├── config-loader ├── data │ └── bootstrap │ │ ├── swift │ │ ├── rsync │ │ ├── swift.conf │ │ ├── account-server.conf │ │ ├── object-server.conf │ │ ├── container-server.conf │ │ ├── rsyncd.conf │ │ └── proxy-server.conf │ │ ├── general │ │ ├── .gitignore │ │ └── environment.conf-sample │ │ ├── neutron │ │ ├── l3_agent.ini │ │ ├── metadata_agent.ini │ │ ├── dhcp_agent.ini │ │ ├── ml2_conf.ini │ │ ├── openvswitch_agent.ini │ │ └── neutron.conf │ │ ├── keystone │ │ └── keystone.conf │ │ ├── nova │ │ ├── openvswitch_agent.ini │ │ ├── neutron.conf │ │ └── nova.conf │ │ ├── bootstrap.sh │ │ ├── glance │ │ └── glance.conf │ │ ├── heat │ │ └── heat.conf │ │ └── cinder │ │ └── cinder.conf └── Dockerfile ├── .gitignore ├── rabbitmq-nodes ├── data │ ├── usr │ │ └── bin │ │ │ └── jq │ └── bootstrap │ │ ├── functions.sh │ │ └── bootstrap.sh └── Dockerfile ├── swift ├── data │ └── bootstrap │ │ ├── account.ring.gz │ │ ├── object.ring.gz │ │ ├── container.ring.gz │ │ ├── configuration-swift.sh │ │ └── bootstrap.sh └── Dockerfile ├── neutron ├── data │ ├── etc │ │ └── neutron │ │ │ └── dnsmasq-neutron.conf │ └── bootstrap │ │ ├── neutron.sql │ │ └── bootstrap.sh └── Dockerfile ├── heat ├── data │ └── bootstrap │ │ ├── heat.sql │ │ └── bootstrap.sh └── Dockerfile ├── cinder ├── data │ └── bootstrap │ │ ├── cinder.sql │ │ └── bootstrap.sh └── Dockerfile ├── glance ├── data │ └── bootstrap │ │ ├── glance.sql │ │ └── bootstrap.sh └── Dockerfile ├── keystone ├── data │ └── bootstrap │ │ ├── keystone.sql │ │ └── bootstrap.sh └── Dockerfile ├── ubuntu-base └── Dockerfile ├── galera-mysql ├── cluster.cnf ├── data │ └── bootstrap │ │ ├── functions.sh │ │ └── bootstrap.sh ├── my.cnf └── Dockerfile ├── horizon ├── data │ ├── bootstrap │ │ └── bootstrap.sh │ └── etc │ │ ├── apache2 │ │ └── sites-available │ │ │ └── openstack-dashboard.conf │ │ └── openstack-dashboard │ │ └── local_settings └── Dockerfile ├── rabbitmq-server ├── Dockerfile └── data │ └── bootstrap │ ├── bootstrap.sh │ └── functions.sh ├── libvirtd ├── Dockerfile └── data │ └── bootstrap │ └── bootstrap.sh ├── nova-controller ├── data │ └── bootstrap │ │ ├── nova.sql │ │ ├── patch_Paramiko │ │ └── bootstrap.sh └── Dockerfile ├── ubuntu-base-os ├── data │ └── bootstrap │ │ ├── environment.sh │ │ ├── configuration.sh │ │ └── semaphore-dependencies.sh └── Dockerfile ├── nova-compute-neutron ├── Dockerfile └── data │ └── bootstrap │ └── bootstrap.sh ├── nova-compute ├── Dockerfile └── data │ └── bootstrap │ └── bootstrap-nova-compute-base.sh ├── README.md └── LICENSE /config-loader/data/bootstrap/swift/rsync: -------------------------------------------------------------------------------- 1 | RSYNC_ENABLE=true 2 | -------------------------------------------------------------------------------- /config-loader/data/bootstrap/general/.gitignore: -------------------------------------------------------------------------------- 1 | environment.conf 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignore files 2 | .DS_Store 3 | *~ 4 | *.swp 5 | .idea 6 | security 7 | *.sublime-* 8 | -------------------------------------------------------------------------------- /rabbitmq-nodes/data/usr/bin/jq: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/BBVA/openstack-k8s/HEAD/rabbitmq-nodes/data/usr/bin/jq -------------------------------------------------------------------------------- /swift/data/bootstrap/account.ring.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/BBVA/openstack-k8s/HEAD/swift/data/bootstrap/account.ring.gz -------------------------------------------------------------------------------- /swift/data/bootstrap/object.ring.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/BBVA/openstack-k8s/HEAD/swift/data/bootstrap/object.ring.gz -------------------------------------------------------------------------------- /swift/data/bootstrap/container.ring.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/BBVA/openstack-k8s/HEAD/swift/data/bootstrap/container.ring.gz -------------------------------------------------------------------------------- /neutron/data/etc/neutron/dnsmasq-neutron.conf: -------------------------------------------------------------------------------- 1 | log-facility = /var/log/dnsmasq.log 2 | log-dhcp 3 | # Line added 4 | dhcp-option=26,1454 -------------------------------------------------------------------------------- /heat/data/bootstrap/heat.sql: -------------------------------------------------------------------------------- 1 | create database if not exists heat; 2 | GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \ 3 | IDENTIFIED BY '$HEAT_DB_PASSWORD'; 4 | GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \ 5 | IDENTIFIED BY '$HEAT_DB_PASSWORD'; 6 | -------------------------------------------------------------------------------- /cinder/data/bootstrap/cinder.sql: -------------------------------------------------------------------------------- 1 | create database if not exists cinder; 2 | GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \ 3 | IDENTIFIED BY '$CINDER_DB_PASSWORD'; 4 | GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \ 5 | IDENTIFIED BY '$CINDER_DB_PASSWORD'; -------------------------------------------------------------------------------- /glance/data/bootstrap/glance.sql: -------------------------------------------------------------------------------- 1 | create database if not exists glance; 2 | GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ 3 | IDENTIFIED BY '$GLANCE_DB_PASSWORD'; 4 | GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ 5 | IDENTIFIED BY '$GLANCE_DB_PASSWORD'; -------------------------------------------------------------------------------- /neutron/data/bootstrap/neutron.sql: -------------------------------------------------------------------------------- 1 | create database if not exists neutron; 2 | GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ 3 | IDENTIFIED BY '$NEUTRON_DB_PASSWORD'; 4 | GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ 5 | IDENTIFIED BY '$NEUTRON_DB_PASSWORD'; -------------------------------------------------------------------------------- /config-loader/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | ADD data / 5 | 6 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 7 | 8 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 9 | -------------------------------------------------------------------------------- /keystone/data/bootstrap/keystone.sql: -------------------------------------------------------------------------------- 1 | create database if not exists keystone; 2 | GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ 3 | IDENTIFIED BY '$KEYSTONE_DB_PASSWORD'; 4 | GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ 5 | IDENTIFIED BY '$KEYSTONE_DB_PASSWORD'; -------------------------------------------------------------------------------- /config-loader/data/bootstrap/neutron/l3_agent.ini: -------------------------------------------------------------------------------- 1 | controller/neutron/l3_agent.ini/DEFAULT/interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver 2 | controller/neutron/l3_agent.ini/DEFAULT/external_network_bridge= 3 | controller/neutron/l3_agent.ini/DEFAULT/enable_metadata_proxy=False 4 | -------------------------------------------------------------------------------- /ubuntu-base/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | MAINTAINER Eurocloud 3 | # image base based on Ubuntu with the minimal packages to build on top of this new ones 4 | 5 | RUN apt-get update \ 6 | && apt-get -y install curl openssl netcat jq tcpdump telnet\ 7 | && rm -rf /var/lib/apt/lists/* 8 | -------------------------------------------------------------------------------- /config-loader/data/bootstrap/swift/swift.conf: -------------------------------------------------------------------------------- 1 | controller/swift/swift.conf/swift-hash/swift_hash_path_suffix=c9d823ec3d8f04bb 2 | controller/swift/swift.conf/swift-hash/swift_hash_path_prefix=b9c823db3c8e04aa 3 | controller/swift/swift.conf/storage-policy:0/name=Policy-0 4 | controller/swift/swift.conf/storage-policy:0/default=yes 5 | -------------------------------------------------------------------------------- /galera-mysql/cluster.cnf: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | 3 | wsrep_provider=/usr/lib/libgalera_smm.so 4 | wsrep_cluster_address=gcomm:// 5 | binlog_format=ROW 6 | default_storage_engine=InnoDB 7 | innodb_autoinc_lock_mode=2 8 | 9 | wsrep_sst_method=xtrabackup-v2 10 | wsrep_node_address=127.0.0.1 11 | wsrep_cluster_name=galera_kubernetes 12 | wsrep_sst_auth=sstuser:changethis -------------------------------------------------------------------------------- /config-loader/data/bootstrap/neutron/metadata_agent.ini: -------------------------------------------------------------------------------- 1 | controller/neutron/metadata_agent.ini/DEFAULT/nova_metadata_ip=$NOVA_HOSTNAME 2 | controller/neutron/metadata_agent.ini/DEFAULT/metadata_proxy_shared_secret=$METADATA_SHARED_SECRET 3 | controller/neutron/metadata_agent.ini/DEFAULT/debug=true 4 | controller/neutron/metadata_agent.ini/DEFAULT/log_file=/var/log/metadata.log 5 | -------------------------------------------------------------------------------- /horizon/data/bootstrap/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################# 4 | # Include scripts 5 | ############################# 6 | source /bootstrap/configuration.sh 7 | source /bootstrap/environment.sh 8 | 9 | ############################# 10 | # variables and environment 11 | ############################# 12 | get_environment 13 | 14 | apache2ctl -DFOREGROUND 15 | 16 | 17 | -------------------------------------------------------------------------------- /rabbitmq-nodes/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | RUN apt-get update \ 5 | && apt-get install -y rabbitmq-server \ 6 | && rm -rf /var/lib/apt/lists/* 7 | 8 | ADD data / 9 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 10 | 11 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 12 | EXPOSE 5672 15672 4369 25672 13 | -------------------------------------------------------------------------------- /rabbitmq-server/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | RUN apt-get update \ 5 | && apt-get install -y rabbitmq-server \ 6 | && rm -rf /var/lib/apt/lists/* 7 | 8 | ADD data / 9 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 10 | 11 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 12 | EXPOSE 5672 15672 4369 25672 13 | -------------------------------------------------------------------------------- /horizon/data/etc/apache2/sites-available/openstack-dashboard.conf: -------------------------------------------------------------------------------- 1 | WSGIDaemonProcess www-data 2 | WSGIProcessGroup www-data 3 | WSGISocketPrefix run/wsgi 4 | 5 | WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi 6 | Alias /static /usr/share/openstack-dashboard/static 7 | 8 | 9 | Order allow,deny 10 | Allow from all 11 | 12 | -------------------------------------------------------------------------------- /libvirtd/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base-os:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | # Install requriments and the main packages 5 | RUN apt-get update && \ 6 | apt-get install -y qemu-kvm libvirt-bin dbus && \ 7 | rm -rf /var/lib/apt/lists/* 8 | 9 | 10 | ADD data / 11 | 12 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 13 | 14 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 15 | -------------------------------------------------------------------------------- /config-loader/data/bootstrap/neutron/dhcp_agent.ini: -------------------------------------------------------------------------------- 1 | controller/neutron/dhcp_agent.ini/DEFAULT/interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver 2 | controller/neutron/dhcp_agent.ini/DEFAULT/enable_isolated_metadata=True 3 | controller/neutron/dhcp_agent.ini/DEFAULT/enable_metadata_network=True 4 | controller/neutron/dhcp_agent.ini/DEFAULT/dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq 5 | controller/neutron/dhcp_agent.ini/DEFAULT/dnsmasq_config_file=/etc/neutron/dnsmasq-neutron.conf 6 | -------------------------------------------------------------------------------- /nova-controller/data/bootstrap/nova.sql: -------------------------------------------------------------------------------- 1 | create database if not exists nova; 2 | GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ 3 | IDENTIFIED BY '$NOVA_DB_PASSWORD'; 4 | GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ 5 | IDENTIFIED BY '$NOVA_DB_PASSWORD'; 6 | 7 | create database if not exists nova_api; 8 | GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ 9 | IDENTIFIED BY '$NOVA_DB_PASSWORD'; 10 | GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ 11 | IDENTIFIED BY '$NOVA_DB_PASSWORD'; 12 | -------------------------------------------------------------------------------- /config-loader/data/bootstrap/neutron/ml2_conf.ini: -------------------------------------------------------------------------------- 1 | controller/neutron/ml2_conf.ini/ml2/type_drivers=vxlan,flat 2 | controller/neutron/ml2_conf.ini/ml2/tenant_network_types=vxlan 3 | controller/neutron/ml2_conf.ini/ml2/mechanism_drivers=openvswitch,l2population 4 | controller/neutron/ml2_conf.ini/ml2/extension_drivers=port_security 5 | controller/neutron/ml2_conf.ini/ml2_type_flat/flat_networks=external 6 | controller/neutron/ml2_conf.ini/ml2_type_vxlan/vni_ranges=1:1000 7 | controller/neutron/ml2_conf.ini/securitygroup/firewall_driver=iptables_hybrid 8 | 9 | -------------------------------------------------------------------------------- /libvirtd/data/bootstrap/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | cat > /etc/libvirt/libvirt.conf < /var/lib/rabbitmq/.erlang.cookie 7 | chown rabbitmq:rabbitmq /var/lib/rabbitmq/.erlang.cookie 8 | chmod 400 /var/lib/rabbitmq/.erlang.cookie 9 | 10 | rabbitmq-server -detached 11 | sleep 6 12 | 13 | rabbitmqctl add_user $RABBIT_USERID $RABBIT_PASSWORD 14 | rabbitmqctl set_user_tags $RABBIT_USERID administrator 15 | rabbitmqctl set_permissions -p / $RABBIT_USERID ".