Merge "add the port_sec as default neutron/ml2 extension driver"
diff --git a/clean.sh b/clean.sh
index c31a65f..74bcaee 100755
--- a/clean.sh
+++ b/clean.sh
@@ -129,7 +129,7 @@
fi
# Clean up venvs
-DIRS_TO_CLEAN="$WHEELHOUSE ${PROJECT_VENV[@]}"
+DIRS_TO_CLEAN="$WHEELHOUSE ${PROJECT_VENV[@]} .config/openstack"
rm -rf $DIRS_TO_CLEAN
# Clean up files
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 1cc7083..8e2e7ff 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -391,7 +391,7 @@
ENABLED_SERVICES=n-vol,n-cpu,n-net,n-api
IP Version
- | Default: ``IP_VERSION=4``
+ | Default: ``IP_VERSION=4+6``
| This setting can be used to configure DevStack to create either an IPv4,
IPv6, or dual stack tenant data network by setting ``IP_VERSION`` to
either ``IP_VERSION=4``, ``IP_VERSION=6``, or ``IP_VERSION=4+6``
diff --git a/functions-common b/functions-common
index 52d80fb..ff92611 100644
--- a/functions-common
+++ b/functions-common
@@ -1629,7 +1629,6 @@
function disable_negated_services {
local to_remove=""
local remaining=""
- local enabled=""
local service
# build up list of services that should be removed; i.e. they
@@ -1644,21 +1643,7 @@
# go through the service list. if this service appears in the "to
# be removed" list, drop it
- for service in ${remaining//,/ }; do
- local remove
- local add=1
- for remove in ${to_remove//,/ }; do
- if [[ ${remove} == ${service} ]]; then
- add=0
- break
- fi
- done
- if [[ $add == 1 ]]; then
- enabled="${enabled},$service"
- fi
- done
-
- ENABLED_SERVICES=$(_cleanup_service_list "$enabled")
+ ENABLED_SERVICES=$(remove_disabled_services "$remaining" "$to_remove")
}
# disable_service() removes the services passed as argument to the
@@ -1762,6 +1747,30 @@
return $enabled
}
+# remove specified list from the input string
+# remove_disabled_services service-list remove-list
+function remove_disabled_services {
+ local service_list=$1
+ local remove_list=$2
+ local service
+ local enabled=""
+
+ for service in ${service_list//,/ }; do
+ local remove
+ local add=1
+ for remove in ${remove_list//,/ }; do
+ if [[ ${remove} == ${service} ]]; then
+ add=0
+ break
+ fi
+ done
+ if [[ $add == 1 ]]; then
+ enabled="${enabled},$service"
+ fi
+ done
+ _cleanup_service_list "$enabled"
+}
+
# Toggle enable/disable_service for services that must run exclusive of each other
# $1 The name of a variable containing a space-separated list of services
# $2 The name of a variable in which to store the enabled service's name
diff --git a/inc/rootwrap b/inc/rootwrap
index bac8e1e..f91e557 100644
--- a/inc/rootwrap
+++ b/inc/rootwrap
@@ -38,11 +38,17 @@
# Configure rootwrap
# Make a load of assumptions otherwise we'll have 6 arguments
-# configure_rootwrap project bin conf-src-dir
+# configure_rootwrap project
function configure_rootwrap {
- local project=$1 # xx
- local rootwrap_bin=$2 # /opt/stack/xx.venv/bin/xx-rootwrap
- local rootwrap_conf_src_dir=$3 # /opt/stack/xx/etc/xx
+ local project=$1
+ local project_uc=$(echo $1|tr a-z A-Z)
+ local bin_dir="${project_uc}_BIN_DIR"
+ bin_dir="${!bin_dir}"
+ local project_dir="${project_uc}_DIR"
+ project_dir="${!project_dir}"
+
+ local rootwrap_conf_src_dir="${project_dir}/etc/${project}"
+ local rootwrap_bin="${bin_dir}/${project}-rootwrap"
# Start fresh with rootwrap filters
sudo rm -rf /etc/${project}/rootwrap.d
@@ -53,12 +59,16 @@
sudo install -o root -g root -m 644 $rootwrap_conf_src_dir/rootwrap.conf /etc/${project}/rootwrap.conf
sudo sed -e "s:^filters_path=.*$:filters_path=/etc/${project}/rootwrap.d:" -i /etc/${project}/rootwrap.conf
- # Specify rootwrap.conf as first parameter to rootwrap
- rootwrap_sudo_cmd="$rootwrap_bin /etc/${project}/rootwrap.conf *"
-
# Set up the rootwrap sudoers
local tempfile=$(mktemp)
+ # Specify rootwrap.conf as first parameter to rootwrap
+ rootwrap_sudo_cmd="${rootwrap_bin} /etc/${project}/rootwrap.conf *"
echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudo_cmd" >$tempfile
+ if [ -f ${bin_dir}/${project}-rootwrap-daemon ]; then
+ # rootwrap daemon does not need any parameters
+ rootwrap_sudo_cmd="${rootwrap_bin}-daemon /etc/${project}/rootwrap.conf"
+ echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudo_cmd" >>$tempfile
+ fi
chmod 0440 $tempfile
sudo chown root:root $tempfile
sudo mv $tempfile /etc/sudoers.d/${project}-rootwrap
diff --git a/lib/ceilometer b/lib/ceilometer
index 9abdbfe..1f72187 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -254,7 +254,7 @@
if is_service_enabled ceilometer-aipmi; then
# Configure rootwrap for the ipmi agent
- configure_rootwrap ceilometer $CEILOMETER_BIN_DIR/ceilometer-rootwrap $CEILOMETER_DIR/etc/ceilometer
+ configure_rootwrap ceilometer
fi
}
diff --git a/lib/cinder b/lib/cinder
index 7ad7ef9..da22e29 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -190,7 +190,7 @@
rm -f $CINDER_CONF
- configure_rootwrap cinder $CINDER_BIN_DIR/cinder-rootwrap $CINDER_DIR/etc/cinder
+ configure_rootwrap cinder
cp $CINDER_DIR/etc/cinder/api-paste.ini $CINDER_API_PASTE_INI
diff --git a/lib/ironic b/lib/ironic
index 4a37f0a..7493c3c 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -58,6 +58,7 @@
IRONIC_IPMIINFO_FILE=${IRONIC_IPMIINFO_FILE:-$IRONIC_DATA_DIR/hardware_info}
# Set up defaults for functional / integration testing
+IRONIC_NODE_UUID=${IRONIC_NODE_UUID:-`uuidgen`}
IRONIC_SCRIPTS_DIR=${IRONIC_SCRIPTS_DIR:-$TOP_DIR/tools/ironic/scripts}
IRONIC_TEMPLATES_DIR=${IRONIC_TEMPLATES_DIR:-$TOP_DIR/tools/ironic/templates}
IRONIC_BAREMETAL_BASIC_OPS=$(trueorfalse False IRONIC_BAREMETAL_BASIC_OPS)
@@ -619,7 +620,12 @@
node_options+=" -i $_IRONIC_DEPLOY_RAMDISK_KEY=$IRONIC_DEPLOY_RAMDISK_ID"
fi
- local node_id=$(ironic node-create --chassis_uuid $chassis_id \
+ # First node created will be used for testing in ironic w/o glance
+ # scenario, so we need to know its UUID.
+ local standalone_node_uuid=$([ $total_nodes -eq 0 ] && echo "--uuid $IRONIC_NODE_UUID")
+
+ local node_id=$(ironic node-create $standalone_node_uuid\
+ --chassis_uuid $chassis_id \
--driver $IRONIC_DEPLOY_DRIVER \
-p cpus=$ironic_node_cpu\
-p memory_mb=$ironic_node_ram\
diff --git a/lib/keystone b/lib/keystone
index 02c23be..b0907c7 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -50,7 +50,6 @@
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini}
-KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
if is_suse; then
KEYSTONE_WSGI_DIR=${KEYSTONE_WSGI_DIR:-/srv/www/htdocs/keystone}
else
@@ -248,7 +247,6 @@
fi
iniset $KEYSTONE_CONF database connection `database_connection_url keystone`
- iniset $KEYSTONE_CONF ec2 driver "keystone.contrib.ec2.backends.sql.Ec2"
iniset $KEYSTONE_CONF token driver "$KEYSTONE_TOKEN_BACKEND"
@@ -476,10 +474,6 @@
# Set up certificates
rm -rf $KEYSTONE_CONF_DIR/ssl
$KEYSTONE_BIN_DIR/keystone-manage pki_setup
-
- # Create cache dir
- sudo install -d -o $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
- rm -f $KEYSTONE_AUTH_CACHE_DIR/*
fi
}
diff --git a/lib/nova b/lib/nova
index 7d2145b..da288d3 100644
--- a/lib/nova
+++ b/lib/nova
@@ -298,7 +298,7 @@
install_default_policy nova
- configure_rootwrap nova $NOVA_BIN_DIR/nova-rootwrap $NOVA_DIR/etc/nova
+ configure_rootwrap nova
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
# Get the sample configuration file in place
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 04da5e2..96d8a44 100755
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -39,17 +39,6 @@
pip_install_gr libvirt-python
install_package python-libguestfs
fi
-
- # Restart firewalld after install of libvirt to avoid a problem
- # with polkit, which libvirtd brings in. See
- # https://bugzilla.redhat.com/show_bug.cgi?id=1099031
-
- # Note there is a difference between F20 rackspace cloud images
- # and HP images used in the gate; rackspace has firewalld but hp
- # cloud doesn't.
