Merge "Trove configure authtoken via conf file"
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index dc2fc71..90d4ca3 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -59,6 +59,40 @@
+Disabling Next Generation Firewall Tools
+========================================
+
+Devstack does not properly operate with modern firewall tools. Specifically
+it will appear as if the guest VM can access the external network via ICMP,
+but UDP and TCP packets will not be delivered to the guest VM. The root cause
+of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's
+firewall manager) apply firewall rules to all interfaces in the system, rather
+then per-device. One solution to this problem is to revert to iptables
+functionality.
+
+To get a functional firewall configuration for Fedora do the following:
+
+::
+
+ sudo service iptables save
+ sudo systemctl disable firewalld
+ sudo systemctl enable iptables
+ sudo systemctl stop firewalld
+ sudo systemctl start iptables
+
+
+To get a functional firewall configuration for distributions containing ufw,
+disable ufw. Note ufw is generally not enabled by default in Ubuntu. To
+disable ufw if it was enabled, do the following:
+
+::
+
+ sudo service iptables save
+ sudo ufw disable
+
+
+
+
Neutron Networking with Open vSwitch
====================================
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 485cd0f..d1f7377 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -92,6 +92,45 @@
- **clean** - Called by ``clean.sh`` before other services are cleaned,
but after ``unstack.sh`` has been called.
+
+Externally Hosted Plugins
+=========================
+
+Based on the extras.d hooks, DevStack supports a standard mechansim
+for including plugins from external repositories. The plugin interface
+assumes the following:
+
+An external git repository that includes a ``devstack/`` top level
+directory. Inside this directory there can be 2 files.
+
+- ``settings`` - a file containing global variables that will be
+ sourced very early in the process. This is helpful if other plugins
+ might depend on this one, and need access to global variables to do
+ their work.
+- ``plugin.sh`` - the actual plugin. It will be executed by devstack
+ during it's run. The run order will be done in the registration
+ order for these plugins, and will occur immediately after all in
+ tree extras.d dispatch at the phase in question. The plugin.sh
+ looks like the extras.d dispatcher above **except** it should not
+ include the is_service_enabled conditional. All external plugins are
+ always assumed to be enabled.
+
+Plugins are registered by adding the following to the localrc section
+of ``local.conf``.
+
+They are added in the following format::
+
+ enable_plugin <NAME> <GITURL> [GITREF]
+
+- ``name`` - an arbitrary name. (ex: glustfs, docker, zaqar, congress)
+- ``giturl`` - a valid git url that can be cloned
+- ``gitref`` - an optional git ref (branch / ref / tag) that will be
+ cloned. Defaults to master.
+
+An example would be as follows::
+
+ enable_plugin glusterfs https://github.com/sdague/devstack-plugins glusterfs
+
Hypervisor
==========
diff --git a/files/debs/neutron b/files/debs/neutron
index a48a800..fd99677 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -24,3 +24,4 @@
sqlite3
vlan
radvd # NOPRIME
+uuid-runtime
diff --git a/functions-common b/functions-common
index 40a0d2b..56106b3 100644
--- a/functions-common
+++ b/functions-common
@@ -44,7 +44,6 @@
declare -A GITBRANCH
declare -A GITDIR
-
# Config Functions
# ================
@@ -148,6 +147,21 @@
$xtrace
}
+function inidelete {
+ local xtrace=$(set +o | grep xtrace)
+ set +o xtrace
+ local file=$1
+ local section=$2
+ local option=$3
+
+ [[ -z $section || -z $option ]] && return
+
+ # Remove old values
+ sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
+
+ $xtrace
+}
+
# Set an option in an INI file
# iniset config-file section option value
function iniset {
@@ -1722,6 +1736,97 @@
fi
}
+# Plugin Functions
+# =================
+
+DEVSTACK_PLUGINS=${DEVSTACK_PLUGINS:-""}
+
+# enable_plugin <name> <url> [branch]
+#
+# ``name`` is an arbitrary name - (aka: glusterfs, nova-docker, zaqar)
+# ``url`` is a git url
+# ``branch`` is a gitref. If it's not set, defaults to master
+function enable_plugin {
+ local name=$1
+ local url=$2
+ local branch=${3:-master}
+ DEVSTACK_PLUGINS+=",$name"
+ GITREPO[$name]=$url
+ GITDIR[$name]=$DEST/$name
+ GITBRANCH[$name]=$branch
+}
+
+# fetch_plugins
+#
+# clones all plugins
+function fetch_plugins {
+ local plugins="${DEVSTACK_PLUGINS}"
+ local plugin
+
+ # short circuit if nothing to do
+ if [[ -z $plugins ]]; then
+ return
+ fi
+
+ echo "Fetching devstack plugins"
+ for plugin in ${plugins//,/ }; do
+ git_clone_by_name $plugin
+ done
+}
+
+# load_plugin_settings
+#
+# Load settings from plugins in the order that they were registered
+function load_plugin_settings {
+ local plugins="${DEVSTACK_PLUGINS}"
+ local plugin
+
+ # short circuit if nothing to do
+ if [[ -z $plugins ]]; then
+ return
+ fi
+
+ echo "Loading plugin settings"
+ for plugin in ${plugins//,/ }; do
+ local dir=${GITDIR[$plugin]}
+ # source any known settings
+ if [[ -f $dir/devstack/settings ]]; then
+ source $dir/devstack/settings
+ fi
+ done
+}
+
+# run_plugins
+#
+# Run the devstack/plugin.sh in all the plugin directories. These are
+# run in registration order.
