is an opinionated OpenStack developer installation. It installs and configures various combinations of Cinder, Glance, Heat, Horizon, Keystone, Nova, Neutron, and Swift

# DIVIDER #!/usr/bin/env bash # DIVIDER # DIVIDER # DIVIDER # DIVIDER set -o xtrace # DIVIDER unset GREP_OPTIONS # DIVIDER umask 022 # DIVIDER PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin # DIVIDER TOP_DIR=$(cd $(dirname "$0") && pwd) # DIVIDER NOUNSET=${NOUNSET:-} if [[ -n "$NOUNSET" ]]; then set -o nounset fi # DIVIDER DEVSTACK_START_TIME=$(date +%s) # DIVIDER # DIVIDER # DIVIDER if [[ -r $TOP_DIR/.stackenv ]]; then rm $TOP_DIR/.stackenv fi # DIVIDER FILES=$TOP_DIR/files if [ ! -d $FILES ]; then die $LINENO "missing devstack/files" fi # DIVIDER if [ ! -d $TOP_DIR/inc ]; then die $LINENO "missing devstack/inc" fi # DIVIDER if [ ! -d $TOP_DIR/lib ]; then die $LINENO "missing devstack/lib" fi # DIVIDER if [[ "${POSIXLY_CORRECT}" == "y" ]]; then set +o xtrace echo "You are running POSIX compatibility mode, DevStack requires bash 4.2 or newer." exit 1 fi # DIVIDER if [[ $EUID -eq 0 ]]; then set +o xtrace echo "DevStack should be run as a user with sudo permissions, " echo "not root." echo "A \"stack\" user configured correctly can be created with:" echo " $TOP_DIR/tools/" exit 1 fi # DIVIDER if [[ -n "$VIRTUAL_ENV" ]]; then set +o xtrace echo "You appear to be running under a python virtualenv." echo "DevStack does not support this, as we may break the" echo "virtualenv you are currently in by modifying " echo "external system-level components the virtualenv relies on." echo "We recommend you use a separate virtual-machine if " echo "you are worried about DevStack taking over your system." exit 1 fi # DIVIDER if [[ -e $HOME/.no-devstack ]]; then set +o xtrace echo "You've marked this host as a no-devstack host, to save yourself from" echo "running devstack accidentally. If this is in error, please remove the" echo "~/.no-devstack file" exit 1 fi # DIVIDER # DIVIDER LAST_SPINNER_PID="" # DIVIDER source $TOP_DIR/functions # DIVIDER source $TOP_DIR/inc/meta-config # DIVIDER source $TOP_DIR/lib/stack # DIVIDER GetDistro # DIVIDER # DIVIDER # DIVIDER rm -f $TOP_DIR/ extract_localrc_section $TOP_DIR/local.conf $TOP_DIR/localrc $TOP_DIR/ # DIVIDER if [[ ! -r $TOP_DIR/stackrc ]]; then die $LINENO "missing $TOP_DIR/stackrc - did you grab more than just" fi source $TOP_DIR/stackrc # DIVIDER if [[ ! ${DISTRO} =~ (trusty|vivid|wily|7.0|wheezy|sid|testing|jessie|f22|f23|rhel7|kvmibm1) ]]; then echo "WARNING: this script has not been tested on $DISTRO" if [[ "$FORCE" != "yes" ]]; then die $LINENO "If you wish to run this script anyway run with FORCE=yes" fi fi # DIVIDER if type -p screen > /dev/null && screen -ls | egrep -q "[0-9]\.$SCREEN_NAME"; then echo "You are already running a session." echo "To rejoin this session type 'screen -x stack'." echo "To destroy this session, type './'." exit 1 fi # DIVIDER # DIVIDER export_proxy_variables # DIVIDER disable_negated_services # DIVIDER # DIVIDER is_package_installed sudo || install_package sudo # DIVIDER sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers || echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers # DIVIDER if [[ -n "$LOG_SUDO" ]]; then TEMPFILE=`mktemp` echo "Defaults log_output" > $TEMPFILE chmod 0440 $TEMPFILE sudo chown root:root $TEMPFILE sudo mv $TEMPFILE /etc/sudoers.d/00_logging fi # DIVIDER TEMPFILE=`mktemp` echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE # DIVIDER echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE echo "Defaults:$STACK_USER !requiretty" >> $TEMPFILE echo "Defaults env_keep += PS4" >> $TEMPFILE chmod 0440 $TEMPFILE sudo chown root:root $TEMPFILE sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh # DIVIDER # DIVIDER if is_ubuntu; then echo 'APT::Acquire::Retries "20";' | sudo tee /etc/apt/apt.conf.d/80retry >/dev/null fi # DIVIDER function _install_epel_and_rdo { # DIVIDER if sudo yum repolist enabled epel | grep -q 'epel'; then uninstall_package epel-release || true fi # DIVIDER cat <<EOF | sudo tee /etc/yum.repos.d/epel-bootstrap.repo [epel-bootstrap] name=Bootstrap EPEL mirrorlist=\$basearch failovermethod=priority enabled=0 gpgcheck=0 EOF # DIVIDER is_package_installed yum-utils || install_package yum-utils sudo yum-config-manager --enable epel-bootstrap yum_install epel-release || \ die $LINENO "Error installing EPEL repo, cannot continue" sudo rm -f /etc/yum.repos.d/epel-bootstrap.repo # DIVIDER sudo yum-config-manager --enable rhel-7-server-optional-rpms # DIVIDER is_package_installed rdo-release || yum_install if is_oraclelinux; then sudo