Merge "XenServer hypervisor plugin"
diff --git a/HACKING.rst b/HACKING.rst
index dd665a2..5f33d77 100644
--- a/HACKING.rst
+++ b/HACKING.rst
@@ -38,7 +38,7 @@
A number of additional scripts can be found in the ``tools`` directory that may
be useful in supporting DevStack installations. Of particular note are ``info.sh``
-to collect and report information about the installed system, and ``instal_prereqs.sh``
+to collect and report information about the installed system, and ``install_prereqs.sh``
that handles installation of the prerequisite packages for DevStack. It is
suitable, for example, to pre-load a system for making a snapshot.
diff --git a/README.md b/README.md
index 99e9838..6dc9ecd 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,7 @@
# Start A Dev Cloud
-Installing in a dedicated disposable vm is safer than installing on your dev machine! To start a dev cloud:
+Installing in a dedicated disposable vm is safer than installing on your dev machine! Plus you can pick one of the supported Linux distros for your VM. To start a dev cloud run the following NOT AS ROOT (see below for more):
./stack.sh
@@ -57,6 +57,12 @@
# list instances using ec2 api
euca-describe-instances
+# DevStack Execution Environment
+
+DevStack runs rampant over the system it runs on, installing things and uninstalling other things. Running this on a system you care about is a recipe for disappointment, or worse. Alas, we're all in the virtualization business here, so run it in a VM. And take advantage of the snapshot capabilities of your hypervisor of choice to reduce testing cycle times. You might even save enough time to write one more feature before the next feature freeze...
+
+``stack.sh`` needs to have root access for a lot of tasks, but it also needs to have not-root permissions for most of its work and for all of the OpenStack services. So ``stack.sh`` specifically does not run if you are root. This is a recent change (Oct 2013) from the previous behaviour of automatically creating a ``stack`` user. Automatically creating a user account is not always the right response to running as root, so that bit is now an explicit step using ``tools/create-stack-user.sh``. Run that (as root!) if you do not want to just use your normal login here, which works perfectly fine.
+
# Customizing
You can override environment variables used in `stack.sh` by creating file name `localrc`. It is likely that you will need to do this to tweak your networking configuration should you need to access your cloud from a different host.
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
new file mode 100644
index 0000000..919452a
--- /dev/null
+++ b/files/apache-keystone.template
@@ -0,0 +1,22 @@
+Listen %PUBLICPORT%
+Listen %ADMINPORT%
+
+<VirtualHost *:%PUBLICPORT%>
+ WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER%
+ WSGIProcessGroup keystone-public
+ WSGIScriptAlias / %PUBLICWSGI%
+ WSGIApplicationGroup %{GLOBAL}
+ ErrorLog /var/log/%APACHE_NAME%/keystone
+ LogLevel debug
+ CustomLog /var/log/%APACHE_NAME%/access.log combined
+</VirtualHost>
+
+<VirtualHost *:%ADMINPORT%>
+ WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER%
+ WSGIProcessGroup keystone-admin
+ WSGIScriptAlias / %ADMINWSGI%
+ WSGIApplicationGroup %{GLOBAL}
+ ErrorLog /var/log/%APACHE_NAME%/keystone
+ LogLevel debug
+ CustomLog /var/log/%APACHE_NAME%/access.log combined
+</VirtualHost>
diff --git a/files/ldap/base-config.ldif b/files/ldap/base-config.ldif
new file mode 100644
index 0000000..026d8bc
--- /dev/null
+++ b/files/ldap/base-config.ldif
@@ -0,0 +1,19 @@
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+olcArgsFile: /var/run/slapd/slapd.args
+olcAuthzRegexp: {0}gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth dn
+ :cn=config
+olcPidFile: /var/run/slapd/slapd.pid
+olcSizeLimit: 10000
+
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/openldap/schema/core.ldif
+
+dn: olcDatabase={1}hdb,cn=config
+objectClass: olcHdbConfig
+olcDbDirectory: /var/lib/ldap
+olcSuffix: dc=openstack,dc=org
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
index 355af88..98c2795 100644
--- a/files/rpms-suse/general
+++ b/files/rpms-suse/general
@@ -1,4 +1,5 @@
bridge-utils
+ca-certificates-mozilla
curl
euca2ools
git-core
@@ -10,7 +11,6 @@
python-cmd2 # dist:opensuse-12.3
python-pylint
python-unittest2
-python-virtualenv
screen
tar
tcpdump
diff --git a/functions b/functions
index e1a5f4b..01e2dfc 100644
--- a/functions
+++ b/functions
@@ -364,7 +364,7 @@
# GetOSVersion
GetOSVersion() {
# Figure out which vendor we are
- if [[ -n "`which sw_vers 2>/dev/null`" ]]; then
+ if [[ -x "`which sw_vers 2>/dev/null`" ]]; then
# OS/X
os_VENDOR=`sw_vers -productName`
os_RELEASE=`sw_vers -productVersion`
@@ -548,11 +548,18 @@
# Uses global ``OFFLINE``
# git_clone remote dest-dir branch
function git_clone {
- [[ "$OFFLINE" = "True" ]] && return
-
GIT_REMOTE=$1
GIT_DEST=$2
GIT_REF=$3
+ RECLONE=$(trueorfalse False $RECLONE)
+
+ if [[ "$OFFLINE" = "True" ]]; then
+ echo "Running in offline mode, clones already exist"
+ # print out the results so we know what change was used in the logs
+ cd $GIT_DEST
+ git show --oneline | head -1
+ return
+ fi
if echo $GIT_REF | egrep -q "^refs"; then
# If our branch name is a gerrit style refs/changes/...
@@ -570,7 +577,7 @@
cd $GIT_DEST
# This checkout syntax works for both branches and tags
git checkout $GIT_REF
- elif [[ "$RECLONE" == "yes" ]]; then
+ elif [[ "$RECLONE" = "True" ]]; then
# if it does exist then simulate what clone does if asked to RECLONE
cd $GIT_DEST
# set the url to pull from and fetch
@@ -595,6 +602,10 @@
fi
fi
+
+ # print out the results so we know what change was used in the logs
+ cd $GIT_DEST
+ git show --oneline | head -1
}
@@ -915,7 +926,7 @@
elif is_fedora; then
sudo yum remove -y "$@"
elif is_suse; then
- sudo rpm -e "$@"
+ sudo zypper rm "$@"
else
exit_distro_not_supported "uninstalling packages"
fi
@@ -1216,7 +1227,10 @@
echo "cd $REQUIREMENTS_DIR; $SUDO_CMD python update.py $project_dir"
# Don't update repo if local changes exist
- if (cd $project_dir && git diff --quiet); then
+ (cd $project_dir && git diff --quiet)
+ local update_requirements=$?