*" ".*" ".*" 16 | 17 | rabbitmqctl delete_user guest 18 | rabbitmqctl stop 19 | sleep 4 20 | 21 | echo "*** User creation completed. ***" 22 | echo "*** Log in the WebUI at port 15672 ***" 23 | 24 | ulimit -S -n 65536 25 | rabbitmq-server 26 | 27 | -------------------------------------------------------------------------------- /nova-controller/data/bootstrap/patch_Paramiko: -------------------------------------------------------------------------------- 1 | --- a/crypto.py 2016-08-08 11:45:20.634765245 +0000 2 | +++ b/crypto.py 2016-08-08 11:11:08.418692404 +0000 3 | @@ -173,11 +173,12 @@ 4 | # which version of pysaml2 is installed, Nova is likely to break. So we 5 | # call "RSA.generate(bits)" which works on both pycrypto and pycryptodome 6 | # and then wrap it into a paramiko.RSAKey 7 | - rsa = RSA.generate(bits) 8 | - key = paramiko.RSAKey(vals=(rsa.e, rsa.n)) 9 | - key.d = rsa.d 10 | - key.p = rsa.p 11 | - key.q = rsa.q 12 | +# rsa = RSA.generate(bits) 13 | +# key = paramiko.RSAKey(vals=(rsa.e, rsa.n)) 14 | +# key.d = rsa.d 15 | +# key.p = rsa.p 16 | +# key.q = rsa.q 17 | + key = paramiko.RSAKey.generate(bits) 18 | return key 19 | -------------------------------------------------------------------------------- /config-loader/data/bootstrap/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | 4 | ETCD="http://etcd:2379/v2/keys" 5 | cd /bootstrap 6 | curl -X DELETE "$ETCD/controller?recursive=true" 7 | curl -X DELETE "$ETCD/general?recursive=true" 8 | curl -X DELETE "$ETCD/compute?recursive=true" 9 | 10 | for d in $(ls --ignore="*.sh" ./) 11 | do 12 | for file in $(ls $d/*) 13 | do 14 | 15 | while read line 16 | do 17 | key=`echo $line | awk -F"=" '{print $1}'` 18 | value=`echo $line | awk -F"=" '{print $2}'` 19 | echo "$key" | grep -i "general\|controller\|compute" >> /dev/null 20 | if [[ $? -eq 0 ]];then # If is a valid key, we put in our etcd 21 | curl -fs -X PUT "$ETCD/$key" -d value="$value" 22 | else #If is another word that we dont want, we dont do nothin 23 | break 24 | fi 25 | done < $file 26 | done 27 | done 28 | -------------------------------------------------------------------------------- /glance/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base-os:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | ENV OPENSTACK_VERSION=mitaka \ 5 | PBR=12.0.0 \ 6 | CLIENT=1.22.0 7 | 8 | # Install requriments and the main packages 9 | 10 | RUN set -ex \ 11 | && curl -fSL https://github.com/openstack/glance/archive/${PBR}.zip -o glance-${PBR}.zip \ 12 | && unzip glance-${PBR}.zip \ 13 | && cd glance-${PBR} \ 14 | && pip install -r requirements.txt \ 15 | && PBR_VERSION=${PBR} pip install . \ 16 | && cp -r etc /etc/glance \ 17 | && pip install git+https://github.com/openstack/python-openstackclient.git@stable/${OPENSTACK_VERSION} \ 18 | && pip install os-client-config==${CLIENT} \ 19 | && cd - \ 20 | && rm -rf glance-${PBR}* 21 | 22 | ADD data / 23 | 24 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 25 | 26 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 27 | EXPOSE 9191 9292 28 | 29 | -------------------------------------------------------------------------------- /config-loader/data/bootstrap/swift/rsyncd.conf: -------------------------------------------------------------------------------- 1 | controller/swift/rsyncd.conf/uid=swift 2 | controller/swift/rsyncd.conf/gid=swift 3 | controller/swift/rsyncd.conf/log file=/var/log/rsyncd.log 4 | controller/swift/rsyncd.conf/pid file=/var/run/rsyncd.pid 5 | controller/swift/rsyncd.conf/address=$HOSTNAME 6 | controller/swift/rsyncd.conf/account/max connections=2 7 | controller/swift/rsyncd.conf/account/path=/srv/node/ 8 | controller/swift/rsyncd.conf/account/read only=False 9 | controller/swift/rsyncd.conf/account/lock file=/var/lock/account.lock 10 | controller/swift/rsyncd.conf/container/max connections=2 11 | controller/swift/rsyncd.conf/container/path=/srv/node/ 12 | controller/swift/rsyncd.conf/container/read only=False 13 | controller/swift/rsyncd.conf/container/lock file=/var/lock/container.lock 14 | controller/swift/rsyncd.conf/object/max connections=2 15 | controller/swift/rsyncd.conf/object/path=/srv/node/ 16 | controller/swift/rsyncd.conf/object/read only=False 17 | controller/swift/rsyncd.conf/object/lock file=/var/lock/object.lock 18 | -------------------------------------------------------------------------------- /ubuntu-base-os/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base:latest 2 | MAINTAINER Eurocloud 3 | # image base based on Ubuntu with the minimal packages to build on top of this new ones 4 | 5 | ENV PYTHON_VERSION=2.7 \ 6 | LANG=en_US.UTF-8 \ 7 | LANGUAGE=en_US:en \ 8 | LC_ALL=en_US.UTF-8 9 | 10 | RUN locale-gen en_US.UTF-8 && \ 11 | apt-get update && \ 12 | apt-get install -y locales git unzip crudini gettext-base coreutils moreutils openssl mysql-client libxml2-dev libpq-dev libxslt-dev libffi-dev libssl-dev libmysqlclient-dev python${PYTHON_VERSION} python${PYTHON_VERSION}-dev && \ 13 | apt-get clean && \ 14 | rm -rf /var/lib/apt/lists/* 15 | 16 | RUN curl -fSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py \ 17 | && python get-pip.py \ 18 | && pip install tox \ 19 | && pip install mysqlclient \ 20 | && pip install setuptools 21 | 22 | ADD data / 23 | 24 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 25 | -------------------------------------------------------------------------------- /keystone/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base-os:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | ENV OPENSTACK_VERSION=mitaka \ 5 | PBR=9.0.1 \ 6 | CLIENT=1.22.0 7 | 8 | # Install requriments and the main packages 9 | 10 | RUN curl -fSL https://github.com/openstack/keystone/archive/${PBR}.zip -o keystone-${PBR}.zip \ 11 | && unzip keystone-${PBR}.zip \ 12 | && cd keystone-${PBR} \ 13 | && pip install -r requirements.txt \ 14 | && PBR_VERSION=${PBR} pip install . \ 15 | && pip install uwsgi \ 16 | && cp -r etc /etc/keystone \ 17 | && mv /etc/keystone/keystone.conf.sample /etc/keystone/keystone.conf \ 18 | && pip install git+https://github.com/openstack/python-openstackclient.git@stable/${OPENSTACK_VERSION} \ 19 | && pip install os-client-config==${CLIENT} \ 20 | && cd - \ 21 | && rm -rf keystone-${PBR}* 22 | 23 | ADD data / 24 | 25 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 26 | 27 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 28 | EXPOSE 5000 35357 29 | 30 | -------------------------------------------------------------------------------- /galera-mysql/data/bootstrap/functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | function get_environment () { 4 | 5 | 6 | RAIZ="http://etcd:2379/v2/keys/general" 7 | 8 | # solo hay que cambiar los valores del array environment 9 | 10 | RESULT_PARAMS=`curl -fs -X GET $RAIZ` 11 | NPARAMS=`echo $RESULT_PARAMS | jq .node.nodes | jq '. | length'` 12 | CPARAMS=0 13 | 14 | while [ $CPARAMS -lt $NPARAMS ]; do 15 | 16 | value=$(echo $RESULT_PARAMS | jq .node.nodes[$CPARAMS].value | sed 's/"//g') 17 | key_path=$(echo $RESULT_PARAMS | jq .node.nodes[$CPARAMS].key | sed 's/"//g') 18 | key=`echo $key_path | awk -F"/" '{print $3}'` 19 | 20 | export $key=$value 21 | let CPARAMS=CPARAMS+1 22 | done 23 | 24 | 25 | } 26 | 27 | function fix_configs () { 28 | if [ $# -eq 0 ] 29 | then 30 | echo -e "\n\n *** ERROR ***: No arguments given. Please specify the configuration file or directory contining the configuration files that need to be changed" 31 | exit 32 | fi 33 | for conffile in `find $@ -type f` 34 | do 35 | cat $conffile | envsubst | sponge $conffile 36 | done 37 | 38 | } -------------------------------------------------------------------------------- /rabbitmq-nodes/data/bootstrap/functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | function get_environment () { 4 | 5 | 6 | RAIZ="http://etcd:2379/v2/keys/general" 7 | 8 | # solo hay que cambiar los valores del array environment 9 | 10 | RESULT_PARAMS=`curl -fs -X GET $RAIZ` 11 | NPARAMS=`echo $RESULT_PARAMS | jq .node.nodes | jq '. | length'` 12 | CPARAMS=0 13 | 14 | while [ $CPARAMS -lt $NPARAMS ]; do 15 | 16 | value=$(echo $RESULT_PARAMS | jq .node.nodes[$CPARAMS].value | sed 's/"//g') 17 | key_path=$(echo $RESULT_PARAMS | jq .node.nodes[$CPARAMS].key | sed 's/"//g') 18 | key=`echo $key_path | awk -F"/" '{print $3}'` 19 | 20 | export $key=$value 21 | let CPARAMS=CPARAMS+1 22 | done 23 | 24 | 25 | } 26 | 27 | function fix_configs () { 28 | if [ $# -eq 0 ] 29 | then 30 | echo -e "\n\n *** ERROR ***: No arguments given. Please specify the configuration file or directory contining the configuration files that need to be changed" 31 | exit 32 | fi 33 | for conffile in `find $@ -type f` 34 | do 35 | cat $conffile | envsubst | sponge $conffile 36 | done 37 | 38 | } -------------------------------------------------------------------------------- /rabbitmq-server/data/bootstrap/functions.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | function get_environment () { 4 | 5 | 6 | RAIZ="http://etcd:2379/v2/keys/general" 7 | 8 | # solo hay que cambiar los valores del array environment 9 | 10 | RESULT_PARAMS=`curl -fs -X GET $RAIZ` 11 | NPARAMS=`echo $RESULT_PARAMS | jq .node.nodes | jq '. | length'` 12 | CPARAMS=0 13 | 14 | while [ $CPARAMS -lt $NPARAMS ]; do 15 | 16 | value=$(echo $RESULT_PARAMS | jq .node.nodes[$CPARAMS].value | sed 's/"//g') 17 | key_path=$(echo $RESULT_PARAMS | jq .node.nodes[$CPARAMS].key | sed 's/"//g') 18 | key=`echo $key_path | awk -F"/" '{print $3}'` 19 | 20 | export $key=$value 21 | let CPARAMS=CPARAMS+1 22 | done 23 | 24 | 25 | } 26 | 27 | function fix_configs () { 28 | if [ $# -eq 0 ] 29 | then 30 | echo -e "\n\n *** ERROR ***: No arguments given. Please specify the configuration file or directory contining the configuration files that need to be changed" 31 | exit 32 | fi 33 | for conffile in `find $@ -type f` 34 | do 35 | cat $conffile | envsubst | sponge $conffile 36 | done 37 | 38 | } -------------------------------------------------------------------------------- /rabbitmq-nodes/data/bootstrap/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | source /bootstrap/functions.sh 4 | get_environment 5 | 6 | KUBE_TOKEN=$(> /etc/hosts 8 | 9 | name_pod=$(curl -sSk -H "Authorization: Bearer $KUBE_TOKEN" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/default/pods/ | jq -c '.items[] | select(.metadata.name | contains("rmq-node-1"))' | jq '. | { name: .metadata.name }' | jq -r .