Merge pull request #22 from cobaltcore-dev/cinder

Add cinder setup

Author: pkr4711

checks/.typos.toml

@@ -0,0 +1,5 @@
+[default]
+extend-ignore-words-re = [
+    # ignore some correct command line tools
+    "exportfs"
+]

checks/default.nix

@@ -6,7 +6,10 @@
     hooks = {
       nixfmt-rfc-style.enable = true;
       deadnix.enable = true;
-      typos.enable = true;
+      typos = {
+        enable = true;
+        settings.configPath = "checks/.typos.toml";
+      };
     };
   };
 }

modules/compute/nova.nix

@@ -100,13 +100,16 @@ let
     enabled = true
     server_listen = 0.0.0.0
     server_proxyclient_address = $my_ip
-    novncproxy_base_url = http://controller:6080/vnc_lite.html
+    novncproxy_base_url = http://127.0.0.1:6080/vnc_lite.html
 
     [cells]
     enable = False
 
     [os_region_name]
     openstack =
+
+    [cinder]
+    os_region_name = RegionOne
   '';
 
   rootwrapConf = pkgs.callPackage ../../lib/rootwrap-conf.nix {
@@ -186,9 +189,20 @@ in
             user = "nova";
           };
         };
+        # we don't need tgt on a compute node -> only iscsi-client (openiscsi)
       };
     };
 
+    services.openiscsi = {
+      enable = true;
+      name = "iqn.iscsi.${config.networking.hostName}";
+    };
+
+    environment.systemPackages = with pkgs; [
+      openiscsi
+      nfs-utils
+    ];
+
     systemd.services.nova-compute = {
       description = "OpenStack Nova Scheduler Daemon";
       after = [
@@ -202,6 +216,10 @@ in
           sudo
           nova_env
           qemu
+          util-linux
+          lvm2
+          openiscsi
+          nfs-utils
         ]
         ++ cfg.extraPkgs;
       environment.PYTHONPATH = "${nova_env}/${pkgs.python3.sitePackages}";

modules/controller/cinder.nix

@@ -0,0 +1,143 @@
+{ cinder }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+with lib;
+
+let
+  cfg = config.cinder;
+
+  cinderConf = pkgs.writeText "cinder-api.conf" ''
+    [DEFAULT]
+    transport_url = rabbit://openstack:openstack@controller
+    auth_strategy = keystone
+    my_ip = controller
+    verify_glance_signatures = disabled
+
+    [database]
+    connection = mysql+pymysql://cinder:cinder@controller/cinder
+
+    [keystone_authtoken]
+    www_authenticate_uri = http://controller:5000
+    auth_url = http://controller:5000
+    memcached_servers = controller:11211
+    auth_type = password
+    project_domain_name = default
+    user_domain_name = default
+    project_name = service
+    username = cinder
+    password = cinder
+
+    [oslo_concurrency]
+    lock_path = /var/lib/cinder/tmp
+  '';
+in
+{
+  options.cinder = {
+    enable = mkEnableOption "Enable OpenStack Cinder." // {
+      default = true;
+    };
+    config = mkOption {
+      default = cinderConf;
+      description = ''
+        The Cinder config.
+      '';
+    };
+    cinderPackage = mkOption {
+      default = cinder;
+      type = types.package;
+      description = ''
+        The OpenStack Cinder package to use.
+      '';
+    };
+  };
+  config = mkIf cfg.enable {
+
+    users.extraUsers.cinder = {
+      group = "cinder";
+      isSystemUser = true;
+    };
+    users.groups.cinder = {
+      name = "cinder";
+      members = [ "cinder" ];
+    };
+
+    systemd.tmpfiles.settings = {
+      "10-cinder" = {
+        "/var/lib/cinder/" = {
+          D = {
+            user = "cinder";
+            group = "cinder";
+            mode = "0755";
+          };
+        };
+        "/var/lib/cinder/volumes" = {
+          D = {
+            user = "cinder";
+            group = "cinder";
+            mode = "0755";
+          };
+        };
+        "/var/log/cinder/" = {
+          D = {
+            user = "cinder";
+            group = "cinder";
+            mode = "0755";
+          };
+        };
+        "/etc/cinder/api-paste.ini" = {
+          L = {
+            argument = "${cinder}/etc/cinder/api-paste.ini";
+          };
+        };
+        "/etc/cinder/cinder.conf" = {
+          L = {
+            argument = "${cinderConf}";
+          };
+        };
+      };
+    };
+
+    systemd.services.cinder-api = {
+      description = "OpenStack Cinder API Daemon";
+      after = [
+        "cinder.service"
+        "rabbitmq.service"
+        "mysql.service"
+        "network.target"
+      ];
+      path = [ cinder ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = "cinder";
+        Group = "cinder";
+        ExecStart = pkgs.writeShellScript "cinder-api.sh" ''
+          .cinder-wsgi-wrapped --port 8776
+        '';
+      };
+    };
+
+    systemd.services.cinder-scheduler = {
+      description = "OpenStack Cinder Scheduler";
+      after = [
+        "cinder.service"
+        "rabbitmq.service"
+        "mysql.service"
+        "network.target"
+      ];
+      path = [ cinder ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = "cinder";
+        Group = "cinder";
+        ExecStart = pkgs.writeShellScript "cinder-scheduler.sh" ''
+          .cinder-scheduler-wrapped
+        '';
+      };
+    };
+  };
+}

