From bbe58f037b42dbc0bc9debce6644e214a9049506 Mon Sep 17 00:00:00 2001 From: Corey Bryant Date: Wed, 19 Jul 2017 21:05:35 +0000 Subject: [PATCH] Initial Cookiecutter Commit. --- .gitignore | 5 + .gitreview | 4 + CONTRIBUTING.rst | 17 +++ LICENSE | 176 ++++++++++++++++++++++++++++ README.md | 124 ++++++++++++++++++++ bindep.txt | 2 + patches/drop-nginx-setgroups.patch | 57 +++++++++ patches/oslo-config-dirs.patch | 123 +++++++++++++++++++ requirements.txt | 2 + snap/etc/cinder/cinder.conf | 4 + snap/snap-openstack.yaml | 54 +++++++++ snap/templates/cinder-api.ini.j2 | 16 +++ snap/templates/cinder-nginx.conf.j2 | 14 +++ snap/templates/cinder-snap.conf.j2 | 7 ++ snap/templates/nginx.conf.j2 | 41 +++++++ snapcraft.yaml | 106 +++++++++++++++++ tox.ini | 18 +++ 17 files changed, 770 insertions(+) create mode 100644 .gitignore create mode 100644 .gitreview create mode 100644 CONTRIBUTING.rst create mode 100644 LICENSE create mode 100644 README.md create mode 100644 bindep.txt create mode 100644 patches/drop-nginx-setgroups.patch create mode 100644 patches/oslo-config-dirs.patch create mode 100644 requirements.txt create mode 100644 snap/etc/cinder/cinder.conf create mode 100644 snap/snap-openstack.yaml create mode 100644 snap/templates/cinder-api.ini.j2 create mode 100644 snap/templates/cinder-nginx.conf.j2 create mode 100644 snap/templates/cinder-snap.conf.j2 create mode 100644 snap/templates/nginx.conf.j2 create mode 100644 snapcraft.yaml create mode 100644 tox.ini diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..07ee36e --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +parts +prime +stage +*.snap +.tox diff --git a/.gitreview b/.gitreview new file mode 100644 index 0000000..20aada1 --- /dev/null +++ b/.gitreview @@ -0,0 +1,4 @@ +[gerrit] +host=review.openstack.org +port=29418 +project=openstack/snap-cinder.git diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst new file mode 100644 index 0000000..6c6f909 --- /dev/null +++ b/CONTRIBUTING.rst @@ -0,0 +1,17 @@ +If you would like to contribute to the development of OpenStack, you must +follow the steps in this page: + + http://docs.openstack.org/infra/manual/developers.html + +If you already have a good understanding of how the system works and your +OpenStack accounts are set up, you can skip to the development workflow +section of this documentation to learn how changes to OpenStack should be +submitted for review via the Gerrit tool: + + http://docs.openstack.org/infra/manual/developers.html#development-workflow + +Pull requests submitted through GitHub will be ignored. + +Bugs should be filed on Launchpad, not GitHub: + + https://bugs.launchpad.net/snap-cinder diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..68c771a --- /dev/null +++ b/LICENSE @@ -0,0 +1,176 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..79a5e01 --- /dev/null +++ b/README.md @@ -0,0 +1,124 @@ +# The cinder snap + +This repository contains the source code for the cinder snap. + +Cinder provides on demand, self-service access to software defined block Storage resources on top of various traditional backend block storage devices. + +## Installing this snap + +The cinder snap can be installed directly from the snap store: + + sudo snap install --edge cinder + +The cinder snap is working towards publication across tracks for +OpenStack releases. The edge channel for each track will contain the tip +of the OpenStack project's master branch, with the beta, candidate and +release channels being reserved for released versions. These three channels +will be used to drive the CI process for validation of snap updates. This +should result in an experience such as: + + sudo snap install --channel=ocata/stable cinder + sudo snap install --channel=pike/edge cinder + +## Configuring cinder + +The cinder snap gets its default configuration from the following $SNAP +and $SNAP_COMMON locations: + +### Insert trees