[]) 10 | 11 | echo $RABBIT_COOKIE > /var/lib/rabbitmq/.erlang.cookie 12 | chown rabbitmq:rabbitmq /var/lib/rabbitmq/.erlang.cookie 13 | chmod 400 /var/lib/rabbitmq/.erlang.cookie 14 | 15 | rabbitmq-server -detached 16 | rabbitmqctl stop_app 17 | rabbitmqctl join_cluster rabbit@$name_pod 18 | rabbitmqctl start_app 19 | 20 | rabbitmqctl stop 21 | sleep 4 22 | rabbitmq-server 23 | 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /nova-compute-neutron/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/k8s-nova-compute:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | 5 | ENV OPENSTACK_VERSION=mitaka \ 6 | neutronPBR=8.1.2 7 | 8 | # Install requriments and the main packages 9 | RUN apt-get update && \ 10 | apt-get install -y openvswitch-switch ipset && \ 11 | rm -rf /var/lib/apt/lists/* 12 | 13 | RUN curl -fSL https://github.com/openstack/neutron/archive/${neutronPBR}.zip -o neutron-${neutronPBR}.zip \ 14 | && unzip neutron-${neutronPBR}.zip \ 15 | && cd neutron-${neutronPBR} \ 16 | && pip install -r requirements.txt \ 17 | && PBR_VERSION=${neutronPBR} pip install . \ 18 | && PBR_VERSION=${neutronPBR} tox -egenconfig \ 19 | && cp -r etc /etc/neutron \ 20 | && mv /etc/neutron/neutron/* /etc/neutron/ \ 21 | && mv /etc/neutron/neutron.conf.sample /etc/neutron/neutron.conf \ 22 | && mv /etc/neutron/plugins/ml2/openvswitch_agent.ini.sample /etc/neutron/plugins/ml2/openvswitch_agent.ini \ 23 | && cd - \ 24 | && rm -rf neutron-${neutronPBR}* 25 | 26 | ADD data / 27 | 28 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 29 | 30 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 31 | -------------------------------------------------------------------------------- /galera-mysql/my.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | port=3306 3 | socket=/var/run/mysqld/mysqld.sock 4 | 5 | [mysqld_safe] 6 | socket=/var/run/mysqld/mysqld.sock 7 | nice=0 8 | 9 | [mysqld] 10 | user=mysql 11 | pid-file=/var/run/mysqld/mysqld.pid 12 | socket=/var/run/mysqld/mysqld.sock 13 | port=3306 14 | basedir=/usr 15 | datadir=/var/lib/mysql 16 | tmpdir=/tmp 17 | lc-messages-dir=/usr/share/mysql 18 | skip-external-locking 19 | 20 | key_buffer=160M 21 | max_allowed_packet=160M 22 | thread_stack=192K 23 | thread_cache_size=8 24 | 25 | myisam-recover=BACKUP 26 | max_connections=1024 27 | query_cache_limit=10M 28 | query_cache_size=160M 29 | slow_query_log=1 30 | slow_query_log_file=/var/log/mysql/mysql-slow.log 31 | long_query_time=2 32 | log-queries-not-using-indexes 33 | 34 | server-id=12345 35 | log_bin=/var/log/mysql/mysql-bin.log 36 | expire_logs_days=4 37 | max_binlog_size=100M 38 | 39 | default_storage_engine=InnoDB 40 | innodb_file_per_table 41 | innodb_log_file_size=100M 42 | innodb_log_buffer_size=10M 43 | innodb_log_files_in_group=2 44 | innodb_buffer_pool_instances=4 45 | innodb_buffer_pool_size=100M 46 | 47 | [mysqldump] 48 | quick 49 | quote-names 50 | max_allowed_packet=16M 51 | 52 | [isamchk] 53 | key_buffer=16M 54 | 55 | !includedir /etc/mysql/conf.d/ -------------------------------------------------------------------------------- /nova-compute/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base-os:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | 5 | ENV OPENSTACK_VERSION=mitaka \ 6 | novaPBR=13.1.0 \ 7 | CLIENT=1.22.0 8 | 9 | # Install requriments and the main packages 10 | RUN apt-get update && \ 11 | apt-get install -y qemu-utils python-libvirt && \ 12 | rm -rf /var/lib/apt/lists/* 13 | 14 | RUN curl -fSL https://github.com/openstack/nova/archive/${novaPBR}.zip -o nova-${novaPBR}.zip \ 15 | && unzip nova-${novaPBR}.zip \ 16 | && cd nova-${novaPBR} \ 17 | && pip install -r requirements.txt \ 18 | && PBR_VERSION=${novaPBR} pip install . \ 19 | && PBR_VERSION=${novaPBR} tox -egenconfig \ 20 | && cp -r etc /etc/nova \ 21 | && mv /etc/nova/nova/* /etc/nova/ \ 22 | && mv /etc/nova/nova.conf.sample /etc/nova/nova.conf \ 23 | && pip install git+https://github.com/openstack/python-openstackclient.git@stable/${OPENSTACK_VERSION} \ 24 | && pip install os-client-config==${CLIENT} \ 25 | && cd - \ 26 | && rm -rf nova-${novaPBR}* 27 | 28 | ADD data / 29 | 30 | #RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 31 | 32 | #ENTRYPOINT ["/bootstrap/bootstrap-nova-compute-base.sh"] 33 | -------------------------------------------------------------------------------- /nova-controller/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base-os:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | 5 | ENV OPENSTACK_VERSION=mitaka \ 6 | PBR=13.1.0 \ 7 | CLIENT=1.22.0 8 | 9 | RUN apt-get update && \ 10 | apt-get install -qqy python-libvirt && \ 11 | rm -rf /var/lib/apt/lists/* 12 | 13 | 14 | RUN curl -fSL https://github.com/openstack/nova/archive/${PBR}.zip -o nova-${PBR}.zip \ 15 | && unzip nova-${PBR}.zip \ 16 | && cd nova-${PBR} \ 17 | && pip install -r requirements.txt \ 18 | && PBR_VERSION=${PBR} pip install . \ 19 | && PBR_VERSION=${PBR} tox -egenconfig \ 20 | && cp -r nova/CA /usr/local/lib/python2.7/dist-packages/nova \ 21 | && cp -r etc /etc/nova \ 22 | && mv /etc/nova/nova/* /etc/nova/ \ 23 | && mv /etc/nova/nova.conf.sample /etc/nova/nova.conf \ 24 | && pip install git+https://github.com/openstack/python-openstackclient.git@stable/${OPENSTACK_VERSION} \ 25 | && pip install os-client-config==${CLIENT} \ 26 | && cd - \ 27 | && rm -rf nova-${PBR}* 28 | 29 | ADD data / 30 | 31 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 32 | 33 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 34 | EXPOSE 8773 8774 8775 6080 35 | -------------------------------------------------------------------------------- /config-loader/data/bootstrap/nova/neutron.conf: -------------------------------------------------------------------------------- 1 | compute/neutron/neutron.conf/DEFAULT/rpc_backend=rabbit 2 | compute/neutron/neutron.conf/DEFAULT/auth_strategy=keystone 3 | compute/neutron/neutron.conf/keystone_authtoken/auth_uri=http://$KEYSTONE_HOSTNAME:5000 4 | compute/neutron/neutron.conf/keystone_authtoken/auth_url=http://$KEYSTONE_HOSTNAME:35357 5 | compute/neutron/neutron.conf/keystone_authtoken/auth_type=password 6 | compute/neutron/neutron.conf/keystone_authtoken/project_domain_name=default 7 | compute/neutron/neutron.conf/keystone_authtoken/user_domain_name=default 8 | compute/neutron/neutron.conf/keystone_authtoken/project_name=services 9 | compute/neutron/neutron.conf/keystone_authtoken/username=$NEUTRON_USERNAME 10 | compute/neutron/neutron.conf/keystone_authtoken/password=$NEUTRON_PASSWORD 11 | compute/neutron/neutron.conf/oslo_messaging_rabbit/rabbit_host=$RABBIT_HOSTNAME 12 | compute/neutron/neutron.conf/oslo_messaging_rabbit/rabbit_userid=$RABBIT_USERID 13 | compute/neutron/neutron.conf/oslo_messaging_rabbit/rabbit_password=$RABBIT_PASSWORD 14 | compute/neutron/neutron.conf/oslo_concurrency/lock_path=%3CNone%3E 15 | compute/neutron/neutron.conf/DEFAULT/verbose=True 16 | compute/neutron/neutron.conf/DEFAULT/debug=True 17 | compute/neutron/neutron.conf/DEFAULT/log_file=/var/log/neutron.log 18 | 19 | -------------------------------------------------------------------------------- /cinder/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base-os:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | 5 | ENV OPENSTACK_VERSION=mitaka \ 6 | PBR=8.0.0 \ 7 | CLIENT=1.22.0 8 | 9 | RUN apt-get update && \ 10 | apt-get install -y nfs-common && \ 11 | rm -rf /var/lib/apt/lists/* 12 | 13 | 14 | RUN set -ex; \ 15 | curl -fSL https://github.com/openstack/cinder/archive/${PBR}.zip -o /opt/cinder-${PBR}.zip; \ 16 | cd /opt; \ 17 | unzip /opt/cinder-${PBR}.zip; \ 18 | cd /opt/cinder-${PBR}; \ 19 | pip install -r requirements.txt; \ 20 | PBR_VERSION=${PBR} pip install .; \ 21 | sed -i 's/passenv.*/& PACKAGENAME/' tox.ini; \ 22 | PBR_VERSION=${PBR} PACKAGENAME=cinder tox -e genconfig; \ 23 | cp -r etc/cinder/ /etc/cinder/ ; \ 24 | mv /etc/cinder/cinder.conf.sample /etc/cinder/cinder.conf; \ 25 | mkdir -p /var/lib/cinder/nfs; \ 26 | pip install git+https://github.com/openstack/python-openstackclient.git@stable/${OPENSTACK_VERSION}; \ 27 | pip install os-client-config==${CLIENT}; \ 28 | pip uninstall kombu -y; \ 29 | pip install kombu==3.0.35 30 | 31 | ADD data / 32 | 33 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 34 | 35 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 36 | EXPOSE 8776 37 | -------------------------------------------------------------------------------- /heat/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base-os:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | 5 | ENV OPENSTACK_VERSION=mitaka \ 6 | PBR=6.0.0 \ 7 | CLIENT=1.22.0 8 | 9 | # Install requriments and the main packages 10 | 11 | RUN set -ex \ 12 | && curl -fSL https://github.com/openstack/heat/archive/${PBR}.zip -o heat-${PBR}.zip \ 13 | && unzip heat-${PBR}.zip \ 14 | && cd heat-${PBR} \ 15 | && pip install -r requirements.txt \ 16 | && PBR_VERSION=${PBR} pip install . \ 17 | && PBR_VERSION=${PBR} tox -e genconfig \ 18 | && cp -r etc/heat/ /etc/ \ 19 | && mv /etc/heat/heat.conf.sample /etc/heat/heat.conf \ 20 | && cp heat/cloudinit/config /usr/local/lib/python2.7/dist-packages/heat/cloudinit/ \ 21 | && cp heat/cloudinit/boothook.sh /usr/local/lib/python2.7/dist-packages/heat/cloudinit/ \ 22 | && chmod +x /usr/local/lib/python2.7/dist-packages/heat/cloudinit/boothook.sh \ 23 | && pip install git+https://github.com/openstack/python-openstackclient.git@stable/${OPENSTACK_VERSION} \ 24 | && pip install os-client-config==${CLIENT} \ 25 | && cd - \ 26 | && rm -rf heat-${PBR}* 27 | 28 | ADD data / 29 | 30 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 31 | 32 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 33 | EXPOSE 8000 8003 8004 34 | 35 | -------------------------------------------------------------------------------- /nova-compute/data/bootstrap/bootstrap-nova-compute-base.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################# 4 | # Include scripts 5 | ############################# 6 | source /bootstrap/configuration.sh 7 | source /bootstrap/environment.sh 8 | source /bootstrap/semaphore-dependencies.sh 9 | 10 | check_dependency "nova-compute" 11 | 12 | ############################# 13 | # variables and environment 14 | ############################# 15 | get_environment 16 | 17 | ############################ 18 | # CONFIGURE NOVA 19 | ############################ 20 | # llamada a la funcion del configuration.sh 21 | re_write_file "/compute/nova/nova.conf" "/etc/nova/" 22 | 23 | sleep 3 24 | MI_IP=`ip a | grep 10.4 | awk '{print $2}' | cut -d"/" -f1` 25 | echo "El valor de MY_IP es: $MI_IP" 26 | sed -i "s!^my_ip.*=.*!my_ip = $MI_IP!" /etc/nova/nova.conf 27 | sed -i "s!^#metadata_host.*=.*!metadata_host = $MI_IP!" /etc/nova/nova.conf 28 | # create a admin-openrc.sh file 29 | 30 | cat >~/openrc < 3 | 4 | 5 | ENV OPENSTACK_VERSION=mitaka \ 6 | PBR=8.1.2 \ 7 | CLIENT=1.22.0 8 | 9 | RUN apt-get update && \ 10 | apt-get install -y openvswitch-switch iptables dnsmasq dnsmasq-utils arping && \ 11 | rm -rf /var/lib/apt/lists/* 12 | 13 | RUN curl -fSL https://github.com/openstack/neutron/archive/${PBR}.zip -o neutron-${PBR}.zip \ 14 | && unzip neutron-${PBR}.zip \ 15 | && cd neutron-${PBR} \ 16 | && pip install -r requirements.txt \ 17 | && PBR_VERSION=${PBR} pip install . \ 18 | && PBR_VERSION=${PBR} tox -egenconfig \ 19 | && cp -r etc /etc/neutron \ 20 | && mv /etc/neutron/neutron/* /etc/neutron/ \ 21 | && mv /etc/neutron/neutron.conf.sample /etc/neutron/neutron.conf \ 22 | && mv /etc/neutron/l3_agent.ini.sample /etc/neutron/l3_agent.ini \ 23 | && mv /etc/neutron/dhcp_agent.ini.sample /etc/neutron/dhcp_agent.ini \ 24 | && mv /etc/neutron/metadata_agent.ini.sample /etc/neutron/metadata_agent.ini \ 25 | && mv /etc/neutron/plugins/ml2/ml2_conf.ini.sample /etc/neutron/plugins/ml2/ml2_conf.ini \ 26 | && mv /etc/neutron/plugins/ml2/openvswitch_agent.ini.sample /etc/neutron/plugins/ml2/openvswitch_agent.ini \ 27 | && pip install git+https://github.com/openstack/python-openstackclient.git@stable/${OPENSTACK_VERSION} \ 28 | && pip install os-client-config==${CLIENT} \ 29 | && cd - \ 30 | && rm -rf neutron-${PBR}* 31 | 32 | ADD data / 33 | 34 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 35 | 36 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 37 | EXPOSE 9696 38 | 39 | -------------------------------------------------------------------------------- /nova-compute-neutron/data/bootstrap/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################# 4 | # Execute script nova-compute-base 5 | 6 | bash /bootstrap/bootstrap-nova-compute-base.sh & 7 | ############################# 8 | 9 | ############################# 10 | # Include scripts 11 | ############################# 12 | source /bootstrap/configuration.sh 13 | source /bootstrap/environment.sh 14 | source /bootstrap/semaphore-dependencies.sh 15 | 16 | check_dependency "nova-compute" 17 | 18 | ############################# 19 | # variables and environment 20 | ############################# 21 | get_environment 22 | 23 | ############################ 24 | # CONFIGURE NOVA 25 | ############################ 26 | # llamada a la funcion del configuration.sh 27 | re_write_file "/compute/neutron/neutron.conf" "/etc/neutron/" 28 | re_write_file "/compute/neutron/openvswitch_agent.ini" "/etc/neutron/plugins/ml2/" 29 | 30 | sleep 3 31 | MI_IP=`ip a | grep 10.4 | awk '{print $2}' | cut -d"/" -f1` 32 | echo "El valor de MY_IP es: $MI_IP" 33 | sed -i "s%^local_ip.