+
+ if [ $update_requirements -eq 0 ]; then
(cd $REQUIREMENTS_DIR; \
$SUDO_CMD python update.py $project_dir)
fi
@@ -1224,6 +1238,11 @@
pip_install -e $project_dir
# ensure that further actions can do things like setup.py sdist
safe_chown -R $STACK_USER $1/*.egg-info
+
+ # Undo requirements changes, if we made them
+ if [ $update_requirements -eq 0 ]; then
+ (cd $project_dir && git checkout -- requirements.txt test-requirements.txt setup.py)
+ fi
}
@@ -1250,16 +1269,16 @@
# Normalize config values to True or False
-# Accepts as False: 0 no false False FALSE
-# Accepts as True: 1 yes true True TRUE
+# Accepts as False: 0 no No NO false False FALSE
+# Accepts as True: 1 yes Yes YES true True TRUE
# VAR=$(trueorfalse default-value test-value)
function trueorfalse() {
local default=$1
local testval=$2
[[ -z "$testval" ]] && { echo "$default"; return; }
- [[ "0 no false False FALSE" =~ "$testval" ]] && { echo "False"; return; }
- [[ "1 yes true True TRUE" =~ "$testval" ]] && { echo "True"; return; }
+ [[ "0 no No NO false False FALSE" =~ "$testval" ]] && { echo "False"; return; }
+ [[ "1 yes Yes YES true True TRUE" =~ "$testval" ]] && { echo "True"; return; }
echo "$default"
}
@@ -1316,7 +1335,7 @@
vmdk_net_adapter="${props[2]}"
fi
- glance --os-auth-token $token --os-image-url http://$GLANCE_HOSTPORT image-create --name "$IMAGE_NAME" --is-public=True --container-format bare --disk-format vmdk --property vmware-disktype="$vmdk_disktype" --property vmware_adaptertype="$vmdk_adapter_type" --property hw_vif_model="$vmdk_net_adapter" < "${IMAGE}"
+ glance --os-auth-token $token --os-image-url http://$GLANCE_HOSTPORT image-create --name "$IMAGE_NAME" --is-public=True --container-format bare --disk-format vmdk --property vmware_disktype="$vmdk_disktype" --property vmware_adaptertype="$vmdk_adapter_type" --property hw_vif_model="$vmdk_net_adapter" < "${IMAGE}"
return
fi
@@ -1465,7 +1484,7 @@
function wait_for_service() {
local timeout=$1
local url=$2
- timeout $timeout sh -c "while ! http_proxy= https_proxy= curl -s $url >/dev/null; do sleep 1; done"
+ timeout $timeout sh -c "while ! curl --noproxy '*' -s $url >/dev/null; do sleep 1; done"
}
@@ -1735,6 +1754,25 @@
}
+# This function sets log formatting options for colorizing log
+# output to stdout. It is meant to be called by lib modules.
+# The last two parameters are optional and can be used to specify
+# non-default value for project and user format variables.
+# Defaults are respectively 'project_name' and 'user_name'
+#
+# setup_colorized_logging something.conf SOMESECTION
+function setup_colorized_logging() {
+ local conf_file=$1
+ local conf_section=$2
+ local project_var=${3:-"project_name"}
+ local user_var=${4:-"user_name"}
+ # Add color to logging output
+ iniset $conf_file $conf_section logging_context_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [�[01;36m%(request_id)s �[00;36m%("$user_var")s %("$project_var")s%(color)s] �[01;35m%(instance)s%(color)s%(message)s�[00m"
+ iniset $conf_file $conf_section logging_default_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [�[00;36m-%(color)s] �[01;35m%(instance)s%(color)s%(message)s�[00m"
+ iniset $conf_file $conf_section logging_debug_format_suffix "�[00;33mfrom (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d�[00m"
+ iniset $conf_file $conf_section logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s �[01;35m%(instance)s�[00m"
+}
+
# Restore xtrace
$XTRACE
diff --git a/lib/apache b/lib/apache
index d811f87..3a1f6f1 100644
--- a/lib/apache
+++ b/lib/apache
@@ -6,6 +6,8 @@
# is_apache_enabled_service
# install_apache_wsgi
# config_apache_wsgi
+# enable_apache_site
+# disable_apache_site
# start_apache_server
# stop_apache_server
# restart_apache_server
@@ -57,16 +59,41 @@
if is_ubuntu; then
# Install apache2, which is NOPRIME'd
install_package apache2 libapache2-mod-wsgi
+ # WSGI isn't enabled by default, enable it
+ sudo a2enmod wsgi
elif is_fedora; then
sudo rm -f /etc/httpd/conf.d/000-*
install_package httpd mod_wsgi
elif is_suse; then
install_package apache2 apache2-mod_wsgi
+ # WSGI isn't enabled by default, enable it
+ sudo a2enmod wsgi
else
exit_distro_not_supported "apache installation"
fi
}
+# enable_apache_site() - Enable a particular apache site
+function enable_apache_site() {
+ local site=$@
+ if is_ubuntu; then
+ sudo a2ensite ${site}
+ elif is_fedora; then
+ # fedora conf.d is only imported if it ends with .conf so this is approx the same
+ sudo mv /etc/$APACHE_NAME/$APACHE_CONF_DIR/${site} /etc/$APACHE_NAME/$APACHE_CONF_DIR/${site}.conf
+ fi
+}
+
+# disable_apache_site() - Disable a particular apache site
+function disable_apache_site() {
+ local site=$@
+ if is_ubuntu; then
+ sudo a2dissite ${site}
+ elif is_fedora; then
+ sudo mv /etc/$APACHE_NAME/$APACHE_CONF_DIR/${site}.conf /etc/$APACHE_NAME/$APACHE_CONF_DIR/${site}
+ fi
+}
+
# start_apache_server() - Start running apache server
function start_apache_server() {
start_service $APACHE_NAME
diff --git a/lib/ceilometer b/lib/ceilometer
index 2afbc88..1b04319 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -5,7 +5,7 @@
# enable_service ceilometer-acompute ceilometer-acentral ceilometer-collector ceilometer-api
#
# To ensure Ceilometer alarming services are enabled also, further add to the localrc:
-# enable_service ceilometer-alarm-notifier ceilometer-alarm-singleton
+# enable_service ceilometer-alarm-notifier ceilometer-alarm-evaluator
# Dependencies:
# - functions
@@ -139,13 +139,13 @@
screen_it ceilometer-collector "ceilometer-collector --config-file $CEILOMETER_CONF"
screen_it ceilometer-api "ceilometer-api -d -v --log-dir=$CEILOMETER_API_LOG_DIR --config-file $CEILOMETER_CONF"
screen_it ceilometer-alarm-notifier "ceilometer-alarm-notifier --config-file $CEILOMETER_CONF"
- screen_it ceilometer-alarm-singleton "ceilometer-alarm-singleton --config-file $CEILOMETER_CONF"
+ screen_it ceilometer-alarm-evaluator "ceilometer-alarm-evaluator --config-file $CEILOMETER_CONF"
}
# stop_ceilometer() - Stop running processes
function stop_ceilometer() {
# Kill the ceilometer screen windows
- for serv in ceilometer-acompute ceilometer-acentral ceilometer-collector ceilometer-api ceilometer-alarm-notifier ceilometer-alarm-singleton; do
+ for serv in ceilometer-acompute ceilometer-acentral ceilometer-collector ceilometer-api ceilometer-alarm-notifier ceilometer-alarm-evaluator; do
screen -S $SCREEN_NAME -p $serv -X kill
done
}
diff --git a/lib/cinder b/lib/cinder
index 7f1544b..ccf38b4 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -255,12 +255,9 @@
iniset $CINDER_CONF DEFAULT volume_clear none
fi
+ # Format logging
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
- # Add color to logging output
- iniset $CINDER_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [�[01;36m%(request_id)s �[00;36m%(user_id)s %(project_id)s%(color)s] �[01;35m%(instance)s%(color)s%(message)s�[00m"
- iniset $CINDER_CONF DEFAULT logging_default_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [�[00;36m-%(color)s] �[01;35m%(instance)s%(color)s%(message)s�[00m"
- iniset $CINDER_CONF DEFAULT logging_debug_format_suffix "�[00;33mfrom (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d�[00m"
- iniset $CINDER_CONF DEFAULT logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s �[01;35m%(instance)s�[00m"
+ setup_colorized_logging $CINDER_CONF DEFAULT "project_id" "user_id"
fi
if [ "$CINDER_DRIVER" == "XenAPINFS" ]; then
@@ -499,6 +496,8 @@
# name, and would need to be adjusted too
exit_distro_not_supported "restarting tgt"
fi
+ # NOTE(gfidente): ensure tgtd is running in debug mode
+ sudo tgtadm --mode system --op update --name debug --value on
fi
screen_it c-api "cd $CINDER_DIR && $CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF"
