#!/bin/bash

# go in a directory everybody can access
# (postgresql commands usually have a 'could not change to "$PWD"' error
# message if the postgres user cannot have access to $PWD...)
cd /

. /etc/openstackquickstartrc

. /usr/lib/openstack-quickstart/functions.sh

echo "Setting up OpenStack demo controller..."

grep -q bash.openstackrc /etc/bash.bashrc.local ||\
echo "export HOST_IP=$IP
. /etc/bash.openstackrc
setcreds admin $pw" >> /etc/bash.bashrc.local

install_packages patterns-OpenStack-controller patterns-OpenStack-clients patterns-OpenStack-network-node crudini psmisc

if [ "x$node_is_compute" = "xyes" ]; then
    install_packages patterns-OpenStack-compute-node
fi

if [ "x$with_tempest" = "xyes" ]; then
    install_packages openstack-nova-objectstore openstack-neutron-lbaas-agent \
        openstack-neutron-vpn-agent openstack-neutron-fwaas \
        openstack-tempest-test openstack-manila-test
fi

# TODO: remove when manila packages are part of patterns!
install_packages openstack-manila openstack-manila-api \
                 openstack-manila-scheduler openstack-manila-share \
                 python-manila python-manilaclient

if [ "$DB" = "postgresql" ] ; then
    if grep -q "SUSE Linux Enterprise Server 11" /etc/SuSE-release; then
        install_packages postgresql91-server python-psycopg2
    else
        install_packages postgresql-server python-psycopg2
    fi
fi

# configure NTP, because we need synchronized time between nodes
grep -q ntp.org /etc/ntp.conf || echo server pool.ntp.org >> /etc/ntp.conf

# configure tgt for cinder
if [ -f /etc/tgt/targets.conf ]; then
    grep -q "include /var/lib/cinder/volumes" /etc/tgt/targets.conf || {
        echo "include /var/lib/cinder/volumes/*" >> /etc/tgt/targets.conf
        start_and_enable_service tgtd
    }
fi

# Set up the database
if [ "$DB" = "postgresql" ] ; then
    DATADIR=/var/lib/pgsql/data
    # No database exists? Start and Stop to create the initial files
    if  [ ! -f $DATADIR/PG_VERSION ]; then
        start_and_enable_service $DB
        stop_and_disable_service $DB
    fi

    # increase max connections for multinode setup (this needs a restart)
    sed -i "s/^max_connections =.*/max_connections=1000/g" $DATADIR/postgresql.conf

    if ! grep -q ::/0 $DATADIR/pg_hba.conf ; then
        sed -i "s/^\(host .*\) ident\(.*\)/\1 md5 \2/" "$DATADIR/pg_hba.conf"
        sed -i "s/^\(local \)/local horizon all md5 sameuser\n\1/" "$DATADIR/pg_hba.conf"
        # allow remote connections:
        echo "listen_addresses = '*'" >> $DATADIR/postgresql.conf
        echo "host all all 0.0.0.0/0 md5  sameuser" >> $DATADIR/pg_hba.conf
        echo "host all all      ::/0 md5  sameuser" >> $DATADIR/pg_hba.conf
        if ! rpm -q postgresql | grep -q postgresql-8 ; then
            sed -i 's/\s*sameuser$//' $DATADIR/pg_hba.conf # adapt config syntax to postgresql-9
        fi
    fi
else
    echo | mysql -u root || pwquery=-p
    for DBNAME in nova cinder keystone glance horizon neutron manila; do
        echo "
        set global character_set_server=latin1;
        set session character_set_server=latin1;
        CREATE DATABASE IF NOT EXISTS $DBNAME;
        GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBNAME'@localhost IDENTIFIED BY '$mpw';
        GRANT ALL PRIVILEGES ON $DBNAME.* TO '$DBNAME'@'%' IDENTIFIED BY '$mpw';
        " | mysql -u root $pwquery
    done
fi