*=.*%local_ip = $MI_IP%" /etc/neutron/plugins/ml2/openvswitch_agent.ini 34 | # create a admin-openrc.sh file 35 | 36 | cat >~/openrc < 3 | 4 | # add our user and group first to make sure their IDs get assigned 5 | # consistently, regardless of whatever dependencies get added 6 | RUN groupadd -r mysql && useradd -r -g mysql mysql 7 | 8 | ENV PERCONA_XTRADB_VERSION 5.6 9 | ENV MYSQL_VERSION 5.6 10 | ENV TERM linux 11 | 12 | RUN apt-get update 13 | RUN DEBIAN_FRONTEND=noninteractive apt-get install -y perl --no-install-recommends && rm -rf /var/lib/apt/lists/* 14 | 15 | RUN apt-key adv --keyserver keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A 16 | 17 | RUN echo "deb http://repo.percona.com/apt trusty main" > /etc/apt/sources.list.d/percona.list 18 | RUN echo "deb-src http://repo.percona.com/apt trusty main" >> /etc/apt/sources.list.d/percona.list 19 | 20 | 21 | # the "/var/lib/mysql" stuff here is because the mysql-server 22 | # postinst doesn't have an explicit way to disable the 23 | # mysql_install_db codepath besides having a database already 24 | # "configured" (ie, stuff in /var/lib/mysql/mysql) 25 | # also, we set debconf keys to make APT a little quieter 26 | RUN { \ 27 | echo percona-server-server-5.6 percona-server-server/data-dir select ''; \ 28 | echo percona-server-server-5.6 percona-server-server/root_password password ''; \ 29 | } | debconf-set-selections \ 30 | && apt-get update && DEBIAN_FRONTEND=nointeractive apt-get install -y --force-yes percona-xtradb-cluster-client-"${MYSQL_VERSION}" \ 31 | percona-xtradb-cluster-common-"${MYSQL_VERSION}" percona-xtradb-cluster-server-"${MYSQL_VERSION}" \ 32 | && rm -rf /var/lib/apt/lists/* \ 33 | && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql && chown -R mysql:mysql /var/lib/mysql 34 | 35 | VOLUME /var/lib/mysql 36 | 37 | ADD data / 38 | 39 | COPY my.cnf /etc/mysql/my.cnf 40 | COPY cluster.cnf /etc/mysql/conf.d/cluster.cnf 41 | 42 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 43 | 44 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 45 | 46 | EXPOSE 3306 4444 4567 4568 47 | CMD ["mysqld"] -------------------------------------------------------------------------------- /swift/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM bbvainnotech/ubuntu-base-os:latest 2 | MAINTAINER BBVA Innovation 3 | 4 | 5 | ENV OPENSTACK_VERSION=mitaka \ 6 | PBR=2.7.0 \ 7 | CLIENT=1.22.0 8 | 9 | # Install requriments and the main packages 10 | RUN apt-get update && \ 11 | apt-get install -y xfsprogs rsync && \ 12 | rm -rf /var/lib/apt/lists/* 13 | 14 | RUN set -ex \ 15 | && curl -L -O -sS http://launchpadlibrarian.net/227084865/liberasurecode1_1.1.0-2~ubuntu14.04.1_amd64.deb \ 16 | && dpkg -i liberasurecode1_1.1.0-2~ubuntu14.04.1_amd64.deb \ 17 | && curl -L -O -sS http://launchpadlibrarian.net/227084861/liberasurecode-dev_1.1.0-2~ubuntu14.04.1_amd64.deb \ 18 | && dpkg -i liberasurecode-dev_1.1.0-2~ubuntu14.04.1_amd64.deb \ 19 | && curl -fSL https://github.com/openstack/swift/archive/${PBR}.zip -o swift-${PBR}.zip \ 20 | && unzip swift-${PBR}.zip \ 21 | && cd swift-${PBR} \ 22 | && useradd swift \ 23 | && dd if=/dev/zero of=/srv/node bs=1024 count=102400 \ 24 | && mkfs.ext3 -F /srv/node \ 25 | && chown -R swift:swift /srv/node \ 26 | && mkdir -p /var/cache/swift \ 27 | && chown -R root:swift /var/cache/swift \ 28 | && chmod -R 775 /var/cache/swift \ 29 | && pip install keystonemiddleware \ 30 | && pip install -r requirements.txt \ 31 | && PBR_VERSION=${PBR} pip install . \ 32 | && cp -r etc/ /etc/swift/ \ 33 | && mv /etc/swift/rsyncd.conf-sample /etc/rsyncd.conf \ 34 | && mv /etc/swift/swift.conf-sample /etc/swift/swift.conf \ 35 | && mv /etc/swift/proxy-server.conf-sample /etc/swift/proxy-server.conf \ 36 | && mv /etc/swift/container-server.conf-sample /etc/swift/container-server.conf \ 37 | && mv /etc/swift/object-server.conf-sample /etc/swift/object-server.conf \ 38 | && mv /etc/swift/account-server.conf-sample /etc/swift/account-server.conf \ 39 | && pip install git+https://github.com/openstack/python-openstackclient.git@stable/${OPENSTACK_VERSION} \ 40 | && pip install os-client-config==${CLIENT} \ 41 | && cd - \ 42 | && rm -rf swift-${PBR}* 43 | 44 | ADD data / 45 | 46 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 47 | 48 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 49 | EXPOSE 8080 6000 6001 6002 -------------------------------------------------------------------------------- /swift/data/bootstrap/configuration-swift.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | function re_write_file_swift (){ 4 | 5 | if [ -z "$1" ] 6 | then 7 | echo -e "\n\n *** ERROR ***: Arguments 1 are empty. Please write the key like /role/service/file. Example: /controller/keystone/keystone.conf" 8 | exit 9 | fi 10 | 11 | if [ -z "$2" ] 12 | then 13 | echo -e "*\n\n *** ERROR ***: Argument 2 are empty. Please write the path directory of the file. Example: /etc/keystone/" 14 | exit 15 | else 16 | PATH_DIRECTORY=$2 17 | fi 18 | 19 | 20 | RAIZ="http://etcd:2379/v2/keys$1/" 21 | 22 | RESULT=`curl -fs -X GET $RAIZ` 23 | NSECTION=`echo $RESULT | jq .node.nodes | jq '. | length'` 24 | CSECTION=0 25 | file_conf=`echo $1 | awk -F"/" '{print $4}'` 26 | 27 | while [ $CSECTION -lt $NSECTION ]; do 28 | section_path=$(echo $RESULT | jq .node.nodes[$CSECTION].key | sed 's/"//g') 29 | key_params=`echo $section_path | awk -F"/" '{print $5}'` 30 | section=`echo $section_path| awk -F"/" '{print $5}'` 31 | 32 | RESULT_PARAMS=`curl -fs -X GET $RAIZ$key_params` 33 | NPARAMS=`echo $RESULT_PARAMS | jq .node.nodes | jq '. | length'` 34 | CPARAMS=0 35 | 36 | echo "[$section]" 37 | 38 | while [ $CPARAMS -lt $NPARAMS ]; do 39 | 40 | value=$(echo $RESULT_PARAMS | jq .node.nodes[$CPARAMS].value | sed 's/"//g') 41 | key_path=$(echo $RESULT_PARAMS | jq .node.nodes[$CPARAMS].key | sed 's/"//g') 42 | key=`echo $key_path | awk -F"/" '{print $6}'` 43 | 44 | # echo $key=$value 45 | 46 | sed -i -e " 47 | /^.*\[$section\]/,/^\[/ { 48 | s&^.*$key.*=.*$&$key=$value& 49 | } 50 | " $PATH_DIRECTORY$file_conf 51 | 52 | 53 | sed -i -e "s/^.*$section.*$/\[$section\]/" $PATH_DIRECTORY$file_conf 54 | 55 | let CPARAMS=CPARAMS+1 56 | done 57 | let CSECTION=CSECTION+1 58 | 59 | done 60 | 61 | } 62 | 63 | -------------------------------------------------------------------------------- /config-loader/data/bootstrap/general/environment.conf-sample: -------------------------------------------------------------------------------- 1 | general/MYSQL_ROOT_PASSWORD=mysql_root_password 2 | general/MYSQL_HOST=pxc-cluster.default.svc 3 | general/ADMIN_TOKEN=admin_token 4 | general/ADMIN_TENANT_NAME=admin 5 | general/ADMIN_USER_NAME=admin 6 | general/ADMIN_PASSWORD=admin_password 7 | general/ADMIN_EMAIL=eurocloud-support.es@bbva.com 8 | general/OS_TOKEN=admin_token 9 | general/OS_URL=http://keystone.default.svc:35357/v3 10 | general/OS_IDENTITY_API_VERSION=3 11 | general/REGION=region 12 | general/KEYSTONE_HOSTNAME=keystone.default.svc 13 | general/KEYSTONE_OFUSCADO=keystone.domain.com 14 | general/KEYSTONE_DB_PASSWORD=keystone_db_password 15 | general/GLANCE_HOSTNAME=glance.default.svc 16 | general/GLANCE_OFUSCADO=glance.domain.com 17 | general/GLANCE_USERNAME=glance 18 | general/GLANCE_PASSWORD=glance_password 19 | general/GLANCE_DB_PASSWORD=glance_db_password 20 | general/NOVA_HOSTNAME=nova-controller.default.svc 21 | general/NOVA_OFUSCADO=nova-controller.domain.com 22 | general/NOVA_EC2_OFUSCADO=nova-controller.domain.com 23 | general/NOVA_USERNAME=nova 24 | general/NOVA_PASSWORD=nova_password 25 | general/NOVA_DB_PASSWORD=nova_db_password 26 | general/NEUTRON_HOSTNAME=neutron.default.svc 27 | general/NEUTRON_OFUSCADO=neutron.domain.com 28 | general/NEUTRON_USERNAME=neutron 29 | general/NEUTRON_PASSWORD=neutron_password 30 | general/NEUTRON_DB_PASSWORD=neutron_db_password 31 | general/CINDER_HOSTNAME=cinder.default.svc 32 | general/CINDER_OFUSCADO=cinder.domain.com 33 | general/CINDER_USERNAME=cinder 34 | general/CINDER_PASSWORD=cinder_password 35 | general/CINDER_DB_PASSWORD=cinder_db_password 36 | general/HORIZON_OFUSCADO=horizon.domain.com 37 | general/HEAT_HOSTNAME=heat.default.svc 38 | general/HEAT_OFUSCADO=heat.domain.com 39 | general/HEAT_USERNAME=heat 40 | general/HEAT_PASSWORD=heat_password 41 | general/HEAT_DB_PASSWORD=heat_db_password 42 | general/HEAT_STACK_ADMIN_PASSWORD=heat_stack_admin_password 43 | general/SWIFT_HOSTNAME=swift.default.svc 44 | general/SWIFT_OFUSCADO=swift.domain.com 45 | general/SWIFT_USERNAME=swift 46 | general/SWIFT_PASSWORD=swift_password 47 | general/RABBIT_HOSTNAME=rabbitmq.default.svc 48 | general/RABBIT_USERID=rabbit 49 | general/RABBIT_PASSWORD=rabbit_password 50 | general/RABBIT_COOKIE=cookie_rabbitmq_cluster 51 | general/METADATA_SHARED_SECRET=shared_secret 52 | general/SELECTED_NETWORK=10.42.0.0/16 53 | general/SEMDEP_DB_PASSWORD=semdep_db_password 54 | -------------------------------------------------------------------------------- /config-loader/data/bootstrap/heat/heat.conf: -------------------------------------------------------------------------------- 1 | controller/heat/heat.conf/database/connection=mysql://heat:$HEAT_DB_PASSWORD@$MYSQL_HOST/heat 2 | controller/heat/heat.conf/DEFAULT/rpc_backend=rabbit 3 | controller/heat/heat.conf/oslo_messaging_rabbit/rabbit_host=$RABBIT_HOSTNAME 4 | controller/heat/heat.conf/oslo_messaging_rabbit/rabbit_userid=$RABBIT_USERNAME 5 | controller/heat/heat.conf/oslo_messaging_rabbit/rabbit_password=$RABBIT_PASSWORD 6 | controller/heat/heat.conf/keystone_authtoken/auth_uri=http://$KEYSTONE_HOSTNAME:5000 7 | controller/heat/heat.conf/keystone_authtoken/auth_url=http://$KEYSTONE_HOSTNAME:35357 8 | controller/heat/heat.conf/keystone_authtoken/auth_type=password 9 | controller/heat/heat.conf/keystone_authtoken/project_domain_name=default 10 | controller/heat/heat.conf/keystone_authtoken/user_domain_name=default 11 | controller/heat/heat.conf/keystone_authtoken/project_name=services 12 | controller/heat/heat.conf/keystone_authtoken/username=$HEAT_USERNAME 13 | controller/heat/heat.conf/keystone_authtoken/password=$HEAT_PASSWORD 14 | controller/heat/heat.conf/trustee/auth_plugin=password 15 | controller/heat/heat.conf/trustee/auth_url=http://$KEYSTONE_HOSTNAME:35357 16 | controller/heat/heat.conf/trustee/username=$HEAT_USERNAME 17 | controller/heat/heat.conf/trustee/password=$HEAT_PASSWORD 18 | controller/heat/heat.conf/trustee/user_domain_name=default 19 | controller/heat/heat.conf/clients_keystone/auth_uri=http://$KEYSTONE_HOSTNAME:35357 20 | controller/heat/heat.conf/ec2authtoken/auth_uri=http://$KEYSTONE_HOSTNAME:5000/v3 21 | controller/heat/heat.conf/DEFAULT/heat_metadata_server_url=http://$HEAT_HOSTNAME:8000 22 | controller/heat/heat.conf/DEFAULT/heat_waitcondition_server_url=http://$HEAT_HOSTNAME:8000/v1/waitcondition 23 | controller/heat/heat.conf/DEFAULT/stack_domain_admin=heat_domain_admin 24 | controller/heat/heat.conf/DEFAULT/stack_domain_admin_password=$HEAT_STACK_ADMIN_PASSWORD 25 | controller/heat/heat.conf/DEFAULT/stack_user_domain_name=heat 26 | controller/heat/heat.conf/clients/endpoint_type=internalURL 27 | controller/heat/heat.conf/DEFAULT/verbose=True 28 | controller/heat/heat.conf/DEFAULT/debug=True 29 | controller/heat/heat.conf/DEFAULT/log_file=/var/log/heat.log 30 | controller/heat/heat.conf/DEFAULT/trusts_delegated_roles=heat_stack_owner 31 | controller/heat/heat.conf/DEFAULT/heat_stack_user_role=heat_stack_user 32 | controller/heat/heat.conf/DEFAULT/deferred_auth_method=trusts 33 | -------------------------------------------------------------------------------- /glance/data/bootstrap/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################# 4 | # Include scripts 5 | ############################# 6 | source /bootstrap/configuration.sh 7 | source /bootstrap/environment.sh 8 | source /bootstrap/semaphore-dependencies.sh 9 | 10 | check_dependency "glance" 11 | 12 | ############################# 13 | # variables and environment 14 | ############################# 15 | get_environment 16 | SQL_SCRIPT=/bootstrap/glance.sql 17 | 