yum-config-manager --enable ol7_optional_latest ol7_addons ol7_MySQL56 fi } # DIVIDER # DIVIDER DEST=${DEST:-/opt/stack} # DIVIDER sudo mkdir -p $DEST safe_chown -R $STACK_USER $DEST safe_chmod 0755 $DEST # DIVIDER if [[ -n ${LOGDIR:-} ]]; then mkdir -p $LOGDIR fi # DIVIDER DATA_DIR=${DATA_DIR:-${DEST}/data} sudo mkdir -p $DATA_DIR safe_chown -R $STACK_USER $DATA_DIR # DIVIDER LOCAL_HOSTNAME=`hostname -s` if [ -z "`grep ^ /etc/hosts | grep $LOCAL_HOSTNAME`" ]; then sudo sed -i "s/\(^*\)/\1 $LOCAL_HOSTNAME/" /etc/hosts fi # DIVIDER SKIP_EPEL_INSTALL=$(trueorfalse False SKIP_EPEL_INSTALL) if is_fedora && [[ $DISTRO == "rhel7" ]] && \ [[ ${SKIP_EPEL_INSTALL} != True ]]; then _install_epel_and_rdo fi # DIVIDER is_package_installed python || install_package python # DIVIDER # DIVIDER VERBOSE=$(trueorfalse True VERBOSE) # DIVIDER function spinner { local delay=0.75 local spinstr='/-\|' printf "..." >&3 while [ true ]; do local temp=${spinstr#?} printf "[%c]" "$spinstr" >&3 local spinstr=$temp${spinstr%"$temp"} sleep $delay printf "\b\b\b" >&3 done } function kill_spinner { if [ ! -z "$LAST_SPINNER_PID" ]; then kill >/dev/null 2>&1 $LAST_SPINNER_PID printf "\b\b\bdone\n" >&3 fi } # DIVIDER function echo_summary { if [[ -t 3 && "$VERBOSE" != "True" ]]; then kill_spinner echo -n -e $@ >&6 spinner & LAST_SPINNER_PID=$! else echo -e $@ >&6 fi } # DIVIDER function echo_nolog { echo $@ >&3 } # DIVIDER TIMESTAMP_FORMAT=${TIMESTAMP_FORMAT:-"%F-%H%M%S"} LOGDAYS=${LOGDAYS:-7} CURRENT_LOG_TIME=$(date "+$TIMESTAMP_FORMAT") if [[ -n "$LOGFILE" ]]; then # DIVIDER LOGFILE_DIR="${LOGFILE%/*}" # dirname LOGFILE_NAME="${LOGFILE##*/}" # basename mkdir -p $LOGFILE_DIR find $LOGFILE_DIR -maxdepth 1 -name $LOGFILE_NAME.\* -mtime +$LOGDAYS -exec rm {} \; LOGFILE=$LOGFILE.${CURRENT_LOG_TIME} SUMFILE=$LOGFILE.summary.${CURRENT_LOG_TIME} # DIVIDER # DIVIDER exec 3>&1 if [[ "$VERBOSE" == "True" ]]; then # DIVIDER exec 1> >( $TOP_DIR/tools/ -v -o "${LOGFILE}" ) 2>&1 # DIVIDER exec 6> >( $TOP_DIR/tools/ -o "${SUMFILE}" ) else # DIVIDER exec 1> >( $TOP_DIR/tools/ -o "${LOGFILE}" ) 2>&1 # DIVIDER exec 6> >( $TOP_DIR/tools/ -v -o "${SUMFILE}" >&3 ) fi echo_summary " log $LOGFILE" # DIVIDER ln -sf $LOGFILE $LOGFILE_DIR/$LOGFILE_NAME ln -sf $SUMFILE $LOGFILE_DIR/$LOGFILE_NAME.summary else # DIVIDER exec 3>&1 if [[ "$VERBOSE" != "True" ]]; then # DIVIDER exec 1>/dev/null 2>&1 fi # DIVIDER exec 6> >( $TOP_DIR/tools/ -v >&3 ) fi # DIVIDER if [[ -n "$SCREEN_LOGDIR" ]]; then # DIVIDER if [[ -d "$SCREEN_LOGDIR" ]]; then # DIVIDER find $SCREEN_LOGDIR -maxdepth 1 -name screen-\*.log -mtime +$LOGDAYS -exec rm {} \; else mkdir -p $SCREEN_LOGDIR fi fi # DIVIDER check_path_perm_sanity ${DEST} # DIVIDER # DIVIDER trap exit_trap EXIT function exit_trap { local r=$? jobs=$(jobs -p) # DIVIDER if [[ -n $jobs && -n "$LOGFILE" && "$VERBOSE" == "True" ]]; then echo "exit_trap: cleaning up child processes" kill 2>&1 $jobs fi # DIVIDER kill_spinner if [[ $r -ne 0 ]]; then echo "Error on exit" generate-subunit $DEVSTACK_START_TIME $SECONDS 'fail' >> ${SUBUNIT_OUTPUT} if [[ -z $LOGDIR ]]; then $TOP_DIR/tools/ else $TOP_DIR/tools/ -d $LOGDIR fi else generate-subunit $DEVSTACK_START_TIME $SECONDS >> ${SUBUNIT_OUTPUT} fi exit $r } # DIVIDER trap err_trap ERR function err_trap { local r=$? set +o xtrace if [[ -n "$LOGFILE" ]]; then echo "${0##*/} failed: full log in $LOGFILE" else echo "${0##*/} failed" fi exit $r } # DIVIDER set -o errexit # DIVIDER uname -a # DIVIDER SSL_BUNDLE_FILE="$DATA_DIR/ca-bundle.pem" rm -f $SSL_BUNDLE_FILE # DIVIDER source $TOP_DIR/lib/database source $TOP_DIR/lib/rpc_backend # DIVIDER SSL_ENABLED_SERVICES="key,nova,cinder,glance,s-proxy,neutron" if is_service_enabled tls-proxy && [ "$USE_SSL" == "True" ]; then die $LINENO "tls-proxy and SSL are mutually exclusive" fi # DIVIDER # DIVIDER fetch_plugins # DIVIDER run_phase override_defaults # DIVIDER source $TOP_DIR/lib/apache # DIVIDER source $TOP_DIR/lib/tls # DIVIDER source $TOP_DIR/lib/infra source $TOP_DIR/lib/oslo source $TOP_DIR/lib/lvm source $TOP_DIR/lib/horizon source $TOP_DIR/lib/keystone source $TOP_DIR/lib/glance source $TOP_DIR/lib/nova source $TOP_DIR/lib/cinder source $TOP_DIR/lib/swift source $TOP_DIR/lib/heat source $TOP_DIR/lib/neutron-legacy source $TOP_DIR/lib/ldap source $TOP_DIR/lib/dstat source $TOP_DIR/lib/dlm # DIVIDER # DIVIDER run_phase source # DIVIDER # DIVIDER # DIVIDER function read_password { local xtrace xtrace=$(set +o | grep xtrace) set +o xtrace var=$1; msg=$2 pw=${!var} if [[ -f $RC_DIR/localrc ]]; then localrc=$TOP_DIR/localrc else localrc=$TOP_DIR/.localrc.password fi # DIVIDER if [ ! $pw ]; then # DIVIDER if [ ! -e $localrc ]; then touch $localrc fi # DIVIDER echo '' echo '################################################################################' echo $msg echo '################################################################################' echo "This value will be written to ${localrc} file so you don't have to enter it " echo "again. Use only alphanumeric characters." echo "If you leave this blank, a random default value will be used." pw=" " while true; do echo "Enter a password now:" read -e $var pw=${!var} [[ "$pw" = "`echo $pw | tr -cd [:alnum:]`" ]] && break echo "Invalid chars in password. Try again:" done if [ ! $pw ]; then pw=$(generate_hex_string 10) fi eval "$var=$pw" echo "$var=$pw" >> $localrc fi # DIVIDER $xtrace } # DIVIDER # DIVIDER initialize_database_backends && echo "Using $DATABASE_TYPE database backend" || echo "No database enabled" # DIVIDER # DIVIDER RABBIT_USERID=${RABBIT_USERID:-stackrabbit} if is_service_enabled rabbit; then RABBIT_HOST=${RABBIT_HOST:-$SERVICE_HOST} read_password RABBIT_PASSWORD "ENTER A PASSWORD TO USE FOR RABBIT." fi # DIVIDER if is_service_enabled keystone; then # DIVIDER read_password SERVICE_PASSWORD "ENTER A SERVICE_PASSWORD TO USE FOR THE SERVICE AUTHENTICATION." # DIVIDER read_password ADMIN_PASSWORD "ENTER A PASSWORD TO USE FOR HORIZON AND KEYSTONE (20 CHARS OR LESS)." # DIVIDER # DIVIDER if is_service_enabled ldap; then read_password LDAP_PASSWORD "ENTER A PASSWORD TO USE FOR LDAP" fi fi # DIVIDER if is_service_enabled s-proxy; then # DIVIDER read_password SWIFT_HASH "ENTER A RANDOM SWIFT HASH." if [[ -z "$SWIFT_TEMPURL_KEY" ]] && [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]]; then read_password SWIFT_TEMPURL_KEY "ENTER A KEY FOR SWIFT TEMPURLS." fi fi # DIVIDER save_stackenv $LINENO # DIVIDER # DIVIDER # DIVIDER git_clone $REQUIREMENTS_REPO $REQUIREMENTS_DIR $REQUIREMENTS_BRANCH # DIVIDER echo_summary "Installing package prerequisites" source $TOP_DIR/tools/ # DIVIDER if [[ "$OFFLINE" != "True" ]]; then PYPI_ALTERNATIVE_URL=${PYPI_ALTERNATIVE_URL:-""} $TOP_DIR/tools/ fi # DIVIDER pip_install -U os-testr TRACK_DEPENDS=${TRACK_DEPENDS:-False} # DIVIDER if [[ $TRACK_DEPENDS = True ]]; then echo_summary "Installing Python packages into a virtualenv $DEST/.venv" pip_install -U virtualenv rm -rf $DEST/.venv virtualenv --system-site-packages $DEST/.venv source $DEST/.venv/bin/activate $DEST/.venv/bin/pip freeze > $DEST/requires-pre-pip fi # DIVIDER source $TOP_DIR/tools/ # DIVIDER # DIVIDER install_infra # DIVIDER run_phase stack pre-install install_rpc_backend # DIVIDER install_dlm configure_dlm if is_service_enabled $DATABASE_BACKENDS; then install_database fi if [ -n "$DATABASE_TYPE" ]; then install_database_python fi if is_service_enabled neutron; then install_neutron_agent_packages fi # DIVIDER echo_summary "Installing OpenStack project source" # DIVIDER install_oslo # DIVIDER install_keystoneauth install_keystoneclient install_glanceclient install_cinderclient install_novaclient if is_service_enabled swift glance horizon; then install_swiftclient fi if is_service_enabled neutron nova horizon; then install_neutronclient fi if is_service_enabled heat horizon; then install_heatclient fi # DIVIDER install_keystonemiddleware if is_service_enabled keystone; then if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then stack_install_service keystone configure_keystone fi fi if is_service_enabled s-proxy; then if is_service_enabled ceilometer; then install_ceilometermiddleware fi stack_install_service swift configure_swift # DIVIDER if is_service_enabled swift3; then # DIVIDER S3_SERVICE_PORT=8080 git_clone $SWIFT3_REPO $SWIFT3_DIR $SWIFT3_BRANCH setup_develop $SWIFT3_DIR fi fi if is_service_enabled g-api n-api; then # DIVIDER stack_install_service glance configure_glance fi if is_service_enabled cinder; then # DIVIDER stack_install_service cinder configure_cinder fi if is_service_enabled neutron; then # DIVIDER stack_install_service neutron install_neutron_third_party fi if is_service_enabled nova; then # DIVIDER stack_install_service nova cleanup_nova configure_nova fi if is_service_enabled horizon; then # DIVIDER install_django_openstack_auth # DIVIDER stack_install_service horizon fi if is_service_enabled heat; then stack_install_service heat install_heat_other cleanup_heat configure_heat fi if is_service_enabled tls-proxy || [ "$USE_SSL" == "True" ]; then configure_CA init_CA init_cert # DIVIDER fi # DIVIDER # DIVIDER run_phase stack install # DIVIDER if use_library_from_git "python-openstackclient"; then git_clone_by_name "python-openstackclient" setup_dev_lib "python-openstackclient" else pip_install_gr python-openstackclient fi if [[ $TRACK_DEPENDS = True ]]; then $DEST/.venv/bin/pip freeze > $DEST/requires-post-pip if ! diff -Nru $DEST/requires-pre-pip $DEST/requires-post-pip > $DEST/requires.diff; then echo "Detect some changes for installed packages of pip, in depend tracking mode" cat $DEST/requires.diff fi echo "Ran in depend tracking mode, bailing out now" exit 0 fi # DIVIDER if [[ $SYSLOG != "False" ]]; then if [[ "$SYSLOG_HOST" = "$HOST_IP" ]]; then # DIVIDER cat <<EOF >/tmp/90-stack-m.conf \$ModLoad imrelp \$InputRELPServerRun $SYSLOG_PORT EOF sudo mv /tmp/90-stack-m.conf /etc/rsyslog.d else # DIVIDER cat <<EOF >/tmp/90-stack-s.conf *.* :omrelp:$SYSLOG_HOST:$SYSLOG_PORT EOF sudo mv /tmp/90-stack-s.conf /etc/rsyslog.d fi RSYSLOGCONF="/etc/rsyslog.conf" if [ -f $RSYSLOGCONF ]; then sudo cp -b $RSYSLOGCONF $RSYSLOGCONF.bak if [[ $(grep '$SystemLogRateLimitBurst' $RSYSLOGCONF) ]]; then sudo sed -i 's/$SystemLogRateLimitBurst\ .*/$SystemLogRateLimitBurst\ 0/' $RSYSLOGCONF else sudo sed -i '$ i $SystemLogRateLimitBurst\ 0' $RSYSLOGCONF fi if [[ $(grep '$SystemLogRateLimitInterval' $RSYSLOGCONF) ]]; then sudo sed -i 's/$SystemLogRateLimitInterval\ .*/$SystemLogRateLimitInterval\ 0/' $RSYSLOGCONF else sudo sed -i '$ i $SystemLogRateLimitInterval\ 0' $RSYSLOGCONF fi fi echo_summary "Starting rsyslog" restart_service rsyslog fi # DIVIDER restart_rpc_backend # DIVIDER # DIVIDER if [ -f $SSL_BUNDLE_FILE ]; then export OS_CACERT=$SSL_BUNDLE_FILE fi # DIVIDER if is_service_enabled $DATABASE_BACKENDS; then configure_database fi # DIVIDER USE_SCREEN=$(trueorfalse True USE_SCREEN) if [[ "$USE_SCREEN" == "True" ]]; then # DIVIDER screen -d -m -S $SCREEN_NAME -t shell -s /bin/bash sleep 1 # DIVIDER SCREEN_HARDSTATUS=${SCREEN_HARDSTATUS:-} if [ -z "$SCREEN_HARDSTATUS" ]; then SCREEN_HARDSTATUS='%{= .} %-Lw%{= .}%> %n%f %t*%{= .}%+Lw%< %-=%{g}(%{d}%H/%l%{g})' fi screen -r $SCREEN_NAME -X hardstatus alwayslastline "$SCREEN_HARDSTATUS" screen -r $SCREEN_NAME -X setenv PROMPT_COMMAND /bin/true fi # DIVIDER SCREENRC=$TOP_DIR/$SCREEN_NAME-screenrc if [[ -e $SCREENRC ]]; then rm -f $SCREENRC fi # DIVIDER init_service_check # DIVIDER save_stackenv $LINENO # DIVIDER # DIVIDER # DIVIDER start_dstat # DIVIDER if is_service_enabled keystone; then echo_summary "Starting Keystone" if [ "$KEYSTONE_AUTH_HOST" == "$SERVICE_HOST" ]; then init_keystone start_keystone bootstrap_keystone fi if is_service_enabled tls-proxy; then export OS_CACERT=$INT_CA_DIR/ca-chain.pem fi # DIVIDER cat > $TOP_DIR/userrc_early <<EOF # DIVIDER # DIVIDER export OS_IDENTITY_API_VERSION=3 export OS_AUTH_URL=$KEYSTONE_AUTH_URI export OS_USERNAME=admin export OS_USER_DOMAIN_ID=default export OS_PASSWORD=$ADMIN_PASSWORD export OS_PROJECT_NAME=admin export OS_PROJECT_DOMAIN_ID=default export OS_REGION_NAME=$REGION_NAME EOF source $TOP_DIR/userrc_early create_keystone_accounts create_nova_accounts create_glance_accounts create_cinder_accounts create_neutron_accounts if is_service_enabled swift; then create_swift_accounts fi if is_service_enabled heat; then create_heat_accounts fi fi # DIVIDER write_clouds_yaml # DIVIDER if is_service_enabled horizon; then echo_summary "Configuring Horizon" configure_horizon fi # DIVIDER if is_service_enabled g-reg; then echo_summary "Configuring Glance" init_glance fi # DIVIDER if is_service_enabled neutron; then echo_summary "Configuring Neutron" configure_neutron # DIVIDER if is_service_enabled $DATABASE_BACKENDS && is_service_enabled q-svc; then init_neutron fi fi # DIVIDER if is_service_enabled neutron; then configure_neutron_third_party init_neutron_third_party start_neutron_third_party fi # DIVIDER if is_service_enabled n-net q-dhcp; then # DIVIDER netman_pid=$(pidof NetworkManager || true) if [ -z "$netman_pid" ]; then sudo killall dnsmasq || true else sudo ps h -o pid,ppid -C dnsmasq | grep -v $netman_pid | awk '{print $1}' | sudo xargs kill || true fi clean_iptables if is_service_enabled n-net; then rm -rf ${NOVA_STATE_PATH}/networks sudo mkdir -p ${NOVA_STATE_PATH}/networks safe_chown -R ${STACK_USER} ${NOVA_STATE_PATH}/networks fi # DIVIDER sudo sysctl -w net.ipv4.ip_forward=1 fi # DIVIDER if is_service_enabled s-proxy; then echo_summary "Configuring Swift" init_swift fi # DIVIDER if is_service_enabled cinder; then echo_summary "Configuring Cinder" init_cinder fi # DIVIDER if is_service_enabled nova; then echo_summary "Configuring Nova" init_nova # DIVIDER if is_service_enabled neutron; then create_nova_conf_neutron elif is_service_enabled n-net; then