of /snap/cinder/current/etc/ and +### /var/snap/cinder/common/etc. If the OpenStack service has an API +### that runs behind uwsgi+nginx, the trees may like like this: + + /snap/cinder/current/etc/ + └── cinder +    ├── cinder.conf +    └── ... + + /var/snap/cinder/common/etc/ + ├── cinder + │   └── cinder.conf.d + │   └── cinder-snap.conf + ├── nginx + │   ├── snap + │   │   ├── nginx.conf + │   │   └── sites-enabled + │   │   └── cinder.conf + └── uwsgi + └── snap +   └── cinder-api.ini + +### Add any details here on how to configure services for this snap. +### Insert a tree of /var/snap/cinder/common/etc with override files. +### If the OpenStack service has an API that runs behind uwsgi+nginx, +### the tree may like like this: + +The cinder snap supports configuration updates via its $SNAP_COMMON writable +area. The default cinder configuration can be overridden as follows: + + /var/snap/cinder/common/etc/ + ├── cinder + │   ├── cinder.conf.d + │   │   ├── cinder-snap.conf + │   │   ├── database.conf + │   │   └── rabbitmq.conf + │   └── cinder.conf + ├── nginx + │   ├── snap + │   │   ├── nginx.conf + │   │   └── sites-enabled + │   │   └── cinder.conf + │   ├── nginx.conf + │   ├── sites-enabled + │   │   └── cinder.conf + └── uwsgi +    ├── snap +   │ └── cinder-api.ini + └── cinder-api.ini + +The cinder configuration can be overridden or augmented by writing +configuration snippets to files in the cinder.conf.d directory. + +Alternatively, cinder configuration can be overridden by adding a full +cinder.conf file to the cinder/ directory. If overriding in this way, you'll +need to either point this config file at additional config files located in $SNAP, +or add those to $SNAP_COMMON as well. + +The cinder nginx configuration can be overridden by adding an nginx/nginx.conf +and new site config files to the nginx/sites-enabled directory. In this case the +nginx/nginx.conf file would include that sites-enabled directory. If +nginx/nginx.conf exists, nginx/snap/nginx.conf will no longer be used. + +The cinder uwsgi configuration can be overridden similarly by adding a +uwsgi/cinder.ini file. If uwsgi/cinder.ini exists, uwsgi/snap/cinder.ini +will no longer be used. + +## Logging cinder + +The services for the cinder snap will log to its $SNAP_COMMON writable area: +/var/snap/cinder/common/log. + +## Restarting cinder services + +To restart all cinder services: + + sudo systemctl restart snap.cinder.* + +or an individual service can be restarted by dropping the wildcard and +specifying the full service name. + +## Building the cinder snap + +Simply clone this repository and then install and run snapcraft: + + git clone https://github.com/openstack/snap-cinder + sudo apt install snapcraft + cd snap-cinder + snapcraft + +## Support + +Please report any bugs related to this snap at: +[Launchpad](https://bugs.launchpad.net/snap-cinder/+filebug). + +Alternatively you can find the OpenStack Snap team in `#openstack-snaps` on +Freenode IRC. diff --git a/bindep.txt b/bindep.txt new file mode 100644 index 0000000..8d8c1a2 --- /dev/null +++ b/bindep.txt @@ -0,0 +1,2 @@ +snapcraft [platform:dpkg] +snapd [platform:dpkg] diff --git a/patches/drop-nginx-setgroups.patch b/patches/drop-nginx-setgroups.patch new file mode 100644 index 0000000..48e6d90 --- /dev/null +++ b/patches/drop-nginx-setgroups.patch @@ -0,0 +1,57 @@ +Description: Drop code where nginx drops privileges for worker + processes. While setuid is covered by the browser-support plug, + setgroups isn't covered by any plugs. This code isn't required + because in strict mode we run worker processes as root:root. + The seccomp violation follows: + = Seccomp = + Time: Jun 16 01:13:15 + Log: auid=4294967295 uid=0 gid=0 ses=4294967295 pid=6087 comm="nginx" + exe="/snap/cinder/x1/usr/sbin/nginx" sig=31 arch=c000003e + 116(setgroups) compat=0 ip=0x7f40e288af09 code=0x0 + Syscall: setgroups + Suggestion: + * adjust program to not use 'setgroups' until per-snap user/groups + are supported (https://launchpad.net/bugs/1446748) +Author: Corey Bryant +Forwarded: no + +--- + src/os/unix/ngx_process_cycle.c | 22 ---------------------- + 1 file changed, 22 deletions(-) + +diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c +index 1710ea8..c428673 100644 +--- a/src/os/unix/ngx_process_cycle.c ++++ b/src/os/unix/ngx_process_cycle.c +@@ -824,28 +824,6 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_int_t worker) + } + } + +- if (geteuid() == 0) { +- if (setgid(ccf->group) == -1) { +- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, +- "setgid(%d) failed", ccf->group); +- /* fatal */ +- exit(2); +- } +- +- if (initgroups(ccf->username, ccf->group) == -1) { +- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, +- "initgroups(%s, %d) failed", +- ccf->username, ccf->group); +- } +- +- if (setuid(ccf->user) == -1) { +- ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, +- "setuid(%d) failed", ccf->user); +- /* fatal */ +- exit(2); +- } +- } +- + if (worker >= 0) { + cpu_affinity = ngx_get_cpu_affinity(worker); + +-- +2.7.4 + diff --git a/patches/oslo-config-dirs.patch b/patches/oslo-config-dirs.patch new file mode 100644 index 0000000..8a7384c --- /dev/null +++ b/patches/oslo-config-dirs.patch @@ -0,0 +1,123 @@ +From 5256bef2fdacdb79eba386c8cad775ed996d1685 Mon Sep 17 00:00:00 2001 +From: Corey Bryant +Date: Wed, 14 Jun 2017 09:57:23 -0400 +Subject: [PATCH] Add snap package paths to default config dirs + +With snap packaging (see snapcraft.io) the package is installed into a +read-only squashfs filesystem, which includes the default config. For +example, $SNAP/etc/nova/nova.conf. To override the defaults, a separate +writable directory is used, and this directory is also unique to the snap. +For example, either $SNAP_COMMON/etc/nova/nova.conf, or +$SNAP_COMMON/etc/nova/nova.conf.d/ can be used to override config. + +This patch adds these snap directories to the default config paths where +oslo looks for config. + +For more details on $SNAP and $SNAP_COMMON please refer to +https://snapcraft.io/docs/reference/env. + +Change-Id: I83627e0f215382aedc7b32163e0303b39e8bccf8 +Closes-Bug: 1696830 +(cherry picked from commit 21e70e28b3015c1619dacfad8a2218b09e8109ec) +--- + oslo_config/cfg.py | 19 +++++++++++++++++-- + oslo_config/tests/test_cfg.py | 24 ++++++++++++++++++++++++ + 2 files changed, 41 insertions(+), 2 deletions(-) + +diff --git a/oslo_config/cfg.py b/oslo_config/cfg.py +index 1047bf6..a2b5b2a 100644 +--- a/oslo_config/cfg.py ++++ b/oslo_config/cfg.py +@@ -614,16 +614,27 @@ def _get_config_dirs(project=None): + /etc/${project}/ + /etc/ + +- Otherwise, these directories:: ++ If a project is specified and installed from a snap package, following ++ directories are also returned: ++ ++ ${SNAP}/etc/${project} ++ ${SNAP_COMMON}/etc/${project} ++ ++ Otherwise, if project is not specified, these directories are returned: + + ~/ + /etc/ + """ ++ snap = os.environ.get('SNAP') ++ snap_c = os.environ.get('SNAP_COMMON') ++ + cfg_dirs = [ + _fixpath(os.path.join('~', '.' + project)) if project else None, + _fixpath('~'), + os.path.join('/etc', project) if project else None, +- '/etc' ++ '/etc', ++ os.path.join(snap, "etc", project) if snap and project else None, ++ os.path.join(snap_c, "etc", project) if snap_c and project else None, + ] + return [x for x in cfg_dirs if x] + +@@ -674,6 +685,8 @@ def find_config_files(project=None, prog=None, extension='.conf'): + ~/ + /etc/${project}/ + /etc/ ++ ${SNAP}/etc/${project} ++ ${SNAP_COMMON}/etc/${project} + + We return an absolute path for (at most) one of each the default config + files, for the topmost directory it exists in. +@@ -704,6 +717,8 @@ def find_config_dirs(project=None, prog=None, extension='.conf.d'): + ~/ + /etc/${project}/ + /etc/ ++ ${SNAP}/etc/${project} ++ ${SNAP_COMMON}/etc/${project} + + We