-
Notifications
You must be signed in to change notification settings - Fork 7
/
install_coriolis.sh
336 lines (257 loc) · 11.8 KB
/
install_coriolis.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
#!/bin/bash
set -e
get_interface_ipv4 () {
local IFACE=$1
ip addr show $IFACE | sed -n 's/^\s*inet \([0-9.]*\)\/[0-9]*\s* brd [0-9.]*.*$/\1/p'
}
PUBLIC_IFACE=eth0
HOST_IP=`get_interface_ipv4 $PUBLIC_IFACE`
export RABBIT_PASSWORD=Passw0rd
export ADMIN_PASSWORD=Passw0rd
export MYSQL_ROOT_PASSWORD=Passw0rd
export KEYSTONE_DB_PASSWORD=Passw0rd
export CORIOLIS_DB_PASSWORD=Passw0rd
export BARBICAN_PASSWORD=Passw0rd
export BARBICAN_DB_PASSWORD=Passw0rd
export CORIOLIS_PASSWORD=Passw0rd
add-apt-repository cloud-archive:liberty -y
apt-get update -y
apt-get install ntp -y
service ntp stop
ntpd -gq
service ntp start
apt-get install rabbitmq-server -y
rabbitmqctl add_user coriolis $RABBIT_PASSWORD
rabbitmqctl set_permissions -p / coriolis '.*' '.*' '.*'
apt-get install qemu-utils -y
debconf-set-selections <<< "mysql-server mysql-server/root_password password $MYSQL_ROOT_PASSWORD"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $MYSQL_ROOT_PASSWORD"
apt-get install mysql-server -y
apt-get install keystone apache2 libapache2-mod-wsgi memcached python-memcache -y
apt-get install crudini -y
echo "manual" > /etc/init/keystone.override
service keystone stop
mysql -u root -p$MYSQL_ROOT_PASSWORD << EOF
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '$KEYSTONE_DB_PASSWORD';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '$KEYSTONE_DB_PASSWORD';
EOF
rm -f /var/lib/keystone/keystone.db
crudini --set /etc/keystone/keystone.conf database connection "mysql+pymysql://keystone:$KEYSTONE_DB_PASSWORD@localhost/keystone"
ADMIN_TOKEN=`openssl rand -hex 10`
crudini --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
crudini --set /etc/keystone/keystone.conf memcache servers localhost:11211
crudini --set /etc/keystone/keystone.conf token provider uuid
crudini --set /etc/keystone/keystone.conf token driver memcache
crudini --set /etc/keystone/keystone.conf revoke driver sql
crudini --set /etc/keystone/keystone.conf DEFAULT verbose true
apt-get install python-pip -y
pip install pymysql
su -s /bin/sh -c "keystone-manage db_sync" keystone
cat <<'EOF' > /etc/apache2/sites-available/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
EOF
ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
service apache2 restart
# Config
export OS_TOKEN=$ADMIN_TOKEN
export OS_URL=http://localhost:35357/v3
export OS_IDENTITY_API_VERSION=3
apt-get install python-openstackclient -y
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://localhost:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://localhost:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://localhost:35357/v2.0
openstack domain create default
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password $ADMIN_PASSWORD admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password $ADMIN_PASSWORD demo
openstack role create user
openstack role add --project demo --user demo user
# Test
unset OS_TOKEN
openstack --os-auth-url http://localhost:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin --os-password $ADMIN_PASSWORD \
--os-auth-type password \
token issue
openstack --os-auth-url http://localhost:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo --os-password $ADMIN_PASSWORD \
--os-auth-type password \
token issue
cat << EOF > ~/keystone_admin_rc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASSWORD
export OS_AUTH_URL=http://localhost:35357/v3
export OS_IDENTITY_API_VERSION=3
EOF
source ~/keystone_admin_rc
# Coriolis
apt-get install python3-pip python3-eventlet libssl-dev libmysqlclient-dev -y
git clone https://github.com/cloudbase/pywinrm.git -b requests
pip3 install pywinrm/.