# start some initial services
for s in ntp ntpd $DB tgtd memcached
do
    start_and_enable_service $s
done

start_and_enable_service iscsid


# Set up the database
if [ "$DB" = "postgresql" ] ; then
    sudo -u postgres dropdb keystone || true # needed for keystone_data.sh
    for DBNAME in nova cinder keystone glance horizon heat neutron manila; do
        # use ALTER if CREATE fails: the role probably already exists
        # in that case
        sudo -u postgres psql -c "CREATE ROLE $DBNAME PASSWORD '$mpw' LOGIN;" || \
        sudo -u postgres psql -c "ALTER ROLE $DBNAME PASSWORD '$mpw' LOGIN;"
        sudo -u postgres createdb -O $DBNAME $DBNAME || true
    done
    sudo -u postgres createuser -s root || :
fi

if [ "x$node_is_compute" = "xyes" ]; then
    setup_node_for_nova_compute
fi

# modprobe for snapshot support
modprobe dm_snapshot || :

disable_firewall_and_enable_forwarding

set -e

#-----------------------------------------
# setup OpenStack Dashboard (optional)
#-----------------------------------------


if [ "x$with_horizon" = "xyes" ]; then
    # configure dashboard/apache sample configuration from the package:
    install -m 644 /etc/apache2/conf.d/openstack-dashboard.conf{.sample,}
    a2enmod rewrite
    a2enmod ssl
    a2enmod wsgi
    a2enmod socache_shmcb
    a2enmod deflate

    DASHBOARD_LOCAL_SET=/srv/www/openstack-dashboard/openstack_dashboard/local/local_settings.py

    if ! grep -q "django.core.cache.backends.memcached.MemcachedCache" $DASHBOARD_LOCAL_SET ; then
        cat - >> $DASHBOARD_LOCAL_SET <<EOF
CACHES = {
    'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'
    'LOCATION': '127.0.0.1:11211',
}
EOF
    fi

    if ! grep -q "^SESSION_ENGINE =" $DASHBOARD_LOCAL_SET ; then
        cat - >> $DASHBOARD_LOCAL_SET <<EOF
SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"
EOF
    fi

    if [ "$DB" = "postgresql" ] ; then
    cat >> $DASHBOARD_LOCAL_SET <<EODASHDB
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'HOST': '$IP',
        'NAME': 'horizon',
        'USER': 'horizon',
        'PASSWORD': '$mpw',
    }
}
EODASHDB
    fi

    sed -i -e "s/^DEBUG =.*/DEBUG = False/" $DASHBOARD_LOCAL_SET
    sed -i -e "s/^OPENSTACK_HOST = .*/OPENSTACK_HOST = \"$IP\"/" $DASHBOARD_LOCAL_SET

    if grep -q "^USE_SSL =" $DASHBOARD_LOCAL_SET; then
        sed -i -e "s/^USE_SSL =.*/USE_SSL = False/" $DASHBOARD_LOCAL_SET
    else
        echo "USE_SSL = False" >> $DASHBOARD_LOCAL_SET
    fi

    if grep -q "^ALLOWED_HOSTS =" $DASHBOARD_LOCAL_SET; then
        sed -i -e "s/^ALLOWED_HOSTS =.*/ALLOWED_HOSTS = ['*']/" $DASHBOARD_LOCAL_SET
    else
        echo "ALLOWED_HOSTS = ['*', ]" >> $DASHBOARD_LOCAL_SET
    fi