18 | ############################ 19 | # CONFIGURE GLANCE 20 | ############################ 21 | # llamada a la funcion del configuration.sh 22 | re_write_file "/controller/glance/glance-api.conf" "/etc/glance/" 23 | re_write_file "/controller/glance/glance-registry.conf" "/etc/glance/" 24 | fix_configs $SQL_SCRIPT 25 | 26 | ############################ 27 | # DATABASE BOOTSTRAP 28 | ############################ 29 | 30 | 31 | if ! does_db_exist glance; then 32 | 33 | # create database 34 | mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_HOST <$SQL_SCRIPT 35 | 36 | # sync the database 37 | glance-manage db_sync 38 | 39 | # configure the service and endpoint url 40 | export OS_USERNAME=$ADMIN_USER_NAME 41 | export OS_PASSWORD=$ADMIN_PASSWORD 42 | export OS_TENANT_NAME=$ADMIN_TENANT_NAME 43 | export OS_AUTH_URL=$OS_URL 44 | 45 | openstack service create --name glance --description "Openstack Image Service" image 46 | openstack endpoint create --region $REGION image public https://$GLANCE_OFUSCADO 47 | openstack endpoint create --region $REGION image internal http://$GLANCE_HOSTNAME:9292 48 | openstack endpoint create --region $REGION image admin http://$GLANCE_HOSTNAME:9292 49 | openstack user create --domain default --password $GLANCE_PASSWORD $GLANCE_USERNAME 50 | openstack role add --project services --user $GLANCE_USERNAME admin 51 | 52 | fi 53 | 54 | # create a admin-openrc.sh file 55 | 56 | cat >~/openrc < 3 | 4 | 5 | ENV OPENSTACK_VERSION=mitaka \ 6 | PBR=9.1.0 \ 7 | CLIENT=1.22.0 8 | 9 | # Install requriments and the main packages 10 | RUN apt-get update && \ 11 | apt-get install -y apache2 libapache2-mod-wsgi memcached gettext && \ 12 | rm -rf /var/lib/apt/lists/* 13 | 14 | 15 | ADD data / 16 | 17 | RUN curl -fSL https://github.com/openstack/horizon/archive/${PBR}.zip -o horizon-${PBR}.zip \ 18 | && unzip horizon-${PBR}.zip \ 19 | && curl -fSL https://bootstrap.pypa.io/get-pip.py -o get-pip.py \ 20 | && python get-pip.py \ 21 | && cd horizon-${PBR} \ 22 | && pip install -r requirements.txt \ 23 | && pip install python-memcached \ 24 | && PBR_VERSION=${PBR} pip install . \ 25 | && mkdir -p /etc/openstack-dashboard/ \ 26 | && mkdir -p /usr/share/openstack-dashboard \ 27 | && ln -s /etc/apache2/sites-available/openstack-dashboard.conf /etc/apache2/sites-enabled/001-horizon.conf \ 28 | && ln -s /etc/openstack-dashboard/local_settings /usr/local/lib/python2.7/dist-packages/openstack_dashboard/local/local_settings.py \ 29 | && cp -r /horizon-${PBR}/openstack_dashboard/conf/* /etc/openstack-dashboard/ \ 30 | && cp /horizon-${PBR}/manage.py /usr/share/openstack-dashboard/manage.py \ 31 | && cp -r /usr/local/lib/python2.7/dist-packages/openstack_dashboard/ /usr/share/openstack-dashboard/ \ 32 | && python /usr/share/openstack-dashboard/manage.py collectstatic --noinput --clear \ 33 | && cd /usr/share/openstack-dashboard/openstack_dashboard/ \ 34 | && python /usr/share/openstack-dashboard/manage.py compilemessages \ 35 | && ln -s /etc/openstack-dashboard/ /usr/share/openstack-dashboard/openstack_dashboard/conf \ 36 | && cd /usr/local/lib/python2.7/dist-packages/horizon \ 37 | && python /usr/share/openstack-dashboard/manage.py compilemessages \ 38 | && pip install git+https://github.com/openstack/python-openstackclient.git@stable/${OPENSTACK_VERSION} \ 39 | && pip install os-client-config==${CLIENT} \ 40 | && mkdir /etc/apache2/run \ 41 | && chown www-data:www-data /etc/apache2/run \ 42 | && chown -R www-data:www-data /usr/share/openstack-dashboard/* \ 43 | && cd - \ 44 | && rm -rf horizon-${PBR}* 45 | 46 | RUN chown root:root /bootstrap/*.sh && chmod a+x /bootstrap/*.sh 47 | 48 | ENTRYPOINT ["/bootstrap/bootstrap.sh"] 49 | EXPOSE 80 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /config-loader/data/bootstrap/cinder/cinder.conf: -------------------------------------------------------------------------------- 1 | controller/cinder/cinder.conf/database/connection=mysql://cinder:$CINDER_DB_PASSWORD@$MYSQL_HOST/cinder 2 | controller/cinder/cinder.conf/DEFAULT/rpc_backend=rabbit 3 | controller/cinder/cinder.conf/DEFAULT/auth_strategy=keystone 4 | controller/cinder/cinder.conf/DEFAULT/my_ip=$HOSTNAME 5 | controller/cinder/cinder.conf/oslo_messaging_rabbit/rabbit_host=$RABBIT_HOSTNAME 6 | controller/cinder/cinder.conf/oslo_messaging_rabbit/rabbit_userid=$RABBIT_USERID 7 | controller/cinder/cinder.conf/oslo_messaging_rabbit/rabbit_password=$RABBIT_PASSWORD 8 | controller/cinder/cinder.conf/keystone_authtoken/auth_uri=http://$KEYSTONE_HOSTNAME:5000 9 | controller/cinder/cinder.conf/keystone_authtoken/auth_url=http://$KEYSTONE_HOSTNAME:35357 10 | controller/cinder/cinder.conf/keystone_authtoken/auth_type=password 11 | controller/cinder/cinder.conf/keystone_authtoken/project_domain_name=default 12 | controller/cinder/cinder.conf/keystone_authtoken/user_domain_name=default 13 | controller/cinder/cinder.conf/keystone_authtoken/project_name=services 14 | controller/cinder/cinder.conf/keystone_authtoken/username=$CINDER_USERNAME 15 | controller/cinder/cinder.conf/keystone_authtoken/password=$CINDER_PASSWORD 16 | controller/cinder/cinder.conf/oslo_concurrency/lock_path=/var/lib/cinder/tmp 17 | controller/cinder/cinder.conf/DEFAULT/verbose=True 18 | controller/cinder/cinder.conf/DEFAULT/debug=True 19 | controller/cinder/cinder.conf/DEFAULT/log_file=/var/log/cinder.log 20 | controller/cinder/cinder.conf/DEFAULT/enabled_backends=netapp 21 | controller/cinder/cinder.conf/netapp/volume_backend_name=netapp 22 | controller/cinder/cinder.conf/netapp/volume_driver=cinder.volume.drivers.netapp.common.NetAppDriver 23 | controller/cinder/cinder.conf/netapp/netapp_login=cloud_admin 24 | controller/cinder/cinder.conf/netapp/netapp_server_hostname=172.16.26.10 25 | controller/cinder/cinder.conf/netapp/netapp_password=v1nucl0ud 26 | controller/cinder/cinder.conf/netapp/netapp_server_port=80 27 | controller/cinder/cinder.conf/netapp/netapp_storage_protocol=nfs 28 | controller/cinder/cinder.conf/netapp/netapp_storage_family=ontap_cluster 29 | controller/cinder/cinder.conf/netapp/nfs_shares_config=/etc/cinder/nfs_shares 30 | controller/cinder/cinder.conf/netapp/netapp_vserver=CMDVG141_NFS_OPENSTACK_EP 31 | controller/cinder/cinder.conf/netapp/max_over_subscription_ratio=20.0 32 | controller/cinder/cinder.conf/netapp/netapp_copyoffload_tool_path=/usr/bin/na_copyoffload 33 | controller/cinder/shares-nfs.conf//172.16.16.11:/vol_NFS_CLOUD_EP_cinder1 34 | controller/cinder/shares-nfs.conf//172.16.16.12:/vol_NFS_CLOUD_EP_cinder2 35 | -------------------------------------------------------------------------------- /ubuntu-base-os/data/bootstrap/configuration.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | function fix_configs () { 4 | if [ $# -eq 0 ] 5 | then 6 | echo -e "\n\n *** ERROR ***: No arguments given. Please specify the configuration file or directory contining the configuration files that need to be changed" 7 | exit 8 | fi 9 | for conffile in `find $@ -type f` 10 | do 11 | cat $conffile | envsubst | sponge $conffile 12 | done 13 | 14 | } 15 | 16 | function re_write_file (){ 17 | 18 | if [ -z "$1" ] 19 | then 20 | echo -e "\n\n *** ERROR ***: Arguments 1 are empty. Please write the key like /role/service/file. Example: /controller/keystone/keystone.conf" 21 | exit 22 | fi 23 | 24 | if [ -z "$2" ] 25 | then 26 | echo -e "*\n\n *** ERROR ***: Argument 2 are empty. Please write the path directory of the file. Example: /etc/keystone/" 27 | exit 28 | else 29 | PATH_DIRECTORY=$2 30 | fi 31 | 32 | 33 | RAIZ="http://etcd:2379/v2/keys$1/" 34 | 35 | RESULT=`curl -fs -X GET $RAIZ` 36 | NSECTION=`echo $RESULT | jq .node.nodes | jq '. | length'` 37 | CSECTION=0 38 | file_conf=`echo $1 | awk -F"/" '{print $4}'` 39 | 40 | while [ $CSECTION -lt $NSECTION ]; do 41 | section_path=$(echo $RESULT | jq .node.nodes[$CSECTION].key | sed 's/"//g') 42 | key_params=`echo $section_path | awk -F"/" '{print $5}'` 43 | section=`echo $section_path| awk -F"/" '{print $5}'` 44 | 45 | RESULT_PARAMS=`curl -fs -X GET $RAIZ$key_params` 46 | NPARAMS=`echo $RESULT_PARAMS | jq .node.nodes | jq '. | length'` 47 | CPARAMS=0 48 | 49 | echo "[$section]" 50 | 51 | while [ $CPARAMS -lt $NPARAMS ]; do 52 | 53 | value=$(echo $RESULT_PARAMS | jq .node.nodes[$CPARAMS].value | sed 's/"//g') 54 | key_path=$(echo $RESULT_PARAMS | jq .node.nodes[$CPARAMS].key | sed 's/"//g') 55 | key=`echo $key_path | awk -F"/" '{print $6}'` 56 | 57 | echo $key=$value 58 | 59 | let CPARAMS=CPARAMS+1 60 | done 61 | let CSECTION=CSECTION+1 62 | 63 | done | crudini --merge $PATH_DIRECTORY$file_conf 64 | fix_configs $2 65 | } 66 | 67 | function does_db_exist { 68 | local db="${1}" 69 | 70 | local output=$(mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_HOST -s -N -e "SELECT schema_name FROM information_schema.schemata WHERE schema_name = '${db}'" information_schema) 71 | if [[ -z "${output}" ]]; then 72 | return 1 # does not exist 73 | else 74 | return 0 # exists 75 | fi 76 | } 77 | 78 | -------------------------------------------------------------------------------- /ubuntu-base-os/data/bootstrap/semaphore-dependencies.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | 4 | function get_dependencies (){ 5 | if [ -z "$1" ];then 6 | echo -e "\n\n *** ERROR ***: Arguments 1 are empty. You must to give one service to check the service dependency" 7 | exit 8 | fi 9 | 10 | case $1 in 11 | "keystone") service_dependency="pxc" service_port="3306";; 12 | "glance") service_dependency="keystone" service_port="5000";; 13 | "nova-controller") service_dependency="glance" service_port="9292";; 14 | "neutron") service_dependency="nova-controller" service_port="8775";; 15 | "nova-compute") service_dependency="neutron" service_port="9696";; 16 | *) echo "No Dependency" 17 | exit;; 18 | esac 19 | } 20 | 21 | 22 | function get_ip_pods_check (){ 23 | kube_token=$(>> $pods_dependencies" 29 | break 30 | else 31 | echo -e "\n Pods dependencies not found -->>> $pods_dependencies" 32 | sleep $(($RANDOM%5)) 33 | fi 34 | done 35 | 36 | 37 | } 38 | 39 | function wait_green (){ 40 | count_num_pods=0 41 | timeout=0 42 | num_pods=$(echo "$pods_dependencies" | wc -l) 43 | 44 | for pod in $pods_dependencies 45 | do 46 | while true; do 47 | echo -e "\n Waiting Pod with ip ---> $pod ----> and port $service_port" 48 | nc -vz -w3 $pod $service_port 2>&1 | grep -q succeeded 49 | if [ $? -eq 0 ]; then 50 | let count_num_pods=$count_num_pods+1 51 | if [ $count_num_pods -eq $num_pods ];then 52 | echo -e "\n ALL CHECKS SUCCEEDED!! Pod with ip ---> $pod ---> and port $service_port. Checks ok are $count_num_pods and num pod to check is $num_pods" 53 | return 1 54 | else 55 | echo -e "\n ONLY ONE CHECK SUCCEEDED!! Pod with ip ---> $pod ---> and port $service_port. Checks ok are $count_num_pods and num pod to check is $num_pods . Continue...." 56 | break 57 | fi 58 | fi 59 | let timeout=$timeout+1 60 | if [ "$timeout" -eq "600" ];then 61 | echo -e "\n We have waited 300 seconds to the pods with ip $pod and we havent received succeded OK TOTAL pod with ip $pod. Num PODS chequeados $count_num_pods" 62 | echo -e "\n CONTINUE......." 