return an absolute path for each of the two config dirs, + in the first place we find it (iff we find it). +diff --git a/oslo_config/tests/test_cfg.py b/oslo_config/tests/test_cfg.py +index 6a46884..0f7db8c 100644 +--- a/oslo_config/tests/test_cfg.py ++++ b/oslo_config/tests/test_cfg.py +@@ -208,6 +208,18 @@ class FindConfigFilesTestCase(BaseTestCase): + + self.assertEqual(cfg.find_config_files(project='blaa'), config_files) + ++ def test_find_config_files_snap(self): ++ config_files = ['/snap/nova/current/etc/blaa/blaa.conf'] ++ fake_env = {'SNAP': '/snap/nova/current/', ++ 'SNAP_COMMON': '/var/snap/nova/common/'} ++ ++ self.useFixture(fixtures.MonkeyPatch('sys.argv', ['foo'])) ++ self.useFixture(fixtures.MonkeyPatch('os.path.exists', ++ lambda p: p in config_files)) ++ self.useFixture(fixtures.MonkeyPatch('os.environ', fake_env)) ++ ++ self.assertEqual(cfg.find_config_files(project='blaa'), config_files) ++ + def test_find_config_files_with_extension(self): + config_files = ['/etc/foo.json'] + +@@ -233,6 +245,18 @@ class FindConfigDirsTestCase(BaseTestCase): + + self.assertEqual(cfg.find_config_dirs(project='blaa'), config_dirs) + ++ def test_find_config_dirs_snap(self): ++ config_dirs = ['/var/snap/nova/common/etc/blaa/blaa.conf.d'] ++ fake_env = {'SNAP': '/snap/nova/current/', ++ 'SNAP_COMMON': '/var/snap/nova/common/'} ++ ++ self.useFixture(fixtures.MonkeyPatch('sys.argv', ['foo'])) ++ self.useFixture(fixtures.MonkeyPatch('os.path.exists', ++ lambda p: p in config_dirs)) ++ self.useFixture(fixtures.MonkeyPatch('os.environ', fake_env)) ++ ++ self.assertEqual(cfg.find_config_dirs(project='blaa'), config_dirs) ++ + def test_find_config_dirs_non_exists(self): + self.useFixture(fixtures.MonkeyPatch('sys.argv', ['foo'])) + self.assertEqual(cfg.find_config_dirs(project='blaa'), []) +-- +2.7.4 + diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..4b00533 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +# Requirements to build snap +# NOTE empty for now until snapcraft installable from branch diff --git a/snap/etc/cinder/cinder.conf b/snap/etc/cinder/cinder.conf new file mode 100644 index 0000000..238b6c3 --- /dev/null +++ b/snap/etc/cinder/cinder.conf @@ -0,0 +1,4 @@ +# The cinder snap may need to override default config files. +# For example if the default cinder.conf file located in +# $SNAP/etc/cinder/cinder.conf needs to be overridden, +# it can be done with this file. diff --git a/snap/snap-openstack.yaml b/snap/snap-openstack.yaml new file mode 100644 index 0000000..7f90643 --- /dev/null +++ b/snap/snap-openstack.yaml @@ -0,0 +1,54 @@ +setup: + dirs: + - "{snap_common}/etc/cinder/cinder.conf.d" + - "{snap_common}/lib" + - "{snap_common}/lock" + - "{snap_common}/log" + - "{snap_common}/run" + # If the OpenStack service has an API that runs behind uwsgi+nginx, + # define uwsgi and nginx etc dirs. + - "{snap_common}/etc/nginx/sites-enabled" + - "{snap_common}/etc/nginx/snap/sites-enabled" + - "{snap_common}/etc/uwsgi/snap" + templates: + # The cinder snap will likely require a template for the corresponding + # OpenStack service(s). For example, you may need to render a template such + # as the following. + cinder-snap.conf.j2: "{snap_common}/etc/cinder/cinder.conf.d/cinder-snap.conf" + # If the OpenStack service has an API that runs behind uwsgi+nginx, + # render nginx config templates. + cinder-nginx.conf.j2: "{snap_common}/etc/nginx/snap/sites-enabled/cinder.conf" + nginx.conf.j2: "{snap_common}/etc/nginx/snap/nginx.conf" +entry_points: + # This is where entry_points are defined for the OpenStack service. For example, + # the service may have a database command-line tool such as the following. + cinder-manage: + binary: "{snap}/bin/cinder-manage" + config-files: + - "{snap}/etc/cinder/cinder.conf" + config-files-override: + - "{snap_common}/etc/cinder/cinder.conf" + config-dirs: + - "{snap_common}/etc/cinder/cinder.conf.d" + # If