    # Use 'secure' session and CSRF cookies (bnc#753582):
    cat >> $DASHBOARD_LOCAL_SET <<EOSEC
# Use 'secure' cookies when we use SSL, see https://docs.djangoproject.com/en/1.4/topics/security/:
SESSION_COOKIE_SECURE = CSRF_COOKIE_SECURE = USE_SSL
EOSEC
    # sync dashboard DB "after" the database is created
    run_as wwwrun "cd /srv/www/openstack-dashboard; umask 0027; python -m 'manage' syncdb --noinput"

    start_and_enable_service apache2
fi

#-----------------------------------------
# setup keystone client endpoint configuration
#-----------------------------------------

for c in /etc/glance/glance-api.conf /etc/glance/glance-registry.conf \
    /etc/neutron/neutron.conf /etc/cinder/cinder.conf \
    /etc/heat/heat.conf /etc/nova/nova.conf /etc/manila/manila.conf; do

    setup_keystone_authtoken $c
done

#-----------------------------------------
## setup glance configuration
#-----------------------------------------

crudini --set /etc/glance/glance-api.conf DEFAULT workers "1"
crudini --set /etc/glance/glance-api.conf database connection "$DB://nova:$mpw@$IP/glance"
crudini --set /etc/glance/glance-registry.conf DEFAULT workers "1"
crudini --set /etc/glance/glance-registry.conf database connection "$DB://nova:$mpw@$IP/glance"

#-----------------------------------------
## setup nova configuration
#-----------------------------------------

FIXED_KEY=""
for i in $(seq 1 64); do
    FIXED_KEY+=$(printf "%x\n" $(($RANDOM % 16)))
done

crudini --set /etc/nova/nova.conf database connection "$DB://nova:$mpw@$IP/nova"
crudini --set /etc/nova/nova.conf glance host $IP
crudini --set /etc/nova/nova.conf glance api_servers "http://$IP:9292"
crudini --set /etc/nova/nova.conf DEFAULT novncproxy_base_url "http://$IP:6080/vnc_auto.html"
crudini --set /etc/nova/nova.conf DEFAULT default_floating_pool ext
crudini --set /etc/nova/nova.conf DEFAULT my_ip "$IP"
crudini --set /etc/nova/nova.conf DEFAULT osapi_compute_workers "1"
crudini --set /etc/nova/nova.conf DEFAULT ec2_workers "1"
crudini --set /etc/nova/nova.conf DEFAULT metadata_workers "1"
crudini --set /etc/nova/nova.conf conductor workers "1"

metadata_secret=$(echo $ADMIN_PASSWORD | md5sum | cut -d" " -f1)
crudini --set /etc/nova/nova.conf neutron service_metadata_proxy True
crudini --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret $metadata_secret
crudini --set /etc/nova/nova.conf keymgr fixed_key "$FIXED_KEY"

setup_nova_compute

extensions_path=$(ls -d /usr/lib*/python*/site-packages/extensions 2> /dev/null | head -n 1)
if [ -n "$extensions_path" ]; then
    crudini --set /etc/nova/nova.conf DEFAULT osapi_extensions_path "$extensions_path"
fi

# configure cinder
crudini --set /etc/cinder/cinder.conf DEFAULT my_ip "$IP"
crudini --set /etc/cinder/cinder.conf DEFAULT osapi_volume_workers "1"
crudini --set /etc/cinder/cinder.conf database connection "$DB://cinder:${mpw}@${IP}/cinder"
crudini --set /etc/cinder/cinder.conf keymgr fixed_key "$FIXED_KEY"

if [ "x$with_tempest" = "xyes" ]; then
    crudini --set /etc/cinder/cinder.conf DEFAULT volume_clear none
    crudini --set /etc/cinder/cinder.conf DEFAULT lvm_type thin
fi


for m in cinder heat nova glance neutron manila; do
    sed -i -e 's/%SERVICE_TENANT_NAME%/service/' \
           -e "s/%SERVICE_USER%/$m/" \
           -e "s/%SERVICE_PASSWORD%/$ADMIN_PASSWORD/" \
               /etc/$m/*.ini /etc/$m/$m*.conf
done


# configure keystone
crudini --set /etc/keystone/keystone.conf database connection $DB://keystone:$mpw@$IP/keystone
crudini --set /etc/keystone/keystone.conf DEFAULT admin_token "$SERVICE_TOKEN"
crudini --set /etc/keystone/keystone.conf DEFAULT public_workers 2
crudini --set /etc/keystone/keystone.conf DEFAULT admin_workers 2