pip3 install mysqlclient
# Download coriolis here before installing
pip3 install coriolis/.
openstack service create --name coriolis --description "Cloud Migration as a Service" migration
ENDPOINT_URL="http://$HOST_IP:7667/v1/%(tenant_id)s"
openstack endpoint create --region RegionOne migration public $ENDPOINT_URL
openstack endpoint create --region RegionOne migration internal $ENDPOINT_URL
openstack endpoint create --region RegionOne migration admin $ENDPOINT_URL
openstack user create --domain default --password $CORIOLIS_PASSWORD coriolis
openstack role add --project service --user coriolis admin
useradd -r -s /bin/false coriolis
mkdir -p /etc/coriolis
chmod 700 /etc/coriolis
cp coriolis/etc/coriolis/coriolis.conf /etc/coriolis/
cp coriolis/etc/coriolis/api-paste.ini /etc/coriolis/
chown -R coriolis.coriolis /etc/coriolis
mkdir -p /var/log/coriolis
chown -R coriolis.coriolis /var/log/coriolis
chmod 700 /var/log/coriolis
crudini --set /etc/coriolis/coriolis.conf DEFAULT log_dir /var/log/coriolis
crudini --set /etc/coriolis/coriolis.conf DEFAULT verbose true
crudini --set /etc/coriolis/coriolis.conf DEFAULT messaging_transport_url rabbit://coriolis:$RABBIT_PASSWORD@127.0.0.1:5672/
crudini --set /etc/coriolis/coriolis.conf keystone_authtoken auth_url http://localhost:35357/v3
crudini --set /etc/coriolis/coriolis.conf keystone_authtoken password $CORIOLIS_PASSWORD
crudini --set /etc/coriolis/coriolis.conf trustee auth_url http://localhost:35357/v3
crudini --set /etc/coriolis/coriolis.conf trustee password $CORIOLIS_PASSWORD
crudini --set /etc/coriolis/coriolis.conf database connection mysql+pymysql://coriolis:$CORIOLIS_DB_PASSWORD@localhost/coriolis
mysql -u root -p$MYSQL_ROOT_PASSWORD << EOF
CREATE DATABASE coriolis;
GRANT ALL PRIVILEGES ON coriolis.* TO 'coriolis'@'localhost' \
IDENTIFIED BY '$CORIOLIS_DB_PASSWORD';
GRANT ALL PRIVILEGES ON coriolis.* TO 'coriolis'@'%' \
IDENTIFIED BY '$CORIOLIS_DB_PASSWORD';
EOF
su -s /bin/sh -c "python3 coriolis/coriolis/cmd/db_sync.py"
mkdir -p /var/lock/coriolis /var/log/coriolis /var/lib/coriolis
chown coriolis:coriolis /var/lock/coriolis /var/log/coriolis /var/lib/coriolis
if [ $(pidof systemd) ]; then
cp coriolis/systemd/* /lib/systemd/system/
systemctl enable coriolis-api.service
systemctl enable coriolis-conductor.service
systemctl enable coriolis-worker.service
systemctl start coriolis-api.service
systemctl start coriolis-conductor.service
systemctl start coriolis-worker.service
else
cp coriolis/debian/etc/init/* /etc/init
service coriolis-api restart
service coriolis-conductor restart
service coriolis-worker restart
fi
# Coriolis client
git clone https://github.com/cloudbase/python-coriolisclient
pip install python-coriolisclient/
# Barbican:
apt-get install barbican-api barbican-worker -y
openstack service create --name barbican --description "Barbican Service" key-manager
BARBICAN_ENDPOINT_URL="http://$HOST_IP:9311"
openstack endpoint create --region RegionOne key-manager public $BARBICAN_ENDPOINT_URL