create_nova_conf_nova_network fi init_nova_cells fi # DIVIDER # DIVIDER run_phase stack post-config # DIVIDER # DIVIDER merge_config_group $TOP_DIR/local.conf post-config # DIVIDER # DIVIDER # DIVIDER if is_service_enabled s-proxy; then echo_summary "Starting Swift" start_swift fi # DIVIDER if is_service_enabled glance; then echo_summary "Starting Glance" start_glance fi # DIVIDER # DIVIDER if is_service_enabled g-reg; then echo_summary "Uploading images" # DIVIDER if [[ -n "$UPLOAD_LEGACY_TTY" ]]; then IMAGE_URLS="${IMAGE_URLS:+${IMAGE_URLS},}" fi for image_url in ${IMAGE_URLS//,/ }; do upload_image $image_url done fi # DIVIDER if is_service_enabled keystone && is_service_enabled swift3 && is_service_enabled nova; then eval $(openstack ec2 credentials create --user nova --project $SERVICE_TENANT_NAME -f shell -c access -c secret) iniset $NOVA_CONF DEFAULT s3_access_key "$access" iniset $NOVA_CONF DEFAULT s3_secret_key "$secret" iniset $NOVA_CONF DEFAULT s3_affix_tenant "True" fi # DIVIDER if is_service_enabled nova; then iniset $NOVA_CONF keymgr fixed_key $(generate_hex_string 32) fi # DIVIDER if is_service_enabled n-api; then echo_summary "Starting Nova API" start_nova_api fi if is_service_enabled q-svc; then echo_summary "Starting Neutron" start_neutron_service_and_check check_neutron_third_party_integration elif is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-net; then NM_CONF=${NOVA_CONF} if is_service_enabled n-cell; then NM_CONF=${NOVA_CELLS_CONF} fi # DIVIDER $NOVA_BIN_DIR/nova-manage --config-file $NM_CONF network create "$PRIVATE_NETWORK_NAME" $FIXED_RANGE 1 $FIXED_NETWORK_SIZE $NETWORK_CREATE_ARGS # DIVIDER $NOVA_BIN_DIR/nova-manage --config-file $NM_CONF floating create $FLOATING_RANGE --pool=$PUBLIC_NETWORK_NAME # DIVIDER $NOVA_BIN_DIR/nova-manage --config-file $NM_CONF floating create --ip_range=$TEST_FLOATING_RANGE --pool=$TEST_FLOATING_POOL fi if is_service_enabled neutron; then start_neutron_agents fi # DIVIDER if is_service_enabled q-svc && [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]]; then echo_summary "Creating initial neutron network elements" create_neutron_initial_network setup_neutron_debug fi if is_service_enabled nova; then echo_summary "Starting Nova" start_nova fi if is_service_enabled cinder; then echo_summary "Starting Cinder" start_cinder create_volume_types fi # DIVIDER if is_service_enabled heat; then # DIVIDER echo_summary "Configuring Heat" init_heat echo_summary "Starting Heat" start_heat if [ "$HEAT_BUILD_PIP_MIRROR" = "True" ]; then echo_summary "Building Heat pip mirror" build_heat_pip_mirror fi fi if is_service_enabled horizon; then echo_summary "Starting Horizon" init_horizon start_horizon fi # DIVIDER # DIVIDER if is_service_enabled nova && is_service_enabled keystone; then USERRC_PARAMS="-PA --target-dir $TOP_DIR/accrc" if [ -f $SSL_BUNDLE_FILE ]; then USERRC_PARAMS="$USERRC_PARAMS --os-cacert $SSL_BUNDLE_FILE" fi if [[ "$HEAT_STANDALONE" = "True" ]]; then USERRC_PARAMS="$USERRC_PARAMS --heat-url http://$HEAT_API_HOST:$HEAT_API_PORT/v1" fi $TOP_DIR/tools/ $USERRC_PARAMS fi # DIVIDER save_stackenv # DIVIDER # DIVIDER # DIVIDER merge_config_group $TOP_DIR/local.conf extra # DIVIDER # DIVIDER run_phase stack extra # DIVIDER # DIVIDER merge_config_group $TOP_DIR/local.conf post-extra # DIVIDER # DIVIDER if [[ -x $TOP_DIR/ ]]; then echo "Running user script $TOP_DIR/" $TOP_DIR/ fi # DIVIDER # DIVIDER service_check # DIVIDER check_libs_from_git # DIVIDER # DIVIDER openstack complete | sudo tee /etc/bash_completion.d/osc.bash_completion > /dev/null # DIVIDER if is_service_enabled cinder; then if is_ubuntu; then echo_summary "Configuring lvm.conf global device filter" set_lvm_filter else echo_summary "Skip setting lvm filters for non Ubuntu systems" fi fi # DIVIDER set +o xtrace if [[ -n "$LOGFILE" ]]; then exec 1>&3 # DIVIDER exec 1> >( tee -a "${LOGFILE}" ) 2>&1 else # DIVIDER exec 1>&3 fi # DIVIDER time_totals # DIVIDER echo "" echo "" echo "" echo "This is your host IP address: $HOST_IP" if [ "$HOST_IPV6" != "" ]; then echo "This is your host IPv6 address: $HOST_IPV6" fi # DIVIDER if is_service_enabled horizon; then echo "Horizon is now available at http://$SERVICE_HOST$HORIZON_APACHE_ROOT" fi # DIVIDER if is_service_enabled keystone; then echo "Keystone is serving at $KEYSTONE_SERVICE_URI/" echo "The default users are: admin and demo" echo "The password: $ADMIN_PASSWORD" fi # DIVIDER if [[ -n "$DEPRECATED_TEXT" ]]; then echo_summary "WARNING: $DEPRECATED_TEXT" fi # DIVIDER echo_summary " completed in $SECONDS seconds." # DIVIDER exec 1>&3 exec 2>&3 exec 3>&- exec 6>&- # DIVIDER