/etc/init.d/openstack-keystone restart

sleep 5

keystone_data=/usr/lib/devstack/keystone_data.sh
ENABLED_SERVICES="g-api,g-reg,key,n-api,n-cpu,n-net,n-vol,c-api,n-sch,n-novnc,n-xvnc,q-svc,heat,m-api,mysql,rabbit"
if [ "x$with_horizon" = "xyes" ]; then
    ENABLED_SERVICES+=",horizon"
fi
if [ "x$with_tempest" = "xyes" ]; then
    ENABLED_SERVICES+=",tempest"
fi
SERVICE_ENDPOINT=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0

ADMIN_PASSWORD=$ADMIN_PASSWORD KEYSTONE_CATALOG_BACKEND=sql SERVICE_HOST=$SERVICE_HOST \
    SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT DEVSTACK_DIR=/root \
    ENABLED_SERVICES=$ENABLED_SERVICES bash $keystone_data

. /etc/bash.bashrc.local

if which aa-complain >&/dev/null; then
    aa-complain /etc/apparmor.d/usr.sbin.libvirtd
fi
if [ -e /etc/init.d/boot.apparmor ]; then
    stop_and_disable_service boot.apparmor
fi

#-----------------------------------------
## setup neutron configuration
#-----------------------------------------

SERVICE_TENANT_ID=`get_service_tenant_id`
c=/etc/neutron/neutron.conf
crudini --set $c database connection $DB://neutron:$mpw@$IP/neutron
crudini --set $c DEFAULT allow_overlapping_ips true
crudini --set $c DEFAULT notify_nova_on_port_status_change true
crudini --set $c DEFAULT notify_nova_on_port_data_changes true
crudini --set $c DEFAULT nova_url "http://$SERVICE_HOST:8774/v2"
crudini --set $c DEFAULT nova_admin_username nova
crudini --set $c DEFAULT nova_admin_password $ADMIN_PASSWORD
crudini --set $c DEFAULT nova_admin_tenant_id $SERVICE_TENANT_ID
crudini --set $c DEFAULT nova_admin_auth_url $KEYSTONE_PUBLIC_ENDPOINT


crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings physnet1:$TENANT_ETH
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vlan
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers local,flat,vlan
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan network_vlan_ranges physnet1:$TENANT_VLAN_RANGE
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset False
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT use_namespaces true
crudini --set /etc/neutron/l3_agent.ini DEFAULT use_namespaces true
crudini --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret $metadata_secret

if [ "x$with_tempest" = "xyes" ]; then
    crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins "neutron.services.loadbalancer.plugin.LoadBalancerPlugin, neutron.services.l3_router.l3_router_plugin.L3RouterPlugin, neutron.services.vpn.plugin.VPNDriverPlugin, neutron.services.metering.metering_plugin.MeteringPlugin, neutron.services.firewall.fwaas_plugin.FirewallPlugin"
fi

start_and_enable_service rabbitmq-server

sleep 2
rabbitmqctl add_user openstack $ADMIN_PASSWORD
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

# Start Keystone and Neutron
for s in openstack-keystone \
    openstack-neutron openstack-neutron-linuxbridge-agent openstack-neutron-dhcp-agent \
    openstack-neutron-l3-agent openstack-neutron-metadata-agent
do
    start_and_enable_service $s
done

if [ "x$with_tempest" = "xyes" ]; then
    crudini --set /etc/neutron/lbaas_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
    start_and_enable_service openstack-neutron-lbaas-agent
fi