the OpenStack service has an API that runs behind uwsgi+nginx, the + # following entry_point must be defined. + cinder-uwsgi: + type: uwsgi + uwsgi-dir: "{snap_common}/etc/uwsgi/snap" + uwsgi-dir-override: "{snap_common}/etc/uwsgi" + uwsgi-log: "{snap_common}/log/uwsgi.log" + config-files: + - "{snap}/etc/cinder/cinder.conf" + config-files-override: + - "{snap_common}/etc/cinder/cinder.conf" + config-dirs: + - "{snap_common}/etc/cinder/cinder.conf.d" + log-file: "{snap_common}/log/cinder-api.log" + templates: + cinder-api.ini.j2: "{snap_common}/etc/uwsgi/snap/cinder-api.ini" + # If the OpenStack service has an API that runs behind uwsgi+nginx, the + # following entry_point must be defined. + cinder-nginx: + type: nginx + config-file: "{snap_common}/etc/nginx/snap/nginx.conf" + config-file-override: "{snap_common}/etc/nginx/nginx.conf" diff --git a/snap/templates/cinder-api.ini.j2 b/snap/templates/cinder-api.ini.j2 new file mode 100644 index 0000000..7e136a6 --- /dev/null +++ b/snap/templates/cinder-api.ini.j2 @@ -0,0 +1,16 @@ +# If the OpenStack service has an API that runs behind uwsgi+nginx, you'll need +# to define this template. Be sure to update the path for the wsgi-file and +# "api-name" for the socket. You may also want to rename this file according to +# the service it provides, and you may even need to provide multiple uwsgi files +# if there is more than one wsgi application. +[uwsgi] +wsgi-file = {{ snap }}/bin/cinder-wsgi-file-name +uwsgi-socket = {{ snap_common }}/run/api-name.sock +buffer-size = 65535 +master = true +enable-threads = true +processes = 4 +thunder-lock = true +lazy-apps = true +home = {{ snap }}/usr +pyargv = {{ pyargv }} diff --git a/snap/templates/cinder-nginx.conf.j2 b/snap/templates/cinder-nginx.conf.j2 new file mode 100644 index 0000000..76e008c --- /dev/null +++ b/snap/templates/cinder-nginx.conf.j2 @@ -0,0 +1,14 @@ +# If the OpenStack service has an API that runs behind uwsgi+nginx, you'll need +# to define this template. Be sure to update "listen" with the port number and +# also update "api-name" for the socket. +server { + listen 1234; + access_log {{ snap_common }}/log/nginx-access.log; + error_log {{ snap_common }}/log/nginx-error.log; + location / { + include uwsgi_params; + include {{ snap }}/usr/conf/uwsgi_params; + uwsgi_param SCRIPT_NAME ''; + uwsgi_pass unix://{{ snap_common }}/run/api-name.sock; + } +} diff --git a/snap/templates/cinder-snap.conf.j2 b/snap/templates/cinder-snap.conf.j2 new file mode 100644 index 0000000..c703410 --- /dev/null +++ b/snap/templates/cinder-snap.conf.j2 @@ -0,0 +1,7 @@ +[DEFAULT] +# Set state path to writable directory +state_path = /lib + +[oslo_concurrency] +# Oslo Concurrency lock path +lock_path = /lock diff --git a/snap/templates/nginx.conf.j2 b/snap/templates/nginx.conf.j2 new file mode 100644 index 0000000..4a647bc --- /dev/null +++ b/snap/templates/nginx.conf.j2 @@ -0,0 +1,41 @@ +# If the OpenStack service has an API that runs behind uwsgi+nginx, you'll need +# to define this template. +user root root; +worker_processes auto; +pid {{ snap_common }}/run/nginx.pid; + +events { + worker_connections 768; +} + +http { + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + include {{ snap }}/usr/conf/mime.types; + default_type application/octet-stream; + + ## + # Logging Settings + ## + + access_log {{ snap_common }}/log/nginx-access.log; + error_log {{ snap_common }}/log/nginx-error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + include {{ snap_common }}/etc/nginx/conf.d/*.conf; + include {{ snap_common }}/etc/nginx/snap/sites-enabled/*; +} diff --git a/snapcraft.yaml b/snapcraft.yaml new file mode 100644 index 0000000..f75f77b --- /dev/null +++ b/snapcraft.yaml @@ -0,0 +1,106 @@ +name: cinder +version: ocata +summary: OpenStack Block Storage Service (cinder) +description: | + Cinder provides on demand, self-service access to software