- if is_fedora && is_package_installed firewalld; then
- sudo service firewalld restart || true
- fi
}
# Configures the installed libvirt system so that is accessible by
diff --git a/lib/sahara b/lib/sahara
index 6d4e864..51e431a 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -186,7 +186,7 @@
if is_service_enabled tls-proxy; then
# Set the service port for a proxy to take the original
- iniset $SAHARA_CONF DEFAULT port $SAHARA_SERVICE_PORT_INT
+ iniset $SAHARA_CONF_FILE DEFAULT port $SAHARA_SERVICE_PORT_INT
fi
recreate_database sahara
diff --git a/lib/tempest b/lib/tempest
index f02b0d1..5599684 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -91,10 +91,7 @@
local extensions_list=$1
shift
local disabled_exts=$*
- for ext_to_remove in ${disabled_exts//,/ } ; do
- extensions_list=${extensions_list/$ext_to_remove","}
- done
- echo $extensions_list
+ remove_disabled_services "$extensions_list" "$disabled_exts"
}
# configure_tempest() - Set config files, create data dirs, etc
@@ -147,9 +144,7 @@
image_uuid_alt="$IMAGE_UUID"
fi
images+=($IMAGE_UUID)
- # TODO(stevemar): update this command to use openstackclient's `openstack image list`
- # when it supports listing by status.
- done < <(glance image-list --status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
+ done < <(openstack image list --property status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
case "${#images[*]}" in
0)
@@ -489,6 +484,8 @@
if [ "$VIRT_DRIVER" = "ironic" ] ; then
iniset $TEMPEST_CONFIG baremetal driver_enabled True
iniset $TEMPEST_CONFIG baremetal unprovision_timeout 300
+ iniset $TEMPEST_CONFIG baremetal deploy_img_dir $FILES
+ iniset $TEMPEST_CONFIG baremetal node_uuid $IRONIC_NODE_UUID
iniset $TEMPEST_CONFIG compute-feature-enabled change_password False
iniset $TEMPEST_CONFIG compute-feature-enabled console_output False
iniset $TEMPEST_CONFIG compute-feature-enabled interface_attach False
diff --git a/openrc b/openrc
index aec8a2a..64faa58 100644
--- a/openrc
+++ b/openrc
@@ -78,8 +78,14 @@
#
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}
-# Set the pointer to our CA certificate chain. Harmless if TLS is not used.
-export OS_CACERT=${OS_CACERT:-$INT_CA_DIR/ca-chain.pem}
+# Set OS_CACERT to a default CA certificate chain if it exists.
+if [[ ! -v OS_CACERT ]] ; then
+ DEFAULT_OS_CACERT=$INT_CA_DIR/ca-chain.pem
+ # If the file does not exist, this may confuse preflight sanity checks
+ if [ -e $DEFAULT_OS_CACERT ] ; then
+ export OS_CACERT=$DEFAULT_OS_CACERT
+ fi
+fi
# Currently novaclient needs you to specify the *compute api* version. This
# needs to match the config of your catalog returned by Keystone.
diff --git a/stack.sh b/stack.sh
index f20af21..dea5643 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1294,6 +1294,29 @@
echo $i=${!i} >>$TOP_DIR/.stackenv
done
+# Write out a clouds.yaml file
+# putting the location into a variable to allow for easier refactoring later
+# to make it overridable. There is current no usecase where doing so makes
+# sense, so I'm not actually doing it now.