+function run_plugins {
+ local mode=$1
+ local phase=$2
+ for plugin in ${plugins//,/ }; do
+ local dir=${GITDIR[$plugin]}
+ if [[ -f $dir/devstack/plugin.sh ]]; then
+ source $dir/devstack/plugin.sh $mode $phase
+ fi
+ done
+}
+
+function run_phase {
+ local mode=$1
+ local phase=$2
+ if [[ -d $TOP_DIR/extras.d ]]; then
+ for i in $TOP_DIR/extras.d/*.sh; do
+ [[ -r $i ]] && source $i $mode $phase
+ done
+ fi
+ # the source phase corresponds to settings loading in plugins
+ if [[ "$mode" == "source" ]]; then
+ load_plugin_settings
+ else
+ run_plugins $mode $phase
+ fi
+}
+
# Service Functions
# =================
diff --git a/lib/config b/lib/config
index c0756bf..31c6fa6 100644
--- a/lib/config
+++ b/lib/config
@@ -144,6 +144,7 @@
else {
# For multiline, invoke the ini routines in the reverse order
count = cfg_attr_count[section, attr]
+ print "inidelete " configfile " " section " " attr
print "iniset " configfile " " section " " attr " \"" cfg_attr[section, attr, count - 1] "\""
for (l = count -2; l >= 0; l--)
print "iniadd_literal " configfile " " section " " attr " \"" cfg_attr[section, attr, l] "\""
diff --git a/lib/keystone b/lib/keystone
index 071dc90..1599fa5 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -116,7 +116,7 @@
# _cleanup_keystone_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
function _cleanup_keystone_apache_wsgi {
- sudo rm -f $KEYSTONE_WSGI_DIR/*.wsgi
+ sudo rm -f $KEYSTONE_WSGI_DIR/*
sudo rm -f $(apache_site_config_for keystone)
}
diff --git a/lib/neutron b/lib/neutron
old mode 100644
new mode 100755
index 0134cbd..5678769
--- a/lib/neutron
+++ b/lib/neutron
@@ -595,6 +595,16 @@
recreate_database $Q_DB_NAME utf8
# Run Neutron db migrations
$NEUTRON_BIN_DIR/neutron-db-manage --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
+ for svc in fwaas lbaas vpnaas; do
+ if [ "$svc" = "vpnaas" ]; then
+ q_svc="q-vpn"
+ else
+ q_svc="q-$svc"
+ fi
+ if is_service_enabled $q_svc; then
+ $NEUTRON_BIN_DIR/neutron-db-manage --service $svc --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE upgrade head
+ fi
+ done
}
# install_neutron() - Collect source and prepare
@@ -921,7 +931,9 @@
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
iniset $Q_META_CONF_FILE DEFAULT root_helper "$Q_RR_COMMAND"
- _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT
+ # Configures keystone for metadata_agent
+ # The third argument "True" sets auth_url needed to communicate with keystone
+ _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True
}
@@ -1066,6 +1078,13 @@
function _neutron_setup_keystone {
local conf_file=$1
local section=$2
+ local use_auth_url=$3
+
+ # Configures keystone for metadata_agent
+ # metadata_agent needs auth_url to communicate with keystone
+ if [[ "$use_auth_url" == "True" ]]; then
+ iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0
+ fi
create_neutron_cache_dir
configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 400204a..172d024 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -221,9 +221,9 @@
local file=$2
local section=$3
if is_service_enabled zeromq; then
- iniset $file $section rpc_backend ${package}.openstack.common.rpc.impl_zmq
+ iniset $file $section rpc_backend "zmq"