defined block Storage resources on top of various traditional backend block storage devices. +confinement: strict +grade: devel + +apps: + # If the OpenStack service has an API that runs behind uwsgi+nginx, the folowing + # app is required. + uwsgi: + command: snap-openstack cinder-uwsgi + daemon: simple + plugs: + - network-bind + # If the OpenStack service has an API that runs behind uwsgi+nginx, the folowing + # app is required. + nginx: + command: snap-openstack cinder-nginx + daemon: forking + plugs: + - network-bind + # Following is an example of creating a command app. + manage: + command: snap-openstack cinder-manage + plugs: + - network + +parts: + # Following is an example of defining a part to build an OpenStack project + cinder: + plugin: python + python-version: python2 + source: http://tarballs.openstack.org/cinder/cinder-stable-ocata.tar.gz + python-packages: + # You may need to pull in additional python packages + - python-memcached + - pymysql + # If the OpenStack service has an API that runs behind uwsgi+nginx, uwsgi is required. + - uwsgi + - git+https://github.com/openstack/snap.openstack#egg=snap.openstack + constraints: https://raw.githubusercontent.com/openstack/requirements/stable/ocata/upper-constraints.txt + build-packages: + - gcc + - libffi-dev + - libssl-dev + - libxml2-dev + - libxslt1-dev + install: | + touch $SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages/paste/__init__.py + touch $SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages/repoze/__init__.py + export SNAP_ROOT="../../.." + export SNAP_SITE_PACKAGES="$SNAPCRAFT_PART_INSTALL/lib/python2.7/site-packages" + patch -d $SNAP_SITE_PACKAGES -p1 < $SNAP_ROOT/patches/oslo-config-dirs.patch + templates: + after: [cinder] + plugin: dump + source: snap + # Following is an example of including the OpenStack project's config + config: + after: [cinder] + plugin: dump + source: http://tarballs.openstack.org/cinder/cinder-stable-ocata.tar.gz + organize: + etc/*.conf: etc/cinder/ + etc/*.ini: etc/cinder/ + etc/*.json: etc/cinder/ + etc/*.templates: etc/cinder/ + filesets: + etc: + - etc/cinder/*.conf + - etc/cinder/*.ini + - etc/cinder/*.json + - etc/cinder/*.templates + stage: [$etc] + prime: [$etc] + # If the OpenStack service has an API that runs behind uwsgi+nginx, the following + # part is required. + nginx: + source: http://www.nginx.org/download/nginx-1.13.0.tar.gz + plugin: autotools + configflags: + - --prefix=/usr + - --http-log-path=/var/snap/cinder/common/log/nginx-access.log + - --error-log-path=/var/snap/cinder/common/log/nginx-error.log + - --lock-path=/var/snap/cinder/common/lock/nginx.lock + - --pid-path=/var/snap/cinder/common/run/nginx.pid + - --http-client-body-temp-path=/var/snap/cinder/common/lib/nginx_client_body + - --http-proxy-temp-path=/var/snap/cinder/common/lib/nginx_proxy + - --http-fastcgi-temp-path=/var/snap/cinder/common/lib/nginx_fastcgi + - --http-uwsgi-temp-path=/var/snap/cinder/common/lib/nginx_uwsgi + - --http-scgi-temp-path=/var/snap/cinder/common/lib/nginx_scgi + - --with-http_ssl_module + build-packages: + - libpcre3-dev + - libssl-dev + prepare: | + export SNAP_ROOT="../../.." + export SNAP_SOURCE="$SNAP_ROOT/parts/nginx/build" + patch -d $SNAP_SOURCE -p1 < $SNAP_ROOT/patches/drop-nginx-setgroups.patch + # If the OpenStack service has an API that runs behind uwsgi+nginx, the following + # part is required. + libxml2: + source: http://xmlsoft.org/sources/libxml2-2.9.4.tar.gz + plugin: autotools diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..7360ffc --- /dev/null +++ b/tox.ini @@ -0,0 +1,18 @@ +[tox] +envlist = snap +skipsdist = True + +[testenv] +basepython = python3.5 +install_command = pip install {opts} {packages} +passenv = HOME TERM +whitelist_externals = + sudo + snapcraft + +[testenv:snap] +deps = -r{toxinidir}/requirements.txt +commands = + sudo snap install core + snapcraft clean + snapcraft snap