63 | sleep 10 64 | #return 1 65 | fi 66 | 67 | sleep 1 68 | 69 | done 70 | done 71 | } 72 | 73 | function check_dependency (){ 74 | if [ -z "$1" ];then 75 | echo -e "\n\n *** ERROR ***: Arguments 1 are empty. You must to give one service to check the service dependency" 76 | return 0 77 | exit 78 | fi 79 | 80 | get_dependencies "$1" 81 | get_ip_pods_check 82 | wait_green 83 | 84 | } 85 | 86 | 87 | -------------------------------------------------------------------------------- /keystone/data/bootstrap/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ############################# 4 | # Include scripts 5 | ############################# 6 | source /bootstrap/configuration.sh 7 | source /bootstrap/environment.sh 8 | source /bootstrap/semaphore-dependencies.sh 9 | 10 | check_dependency "keystone" 11 | 12 | ############################# 13 | # variables and environment 14 | ############################# 15 | get_environment 16 | SQL_SCRIPT=/bootstrap/keystone.sql 17 | 18 | ############################ 19 | # CONFIGURE KEYSTONE 20 | ############################ 21 | # llamada a la funcion del configuration.sh 22 | re_write_file "/controller/keystone/keystone.conf" "/etc/keystone/" 23 | fix_configs $SQL_SCRIPT 24 | 25 | ############################ 26 | # DATABASE BOOTSTRAP 27 | ############################ 28 | 29 | mkdir /etc/keystone/fernet-keys 30 | chmod 0750 /etc/keystone/fernet-keys/ 31 | 32 | echo "xRFeIEUineSD9EnHlraby90RAxIkekN_ZdGNhdZ2u3M=">/etc/keystone/fernet-keys/0 33 | 34 | 35 | if ! does_db_exist keystone; then 36 | 37 | # create database keystone 38 | mysql -uroot -p$MYSQL_ROOT_PASSWORD -h $MYSQL_HOST <$SQL_SCRIPT 39 | # Populate the Identity service database 40 | keystone-manage db_sync 41 | # Initialize Fernet keys 42 | #keystone-manage fernet_setup --keystone-user root --keystone-group root 43 | mv /etc/keystone/default_catalog.templates /etc/keystone/default_catalog 44 | 45 | # start keystone service and wait 46 | uwsgi --http 0.0.0.0:35357 --wsgi-file $(which keystone-wsgi-admin) & 47 | sleep 5 48 | 49 | # Initialize account 50 | export $OS_TOKEN=$ADMIN_TOKEN 51 | openstack service create --name keystone --description "Openstack Identity" identity 52 | openstack endpoint create --region $REGION identity public https://$KEYSTONE_OFUSCADO/v3 53 | openstack endpoint create --region $REGION identity internal http://$KEYSTONE_HOSTNAME:5000/v3 54 | openstack endpoint create --region $REGION identity admin http://$KEYSTONE_HOSTNAME:35357/v3 55 | openstack domain create --description "Default Domain" default 56 | openstack project create --domain default --description "Admin Project" admin 57 | openstack project create --domain default --description "Service Project" services 58 | openstack user create --domain default --password $ADMIN_PASSWORD admin 59 | openstack role create admin 60 | openstack role create user 61 | openstack role add --project admin --user admin admin 62 | 63 | unset $OS_TOKEN 64 | fi 65 | 66 | ############################# 67 | # Write openrc to disk 68 | ############################# 69 | cat >~/openrc </usr/local/lib/python2.7/dist-packages/heat/db/sqlalchemy/migrate_repo/migrate.cfg <~/openrc </etc/cinder/nfs_shares </usr/local/lib/python2.7/dist-packages/cinder/db/sqlalchemy/migrate_repo/migrate.cfg <~/openrc <~/openrc </usr/local/lib/python2.7/dist-packages/nova/db/sqlalchemy/migrate_repo/migrate.cfg </usr/local/lib/python2.7/dist-packages/nova/db/sqlalchemy/api_migrations/migrate_repo/migrate.cfg <~/openrc <~/openrc < 115 | - We use the galera implementation from [ebay] (https://github.com/eBay/Kubernetes/tree/master/examples/mysql-galera). 116 | - We use the basic schemes for the dockerfile from [int32bit] (https://github.com/int32bit) 117 | - We use the rabbitmq cluster implementation from [puckel] (https://github.com/puckel/docker-rabbitmq) -------------------------------------------------------------------------------- /galera-mysql/data/bootstrap/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2015 The Kubernetes Authors All rights reserved. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # 18 | # This script does the following: 19 | # 20 | # 1. Sets up database privileges by building an SQL script 21 | # 2. MySQL is initially started with this script a first time 22 | # 3. Modify my.cnf and cluster.cnf to reflect available nodes to join 23 | # 24 | source /bootstrap/functions.sh 25 | get_environment 26 | 27 | # if NUM_NODES not passed, default to 3 28 | if [ -z "$NUM_NODES" ]; then 29 | NUM_NODES=3 30 | fi 31 | 32 | if [ "${1:0:1}" = '-' ]; then 33 | set -- mysqld "$@" 34 | fi 35 | 36 | # if the command passed is 'mysqld' via CMD, then begin processing. 37 | if [ "$1" = 'mysqld' ]; then 38 | # read DATADIR from the MySQL config 39 | DATADIR="$("$@" --verbose --help 2>/dev/null | awk '$1 == "datadir" { print $2; exit }')" 40 | 41 | # only check if system tables not created from mysql_install_db and permissions 42 | # set with initial SQL script before proceeding to build SQL script 43 | if [ ! -d "$DATADIR/mysql" ]; then 44 | # fail if user didn't supply a root password 45 | if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" ]; then 46 | echo >&2 'error: database is uninitialized and MYSQL_ROOT_PASSWORD not set' 47 | echo >&2 ' Did you forget to add -e MYSQL_ROOT_PASSWORD=... ?' 48 | exit 1 49 | fi 50 | 51 | # mysql_install_db installs system tables 52 | echo 'Running mysql_install_db ...' 53 | mysql_install_db --datadir="$DATADIR" 54 | echo 'Finished mysql_install_db' 55 | 56 | # this script will be run once when MySQL first starts to set up 57 | # prior to creating system tables and will ensure proper user permissions 58 | tempSqlFile='/tmp/mysql-first-time.sql' 59 | cat > "$tempSqlFile" <<-EOSQL 60 | DELETE FROM mysql.user ; 61 | CREATE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; 62 | GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; 63 | EOSQL 64 | 65 | if [ "$MYSQL_DATABASE" ]; then 66 | echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" >> "$tempSqlFile" 67 | fi 68 | 69 | if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then 70 | echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" >> "$tempSqlFile" 71 | 72 | if [ "$MYSQL_DATABASE" ]; then 73 | echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" >> "$tempSqlFile" 74 | fi 75 | fi 76 | 77 | # Add SST (Single State Transfer) user if Clustering is turned on 78 | if [ -n "$GALERA_CLUSTER" ]; then 79 | # this is the Single State Transfer user (SST, initial dump or xtrabackup user) 80 | WSREP_SST_USER=${WSREP_SST_USER:-"sst"} 81 | if [ -z "$WSREP_SST_PASSWORD" ]; then 82 | echo >&2 'error: Galera cluster is enabled and WSREP_SST_PASSWORD is not set' 83 | echo >&2 ' Did you forget to add -e WSREP_SST__PASSWORD=... ?' 84 | exit 1 85 | fi 86 | # add single state transfer (SST) user privileges 87 | echo "CREATE USER '${WSREP_SST_USER}'@'localhost' IDENTIFIED BY '${WSREP_SST_PASSWORD}';" >> "$tempSqlFile" 88 | echo "GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO '${WSREP_SST_USER}'@'localhost';" >> "$tempSqlFile" 89 | fi 90 | 91 | echo 'FLUSH PRIVILEGES ;' >> "$tempSqlFile" 92 | 93 | # Add the SQL file to mysqld's command line args 94 | set -- "$@" --init-file="$tempSqlFile" 95 | fi 96 | 97 | chown -R mysql:mysql "$DATADIR" 98 | fi 99 | 100 | # if cluster is turned on, then proceed to build cluster setting strings 101 | # that will be interpolated into the config files 102 | if [ -n "$GALERA_CLUSTER" ]; then 103 | # this is the Single State Transfer user (SST, initial dump or xtrabackup user) 104 | WSREP_SST_USER=${WSREP_SST_USER:-"sst"} 105 | if [ -z "$WSREP_SST_PASSWORD" ]; then 106 | echo >&2 'error: database is uninitialized and WSREP_SST_PASSWORD not set' 107 | echo >&2 ' Did you forget to add -e WSREP_SST_PASSWORD=xxx ?' 108 | exit 1 109 | fi 110 | 111 | # user/password for SST user 112 | sed -i -e "s|^wsrep_sst_auth=sstuser:changethis|wsrep_sst_auth=${WSREP_SST_USER}:${WSREP_SST_PASSWORD}|" /etc/mysql/conf.d/cluster.cnf 113 | 114 | # set nodes own address 115 | #WSREP_NODE_ADDRESS=`ip addr show | grep -E '^[ ]*inet' | grep -m1 global | awk '{ print $2 }' | sed -e 's/\/.*//'` 116 | 117 | 118 | #We filter SELECTED_NETWORK to find the first two octets. At the moment, this solution is provisional and only is valid for network /16 119 | TWO_OCTECTS_IP=`echo $SELECTED_NETWORK | awk -F '.' '{ print $1"."$2}'` 120 | 121 | WSREP_NODE_ADDRESS=`ip addr show | grep -E '^[ ]*inet' | grep $TWO_OCTECTS_IP | awk '{ print $2 }' | sed -e 's/\/.*//'` 122 | if [ -n "$WSREP_NODE_ADDRESS" ]; then 123 | sed -i -e "s|^wsrep_node_address=.*$|wsrep_node_address=${WSREP_NODE_ADDRESS}|" /etc/mysql/conf.d/cluster.cnf 124 | fi 125 | 126 | # if the string is not defined or it only is 'gcomm://', this means bootstrap 127 | if [ -z "$WSREP_CLUSTER_ADDRESS" -o "$WSREP_CLUSTER_ADDRESS" == "gcomm://" ]; then 128 | # if empty, set to 'gcomm://' 129 | # NOTE: this list does not imply membership. 130 | # It only means "obtain SST and join from one of these..." 131 | if [ -z "$WSREP_CLUSTER_ADDRESS" ]; then 132 | WSREP_CLUSTER_ADDRESS="gcomm://" 133 | fi 134 | 135 | # loop through number of nodes 136 | for NUM in `seq 1 $NUM_NODES`; do 137 | NODE_SERVICE_HOST="PXC_NODE${NUM}_SERVICE_HOST" 138 | 139 | # if set 140 | if [ -n "${!NODE_SERVICE_HOST}" ]; then 141 | # if not its own IP, then add it 142 | if [ $(expr "$HOSTNAME" : "pxc-node${NUM}") -eq 0 ]; then 143 | # if not the first bootstrap node add comma 144 | if [ $WSREP_CLUSTER_ADDRESS != "gcomm://" ]; then 145 | WSREP_CLUSTER_ADDRESS="${WSREP_CLUSTER_ADDRESS}," 146 | fi 147 | # append 148 | # if user specifies USE_IP, use that 149 | if [ -n "${USE_IP}" ]; then 150 | WSREP_CLUSTER_ADDRESS="${WSREP_CLUSTER_ADDRESS}"${!NODE_SERVICE_HOST} 151 | # otherwise use DNS 152 | else 153 | WSREP_CLUSTER_ADDRESS="${WSREP_CLUSTER_ADDRESS}pxc-node${NUM}" 154 | fi 155 | fi 156 | fi 157 | done 158 | fi 159 | 160 | # WSREP_CLUSTER_ADDRESS is now complete and will be interpolated into the 161 | # cluster address string (wsrep_cluster_address) in the cluster 162 | # configuration file, cluster.cnf 163 | if [ -n "$WSREP_CLUSTER_ADDRESS" -a "$WSREP_CLUSTER_ADDRESS" != "gcomm://" ]; then 164 | sed -i -e "s|^wsrep_cluster_address=gcomm://|wsrep_cluster_address=${WSREP_CLUSTER_ADDRESS}|" /etc/mysql/conf.d/cluster.cnf 165 | fi 166 | fi 167 | 168 | # random server ID needed 169 | sed -i -e "s/^server\-id=.*$/server-id=${RANDOM}/" /etc/mysql/my.cnf 170 | 171 | # finally, start mysql 172 | exec "$@" 173 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /horizon/data/etc/openstack-dashboard/local_settings: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | import os 4 | 5 | from django.utils.translation import ugettext_lazy as _ 6 | 7 | from horizon.utils import secret_key 8 | 9 | from openstack_dashboard import exceptions 10 | from openstack_dashboard.settings import HORIZON_CONFIG 11 | 12 | DEBUG = False 13 | TEMPLATE_DEBUG = DEBUG 14 | 15 | 16 | # WEBROOT is the location relative to Webserver root 17 | # should end with a slash. 18 | WEBROOT = '/' 19 | #LOGIN_URL = WEBROOT + 'auth/login/' 20 | #LOGOUT_URL = WEBROOT + 'auth/logout/' 21 | # 22 | # LOGIN_REDIRECT_URL can be used as an alternative for 23 | # HORIZON_CONFIG.user_home, if user_home is not set. 24 | # Do not set it to '/home/', as this will cause circular redirect loop 25 | #LOGIN_REDIRECT_URL = WEBROOT 26 | 27 | # If horizon is running in production (DEBUG is False), set this 28 | # with the list of host/domain names that the application can serve. 29 | # For more information see: 30 | # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts 31 | ALLOWED_HOSTS = ['*', ] 32 | 33 | # Set SSL proxy settings: 34 | # Pass this header from the proxy after terminating the SSL, 35 | # and don't forget to strip it from the client's request. 36 | # For more information see: 37 | # https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header 38 | #SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') 39 | 40 | # If Horizon is being served through SSL, then uncomment the following two 41 | # settings to better secure the cookies from security exploits 42 | #CSRF_COOKIE_SECURE = True 43 | #SESSION_COOKIE_SECURE = True 44 | 45 | # The absolute path to the directory where message files are collected. 46 | # The message file must have a .json file extension. When the user logins to 47 | # horizon, the message files collected are processed and displayed to the user. 48 | #MESSAGES_PATH=None 49 | 50 | # Overrides for OpenStack API versions. Use this setting to force the 51 | # OpenStack dashboard to use a specific API version for a given service API. 52 | # Versions specified here should be integers or floats, not strings. 53 | # NOTE: The version should be formatted as it appears in the URL for the 54 | # service API. For example, The identity service APIs have inconsistent 55 | # use of the decimal point, so valid options would be 2.0 or 3. 56 | OPENSTACK_API_VERSIONS = { 57 | "data-processing": 1.1, 58 | "identity": 3, 59 | "volume": 2, 60 | "compute": 2, 61 | } 62 | 63 | # Set this to True if running on multi-domain model. When this is enabled, it 64 | # will require user to enter the Domain name in addition to username for login. 65 | #OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False 66 | 67 | # Overrides the default domain used when running on single-domain model 68 | # with Keystone V3. All entities will be created in the default domain. 69 | # NOTE: This value must be the ID of the default domain, NOT the name. 70 | # Also, you will most likely have a value in the keystone policy file like this 71 | # "cloud_admin": "rule:admin_required and domain_id:" 72 | # This value must match the domain id specified there. 73 | OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default' 74 | 75 | # Set this to True to enable panels that provide the ability for users to 76 | # manage Identity Providers (IdPs) and establish a set of rules to map 77 | # federation protocol attributes to Identity API attributes. 