diff --git a/lib/database b/lib/database
index 442ed56..3c15609 100644
--- a/lib/database
+++ b/lib/database
@@ -64,7 +64,7 @@
# For backward-compatibility, read in the MYSQL_HOST/USER variables and use
# them as the default values for the DATABASE_HOST/USER variables.
- MYSQL_HOST=${MYSQL_HOST:-localhost}
+ MYSQL_HOST=${MYSQL_HOST:-127.0.0.1}
MYSQL_USER=${MYSQL_USER:-root}
DATABASE_HOST=${DATABASE_HOST:-${MYSQL_HOST}}
diff --git a/lib/glance b/lib/glance
index 7e69682..c6f11d0 100644
--- a/lib/glance
+++ b/lib/glance
@@ -193,7 +193,7 @@
screen_it g-reg "cd $GLANCE_DIR; $GLANCE_BIN_DIR/glance-registry --config-file=$GLANCE_CONF_DIR/glance-registry.conf"
screen_it g-api "cd $GLANCE_DIR; $GLANCE_BIN_DIR/glance-api --config-file=$GLANCE_CONF_DIR/glance-api.conf"
echo "Waiting for g-api ($GLANCE_HOSTPORT) to start..."
- if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://$GLANCE_HOSTPORT; do sleep 1; done"; then
+ if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$GLANCE_HOSTPORT; do sleep 1; done"; then
die $LINENO "g-api did not start"
fi
}
diff --git a/lib/heat b/lib/heat
index afa0eeb..ff9473e 100644
--- a/lib/heat
+++ b/lib/heat
@@ -86,10 +86,7 @@
iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
# Add color to logging output
- iniset $HEAT_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [�[01;36m%(request_id)s �[00;36m%(user_name)s %(project_name)s%(color)s] �[01;35m%(instance)s%(color)s%(message)s�[00m"
- iniset $HEAT_CONF DEFAULT logging_default_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [�[00;36m-%(color)s] �[01;35m%(instance)s%(color)s%(message)s�[00m"
- iniset $HEAT_CONF DEFAULT logging_debug_format_suffix "�[00;33mfrom (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d�[00m"
- iniset $HEAT_CONF DEFAULT logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s �[01;35m%(instance)s�[00m"
+ setup_colorized_logging $HEAT_CONF DEFAULT
fi
# keystone authtoken
diff --git a/lib/horizon b/lib/horizon
index e55bc15..63caf3c 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -123,8 +123,6 @@
# Be a good citizen and use the distro tools here
sudo touch $horizon_conf
sudo a2ensite horizon.conf
- # WSGI isn't enabled by default, enable it
- sudo a2enmod wsgi
elif is_fedora; then
if [[ "$os_RELEASE" -ge "18" ]]; then
# fedora 18 has Require all denied in its httpd.conf
@@ -133,10 +131,9 @@
fi
sudo sed '/^Listen/s/^.*$/Listen 0.0.0.0:80/' -i /etc/httpd/conf/httpd.conf
elif is_suse; then
- # WSGI isn't enabled by default, enable it
- sudo a2enmod wsgi
+ : # nothing to do
else
- exit_distro_not_supported "apache configuration"
+ exit_distro_not_supported "horizon apache configuration"
fi
# Remove old log files that could mess with how devstack detects whether Horizon
diff --git a/lib/ironic b/lib/ironic
index 2ce5038..f3b4a72 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -148,9 +148,9 @@
keystone endpoint-create \
--region RegionOne \
--service_id $IRONIC_SERVICE \
- --publicurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1/" \
- --adminurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1/" \
- --internalurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT/v1/"
+ --publicurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
+ --adminurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \
+ --internalurl "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT"
fi
fi
}
@@ -194,7 +194,7 @@
function start_ironic_api() {
screen_it ir-api "cd $IRONIC_DIR; $IRONIC_BIN_DIR/ironic-api --config-file=$IRONIC_CONF_FILE"
echo "Waiting for ir-api ($IRONIC_HOSTPORT) to start..."
- if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://$IRONIC_HOSTPORT; do sleep 1; done"; then
+ if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$IRONIC_HOSTPORT; do sleep 1; done"; then
die $LINENO "ir-api did not start"
fi
}
diff --git a/lib/keystone b/lib/keystone
index 3642904..c93a436 100755
--- a/lib/keystone
+++ b/lib/keystone
@@ -14,11 +14,13 @@
#
# install_keystone
# configure_keystone
+# _config_keystone_apache_wsgi
# init_keystone
# start_keystone
# create_keystone_accounts
# stop_keystone
# cleanup_keystone
+# _cleanup_keystone_apache_wsgi
# Save trace setting
XTRACE=$(set +o | grep xtrace)
@@ -34,6 +36,7 @@
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
+KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/var/www/keystone}
KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
@@ -86,6 +89,33 @@
:
}
+# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
+function _cleanup_keystone_apache_wsgi() {
+ sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi
+ disable_apache_site keystone
+ sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
+}
+
+# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
+function _config_keystone_apache_wsgi() {
+ sudo mkdir -p $KEYSTONE_WSGI_DIR
+
+ # copy proxy vhost and wsgi file
+ sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/main
+ sudo cp $KEYSTONE_DIR/httpd/keystone.py $KEYSTONE_WSGI_DIR/admin
+
+ sudo cp $FILES/apache-keystone.template /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
+ sudo sed -e "
+ s|%PUBLICPORT%|$KEYSTONE_SERVICE_PORT|g;
+ s|%ADMINPORT%|$KEYSTONE_AUTH_PORT|g;
+ s|%APACHE_NAME%|$APACHE_NAME|g;
+ s|%PUBLICWSGI%|$KEYSTONE_WSGI_DIR/main|g;
+ s|%ADMINWSGI%|$KEYSTONE_WSGI_DIR/admin|g;
+ s|%USER%|$STACK_USER|g
+ " -i /etc/$APACHE_NAME/$APACHE_CONF_DIR/keystone
+ enable_apache_site keystone
+}
+
# configure_keystone() - Set config files, create data dirs, etc
function configure_keystone() {
if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
@@ -115,7 +145,7 @@
iniset $KEYSTONE_CONF ldap user "dc=Manager,dc=openstack,dc=org"
iniset $KEYSTONE_CONF ldap suffix "dc=openstack,dc=org"
iniset $KEYSTONE_CONF ldap use_dumb_member "True"
- iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,tenantId"
+ iniset $KEYSTONE_CONF ldap user_attribute_ignore "enabled,email,tenants,default_project_id"
iniset $KEYSTONE_CONF ldap tenant_attribute_ignore "enabled"
iniset $KEYSTONE_CONF ldap tenant_domain_id_attribute "businessCategory"
iniset $KEYSTONE_CONF ldap tenant_desc_attribute "description"
@@ -204,6 +234,10 @@
cp $KEYSTONE_DIR/etc/logging.conf.sample $KEYSTONE_CONF_DIR/logging.conf
iniset $KEYSTONE_CONF_DIR/logging.conf logger_root level "DEBUG"
iniset $KEYSTONE_CONF_DIR/logging.conf logger_root handlers "devel,production"
+
+ if is_apache_enabled_service key; then
+ _config_keystone_apache_wsgi
+ fi
}
# create_keystone_accounts() - Sets up common required keystone accounts
@@ -316,6 +350,9 @@
fi
git_clone $KEYSTONE_REPO $KEYSTONE_DIR $KEYSTONE_BRANCH
setup_develop $KEYSTONE_DIR
+ if is_apache_enabled_service key; then
+ install_apache_wsgi
+ fi
}
# start_keystone() - Start running processes, including screen
@@ -326,10 +363,16 @@
service_port=$KEYSTONE_SERVICE_PORT_INT
fi
- # Start Keystone in a screen window
- screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
+ if is_apache_enabled_service key; then
+ restart_apache_server
+ screen_it key "cd $KEYSTONE_DIR && sudo tail -f /var/log/$APACHE_NAME/keystone"
+ else
+ # Start Keystone in a screen window
+ screen_it key "cd $KEYSTONE_DIR && $KEYSTONE_DIR/bin/keystone-all --config-file $KEYSTONE_CONF $KEYSTONE_LOG_CONFIG -d --debug"
+ fi
+
echo "Waiting for keystone to start..."