modules/controller/keystone.nix

@@ -39,6 +39,11 @@ let
     catalog.RegionOne.placement.adminURL = http://controller:8778
     catalog.RegionOne.placement.internalURL = http://controller:8778
     catalog.RegionOne.placement.name = Placement Service
+
+    catalog.RegionOne.volumev3.publicURL = http://controller:8776/v3
+    catalog.RegionOne.volumev3.adminURL = http://controller:8776/v3
+    catalog.RegionOne.volumev3.internalURL = http://controller:8776/v3
+    catalog.RegionOne.volumev3.name = Cinder Service
   '';
 
   keystoneConf = pkgs.writeText "keystone.conf" ''

modules/controller/neutron.nix

@@ -22,6 +22,7 @@ let
     "update_port:binding:profile": "@"
   '';
 
+  # neutron.conf is used as configuration file for neutron-metadata-agent as well
   neutronConf = pkgs.writeText "neutron.conf" ''
     [database]
     connection = mysql+pymysql://neutron:neutron@controller/neutron
@@ -35,6 +36,8 @@ let
     notify_nova_on_port_status_changes = true
     notify_nova_on_port_data_changes = true
     log_dir = /var/log/neutron
+    nova_metadata_host = controller
+    metadata_proxy_shared_secret = neutron_metadata_secret
 
     [keystone_authtoken]
     www_authenticate_uri = http://controller:5000
@@ -107,12 +110,6 @@ let
     ovsdb_debug = true
   '';
 
-  metadataAgentConf = pkgs.writeText "metadata_agent.ini" ''
-    [DEFAULT]
-    nova_metadata_host = controller
-    metadata_proxy_shared_secret = neutron_metadata_secret
-  '';
-
   neutron_env = pkgs.python3.buildEnv.override {
     extraLibs = [ neutron ];
   };
@@ -166,12 +163,6 @@ in
         The Neutron DHCP agent config.
       '';
     };
-    metadataAgentConfig = mkOption {
-      default = metadataAgentConf;
-      description = ''
-        The Neutron metadata agent config.
-      '';
-    };
     providerInterface = mkOption {
       default = "eth2";
       type = types.str;
@@ -221,11 +212,6 @@ in
             argument = "${cfg.dhcpAgentConfig}";
           };
         };
-        "/etc/neutron/metadata_agent.ini" = {
-          L = {
-            argument = "${cfg.metadataAgentConfig}";
-          };
-        };
         "/etc/neutron/api-paste.ini" = {
           L = {
             argument = "${neutron}/etc/neutron/api-paste.ini";
@@ -264,7 +250,7 @@ in
       wantedBy = [ "multi-user.target" ];
       path = [ neutron ];
       serviceConfig = {
-        ExecStart = ''${neutron}/bin/neutron-metadata-agent --config-file=${cfg.config} --config-file=${cfg.ml2Config}'';
+        ExecStart = ''${neutron}/bin/neutron-metadata-agent --config-file=${cfg.config}'';
       };
     };
 

modules/controller/openstack-controller.nix

@@ -5,6 +5,7 @@
   glance,
   placement,
   horizon,
+  cinder,
 }:
 {
   config,
@@ -32,6 +33,7 @@ in
     (import ./nova.nix { inherit nova; })
     (import ./neutron.nix { inherit neutron; })
     (import ./horizon.nix { inherit horizon; })
+    (import ./cinder.nix { inherit cinder; }) # only cinder management component
   ];
 
   config = {
@@ -60,6 +62,12 @@ in
           mysql -N -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
           mysql -N -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
 
+          # Cinder
+          mysql -N -e "drop database cinder;" || true
+          mysql -N -e "create database cinder;" || true
+          mysql -N -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';"
+          mysql -N -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';"
+
           # Placement
           mysql -N -e "drop database placement;" || true
           mysql -N -e "create database placement;" || true
@@ -146,6 +154,29 @@ in
       };
     };
 
+    systemd.services.cinder = {
+      description = "OpenStack Cinder setup";
+      after = [ "keystone-all.service" ];
+      wantedBy = [ "multi-user.target" ];
+      environment = adminEnv;
+      path = [
+        pkgs.openstackclient
+        cinder
+      ];
+      serviceConfig = {
+        Type = "oneshot";
+        User = "cinder";
+        Group = "cinder";
+        ExecStart = pkgs.writeShellScript "cinder.sh" ''
+          set -euxo pipefail
+          openstack user create --domain default --password cinder cinder || true
+          openstack role add --project service --user cinder admin  || true
+          openstack role add --user cinder --user-domain default --system all reader || true
+          cinder-manage --config-file ${config.cinder.config} db sync
+        '';
+      };
+    };
+
     # Placement service can be tested by executing
     # curl http://controller:8778
     # and receive some json with version info as result.

modules/default.nix

@@ -7,11 +7,14 @@
       keystone
       glance
       horizon
+      cinder
       ;
     placement = openstackPkgs.openstack-placement;
   };
 
   computeModule = import ./compute/compute.nix { inherit (openstackPkgs) neutron nova; };
 
+  storageModule = import ./storage/cinder-storage-node.nix { inherit (openstackPkgs) cinder; };
+
   testModules = import ./testing { };
 }