### wait until neutron will start
cnt=0
while : ; do
    if [[ $cnt -gt 6 ]] ; then
        echo "Can't reach neutron server. Exiting !!!" >&2
        exit 1
    fi
    neutron net-list && break
    cnt=$(($cnt+1))
    sleep 2
done
### create subnets
## fixed
neutron net-create fixed --tenant-id $SERVICE_TENANT_ID --shared --provider:network_type vlan \
    --provider:segmentation_id $FIXED_VLAN  --provider:physical_network physnet1

neutron subnet-create --name fixed --dns-nameserver 8.8.8.8 --dns-nameserver 8.8.4.4 fixed $testnet
neutron router-create --tenant-id $SERVICE_TENANT_ID public
neutron router-interface-add public fixed

## floating/external
if [ x$FLOATING_VLAN != x ]; then
    neutron net-create ext --tenant-id $SERVICE_TENANT_ID --provider:network_type vlan \
        --router:external --provider:segmentation_id $FLOATING_VLAN --provider:physical_network physnet1
else
    neutron net-create ext --tenant-id $SERVICE_TENANT_ID --provider:network_type local --router:external
fi

if [ x$FLOATING_VLAN != x ]; then
    ext_network_id=$(neutron net-list | grep ' ext '  | cut -d' ' -f2)
    neutron subnet-create --name ext --disable-dhcp --tenant-id $SERVICE_TENANT_ID $floatingpool $floatinggateway ext $floatingnet
else
    ext_network_id=$(neutron net-list | grep ' ext '  | cut -d' ' -f2)
    neutron subnet-create --name ext --disable-dhcp --tenant-id $SERVICE_TENANT_ID ext $floatingnet
fi
neutron router-gateway-set public ext
# create four floatingip pools
for i in 1 2 3 4; do
neutron floatingip-create ext
done
### create routing configuration for external bridge
ext_bridge_name=`get_ext_bridge_name`
ext_bridge_ip=`get_ext_bridge_ip`/`get_ext_bridge_ip_prefix`
ext_bridge_cidr=`get_ext_bridge_cidr`

if [ x$FLOATING_VLAN = x ]; then
    setup_ext_bridge_on_boot $ext_bridge_name $ext_bridge_ip $ext_bridge_cidr
    systemctl restart wickedd
    ifup $ext_bridge_name
fi
#-----------------------------------------
## end neutron setup configuration
#---------------------------------------

# Start glance and nova
for s in openstack-glance-api openstack-glance-registry \
    openstack-nova-api openstack-nova-conductor openstack-nova-scheduler \
    openstack-nova-novncproxy openstack-nova-consoleauth
do
    start_and_enable_service $s
done

if [ "x$node_is_compute" = "xyes" ]; then
    start_and_enable_service openstack-nova-compute
fi

if [ "x$with_tempest" = "xyes" ]; then
    start_and_enable_service openstack-nova-objectstore
fi

if [ "x$with_horizon" = "xyes" ]; then
    # Start nova related services
    start_and_enable_service openstack-nova-console
    start_and_enable_service openstack-nova-consoleauth
    start_and_enable_service openstack-nova-novncproxy
fi

#-----------------------------------------
## setup heat configuration
#-----------------------------------------

crudini --set /etc/heat/heat.conf database connection $DB://heat:$mpw@$IP/heat
crudini --set /etc/heat/heat.conf DEFAULT deferred_auth_method trusts
crudini --set /etc/heat/heat.conf DEFAULT num_engine_workers "1"
crudini --set /etc/heat/heat.conf heat_api workers "1"


HEAT_DOMAIN_ID=$(openstack --os-token $SERVICE_TOKEN --os-url=$KEYSTONE_PUBLIC_ENDPOINT_V3 \
    --os-identity-api-version=3 domain create heat \
    --description "Owns users and projects created by heat" \
    | awk '/id/  { print $4 } ')