iniset $file $section rpc_zmq_matchmaker \
- ${package}.openstack.common.rpc.matchmaker_redis.MatchMakerRedis
+ oslo.messaging._drivers.matchmaker_redis.MatchMakerRedis
# Set MATCHMAKER_REDIS_HOST if running multi-node.
MATCHMAKER_REDIS_HOST=${MATCHMAKER_REDIS_HOST:-127.0.0.1}
iniset $file matchmaker_redis host $MATCHMAKER_REDIS_HOST
diff --git a/lib/tempest b/lib/tempest
index 7cac6dd..d31119b 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -464,6 +464,13 @@
iniset $TEMPEST_CONFIG compute-feature-enabled suspend False
fi
+ # Libvirt-LXC
+ if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
+ iniset $TEMPEST_CONFIG compute-feature-enabled rescue False
+ iniset $TEMPEST_CONFIG compute-feature-enabled resize False
+ iniset $TEMPEST_CONFIG compute-feature-enabled suspend False
+ fi
+
# service_available
for service in ${TEMPEST_SERVICES//,/ }; do
if is_service_enabled $service ; then
diff --git a/stack.sh b/stack.sh
index 605d3cc..b064c22 100755
--- a/stack.sh
+++ b/stack.sh
@@ -212,17 +212,6 @@
# Some distros need to add repos beyond the defaults provided by the vendor
# to pick up required packages.
-if is_fedora && [ $DISTRO == "rhel6" ]; then
- # Installing Open vSwitch on RHEL requires enabling the RDO repo.
- RHEL6_RDO_REPO_RPM=${RHEL6_RDO_REPO_RPM:-"http://rdo.fedorapeople.org/openstack-icehouse/rdo-release-icehouse.rpm"}
- RHEL6_RDO_REPO_ID=${RHEL6_RDO_REPO_ID:-"openstack-icehouse"}
- if ! sudo yum repolist enabled $RHEL6_RDO_REPO_ID | grep -q $RHEL6_RDO_REPO_ID; then
- echo "RDO repo not detected; installing"
- yum_install $RHEL6_RDO_REPO_RPM || \
- die $LINENO "Error installing RDO repo, cannot continue"
- fi
-fi
-
if is_fedora && [[ $DISTRO == "rhel6" || $DISTRO == "rhel7" ]]; then
# RHEL requires EPEL for many Open Stack dependencies
@@ -269,6 +258,23 @@
OPTIONAL_REPO=rhel-6-server-optional-rpms
fi
sudo yum-config-manager --enable ${OPTIONAL_REPO}
+
+ # Installing Open vSwitch on RHEL requires enabling the RDO repo.