- if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= curl -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then
+ if ! timeout $SERVICE_TIMEOUT sh -c "while ! curl --noproxy '*' -s http://$SERVICE_HOST:$service_port/v$IDENTITY_API_VERSION/ >/dev/null; do sleep 1; done"; then
die $LINENO "keystone did not start"
fi
diff --git a/lib/ldap b/lib/ldap
index 89b31b2..2a24ccd 100644
--- a/lib/ldap
+++ b/lib/ldap
@@ -8,6 +8,7 @@
XTRACE=$(set +o | grep xtrace)
set +o xtrace
+LDAP_SERVICE_NAME=slapd
# Functions
# ---------
@@ -24,10 +25,19 @@
LDAP_ROOTPW_COMMAND=replace
sudo DEBIAN_FRONTEND=noninteractive apt-get install slapd ldap-utils
#automatically starts LDAP on ubuntu so no need to call start_ldap
- elif is_fedora || is_suse; then
+ elif is_fedora; then
LDAP_OLCDB_NUMBER=2
LDAP_ROOTPW_COMMAND=add
start_ldap
+ elif is_suse; then
+ LDAP_OLCDB_NUMBER=1
+ LDAP_ROOTPW_COMMAND=add
+ LDAP_SERVICE_NAME=ldap
+ # SUSE has slappasswd in /usr/sbin/
+ PATH=$PATH:/usr/sbin/
+ sudo slapadd -F /etc/openldap/slapd.d/ -bcn=config -l $FILES/ldap/base-config.ldif
+ sudo sed -i '/^OPENLDAP_START_LDAPI=/s/"no"/"yes"/g' /etc/sysconfig/openldap
+ start_ldap
fi
printf "generate password file"
@@ -42,7 +52,7 @@
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $TMP_MGR_DIFF_FILE
# On fedora we need to manually add cosine and inetorgperson schemas
- if is_fedora; then
+ if is_fedora || is_suse; then
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
fi
@@ -64,13 +74,13 @@
# start_ldap() - Start LDAP
function start_ldap() {
- sudo service slapd restart
+ sudo service $LDAP_SERVICE_NAME restart
}
# stop_ldap() - Stop LDAP
function stop_ldap() {
- sudo service slapd stop
+ sudo service $LDAP_SERVICE_NAME stop
}
# clear_ldap_state() - Clear LDAP State
diff --git a/lib/neutron b/lib/neutron
index 5664ff2..778717d 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -88,7 +88,7 @@
export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"}
# Default Neutron Plugin
-Q_PLUGIN=${Q_PLUGIN:-openvswitch}
+Q_PLUGIN=${Q_PLUGIN:-ml2}
# Default Neutron Port
Q_PORT=${Q_PORT:-9696}
# Default Neutron Host
@@ -419,7 +419,7 @@
# Start the Neutron service
screen_it q-svc "cd $NEUTRON_DIR && python $NEUTRON_BIN_DIR/neutron-server $CFG_FILE_OPTIONS"
echo "Waiting for Neutron to start..."
- if ! timeout $SERVICE_TIMEOUT sh -c "while ! http_proxy= wget -q -O- http://$Q_HOST:$Q_PORT; do sleep 1; done"; then
+ if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- http://$Q_HOST:$Q_PORT; do sleep 1; done"; then
die $LINENO "Neutron did not start"
fi
}
@@ -534,6 +534,11 @@
iniset $NEUTRON_CONF quotas quota_security_group_rule -1
fi
+ # Format logging
+ if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
+ setup_colorized_logging $NEUTRON_CONF DEFAULT
+ fi
+
_neutron_setup_rootwrap
}
diff --git a/lib/neutron_plugins/midonet b/lib/neutron_plugins/midonet
index 0ad760b..193055f 100644
--- a/lib/neutron_plugins/midonet
+++ b/lib/neutron_plugins/midonet
@@ -12,7 +12,7 @@
}
function neutron_plugin_create_nova_conf() {
- NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"midonet.nova.virt.libvirt.vif.MidonetVifDriver"}
+ NOVA_VIF_DRIVER=${NOVA_VIF_DRIVER:-"nova.virt.libvirt.vif.LibvirtGenericVIFDriver"}
}
function neutron_plugin_install_agent_packages() {
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index 71a0638..8d2e303 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -30,6 +30,9 @@
# Default VLAN TypeDriver options
Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS=${Q_ML2_PLUGIN_VLAN_TYPE_OPTIONS:-}
+# L3 Plugin to load for ML2
+ML2_L3_PLUGIN=${ML2_L3_PLUGIN:-neutron.services.l3_router.l3_router_plugin.L3RouterPlugin}
+
function populate_ml2_config() {
OPTS=$1
CONF=$2
@@ -48,13 +51,11 @@
Q_PLUGIN_CLASS="neutron.plugins.ml2.plugin.Ml2Plugin"
# The ML2 plugin delegates L3 routing/NAT functionality to
# the L3 service plugin which must therefore be specified.
- Q_L3_PLUGIN_CLASS=${Q_L3_PLUGIN_CLASS:-"neutron.services.l3_router.l3_router_plugin.L3RouterPlugin"}
- if ini_has_option $NEUTRON_CONF DEFAULT service_plugins ; then
- srv_plugins=$(iniget $NEUTRON_CONF DEFAULT service_plugins)","$Q_L3_PLUGIN_CLASS
+ if [[ $Q_SERVICE_PLUGIN_CLASSES == '' ]]; then
+ Q_SERVICE_PLUGIN_CLASSES=$ML2_L3_PLUGIN
else
- srv_plugins=$Q_L3_PLUGIN_CLASS
+ Q_SERVICE_PLUGIN_CLASSES="$Q_SERVICE_PLUGIN_CLASSES,$ML2_L3_PLUGIN"
fi
- iniset $NEUTRON_CONF DEFAULT service_plugins $srv_plugins
}
function neutron_plugin_configure_service() {
diff --git a/lib/neutron_plugins/nicira b/lib/neutron_plugins/nicira
index e9deb64..ca89d57 100644
--- a/lib/neutron_plugins/nicira
+++ b/lib/neutron_plugins/nicira
@@ -119,6 +119,16 @@
if [[ "$NVP_REDIRECTS" != "" ]]; then
iniset /$Q_PLUGIN_CONF_FILE DEFAULT redirects $NVP_REDIRECTS
fi
+ if [[ "$AGENT_MODE" != "" ]]; then
+ iniset /$Q_PLUGIN_CONF_FILE nvp agent_mode $AGENT_MODE
+ if [[ "$AGENT_MODE" == "agentless" ]]; then
+ if [[ "$DEFAULT_SERVICE_CLUSTER_UUID" != "" ]]; then
+ iniset /$Q_PLUGIN_CONF_FILE DEFAULT default_service_cluster_uuid $DEFAULT_SERVICE_CLUSTER_UUID
+ else
+ die $LINENO "Agentless mode requires a service cluster."