78 | # This extension requires v3.0+ of the Identity API. 79 | #OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False 80 | 81 | # Set Console type: 82 | # valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None 83 | # Set to None explicitly if you want to deactivate the console. 84 | #CONSOLE_TYPE = "AUTO" 85 | 86 | # If provided, a "Report Bug" link will be displayed in the site header 87 | # which links to the value of this setting (ideally a URL containing 88 | # information on how to report issues). 89 | #HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com" 90 | 91 | # Show backdrop element outside the modal, do not close the modal 92 | # after clicking on backdrop. 93 | #HORIZON_CONFIG["modal_backdrop"] = "static" 94 | 95 | # Specify a regular expression to validate user passwords. 96 | #HORIZON_CONFIG["password_validator"] = { 97 | # "regex": '.*', 98 | # "help_text": _("Your password does not meet the requirements."), 99 | #} 100 | 101 | # Disable simplified floating IP address management for deployments with 102 | # multiple floating IP pools or complex network requirements. 103 | #HORIZON_CONFIG["simple_ip_management"] = False 104 | 105 | # Turn off browser autocompletion for forms including the login form and 106 | # the database creation workflow if so desired. 107 | #HORIZON_CONFIG["password_autocomplete"] = "off" 108 | 109 | # Setting this to True will disable the reveal button for password fields, 110 | # including on the login form. 111 | #HORIZON_CONFIG["disable_password_reveal"] = False 112 | 113 | LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) 114 | 115 | # Set custom secret key: 116 | # You can either set it to a specific value or you can let horizon generate a 117 | # default secret key that is unique on this machine, e.i. regardless of the 118 | # amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, 119 | # there may be situations where you would want to set this explicitly, e.g. 120 | # when multiple dashboard instances are distributed on different machines 121 | # (usually behind a load-balancer). Either you have to make sure that a session 122 | # gets all requests routed to the same dashboard instance or you set the same 123 | # SECRET_KEY for all of them. 124 | SECRET_KEY = secret_key.generate_or_read_from_file( 125 | os.path.join(LOCAL_PATH, '.secret_key_store')) 126 | 127 | # We recommend you use memcached for development; otherwise after every reload 128 | # of the django development server, you will have to login again. To use 129 | # memcached set CACHES to something like 130 | #CACHES = { 131 | # 'default': { 132 | # 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 133 | # 'LOCATION': '127.0.0.1:11211', 134 | # }, 135 | #} 136 | 137 | CACHES = { 138 | 'default': { 139 | 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', 140 | }, 141 | } 142 | 143 | # Send email to the console by default 144 | EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' 145 | # Or send them to /dev/null 146 | #EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' 147 | 148 | # Configure these for your outgoing email host 149 | #EMAIL_HOST = 'smtp.my-company.com' 150 | #EMAIL_PORT = 25 151 | #EMAIL_HOST_USER = 'djangomail' 152 | #EMAIL_HOST_PASSWORD = 'top-secret!' 153 | 154 | # For multiple regions uncomment this configuration, and add (endpoint, title). 155 | #AVAILABLE_REGIONS = [ 156 | # ('http://cluster1.example.com:5000/v2.0', 'cluster1'), 157 | # ('http://cluster2.example.com:5000/v2.0', 'cluster2'), 158 | #] 159 | 160 | OPENSTACK_HOST = "keystone.default.svc" 161 | OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST 162 | OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" 163 | 164 | # Enables keystone web single-sign-on if set to True. 165 | #WEBSSO_ENABLED = False 166 | 167 | # Determines which authentication choice to show as default. 168 | #WEBSSO_INITIAL_CHOICE = "credentials" 169 | 170 | # The list of authentication mechanisms which include keystone 171 | # federation protocols and identity provider/federation protocol 172 | # mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol 173 | # IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID 174 | # Connect respectively. 175 | # Do not remove the mandatory credentials mechanism. 176 | # Note: The last two tuples are sample mapping keys to a identity provider 177 | # and federation protocol combination (WEBSSO_IDP_MAPPING). 178 | #WEBSSO_CHOICES = ( 179 | # ("credentials", _("Keystone Credentials")), 180 | # ("oidc", _("OpenID Connect")), 181 | # ("saml2", _("Security Assertion Markup Language")), 182 | # ("acme_oidc", "ACME - OpenID Connect"), 183 | # ("acme_saml2", "ACME - SAML2"), 184 | #) 185 | 186 | # A dictionary of specific identity provider and federation protocol 187 | # combinations. From the selected authentication mechanism, the value 188 | # will be looked up as keys in the dictionary. If a match is found, 189 | # it will redirect the user to a identity provider and federation protocol 190 | # specific WebSSO endpoint in keystone, otherwise it will use the value 191 | # as the protocol_id when redirecting to the WebSSO by protocol endpoint. 192 | # NOTE: The value is expected to be a tuple formatted as: (, ). 193 | #WEBSSO_IDP_MAPPING = { 194 | # "acme_oidc": ("acme", "oidc"), 195 | # "acme_saml2": ("acme", "saml2"), 196 | #} 197 | 198 | # Disable SSL certificate checks (useful for self-signed certificates): 199 | #OPENSTACK_SSL_NO_VERIFY = True 200 | 201 | # The CA certificate to use to verify SSL connections 202 | #OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' 203 | 204 | # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the 205 | # capabilities of the auth backend for Keystone. 206 | # If Keystone has been configured to use LDAP as the auth backend then set 207 | # can_edit_user to False and name to 'ldap'. 208 | # 209 | # TODO(tres): Remove these once Keystone has an API to identify auth backend. 210 | OPENSTACK_KEYSTONE_BACKEND = { 211 | 'name': 'native', 212 | 'can_edit_user': True, 213 | 'can_edit_group': True, 214 | 'can_edit_project': True, 215 | 'can_edit_domain': True, 216 | 'can_edit_role': True, 217 | } 218 | 219 | # Setting this to True, will add a new "Retrieve Password" action on instance, 220 | # allowing Admin session password retrieval/decryption. 221 | #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False 222 | 223 | # The Launch Instance user experience has been significantly enhanced. 224 | # You can choose whether to enable the new launch instance experience, 225 | # the legacy experience, or both. The legacy experience will be removed 226 | # in a future release, but is available as a temporary backup setting to ensure 227 | # compatibility with existing deployments. Further development will not be 228 | # done on the legacy experience. Please report any problems with the new 229 | # experience via the Launchpad tracking system. 230 | # 231 | # Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to 232 | # determine the experience to enable. Set them both to true to enable 233 | # both. 234 | #LAUNCH_INSTANCE_LEGACY_ENABLED = True 235 | #LAUNCH_INSTANCE_NG_ENABLED = False 236 | 237 | # A dictionary of settings which can be used to provide the default values for 238 | # properties found in the Launch Instance modal. 239 | #LAUNCH_INSTANCE_DEFAULTS = { 240 | # 'config_drive': False, 241 | #} 242 | 243 | # The Xen Hypervisor has the ability to set the mount point for volumes 244 | # attached to instances (other Hypervisors currently do not). Setting 245 | # can_set_mount_point to True will add the option to set the mount point 246 | # from the UI. 247 | OPENSTACK_HYPERVISOR_FEATURES = { 248 | 'can_set_mount_point': False, 249 | 'can_set_password': False, 250 | 'requires_keypair': False, 251 | } 252 | 253 | # The OPENSTACK_CINDER_FEATURES settings can be used to enable optional 254 | # services provided by cinder that is not exposed by its extension API. 255 | OPENSTACK_CINDER_FEATURES = { 256 | 'enable_backup': False, 257 | } 258 | 259 | # The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional 260 | # services provided by neutron. Options currently available are load 261 | # balancer service, security groups, quotas, VPN service. 262 | OPENSTACK_NEUTRON_NETWORK = { 263 | 'enable_router': True, 264 | 'enable_quotas': True, 265 | 'enable_ipv6': True, 266 | 'enable_distributed_router': False, 267 | 'enable_ha_router': False, 268 | 'enable_lb': True, 269 | 'enable_firewall': True, 270 | 'enable_vpn': True, 271 | 'enable_fip_topology_check': True, 272 | 273 | # Neutron can be configured with a default Subnet Pool to be used for IPv4 274 | # subnet-allocation. Specify the label you wish to display in the Address 275 | # pool selector on the create subnet step if you want to use this feature. 276 | 'default_ipv4_subnet_pool_label': None, 277 | 278 | # Neutron can be configured with a default Subnet Pool to be used for IPv6 279 | # subnet-allocation. Specify the label you wish to display in the Address 280 | # pool selector on the create subnet step if you want to use this feature. 281 | # You must set this to enable IPv6 Prefix Delegation in a PD-capable 282 | # environment. 283 | 'default_ipv6_subnet_pool_label': None, 284 | 285 | # The profile_support option is used to detect if an external router can be 286 | # configured via the dashboard. When using specific plugins the 287 | # profile_support can be turned on if needed. 288 | 'profile_support': None, 289 | #'profile_support': 'cisco', 290 | 291 | # Set which provider network types are supported. Only the network types 292 | # in this list will be available to choose from when creating a network. 293 | # Network types include local, flat, vlan, gre, and vxlan. 294 | 'supported_provider_types': ['*'], 295 | 296 | # Set which VNIC types are supported for port binding. Only the VNIC 297 | # types in this list will be available to choose from when creating a 298 | # port. 299 | # VNIC types include 'normal', 'macvtap' and 'direct'. 300 | # Set to empty list or None to disable VNIC type selection. 301 | 'supported_vnic_types': ['*'], 302 | } 303 | 304 | # The OPENSTACK_HEAT_STACK settings can be used to disable password 305 | # field required while launching the stack. 306 | OPENSTACK_HEAT_STACK = { 307 | 'enable_user_pass': True, 308 | } 309 | 310 | # The OPENSTACK_IMAGE_BACKEND settings can be used to customize features 311 | # in the OpenStack Dashboard related to the Image service, such as the list 312 | # of supported image formats. 313 | #OPENSTACK_IMAGE_BACKEND = { 314 | # 'image_formats': [ 315 | # ('', _('Select format')), 316 | # ('aki', _('AKI - Amazon Kernel Image')), 317 | # ('ami', _('AMI - Amazon Machine Image')), 318 | # ('ari', _('ARI - Amazon Ramdisk Image')), 319 | # ('docker', _('Docker')), 320 | # ('iso', _('ISO - Optical Disk Image')), 321 | # ('ova', _('OVA - Open Virtual Appliance')), 322 | # ('qcow2', _('QCOW2 - QEMU Emulator')), 323 | # ('raw', _('Raw')), 324 | # ('vdi', _('VDI - Virtual Disk Image')), 325 | # ('vhd', _('VHD - Virtual Hard Disk')), 326 | # ('vmdk', _('VMDK - Virtual Machine Disk')), 327 | # ], 328 | #} 329 | 330 | # The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for 331 | # image custom property attributes that appear on image detail pages. 332 | IMAGE_CUSTOM_PROPERTY_TITLES = { 333 | "architecture": _("Architecture"), 334 | "kernel_id": _("Kernel ID"), 335 | "ramdisk_id": _("Ramdisk ID"), 336 | "image_state": _("Euca2ools state"), 337 | "project_id": _("Project ID"), 338 | "image_type": _("Image Type"), 339 | } 340 | 341 | # The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image 342 | # custom properties should not be displayed in the Image Custom Properties 343 | # table. 344 | IMAGE_RESERVED_CUSTOM_PROPERTIES = [] 345 | 346 | # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints 347 | # in the Keystone service catalog. Use this setting when Horizon is running 348 | # external to the OpenStack environment. The default is 'publicURL'. 349 | OPENSTACK_ENDPOINT_TYPE = "internalURL" 350 | 351 | # SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the 352 | # case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints 353 | # in the Keystone service catalog. Use this setting when Horizon is running 354 | # external to the OpenStack environment. The default is None. This 355 | # value should differ from OPENSTACK_ENDPOINT_TYPE if used. 356 | #SECONDARY_ENDPOINT_TYPE = "publicURL" 357 | 358 | # The number of objects (Swift containers/objects or images) to display 359 | # on a single page before providing a paging element (a "more" link) 360 | # to paginate results. 