openstack endpoint create --region RegionOne key-manager internal $BARBICAN_ENDPOINT_URL
openstack user create --domain default --password $BARBICAN_PASSWORD barbican
openstack role add --project service --user barbican admin
mysql -u root -p$MYSQL_ROOT_PASSWORD << EOF
CREATE DATABASE barbican;
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'localhost' \
IDENTIFIED BY '$BARBICAN_DB_PASSWORD';
GRANT ALL PRIVILEGES ON barbican.* TO 'barbican'@'%' \
IDENTIFIED BY '$BARBICAN_DB_PASSWORD';
EOF
rabbitmqctl add_user barbican $RABBIT_PASSWORD
rabbitmqctl set_permissions -p / barbican '.*' '.*' '.*'
crudini --set /etc/barbican/barbican.conf DEFAULT sql_connection mysql+pymysql://barbican:$BARBICAN_DB_PASSWORD@localhost/barbican
crudini --set /etc/barbican/barbican.conf DEFAULT rabbit_userid barbican
crudini --set /etc/barbican/barbican.conf DEFAULT rabbit_password $RABBIT_PASSWORD
crudini --set /etc/barbican/barbican.conf DEFAULT host_href http://$HOST_IP:9311
crudini --set /etc/barbican/barbican-api-paste.ini pipeline:barbican_api pipeline barbican-api-keystone
crudini --set /etc/barbican/barbican-api-paste.ini filter:keystone_authtoken auth_uri http://localhost:5000/v3
crudini --set /etc/barbican/barbican-api-paste.ini filter:keystone_authtoken auth_url http://localhost:35357/v3
crudini --set /etc/barbican/barbican-api-paste.ini filter:keystone_authtoken auth_plugin password
crudini --set /etc/barbican/barbican-api-paste.ini filter:keystone_authtoken username barbican
crudini --set /etc/barbican/barbican-api-paste.ini filter:keystone_authtoken password $BARBICAN_PASSWORD
crudini --set /etc/barbican/barbican-api-paste.ini filter:keystone_authtoken user_domain_name default
crudini --set /etc/barbican/barbican-api-paste.ini filter:keystone_authtoken project_name service
crudini --set /etc/barbican/barbican-api-paste.ini filter:keystone_authtoken project_domain_name default
crudini --set /etc/barbican/barbican-api-paste.ini filter:keystone_authtoken signing_dir /var/cache/barbican
crudini --set /etc/barbican/barbican.conf secrets broker rabbit://barbican:$RABBIT_PASSWORD@localhost
crudini --set /etc/barbican/vassals/barbican-api.ini uwsgi buffer-size 65535
chown -R barbican.barbican /etc/barbican
chmod 700 /etc/barbican
mkdir -p /var/cache/barbican
chown barbican.barbican /var/cache/barbican
chmod 700 /var/cache/barbican
#service barbican-api restart
service barbican-worker restart
service apache2 restart
# Download latest VMware vix disklib
VMWARE_VIX_TGZ=VMware-vix-disklib-6.0.0-2498720.x86_64.tar.gz
#wget https://foo/bar/$VMWARE_VIX_TGZ
tar zxvf $VMWARE_VIX_TGZ
VIX_DIR=vmware-vix-disklib-distrib
cp $VIX_DIR/bin64/* /usr/bin
VMWARE_VIX_LIB_DIR=/usr/lib/vmware-vix-disklib/lib64
mkdir -p $VMWARE_VIX_LIB_DIR
cp -d $VIX_DIR/lib64/* $VMWARE_VIX_LIB_DIR
# Ensure the $VMWARE_VIX_LIB_DIR libs are loaded at the end to avoid conflicts
echo $VMWARE_VIX_LIB_DIR > /etc/ld.so.conf.d/zzz_vmware-vix-disklib.conf
ldconfig
# This is needed for vmware-vdiskmanager
ln -s $VMWARE_VIX_LIB_DIR /usr/lib/vmware
rm -rf $VIX_DIR
rm $VMWARE_VIX_TGZ