+ fi
+ fi
+ fi
}
function neutron_plugin_setup_interface_driver() {
diff --git a/lib/nova b/lib/nova
index b058bd3..4c55207 100644
--- a/lib/nova
+++ b/lib/nova
@@ -491,12 +491,9 @@
if [ "$API_RATE_LIMIT" != "True" ]; then
iniset $NOVA_CONF DEFAULT api_rate_limit "False"
fi
+ # Format logging
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
- # Add color to logging output
- iniset $NOVA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [�[01;36m%(request_id)s �[00;36m%(user_name)s %(project_name)s%(color)s] �[01;35m%(instance)s%(color)s%(message)s�[00m"
- iniset $NOVA_CONF DEFAULT logging_default_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [�[00;36m-%(color)s] �[01;35m%(instance)s%(color)s%(message)s�[00m"
- iniset $NOVA_CONF DEFAULT logging_debug_format_suffix "�[00;33mfrom (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d�[00m"
- iniset $NOVA_CONF DEFAULT logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s �[01;35m%(instance)s�[00m"
+ setup_colorized_logging $NOVA_CONF DEFAULT
else
# Show user_name and project_name instead of user_id and project_id
iniset $NOVA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
@@ -505,6 +502,7 @@
iniset $NOVA_CONF DEFAULT instance_usage_audit "True"
iniset $NOVA_CONF DEFAULT instance_usage_audit_period "hour"
iniset $NOVA_CONF DEFAULT notify_on_state_change "vm_and_task_state"
+ iniset $NOVA_CONF DEFAULT notification_driver "nova.openstack.common.notifier.rpc_notifier"
fi
# Provide some transition from ``EXTRA_FLAGS`` to ``EXTRA_OPTS``
diff --git a/lib/nova_plugins/hypervisor-fake b/lib/nova_plugins/hypervisor-fake
new file mode 100644
index 0000000..fe0d190
--- /dev/null
+++ b/lib/nova_plugins/hypervisor-fake
@@ -0,0 +1,77 @@
+# lib/nova_plugins/hypervisor-fake
+# Configure the fake hypervisor
+
+# Enable with:
+# VIRT_DRIVER=fake
+
+# Dependencies:
+# ``functions`` file
+# ``nova`` configuration
+
+# install_nova_hypervisor - install any external requirements
+# configure_nova_hypervisor - make configuration changes, including those to other services
+# start_nova_hypervisor - start any external services
+# stop_nova_hypervisor - stop any external services
+# cleanup_nova_hypervisor - remove transient data and cache
+
+# Save trace setting
+MY_XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Defaults
+# --------
+
+
+# Entry Points
+# ------------
+
+# clean_nova_hypervisor - Clean up an installation
+function cleanup_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# configure_nova_hypervisor - Set config files, create data dirs, etc
+function configure_nova_hypervisor() {
+ iniset $NOVA_CONF DEFAULT compute_driver "nova.virt.fake.FakeDriver"
+ # Disable arbitrary limits
+ iniset $NOVA_CONF DEFAULT quota_instances -1
+ iniset $NOVA_CONF DEFAULT quota_cores -1
+ iniset $NOVA_CONF DEFAULT quota_ram -1
+ iniset $NOVA_CONF DEFAULT quota_floating_ips -1
+ iniset $NOVA_CONF DEFAULT quota_fixed_ips -1
+ iniset $NOVA_CONF DEFAULT quota_metadata_items -1
+ iniset $NOVA_CONF DEFAULT quota_injected_files -1
+ iniset $NOVA_CONF DEFAULT quota_injected_file_path_bytes -1
+ iniset $NOVA_CONF DEFAULT quota_security_groups -1
+ iniset $NOVA_CONF DEFAULT quota_security_group_rules -1
+ iniset $NOVA_CONF DEFAULT quota_key_pairs -1
+ iniset $NOVA_CONF DEFAULT scheduler_default_filters "RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter"
+}
+
+# install_nova_hypervisor() - Install external components
+function install_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# start_nova_hypervisor - Start any required external services
+function start_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# stop_nova_hypervisor - Stop any external services
+function stop_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+
+# Restore xtrace
+$MY_XTRACE
+
+# Local variables:
+# mode: shell-script
+# End:
diff --git a/lib/nova_plugins/hypervisor-vsphere b/lib/nova_plugins/hypervisor-vsphere
new file mode 100644
index 0000000..1666246
--- /dev/null
+++ b/lib/nova_plugins/hypervisor-vsphere
@@ -0,0 +1,72 @@
+# lib/nova_plugins/hypervisor-vsphere
+# Configure the vSphere hypervisor
+
+# Enable with:
+# VIRT_DRIVER=vsphere
+
+# Dependencies:
+# ``functions`` file
+# ``nova`` configuration
+
+# install_nova_hypervisor - install any external requirements
+# configure_nova_hypervisor - make configuration changes, including those to other services
+# start_nova_hypervisor - start any external services
+# stop_nova_hypervisor - stop any external services
+# cleanup_nova_hypervisor - remove transient data and cache
+
+# Save trace setting
+MY_XTRACE=$(set +o | grep xtrace)
+set +o xtrace
+
+
+# Defaults
+# --------
+
+
+# Entry Points
+# ------------
+
+# clean_nova_hypervisor - Clean up an installation
+function cleanup_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# configure_nova_hypervisor - Set config files, create data dirs, etc
+function configure_nova_hypervisor() {
+ iniset $NOVA_CONF DEFAULT compute_driver "vmwareapi.VMwareVCDriver"
+ VMWAREAPI_USER=${VMWAREAPI_USER:-"root"}
+ iniset $NOVA_CONF vmware host_ip "$VMWAREAPI_IP"
+ iniset $NOVA_CONF vmware host_username "$VMWAREAPI_USER"
+ iniset $NOVA_CONF vmware host_password "$VMWAREAPI_PASSWORD"
+ iniset $NOVA_CONF vmware cluster_name "$VMWAREAPI_CLUSTER"
+ if is_service_enabled neutron; then
+ iniset $NOVA_CONF vmware integration_bridge $OVS_BRIDGE
+ fi
+}
+
+# install_nova_hypervisor() - Install external components
+function install_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# start_nova_hypervisor - Start any required external services
+function start_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+# stop_nova_hypervisor - Stop any external services
+function stop_nova_hypervisor() {
+ # This function intentionally left blank
+ :
+}
+
+
+# Restore xtrace
+$MY_XTRACE
+
+# Local variables:
+# mode: shell-script
+# End:
diff --git a/lib/swift b/lib/swift
index 8741e55..c0dec97 100644
--- a/lib/swift
+++ b/lib/swift
@@ -67,6 +67,10 @@
# Default is ``staticweb, tempurl, formpost``
SWIFT_EXTRAS_MIDDLEWARE=${SWIFT_EXTRAS_MIDDLEWARE:-tempurl formpost staticweb}
+# Set ``SWIFT_EXTRAS_MIDDLEWARE_LAST`` to extras middlewares that need to be at
+# the end of the pipeline.