crudini --set /etc/heat/heat.conf DEFAULT stack_user_domain $HEAT_DOMAIN_ID

openstack --os-token $SERVICE_TOKEN --os-url=$KEYSTONE_PUBLIC_ENDPOINT_V3 \
    --os-identity-api-version=3 user create --password $ADMIN_PASSWORD \
    --domain $HEAT_DOMAIN_ID heat_domain_admin \
    --description "Manages users and projects created by heat"
openstack --os-token $SERVICE_TOKEN --os-url=$KEYSTONE_PUBLIC_ENDPOINT_V3 \
    --os-identity-api-version=3 role add \
    --user heat_domain_admin --domain ${HEAT_DOMAIN_ID} admin

crudini --set /etc/heat/heat.conf DEFAULT stack_domain_admin heat_domain_admin
crudini --set /etc/heat/heat.conf DEFAULT stack_domain_admin_password $ADMIN_PASSWORD

for s in openstack-heat-engine openstack-heat-api-cfn openstack-heat-api; do
    start_and_enable_service $s
done

#-----------------------------------------
## setup loopback LVM configuration
#-----------------------------------------


openstack_loopback_lvm=/usr/sbin/openstack-loopback-lvm
$openstack_loopback_lvm
if [ "$?" -ne "0" ]; then
    # setup failed, so do not use
    for s in api scheduler volume ; do
        insserv -r openstack-cinder-$s
    done
else
    grep -q openstack-loopback-lvm /etc/init.d/boot.local || echo $openstack_loopback_lvm >> /etc/init.d/boot.local
    chmod +x /etc/init.d/boot.local

    # SLE11 and other old distros need boot.lvm enabled
    if [ -z "$(type -p systemctl)" ]; then
        insserv boot.lvm
        /etc/init.d/boot.lvm start
    fi
    start_and_enable_service openstack-cinder-api
    sleep 1
    for s in scheduler volume ; do
        start_and_enable_service openstack-cinder-$s
    done
fi

setcreds admin $pw
for tenant in admin demo ; do
    nova --os-tenant-name $tenant secgroup-add-rule default icmp -1 -1 0.0.0.0/0 # to allow ping
    nova --os-tenant-name $tenant secgroup-add-rule default tcp 22 22 0.0.0.0/0 # to allow only SSH or do
    nova --os-tenant-name $tenant secgroup-add-rule default tcp 1 65535 0.0.0.0/0 # to allow all TCP
    nova --os-tenant-name $tenant secgroup-add-rule default udp 1 65535 0.0.0.0/0 # and all UDP
done

#-----------------------------------------
# setup OpenStack Manila
#-----------------------------------------
c="/etc/manila/manila.conf"
setup_messaging_client $c
crudini --set $c DEFAULT my_ip "$IP"
crudini --set $c DEFAULT default_share_type "default"
crudini --set $c database connection "$DB://manila:${mpw}@${IP}/manila"
crudini --set $c identity uri $KEYSTONE_PUBLIC_ENDPOINT
crudini --set $c DEFAULT nova_admin_username nova
crudini --set $c DEFAULT nova_admin_password $ADMIN_PASSWORD
crudini --set $c DEFAULT nova_admin_tenant_id $SERVICE_TENANT_ID
crudini --set $c DEFAULT nova_admin_auth_url $KEYSTONE_PUBLIC_ENDPOINT

crudini --set $c DEFAULT neutron_admin_username neutron
crudini --set $c DEFAULT neutron_admin_password $ADMIN_PASSWORD
crudini --set $c DEFAULT neutron_admin_project_name "service"
crudini --set $c DEFAULT neutron_admin_auth_url $KEYSTONE_PUBLIC_ENDPOINT

crudini --set $c DEFAULT cinder_admin_username cinder
crudini --set $c DEFAULT cinder_admin_password $ADMIN_PASSWORD
crudini --set $c DEFAULT cinder_admin_tenant_name "service"
crudini --set $c DEFAULT cinder_admin_auth_url $KEYSTONE_PUBLIC_ENDPOINT
crudini --set $c DEFAULT share_volume_fstype ext3

