["admin_token"], - :glance_api_ipaddress => image_endpoint.host, - :glance_service_port => image_endpoint.port, - :glance_admin_port => image_endpoint.port, - #:glance_admin_token => glance["admin_token"], - :service_tenant_name => node["openstack"]["cinder"]["service_tenant_name"], - :service_user => node["openstack"]["cinder"]["service_user"], - :service_pass => node["openstack"]["cinder"]["service_pass"] - ) - notifies :restart, resources(:service => "cinder-api"), :immediately - notifies :restart, resources(:service => "cinder-scheduler"), :immediately - notifies :restart, resources(:service => "cinder-volume"), :immediately -end - -execute "cinder-manage db sync" do - command "cinder-manage db sync" - action :run - not_if "cinder-manage db version && test $(cinder-manage db version) -gt 0" -end - -template "/etc/cinder/api-paste.ini" do - source "api-paste.ini.erb" - owner "root" - group "root" - mode "0644" - variables( - "use_syslog" => node["openstack"]["cinder"]["syslog"]["use"], - "log_facility" => node["openstack"]["cinder"]["syslog"]["facility"], - "keystone_api_ipaddress" => identity_endpoint.host, - "keystone_service_port" => identity_endpoint.port, - "keystone_admin_port" => identity_endpoint.port, - #"keystone_admin_token" => keystone["admin_token"], - "service_tenant_name" => node["openstack"]["cinder"]["service_tenant_name"], - "service_user" => node["openstack"]["cinder"]["service_user"], - "service_pass" => node["openstack"]["cinder"]["service_pass"] - ) - notifies :restart, resources(:service => "cinder-api"), :immediately - notifies :restart, resources(:service => "cinder-scheduler"), :immediately - notifies :restart, resources(:service => "cinder-volume"), :immediately -end - -# Register Cinder Volume Service -keystone_register "Register Cinder Volume Service" do - auth_host identity_admin_endpoint.host - auth_port identity_admin_endpoint.port.to_s - auth_protocol identity_admin_endpoint.scheme - api_ver identity_admin_endpoint.path - auth_token keystone["admin_token"] - service_name "cinder" - service_type "volume" - service_description "Cinder Volume Service" - endpoint_region "RegionOne" - endpoint_adminurl api_endpoint.to_s - endpoint_internalurl api_endpoint.to_s - endpoint_publicurl api_endpoint.to_s - action :create_service -end -keystone_register "Register Cinder Volume Endpoint" do - auth_host identity_admin_endpoint.host - auth_port identity_admin_endpoint.port - auth_protocol identity_admin_endpoint.scheme - api_ver identity_admin_endpoint.path - auth_token keystone["admin_token"] - service_name "cinder" - service_type "volume" - service_description "Cinder Volume Service" - endpoint_region "RegionOne" - endpoint_adminurl api_endpoint.to_s - endpoint_internalurl api_endpoint.to_s - endpoint_publicurl api_endpoint.to_s - action :create_endpoint -end - diff --git a/recipes/setup.rb b/recipes/setup.rb new file mode 100644 index 0000000..7cd36de --- /dev/null +++ b/recipes/setup.rb @@ -0,0 +1,68 @@ +# +# Cookbook Name:: cinder +# Recipe:: setup +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012, AT&T, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "cinder::common" + +class ::Chef::Recipe + include ::Openstack +end + +identity_admin_endpoint = endpoint "identity-admin" +keystone_service_role = node["cinder"]["keystone_service_chef_role"] +keystone = get_settings_by_role keystone_service_role, "keystone" +api_endpoint = endpoint "volume-api" + +execute "cinder-manage db sync" do + command "cinder-manage db sync" + action :run + not_if "cinder-manage db version && test $(cinder-manage db version) -gt 0" +end + +keystone_register "Register Cinder Volume Service" do + auth_host identity_admin_endpoint.host + auth_port