+SWIFT_EXTRAS_MIDDLEWARE_LAST=${SWIFT_EXTRAS_MIDDLEWARE_LAST}
+
# The ring uses a configurable number of bits from a path’s MD5 hash as
# a partition index that designates a device. The number of bits kept
# from the hash is known as the partition power, and 2 to the partition
@@ -115,11 +119,11 @@
# _cleanup_swift_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
function _cleanup_swift_apache_wsgi() {
sudo rm -f $SWIFT_APACHE_WSGI_DIR/*.wsgi
- ! is_fedora && sudo a2dissite proxy-server
+ disable_apache_site proxy-server
for node_number in ${SWIFT_REPLICAS_SEQ}; do
for type in object container account; do
site_name=${type}-server-${node_number}
- ! is_fedora && sudo a2dissite ${site_name}
+ disable_apache_site ${site_name}
sudo rm -f /etc/$APACHE_NAME/$APACHE_CONF_DIR/${site_name}
done
done
@@ -140,13 +144,13 @@
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
" -i ${apache_vhost_dir}/proxy-server
+ enable_apache_site proxy-server
sudo cp ${SWIFT_DIR}/examples/wsgi/proxy-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/proxy-server.wsgi
sudo sed -e "
/^#/d;/^$/d;
s/%SERVICECONF%/proxy-server.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/proxy-server.wsgi
- ! is_fedora && sudo a2ensite proxy-server
# copy apache vhost file and set name and port
for node_number in ${SWIFT_REPLICAS_SEQ}; do
@@ -161,7 +165,7 @@
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
" -i ${apache_vhost_dir}/object-server-${node_number}
- ! is_fedora && sudo a2ensite object-server-${node_number}
+ enable_apache_site object-server-${node_number}
sudo cp ${SWIFT_DIR}/examples/wsgi/object-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/object-server-${node_number}.wsgi
sudo sed -e "
@@ -177,7 +181,7 @@
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
" -i ${apache_vhost_dir}/container-server-${node_number}
- ! is_fedora && sudo a2ensite container-server-${node_number}
+ enable_apache_site container-server-${node_number}
sudo cp ${SWIFT_DIR}/examples/wsgi/container-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/container-server-${node_number}.wsgi
sudo sed -e "
@@ -193,18 +197,14 @@
s/%APACHE_NAME%/${APACHE_NAME}/g;
s/%USER%/${STACK_USER}/g;
" -i ${apache_vhost_dir}/account-server-${node_number}
- ! is_fedora && sudo a2ensite account-server-${node_number}
+ enable_apache_site account-server-${node_number}
sudo cp ${SWIFT_DIR}/examples/wsgi/account-server.wsgi.template ${SWIFT_APACHE_WSGI_DIR}/account-server-${node_number}.wsgi
sudo sed -e "
/^#/d;/^$/d;
s/%SERVICECONF%/account-server\/${node_number}.conf/g;
" -i ${SWIFT_APACHE_WSGI_DIR}/account-server-${node_number}.wsgi
-
done
-
- # WSGI isn't enabled by default, enable it
- ! is_fedora && sudo a2enmod wsgi
}
# configure_swift() - Set config files, create data dirs and loop image
@@ -259,6 +259,12 @@
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT bind_port ${SWIFT_DEFAULT_BIND_PORT:-8080}
+ # Configure Ceilometer
+ if is_service_enabled ceilometer; then
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer use "egg:ceilometer#swift"
+ SWIFT_EXTRAS_MIDDLEWARE_LAST="${SWIFT_EXTRAS_MIDDLEWARE_LAST} ceilometer"
+ fi
+
# By default Swift will be installed with keystone and tempauth middleware
# and add the swift3 middleware if its configured for it. The token for
# tempauth would be prefixed with the reseller_prefix setting TEMPAUTH_ the
@@ -268,6 +274,7 @@
fi
swift_pipeline+=" authtoken keystoneauth tempauth "
sed -i "/^pipeline/ { s/tempauth/${swift_pipeline} ${SWIFT_EXTRAS_MIDDLEWARE}/ ;}" ${SWIFT_CONFIG_PROXY_SERVER}
+ sed -i "/^pipeline/ { s/proxy-server/${SWIFT_EXTRAS_MIDDLEWARE_LAST} proxy-server/ ; }" ${SWIFT_CONFIG_PROXY_SERVER}
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} filter:tempauth account_autocreate
iniset ${SWIFT_CONFIG_PROXY_SERVER} app:proxy-server account_autocreate true
diff --git a/stack.sh b/stack.sh
index 7bb4b59..8350c03 100755
--- a/stack.sh
+++ b/stack.sh
@@ -172,67 +172,37 @@
# -----------
# OpenStack is designed to be run as a non-root user; Horizon will fail to run
-# as **root** since Apache will not serve content from **root** user). If
-# ``stack.sh`` is run as **root**, it automatically creates a **stack** user with
-# sudo privileges and runs as that user.
+# as **root** since Apache will not serve content from **root** user).
+# ``stack.sh`` must not be run as **root**. It aborts and suggests one course of
+# action to create a suitable user account.
if [[ $EUID -eq 0 ]]; then
- ROOTSLEEP=${ROOTSLEEP:-10}
echo "You are running this script as root."
- echo "In $ROOTSLEEP seconds, we will create a user '$STACK_USER' and run as that user"
- sleep $ROOTSLEEP
-
- # Give the non-root user the ability to run as **root** via ``sudo``
- is_package_installed sudo || install_package sudo
- if ! getent group $STACK_USER >/dev/null; then
- echo "Creating a group called $STACK_USER"
- groupadd $STACK_USER
- fi
- if ! getent passwd $STACK_USER >/dev/null; then
- echo "Creating a user called $STACK_USER"
- useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
- fi
-
- echo "Giving stack user passwordless sudo privileges"
- # UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
- grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
- echo "#includedir /etc/sudoers.d" >> /etc/sudoers
- ( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
- > /etc/sudoers.d/50_stack_sh )
-
- echo "Copying files to $STACK_USER user"
- STACK_DIR="$DEST/${TOP_DIR##*/}"
- cp -r -f -T "$TOP_DIR" "$STACK_DIR"
- safe_chown -R $STACK_USER "$STACK_DIR"
- cd "$STACK_DIR"
- if [[ "$SHELL_AFTER_RUN" != "no" ]]; then
- exec sudo -u $STACK_USER bash -l -c "set -e; bash stack.sh; bash"
- else
- exec sudo -u $STACK_USER bash -l -c "set -e; source stack.sh"
- fi
+ echo "Cut it out."
+ echo "Really."
+ echo "If you need an account to run DevStack, do this (as root, heh) to create $STACK_USER:"
+ echo "$TOP_DIR/tools/create-stack-user.sh"
exit 1
-else
- # We're not **root**, make sure ``sudo`` is available
- is_package_installed sudo || die "Sudo is required. Re-run stack.sh as root ONE TIME ONLY to set up sudo."