# create and enable a manila backend
crudini --set $c DEFAULT enabled_share_backends backend-0
crudini --set $c backend-0 share_driver manila.share.drivers.generic.GenericShareDriver
crudini --set $c backend-0 share_backend_name default
crudini --set $c backend-0 service_image_name manila-service-image
crudini --set $c backend-0 driver_handles_share_servers true
crudini --set $c backend-0 service_instance_user root
crudini --set $c backend-0 service_instance_password ""
crudini --set $c backend-0 interface_driver manila.network.linux.interface.BridgeInterfaceDriver

nova flavor-create manila-service-image-flavor 100 256 0 1

# security rules for manila service VM
MANILA_SERVICE_SECGROUP="manila-service"
nova secgroup-create $MANILA_SERVICE_SECGROUP "$MANILA_SERVICE_SECGROUP desc"
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 22 22 0.0.0.0/0
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 2049 2049 0.0.0.0/0
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP udp 2049 2049 0.0.0.0/0
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP udp 445 445 0.0.0.0/0
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 445 445 0.0.0.0/0
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP tcp 137 139 0.0.0.0/0
nova secgroup-add-rule $MANILA_SERVICE_SECGROUP udp 137 139 0.0.0.0/0

start_and_enable_service openstack-manila-api
start_and_enable_service openstack-manila-scheduler
start_and_enable_service openstack-manila-share

manila type-create default true

#-----------------------------------------
# setup tempest configuration
#-----------------------------------------

if [ "x$with_tempest" = "xyes" -a -e /etc/tempest/tempest.conf ]; then
    crudini --set /etc/tempest/tempest.conf auth allow_tenant_isolation false
    crudini --set /etc/tempest/tempest.conf identity uri $KEYSTONE_PUBLIC_ENDPOINT
    crudini --set /etc/tempest/tempest.conf identity uri_v3 $KEYSTONE_PUBLIC_ENDPOINT_V3
    crudini --set /etc/tempest/tempest.conf identity username demo
    crudini --set /etc/tempest/tempest.conf identity tenant_name demo
    crudini --set /etc/tempest/tempest.conf identity alt_password $pw
    crudini --set /etc/tempest/tempest.conf identity password $pw
    crudini --set /etc/tempest/tempest.conf identity admin_username admin
    crudini --set /etc/tempest/tempest.conf identity admin_tenant_name admin
    crudini --set /etc/tempest/tempest.conf identity admin_password $pw
    crudini --set /etc/tempest/tempest.conf identity admin_domain_name Default
    crudini --set /etc/tempest/tempest.conf compute-feature-enabled change_password False
    crudini --set /etc/tempest/tempest.conf compute-feature-enabled live_migration False
    crudini --set /etc/tempest/tempest.conf compute-feature-enabled vnc_console true
    crudini --set /etc/tempest/tempest.conf compute-feature-enabled resize true
    crudini --set /etc/tempest/tempest.conf compute fixed_network_name fixed
    crudini --set /etc/tempest/tempest.conf compute network_for_ssh ext
    crudini --set /etc/tempest/tempest.conf compute-admin username admin
    crudini --set /etc/tempest/tempest.conf compute-admin tenant_name admin
    crudini --set /etc/tempest/tempest.conf compute-admin password $pw
    crudini --set /etc/tempest/tempest.conf network public_network_id $ext_network_id
    crudini --set /etc/tempest/tempest.conf service_available neutron True
    crudini --set /etc/tempest/tempest.conf service_available swift False
    crudini --set /etc/tempest/tempest.conf service_available ceilometer False
    crudini --set /etc/tempest/tempest.conf service_available heat True
    crudini --set /etc/tempest/tempest.conf service_available manila False
    crudini --set /etc/tempest/tempest.conf stress max_instances 1
    crudini --set /etc/tempest/tempest.conf service_available horizon $with_horizon
    crudini --set /etc/tempest/tempest.conf volume-feature-enabled backup false
    crudini --set /etc/tempest/tempest.conf image-feature-enabled deactivate_image true
fi