This script's options can be changed by setting appropriate environment variables. You can configure things like which git repositories to use, services to enable, OS images to use, etc. Default values are located in the stackrc file. If you are crafty you can run the script on multiple nodes using shared settings for common resources (eg., mysql or rabbitmq) and build a multi-node developer install.

To keep this script simple we assume you are running on a recent Ubuntu (14.04 Trusty or newer), Fedora (F20 or newer), or CentOS/RHEL (7 or newer) machine. (It may work on other platforms but support for those platforms is left to those who added them to DevStack.) It should work in a VM or physical server. Additionally, we maintain a list of deb and rpm dependencies and other configuration files in this repo.

Learn more and get the most recent version at

Print the commands being run so that we can see the command that triggers an error. It is also useful for following along as the install occurs.

Make sure custom grep options don't get in the way

Make sure umask is sane

Not all distros have sbin in PATH for regular users.

Keep track of the DevStack directory

Check for uninitialized variables, a big cause of bugs

Set start of devstack timestamp


Sanity Checks

Clean up last environment var cache keeps the list of deb and rpm dependencies, config templates and other useful files in the files subdirectory keeps function libraries here Make sure $TOP_DIR/inc directory is present keeps project libraries here Make sure $TOP_DIR/lib directory is present

Check if run in POSIX shell

OpenStack is designed to be run as a non-root user; Horizon will fail to run as root since Apache will not serve content from root user). must not be run as root. It aborts and suggests one course of action to create a suitable user account.