-
- # UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
- sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
- echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers
-
- # Set up devstack sudoers
- TEMPFILE=`mktemp`
- echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
- # Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
- # see them by forcing PATH
- echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
- chmod 0440 $TEMPFILE
- sudo chown root:root $TEMPFILE
- sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
-
- # Remove old file
- sudo rm -f /etc/sudoers.d/stack_sh_nova
fi
+# We're not **root**, make sure ``sudo`` is available
+is_package_installed sudo || install_package sudo
+
+# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
+sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
+ echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers
+
+# Set up devstack sudoers
+TEMPFILE=`mktemp`
+echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
+# Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
+# see them by forcing PATH
+echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
+chmod 0440 $TEMPFILE
+sudo chown root:root $TEMPFILE
+sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
+
+
# Create the destination directory and ensure it is writable by the user
# and read/executable by everybody for daemons (e.g. apache run for horizon)
sudo mkdir -p $DEST
@@ -518,7 +488,7 @@
# Set fd 1 and 2 to primary logfile
exec 1> "${LOGFILE}" 2>&1
# Set fd 6 to summary logfile and stdout
- exec 6> >( tee "${SUMFILE}" /dev/fd/3 )
+ exec 6> >( tee "${SUMFILE}" >&3 )
fi
echo_summary "stack.sh log $LOGFILE"
@@ -1070,42 +1040,6 @@
iniset $NOVA_CONF DEFAULT powervm_img_local_path $POWERVM_IMG_LOCAL_PATH
- # vSphere API
- # -----------
-
- elif [ "$VIRT_DRIVER" = 'vsphere' ]; then
- echo_summary "Using VMware vCenter driver"
- iniset $NOVA_CONF DEFAULT compute_driver "vmwareapi.VMwareVCDriver"
- VMWAREAPI_USER=${VMWAREAPI_USER:-"root"}
- iniset $NOVA_CONF vmware host_ip "$VMWAREAPI_IP"
- iniset $NOVA_CONF vmware host_username "$VMWAREAPI_USER"
- iniset $NOVA_CONF vmware host_password "$VMWAREAPI_PASSWORD"
- iniset $NOVA_CONF vmware cluster_name "$VMWAREAPI_CLUSTER"
- if is_service_enabled neutron; then
- iniset $NOVA_CONF vmware integration_bridge $OVS_BRIDGE
- fi
-
- # fake
- # ----
-
- elif [ "$VIRT_DRIVER" = 'fake' ]; then
- echo_summary "Using fake Virt driver"
- iniset $NOVA_CONF DEFAULT compute_driver "nova.virt.fake.FakeDriver"
- # Disable arbitrary limits
- iniset $NOVA_CONF DEFAULT quota_instances -1
- iniset $NOVA_CONF DEFAULT quota_cores -1
- iniset $NOVA_CONF DEFAULT quota_ram -1
- iniset $NOVA_CONF DEFAULT quota_floating_ips -1
- iniset $NOVA_CONF DEFAULT quota_fixed_ips -1
- iniset $NOVA_CONF DEFAULT quota_metadata_items -1
- iniset $NOVA_CONF DEFAULT quota_injected_files -1
- iniset $NOVA_CONF DEFAULT quota_injected_file_path_bytes -1
- iniset $NOVA_CONF DEFAULT quota_security_groups -1
- iniset $NOVA_CONF DEFAULT quota_security_group_rules -1
- iniset $NOVA_CONF DEFAULT quota_key_pairs -1
- iniset $NOVA_CONF DEFAULT scheduler_default_filters "RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter"
-
-
# Default libvirt
# ---------------
diff --git a/tools/create-stack-user.sh b/tools/create-stack-user.sh
new file mode 100644
index 0000000..2251d1e
--- /dev/null
+++ b/tools/create-stack-user.sh
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# **create-stack-user.sh**
+
+# Create a user account suitable for running DevStack
+# - create a group named $STACK_USER if it does not exist
+# - create a user named $STACK_USER if it does not exist
+# - home is $DEST
+# - configure sudo for $STACK_USER
+
+# ``stack.sh`` was never intended to run as root. It had a hack to do what is
+# now in this script and re-launch itself, but that hack was less than perfect
+# and it was time for this nonsense to stop. Run this script as root to create
+# the user and configure sudo.
+
+
+# Keep track of the devstack directory
+TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
+
+# Import common functions
+source $TOP_DIR/functions
+
+# Determine what system we are running on. This provides ``os_VENDOR``,
+# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
+# and ``DISTRO``
+GetDistro
+
+# Needed to get ``ENABLED_SERVICES``
+source $TOP_DIR/stackrc
+
+# Give the non-root user the ability to run as **root** via ``sudo``
+is_package_installed sudo || install_package sudo
+
+if ! getent group $STACK_USER >/dev/null; then
+ echo "Creating a group called $STACK_USER"
+ groupadd $STACK_USER
+fi
+
+if ! getent passwd $STACK_USER >/dev/null; then
+ echo "Creating a user called $STACK_USER"
+ useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
+fi
+
+echo "Giving stack user passwordless sudo privileges"
+# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
+grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
+ echo "#includedir /etc/sudoers.d" >> /etc/sudoers
+( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
+ > /etc/sudoers.d/50_stack_sh )
diff --git a/tools/create_userrc.sh b/tools/create_userrc.sh
index 619d63f..44b0f6b 100755
--- a/tools/create_userrc.sh
+++ b/tools/create_userrc.sh
@@ -6,6 +6,9 @@
# Warning: This script just for development purposes
+set -o errexit
+set -o xtrace
+
ACCOUNT_DIR=./accrc
display_help()
@@ -138,10 +141,14 @@
mkdir -p "$ACCOUNT_DIR"
ACCOUNT_DIR=`readlink -f "$ACCOUNT_DIR"`
EUCALYPTUS_CERT=$ACCOUNT_DIR/cacert.pem
-mv "$EUCALYPTUS_CERT" "$EUCALYPTUS_CERT.old" &>/dev/null
+if [ -e "$EUCALYPTUS_CERT" ]; then
+ mv "$EUCALYPTUS_CERT" "$EUCALYPTUS_CERT.old"
+fi
if ! nova x509-get-root-cert "$EUCALYPTUS_CERT"; then
echo "Failed to update the root certificate: $EUCALYPTUS_CERT" >&2
- mv "$EUCALYPTUS_CERT.old" "$EUCALYPTUS_CERT" &>/dev/null
+ if [ -e "$EUCALYPTUS_CERT.old" ]; then
+ mv "$EUCALYPTUS_CERT.old" "$EUCALYPTUS_CERT"
+ fi
fi
@@ -168,12 +175,20 @@
local ec2_cert="$rcfile-cert.pem"
local ec2_private_key="$rcfile-pk.pem"
# Try to preserve the original file on fail (best effort)
- mv -f "$ec2_private_key" "$ec2_private_key.old" &>/dev/null
- mv -f "$ec2_cert" "$ec2_cert.old" &>/dev/null
+ if [ -e "$ec2_private_key" ]; then
+ mv -f "$ec2_private_key" "$ec2_private_key.old"
+ fi
+ if [ -e "$ec2_cert" ]; then
+ mv -f "$ec2_cert" "$ec2_cert.old"
+ fi
# It will not create certs when the password is incorrect
if ! nova --os-password "$user_passwd" --os-username "$user_name" --os-tenant-name "$tenant_name" x509-create-cert "$ec2_private_key" "$ec2_cert"; then
- mv -f "$ec2_private_key.old" "$ec2_private_key" &>/dev/null
- mv -f "$ec2_cert.old" "$ec2_cert" &>/dev/null
+ if [ -e "$ec2_private_key.old" ]; then
+ mv -f "$ec2_private_key.old" "$ec2_private_key"
+ fi
+ if [ -e "$ec2_cert.old" ]; then
+ mv -f "$ec2_cert.old" "$ec2_cert"
+ fi
fi
cat >"$rcfile" <<EOF
# you can source this file
diff --git a/tools/docker/install_docker.sh b/tools/docker/install_docker.sh
index d659ad1..289002e 100755
--- a/tools/docker/install_docker.sh
+++ b/tools/docker/install_docker.sh
@@ -38,7 +38,7 @@
install_package python-software-properties && \
sudo sh -c "echo deb $DOCKER_APT_REPO docker main > /etc/apt/sources.list.d/docker.list"