+ # Note no juno packages for rhel6
+ if [[ $DISTRO == "rhel6" ]]; then
+ RHEL_RDO_REPO_RPM=${RHEL6_RDO_REPO_RPM:-"https://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-4.noarch.rpm"}
+ RHEL_RDO_REPO_ID=${RHEL6_RDO_REPO_ID:-"openstack-icehouse"}
+ elif [[ $DISTRO == "rhel7" ]]; then
+ RHEL_RDO_REPO_RPM=${RHEL7_RDO_REPO_RPM:-"https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm"}
+ RHEL_RDO_REPO_ID=${RHEL7_RDO_REPO_ID:-"openstack-juno"}
+ fi
+
+ if ! sudo yum repolist enabled $RHEL_RDO_REPO_ID | grep -q $RHEL_RDO_REPO_ID; then
+ echo "RDO repo not detected; installing"
+ yum_install $RHEL_RDO_REPO_RPM || \
+ die $LINENO "Error installing RDO repo, cannot continue"
+ fi
+
fi
@@ -564,15 +570,14 @@
source $TOP_DIR/lib/ldap
source $TOP_DIR/lib/dstat
+# Clone all external plugins
+fetch_plugins
+
# Extras Source
# --------------
# Phase: source
-if [[ -d $TOP_DIR/extras.d ]]; then
- for i in $TOP_DIR/extras.d/*.sh; do
- [[ -r $i ]] && source $i source
- done
-fi
+run_phase source
# Interactive Configuration
# -------------------------
@@ -714,12 +719,7 @@
# ------------------
# Phase: pre-install
-if [[ -d $TOP_DIR/extras.d ]]; then
- for i in $TOP_DIR/extras.d/*.sh; do
- [[ -r $i ]] && source $i stack pre-install
- done
-fi
-
+run_phase stack pre-install
install_rpc_backend
@@ -865,11 +865,7 @@
# --------------
# Phase: install
-if [[ -d $TOP_DIR/extras.d ]]; then
- for i in $TOP_DIR/extras.d/*.sh; do
- [[ -r $i ]] && source $i stack install
- done
-fi
+run_phase stack install
if [[ $TRACK_DEPENDS = True ]]; then
$DEST/.venv/bin/pip freeze > $DEST/requires-post-pip
@@ -1142,11 +1138,7 @@
# ====================
# Phase: post-config
-if [[ -d $TOP_DIR/extras.d ]]; then
- for i in $TOP_DIR/extras.d/*.sh; do
- [[ -r $i ]] && source $i stack post-config
- done
-fi
+run_phase stack post-config
# Local Configuration
@@ -1328,11 +1320,7 @@
# ==========
# Phase: extra
-if [[ -d $TOP_DIR/extras.d ]]; then
- for i in $TOP_DIR/extras.d/*.sh; do
- [[ -r $i ]] && source $i stack extra
- done
-fi
+run_phase stack extra
# Local Configuration
# ===================
diff --git a/tests/test_ini.sh b/tests/test_ini.sh
index 598cd57..106cc95 100755
--- a/tests/test_ini.sh
+++ b/tests/test_ini.sh
@@ -34,6 +34,32 @@
[eee]
multi = foo1
multi = foo2
+
+# inidelete(a)
+[del_separate_options]
+a=b
+b=c
+
+# inidelete(a)
+[del_same_option]
+a=b
+a=c
+
+# inidelete(a)
+[del_missing_option]
+b=c
+
+# inidelete(a)
+[del_missing_option_multi]
+b=c
+b=d
+
+# inidelete(a)
+[del_no_options]
+
+# inidelete(a)
+# no section - del_no_section
+
EOF
# Test with missing arguments
@@ -237,4 +263,33 @@
echo "iniadd with non-exsting failed: $VAL"
fi
+# Test inidelete
+del_cases="
+ del_separate_options
+ del_same_option
+ del_missing_option
+ del_missing_option_multi
+ del_no_options
+ del_no_section"
+
+for x in $del_cases; do
+ inidelete test.ini $x a
+ VAL=$(iniget_multiline test.ini $x a)
+ if [ -z "$VAL" ]; then
+ echo "OK: inidelete $x"
+ else
+ echo "inidelete $x failed: $VAL"
+ fi
+ if [ "$x" = "del_separate_options" -o \
+ "$x" = "del_missing_option" -o \
+ "$x" = "del_missing_option_multi" ]; then
+ VAL=$(iniget_multiline test.ini $x b)
+ if [ "$VAL" = "c" -o "$VAL" = "c d" ]; then
+ echo "OK: inidelete other_options $x"
+ else
+ echo "inidelete other_option $x failed: $VAL"
+ fi
+ fi
+done
+
rm test.ini
diff --git a/unstack.sh b/unstack.sh
index 3403919..ea45da9 100755
--- a/unstack.sh
+++ b/unstack.sh
@@ -66,6 +66,8 @@
done
fi
+load_plugin_settings
+
# Determine what system we are running on. This provides ``os_VENDOR``,
# ``os_RELEASE``, ``os_UPDATE``, ``os_PACKAGE``, ``os_CODENAME``
GetOSVersion
@@ -78,11 +80,7 @@
# ==========
# Phase: unstack
-if [[ -d $TOP_DIR/extras.d ]]; then
- for i in $TOP_DIR/extras.d/*.sh; do
- [[ -r $i ]] && source $i unstack
- done
-fi
+run_phase unstack
if [[ "$Q_USE_DEBUG_COMMAND" == "True" ]]; then
source $TOP_DIR/openrc