identity_admin_endpoint.port.to_s + auth_protocol identity_admin_endpoint.scheme + api_ver identity_admin_endpoint.path + auth_token keystone["admin_token"] + service_name "cinder" + service_type "volume" + service_description "Cinder Volume Service" + endpoint_region node["cinder"]["region"] + endpoint_adminurl api_endpoint.to_s + endpoint_internalurl api_endpoint.to_s + endpoint_publicurl api_endpoint.to_s + action :create_service +end + +keystone_register "Register Cinder Volume Endpoint" do + auth_host identity_admin_endpoint.host + auth_port identity_admin_endpoint.port + auth_protocol identity_admin_endpoint.scheme + api_ver identity_admin_endpoint.path + auth_token keystone["admin_token"] + service_name "cinder" + service_type "volume" + service_description "Cinder Volume Service" + endpoint_region node["cinder"]["region"] + endpoint_adminurl api_endpoint.to_s + endpoint_internalurl api_endpoint.to_s + endpoint_publicurl api_endpoint.to_s + action :create_endpoint +end diff --git a/recipes/volume.rb b/recipes/volume.rb new file mode 100644 index 0000000..c2118b9 --- /dev/null +++ b/recipes/volume.rb @@ -0,0 +1,55 @@ +# +# Cookbook Name:: cinder +# Recipe:: volume +# +# Copyright 2012, Rackspace US, Inc. +# Copyright 2012, AT&T, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "cinder::common" + +platform_options = node["cinder"]["platform"] + +platform_options["cinder_volume_packages"].each do |pkg| + package pkg do + action :upgrade + options platform_options["package_overrides"] + end +end + +platform_options["cinder_iscsitarget_packages"].each do |pkg| + package pkg do + action :upgrade + options platform_options["package_overrides"] + end +end + +service "cinder-volume" do + service_name platform_options["cinder_volume_service"] + supports :status => true, :restart => true + action [ :enable, :start ] +end + +service "iscsitarget" do + service_name platform_options["cinder_iscsitarget_service"] + supports :status => true, :restart => true + action :enable +end + +template "/etc/tgt/targets.conf" do + source "targets.conf.erb" + mode 00600 + notifies :restart, resources(:service => "iscsitarget"), :immediately +end diff --git a/templates/default/api-paste.ini.erb b/templates/default/api-paste.ini.erb index c5a292e..97d7701 100644 --- a/templates/default/api-paste.ini.erb +++ b/templates/default/api-paste.ini.erb @@ -3,51 +3,60 @@ ############# [composite:osapi_volume] -use = call:cinder.api.openstack.urlmap:urlmap_factory -/: osvolumeversions +use = call:cinder.api:root_app_factory +/: apiversions /v1: openstack_volume_api_v1 +/v2: openstack_volume_api_v2 [composite:openstack_volume_api_v1] -use = call:cinder.api.auth:pipeline_factory -noauth = faultwrap sizelimit noauth osapi_volume_app_v1 -keystone = faultwrap sizelimit authtoken keystonecontext osapi_volume_app_v1 -keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_volume_app_v1 +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = faultwrap sizelimit noauth apiv1 +keystone = faultwrap sizelimit authtoken keystonecontext apiv1 +keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv1 + +[composite:openstack_volume_api_v2] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = faultwrap sizelimit noauth apiv2 +keystone = faultwrap sizelimit authtoken keystonecontext apiv2 +keystone_nolimit = faultwrap sizelimit authtoken keystonecontext apiv2 [filter:faultwrap] -paste.filter_factory = cinder.api.openstack:FaultWrapper.factory +paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory [filter:noauth] -paste.filter_factory = cinder.api.openstack.auth:NoAuthMiddleware.factory +paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory [filter:sizelimit] -paste.filter_factory = cinder.api.sizelimit:RequestBodySizeLimiter.factory +paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory -[app:osapi_volume_app_v1] -paste.app_factory = cinder.api.openstack.volume:APIRouter.factory +[app:apiv1] +paste.app_factory = cinder.api.v1.router:APIRouter.factory -[pipeline:osvolumeversions] +[app:apiv2] +paste.app_factory = cinder.api.v2.router:APIRouter.factory + +[pipeline:apiversions] pipeline = faultwrap osvolumeversionapp [app:osvolumeversionapp] -paste.app_factory = cinder.api.openstack.volume.versions:Versions.factory +paste.app_factory = cinder.api.versions:Versions.factory ########## # Shared # ########## [filter:keystonecontext] -paste.filter_factory = cinder.api.auth:CinderKeystoneContext.factory +paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory [filter:authtoken] -paste.filter_factory = keystone.middleware.auth_token:filter_factory -service_host = <%= @keystone_api_ipaddress %> -service_port = <%= @keystone_service_port %> -service_protocol = http -auth_host = <%= @keystone_api_ipaddress %> -auth_port = <%= @keystone_admin_port %> -auth_protocol = http -auth_uri = http://<%= @keystone_api_ipaddress %>:<%= @service_port %>/v2.0/ -admin_token = <%= @keystone_admin_token %> -admin_tenant_name = <%= @service_tenant_name %> -admin_user = <%= @service_user %> -admin_password = <%= @service_pass %> +paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +service_host = <%= @identity_endpoint.host %> +service_port = <%= @identity_endpoint.port %> +service_protocol = <%= identity_endpoint.scheme %> +auth_host = <%= @identity_admin_endpoint.host %> +auth_port = <%= @identity_admin_endpoint.port %> +auth_protocol = <%= @identity_admin_endpoint.scheme %> +admin_tenant_name = <%= node["cinder"]["service_tenant_name"] %> +admin_user = <%= node["cinder"]["service_user"] %> +admin_password = <%= node["cinder"]["service_pass"] %> +signing_dir = /var/lib/cinder diff --git a/templates/default/cinder.conf.erb b/templates/default/cinder.conf.erb index 3c34d4f..d01b8b4 100644 --- a/templates/default/cinder.conf.erb +++ b/templates/default/cinder.conf.erb @@ -1,18 +1,12 @@ -# This file autogenerated by Chef -# Do not edit, changes will be overwritten -<% if not node["custom_template_banner"].nil? %> -<%= node["custom_template_banner"] %> -<% end %> - - +<%= node["cinder"]["custom_template_banner"] %> [DEFAULT] ######## defined in cinder.openstack.common.cfg:CommonConfigOpts ######## -debug=false +debug=<%= node["cinder"]["debug"] %> #### (BoolOpt) Print debugging output -verbose=True +verbose=<%= node["cinder"]["verbose"] %> #### (BoolOpt) Print more verbose output # log_config= @@ -42,15 +36,10 @@ verbose=True # Send logs to syslog (/dev/log) instead of to file specified # by `log_file` -use_syslog = <%= @use_syslog %> +use_syslog = <%= node["cinder"]["syslog"]["use"] %> -<% if @use_syslog == true %> # Facility to use. If unset defaults to LOG_USER. -syslog_log_facility = <%= @log_facility %> -<% else %> -# syslog_log_facility = LOG_USER -<% end %> - +syslog_log_facility = <%= node["cinder"]["syslog"]["facility"]%> ######## defined in cinder.flags ######## @@ -79,16 +68,16 @@ sql_connection=<%= @sql_connection %> # state_path=$pybasedir #### (StrOpt) Top-level directory for maintaining cinder's state -my_ip=0.0.0.0 +my_ip=<%= node["ipaddress"] %> #### (StrOpt) ip address of this host -glance_host=<%= @glance_api_ipaddress %> +glance_host=<%= @glance_api_host %> #### (StrOpt) default glance hostname or ip glance_port=<%= @glance_service_port %> #### (IntOpt) default glance port -glance_api_servers=$glance_host:$glance_port +# glance_api_servers=$glance_host:$glance_port #### (ListOpt) A list of the glance api servers available to cinder #### ([hostname|ip]:port) @@ -101,7 +90,7 @@ glance_api_servers=$glance_host:$glance_port # volume_topic=cinder-volume #### (StrOpt) the topic volume nodes listen on -# api_rate_limit=true +api_rate_limit=<%= node["cinder"]["api"]["ratelimit"] %> #### (BoolOpt) whether to rate limit the api # osapi_volume_ext_list= @@ -156,7 +145,7 @@ glance_api_servers=$glance_host:$glance_port #### (StrOpt) time period to generate volume usages for. Time period must #### be hour, day, month or year -root_helper=cinder-rootwrap +# root_helper=cinder-rootwrap #### (StrOpt) Deprecated: command to use for running commands as root rootwrap_config=/etc/cinder/rootwrap.conf @@ -175,7 +164,7 @@ rootwrap_config=/etc/cinder/rootwrap.conf # volume_api_class=cinder.volume.api.API #### (StrOpt) The full class name of the volume API class to use -# auth_strategy=noauth +auth_strategy=keystone #### (StrOpt) The strategy to use for auth. Supports noauth, keystone, and #### deprecated. @@ -380,10 +369,10 @@ db_backend=sqlalchemy # kombu_ssl_ca_certs= #### (StrOpt) SSL certification authority file (valid only if SSL enabled) -# rabbit_host=localhost +rabbit_host=<%= @rabbit_host %> #### (StrOpt) The RabbitMQ broker address where a single node is used -# rabbit_port=5672 +rabbit_port=<%= @rabbit_port %> #### (IntOpt) The RabbitMQ broker port where a single node is used # rabbit_hosts=$rabbit_host:$rabbit_port @@ -820,5 +809,5 @@ db_backend=sqlalchemy # zadara_vpsa_allow_nonexistent_delete=true #### (BoolOpt) Don't halt on deletion of non-existing volumes - -# Total option count: 219 +[keystone_authtoken] +signing_dirname = /tmp/keystone-signing-cinder diff --git a/templates/default/paste-api.ini.erb b/templates/default/paste-api.ini.erb deleted file mode 100644 index ae93b0a..0000000 --- a/templates/default/paste-api.ini.erb +++ /dev/null @@ -1,51 +0,0 @@ -############# -# Openstack # -############# - -[composite:osapi_volume] -use = call:cinder.api.openstack.urlmap:urlmap_factory -/: osvolumeversions -/v1: openstack_volume_api_v1 - -[composite:openstack_volume_api_v1] -use = call:cinder.api.auth:pipeline_factory -noauth = faultwrap sizelimit noauth osapi_volume_app_v1 -keystone = faultwrap sizelimit authtoken keystonecontext osapi_volume_app_v1 -keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_volume_app_v1 - -[filter:faultwrap] -paste.filter_factory = cinder.api.openstack:FaultWrapper.factory - -[filter:noauth] -paste.filter_factory = cinder.api.openstack.auth:NoAuthMiddleware.factory - -[filter:sizelimit] -paste.filter_factory = cinder.api.sizelimit:RequestBodySizeLimiter.factory - -[app:osapi_volume_app_v1] -paste.app_factory = cinder.api.openstack.volume:APIRouter.factory - -[pipeline:osvolumeversions] -pipeline = faultwrap osvolumeversionapp - -[app:osvolumeversionapp] -paste.app_factory = cinder.api.openstack.volume.versions:Versions.factory - -########## -# Shared # -########## - -[filter:keystonecontext] -paste.filter_factory = cinder.api.auth:CinderKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystone.middleware.auth_token:filter_factory -service_protocol = http -service_host = 127.0.0.1 -service_port = 5000 -auth_host = 127.0.0.1 -auth_port = 35357 -auth_protocol = http -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% \ No newline at end of file diff --git a/templates/default/targets.conf.erb b/templates/default/targets.conf.erb new file mode 100644 index 0000000..c70079f --- /dev/null +++ b/templates/default/targets.conf.erb @@ -0,0 +1,7 @@ +<% if %w{redhat centos fedora}.include?(node["platform"]) %> +include /var/lib/cinder/volumes/* +<% end %> +<% if %w{debian ubuntu}.include?(node["platform"]) %> +include /etc/tgt/conf.d/*.conf +<% end %> +default-driver iscsi