OpenStack is designed to run at a system level, with system level installation of python packages. It does not support running under a virtual env, and will fail in really odd ways if you do this. Make this explicit as it has come up on the mailing list.

Provide a safety switch for devstack. If you do a lot of devstack, on a lot of different environments, you sometimes run it on the wrong box. This makes there be a way to prevent that.

Prepare the environment

Initialize variables:

Import common functions

Import config functions

Import 'public' functions

Determine what system we are running on. This provides os_VENDOR, os_RELEASE, os_UPDATE, os_PACKAGE, os_CODENAME and DISTRO

Global Settings

Check for a localrc section embedded in local.conf and extract if localrc does not already exist

Phase: local is customizable by setting environment variables. Override a default setting via export:

export DATABASE_PASSWORD=anothersecret

or by setting the variable on the command line:


Persistent variables can be placed in a local.conf file:


We try to have sensible defaults, so you should be able to run ./ in most cases. local.conf is not distributed with DevStack and will never be overwritten by a DevStack update.

DevStack distributes stackrc which contains locations for the OpenStack repositories, branches to configure, and other configuration defaults. stackrc sources the localrc section of local.conf to allow you to safely override those settings.

Warn users who aren't on an explicitly supported distro, but allow them to override check and attempt installation with FORCE=yes ./stack

Check to see if we are already running DevStack Note that this may fail if USE_SCREEN=False

Local Settings

Make sure the proxy config is visible to sub-processes

Remove services which were negated in ENABLED_SERVICES using the "-" prefix (e.g., "-rabbit") instead of calling disable_service().

Configure sudo

We're not as root so make sure sudo is available

UEC images /etc/sudoers does not have a #includedir, add one

Conditionally setup detailed logging for sudo

Set up DevStack sudoers

Some binaries might be under /sbin or /usr/sbin, so make sure sudo will see them by forcing PATH

Configure Distro Repositories

For Debian/Ubuntu make apt attempt to retry network ops on it's own

Some distros need to add repos beyond the defaults provided by the vendor to pick up required packages.

NOTE: We always remove and install latest -- some environments use snapshot images, and if EPEL version updates they break unless we update them to latest version.

This trick installs the latest epel-release from a bootstrap repo, then removes itself (as epel-release installed the "real" repo).

You would think that rather than this, you could use $releasever directly in .repo file we create below. However RHEL gives a $releasever of "6Server" which breaks the path; see

Enable a bootstrap repo. It is removed after finishing the epel-release installation.

... and also optional to be enabled

install the lastest RDO

Configure Target Directories

Destination path for installation DEST

Create the destination directory and ensure it is writable by the user and read/executable by everybody for daemons (e.g. apache run for horizon)

Destination path for devstack logs

Destination path for service data

Configure proper hostname Certain services such as rabbitmq require that the local hostname resolves correctly. Make sure it exists in /etc/hosts so that is always true.

If you have all the repos installed above already setup (e.g. a CI situation where they are on your image) you may choose to skip this to speed things up

Ensure python is installed

Configure Logging

Set up logging level

Draw a spinner so the user knows something is happening

Echo text to the log file, summary log file and stdout echo_summary "something to say"

Echo text only to stdout, no log files echo_nolog "something not for the logs"

Set up logging for Set LOGFILE to turn on logging Append '.xxxxxxxx' to the given name to maintain history where 'xxxxxxxx' is a representation of the date the file was created

Clean up old log files. Append '.*' to the user-specified LOGFILE to match the date in the search template.

Redirect output according to config

Set fd 3 to a copy of stdout. So we can set fd 1 without losing stdout later.

Set fd 1 and 2 to write the log file

Set fd 6 to summary log file

Set fd 1 and 2 to primary logfile

Set fd 6 to summary logfile and stdout

Specified logfile name always links to the most recent log

Set up output redirection without log files Set fd 3 to a copy of stdout. So we can set fd 1 without losing stdout later.

Throw away stdout and stderr

Always send summary fd to original stdout

Set up logging of screen windows Set SCREEN_LOGDIR to turn on logging of screen windows to the directory specified in SCREEN_LOGDIR, we will log to the file screen-$SERVICE_NAME-$TIMESTAMP.log in that dir and have a link screen-$SERVICE_NAME.log to the latest log file. Logs are kept for as long specified in LOGDAYS. This is deprecated....logs go in LOGDIR, only symlinks will be here now.

We make sure the directory is created.

We cleanup the old logs

Basic test for $DEST path permissions (fatal on error unless skipped)

Configure Error Traps

Kill background processes on exit

Only do the kill when we're logging through a process substitution, which currently is only to verbose logfile

Kill the last spinner process

Exit on any errors so that errors don't compound

Begin trapping error exit codes

Print the kernel version

Reset the bundle of CA certificates

Import common services (database, message queue) configuration

Service to enable with SSL if USE_SSL is True

Configure Projects

Clone all external plugins

Plugin Phase 0: override_defaults - allow plugins to override defaults before other services are run

Import Apache functions

Import TLS functions

Source project function libraries

Extras Source

Phase: source

Interactive Configuration

Do all interactive config up front before the logging spew begins

Generic helper to configure passwords

If the password is not defined yet, proceed to prompt user for a password.