361 | API_RESULT_LIMIT = 1000 362 | API_RESULT_PAGE_SIZE = 20 363 | 364 | # The size of chunk in bytes for downloading objects from Swift 365 | SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024 366 | 367 | # Specify a maximum number of items to display in a dropdown. 368 | DROPDOWN_MAX_ITEMS = 30 369 | 370 | # The timezone of the server. This should correspond with the timezone 371 | # of your entire OpenStack installation, and hopefully be in UTC. 372 | TIME_ZONE = "UTC" 373 | 374 | # When launching an instance, the menu of available flavors is 375 | # sorted by RAM usage, ascending. If you would like a different sort order, 376 | # you can provide another flavor attribute as sorting key. Alternatively, you 377 | # can provide a custom callback method to use for sorting. You can also provide 378 | # a flag for reverse sort. For more info, see 379 | # http://docs.python.org/2/library/functions.html#sorted 380 | #CREATE_INSTANCE_FLAVOR_SORT = { 381 | # 'key': 'name', 382 | # # or 383 | # 'key': my_awesome_callback_method, 384 | # 'reverse': False, 385 | #} 386 | 387 | # Set this to True to display an 'Admin Password' field on the Change Password 388 | # form to verify that it is indeed the admin logged-in who wants to change 389 | # the password. 390 | #ENFORCE_PASSWORD_CHECK = False 391 | 392 | # Modules that provide /auth routes that can be used to handle different types 393 | # of user authentication. Add auth plugins that require extra route handling to 394 | # this list. 395 | #AUTHENTICATION_URLS = [ 396 | # 'openstack_auth.urls', 397 | #] 398 | 399 | # The Horizon Policy Enforcement engine uses these values to load per service 400 | # policy rule files. The content of these files should match the files the 401 | # OpenStack services are using to determine role based access control in the 402 | # target installation. 403 | 404 | # Path to directory containing policy.json files 405 | #POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf") 406 | 407 | # Map of local copy of service policy files. 408 | # Please insure that your identity policy file matches the one being used on 409 | # your keystone servers. There is an alternate policy file that may be used 410 | # in the Keystone v3 multi-domain case, policy.v3cloudsample.json. 411 | # This file is not included in the Horizon repository by default but can be 412 | # found at 413 | # http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \ 414 | # policy.v3cloudsample.json 415 | # Having matching policy files on the Horizon and Keystone servers is essential 416 | # for normal operation. This holds true for all services and their policy files. 417 | #POLICY_FILES = { 418 | # 'identity': 'keystone_policy.json', 419 | # 'compute': 'nova_policy.json', 420 | # 'volume': 'cinder_policy.json', 421 | # 'image': 'glance_policy.json', 422 | # 'orchestration': 'heat_policy.json', 423 | # 'network': 'neutron_policy.json', 424 | # 'telemetry': 'ceilometer_policy.json', 425 | #} 426 | 427 | # TODO: (david-lyle) remove when plugins support adding settings. 428 | # Note: Only used when trove-dashboard plugin is configured to be used by 429 | # Horizon. 430 | # Trove user and database extension support. By default support for 431 | # creating users and databases on database instances is turned on. 432 | # To disable these extensions set the permission here to something 433 | # unusable such as ["!"]. 434 | #TROVE_ADD_USER_PERMS = [] 435 | #TROVE_ADD_DATABASE_PERMS = [] 436 | 437 | # Change this patch to the appropriate list of tuples containing 438 | # a key, label and static directory containing two files: 439 | # _variables.scss and _styles.scss 440 | #AVAILABLE_THEMES = [ 441 | # ('default', 'Default', 'themes/default'), 442 | # ('material', 'Material', 'themes/material'), 443 | #] 444 | 445 | LOGGING = { 446 | 'version': 1, 447 | # When set to True this will disable all logging except 448 | # for loggers specified in this configuration dictionary. Note that 449 | # if nothing is specified here and disable_existing_loggers is True, 450 | # django.db.backends will still log unless it is disabled explicitly. 451 | 'disable_existing_loggers': False, 452 | 'handlers': { 453 | 'null': { 454 | 'level': 'DEBUG', 455 | 'class': 'logging.NullHandler', 456 | }, 457 | 'console': { 458 | # Set the level to "DEBUG" for verbose output logging. 459 | 'level': 'INFO', 460 | 'class': 'logging.StreamHandler', 461 | }, 462 | }, 463 | 'loggers': { 464 | # Logging from django.db.backends is VERY verbose, send to null 465 | # by default. 466 | 'django.db.backends': { 467 | 'handlers': ['null'], 468 | 'propagate': False, 469 | }, 470 | 'requests': { 471 | 'handlers': ['null'], 472 | 'propagate': False, 473 | }, 474 | 'horizon': { 475 | 'handlers': ['console'], 476 | 'level': 'DEBUG', 477 | 'propagate': False, 478 | }, 479 | 'openstack_dashboard': { 480 | 'handlers': ['console'], 481 | 'level': 'DEBUG', 482 | 'propagate': False, 483 | }, 484 | 'novaclient': { 485 | 'handlers': ['console'], 486 | 'level': 'DEBUG', 487 | 'propagate': False, 488 | }, 489 | 'cinderclient': { 490 | 'handlers': ['console'], 491 | 'level': 'DEBUG', 492 | 'propagate': False, 493 | }, 494 | 'keystoneclient': { 495 | 'handlers': ['console'], 496 | 'level': 'DEBUG', 497 | 'propagate': False, 498 | }, 499 | 'glanceclient': { 500 | 'handlers': ['console'], 501 | 'level': 'DEBUG', 502 | 'propagate': False, 503 | }, 504 | 'neutronclient': { 505 | 'handlers': ['console'], 506 | 'level': 'DEBUG', 507 | 'propagate': False, 508 | }, 509 | 'heatclient': { 510 | 'handlers': ['console'], 511 | 'level': 'DEBUG', 512 | 'propagate': False, 513 | }, 514 | 'ceilometerclient': { 515 | 'handlers': ['console'], 516 | 'level': 'DEBUG', 517 | 'propagate': False, 518 | }, 519 | 'swiftclient': { 520 | 'handlers': ['console'], 521 | 'level': 'DEBUG', 522 | 'propagate': False, 523 | }, 524 | 'openstack_auth': { 525 | 'handlers': ['console'], 526 | 'level': 'DEBUG', 527 | 'propagate': False, 528 | }, 529 | 'nose.plugins.manager': { 530 | 'handlers': ['console'], 531 | 'level': 'DEBUG', 532 | 'propagate': False, 533 | }, 534 | 'django': { 535 | 'handlers': ['console'], 536 | 'level': 'DEBUG', 537 | 'propagate': False, 538 | }, 539 | 'iso8601': { 540 | 'handlers': ['null'], 541 | 'propagate': False, 542 | }, 543 | 'scss': { 544 | 'handlers': ['null'], 545 | 'propagate': False, 546 | }, 547 | }, 548 | } 549 | 550 | # 'direction' should not be specified for all_tcp/udp/icmp. 551 | # It is specified in the form. 552 | SECURITY_GROUP_RULES = { 553 | 'all_tcp': { 554 | 'name': _('All TCP'), 555 | 'ip_protocol': 'tcp', 556 | 'from_port': '1', 557 | 'to_port': '65535', 558 | }, 559 | 'all_udp': { 560 | 'name': _('All UDP'), 561 | 'ip_protocol': 'udp', 562 | 'from_port': '1', 563 | 'to_port': '65535', 564 | }, 565 | 'all_icmp': { 566 | 'name': _('All ICMP'), 567 | 'ip_protocol': 'icmp', 568 | 'from_port': '-1', 569 | 'to_port': '-1', 570 | }, 571 | 'ssh': { 572 | 'name': 'SSH', 573 | 'ip_protocol': 'tcp', 574 | 'from_port': '22', 575 | 'to_port': '22', 576 | }, 577 | 'smtp': { 578 | 'name': 'SMTP', 579 | 'ip_protocol': 'tcp', 580 | 'from_port': '25', 581 | 'to_port': '25', 582 | }, 583 | 'dns': { 584 | 'name': 'DNS', 585 | 'ip_protocol': 'tcp', 586 | 'from_port': '53', 587 | 'to_port': '53', 588 | }, 589 | 'http': { 590 | 'name': 'HTTP', 591 | 'ip_protocol': 'tcp', 592 | 'from_port': '80', 593 | 'to_port': '80', 594 | }, 595 | 'pop3': { 596 | 'name': 'POP3', 597 | 'ip_protocol': 'tcp', 598 | 'from_port': '110', 599 | 'to_port': '110', 600 | }, 601 | 'imap': { 602 | 'name': 'IMAP', 603 | 'ip_protocol': 'tcp', 604 | 'from_port': '143', 605 | 'to_port': '143', 606 | }, 607 | 'ldap': { 608 | 'name': 'LDAP', 609 | 'ip_protocol': 'tcp', 610 | 'from_port': '389', 611 | 'to_port': '389', 612 | }, 613 | 'https': { 614 | 'name': 'HTTPS', 615 | 'ip_protocol': 'tcp', 616 | 'from_port': '443', 617 | 'to_port': '443', 618 | }, 619 | 'smtps': { 620 | 'name': 'SMTPS', 621 | 'ip_protocol': 'tcp', 622 | 'from_port': '465', 623 | 'to_port': '465', 624 | }, 625 | 'imaps': { 626 | 'name': 'IMAPS', 627 | 'ip_protocol': 'tcp', 628 | 'from_port': '993', 629 | 'to_port': '993', 630 | }, 631 | 'pop3s': { 632 | 'name': 'POP3S', 633 | 'ip_protocol': 'tcp', 634 | 'from_port': '995', 635 | 'to_port': '995', 636 | }, 637 | 'ms_sql': { 638 | 'name': 'MS SQL', 639 | 'ip_protocol': 'tcp', 640 | 'from_port': '1433', 641 | 'to_port': '1433', 642 | }, 643 | 'mysql': { 644 | 'name': 'MYSQL', 645 | 'ip_protocol': 'tcp', 646 | 'from_port': '3306', 647 | 'to_port': '3306', 648 | }, 649 | 'rdp': { 650 | 'name': 'RDP', 651 | 'ip_protocol': 'tcp', 652 | 'from_port': '3389', 653 | 'to_port': '3389', 654 | }, 655 | } 656 | 657 | # Deprecation Notice: 658 | # 659 | # The setting FLAVOR_EXTRA_KEYS has been deprecated. 660 | # Please load extra spec metadata into the Glance Metadata Definition Catalog. 661 | # 662 | # The sample quota definitions can be found in: 663 | # /etc/metadefs/compute-quota.json 664 | # 665 | # The metadata definition catalog supports CLI and API: 666 | # $glance --os-image-api-version 2 help md-namespace-import 667 | # $glance-manage db_load_metadefs 668 | # 669 | # See Metadata Definitions on: http://docs.openstack.org/developer/glance/ 670 | 671 | # TODO: (david-lyle) remove when plugins support settings natively 672 | # Note: This is only used when the Sahara plugin is configured and enabled 673 | # for use in Horizon. 674 | # Indicate to the Sahara data processing service whether or not 675 | # automatic floating IP allocation is in effect. If it is not 676 | # in effect, the user will be prompted to choose a floating IP 677 | # pool for use in their cluster. False by default. You would want 678 | # to set this to True if you were running Nova Networking with 679 | # auto_assign_floating_ip = True. 680 | #SAHARA_AUTO_IP_ALLOCATION_ENABLED = False 681 | 682 | # The hash algorithm to use for authentication tokens. This must 683 | # match the hash algorithm that the identity server and the 684 | # auth_token middleware are using. Allowed values are the 685 | # algorithms supported by Python's hashlib library. 686 | #OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5' 687 | 688 | # Hashing tokens from Keystone keeps the Horizon session data smaller, but it 689 | # doesn't work in some cases when using PKI tokens. Uncomment this value and 690 | # set it to False if using PKI tokens and there are 401 errors due to token 691 | # hashing. 692 | # AngularJS requires some settings to be made available to 693 | # the client side. Some settings are required by in-tree / built-in horizon 694 | # features. These settings must be added to REST_API_REQUIRED_SETTINGS in the 695 | # form of ['SETTING_1','SETTING_2'], etc. 696 | # 697 | # You may remove settings from this list for security purposes, but do so at 698 | # the risk of breaking a built-in horizon feature. These settings are required 699 | # for horizon to function properly. Only remove them if you know what you 700 | # are doing. These settings may in the future be moved to be defined within 701 | # the enabled panel configuration. 702 | # You should not add settings to this list for out of tree extensions. 703 | # See: https://wiki.openstack.org/wiki/Horizon/RESTAPI 704 | REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', 705 | 'LAUNCH_INSTANCE_DEFAULTS'] 706 | 707 | # Additional settings can be made available to the client side for 708 | # extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS 709 | # !! Please use extreme caution as the settings are transferred via HTTP/S 710 | # and are not encrypted on the browser. This is an experimental API and 711 | # may be deprecated in the future without notice. 712 | #REST_API_ADDITIONAL_SETTINGS = [] 713 | 714 | # DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded 715 | # within an iframe. Legacy browsers are still vulnerable to a Cross-Frame 716 | # Scripting (XFS) vulnerability, so this option allows extra security hardening 717 | # where iframes are not used in deployment. Default setting is True. 718 | # For more information see: 719 | # http://tinyurl.com/anticlickjack 720 | #DISALLOW_IFRAME_EMBED = True 721 | 722 | --------------------------------------------------------------------------------