+CLOUDS_YAML=~/.config/openstack/clouds.yaml
+if [ ! -e $CLOUDS_YAML ]; then
+ mkdir -p $(dirname $CLOUDS_YAML)
+ cat >"$CLOUDS_YAML" <<EOF
+clouds:
+ devstack:
+ auth:
+ auth_url: $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION
+ username: demo
+ project_name: demo
+ password: $ADMIN_PASSWORD
+ region_name: $REGION_NAME
+ identity_api_version: $IDENTITY_API_VERSION
+EOF
+ if [ -f "$SSL_BUNDLE_FILE" ]; then
+ echo " cacert: $SSL_BUNDLE_FILE" >>"$CLOUDS_YAML"
+ fi
+fi
+
# Wrapup configuration
# ====================
diff --git a/tests/test_functions.sh b/tests/test_functions.sh
index 1d82792..f555de8 100755
--- a/tests/test_functions.sh
+++ b/tests/test_functions.sh
@@ -137,6 +137,31 @@
test_disable_negated_services 'a,av2,-a,a' 'av2'
test_disable_negated_services 'a,-a,av2' 'av2'
+echo "Testing remove_disabled_services()"
+
+function test_remove_disabled_services {
+ local service_list="$1"
+ local remove_list="$2"
+ local expected="$3"
+
+ results=$(remove_disabled_services "$service_list" "$remove_list")
+ if [ "$results" = "$expected" ]; then
+ passed "OK: '$service_list' - '$remove_list' -> '$results'"
+ else
+ failed "getting '$expected' from '$service_list' - '$remove_list' failed: '$results'"
+ fi
+}
+
+test_remove_disabled_services 'a,b,c' 'a,c' 'b'
+test_remove_disabled_services 'a,b,c' 'b' 'a,c'
+test_remove_disabled_services 'a,b,c,d' 'a,c d' 'b'
+test_remove_disabled_services 'a,b c,d' 'a d' 'b,c'
+test_remove_disabled_services 'a,b,c' 'a,b,c' ''
+test_remove_disabled_services 'a,b,c' 'd' 'a,b,c'
+test_remove_disabled_services 'a,b,c' '' 'a,b,c'
+test_remove_disabled_services '' 'a,b,c' ''
+test_remove_disabled_services '' '' ''
+
echo "Testing is_package_installed()"
if [[ -z "$os_PACKAGE" ]]; then
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 2efb4e0..31258d1 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -109,19 +109,28 @@
fi
FORCE_FIREWALLD=$(trueorfalse False $FORCE_FIREWALLD)
- if [[ ${DISTRO} =~ (f20) && $FORCE_FIREWALLD == "False" ]]; then
+ if [[ $FORCE_FIREWALLD == "False" ]]; then
# On Fedora 20 firewalld interacts badly with libvirt and
- # slows things down significantly. However, for those cases
- # where that combination is desired, allow this fix to be skipped.
-
- # There was also an additional issue with firewalld hanging
- # after install of libvirt with polkit. See
- # https://bugzilla.redhat.com/show_bug.cgi?id=1099031
+ # slows things down significantly (this issue was fixed in
+ # later fedoras). There was also an additional issue with
+ # firewalld hanging after install of libvirt with polkit [1].
+ # firewalld also causes problems with neturon+ipv6 [2]
+ #
+ # Note we do the same as the RDO packages and stop & disable,
+ # rather than remove. This is because other packages might
+ # have the dependency [3][4].
+ #
+ # [1] https://bugzilla.redhat.com/show_bug.cgi?id=1099031
+ # [2] https://bugs.launchpad.net/neutron/+bug/1455303
+ # [3] https://github.com/redhat-openstack/openstack-puppet-modules/blob/master/firewall/manifests/linux/redhat.pp
+ # [4] http://docs.openstack.org/developer/devstack/guides/neutron.html
if is_package_installed firewalld; then
- uninstall_package firewalld
+ sudo systemctl disable firewalld
+ sudo systemctl enable iptables
+ sudo systemctl stop firewalld
+ sudo systemctl start iptables
fi
fi
-
fi
# The version of pip(1.5.4) supported by python-virtualenv(1.11.4) has