If there is no localrc file, create one

Presumably if we got this far it can only be that our localrc is missing the required password. Prompt user for a password and write to localrc.

restore previous xtrace value

Database Configuration

To select between database backends, add the following to local.conf:

disable_service mysql enable_service postgresql

The available database backends are listed in DATABASE_BACKENDS after lib/database is sourced. mysql is the default.

Queue Configuration

Rabbit connection info In multi node DevStack, second node needs RABBIT_USERID, but rabbit isn't enabled.


Services authenticate to Identity with servicename/SERVICE_PASSWORD

Horizon currently truncates usernames and passwords at 20 characters

Keystone can now optionally install OpenLDAP by enabling the ldap service in local.conf (e.g. enable_service ldap). To clean out the Keystone contents in OpenLDAP set KEYSTONE_CLEAR_LDAP to yes (e.g. KEYSTONE_CLEAR_LDAP=yes) in local.conf. To enable the Keystone Identity Driver (keystone.identity.backends.ldap.Identity) set KEYSTONE_IDENTITY_BACKEND to ldap (e.g. KEYSTONE_IDENTITY_BACKEND=ldap) in local.conf.

Only request LDAP password if the service is enabled


We only ask for Swift Hash if we have enabled swift service. SWIFT_HASH is a random unique string for a swift cluster that can never change.

Save configuration values

Install Packages

OpenStack uses a fair number of other projects.

Bring down global requirements before any use of pip_install. This is necessary to ensure that the constraints file is in place before we attempt to apply any constraints to pip installs.

Install package requirements Source it so the entire environment is available

Configure an appropriate Python environment

Install subunit for the subunit output stream

Install Python packages into a virtualenv so that we can track them

Do the ugly hacks for broken packages and distros

Virtual Environment

Install required infra support libraries

Extras Pre-install

Phase: pre-install

NOTE(sdague): dlm install is conditional on one being enabled by configuration

Check Out and Install Source

Install Oslo libraries

Install client libraries

Install middleware

swift3 middleware to provide S3 emulation to Swift

Replace the nova-objectstore port by the swift port

Image catalog service

Block volume service

Network service

Compute service

django openstack_auth


Add name to /etc/hosts. Don't be naive and add to existing line!

Extras Install

Phase: install

Install the OpenStack client, needed for most setup commands


Configure the master host to receive

Set rsyslog to send to remote host

Finalize queue installation

Export Certificate Authority Bundle

If certificates were used and written to the SSL bundle file then these should be exported so clients can validate their connections.

Configure database

Configure screen

Create a new named screen to run processes in

Set a reasonable status bar

Clear screenrc file

Initialize the directory for service status check

Save configuration values

Start Services


A better kind of sysstat, with the top process per time slice


Rather than just export these, we write them out to a intermediate userrc file that can also be used to debug if something goes wrong between here and running tools/ (this script relies on services other than keystone being available, so we can't call it right now)

Use this for debugging issues before files in accrc are created

Set up password auth credentials now that Keystone is bootstrapped

Write a clouds.yaml file




Run init_neutron only on the node hosting the Neutron API server

Some Neutron plugins require network controllers which are not a part of the OpenStack project. Configure and start them.


Delete traces of nova networks from prior runs Do not kill any dnsmasq instance spawned by NetworkManager

Force IP forwarding on, just in case

Storage Service

Volume Service

Compute Service

Additional Nova configuration that is dependent on other services

Extras Configuration

Phase: post-config

Local Configuration

Apply configuration from local.conf if it exists for layer 2 services Phase: post-config

Launch Services

Only run the services specified in ENABLED_SERVICES

Launch Swift Services

Launch the Glance services

Install Images

Upload an image to Glance.

The default image is CirrOS, a small testing image which lets you login as root CirrOS has a cloud-init analog supporting login via keypair and sending scripts as userdata. See for more on cloud-init

Option to upload legacy ami-tty, which works with xenserver

Create an access key and secret key for Nova EC2 register image

Create a randomized default value for the keymgr's fixed_key

Launch the nova-api and wait for it to answer before continuing

Create a small network

Create some floating ips

Create a second pool

Once neutron agents are started setup initial network elements

Configure and launch Heat engine, api and metadata

Initialize heat

Create account rc files

Creates source able script files for easier user switching. This step also creates certificates for tenants and users, which is helpful in image bundle steps.

Save some values we generated for later use

Wrapup configuration

local.conf extra

Apply configuration from local.conf if it exists for layer 2 services Phase: extra

Run extras

Phase: extra

local.conf post-extra

Apply late configuration from local.conf if it exists for layer 2 services Phase: post-extra

Run local script

Run if it exists to perform user-managed tasks

Sanity checks

Check the status of running services

ensure that all the libraries we think we installed from git, actually were.

Bash completion

Prepare bash completion for OSC

If cinder is configured, set global_filter for PV devices


Force all output to stdout and logs now

Force all output to stdout now

Dump out the time totals

Using the cloud

If you installed Horizon on this server you should be able to access the site using your browser.

If Keystone is present you can point nova cli to this server

Warn that a deprecated feature was used

Indicate how long this took to run (bash maintained variable SECONDS)

Restore/close logging file descriptors