apt_get update
-install_package --force-yes lxc-docker=${DOCKER_PACKAGE_VERSION}
+install_package --force-yes lxc-docker=${DOCKER_PACKAGE_VERSION} socat
# Start the daemon - restart just in case the package ever auto-starts...
restart_service docker
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 87922c8..f3c0f98 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -16,6 +16,8 @@
# - pre-install hgtools to work around a bug in RHEL6 distribute
# - install nose 1.1 from EPEL
+set -o errexit
+set -o xtrace
# Keep track of the current directory
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index fc1c195..940bd8c 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -9,6 +9,9 @@
# Assumptions:
# - update pip to $INSTALL_PIP_VERSION
+set -o errexit
+set -o xtrace
+
# Keep track of the current directory
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
TOP_DIR=`cd $TOOLS_DIR/..; pwd`
@@ -47,10 +50,12 @@
echo "Distro: $DISTRO"
function get_versions() {
- PIP=$(which pip 2>/dev/null || which pip-python 2>/dev/null)
+ PIP=$(which pip 2>/dev/null || which pip-python 2>/dev/null || true)
if [[ -n $PIP ]]; then
PIP_VERSION=$($PIP --version | awk '{ print $2}')
echo "pip: $PIP_VERSION"
+ else
+ echo "pip: Not Installed"
fi
}
diff --git a/tools/xen/devstackubuntupreseed.cfg b/tools/xen/devstackubuntupreseed.cfg
index c559b1e..6a1ae89 100644
--- a/tools/xen/devstackubuntupreseed.cfg
+++ b/tools/xen/devstackubuntupreseed.cfg
@@ -34,7 +34,7 @@
# If you have a slow dhcp server and the installer times out waiting for
# it, this might be useful.
-#d-i netcfg/dhcp_timeout string 60
+d-i netcfg/dhcp_timeout string 120
# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index b49504d..08e0f78 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -10,6 +10,8 @@
set -o nounset
set -o xtrace
+export LC_ALL=C
+
# Abort if localrc is not set
if [ ! -e ../../localrc ]; then
echo "You must have a localrc with ALL necessary passwords defined before proceeding."
@@ -94,6 +96,10 @@
#
# Configure Networking
#
+
+MGT_NETWORK=`xe pif-list management=true params=network-uuid minimal=true`
+MGT_BRIDGE_OR_NET_NAME=`xe network-list uuid=$MGT_NETWORK params=bridge minimal=true`
+
setup_network "$VM_BRIDGE_OR_NET_NAME"
setup_network "$MGT_BRIDGE_OR_NET_NAME"
setup_network "$PUB_BRIDGE_OR_NET_NAME"
@@ -201,6 +207,7 @@
#
# Install Ubuntu over network
#
+ UBUNTU_INST_BRIDGE_OR_NET_NAME=${UBUNTU_INST_BRIDGE_OR_NET_NAME:-"$MGT_BRIDGE_OR_NET_NAME"}
# always update the preseed file, incase we have a newer one
PRESEED_URL=${PRESEED_URL:-""}
diff --git a/tools/xen/prepare_guest.sh b/tools/xen/prepare_guest.sh
index 6ec5ffa..05ac86c 100755
--- a/tools/xen/prepare_guest.sh
+++ b/tools/xen/prepare_guest.sh
@@ -56,11 +56,6 @@
# Give ownership of /opt/stack to stack user
chown -R $STACK_USER /opt/stack
-# Make our ip address hostnames look nice at the command prompt
-echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> /opt/stack/.bashrc
-echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> /root/.bashrc
-echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> /etc/profile
-
function setup_vimrc {
if [ ! -e $1 ]; then
# Simple but usable vimrc
diff --git a/tools/xen/scripts/install-os-vpx.sh b/tools/xen/scripts/install-os-vpx.sh
index c94a593..7469e0c 100755
--- a/tools/xen/scripts/install-os-vpx.sh
+++ b/tools/xen/scripts/install-os-vpx.sh
@@ -1,7 +1,7 @@
#!/bin/bash
#
# Copyright (c) 2011 Citrix Systems, Inc.
-# Copyright 2011 OpenStack LLC.
+# Copyright 2011 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/tools/xen/scripts/mkxva b/tools/xen/scripts/mkxva
index a316da2..392c05b 100755
--- a/tools/xen/scripts/mkxva
+++ b/tools/xen/scripts/mkxva
@@ -1,7 +1,7 @@
#!/bin/bash
#
# Copyright (c) 2011 Citrix Systems, Inc.
-# Copyright 2011 OpenStack LLC.
+# Copyright 2011 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/tools/xen/scripts/uninstall-os-vpx.sh b/tools/xen/scripts/uninstall-os-vpx.sh
index 0feaec7..ac26094 100755
--- a/tools/xen/scripts/uninstall-os-vpx.sh
+++ b/tools/xen/scripts/uninstall-os-vpx.sh
@@ -1,7 +1,7 @@
#!/bin/bash
#
# Copyright (c) 2011 Citrix Systems, Inc.
-# Copyright 2011 OpenStack LLC.
+# Copyright 2011 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index f698be1..bdcaf99 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -13,16 +13,14 @@
# Size of image
VDI_MB=${VDI_MB:-5000}
-OSDOMU_MEM_MB=2048
+OSDOMU_MEM_MB=3072
OSDOMU_VDI_GB=8
# Network mapping. Specify bridge names or network names. Network names may
# differ across localised versions of XenServer. If a given bridge/network
# was not found, a new network will be created with the specified name.
-# The management network is specified by the bridge name. xenbr0 is usually
-# the name of the bridge of the network associated with the hypervisor's eth0.
-MGT_BRIDGE_OR_NET_NAME="xenbr0"
+# Get the management network from the XS installation
VM_BRIDGE_OR_NET_NAME="OpenStack VM Network"
PUB_BRIDGE_OR_NET_NAME="OpenStack Public Network"
XEN_INT_BRIDGE_OR_NET_NAME="OpenStack VM Integration Network"
@@ -72,7 +70,6 @@
UBUNTU_INST_LOCALE="en_US"
UBUNTU_INST_KEYBOARD="us"
# network configuration for ubuntu netinstall
-UBUNTU_INST_BRIDGE_OR_NET_NAME=${UBUNTU_INST_BRIDGE_OR_NET_NAME:-"$MGT_BRIDGE_OR_NET_NAME"}
UBUNTU_INST_IP="dhcp"
UBUNTU_INST_NAMESERVERS=""
UBUNTU_INST_NETMASK=""
diff --git a/unstack.sh b/unstack.sh
index 05d9fb7..c944ccc 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -24,6 +24,12 @@
# Destination path for service data
DATA_DIR=${DATA_DIR:-${DEST}/data}
+if [[ $EUID -eq 0 ]]; then
+ echo "You are running this script as root."
+ echo "It might work but you will have a better day running it as $STACK_USER"
+ exit 1
+fi
+
# Import apache functions
source $TOP_DIR/lib/apache